wazuh-docker-mirror/kibana/config/20-entrypoint_kibana_settings.sh

#!/bin/bash
# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)

WAZUH_MAJOR=3

##############################################################################
# Wait for the Kibana API to start. It is necessary to do it in this container
# because the others are running Elastic Stack and we can not interrupt them.
#
# The following actions are performed:
#
# Add the wazuh alerts index as default.
# Set the Discover time interval to 24 hours instead of 15 minutes.
# Do not ask user to help providing usage statistics to Elastic.
##############################################################################

##############################################################################
# Customize elasticsearch ip
##############################################################################
if [[ "$ELASTICSEARCH_KIBANA_IP" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
  sed -i "s:#elasticsearch.hosts:elasticsearch.hosts:g" /usr/share/kibana/config/kibana.yml
  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
fi

echo "SETTINGS - Update Elasticsearch host."

# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
if [[ "$KIBANA_INDEX" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
  if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
    sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
  fi
    echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
fi

# If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false.
if [[ "$XPACK_SECURITY_ENABLED" != "" && "$CONFIGURATION_FROM_FILE" == "false" ]]; then
  if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
    sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
  fi
    echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
fi

##############################################################################
# Get Kibana credentials
##############################################################################

if [ "$KIBANA_IP" != "" ]; then
  kibana_ip="$KIBANA_IP"
else
  kibana_ip="kibana"
fi

KIBANA_USER=""
KIBANA_PASS=""

if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  KIBANA_USER=${SECURITY_KIBANA_USER}
  KIBANA_PASS=${SECURITY_KIBANA_PASS}
else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"KIBANA_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_PASS=${arrIN[1]}
    elif [[ $line == *"KIBANA_USER"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_USER=${arrIN[1]}
    fi
  done < "$input"
 
fi

echo "SETTINGS - Kibana credentials obtained."


##############################################################################
# Set url authentication.
##############################################################################

if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-k -u $KIBANA_USER:${KIBANA_PASS}"
  kibana_secure_ip="https://$kibana_ip"
else
  auth=""
  kibana_secure_ip="http://$kibana_ip"
fi

echo "SETTINGS - Kibana authentication established."


##############################################################################
# Waiting for Kibana.
##############################################################################

while [[ "$(curl $auth -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_secure_ip:5601/status)" != "200" ]]; do
  echo "SETTINGS - Waiting for Kibana API. Sleeping 5 seconds"
  sleep 5
done

echo "SETTINGS - Kibana API is running"


##############################################################################
# Prepare index selection.
##############################################################################

echo "SETTINGS - Prepare index selection."

default_index="/tmp/default_index.json"

if [[ $PATTERN == "" ]]; then

  cat > ${default_index} << EOF
{
  "changes": {
    "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
  }
}
EOF

else

  cat > ${default_index} << EOF
{
  "changes": {
    "defaultIndex": "$PATTERN"
  }
}
EOF

fi


sleep 5


##############################################################################
# Add the wazuh alerts index as default.
##############################################################################

echo "SETTINGS - Add the wazuh alerts index as default."

curl $auth -POST "$kibana_secure_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
rm -f ${default_index}

sleep 5


##############################################################################
# Configuring Kibana TimePicker.
##############################################################################

echo "SETTINGS - Configuring Kibana TimePicker."

curl $auth -POST "$kibana_secure_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'

sleep 5


##############################################################################
# Do not ask user to help providing usage statistics to Elastic.
##############################################################################

echo "SETTINGS - Do not ask user to help providing usage statistics to Elastic."

curl $auth -POST "$kibana_secure_ip:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'


##############################################################################
# Remove credentials file.
##############################################################################

echo "SETTINGS - Remove credentials file."

if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  echo "Security credentials file not used. Nothing to do."
else
  shred -zvu ${SECURITY_CREDENTIALS_FILE}
fi

echo "End settings"