mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-11-03 21:43:17 +00:00
Delete Wazuh indexer config files
This commit is contained in:
Victor Carlos Erenu
@@ -13,20 +13,8 @@ RUN chmod 775 /check_repository.sh && \
|
||||
RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
|
||||
yum clean all
|
||||
|
||||
COPY config/opensearch.yml /
|
||||
|
||||
COPY config/config.sh .
|
||||
|
||||
COPY config/config.yml /
|
||||
|
||||
COPY config/action_groups.yml /
|
||||
|
||||
COPY config/internal_users.yml /
|
||||
|
||||
COPY config/roles_mapping.yml /
|
||||
|
||||
COPY config/roles.yml /
|
||||
|
||||
RUN bash config.sh
|
||||
|
||||
################################################################################
|
||||
@@ -36,6 +24,7 @@ RUN bash config.sh
|
||||
# Add entrypoint
|
||||
|
||||
################################################################################
|
||||
|
||||
FROM amazonlinux:2023
|
||||
|
||||
ENV USER="wazuh-indexer" \
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
---
|
||||
_meta:
|
||||
type: "actiongroups"
|
||||
config_version: 2
|
||||
|
||||
# ISM API permissions group
|
||||
manage_ism:
|
||||
reserved: true
|
||||
hidden: false
|
||||
allowed_actions:
|
||||
- "cluster:admin/opendistro/ism/*"
|
||||
static: false
|
||||
@@ -3,7 +3,6 @@
|
||||
export DH_OPTIONS
|
||||
|
||||
export NAME=wazuh-indexer
|
||||
export TARGET_DIR=${CURDIR}/debian/${NAME}
|
||||
|
||||
# Package build options
|
||||
export USER=${NAME}
|
||||
@@ -14,89 +13,86 @@ export LIB_DIR=/var/lib/${NAME}
|
||||
export PID_DIR=/run/${NAME}
|
||||
export INSTALLATION_DIR=/usr/share/${NAME}
|
||||
export CONFIG_DIR=${INSTALLATION_DIR}/config
|
||||
export BASE_DIR=${NAME}-*
|
||||
export INDEXER_FILE=wazuh-indexer-base.tar.xz
|
||||
export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz
|
||||
export REPO_DIR=/unattended_installer
|
||||
|
||||
|
||||
##############################################################################
|
||||
# Downloading Cert Gen Tool
|
||||
##############################################################################
|
||||
|
||||
## Variables
|
||||
CERT_TOOL=wazuh-certs-tool.sh
|
||||
PASSWORD_TOOL=wazuh-passwords-tool.sh
|
||||
PACKAGES_URL=https://packages.wazuh.com/4.14/
|
||||
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.14/
|
||||
CERT_CONFIG_FILE=config.yml
|
||||
CERT_TOOL_VERSION="4.14"
|
||||
PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
|
||||
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
|
||||
|
||||
## Check if the cert tool exists in S3 buckets
|
||||
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
|
||||
CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
|
||||
download_package() {
|
||||
local url=$1
|
||||
local package=$2
|
||||
local output=$2
|
||||
echo "Checking $url$package ..."
|
||||
if curl -fsL "$url$package" -o "$output"; then
|
||||
echo "Downloaded $package from $url"
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
## If cert tool exists in some bucket, download it, if not exit 1
|
||||
if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
|
||||
curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
|
||||
echo "Cert tool exists in Packages bucket"
|
||||
elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
|
||||
curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
|
||||
echo "Cert tool exists in Packages-dev bucket"
|
||||
# Download the tool to create the certificates
|
||||
echo "Downloading the tool to create the certificates..."
|
||||
# Try first the prod URL, if it fails try the dev URL
|
||||
if download_package "$PACKAGES_URL" "$CERT_TOOL"; then
|
||||
:
|
||||
elif download_package "$PACKAGES_DEV_URL" "$CERT_TOOL"; then
|
||||
:
|
||||
else
|
||||
echo "Cert tool does not exist in any bucket"
|
||||
exit 1
|
||||
echo "The tool to create the certificates does not exist in any bucket"
|
||||
echo "ERROR: certificates were not created"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
## Check if the password tool exists in S3 buckets
|
||||
PASSWORD_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk '{print $2}')
|
||||
PASSWORD_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk '{print $2}')
|
||||
|
||||
## If password tool exists in some bucket, download it, if not exit 1
|
||||
if [ "$PASSWORD_TOOL_PACKAGES" = "200" ]; then
|
||||
curl -o $PASSWORD_TOOL $PACKAGES_URL$PASSWORD_TOOL
|
||||
echo "Password tool exists in Packages bucket"
|
||||
elif [ "$PASSWORD_TOOL_PACKAGES_DEV" = "200" ]; then
|
||||
curl -o $PASSWORD_TOOL $PACKAGES_DEV_URL$PASSWORD_TOOL
|
||||
echo "Password tool exists in Packages-dev bucket"
|
||||
# Download the config file for the certificate tool
|
||||
echo "Downloading the config file for the certificate tool..."
|
||||
# Try first the prod URL, if it fails try the dev URL
|
||||
if download_package "$PACKAGES_URL" "$CERT_CONFIG_FILE"; then
|
||||
:
|
||||
elif download_package "$PACKAGES_DEV_URL" "$CERT_CONFIG_FILE"; then
|
||||
:
|
||||
else
|
||||
echo "Password tool does not exist in any bucket"
|
||||
exit 1
|
||||
echo "The config file for the certificate tool does not exist in any bucket"
|
||||
echo "ERROR: certificates were not created"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
|
||||
awk '
|
||||
/^ indexer:/ {in_indexer=1}
|
||||
/^ # Wazuh server nodes/ {in_indexer=0}
|
||||
in_indexer && /^[[:space:]]*[^#].*name:/ {sub(/name:.*/, "name: indexer")}
|
||||
/^[[:space:]]*[^#].*ip:/ {sub(/ip:.*/, "ip: \"127.0.0.1\"")}
|
||||
|
||||
{print}
|
||||
' config.yml > config.yml.tmp && mv config.yml config.yml.bak && mv config.yml.tmp config.yml
|
||||
|
||||
|
||||
chmod 700 "$CERT_CONFIG_FILE"
|
||||
# Create the certificates
|
||||
chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
|
||||
|
||||
# copy to target
|
||||
mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}
|
||||
mkdir -p ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
|
||||
mkdir -p ${TARGET_DIR}${CONFIG_DIR}
|
||||
mkdir -p ${TARGET_DIR}${LIB_DIR}
|
||||
mkdir -p ${TARGET_DIR}${LOG_DIR}
|
||||
mkdir -p ${TARGET_DIR}/etc/init.d
|
||||
mkdir -p ${TARGET_DIR}/etc/default
|
||||
mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d
|
||||
mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d
|
||||
mkdir -p ${TARGET_DIR}/usr/lib/systemd/system
|
||||
mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs
|
||||
# Copy Wazuh's config files for the security plugin
|
||||
cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
|
||||
cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
|
||||
cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
|
||||
cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
|
||||
cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
|
||||
# Copy Wazuh indexer's certificates
|
||||
cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
|
||||
cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem
|
||||
cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key
|
||||
cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem
|
||||
cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem
|
||||
cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem
|
||||
mkdir -p ${CONFIG_DIR}/certs
|
||||
cp -pr /wazuh-certificates/indexer.pem ${CONFIG_DIR}/certs/indexer.pem
|
||||
cp -pr /wazuh-certificates/indexer-key.pem ${CONFIG_DIR}/certs/indexer-key.pem
|
||||
cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
|
||||
cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
|
||||
cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
|
||||
cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
|
||||
|
||||
# Delete xms and xmx parameters in jvm.options
|
||||
sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
|
||||
sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
|
||||
sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
|
||||
|
||||
|
||||
chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs
|
||||
chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/*
|
||||
|
||||
find ${TARGET_DIR} -type d -exec chmod 750 {} \;
|
||||
find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \;
|
||||
find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \;
|
||||
find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \;
|
||||
find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \;
|
||||
chown -R ${USER}:${GROUP} ${CONFIG_DIR}
|
||||
chmod -R 500 ${CONFIG_DIR}/certs
|
||||
chmod -R 400 ${CONFIG_DIR}/certs/*
|
||||
|
||||
@@ -1,5 +0,0 @@
|
||||
nodes:
|
||||
# Wazuh indexer server nodes
|
||||
indexer:
|
||||
- name: demo.indexer
|
||||
ip: demo.indexer
|
||||
@@ -1,74 +0,0 @@
|
||||
---
|
||||
# This is the internal user database
|
||||
# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
|
||||
|
||||
_meta:
|
||||
type: "internalusers"
|
||||
config_version: 2
|
||||
|
||||
# Define your internal users here
|
||||
|
||||
## Demo users
|
||||
|
||||
admin:
|
||||
hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
|
||||
reserved: true
|
||||
backend_roles:
|
||||
- "admin"
|
||||
description: "Demo admin user"
|
||||
|
||||
kibanaserver:
|
||||
hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
|
||||
reserved: true
|
||||
description: "Demo kibanaserver user"
|
||||
|
||||
kibanaro:
|
||||
hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "kibanauser"
|
||||
- "readall"
|
||||
attributes:
|
||||
attribute1: "value1"
|
||||
attribute2: "value2"
|
||||
attribute3: "value3"
|
||||
description: "Demo kibanaro user"
|
||||
|
||||
logstash:
|
||||
hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "logstash"
|
||||
description: "Demo logstash user"
|
||||
|
||||
readall:
|
||||
hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "readall"
|
||||
description: "Demo readall user"
|
||||
|
||||
snapshotrestore:
|
||||
hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "snapshotrestore"
|
||||
description: "Demo snapshotrestore user"
|
||||
|
||||
wazuh_admin:
|
||||
hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
|
||||
reserved: true
|
||||
hidden: false
|
||||
backend_roles: []
|
||||
attributes: {}
|
||||
opendistro_security_roles: []
|
||||
static: false
|
||||
|
||||
wazuh_user:
|
||||
hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
|
||||
reserved: true
|
||||
hidden: false
|
||||
backend_roles: []
|
||||
attributes: {}
|
||||
opendistro_security_roles: []
|
||||
static: false
|
||||
@@ -1,27 +0,0 @@
|
||||
network.host: "0.0.0.0"
|
||||
node.name: "wazuh.indexer"
|
||||
cluster.name: "wazuh-cluster"
|
||||
path.data: /var/lib/wazuh-indexer
|
||||
path.logs: /var/log/wazuh-indexer
|
||||
discovery.type: single-node
|
||||
compatibility.override_main_response_version: true
|
||||
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/indexer.pem
|
||||
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/indexer-key.pem
|
||||
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
|
||||
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/indexer.pem
|
||||
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/indexer-key.pem
|
||||
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
|
||||
plugins.security.ssl.http.enabled: true
|
||||
plugins.security.ssl.transport.enforce_hostname_verification: false
|
||||
plugins.security.ssl.transport.resolve_hostname: false
|
||||
plugins.security.authcz.admin_dn:
|
||||
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
|
||||
plugins.security.check_snapshot_restore_write_privileges: true
|
||||
plugins.security.enable_snapshot_restore_privilege: true
|
||||
plugins.security.nodes_dn:
|
||||
- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
|
||||
plugins.security.restapi.roles_enabled:
|
||||
- "all_access"
|
||||
- "security_rest_api_access"
|
||||
plugins.security.system_indices.enabled: true
|
||||
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
|
||||
@@ -1,171 +0,0 @@
|
||||
_meta:
|
||||
type: "roles"
|
||||
config_version: 2
|
||||
|
||||
# Restrict users so they can only view visualization and dashboards on kibana
|
||||
kibana_read_only:
|
||||
reserved: true
|
||||
|
||||
# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
|
||||
security_rest_api_access:
|
||||
reserved: true
|
||||
|
||||
# Allows users to view monitors, destinations and alerts
|
||||
alerting_read_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/alerting/alerts/get'
|
||||
- 'cluster:admin/opendistro/alerting/destination/get'
|
||||
- 'cluster:admin/opendistro/alerting/monitor/get'
|
||||
- 'cluster:admin/opendistro/alerting/monitor/search'
|
||||
|
||||
# Allows users to view and acknowledge alerts
|
||||
alerting_ack_alerts:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/alerting/alerts/*'
|
||||
|
||||
# Allows users to use all alerting functionality
|
||||
alerting_full_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster_monitor'
|
||||
- 'cluster:admin/opendistro/alerting/*'
|
||||
index_permissions:
|
||||
- index_patterns:
|
||||
- '*'
|
||||
allowed_actions:
|
||||
- 'indices_monitor'
|
||||
- 'indices:admin/aliases/get'
|
||||
- 'indices:admin/mappings/get'
|
||||
|
||||
# Allow users to read Anomaly Detection detectors and results
|
||||
anomaly_read_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/ad/detector/info'
|
||||
- 'cluster:admin/opendistro/ad/detector/search'
|
||||
- 'cluster:admin/opendistro/ad/detectors/get'
|
||||
- 'cluster:admin/opendistro/ad/result/search'
|
||||
- 'cluster:admin/opendistro/ad/tasks/search'
|
||||
|
||||
# Allows users to use all Anomaly Detection functionality
|
||||
anomaly_full_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster_monitor'
|
||||
- 'cluster:admin/opendistro/ad/*'
|
||||
index_permissions:
|
||||
- index_patterns:
|
||||
- '*'
|
||||
allowed_actions:
|
||||
- 'indices_monitor'
|
||||
- 'indices:admin/aliases/get'
|
||||
- 'indices:admin/mappings/get'
|
||||
|
||||
# Allows users to read Notebooks
|
||||
notebooks_read_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/notebooks/list'
|
||||
- 'cluster:admin/opendistro/notebooks/get'
|
||||
|
||||
# Allows users to all Notebooks functionality
|
||||
notebooks_full_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/notebooks/create'
|
||||
- 'cluster:admin/opendistro/notebooks/update'
|
||||
- 'cluster:admin/opendistro/notebooks/delete'
|
||||
- 'cluster:admin/opendistro/notebooks/get'
|
||||
- 'cluster:admin/opendistro/notebooks/list'
|
||||
|
||||
# Allows users to read and download Reports
|
||||
reports_instances_read_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/reports/instance/list'
|
||||
- 'cluster:admin/opendistro/reports/instance/get'
|
||||
- 'cluster:admin/opendistro/reports/menu/download'
|
||||
|
||||
# Allows users to read and download Reports and Report-definitions
|
||||
reports_read_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/reports/definition/get'
|
||||
- 'cluster:admin/opendistro/reports/definition/list'
|
||||
- 'cluster:admin/opendistro/reports/instance/list'
|
||||
- 'cluster:admin/opendistro/reports/instance/get'
|
||||
- 'cluster:admin/opendistro/reports/menu/download'
|
||||
|
||||
# Allows users to all Reports functionality
|
||||
reports_full_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/reports/definition/create'
|
||||
- 'cluster:admin/opendistro/reports/definition/update'
|
||||
- 'cluster:admin/opendistro/reports/definition/on_demand'
|
||||
- 'cluster:admin/opendistro/reports/definition/delete'
|
||||
- 'cluster:admin/opendistro/reports/definition/get'
|
||||
- 'cluster:admin/opendistro/reports/definition/list'
|
||||
- 'cluster:admin/opendistro/reports/instance/list'
|
||||
- 'cluster:admin/opendistro/reports/instance/get'
|
||||
- 'cluster:admin/opendistro/reports/menu/download'
|
||||
|
||||
# Allows users to use all asynchronous-search functionality
|
||||
asynchronous_search_full_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/asynchronous_search/*'
|
||||
index_permissions:
|
||||
- index_patterns:
|
||||
- '*'
|
||||
allowed_actions:
|
||||
- 'indices:data/read/search*'
|
||||
|
||||
# Allows users to read stored asynchronous-search results
|
||||
asynchronous_search_read_access:
|
||||
reserved: true
|
||||
cluster_permissions:
|
||||
- 'cluster:admin/opendistro/asynchronous_search/get'
|
||||
|
||||
wazuh_ui_user:
|
||||
reserved: true
|
||||
hidden: false
|
||||
cluster_permissions: []
|
||||
index_permissions:
|
||||
- index_patterns:
|
||||
- "wazuh-*"
|
||||
dls: ""
|
||||
fls: []
|
||||
masked_fields: []
|
||||
allowed_actions:
|
||||
- "read"
|
||||
tenant_permissions: []
|
||||
static: false
|
||||
|
||||
wazuh_ui_admin:
|
||||
reserved: true
|
||||
hidden: false
|
||||
cluster_permissions: []
|
||||
index_permissions:
|
||||
- index_patterns:
|
||||
- "wazuh-*"
|
||||
dls: ""
|
||||
fls: []
|
||||
masked_fields: []
|
||||
allowed_actions:
|
||||
- "read"
|
||||
- "delete"
|
||||
- "manage"
|
||||
- "index"
|
||||
tenant_permissions: []
|
||||
static: false
|
||||
|
||||
# ISM API permissions role
|
||||
manage_ism:
|
||||
reserved: true
|
||||
hidden: false
|
||||
cluster_permissions:
|
||||
- "manage_ism"
|
||||
static: false
|
||||
@@ -1,78 +0,0 @@
|
||||
---
|
||||
# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
|
||||
# Permissions for Wazuh indexer roles are configured in roles.yml
|
||||
|
||||
_meta:
|
||||
type: "rolesmapping"
|
||||
config_version: 2
|
||||
|
||||
# Define your roles mapping here
|
||||
|
||||
## Demo roles mapping
|
||||
|
||||
all_access:
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "admin"
|
||||
description: "Maps admin to all_access"
|
||||
|
||||
own_index:
|
||||
reserved: false
|
||||
users:
|
||||
- "*"
|
||||
description: "Allow full access to an index named like the username"
|
||||
|
||||
logstash:
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "logstash"
|
||||
|
||||
kibana_user:
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "kibanauser"
|
||||
users:
|
||||
- "wazuh_user"
|
||||
- "wazuh_admin"
|
||||
description: "Maps kibanauser to kibana_user"
|
||||
|
||||
readall:
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "readall"
|
||||
|
||||
manage_snapshots:
|
||||
reserved: false
|
||||
backend_roles:
|
||||
- "snapshotrestore"
|
||||
|
||||
kibana_server:
|
||||
reserved: true
|
||||
users:
|
||||
- "kibanaserver"
|
||||
|
||||
wazuh_ui_admin:
|
||||
reserved: true
|
||||
hidden: false
|
||||
backend_roles: []
|
||||
hosts: []
|
||||
users:
|
||||
- "wazuh_admin"
|
||||
- "kibanaserver"
|
||||
and_backend_roles: []
|
||||
|
||||
wazuh_ui_user:
|
||||
reserved: true
|
||||
hidden: false
|
||||
backend_roles: []
|
||||
hosts: []
|
||||
users:
|
||||
- "wazuh_user"
|
||||
and_backend_roles: []
|
||||
|
||||
# ISM API permissions role mapping
|
||||
manage_ism:
|
||||
reserved: true
|
||||
hidden: false
|
||||
users:
|
||||
- "kibanaserver"
|
||||
Reference in New Issue
Block a user