From 9a841fdbd344e8600c7ae2b6e3494554030a54b9 Mon Sep 17 00:00:00 2001
From: manuasir <manu.asi2@gmail.com>
Date: Mon, 11 Feb 2019 15:28:43 +0100
Subject: [PATCH 1/4] Added support for secure HTTPS xPac requests

---
 elasticsearch/config/load_settings.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/elasticsearch/config/load_settings.sh b/elasticsearch/config/load_settings.sh
index bac61378..d41b5cf9 100644
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -15,6 +15,11 @@ else
   wazuh_url="${WAZUH_API_URL}"
 fi
 
+if [ "x${ELASTICSEARCH_USERNAME}" = "x"]; then
+  auth=""
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+fi
 
 until curl -XGET $el_url; do
   >&2 echo "Elastic is unavailable - sleeping"
@@ -27,7 +32,7 @@ done
 
 sed -i 's|    "index.refresh_interval": "5s"|    "index.refresh_interval": "5s",    "number_of_shards" :   '"${ALERTS_SHARDS}"',    "number_of_replicas" : '"${ALERTS_REPLICAS}"'|' /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json
 
-cat /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" -H 'Content-Type: application/json' -d @-
+cat /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" ${auth} -H 'Content-Type: application/json' -d @-
 sleep 5
 
 
@@ -38,7 +43,7 @@ API_PASSWORD=`echo -n $API_PASS_Q | base64`
 echo "Setting API credentials into Wazuh APP"
 CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013)
 if [ "x$CONFIG_CODE" = "x404" ]; then
-  curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
+  curl -s -XPOST ${auth} $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
   {
     "api_user": "'"$API_USER_Q"'",
     "api_password": "'"$API_PASSWORD"'",

From 89e6af0d9ad1b336398f148e89a393454c37d405 Mon Sep 17 00:00:00 2001
From: manuasir <manu.asi2@gmail.com>
Date: Tue, 12 Feb 2019 17:10:46 +0100
Subject: [PATCH 2/4] Added authorization to every Elastic request

---
 elasticsearch/config/load_settings.sh | 8 ++++----
 kibana/config/entrypoint.sh           | 8 +++++++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/elasticsearch/config/load_settings.sh b/elasticsearch/config/load_settings.sh
index d41b5cf9..d78d0f17 100644
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -21,7 +21,7 @@ else
   auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 
-until curl -XGET $el_url; do
+until curl ${auth} -XGET $el_url; do
   >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done
@@ -41,9 +41,9 @@ API_USER_Q=`echo "$API_USER" | tr -d '"'`
 API_PASSWORD=`echo -n $API_PASS_Q | base64`
 
 echo "Setting API credentials into Wazuh APP"
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013)
+CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013 ${auth})
 if [ "x$CONFIG_CODE" = "x404" ]; then
-  curl -s -XPOST ${auth} $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
+  curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
   {
     "api_user": "'"$API_USER_Q"'",
     "api_password": "'"$API_PASSWORD"'",
@@ -72,7 +72,7 @@ else
 fi
 sleep 5
 
-curl -XPUT "$el_url/_cluster/settings" -H 'Content-Type: application/json' -d'
+curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
 {
   "persistent": {
     "xpack.monitoring.collection.enabled": true
diff --git a/kibana/config/entrypoint.sh b/kibana/config/entrypoint.sh
index e34029b7..e612bbb3 100644
--- a/kibana/config/entrypoint.sh
+++ b/kibana/config/entrypoint.sh
@@ -9,7 +9,13 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
-until curl -XGET $el_url; do
+if [ "x${ELASTICSEARCH_USERNAME}" = "x"]; then
+  auth=""
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+fi
+
+until curl -XGET $el_url ${auth}; do
   >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done

From ee7a16eb1a2cb48042b5e95c3eeecf594781efd4 Mon Sep 17 00:00:00 2001
From: l <luisgguijarro9@gmail.com>
Date: Thu, 21 Mar 2019 16:43:40 +0100
Subject: [PATCH 3/4] Fixing if whitespace error

---
 elasticsearch/config/load_settings.sh | 2 +-
 kibana/config/entrypoint.sh           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/elasticsearch/config/load_settings.sh b/elasticsearch/config/load_settings.sh
index d78d0f17..79650157 100644
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -15,7 +15,7 @@ else
   wazuh_url="${WAZUH_API_URL}"
 fi
 
-if [ "x${ELASTICSEARCH_USERNAME}" = "x"]; then
+if [ "x${ELASTICSEARCH_USERNAME}" = "x" ]; then
   auth=""
 else
   auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
diff --git a/kibana/config/entrypoint.sh b/kibana/config/entrypoint.sh
index e612bbb3..067566c5 100644
--- a/kibana/config/entrypoint.sh
+++ b/kibana/config/entrypoint.sh
@@ -9,7 +9,7 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
-if [ "x${ELASTICSEARCH_USERNAME}" = "x"]; then
+if [ "x${ELASTICSEARCH_USERNAME}" = "x" ]; then
   auth=""
 else
   auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"

From 99008b5e697236ce1f9fafb4dd917796e106557a Mon Sep 17 00:00:00 2001
From: manuasir <manuel.jimenez@wazuh.com>
Date: Mon, 29 Apr 2019 17:04:38 +0200
Subject: [PATCH 4/4] Added a conditional flag for enabling XPACK auth
 requests.

---
 elasticsearch/config/load_settings.sh | 2 +-
 kibana/config/entrypoint.sh           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/elasticsearch/config/load_settings.sh b/elasticsearch/config/load_settings.sh
index b601476f..2a69b36f 100644
--- a/elasticsearch/config/load_settings.sh
+++ b/elasticsearch/config/load_settings.sh
@@ -11,7 +11,7 @@ else
   wazuh_url="${WAZUH_API_URL}"
 fi
 
-if [ "x${ELASTICSEARCH_USERNAME}" = "x" ]; then
+if [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
   auth=""
 else
   auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
diff --git a/kibana/config/entrypoint.sh b/kibana/config/entrypoint.sh
index e449ae2c..f171374f 100644
--- a/kibana/config/entrypoint.sh
+++ b/kibana/config/entrypoint.sh
@@ -13,7 +13,7 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
-if [ "x${ELASTICSEARCH_USERNAME}" = "x" ]; then
+if [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
   auth=""
 else
   auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"