Elastic 7-x Docker refactor (#257)

Former-commit-id: d3220826fc

elasticsearch/Dockerfile

@@ -1,7 +1,7 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-ARG ELASTIC_VERSION=7.2.1
+ARG ELASTIC_VERSION=7.3.2
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
-ARG TEMPLATE_VERSION=v3.9.5
+ARG TEMPLATE_VERSION=v3.10.2
 
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 
@@ -52,32 +52,36 @@ ADD $SECURITY_CA_KEY_LOCATION /usr/share/elasticsearch/config
 ADD $SECURITY_OPENSSL_CONF_LOCATION /usr/share/elasticsearch/config 
 ADD $SECURITY_CA_TRUST_LOCATION /usr/share/elasticsearch/config 
 
-RUN yum install openssl -y && \
-    yum install unzip -y
-
 RUN mkdir /entrypoint-scripts
 
 COPY config/entrypoint.sh /entrypoint.sh
 
 RUN chmod 755 /entrypoint.sh
 
-COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
-
-RUN chmod +x ./load_settings.sh
-
 RUN bin/elasticsearch-plugin install repository-s3 -b
 
-COPY config/configure_s3.sh ./config/configure_s3.sh
-RUN chmod 755 ./config/configure_s3.sh
-
 COPY --chown=elasticsearch:elasticsearch ./config/10-config_cluster.sh /entrypoint-scripts/10-config_cluster.sh
-RUN chmod +x /entrypoint-scripts/10-config_cluster.sh
-
-COPY --chown=elasticsearch:elasticsearch ./config/20-config_secure.sh /entrypoint-scripts/20-config_secure.sh
-RUN chmod +x /entrypoint-scripts/20-config_cluster.sh
-
-COPY --chown=elasticsearch:elasticsearch ./config/30-entrypoint.sh /entrypoint-scripts/30-entrypoint.sh
-RUN chmod +x /entrypoint-scripts/30-entrypoint.sh
+COPY --chown=elasticsearch:elasticsearch ./config/15-get_CA_key.sh /entrypoint-scripts/15-get_CA_key.sh
+COPY --chown=elasticsearch:elasticsearch ./config/20-security_instances.sh /entrypoint-scripts/20-security_instances.sh
+COPY --chown=elasticsearch:elasticsearch ./config/22-security_certs.sh /entrypoint-scripts/22-security_certs.sh
+COPY --chown=elasticsearch:elasticsearch ./config/24-security_configuration.sh /entrypoint-scripts/24-security_configuration.sh
+COPY --chown=elasticsearch:elasticsearch ./config/26-security_keystore.sh /entrypoint-scripts/26-security_keystore.sh
+COPY --chown=elasticsearch:elasticsearch ./config/30-decrypt_credentials.sh /entrypoint-scripts/30-decrypt_credentials.sh
+COPY --chown=elasticsearch:elasticsearch ./config/35-entrypoint.sh /entrypoint-scripts/35-entrypoint.sh
+COPY --chown=elasticsearch:elasticsearch ./config/35-entrypoint_load_settings.sh ./
+COPY config/35-load_settings_configure_s3.sh ./config/35-load_settings_configure_s3.sh
+COPY --chown=elasticsearch:elasticsearch ./config/35-load_settings_users_management.sh ./
+RUN chmod +x /entrypoint-scripts/10-config_cluster.sh && \
+    chmod +x /entrypoint-scripts/15-get_CA_key.sh && \
+    chmod +x /entrypoint-scripts/20-security_instances.sh && \
+    chmod +x /entrypoint-scripts/22-security_certs.sh && \
+    chmod +x /entrypoint-scripts/24-security_configuration.sh && \
+    chmod +x /entrypoint-scripts/26-security_keystore.sh && \
+    chmod +x /entrypoint-scripts/30-decrypt_credentials.sh && \
+    chmod +x /entrypoint-scripts/35-entrypoint.sh && \
+    chmod +x ./35-entrypoint_load_settings.sh && \
+    chmod 755 ./config/35-load_settings_configure_s3.sh && \
+    chmod +x ./35-load_settings_users_management.sh
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["elasticsearch"]

elasticsearch/config/15-get_CA_key.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Decrypt credentials.
+# If the CA key is encrypted, it must be decrypted for later use. 
+##############################################################################
+
+echo "TO DO"
+
+# TO DO

elasticsearch/config/20-config_secure.sh

@@ -1,118 +0,0 @@
-#!/bin/bash
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
-
-##############################################################################
-# Setup bootstrap password to chagne all Elastic Stack passwords.
-# Set xpack.security.enabled to true. In Elastic 7 must add ssl options
-##############################################################################
-
-if [[ $SECURITY_ENABLED == "yes" ]]; then
-
-  echo "Creating certificate."
-
-  pushd /usr/share/elasticsearch/config/
-
-  echo "Setting configuration options."
-
-  ELASTIC_HOSTNAME=`hostname`
-  POD_DNS="$ELASTIC_HOSTNAME.$NAMESPACE.pod.cluster.local"
-  SVC_DNS="elasticsearch.$NAMESPACE.svc.cluster.local"
-
-  # Create instances.yml for elasticsearch .p12 certificate and key
-  echo "
-instances:
-- name: \"elasticsearch\"
-  dns:
-    - \"$POD_DNS\"
-    - \"$SVC_DNS\"
-" > instances.yml
-
-  cp instances.yml /usr/share/elasticsearch
-
-  # Change permissions and owner of ca
-  chown elasticsearch: /usr/share/elasticsearch/config/$SECURITY_CA_PEM
-  chmod 440 /usr/share/elasticsearch/config/$SECURITY_CA_PEM
- 
-
-  # Genereate .p12 certificate and key
-  SECURITY_KEY_PASSPHRASE=`date +%s | sha256sum | base64 | head -c 32 ; echo`
-  /usr/share/elasticsearch/bin/elasticsearch-certutil csr --in instances.yml --out certs.zip --pass $SECURITY_KEY_PASSPHRASE
-  mv /usr/share/elasticsearch/certs.zip /usr/share/elasticsearch/config/certs.zip
-  unzip certs.zip
-  rm certs.zip 
-
-  # Change permissions and owner of certificates
-  chown -R elasticsearch: /usr/share/elasticsearch/config/elasticsearch
-  chmod -R 770 /usr/share/elasticsearch/config/elasticsearch
-  chmod 400 /usr/share/elasticsearch/config/elasticsearch/elasticsearch.csr
-
-  # Prepare directories for openssl
-  mkdir /root/ca
-  mkdir /root/ca/certs /root/ca/crl /root/ca/newcerts /root/ca/private
-  chmod 700 /root/ca/private
-  touch /root/ca/index.txt
-  echo 1000 > /root/ca/serial
-
-  mkdir /root/ca/intermediate
-  mkdir /root/ca/intermediate/certs /root/ca/intermediate/crl /root/ca/intermediate/csr /root/ca/intermediate/newcerts /root/ca/intermediate/private
-  chmod 700 /root/ca/intermediate/private
-  touch /root/ca/intermediate/index.txt
-  echo 1000 > /root/ca/intermediate/serial
-  echo 1000 > /root/ca/intermediate/crlnumber
-
-  if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
-
-    openssl ca -batch -config $SECURITY_OPENSSL_CONF  -in elasticsearch/elasticsearch.csr -cert $SECURITY_CA_PEM  -keyfile $SECURITY_CA_KEY  -key $SECURITY_CA_PASSPHRASE -out elasticsearch.cert.pem
-  
-  else
-    input=${SECURITY_CREDENTIALS_FILE}
-    CA_PASSPHRASE_FROM_FILE=""
-    while IFS= read -r line
-    do
-      if [[ $line == *"CA_PASSPHRASE"* ]]; then
-        arrIN=(${line//:/ })
-        CA_PASSPHRASE_FROM_FILE=${arrIN[1]}
-      fi
-    done < "$input"
-    
-    openssl ca -batch -config $SECURITY_OPENSSL_CONF  -in elasticsearch/elasticsearch.csr -cert $SECURITY_CA_PEM  -keyfile $SECURITY_CA_KEY  -key $CA_PASSPHRASE_FROM_FILE -out elasticsearch.cert.pem 
-  
-  fi
-  
-  chmod 440 /usr/share/elasticsearch/config/elasticsearch.cert.pem
-
-  # remove CA key
-  rm $SECURITY_CA_KEY
-
-  popd
-
-  echo "Setting configuration options."
-  
-  # Settings for elasticsearch.yml
-  echo "
-# Required to set the passwords and TLS options
-xpack.security.enabled: true
-xpack.security.transport.ssl.enabled: true
-xpack.security.transport.ssl.verification_mode: certificate
-xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
-xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
-xpack.security.transport.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/$SECURITY_CA_TRUST\"]
-
-# HTTP layer
-xpack.security.http.ssl.enabled: true
-xpack.security.http.ssl.verification_mode: certificate
-xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
-xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
-xpack.security.http.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/$SECURITY_CA_TRUST\"]
-" >> $elastic_config_file
-
-  # Create keystore
-  /usr/share/elasticsearch/bin/elasticsearch-keystore create
-
-  # Add keys to keystore
-  echo -e "$SECURITY_KEY_PASSPHRASE" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase --stdin
-  echo -e "$SECURITY_KEY_PASSPHRASE" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase --stdin
-
-fi

elasticsearch/config/20-security_instances.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# instances.yml
+# This file is necessary for the creation of the Elasticsaerch certificate.
+##############################################################################
+
+if [[ $SECURITY_ENABLED == "yes" ]]; then
+    echo "SECURITY - Setting Elasticserach security."
+
+    # instance.yml to be added by the user. 
+    # Example:
+    #       echo "
+    # instances:
+    # - name: \"elasticsearch\"
+    #   dns:
+    #     - \"elasticsearch\"
+    # " > /user/share/elasticsearch/instances.yml
+
+fi

elasticsearch/config/22-security_certs.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Creation and management of certificates. 
+##############################################################################
+
+if [[ $SECURITY_ENABLED == "yes" ]]; then
+    echo "SECURITY - Elasticserach security certificates."
+    
+    # Creation of the certificate for Elasticsearch.
+    # After the execution of this script will have generated 
+    # the Elasticsearch certificate and related keys and passphrase. 
+    # Example: TO DO
+
+fi

elasticsearch/config/24-security_configuration.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Adapt elasticsearch.yml configuration file 
+##############################################################################
+
+if [[ $SECURITY_ENABLED == "yes" ]]; then
+    echo "SECURITY - Elasticserach security configuration."
+
+    echo "SECURITY - Setting configuration options."
+
+    # Settings for elasticsearch.yml to be added by the user. 
+    # Example: 
+    #     echo "
+    # # Required to set the passwords and TLS options
+    # xpack.security.enabled: true
+    # xpack.security.transport.ssl.enabled: true
+    # xpack.security.transport.ssl.verification_mode: certificate
+    # xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
+    # xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
+    # xpack.security.transport.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/ca.cert.pem\"]
+
+    # # HTTP layer
+    # xpack.security.http.ssl.enabled: true
+    # xpack.security.http.ssl.verification_mode: certificate
+    # xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch/elasticsearch.key
+    # xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.cert.pem
+    # xpack.security.http.ssl.certificate_authorities: [\"/usr/share/elasticsearch/config/ca.cert.pem\"]
+    # " >> /usr/share/elasticsearch/config/elasticsearch.yml
+
+fi

elasticsearch/config/26-security_keystore.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Adapt elasticsearch.yml keystore management
+##############################################################################
+
+if [[ $SECURITY_ENABLED == "yes" ]]; then
+    echo "SECURITY - Elasticserach keystore management."
+
+    # Create keystore
+    # /usr/share/elasticsearch/bin/elasticsearch-keystore create
+
+    # Add keys to keystore by the user. 
+    # Example
+    # echo -e "$abcd_1234" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase --stdin
+    # echo -e "$abcd_1234" | /usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase --stdin
+
+else
+    echo "SECURITY - Elasticsearch security not established."
+fi

elasticsearch/config/30-decrypt_credentials.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Decrypt credentials.
+# If the credentials of the users to be created are encrypted,
+# they must be decrypted for later use. 
+##############################################################################
+
+if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
+    echo "Security credentials file not used. Nothing to do."
+else
+    echo "TO DO"
+fi
+# TO DO

elasticsearch/config/35-entrypoint.sh

@@ -43,7 +43,7 @@ fi
 
 # Run load settings script.
 
-bash /usr/share/elasticsearch/load_settings.sh &
+bash /usr/share/elasticsearch/35-entrypoint_load_settings.sh &
 
 # Execute elasticsearch
 

elasticsearch/config/35-entrypoint_load_settings.sh

@@ -0,0 +1,201 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+set -e
+
+##############################################################################
+# Set Elasticsearch API url and Wazuh API url.
+##############################################################################
+
+if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
+  el_url="http://elasticsearch:9200"
+else
+  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
+fi
+
+if [[ "x${WAZUH_API_URL}" = "x" ]]; then
+  wazuh_url="https://wazuh"
+else
+  wazuh_url="${WAZUH_API_URL}"
+fi
+
+echo "LOAD SETTINGS - Elasticsearch url: $el_url"
+
+
+##############################################################################
+# If Elasticsearch security is enabled get the elastic user password and
+# WAZUH API credentials.
+##############################################################################
+
+ELASTIC_PASS=""
+WAZH_API_USER=""
+WAZH_API_PASS=""
+
+if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
+  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
+  WAZH_API_USER=${API_USER}
+  WAZH_API_PASS=${API_PASS}
+else
+  input=${SECURITY_CREDENTIALS_FILE}
+  while IFS= read -r line
+  do
+    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
+      arrIN=(${line//:/ })
+      ELASTIC_PASS=${arrIN[1]}
+    elif [[ $line == *"WAZUH_API_USER"* ]]; then
+      arrIN=(${line//:/ })
+      WAZH_API_USER=${arrIN[1]}
+    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
+      arrIN=(${line//:/ })
+      WAZH_API_PASS=${arrIN[1]}
+    fi
+  done < "$input"
+ 
+fi
+
+
+##############################################################################
+# Set authentication for curl if Elasticsearch security is enabled.
+##############################################################################
+
+if [ ${SECURITY_ENABLED} != "no" ]; then
+  auth="-uelastic:${ELASTIC_PASS} -k"
+  echo "LOAD SETTINGS - authentication for curl established."
+elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+  auth=""
+  echo "LOAD SETTINGS - authentication for curl not established."
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+  echo "LOAD SETTINGS - authentication for curl established."
+fi
+
+
+##############################################################################
+# Wait until Elasticsearch is active. 
+##############################################################################
+
+until curl ${auth} -XGET $el_url; do
+  >&2 echo "LOAD SETTINGS - Elastic is unavailable - sleeping"
+  sleep 5
+done
+
+>&2 echo "LOAD SETTINGS - Elastic is up - executing command"
+
+
+##############################################################################
+# Configure S3 repository for Elasticsearch snapshots. 
+##############################################################################
+
+if [ $ENABLE_CONFIGURE_S3 ]; then
+  #Wait for Elasticsearch to be ready to create the repository
+  sleep 10
+  >&2 echo "S3 - Configure S3"
+  if [ "x$S3_PATH" != "x" ]; then
+    >&2 echo "S3 - Path: $S3_PATH"
+    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then
+      >&2 echo "S3 - Elasticsearch major version: $S3_ELASTIC_MAJOR"
+      echo "LOAD SETTINGS - Run 35-load_settings_configure_s3.sh."
+      bash /usr/share/elasticsearch/config/35-load_settings_configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR
+    else
+      >&2 echo "S3 - Elasticserach major version not given."
+      echo "LOAD SETTINGS - Run 35-load_settings_configure_s3.sh."
+      bash /usr/share/elasticsearch/config/35-load_settings_configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME
+    fi
+
+  fi
+
+fi
+
+##############################################################################
+# Elastic Stack users creation. 
+# Only security main node can manage users. 
+##############################################################################
+
+echo "LOAD SETTINGS - Run users_management.sh."
+MY_HOSTNAME=`hostname`
+echo "LOAD SETTINGS - Hostname: $MY_HOSTNAME"
+if [[ $SECURITY_MAIN_NODE == $MY_HOSTNAME ]]; then
+  bash /usr/share/elasticsearch/35-load_settings_users_management.sh &
+fi
+
+
+##############################################################################
+# Modify wazuh-alerts template shards and replicas
+##############################################################################
+
+echo "LOAD SETTINGS - Change shards and replicas of wazuh-alerts template."
+sed -i 's:"index.number_of_shards"\: "3":"index.number_of_shards"\: "'$WAZUH_ALERTS_SHARDS'":g' /usr/share/elasticsearch/config/wazuh-template.json
+sed -i 's:"index.number_of_replicas"\: "0":"index.number_of_replicas"\: "'$WAZUH_ALERTS_REPLICAS'":g' /usr/share/elasticsearch/config/wazuh-template.json
+
+
+##############################################################################
+# Load default templates
+##############################################################################
+
+echo "LOAD SETTINGS - Loading wazuh-alerts template."
+cat /usr/share/elasticsearch/config/wazuh-template.json | curl -XPUT "$el_url/_template/wazuh" ${auth} -H 'Content-Type: application/json' -d @-
+sleep 5
+
+##############################################################################
+# Prepare Wazuh API credentials
+##############################################################################
+
+API_PASS_Q=`echo "$WAZH_API_PASS" | tr -d '"'`
+API_USER_Q=`echo "$WAZH_API_USER" | tr -d '"'`
+API_PASSWORD=`echo -n $API_PASS_Q | base64`
+
+echo "LOAD SETTINGS - Setting API credentials into Wazuh APP"
+CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
+
+if [ "x$CONFIG_CODE" != "x200" ]; then
+  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
+  {
+    "api_user": "'"$API_USER_Q"'",
+    "api_password": "'"$API_PASSWORD"'",
+    "url": "'"$wazuh_url"'",
+    "api_port": "55000",
+    "insecure": "true",
+    "component": "API",
+    "cluster_info": {
+      "manager": "wazuh-manager",
+      "cluster": "Disabled",
+      "status": "disabled"
+    },
+    "extensions": {
+      "oscap": true,
+      "audit": true,
+      "pci": true,
+      "aws": true,
+      "virustotal": true,
+      "gdpr": true,
+      "ciscat": true
+    }
+  }
+  ' > /dev/null
+else
+  echo "LOAD SETTINGS - Wazuh APP already configured"
+fi
+sleep 5
+
+curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
+{
+  "persistent": {
+    "xpack.monitoring.collection.enabled": true
+  }
+}
+'
+
+##############################################################################
+# Set cluster delayed timeout when node falls
+##############################################################################
+
+curl -X PUT "$el_url/_all/_settings" ${auth} -H 'Content-Type: application/json' -d'
+{
+  "settings": {
+    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
+  }
+}
+'
+echo "LOAD SETTINGS - cluster delayed timeout changed."
+
+echo "LOAD SETTINGS - Elasticsearch is ready."

elasticsearch/config/35-load_settings_users_management.sh

@@ -0,0 +1,100 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+set -e
+
+
+##############################################################################
+# Set Elasticsearch API url
+##############################################################################
+
+if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
+  el_url="http://elasticsearch:9200"
+else
+  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
+fi
+
+echo "USERS - Elasticsearch url: $el_url"
+
+
+##############################################################################
+# If Elasticsearch security is enabled get the elastic user password.
+##############################################################################
+
+ELASTIC_PASS=""
+
+if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
+  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
+else
+  input=${SECURITY_CREDENTIALS_FILE}
+  while IFS= read -r line
+  do
+    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
+      arrIN=(${line//:/ })
+      ELASTIC_PASS=${arrIN[1]}
+    fi
+  done < "$input"
+ 
+fi
+
+
+##############################################################################
+# If Elasticsearch security is enabled get the users credentials.
+##############################################################################
+
+# The user must get the credentials of the users.
+# TO DO. 
+
+##############################################################################
+# Set authentication for curl if Elasticsearch security is enabled.
+##############################################################################
+
+if [ ${SECURITY_ENABLED} != "no" ]; then
+  auth="-uelastic:${ELASTIC_PASS} -k"
+  echo "USERS - authentication for curl established."
+elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+  auth=""
+  echo "USERS - authentication for curl not established."
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+  echo "USERS - authentication for curl established."
+fi
+
+
+##############################################################################
+# Wait until Elasticsearch is active. 
+##############################################################################
+
+until curl ${auth} -XGET $el_url; do
+  >&2 echo "USERS - Elastic is unavailable - sleeping"
+  sleep 5
+done
+
+>&2 echo "USERS - Elastic is up - executing command"
+
+
+##############################################################################
+# Setup passwords for Elastic Stack users.
+##############################################################################
+
+# The user must add the credentials of the users.
+# TO DO.
+# Example 
+# echo "USERS - Add custom_user password and role:"
+# curl ${auth} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/custom_user_role ' -d '
+# { "indices": [ { "names": [ ".kibana*" ],  "privileges": ["read"] }, { "names": [ "wazuh-monitoring*"],  "privileges": ["all"] }] }'
+# curl ${auth} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/custom_user'  -d '
+# { "password":"'$CUSTOM_USER_PASSWORD'", "roles" : [ "kibana_system", "custom_user_role"],  "full_name" : "Custom User" }'
+
+
+##############################################################################
+# Remove credentials file.
+##############################################################################
+
+if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
+  echo "USERS - Security credentials file not used. Nothing to do."
+else
+  shred -zvu ${SECURITY_CREDENTIALS_FILE}
+  echo "USERS - Security credentials file removed."
+fi
+

elasticsearch/config/load_settings.sh

@@ -1,234 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-set -e
-
-if [[ "x${ELASTICSEARCH_PROTOCOL}" = "x" || "x${ELASTICSEARCH_IP}" = "x" || "x${ELASTICSEARCH_PORT}" = "x" ]]; then
-  el_url="http://elasticsearch:9200"
-else
-  el_url="${ELASTICSEARCH_PROTOCOL}://${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
-fi
-
-if [[ "x${WAZUH_API_URL}" = "x" ]]; then
-  wazuh_url="https://wazuh"
-else
-  wazuh_url="${WAZUH_API_URL}"
-fi
-
-ELASTIC_PASS=""
-KIBANA_USER=""
-KIBANA_PASS=""
-LOGSTASH_USER=""
-LOGSTASH_PASS=""
-ADMIN_USER=""
-ADMIN_PASS=""
-WAZH_API_USER=""
-WAZH_API_PASS=""
-MONITORING_USER=""
-MONITORING_PASS=""
-
-if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
-  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
-  KIBANA_USER=${SECURITY_KIBANA_USER}
-  KIBANA_PASS=${SECURITY_KIBANA_PASS}
-  LOGSTASH_USER=${SECURITY_LOGSTASH_USER}
-  LOGSTASH_PASS=${SECURITY_LOGSTASH_PASS}
-  ADMIN_USER=${SECURITY_ADMIN_USER}
-  ADMIN_PASS=${SECURITY_ADMIN_PASS}
-  WAZH_API_USER=${API_USER}
-  WAZH_API_PASS=${API_PASS}
-  MONITORING_USER=${SECURITY_MONITORING_USER}
-  MONITORING_PASS=${SECURITY_MONITORING_PASS}
-else
-  input=${SECURITY_CREDENTIALS_FILE}
-  while IFS= read -r line
-  do
-    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
-      arrIN=(${line//:/ })
-      ELASTIC_PASS=${arrIN[1]}
-    elif [[ $line == *"KIBANA_USER"* ]]; then
-      arrIN=(${line//:/ })
-      KIBANA_USER=${arrIN[1]}
-    elif [[ $line == *"KIBANA_PASSWORD"* ]]; then
-      arrIN=(${line//:/ })
-      KIBANA_PASS=${arrIN[1]}
-    elif [[ $line == *"LOGSTASH_USER"* ]]; then
-      arrIN=(${line//:/ })
-      LOGSTASH_USER=${arrIN[1]}
-    elif [[ $line == *"LOGSTASH_PASSWORD"* ]]; then
-      arrIN=(${line//:/ })
-      LOGSTASH_PASS=${arrIN[1]}
-    elif [[ $line == *"ADMIN_USER"* ]]; then
-      arrIN=(${line//:/ })
-      ADMIN_USER=${arrIN[1]}
-    elif [[ $line == *"ADMIN_PASSWORD"* ]]; then
-      arrIN=(${line//:/ })
-      ADMIN_PASS=${arrIN[1]}
-    elif [[ $line == *"WAZUH_API_USER"* ]]; then
-      arrIN=(${line//:/ })
-      WAZH_API_USER=${arrIN[1]}
-    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
-      arrIN=(${line//:/ })
-      WAZH_API_PASS=${arrIN[1]}
-    elif [[ $line == *"MONITORING_USER"* ]]; then
-      arrIN=(${line//:/ })
-      MONITORING_USER=${arrIN[1]}
-    elif [[ $line == *"MONITORING_PASSWORD"* ]]; then
-      arrIN=(${line//:/ })
-      MONITORING_PASS=${arrIN[1]}
-    fi
-  done < "$input"
- 
-fi
-
-
-if [ ${SECURITY_ENABLED} != "no" ]; then
-  auth="-uelastic:${ELASTIC_PASS} -k"
-elif [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
-  auth=""
-else
-  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
-fi
-
-until curl ${auth} -XGET $el_url; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 5
-done
-
->&2 echo "Elastic is up - executing command"
-
-if [ $ENABLE_CONFIGURE_S3 ]; then
-  #Wait for Elasticsearch to be ready to create the repository
-  sleep 10
-  >&2 echo "Configure S3"
-  if [ "x$S3_PATH" != "x" ]; then
-    >&2 echo "S3_PATH"
-    >&2 echo $S3_PATH
-    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then
-      >&2 echo "Elasticsearch major version:"
-      >&2 echo $S3_ELASTIC_MAJOR
-      bash /usr/share/elasticsearch/config/configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR
-    else
-      >&2 echo "Elasticserach major version not given"
-      bash /usr/share/elasticsearch/config/configure_s3.sh $el_url $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME
-
-    fi
-
-  fi
-
-fi
-
-##############################################################################
-# Setup passwords for Elastic Stack users
-##############################################################################
-
-if [[ $SECURITY_ENABLED == "yes" ]]; then
-  MY_HOSTNAME=`hostname`
-  echo "Hostname:"
-  echo $MY_HOSTNAME
-  if [[ $SECURITY_MAIN_NODE == $MY_HOSTNAME ]]; then
-    echo "Setting up passwords for all Elastic Stack users"
-
-    echo "Setting remote monitoring password"
-    SECURITY_REMOTE_USER_PASS=`date +%s | sha256sum | base64 | head -c 16 ; echo`
-    until curl -u elastic:${ELASTIC_PASS} -k -XPUT -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/remote_monitoring_user/_password ' -d '{ "password":"'$SECURITY_REMOTE_USER_PASS'" }'; do
-      >&2 echo "Unavailable password seeting- sleeping"
-      sleep 2
-    done
-    echo "Setting Kibana password"
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_wazuh_app ' -d ' { "indices": [ { "names": [ ".kibana*", ".reporting*", ".monitoring*" ],  "privileges": ["read"] }, { "names": [ "wazuh-monitoring*", ".wazuh*" ],  "privileges": ["all"] } , { "names": [ "wazuh-alerts*" ],  "privileges": ["read", "view_index_metadata"] }  ] }'
-    sleep 5
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$KIBANA_USER"  -d '{ "password":"'$KIBANA_PASS'", "roles" : [ "kibana_system", "service_wazuh_app"],  "full_name" : "Service Internal Kibana User" }'
-    echo "Setting APM password"
-    SECURITY_APM_SYSTEM_PASS=`date +%s | sha256sum | base64 | head -c 16 ; echo`
-    curl -u elastic:${ELASTIC_PASS} -k -XPUT -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/apm_system/_password ' -d '{ "password":"'$SECURITY_APM_SYSTEM_PASS'" }'
-    echo "Setting Beats password"
-    SECURITY_BEATS_SYSTEM_PASS=`date +%s | sha256sum | base64 | head -c 16 ; echo`
-    curl -u elastic:${ELASTIC_PASS} -k -XPUT -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/user/beats_system/_password ' -d '{ "password":"'$SECURITY_BEATS_SYSTEM_PASS'" }'
-    echo "Setting Logstash password"
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_logstash_writer ' -d '{ "cluster": ["manage_index_templates", "monitor", "manage_ilm"], "indices": [ { "names": [ "*" ],  "privileges": ["write","delete","create_index","manage","manage_ilm"] } ] }'
-    sleep 5
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$LOGSTASH_USER" -d '{ "password":"'$LOGSTASH_PASS'", "roles" : [ "service_logstash_writer", "logstash_system"],  "full_name" : "Service Internal Logstash User" }'
-    echo "Passwords established for all Elastic Stack users"
-    echo "Creating Admin user"
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$ADMIN_USER" -d '{ "password":"'$ADMIN_PASS'", "roles" : [ "superuser"],  "full_name" : "Wazuh admin" }'
-    echo "Admin user created"
-    echo "Setting monitoring user"
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' 'https://localhost:9200/_xpack/security/role/service_monitoring_reader ' -d '{ "cluster": ["manage", "monitor"], "indices": [ { "names": [ "*" ],  "privileges": ["write","create_index","manage","read", "index"] } ] }'
-    sleep 5
-    curl -u elastic:${ELASTIC_PASS} -k -XPOST -H 'Content-Type: application/json' "https://localhost:9200/_xpack/security/user/$MONITORING_USER" -d '{ "password":"'$MONITORING_PASS'", "roles" : [ "service_monitoring_reader", "snapshot_user"],  "full_name" : "Service Internal Monitoring User" }'
-  fi
-fi
-
-# Modify wazuh-alerts template shards and replicas
-sed -i 's:"index.number_of_shards"\: "3":"index.number_of_shards"\: "'$WAZUH_ALERTS_SHARDS'":g' /usr/share/elasticsearch/config/wazuh-template.json
-sed -i 's:"index.number_of_replicas"\: "0":"index.number_of_replicas"\: "'$WAZUH_ALERTS_REPLICAS'":g' /usr/share/elasticsearch/config/wazuh-template.json
-
-# Insert default templates
-cat /usr/share/elasticsearch/config/wazuh-template.json | curl -XPUT "$el_url/_template/wazuh" ${auth} -H 'Content-Type: application/json' -d @-
-sleep 5
-
-# Prepare Wazuh API credentials
-API_PASS_Q=`echo "$WAZH_API_PASS" | tr -d '"'`
-API_USER_Q=`echo "$WAZH_API_USER" | tr -d '"'`
-API_PASSWORD=`echo -n $API_PASS_Q | base64`
-
-echo "Setting API credentials into Wazuh APP"
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
-
-if [ "x$CONFIG_CODE" != "x200" ]; then
-  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
-  {
-    "api_user": "'"$API_USER_Q"'",
-    "api_password": "'"$API_PASSWORD"'",
-    "url": "'"$wazuh_url"'",
-    "api_port": "55000",
-    "insecure": "true",
-    "component": "API",
-    "cluster_info": {
-      "manager": "wazuh-manager",
-      "cluster": "Disabled",
-      "status": "disabled"
-    },
-    "extensions": {
-      "oscap": true,
-      "audit": true,
-      "pci": true,
-      "aws": true,
-      "virustotal": true,
-      "gdpr": true,
-      "ciscat": true
-    }
-  }
-  ' > /dev/null
-else
-  echo "Wazuh APP already configured"
-fi
-sleep 5
-
-curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
-{
-  "persistent": {
-    "xpack.monitoring.collection.enabled": true
-  }
-}
-'
-
-# Set cluster delayed timeout when node falls
-curl -X PUT "$el_url/_all/_settings" ${auth} -H 'Content-Type: application/json' -d'
-{
-  "settings": {
-    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
-  }
-}
-'
-
-# Remove credentials file.
-
-if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
-  echo "Security credentials file not used. Nothing to do."
-else
-  shred -zvu ${SECURITY_CREDENTIALS_FILE}
-fi
-
-echo "Elasticsearch is ready."