Wazuh dashboard image changes

indexer_certs_creator/config/entrypoint.sh

@@ -9,7 +9,7 @@
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
 PACKAGES_URL=https://packages.wazuh.com/resources/4.3/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/resources/4.3/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

wazuh-dashboard/Dockerfile

@@ -1,31 +1,53 @@
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
 FROM ubuntu:focal AS builder
 
-ARG WAZUH_VERSION=4.3.0-1
+ARG WAZUH_VERSION=4.3.0
+ARG INSTALL_DIR=/usr/share/wazuh-dashboard
 
 # Update and install dependencies
-RUN apt-get update && apt install curl libcap2-bin -y
+RUN apt-get update && apt install curl libcap2-bin xz-utils -y
 
-#Download and install Wazuh Dashboard
-RUN curl https://packages-dev.wazuh.com/pre-release/apt/pool/main/w/wazuh-dashboard/wazuh-dashboard_${WAZUH_VERSION}_amd64.deb --output wazuh-dashboard_${WAZUH_VERSION}_amd64.deb && \
-    dpkg -i wazuh-dashboard_${WAZUH_VERSION}_amd64.deb && \
-    apt-get clean -y && rm -rf wazuh-dashboard_${WAZUH_VERSION}_amd64.deb
+# Create Install dir
+RUN mkdir -p $INSTALL_DIR
 
+# Download and extract Wazuh dashboard base
+RUN curl -o wazuh-dashboard-base.tar.xz https://packages-dev.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-$WAZUH_VERSION-linux-x64.tar.xz && \
+    tar -xf wazuh-dashboard-base.tar.xz --directory  $INSTALL_DIR --strip-components=1
 
-COPY config/opensearch_dashboards.yml /etc/wazuh-dashboard/
+# Download and extract demo certificates
+RUN curl -O https://packages-dev.wazuh.com/stack/demo-certs.tar.gz && \
+    tar -xf demo-certs.tar.gz && rm -f demo-certs.tar.gz
 
-COPY config/wazuh.yml /usr/share/wazuh-dashboard/data/wazuh/config/
+# Create certs dir
+RUN mkdir -p $INSTALL_DIR/config/certs
 
-RUN chown 101:101 /etc/wazuh-dashboard/opensearch_dashboards.yml && chmod 664 /etc/wazuh-dashboard/opensearch_dashboards.yml
+# Copy Wazuh dashboard demo certs to install config dir
+RUN cp certs/demo-dashboard.pem $INSTALL_DIR/config/certs/demo-dashboard.pem && \ 
+    cp certs/demo-dashboard-key.pem $INSTALL_DIR/config/certs/demo-dashboard-key.pem && \
+    cp certs/root-ca.pem $INSTALL_DIR/config/certs/root-ca.pem
 
-RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh
+RUN chmod 640 $INSTALL_DIR/config/certs/*
 
-RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/config && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh/config && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/config
+# Create and configure Wazuh dashboard keystore
+RUN $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+    echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+    echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
 
-RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chown -R 101:101 /usr/share/wazuh-dashboard/data/wazuh/logs && chmod -R 775 /usr/share/wazuh-dashboard/data/wazuh/logs
+# Install Wazuh App 
+RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-$WAZUH_VERSION.zip --allow-root
+
+# Copy and set permissions to config files
+COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
+COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
+
+# Create and set permissions to data directories
+RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
+RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
+RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
 
 ################################################################################
-# Build stage 1 (the actual Wazuh dashboard image):
+# Build stage 1 (the current Wazuh dashboard image):
 #
 # Copy wazuh-dashboard from stage 0
 # Add entrypoint
@@ -33,13 +55,14 @@ RUN mkdir -p /usr/share/wazuh-dashboard/data/wazuh/logs && chown -R 101:101 /usr
 ################################################################################
 FROM ubuntu:focal
 
+# Set environment variables
 ENV USER="wazuh-dashboard" \
     GROUP="wazuh-dashboard" \
     NAME="wazuh-dashboard" \
     INSTALL_DIR="/usr/share/wazuh-dashboard"
 
+# Create wazuh-dashboard user and group
 RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
-
 RUN useradd --system \
             --uid 1000 \
             --no-create-home \
@@ -49,21 +72,18 @@ RUN useradd --system \
             --comment "$USER user" \
             $USER
 
+# Copy and set permissions to scripts
 COPY config/entrypoint.sh /
-
 COPY config/wazuh_app_config.sh /
-
 RUN chmod 700 /entrypoint.sh
-
 RUN chmod 700 /wazuh_app_config.sh
-
 RUN chown 1000:1000 /*.sh
 
-COPY --from=builder --chown=1000:1000 /usr/share/wazuh-dashboard /usr/share/wazuh-dashboard
-COPY --from=builder --chown=1000:1000 /run/wazuh-dashboard /run/wazuh-dashboard
-COPY --from=builder --chown=1000:1000 /etc/wazuh-dashboard /etc/wazuh-dashboard
+# Copy Install dir from builder to current image
+COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
 
-WORKDIR /usr/share/wazuh-dashboard/
+# Set workdir and user
+WORKDIR $INSTALL_DIR
 USER wazuh-dashboard
 
 # Services ports

wazuh-dashboard/config/entrypoint.sh

@@ -7,4 +7,4 @@
 
 /wazuh_app_config.sh
 
-/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml
+/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml

wazuh-dashboard/config/opensearch_dashboards.yml

@@ -7,8 +7,8 @@ opensearch_security.multitenancy.enabled: true
 opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
-server.ssl.key: "/etc/wazuh-dashboard/certs/demo-dashboard-key.pem"
-server.ssl.certificate: "/etc/wazuh-dashboard/certs/demo-dashboard.pem"
-opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/demo-dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/demo-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global
 

wazuh-indexer/config/config.sh

@@ -22,7 +22,7 @@ export REPO_DIR=/unattended_installer
 
 rm -rf ${INSTALLATION_DIR}/
 
-curl -o ${INDEXER_FILE} https://packages.wazuh.com/stack/indexer/base/${BASE_FILE}
+curl -o ${INDEXER_FILE} https://packages-dev.wazuh.com/stack/indexer/base/${BASE_FILE}
 tar -xf ${INDEXER_FILE}
 
 ## TOOLS
@@ -31,7 +31,7 @@ tar -xf ${INDEXER_FILE}
 CERT_TOOL=wazuh-certs-tool.sh
 PASSWORD_TOOL=wazuh-passwords-tool.sh
 PACKAGES_URL=https://packages.wazuh.com/resources/4.3/
-PACKAGES_DEV_URL=https://packages-dev.wazuh.com/resources/4.3/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/
 
 ## Check if the cert tool exists in S3 buckets
 CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')

wazuh-manager/Dockerfile

@@ -8,7 +8,7 @@ ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
 
 # Set repositories.
-RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
+RUN rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 
 COPY config/wazuh.repo /etc/yum.repos.d/wazuh.repo
 

wazuh-manager/config/wazuh.repo

@@ -1,7 +1,7 @@
 [wazuh_repo]
 gpgcheck=1
-gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
 enabled=1
 name=Wazuh repository
-baseurl=https://packages.wazuh.com/4.x/yum/
+baseurl=https://packages-dev.wazuh.com/pre-release/yum/
 protect=1