paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-17 20:31:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated security config files

Browse Source
This commit is contained in:
c-bordon
2023-11-09 09:09:08 -03:00
parent 4863d54c99
commit 486c41e3f9
6 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ##
│   │   └── Dockerfile │   │   └── Dockerfile
│   ├── wazuh-indexer │   ├── wazuh-indexer
│   │   ├── config │   │   ├── config
│ │ │ ├── action_groups.yml
│   │   │   ├── config.sh │   │   │   ├── config.sh
│   │   │   ├── config.yml │   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh │   │   │   ├── entrypoint.sh

2
build-docker-images/wazuh-indexer/Dockerfile
View File

@@ -12,6 +12,8 @@ COPY config/config.sh .
COPY config/config.yml / COPY config/config.yml /
COPY config/action_groups.yml /
COPY config/internal_users.yml / COPY config/internal_users.yml /
COPY config/roles_mapping.yml / COPY config/roles_mapping.yml /

12
build-docker-images/wazuh-indexer/config/action_groups.yml Normal file
View File

@@ -0,0 +1,12 @@
---
_meta:
type: "actiongroups"
config_version: 2
# ISM API permissions group
manage_ism:
reserved: true
hidden: false
allowed_actions:
- "cluster:admin/opendistro/ism/*"
static: false

1
build-docker-images/wazuh-indexer/config/config.sh
View File

@@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/
# Copy Wazuh's config files for the security plugin # Copy Wazuh's config files for the security plugin
cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
# Copy Wazuh indexer's certificates # Copy Wazuh indexer's certificates

12
build-docker-images/wazuh-indexer/config/roles.yml
View File

@@ -142,7 +142,7 @@ wazuh_ui_user:
allowed_actions: allowed_actions:
- "read" - "read"
tenant_permissions: [] tenant_permissions: []
static: false static: false
wazuh_ui_admin: wazuh_ui_admin:
reserved: true reserved: true
@@ -160,4 +160,12 @@ wazuh_ui_admin:
- "manage" - "manage"
- "index" - "index"
tenant_permissions: [] tenant_permissions: []
static: false static: false
# ISM API permissions role
manage_ism:
reserved: true
hidden: false
cluster_permissions:
- "manage_ism"
static: false

11
build-docker-images/wazuh-indexer/config/roles_mapping.yml
View File

@@ -33,7 +33,7 @@ kibana_user:
- "kibanauser" - "kibanauser"
users: users:
- "wazuh_user" - "wazuh_user"
- "wazuh_admin" - "wazuh_admin"
description: "Maps kibanauser to kibana_user" description: "Maps kibanauser to kibana_user"
readall: readall:
@@ -68,4 +68,11 @@ wazuh_ui_user:
hosts: [] hosts: []
users: users:
- "wazuh_user" - "wazuh_user"
and_backend_roles: [] and_backend_roles: []
# ISM API permissions role mapping
manage_ism:
reserved: true
hidden: false
users:
- "kibanaserver"