diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 629a5988..71cc485b 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -38,4 +38,5 @@ cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem -chmod 640 ${CONFIG_DIR}/certs/* +chmod -R 500 ${CONFIG_DIR}/certs +chmod -R 400 ${CONFIG_DIR}/certs/* \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index a56a52d7..a598ecf8 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -78,6 +78,7 @@ mkdir -p ${TARGET_DIR}/etc/default mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d mkdir -p ${TARGET_DIR}/usr/lib/systemd/system +mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs # Move configuration files for wazuh-indexer mv -f ${BASE_DIR}/etc/init.d/${NAME} ${TARGET_DIR}/etc/init.d/${NAME} mv -f ${BASE_DIR}/etc/wazuh-indexer/* ${TARGET_DIR}${CONFIG_DIR} @@ -98,9 +99,12 @@ cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/s cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/ cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates -cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/indexer.pem -cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/indexer-key.pem -cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/root-ca.key -cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/root-ca.pem -cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/admin.pem -cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/admin-key.pem +cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem +cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem +cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key +cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem +cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem +cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem + +chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs +chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/* \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index f0a8b99f..157a9ba5 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -10,8 +10,8 @@ export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config export JAVA_HOME=${INSTALLATION_DIR}/jdk export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) -export CERT="${OPENSEARCH_PATH_CONF}/admin.pem" -export KEY="${OPENSEARCH_PATH_CONF}/admin-key.pem" +export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" +export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" run_as_other_user_if_needed() { if [[ "$(id -u)" == "0" ]]; then diff --git a/build-docker-images/wazuh-indexer/config/opensearch.yml b/build-docker-images/wazuh-indexer/config/opensearch.yml index 922e86e5..0a992fb7 100644 --- a/build-docker-images/wazuh-indexer/config/opensearch.yml +++ b/build-docker-images/wazuh-indexer/config/opensearch.yml @@ -4,12 +4,12 @@ path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer discovery.type: single-node compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh index 6ab0ba05..84382867 100644 --- a/indexer-certs-creator/config/entrypoint.sh +++ b/indexer-certs-creator/config/entrypoint.sh @@ -28,14 +28,34 @@ else exit 1 fi +cp /certificates/certs.yml /config.yml + chmod 700 /$CERT_TOOL ############################################################################## # Creating Cluster certificates ############################################################################## -/$CERT_TOOL -A +## Execute cert tool and parsin cert.yml to set UID permissions +source /$CERT_TOOL -A +nodes_server=$( cert_parseYaml /config.yml | grep nodes_server_name | sed 's/nodes_server_name=//' ) +node_names=($nodes_server) + echo "Moving created certificates to destination directory" cp /wazuh-certificates/* /certificates/ echo "changing certificate permissions" -chmod -R 666 /certificates/* +chmod -R 500 /certificates +chmod -R 400 /certificates/* +echo "Setting UID indexer and dashboard" +chown 1000:1000 /certificates/* +echo "Setting UID for wazuh manager and worker" +cp /certificates/root-ca.pem /certificates/root-ca-manager.pem +cp /certificates/root-ca.key /certificates/root-ca-manager.key +chown 999:997 /certificates/root-ca-manager.pem +chown 999:997 /certificates/root-ca-manager.key + +for i in ${node_names[@]}; +do + chown 999:997 "/certificates/${i}.pem" + chown 999:997 "/certificates/${i}-key.pem" +done diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml index d48c01d9..44067088 100644 --- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml +++ b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml @@ -12,12 +12,12 @@ discovery.seed_hosts: node.max_local_storage_nodes: "3" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml index 43d82e6b..b60933ba 100644 --- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml +++ b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml @@ -12,12 +12,12 @@ discovery.seed_hosts: node.max_local_storage_nodes: "3" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml index 2ca2ff17..4f974bc0 100644 --- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml +++ b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml @@ -12,12 +12,12 @@ discovery.seed_hosts: node.max_local_storage_nodes: "3" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 7707f76b..877e684a 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -32,7 +32,7 @@ services: - master-wazuh-wodles:/var/ossec/wodles - master-filebeat-etc:/etc/filebeat - master-filebeat-var:/var/lib/filebeat - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf @@ -61,7 +61,7 @@ services: - worker-wazuh-wodles:/var/ossec/wodles - worker-filebeat-etc:/etc/filebeat - worker-filebeat-var:/var/lib/filebeat - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf @@ -84,11 +84,11 @@ services: hard: 65536 volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh1.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/wazuh1.indexer.pem - - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/admin.pem - - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/admin-key.pem + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem + - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem + - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml @@ -108,9 +108,9 @@ services: hard: 65536 volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh2.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/wazuh2.indexer.pem + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.pem - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml @@ -130,9 +130,9 @@ services: hard: 65536 volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh3.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/wazuh3.indexer.pem + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.pem - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-indexer-certs.yml index c29c50d6..0886acd3 100644 --- a/multi-node/generate-indexer-certs.yml +++ b/multi-node/generate-indexer-certs.yml @@ -6,5 +6,4 @@ services: image: wazuh/wazuh-certs-generator:0.0.1 hostname: wazuh-certs-generator volumes: - - ./config/wazuh_indexer_ssl_certs/certs.yml:/config.yml - ./config/wazuh_indexer_ssl_certs/:/certificates/ \ No newline at end of file diff --git a/single-node/config/wazuh_indexer/wazuh.indexer.yml b/single-node/config/wazuh_indexer/wazuh.indexer.yml index 2a3136f1..1c04e7be 100644 --- a/single-node/config/wazuh_indexer/wazuh.indexer.yml +++ b/single-node/config/wazuh_indexer/wazuh.indexer.yml @@ -3,12 +3,13 @@ node.name: "wazuh.indexer" path.data: /var/lib/wazuh-indexer path.logs: /var/log/wazuh-indexer discovery.type: single-node -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem plugins.security.ssl.http.enabled: true plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.resolve_hostname: false diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 5d5e3137..827421cb 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -33,7 +33,7 @@ services: - wazuh_wodles:/var/ossec/wodles - filebeat_etc:/etc/filebeat - filebeat_var:/var/lib/filebeat - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf @@ -55,11 +55,11 @@ services: hard: 65536 volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/wazuh.indexer.pem - - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/admin.pem - - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/admin-key.pem + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem + - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem + - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml index c29c50d6..0886acd3 100644 --- a/single-node/generate-indexer-certs.yml +++ b/single-node/generate-indexer-certs.yml @@ -6,5 +6,4 @@ services: image: wazuh/wazuh-certs-generator:0.0.1 hostname: wazuh-certs-generator volumes: - - ./config/wazuh_indexer_ssl_certs/certs.yml:/config.yml - ./config/wazuh_indexer_ssl_certs/:/certificates/ \ No newline at end of file