Add env variables

Exclude config files customized from image build

.github/workflows/Procedure_push_docker_images.yml

@@ -70,6 +70,13 @@ jobs:
       IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
       IMAGE_TAG: ${{ inputs.image_tag }}
       REVISION: ${{ inputs.revision }}
+      MAJOR: 5
+      WAZUH_VERSION: 5.0.0
+      MANAGER_REVISION: ${{ inputs.reference }}
+      INDEXER_REVISION: ${{ inputs.reference }}
+      DASHBOARD_REVISION: ${{ inputs.reference }}
+      AGENT_REVISION: ${{ inputs.reference }}
+      OVA_REVISION: ${{ inputs.reference }}
 
     steps:
     - name: Print inputs
@@ -123,30 +130,59 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
-    - name: Create packages_url.txt file
+    - name: Download artifact_urls.yml from S3
-      if : ${{ inputs.dev == true }}
       run: |
-          cat << EOF > packages_url.txt
+        aws s3 cp s3://xdrsiem-devops-wazuh-artifacts/deployment/artifact_urls.yml ./artifact_urls.yml
-          wazuh_manager_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+      working-directory: ./build-docker-images
-          wazuh_manager_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+
-          wazuh_manager_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+    - name: replace variables
-          wazuh_manager_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+      shell: python
-          wazuh_indexer_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+      env:
-          wazuh_indexer_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+        CONTEXT_VARS: ${{ toJson(vars) }}
-          wazuh_indexer_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+      run: |
-          wazuh_indexer_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+          import os
-          wazuh_dashboard_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+          import re
-          wazuh_dashboard_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+          import json
-          wazuh_dashboard_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+          import subprocess
-          wazuh_dashboard_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+
-          wazuh_agent_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
+          filename = "artifact_urls.yml"
-          wazuh_agent_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
+          bucket_path = "s3://xdrsiem-devops-wazuh-artifacts/deployment/artifact_urls.yml"
-          wazuh_agent_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
+
-          wazuh_agent_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
+          try:
-          wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)"
+              repo_vars = json.loads(os.environ.get('CONTEXT_VARS', '{}'))
-          wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)"
+          except:
-          wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)"
+              repo_vars = {}
-          EOF
+
+          def replace_match(match):
+              prefix = match.group(1)
+              key = match.group(2)
+              
+              value = None
+              if prefix == 'env':
+                  value = os.environ.get(key)
+              elif prefix == 'vars':
+                  value = repo_vars.get(key)
+              
+              if value is not None:
+                  return value
+              else:
+                  return match.group(0)
+
+          with open(filename, 'r') as f:
+              content = f.read()
+
+          pattern = r'\$\{\{\s*(env|vars)\.([\w_]+)\s*\}\}'
+          
+          new_content = re.sub(pattern, replace_match, content)
+
+          with open(filename, 'w') as f:
+              f.write(new_content)
+      working-directory: ./build-docker-images
+
+    - name: Verify content (Debug)
+      run: |
+        cat artifact_urls.yml
+        mv artifact_urls.yml packages_url.yml
       working-directory: ./build-docker-images
 
     - name: Build Wazuh images

CHANGELOG.md

@@ -22,6 +22,24 @@ All notable changes to this project will be documented in this file.
 
 - None
 
+## [4.14.2]
+
+### Added
+
+- None
+
+### Changed
+
+- 
+
+### Fixed
+
+- None
+
+### Deleted
+
+- None
+
 ## [4.14.1]
 
 ### Added

build-docker-images/build-images.yml

@@ -8,6 +8,8 @@ services:
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
         wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm}
         wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm}
+        wazuh_cert_tool: ${wazuh_cert_tool}
+        wazuh_config_yml: ${wazuh_config_yml}
     image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
     hostname: wazuh.manager
     restart: always
@@ -49,6 +51,8 @@ services:
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
         wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm}
         wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm}
+        wazuh_cert_tool: ${wazuh_cert_tool}
+        wazuh_config_yml: ${wazuh_config_yml}
     image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
     hostname: wazuh.indexer
     restart: always
@@ -73,6 +77,8 @@ services:
         WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
         wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm}
         wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm}
+        wazuh_cert_tool: ${wazuh_cert_tool}
+        wazuh_config_yml: ${wazuh_config_yml}
     image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
     hostname: wazuh.dashboard
     restart: always

build-docker-images/wazuh-agent/Dockerfile

@@ -20,6 +20,7 @@ RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
     dnf install curl-minimal tar gzip procps -y &&\
     curl -o /wazuh-agent.rpm "${agent_url}" && \
     dnf install /wazuh-agent.rpm -y && \
+    rm -rf /wazuh-agent.rpm && \
     dnf clean all && \
     sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \
     curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \

build-docker-images/wazuh-dashboard/Dockerfile

@@ -8,6 +8,8 @@ ARG INSTALL_DIR=/usr/share/wazuh-dashboard
 ARG TARGETARCH
 ARG wazuh_dashboard_url_amd64_rpm
 ARG wazuh_dashboard_url_arm64_rpm
+ARG wazuh_cert_tool
+ARG wazuh_config_yml
 
 # Update and install dependencies
 RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
@@ -15,19 +17,18 @@ RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
     dnf install curl-minimal libcap openssl -y && \
     curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \
     dnf install /wazuh-dashboard.rpm -y && \
+    rm -rf /wazuh-dashboard.rpm && \
     dnf clean all
 
 # Create and set permissions to data directories
 RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
 RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
 RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
-COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
 RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node
 RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node
 
 # Generate certificates
 COPY config/config.sh .
-COPY config/config.yml /
 RUN bash config.sh
 
 ################################################################################
@@ -58,34 +59,32 @@ ENV USER="wazuh-dashboard" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS=""
 
-# Update and install dependencies
+# Copy and set permissions to scripts
-RUN dnf install shadow-utils -y && dnf clean all
+COPY config/entrypoint.sh /
+COPY config/wazuh_app_config.sh /
 
-# Create wazuh-dashboard user and group
+# Update and install dependencies
-RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+RUN yum install shadow-utils -y && \
-RUN useradd --system \
+    yum clean all && \
+    getent group $GROUP || groupadd -r -g 1000 $GROUP && \
+    useradd --system \
             --uid 1000 \
             --no-create-home \
             --home-dir $INSTALL_DIR \
             --gid $GROUP \
             --shell /sbin/nologin \
             --comment "$USER user" \
-            $USER
+            $USER && \
-
+    chmod 700 /entrypoint.sh && \
-# Copy and set permissions to scripts
+    chmod 700 /wazuh_app_config.sh && \
-COPY config/entrypoint.sh /
+    mkdir -p $INSTALL_DIR && \
-COPY config/wazuh_app_config.sh /
+    chown 1000:1000 $INSTALL_DIR && \
-RUN chmod 700 /entrypoint.sh
+    chown 1000:1000 /*.sh && \
-RUN chmod 700 /wazuh_app_config.sh
+    mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-RUN chown 1000:1000 /*.sh
 
 # Copy Install dir from builder to current image
 COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 
-# Create custom directory
-RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
-
 # Set workdir and user
 WORKDIR $INSTALL_DIR
 USER wazuh-dashboard

build-docker-images/wazuh-dashboard/config/config.sh

@@ -7,36 +7,51 @@ export TARGET_DIR=${CURDIR}/debian/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
 export CONFIG_DIR=${INSTALLATION_DIR}/config
 
-## Variables
+##############################################################################
-CERT_TOOL=wazuh-certs-tool.sh
+# Downloading Cert Gen Tool
-PACKAGES_URL=https://packages.wazuh.com/5.0/
+##############################################################################
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
+# Variables for certificate generation
+CERT_TOOL="wazuh-certs-tool.sh"
+CERT_CONFIG_FILE="config.yml"
+download_package() {
+    local url=$1
+    local package=$2
+    if curl -fsL "$url" -o "$package"; then
+        echo "Downloaded $package"
+        return 0
+    else
+        echo "Error downloading $package from $url"
+        return 1
+    fi
+}
+# Download the tool to create the certificates
+echo "Downloading the tool to create the certificates..."
+download_package "$wazuh_cert_tool" $CERT_TOOL
+# Download the config file for the certificate tool
+echo "Downloading the config file for the certificate tool..."
+download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
 
-## Check if the cert tool exists in S3 buckets
+# Modify the config file to set the IP to localhost
-CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
-CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
 
-## If cert tool exists in some bucket, download it, if not exit 1
+chmod 700 "$CERT_CONFIG_FILE"
-if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+# Create the certificates
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
-  echo "Cert tool exists in Packages bucket"
-elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
-  echo "Cert tool exists in Packages-dev bucket"
-else
-  echo "Cert tool does not exist in any bucket"
-  exit 1
-fi
-
-chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
 
 # Create certs directory
 mkdir -p ${CONFIG_DIR}/certs
 
 # Copy Wazuh dashboard certs to install config dir
-cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+mv /etc/wazuh-dashboard/* ${CONFIG_DIR}/
-cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp -pr /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
-cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
+cp -pr /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
+cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
+cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
+cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
+
+# Modify opensearch.yml config paths
+sed -i "s|/etc/wazuh-dashboard|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch_dashboards.yml
 
 chmod -R 500 ${CONFIG_DIR}/certs
 chmod -R 400 ${CONFIG_DIR}/certs/*

build-docker-images/wazuh-dashboard/config/config.yml

@@ -1,5 +0,0 @@
-nodes:
-  # Wazuh dashboard server nodes
-  dashboard:
-    - name: demo.dashboard
-      ip: demo.dashboard

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -1,20 +1,81 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
-INSTALL_DIR=/usr/share/wazuh-dashboard
+# Run Wazuh dashboard, using environment variables to
+# set longopts defining Wazuh dashboard's configuration.
+#
+# eg. Setting the environment variable:
+#
+#       OPENSEARCH_STARTUPTIMEOUT=60
+#
+# will cause OpenSearch-Dashboards to be invoked with:
+#
+#       --opensearch.startupTimeout=60
+
+# Setup Home Directory
+export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
+export PATH=$OPENSEARCH_DASHBOARDS_HOME/bin:$PATH
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
 # Create and configure Wazuh dashboard keystore
 
-yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+yes | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore create --allow-root && \
-echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+echo $DASHBOARD_USERNAME | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
-echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
+echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
 
-##############################################################################
+opensearch_dashboards_vars=(
-# Start Wazuh dashboard
+    opensearch.hosts
-##############################################################################
+)
 
-/wazuh_app_config.sh $WAZUH_UI_REVISION
+function runOpensearchDashboards {
+    longopts=()
+    for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
+        # 'opensearch.hosts' -> 'OPENSEARCH_URL'
+        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
 
-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+        # Indirectly lookup env var values via the name of the var.
+        # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
+        value=${!env_var}
+        if [[ -n $value ]]; then
+            longopt="--${opensearch_dashboards_var}=${value}"
+            longopts+=("${longopt}")
+        fi
+    done
+
+    # Files created at run-time should be group-writable, for Openshift's sake.
+    umask 0002
+
+    # TO DO:
+    # Confirm with Mihir if this is necessary
+
+    # The virtual file /proc/self/cgroup should list the current cgroup
+    # membership. For each hierarchy, you can follow the cgroup path from
+    # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
+    # introspect the statistics for the cgroup for the given
+    # hierarchy. Alas, Docker breaks this by mounting the container
+    # statistics at the root while leaving the cgroup paths as the actual
+    # paths. Therefore, OpenSearch-Dashboards provides a mechanism to override
+    # reading the cgroup path from /proc/self/cgroup and instead uses the
+    # cgroup path defined the configuration properties
+    # cpu.cgroup.path.override and cpuacct.cgroup.path.override.
+    # Therefore, we set this value here so that cgroup statistics are
+    # available for the container this process will run in.
+
+    exec "$@" \
+        --ops.cGroupOverrides.cpuPath=/ \
+        --ops.cGroupOverrides.cpuAcctPath=/ \
+        "${longopts[@]}"
+}
+
+# Prepend "opensearch-dashboards" command if no argument was provided or if the
+# first argument looks like a flag (i.e. starts with a dash).
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+    set -- opensearch-dashboards "$@"
+fi
+
+if [ "$1" = "opensearch-dashboards" ]; then
+    runOpensearchDashboards "$@"
+else
+    exec "$@"
+fi

build-docker-images/wazuh-dashboard/config/wazuh.yml

@@ -1,155 +0,0 @@
----
-#
-# Wazuh app - App configuration file
-# Copyright (C) 2017, Wazuh Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Find more information about this on the LICENSE file.
-#
-# ======================== Wazuh app configuration file ========================
-#
-# Please check the documentation for more information on configuration options:
-# https://documentation.wazuh.com/current/installation-guide/index.html
-#
-# Also, you can check our repository:
-# https://github.com/wazuh/wazuh-dashboard-plugins
-#
-# ------------------------------- Index patterns -------------------------------
-#
-# Default index pattern to use.
-#pattern: wazuh-alerts-*
-#
-# ----------------------------------- Checks -----------------------------------
-#
-# Defines which checks must to be consider by the healthcheck
-# step once the Wazuh app starts. Values must to be true or false.
-#checks.pattern : true
-#checks.template: true
-#checks.api     : true
-#checks.setup   : true
-#checks.metaFields: true
-#
-# --------------------------------- Extensions ---------------------------------
-#
-# Defines which extensions should be activated when you add a new API entry.
-# You can change them after Wazuh app starts.
-# Values must to be true or false.
-#extensions.pci       : true
-#extensions.gdpr      : true
-#extensions.hipaa     : true
-#extensions.nist      : true
-#extensions.tsc       : true
-#extensions.audit     : true
-#extensions.oscap     : false
-#extensions.ciscat    : false
-#extensions.aws       : false
-#extensions.gcp       : false
-#extensions.virustotal: false
-#extensions.osquery   : false
-#extensions.docker    : false
-#
-# ---------------------------------- Time out ----------------------------------
-#
-# Defines maximum timeout to be used on the Wazuh app requests.
-# It will be ignored if it is bellow 1500.
-# It means milliseconds before we consider a request as failed.
-# Default: 20000
-#timeout: 20000
-#
-# -------------------------------- API selector --------------------------------
-#
-# Defines if the user is allowed to change the selected
-# API directly from the Wazuh app top menu.
-# Default: true
-#api.selector: true
-#
-# --------------------------- Index pattern selector ---------------------------
-#
-# Defines if the user is allowed to change the selected
-# index pattern directly from the Wazuh app top menu.
-# Default: true
-#ip.selector: true
-#
-# List of index patterns to be ignored
-#ip.ignore: []
-#
-# ------------------------------ wazuh-monitoring ------------------------------
-#
-# Custom setting to enable/disable wazuh-monitoring indices.
-# Values: true, false, worker
-# If worker is given as value, the app will show the Agents status
-# visualization but won't insert data on wazuh-monitoring indices.
-# Default: true
-#wazuh.monitoring.enabled: true
-#
-# Custom setting to set the frequency for wazuh-monitoring indices cron task.
-# Default: 900 (s)
-#wazuh.monitoring.frequency: 900
-#
-# Configure wazuh-monitoring-* indices shards and replicas.
-#wazuh.monitoring.shards: 2
-#wazuh.monitoring.replicas: 0
-#
-# Configure wazuh-monitoring-* indices custom creation interval.
-# Values: h (hourly), d (daily), w (weekly), m (monthly)
-# Default: d
-#wazuh.monitoring.creation: d
-#
-# Default index pattern to use for Wazuh monitoring
-#wazuh.monitoring.pattern: wazuh-monitoring-*
-#
-# --------------------------------- wazuh-cron ----------------------------------
-#
-# Customize the index prefix of predefined jobs
-# This change is not retroactive, if you change it new indexes will be created
-# cron.prefix: test
-#
-# ------------------------------ wazuh-statistics -------------------------------
-#
-# Custom setting to enable/disable statistics tasks.
-#cron.statistics.status: true
-#
-# Enter the ID of the APIs you want to save data from, leave this empty to run
-# the task on all configured APIs
-#cron.statistics.apis: []
-#
-# Define the frequency of task execution using cron schedule expressions
-#cron.statistics.interval: 0 0 * * * *
-#
-# Define the name of the index in which the documents are to be saved.
-#cron.statistics.index.name: statistics
-#
-# Define the interval in which the index will be created
-#cron.statistics.index.creation: w
-#
-# ------------------------------- App privileges --------------------------------
-#admin: true
-#
-# ---------------------------- Hide manager alerts ------------------------------
-# Hide the alerts of the manager in all dashboards and discover
-#hideManagerAlerts: false
-#
-# ------------------------------- App logging level -----------------------------
-# Set the logging level for the Wazuh App log files.
-# Default value: info
-# Allowed values: info, debug
-#logs.level: info
-#
-# -------------------------------- Enrollment DNS -------------------------------
-# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
-# Default value: ''
-#enrollment.dns: ''
-#
-#-------------------------------- API entries -----------------------------------
-#The following configuration is the default structure to define an API entry.
-#
-#hosts:
-#  - <id>:
-#     url: http(s)://<url>
-#     port: <port>
-#     username: <username>
-#     password: <password>

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -32,21 +32,19 @@ do
     fi
 done
 
-
 grep -q 1513629884013 $dashboard_config_file
 _config_exists=$?
 
 if [[ $_config_exists -ne 0 ]]; then
-cat << EOF >> $dashboard_config_file
+  cat << EOF >> $dashboard_config_file
-hosts:
+  hosts:
-  - 1513629884013:
+    - 1513629884013:
-      url: $wazuh_url
+        url: $wazuh_url
-      port: $wazuh_port
+        port: $wazuh_port
-      username: $api_username
+        username: $api_username
-      password: $api_password
+        password: $api_password
-      run_as: $api_run_as
+        run_as: $api_run_as
-EOF
+  EOF
 else
   echo "Wazuh APP already configured"
 fi
-

build-docker-images/wazuh-indexer/Dockerfile

@@ -6,6 +6,8 @@ ARG WAZUH_TAG_REVISION
 ARG TARGETARCH
 ARG wazuh_indexer_url_amd64_rpm
 ARG wazuh_indexer_url_arm64_rpm
+ARG wazuh_cert_tool
+ARG wazuh_config_yml
 
 COPY config/config.sh .
 
@@ -14,6 +16,7 @@ RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
     dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\
     curl -o /wazuh-indexer.rpm "${indexer_url}" && \
     dnf install /wazuh-indexer.rpm -y && \
+    rm -rf /wazuh-indexer.rpm && \
     dnf clean all && \
     bash config.sh
 
@@ -22,7 +25,6 @@ RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
 #
 # Copy wazuh-indexer from stage 0
 # Add entrypoint
-
 ################################################################################
 FROM amazonlinux:2023
 
@@ -31,51 +33,43 @@ ENV USER="wazuh-indexer" \
     NAME="wazuh-indexer" \
     INSTALL_DIR="/usr/share/wazuh-indexer"
 
-RUN yum install curl-minimal shadow-utils findutils hostname -y
 
-RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+COPY config/entrypoint.sh /
+COPY config/securityadmin.sh /
 
-RUN useradd --system \
+RUN yum install curl-minimal shadow-utils findutils hostname -y && \
+    yum clean all && \
+    getent group $GROUP || groupadd -r -g 1000 $GROUP && \
+    useradd --system \
             --uid 1000 \
             --no-create-home \
             --home-dir $INSTALL_DIR \
             --gid $GROUP \
             --shell /sbin/nologin \
             --comment "$USER user" \
-            $USER
+            $USER && \
-
+    chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && \
-WORKDIR $INSTALL_DIR
+    mkdir -p $INSTALL_DIR && \
-
+    chown 1000:1000 $INSTALL_DIR && \
-COPY config/entrypoint.sh /
+    chown 1000:1000 /*.sh && \
-
+    mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
-COPY config/securityadmin.sh /
+    mkdir -p $INSTALL_DIR/logs && chown 1000:1000 $INSTALL_DIR/logs && \
-
-RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh && \
-    mkdir -p /usr/share/wazuh-indexer && \
-    chown 1000:1000 /usr/share/wazuh-indexer && \
-    chown 1000:1000 /*.sh
-
-COPY --from=builder --chown=1000:1000 /usr/share/wazuh-indexer /usr/share/wazuh-indexer
-COPY --from=builder --chown=1000:1000 /etc/wazuh-indexer /usr/share/wazuh-indexer/config
-COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer
-COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd
-COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d
-COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d
-
-RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \
-    mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \
     mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \
-    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \
+    mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer    
-    chmod 700 /usr/share/wazuh-indexer && \
+
-    chmod 700 /usr/share/wazuh-indexer/config && \
+COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
-    chmod 600 /usr/share/wazuh-indexer/config/jvm.options && \
+
-    chmod 600 /usr/share/wazuh-indexer/config/opensearch.yml
+RUN chmod 700 $INSTALL_DIR && \
+    chmod 700 $INSTALL_DIR/config && \
+    chmod 600 $INSTALL_DIR/config/jvm.options && \
+    chmod 600 $INSTALL_DIR/config/opensearch.yml
 
 USER wazuh-indexer
+WORKDIR $INSTALL_DIR
 
 # Services ports
 EXPOSE 9200
 
 ENTRYPOINT ["/entrypoint.sh"]
 # Dummy overridable parameter parsed by entrypoint
-CMD ["opensearchwrapper"]
+CMD ["opensearch"]

build-docker-images/wazuh-indexer/config/action_groups.yml

@@ -1,12 +0,0 @@
----
-_meta:
-  type: "actiongroups"
-  config_version: 2
-
-# ISM API permissions group
-manage_ism:
-  reserved: true
-  hidden: false
-  allowed_actions:
-  - "cluster:admin/opendistro/ism/*"
-  static: false

build-docker-images/wazuh-indexer/config/config.sh

@@ -3,7 +3,6 @@
 export DH_OPTIONS
 
 export NAME=wazuh-indexer
-export TARGET_DIR=${CURDIR}/debian/${NAME}
 
 # Package build options
 export USER=${NAME}
@@ -14,89 +13,54 @@ export LIB_DIR=/var/lib/${NAME}
 export PID_DIR=/run/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
 export CONFIG_DIR=${INSTALLATION_DIR}/config
-export BASE_DIR=${NAME}-*
-export INDEXER_FILE=wazuh-indexer-base.tar.xz
-export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
-export REPO_DIR=/unattended_installer
-
-## Variables
-CERT_TOOL=wazuh-certs-tool.sh
-PASSWORD_TOOL=wazuh-passwords-tool.sh
-PACKAGES_URL=https://packages.wazuh.com/5.0/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
-
-## Check if the cert tool exists in S3 buckets
-CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
-CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
-
-## If cert tool exists in some bucket, download it, if not exit 1
-if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
-  echo "Cert tool exists in Packages bucket"
-elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
-  echo "Cert tool exists in Packages-dev bucket"
-else
-  echo "Cert tool does not exist in any bucket"
-  exit 1
-fi
 
 
-## Check if the password tool exists in S3 buckets
+##############################################################################
-PASSWORD_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+# Downloading Cert Gen Tool
-PASSWORD_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+##############################################################################
+# Variables for certificate generation
+CERT_TOOL="wazuh-certs-tool.sh"
+CERT_CONFIG_FILE="config.yml"
+download_package() {
+    local url=$1
+    local package=$2
+    if curl -fsL "$url" -o "$package"; then
+        echo "Downloaded $package"
+        return 0
+    else
+        echo "Error downloading $package from $url"
+        return 1
+    fi
+}
+# Download the tool to create the certificates
+echo "Downloading the tool to create the certificates..."
+download_package "$wazuh_cert_tool" $CERT_TOOL
+# Download the config file for the certificate tool
+echo "Downloading the config file for the certificate tool..."
+download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
 
-## If password tool exists in some bucket, download it, if not exit 1
+# Modify the config file to set the IP to localhost
-if [ "$PASSWORD_TOOL_PACKAGES" = "200" ]; then
+sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
-  curl -o $PASSWORD_TOOL $PACKAGES_URL$PASSWORD_TOOL
-  echo "Password tool exists in Packages bucket"
-elif [ "$PASSWORD_TOOL_PACKAGES_DEV" = "200" ]; then
-  curl -o $PASSWORD_TOOL $PACKAGES_DEV_URL$PASSWORD_TOOL
-  echo "Password tool exists in Packages-dev bucket"
-else
-  echo "Password tool does not exist in any bucket"
-  exit 1
-fi
 
-chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+chmod 700 "$CERT_CONFIG_FILE"
+# Create the certificates
+chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
 
-# copy to target
+# Copy Wazuh indexer's certificates and config files to $CONFIG_DIR
-mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
+mkdir -p ${CONFIG_DIR}/certs
-mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
+mv /etc/wazuh-indexer/* ${CONFIG_DIR}/
-mkdir -p ${TARGET_DIR}${CONFIG_DIR}
+cp -pr /wazuh-certificates/node-1.pem ${CONFIG_DIR}/certs/indexer.pem
-mkdir -p ${TARGET_DIR}${LIB_DIR}
+cp -pr /wazuh-certificates/node-1-key.pem ${CONFIG_DIR}/certs/indexer-key.pem
-mkdir -p ${TARGET_DIR}${LOG_DIR}
+cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
-mkdir -p ${TARGET_DIR}/etc/init.d
+cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
-mkdir -p ${TARGET_DIR}/etc/default
+cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
-mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
+cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
-mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
+
-mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
+# Modify opensearch.yml config paths
-mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
+sed -i "s|/etc/wazuh-indexer|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch.yml
-# Copy Wazuh's config files for the security plugin
-cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
-cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
-# Copy Wazuh indexer's certificates
-cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
-cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem
-cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key
-cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem
-cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
-cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
 
-# Delete xms and xmx parameters in jvm.options
-sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
-sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
 sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
 
-
+chown -R ${USER}:${GROUP} ${CONFIG_DIR}
-chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
+chmod -R 500 ${CONFIG_DIR}/certs
-chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
+chmod -R 400 ${CONFIG_DIR}/certs/*
-
-find ${TARGET_DIR} -type d -exec chmod 750 {} \;
-find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
-find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
-find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
-find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;

build-docker-images/wazuh-indexer/config/config.yml

@@ -1,5 +0,0 @@
-nodes:
-  # Wazuh indexer server nodes
-  indexer:
-    - name: demo.indexer
-      ip: demo.indexer

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -1,93 +1,77 @@
-#!/usr/bin/env bash
+#!/bin/bash
-# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
-set -e
 
-umask 0002
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
 
-export USER=wazuh-indexer
+# This script specify the entrypoint startup actions for opensearch
-export INSTALLATION_DIR=/usr/share/wazuh-indexer
+# It will start both opensearch and performance analyzer plugin cli
-export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
+# If either process failed, the entire docker container will be removed
-export JAVA_HOME=${INSTALLATION_DIR}/jdk
+# in favor of a newly started container
-export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
+
-export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
+# Export OpenSearch Home
-export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
+export OPENSEARCH_HOME=/usr/share/wazuh-indexer
-export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
+export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config
+export PATH=$OPENSEARCH_HOME/bin:$PATH
+
+
+# The virtual file /proc/self/cgroup should list the current cgroup
+# membership. For each hierarchy, you can follow the cgroup path from
+# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
+# introspect the statistics for the cgroup for the given
+# hierarchy. Alas, Docker breaks this by mounting the container
+# statistics at the root while leaving the cgroup paths as the actual
+# paths. Therefore, OpenSearch provides a mechanism to override
+# reading the cgroup path from /proc/self/cgroup and instead uses the
+# cgroup path defined the JVM system property
+# opensearch.cgroups.hierarchy.override. Therefore, we set this value here so
+# that cgroup statistics are available for the container this process
+# will run in.
+export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS"
+
+# Start up the opensearch and performance analyzer agent processes.
+# When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes.
+function runOpensearch {
+    # Files created by OpenSearch should always be group writable too
+    umask 0002
+
+    if [[ "$(id -u)" == "0" ]]; then
+        echo "Wazuh indexer cannot run as root. Please start your container as another user."
+        exit 1
+    fi
+
+    # Parse Docker env vars to customize Wazuh indexer / OpenSearch configuration
+    #
+    # e.g. Setting the env var cluster.name=testcluster
+    # will cause Wazuh indexer to be invoked with -Ecluster.name=testcluster
+    opensearch_opts=()
+    while IFS='=' read -r envvar_key envvar_value
+    do
+        # OpenSearch settings need to have at least two dot separated lowercase
+        # words, e.g. `cluster.name`, except for `processors` which we handle
+        # specially
+        if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
+            if [[ ! -z $envvar_value ]]; then
+            opensearch_opt="-E${envvar_key}=${envvar_value}"
+            opensearch_opts+=("${opensearch_opt}")
+            fi
+        fi
+    done < <(env)
+
+    # Start opensearch
+    exec "$@" "${opensearch_opts[@]}"
 
-run_as_other_user_if_needed() {
-  if [[ "$(id -u)" == "0" ]]; then
-    # If running as root, drop to specified UID and run command
-    exec chroot --userspec=1000:0 / "${@}"
-  else
-    # Either we are running in Openshift with random uid and are a member of the root group
-    # or with a custom --user
-    exec "${@}"
-  fi
 }
 
-# Allow user specify custom CMD, maybe bin/opensearch itself
+# Prepend "opensearch" command if no argument was provided or if the first
-# for example to directly specify `-E` style parameters for opensearch on k8s
+# argument looks like a flag (i.e. starts with a dash).
-# or simply to run /bin/bash to check the image
+if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
-if [[ "$1" != "opensearchwrapper" ]]; then
+    set -- opensearch "$@"
-  if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then
+fi
-    # Rewrite CMD args to replace $1 with `opensearch` explicitly,
+
-    # Without this, user could specify `opensearch -E x.y=z` but
+if [ "$1" = "opensearch" ]; then
-    # `bin/opensearch -E x.y=z` would not work.
+    # If the first argument is opensearch, then run the setup script.
-    set -- "opensearch" "${@:2}"
+    runOpensearch "$@"
-    # Use chroot to switch to UID 1000 / GID 0
+else
-    exec chroot --userspec=1000:0 / "$@"
+    # Otherwise, just exec the command.
-  else
-    # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
     exec "$@"
-  fi
+fi
-fi
-
-# Allow environment variables to be set by creating a file with the
-# contents, and setting an environment variable with the suffix _FILE to
-# point to it. This can be used to provide secrets to a container, without
-# the values being specified explicitly when running the container.
-#
-# This is also sourced in opensearch-env, and is only needed here
-# as well because we use INDEXER_PASSWORD below. Sourcing this script
-# is idempotent.
-source /usr/share/wazuh-indexer/bin/opensearch-env-from-file
-
-if [[ -f bin/opensearch-users ]]; then
-  # Check for the INDEXER_PASSWORD environment variable to set the
-  # bootstrap password for Security.
-  #
-  # This is only required for the first node in a cluster with Security
-  # enabled, but we have no way of knowing which node we are yet. We'll just
-  # honor the variable if it's present.
-  if [[ -n "$INDEXER_PASSWORD" ]]; then
-    [[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create)
-    if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then
-      # keystore is unencrypted
-      if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then
-        (run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password')
-      fi
-    else
-      # keystore requires password
-      if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \
-          | opensearch-keystore list | grep -q '^bootstrap.password$') ; then
-        COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")"
-        (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password')
-      fi
-    fi
-  fi
-fi
-
-if [[ "$(id -u)" == "0" ]]; then
-  # If requested and running as root, mutate the ownership of bind-mounts
-  if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
-    chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs}
-  fi
-fi
-
-
-#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
-  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
-#  nohup /securityadmin.sh &
-#  touch "/var/lib/wazuh-indexer/.flag"
-#fi
-
-run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

build-docker-images/wazuh-indexer/config/internal_users.yml

@@ -1,74 +0,0 @@
----
-# This is the internal user database
-# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
-
-_meta:
-  type: "internalusers"
-  config_version: 2
-
-# Define your internal users here
-
-## Demo users
-
-admin:
-  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
-  reserved: true
-  backend_roles:
-  - "admin"
-  description: "Demo admin user"
-
-kibanaserver:
-  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
-  reserved: true
-  description: "Demo kibanaserver user"
-
-kibanaro:
-  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  - "readall"
-  attributes:
-    attribute1: "value1"
-    attribute2: "value2"
-    attribute3: "value3"
-  description: "Demo kibanaro user"
-
-logstash:
-  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
-  reserved: false
-  backend_roles:
-  - "logstash"
-  description: "Demo logstash user"
-
-readall:
-  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
-  reserved: false
-  backend_roles:
-  - "readall"
-  description: "Demo readall user"
-
-snapshotrestore:
-  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-  description: "Demo snapshotrestore user"
-
-wazuh_admin:
-  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
-  reserved: true
-  hidden: false
-  backend_roles: []
-  attributes: {}
-  opendistro_security_roles: []
-  static: false
-  
-wazuh_user:
-  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
-  reserved: true
-  hidden: false
-  backend_roles: []
-  attributes: {}
-  opendistro_security_roles: []
-  static: false  

build-docker-images/wazuh-indexer/config/opensearch.yml

@@ -1,26 +0,0 @@
-network.host: "0.0.0.0"
-node.name: "wazuh.indexer"
-cluster.name: "wazuh-cluster"
-path.data: /var/lib/wazuh-indexer
-path.logs: /var/log/wazuh-indexer
-discovery.type: single-node
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.http.enabled: true
-plugins.security.ssl.transport.enforce_hostname_verification: false
-plugins.security.ssl.transport.resolve_hostname: false
-plugins.security.authcz.admin_dn:
-- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.check_snapshot_restore_write_privileges: true
-plugins.security.enable_snapshot_restore_privilege: true
-plugins.security.nodes_dn:
-- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
-plugins.security.restapi.roles_enabled:
-- "all_access"
-- "security_rest_api_access"
-plugins.security.system_indices.enabled: true
-plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

build-docker-images/wazuh-indexer/config/roles.yml

@@ -1,171 +0,0 @@
-_meta:
-  type: "roles"
-  config_version: 2
-
-# Restrict users so they can only view visualization and dashboards on kibana
-kibana_read_only:
-  reserved: true
-
-# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
-security_rest_api_access:
-  reserved: true
-
-# Allows users to view monitors, destinations and alerts
-alerting_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/alerting/alerts/get'
-    - 'cluster:admin/opendistro/alerting/destination/get'
-    - 'cluster:admin/opendistro/alerting/monitor/get'
-    - 'cluster:admin/opendistro/alerting/monitor/search'
-
-# Allows users to view and acknowledge alerts
-alerting_ack_alerts:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/alerting/alerts/*'
-
-# Allows users to use all alerting functionality
-alerting_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster_monitor'
-    - 'cluster:admin/opendistro/alerting/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices_monitor'
-        - 'indices:admin/aliases/get'
-        - 'indices:admin/mappings/get'
-
-# Allow users to read Anomaly Detection detectors and results
-anomaly_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/ad/detector/info'
-    - 'cluster:admin/opendistro/ad/detector/search'
-    - 'cluster:admin/opendistro/ad/detectors/get'
-    - 'cluster:admin/opendistro/ad/result/search'
-    - 'cluster:admin/opendistro/ad/tasks/search'
-
-# Allows users to use all Anomaly Detection functionality
-anomaly_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster_monitor'
-    - 'cluster:admin/opendistro/ad/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices_monitor'
-        - 'indices:admin/aliases/get'
-        - 'indices:admin/mappings/get'
-
-# Allows users to read Notebooks
-notebooks_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/notebooks/list'
-    - 'cluster:admin/opendistro/notebooks/get'
-
-# Allows users to all Notebooks functionality
-notebooks_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/notebooks/create'
-    - 'cluster:admin/opendistro/notebooks/update'
-    - 'cluster:admin/opendistro/notebooks/delete'
-    - 'cluster:admin/opendistro/notebooks/get'
-    - 'cluster:admin/opendistro/notebooks/list'
-
-# Allows users to read and download Reports
-reports_instances_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to read and download Reports and Report-definitions
-reports_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/definition/get'
-    - 'cluster:admin/opendistro/reports/definition/list'
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to all Reports functionality
-reports_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/reports/definition/create'
-    - 'cluster:admin/opendistro/reports/definition/update'
-    - 'cluster:admin/opendistro/reports/definition/on_demand'
-    - 'cluster:admin/opendistro/reports/definition/delete'
-    - 'cluster:admin/opendistro/reports/definition/get'
-    - 'cluster:admin/opendistro/reports/definition/list'
-    - 'cluster:admin/opendistro/reports/instance/list'
-    - 'cluster:admin/opendistro/reports/instance/get'
-    - 'cluster:admin/opendistro/reports/menu/download'
-
-# Allows users to use all asynchronous-search functionality
-asynchronous_search_full_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/asynchronous_search/*'
-  index_permissions:
-    - index_patterns:
-        - '*'
-      allowed_actions:
-        - 'indices:data/read/search*'
-
-# Allows users to read stored asynchronous-search results
-asynchronous_search_read_access:
-  reserved: true
-  cluster_permissions:
-    - 'cluster:admin/opendistro/asynchronous_search/get'
-
-wazuh_ui_user:
-  reserved: true
-  hidden: false
-  cluster_permissions: []
-  index_permissions:
-  - index_patterns:
-    - "wazuh-*"
-    dls: ""
-    fls: []
-    masked_fields: []
-    allowed_actions:
-    - "read"
-  tenant_permissions: []
-  static: false
-
-wazuh_ui_admin:
-  reserved: true
-  hidden: false
-  cluster_permissions: []
-  index_permissions:
-  - index_patterns:
-    - "wazuh-*"
-    dls: ""
-    fls: []
-    masked_fields: []
-    allowed_actions:
-    - "read"
-    - "delete"
-    - "manage"
-    - "index"
-  tenant_permissions: []
-  static: false
-
-# ISM API permissions role
-manage_ism:
-  reserved: true
-  hidden: false
-  cluster_permissions:
-  - "manage_ism"
-  static: false

build-docker-images/wazuh-indexer/config/roles_mapping.yml

@@ -1,78 +0,0 @@
----
-# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
-# Permissions for Wazuh indexer roles are configured in roles.yml
-
-_meta:
-  type: "rolesmapping"
-  config_version: 2
-
-# Define your roles mapping here
-
-## Demo roles mapping
-
-all_access:
-  reserved: false
-  backend_roles:
-  - "admin"
-  description: "Maps admin to all_access"
-
-own_index:
-  reserved: false
-  users:
-  - "*"
-  description: "Allow full access to an index named like the username"
-
-logstash:
-  reserved: false
-  backend_roles:
-  - "logstash"
-
-kibana_user:
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  users:
-  - "wazuh_user"
-  - "wazuh_admin"
-  description: "Maps kibanauser to kibana_user"
-
-readall:
-  reserved: false
-  backend_roles:
-  - "readall"
-
-manage_snapshots:
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-
-kibana_server:
-  reserved: true
-  users:
-  - "kibanaserver"
-
-wazuh_ui_admin:
-  reserved: true
-  hidden: false
-  backend_roles: []
-  hosts: []
-  users:
-  - "wazuh_admin"
-  - "kibanaserver"
-  and_backend_roles: []
-
-wazuh_ui_user:
-  reserved: true
-  hidden: false
-  backend_roles: []
-  hosts: []
-  users:
-  - "wazuh_user"
-  and_backend_roles: []
-
-# ISM API permissions role mapping
-manage_ism:
-  reserved: true
-  hidden: false
-  users:
-  - "kibanaserver"

build-docker-images/wazuh-manager/Dockerfile

@@ -9,6 +9,10 @@ ARG S6_VERSION="v2.2.0.3"
 ARG TARGETARCH
 ARG wazuh_manager_url_amd64_rpm
 ARG wazuh_manager_url_arm64_rpm
+ARG wazuh_cert_tool
+ARG wazuh_config_yml
+
+COPY config/config.sh .
 
 RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
     manager_url="${!URL_VAR}" && \
@@ -16,7 +20,10 @@ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
     dnf clean all && \
     curl -o /wazuh-manager.rpm "${manager_url}" && \
     dnf install /wazuh-manager.rpm -y && \
+    rm -rf /wazuh-manager.rpm && \
     dnf clean all && \
+    chmod 755 /config.sh && \
+    /config.sh && \
     curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
     -o /tmp/s6-overlay-amd64.tar.gz && \
     tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \

build-docker-images/wazuh-manager/config/config.sh

@@ -0,0 +1,39 @@
+##############################################################################
+# Downloading Cert Gen Tool
+##############################################################################
+# Variables for certificate generation
+CERT_TOOL="wazuh-certs-tool.sh"
+CERT_CONFIG_FILE="config.yml"
+CERT_DIR=/var/ossec/etc/certs/
+download_package() {
+    local url=$1
+    local package=$2
+    if curl -fsL "$url" -o "$package"; then
+        echo "Downloaded $package"
+        return 0
+    else
+        echo "Error downloading $package from $url"
+        return 1
+    fi
+}
+# Download the tool to create the certificates
+echo "Downloading the tool to create the certificates..."
+download_package "$wazuh_cert_tool" $CERT_TOOL
+# Download the config file for the certificate tool
+echo "Downloading the config file for the certificate tool..."
+download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
+
+# Modify the config file to set the IP to localhost
+sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
+
+chmod 700 "$CERT_CONFIG_FILE"
+# Create the certificates
+chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
+
+# Copy Wazuh manager certs
+cp -pr /wazuh-certificates/wazuh-1.pem ${CERT_DIR}/wazuh-1.pem
+cp -pr /wazuh-certificates/wazuh-1-key.pem ${CERT_DIR}/wazuh-1-key.pem
+cp -pr /wazuh-certificates/root-ca.key ${CERT_DIR}/root-ca.key
+cp -pr /wazuh-certificates/root-ca.pem ${CERT_DIR}/root-ca.pem
+cp -pr /wazuh-certificates/admin.pem ${CERT_DIR}/admin.pem
+cp -pr /wazuh-certificates/admin-key.pem ${CERT_DIR}/admin-key.pem

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -152,18 +152,76 @@ set_custom_hostname() {
   sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
 }
 
-##############################################################################
+function_configure_ossec_conf() {
-# Allow users to set the container cluster key dynamically on
+OSSEC_CONF="${WAZUH_INSTALL_PATH}/etc/ossec.conf"
-# container start.
-#
-# To use this:
-# 1. Create your own ossec.conf file
-# 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key
-# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
-##############################################################################
 
-set_custom_cluster_key() {
+# --------------------------
-  sed -i 's/<key>to_be_replaced_by_cluster_key<\/key>/<key>'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
+# Defaults based on OSSEC_CONF
+# --------------------------
+if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
+    WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
+fi
+
+# Node type logic
+if [[ "$WAZUH_NODE_TYPE" != "worker" ]]; then
+    WAZUH_NODE_TYPE="master"
+fi
+
+# Default node name → HOSTNAME if not defined
+WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
+
+# --------------------------
+# Replace Indexer Hosts
+# --------------------------
+if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
+    TMP_HOSTS=$(mktemp)
+    {
+        echo "    <hosts>"
+        for NODE in $WAZUH_INDEXER_HOSTS; do
+            IP="${NODE%:*}"
+            PORT="${NODE#*:}"
+            echo "      <host>https://$IP:$PORT</host>"
+        done
+        echo "    </hosts>"
+    } > "$TMP_HOSTS";
+    sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
+            -e 'd }}' "$OSSEC_CONF";
+    rm -f "$TMP_HOSTS";
+fi
+
+# --------------------------
+# Cluster: node_name
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
+
+# --------------------------
+# Cluster: node_type
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
+
+# --------------------------
+# Cluster: key
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
+
+# --------------------------
+# Cluster: nodes list
+# --------------------------
+if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
+    TMP_NODES=$(mktemp)
+    {
+        echo "    <nodes>"
+        for N in $WAZUH_CLUSTER_NODES; do
+            echo "        <node>$N</node>"
+        done
+        echo "    </nodes>"
+    } > "$TMP_NODES";
+    sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
+            -e 'd }}' "$OSSEC_CONF";
+    rm -f "$TMP_NODES";
+fi
+
+echo "Wazuh manager config modified successfully."
 }
 
 ##############################################################################
@@ -221,8 +279,8 @@ main() {
   # Allow setting custom hostname
   set_custom_hostname
 
-  # Allow setting custom cluster key
+  # Configure ossec.conf based on environment variables
-  set_custom_cluster_key
+  function_configure_ossec_conf
 
   # Delete temporary data folder
   rm -rf ${WAZUH_INSTALL_PATH}/data_tmp

build-docker-images/wazuh-manager/config/filebeat.yml

@@ -1,31 +0,0 @@
-
-# Wazuh - Filebeat configuration file
-filebeat.modules:
-  - module: wazuh
-    alerts:
-      enabled: true
-    archives:
-      enabled: false
-
-setup.template.json.enabled: true
-setup.template.overwrite: true
-setup.template.json.path: '/etc/filebeat/wazuh-template.json'
-setup.template.json.name: 'wazuh'
-setup.ilm.enabled: false
-output.elasticsearch:
-  hosts: ['https://wazuh.indexer:9200']
-  #username:
-  #password:
-  #ssl.verification_mode:
-  #ssl.certificate_authorities:
-  #ssl.certificate:
-  #ssl.key:
-
-logging.metrics.enabled: false
-
-seccomp:
-  default_action: allow
-  syscalls:
-  - action: allow
-    names:
-    - rseq

single-node/config/wazuh_cluster/entrypoint.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+set -xe
+
+OSSEC_CONF="ossec.conf"
+
+# --------------------------
+# Defaults based on OSSEC_CONF
+# --------------------------
+if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
+    WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
+fi
+
+if [[ -z "$WAZUH_CLUSTER_PORT" ]]; then
+    WAZUH_CLUSTER_PORT=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<port>\(.*\)<\/port>.*/\1/p' "$OSSEC_CONF" | head -n1)
+fi
+
+# Node type logic
+if [[ -z "$WAZUH_NODE_TYPE" ]]; then
+    if [[ "$HOSTNAME" == "manager" || "$HOSTNAME" == "aio_node" ]]; then
+        WAZUH_NODE_TYPE="master"
+    else
+        WAZUH_NODE_TYPE="worker"
+    fi
+fi
+
+# Default node name → HOSTNAME if not defined
+WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
+
+# --------------------------
+# Replace Indexer Hosts
+# --------------------------
+if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
+    TMP_HOSTS=$(mktemp)
+    {
+        echo "    <hosts>"
+        for NODE in $WAZUH_INDEXER_HOSTS; do
+            IP="${NODE%:*}"
+            PORT="${NODE#*:}"
+            echo "      <host>https://$IP:$PORT</host>"
+        done
+        echo "    </hosts>"
+    } > "$TMP_HOSTS";
+    sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
+            -e 'd }}' "$OSSEC_CONF";
+    rm -f "$TMP_HOSTS";
+fi
+
+# --------------------------
+# Cluster: node_name
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
+
+# --------------------------
+# Cluster: node_type
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
+
+# --------------------------
+# Cluster: key
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
+
+# --------------------------
+# Cluster: port
+# --------------------------
+sed -i "/<cluster>/,/<\/cluster>/ s|<port>.*</port>|<port>$WAZUH_CLUSTER_PORT</port>|" "$OSSEC_CONF"
+
+# --------------------------
+# Cluster: nodes list
+# --------------------------
+if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
+    TMP_NODES=$(mktemp)
+    {
+        echo "    <nodes>"
+        for N in $WAZUH_CLUSTER_NODES; do
+            echo "        <node>$N</node>"
+        done
+        echo "    </nodes>"
+    } > "$TMP_NODES";
+    sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
+            -e 'd }}' "$OSSEC_CONF";
+    rm -f "$TMP_NODES";
+fi
+
+echo "Wazuh manager config modified successfully."

single-node/config/wazuh_indexer/wazuh.indexer.yml

@@ -6,12 +6,12 @@ path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 http.port: 9200-9299
 transport.tcp.port: 9300-9399
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false