merge main branch

.env

@@ -1,6 +1,11 @@
 WAZUH_VERSION=main
 WAZUH_IMAGE_VERSION=main
 WAZUH_TAG_REVISION=1
+<<<<<<< HEAD
+FILEBEAT_TEMPLATE_BRANCH=v4.14.0
+WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
+=======
+>>>>>>> 1e55bb13cadad97053c52747cdb7f57d54eee70b
 WAZUH_UI_REVISION=1
 WAZUH_REGISTRY=docker.io
 IMAGE_TAG=main

.github/workflows/Procedure_push_docker_images.yml

@@ -70,13 +70,6 @@ jobs:
       IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
       IMAGE_TAG: ${{ inputs.image_tag }}
       REVISION: ${{ inputs.revision }}
-      MAJOR: 5
-      WAZUH_VERSION: 5.0.0
-      MANAGER_REVISION: ${{ inputs.reference }}
-      INDEXER_REVISION: ${{ inputs.reference }}
-      DASHBOARD_REVISION: ${{ inputs.reference }}
-      AGENT_REVISION: ${{ inputs.reference }}
-      OVA_REVISION: ${{ inputs.reference }}
 
     steps:
     - name: Print inputs
@@ -130,59 +123,30 @@ jobs:
         username: ${{ secrets.DOCKERHUB_USERNAME }}
         password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
-    - name: Download artifact_urls.yml from S3
+    - name: Create packages_url.txt file
+      if : ${{ inputs.dev == true }}
       run: |
-        aws s3 cp s3://xdrsiem-devops-wazuh-artifacts/deployment/artifact_urls.yml ./artifact_urls.yml
+          cat << EOF > packages_url.txt
-      working-directory: ./build-docker-images
+          wazuh_manager_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
-
+          wazuh_manager_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
-    - name: replace variables
+          wazuh_manager_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
-      shell: python
+          wazuh_manager_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
-      env:
+          wazuh_indexer_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
-        CONTEXT_VARS: ${{ toJson(vars) }}
+          wazuh_indexer_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
-      run: |
+          wazuh_indexer_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
-          import os
+          wazuh_indexer_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
-          import re
+          wazuh_dashboard_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
-          import json
+          wazuh_dashboard_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
-          import subprocess
+          wazuh_dashboard_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
-
+          wazuh_dashboard_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
-          filename = "artifact_urls.yml"
+          wazuh_agent_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
-          bucket_path = "s3://xdrsiem-devops-wazuh-artifacts/deployment/artifact_urls.yml"
+          wazuh_agent_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
-
+          wazuh_agent_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
-          try:
+          wazuh_agent_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
-              repo_vars = json.loads(os.environ.get('CONTEXT_VARS', '{}'))
+          wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)"
-          except:
+          wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)"
-              repo_vars = {}
+          wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)"
-
+          EOF
-          def replace_match(match):
-              prefix = match.group(1)
-              key = match.group(2)
-              
-              value = None
-              if prefix == 'env':
-                  value = os.environ.get(key)
-              elif prefix == 'vars':
-                  value = repo_vars.get(key)
-              
-              if value is not None:
-                  return value
-              else:
-                  return match.group(0)
-
-          with open(filename, 'r') as f:
-              content = f.read()
-
-          pattern = r'\$\{\{\s*(env|vars)\.([\w_]+)\s*\}\}'
-          
-          new_content = re.sub(pattern, replace_match, content)
-
-          with open(filename, 'w') as f:
-              f.write(new_content)
-      working-directory: ./build-docker-images
-
-    - name: Verify content (Debug)
-      run: |
-        cat artifact_urls.yml
-        mv artifact_urls.yml packages_url.yml
       working-directory: ./build-docker-images
 
     - name: Build Wazuh images

CHANGELOG.md

@@ -22,24 +22,6 @@ All notable changes to this project will be documented in this file.
 
 - None
 
-## [4.14.2]
-
-### Added
-
-- None
-
-### Changed
-
-- 
-
-### Fixed
-
-- None
-
-### Deleted
-
-- None
-
 ## [4.14.1]
 
 ### Added

build-docker-images/build-images.yml

@@ -8,8 +8,6 @@ services:
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
         wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm}
         wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm}
-        wazuh_cert_tool: ${wazuh_cert_tool}
-        wazuh_config_yml: ${wazuh_config_yml}
     image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
     hostname: wazuh.manager
     restart: always
@@ -51,8 +49,6 @@ services:
         WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
         wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm}
         wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm}
-        wazuh_cert_tool: ${wazuh_cert_tool}
-        wazuh_config_yml: ${wazuh_config_yml}
     image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
     hostname: wazuh.indexer
     restart: always
@@ -77,8 +73,6 @@ services:
         WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
         wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm}
         wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm}
-        wazuh_cert_tool: ${wazuh_cert_tool}
-        wazuh_config_yml: ${wazuh_config_yml}
     image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
     hostname: wazuh.dashboard
     restart: always

build-docker-images/wazuh-agent/Dockerfile

@@ -20,7 +20,6 @@ RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
     dnf install curl-minimal tar gzip procps -y &&\
     curl -o /wazuh-agent.rpm "${agent_url}" && \
     dnf install /wazuh-agent.rpm -y && \
-    rm -rf /wazuh-agent.rpm && \
     dnf clean all && \
     sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \
     curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \

build-docker-images/wazuh-dashboard/Dockerfile

@@ -8,8 +8,6 @@ ARG INSTALL_DIR=/usr/share/wazuh-dashboard
 ARG TARGETARCH
 ARG wazuh_dashboard_url_amd64_rpm
 ARG wazuh_dashboard_url_arm64_rpm
-ARG wazuh_cert_tool
-ARG wazuh_config_yml
 
 # Update and install dependencies
 RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
@@ -17,7 +15,6 @@ RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
     dnf install curl-minimal libcap openssl -y && \
     curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \
     dnf install /wazuh-dashboard.rpm -y && \
-    rm -rf /wazuh-dashboard.rpm && \
     dnf clean all
 
 # Create and set permissions to data directories

build-docker-images/wazuh-dashboard/config/config.sh

@@ -7,29 +7,51 @@ export TARGET_DIR=${CURDIR}/debian/${NAME}
 export INSTALLATION_DIR=/usr/share/${NAME}
 export CONFIG_DIR=${INSTALLATION_DIR}/config
 
-##############################################################################
+## Variables
-# Downloading Cert Gen Tool
+CERT_TOOL=wazuh-certs-tool.sh
-##############################################################################
+CERT_CONFIG_FILE=config.yml
-# Variables for certificate generation
+CERT_TOOL_VERSION="${WAZUH_VERSION%.*}"
-CERT_TOOL="wazuh-certs-tool.sh"
+PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
-CERT_CONFIG_FILE="config.yml"
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
+
 download_package() {
     local url=$1
     local package=$2
-    if curl -fsL "$url" -o "$package"; then
+    local output=$2
-        echo "Downloaded $package"
+    echo "Checking $url$package ..."
+    if curl -fsL "$url$package" -o "$output"; then
+        echo "Downloaded $package from $url"
         return 0
     else
-        echo "Error downloading $package from $url"
         return 1
     fi
 }
+
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
-download_package "$wazuh_cert_tool" $CERT_TOOL
+# Try first the prod URL, if it fails try the dev URL
+if download_package "$PACKAGES_URL" "$CERT_TOOL"; then
+    :
+elif download_package "$PACKAGES_DEV_URL" "$CERT_TOOL"; then
+    :
+else
+    echo "The tool to create the certificates does not exist in any bucket"
+    echo "ERROR: certificates were not created"
+    exit 1
+fi
+
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
-download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
+# Try first the prod URL, if it fails try the dev URL
+if download_package "$PACKAGES_URL" "$CERT_CONFIG_FILE"; then
+    :
+elif download_package "$PACKAGES_DEV_URL" "$CERT_CONFIG_FILE"; then
+    :
+else
+    echo "The config file for the certificate tool does not exist in any bucket"
+    echo "ERROR: certificates were not created"
+    exit 1
+fi
 
 # Modify the config file to set the IP to localhost
 sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE

build-docker-images/wazuh-dashboard/config/entrypoint.sh

@@ -1,81 +1,20 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
 
-# Run Wazuh dashboard, using environment variables to
+INSTALL_DIR=/usr/share/wazuh-dashboard
-# set longopts defining Wazuh dashboard's configuration.
-#
-# eg. Setting the environment variable:
-#
-#       OPENSEARCH_STARTUPTIMEOUT=60
-#
-# will cause OpenSearch-Dashboards to be invoked with:
-#
-#       --opensearch.startupTimeout=60
-
-# Setup Home Directory
-export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
-export PATH=$OPENSEARCH_DASHBOARDS_HOME/bin:$PATH
 DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
 DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
 
 # Create and configure Wazuh dashboard keystore
 
-yes | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore create --allow-root && \
+yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
-echo $DASHBOARD_USERNAME | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
-echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
+echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
 
-opensearch_dashboards_vars=(
+##############################################################################
-    opensearch.hosts
+# Start Wazuh dashboard
-)
+##############################################################################
 
-function runOpensearchDashboards {
+/wazuh_app_config.sh $WAZUH_UI_REVISION
-    longopts=()
-    for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
-        # 'opensearch.hosts' -> 'OPENSEARCH_URL'
-        env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
 
-        # Indirectly lookup env var values via the name of the var.
+/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
-        # REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
-        value=${!env_var}
-        if [[ -n $value ]]; then
-            longopt="--${opensearch_dashboards_var}=${value}"
-            longopts+=("${longopt}")
-        fi
-    done
-
-    # Files created at run-time should be group-writable, for Openshift's sake.
-    umask 0002
-
-    # TO DO:
-    # Confirm with Mihir if this is necessary
-
-    # The virtual file /proc/self/cgroup should list the current cgroup
-    # membership. For each hierarchy, you can follow the cgroup path from
-    # this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
-    # introspect the statistics for the cgroup for the given
-    # hierarchy. Alas, Docker breaks this by mounting the container
-    # statistics at the root while leaving the cgroup paths as the actual
-    # paths. Therefore, OpenSearch-Dashboards provides a mechanism to override
-    # reading the cgroup path from /proc/self/cgroup and instead uses the
-    # cgroup path defined the configuration properties
-    # cpu.cgroup.path.override and cpuacct.cgroup.path.override.
-    # Therefore, we set this value here so that cgroup statistics are
-    # available for the container this process will run in.
-
-    exec "$@" \
-        --ops.cGroupOverrides.cpuPath=/ \
-        --ops.cGroupOverrides.cpuAcctPath=/ \
-        "${longopts[@]}"
-}
-
-# Prepend "opensearch-dashboards" command if no argument was provided or if the
-# first argument looks like a flag (i.e. starts with a dash).
-if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
-    set -- opensearch-dashboards "$@"
-fi
-
-if [ "$1" = "opensearch-dashboards" ]; then
-    runOpensearchDashboards "$@"
-else
-    exec "$@"
-fi

build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh

@@ -32,19 +32,13 @@ do
     fi
 done
 
-grep -q 1513629884013 $dashboard_config_file
+cat << EOF >> $dashboard_config_file
-_config_exists=$?
+hosts:
+  - 1513629884013:
+      url: $wazuh_url
+      port: $wazuh_port
+      username: $api_username
+      password: $api_password
+      run_as: $api_run_as
+EOF
 
-if [[ $_config_exists -ne 0 ]]; then
-  cat << EOF >> $dashboard_config_file
-  hosts:
-    - 1513629884013:
-        url: $wazuh_url
-        port: $wazuh_port
-        username: $api_username
-        password: $api_password
-        run_as: $api_run_as
-  EOF
-else
-  echo "Wazuh APP already configured"
-fi

build-docker-images/wazuh-indexer/Dockerfile

@@ -6,8 +6,6 @@ ARG WAZUH_TAG_REVISION
 ARG TARGETARCH
 ARG wazuh_indexer_url_amd64_rpm
 ARG wazuh_indexer_url_arm64_rpm
-ARG wazuh_cert_tool
-ARG wazuh_config_yml
 
 COPY config/config.sh .
 
@@ -16,7 +14,6 @@ RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
     dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\
     curl -o /wazuh-indexer.rpm "${indexer_url}" && \
     dnf install /wazuh-indexer.rpm -y && \
-    rm -rf /wazuh-indexer.rpm && \
     dnf clean all && \
     bash config.sh
 
@@ -72,4 +69,4 @@ EXPOSE 9200
 
 ENTRYPOINT ["/entrypoint.sh"]
 # Dummy overridable parameter parsed by entrypoint
-CMD ["opensearch"]
+CMD ["opensearchwrapper"]

build-docker-images/wazuh-indexer/config/config.sh

@@ -18,26 +18,52 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
 ##############################################################################
 # Downloading Cert Gen Tool
 ##############################################################################
-# Variables for certificate generation
+
-CERT_TOOL="wazuh-certs-tool.sh"
+## Variables
-CERT_CONFIG_FILE="config.yml"
+CERT_TOOL=wazuh-certs-tool.sh
+CERT_CONFIG_FILE=config.yml
+CERT_TOOL_VERSION="${WAZUH_VERSION%.*}"
+PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
+
 download_package() {
     local url=$1
     local package=$2
-    if curl -fsL "$url" -o "$package"; then
+    local output=$2
-        echo "Downloaded $package"
+    echo "Checking $url$package ..."
+    if curl -fsL "$url$package" -o "$output"; then
+        echo "Downloaded $package from $url"
         return 0
     else
-        echo "Error downloading $package from $url"
         return 1
     fi
 }
+
 # Download the tool to create the certificates
 echo "Downloading the tool to create the certificates..."
-download_package "$wazuh_cert_tool" $CERT_TOOL
+# Try first the prod URL, if it fails try the dev URL
+if download_package "$PACKAGES_URL" "$CERT_TOOL"; then
+    :
+elif download_package "$PACKAGES_DEV_URL" "$CERT_TOOL"; then
+    :
+else
+    echo "The tool to create the certificates does not exist in any bucket"
+    echo "ERROR: certificates were not created"
+    exit 1
+fi
+
 # Download the config file for the certificate tool
 echo "Downloading the config file for the certificate tool..."
-download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
+# Try first the prod URL, if it fails try the dev URL
+if download_package "$PACKAGES_URL" "$CERT_CONFIG_FILE"; then
+    :
+elif download_package "$PACKAGES_DEV_URL" "$CERT_CONFIG_FILE"; then
+    :
+else
+    echo "The config file for the certificate tool does not exist in any bucket"
+    echo "ERROR: certificates were not created"
+    exit 1
+fi
 
 # Modify the config file to set the IP to localhost
 sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
@@ -59,6 +85,7 @@ cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
 # Modify opensearch.yml config paths
 sed -i "s|/etc/wazuh-indexer|${CONFIG_DIR}|g" ${CONFIG_DIR}/opensearch.yml
 
+# Delete xms and xmx parameters in jvm.options
 sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
 
 chown -R ${USER}:${GROUP} ${CONFIG_DIR}

build-docker-images/wazuh-indexer/config/entrypoint.sh

@@ -1,77 +1,93 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+set -e
 
-# Copyright OpenSearch Contributors
+umask 0002
-# SPDX-License-Identifier: Apache-2.0
 
-# This script specify the entrypoint startup actions for opensearch
+export USER=wazuh-indexer
-# It will start both opensearch and performance analyzer plugin cli
+export INSTALLATION_DIR=/usr/share/wazuh-indexer
-# If either process failed, the entire docker container will be removed
+export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
-# in favor of a newly started container
+export JAVA_HOME=${INSTALLATION_DIR}/jdk
-
+export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
-# Export OpenSearch Home
+export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
-export OPENSEARCH_HOME=/usr/share/wazuh-indexer
+export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
-export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config
+export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
-export PATH=$OPENSEARCH_HOME/bin:$PATH
-
-
-# The virtual file /proc/self/cgroup should list the current cgroup
-# membership. For each hierarchy, you can follow the cgroup path from
-# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
-# introspect the statistics for the cgroup for the given
-# hierarchy. Alas, Docker breaks this by mounting the container
-# statistics at the root while leaving the cgroup paths as the actual
-# paths. Therefore, OpenSearch provides a mechanism to override
-# reading the cgroup path from /proc/self/cgroup and instead uses the
-# cgroup path defined the JVM system property
-# opensearch.cgroups.hierarchy.override. Therefore, we set this value here so
-# that cgroup statistics are available for the container this process
-# will run in.
-export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS"
-
-# Start up the opensearch and performance analyzer agent processes.
-# When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes.
-function runOpensearch {
-    # Files created by OpenSearch should always be group writable too
-    umask 0002
-
-    if [[ "$(id -u)" == "0" ]]; then
-        echo "Wazuh indexer cannot run as root. Please start your container as another user."
-        exit 1
-    fi
-
-    # Parse Docker env vars to customize Wazuh indexer / OpenSearch configuration
-    #
-    # e.g. Setting the env var cluster.name=testcluster
-    # will cause Wazuh indexer to be invoked with -Ecluster.name=testcluster
-    opensearch_opts=()
-    while IFS='=' read -r envvar_key envvar_value
-    do
-        # OpenSearch settings need to have at least two dot separated lowercase
-        # words, e.g. `cluster.name`, except for `processors` which we handle
-        # specially
-        if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
-            if [[ ! -z $envvar_value ]]; then
-            opensearch_opt="-E${envvar_key}=${envvar_value}"
-            opensearch_opts+=("${opensearch_opt}")
-            fi
-        fi
-    done < <(env)
-
-    # Start opensearch
-    exec "$@" "${opensearch_opts[@]}"
 
+run_as_other_user_if_needed() {
+  if [[ "$(id -u)" == "0" ]]; then
+    # If running as root, drop to specified UID and run command
+    exec chroot --userspec=1000:0 / "${@}"
+  else
+    # Either we are running in Openshift with random uid and are a member of the root group
+    # or with a custom --user
+    exec "${@}"
+  fi
 }
 
-# Prepend "opensearch" command if no argument was provided or if the first
+# Allow user specify custom CMD, maybe bin/opensearch itself
-# argument looks like a flag (i.e. starts with a dash).
+# for example to directly specify `-E` style parameters for opensearch on k8s
-if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
+# or simply to run /bin/bash to check the image
-    set -- opensearch "$@"
+if [[ "$1" != "opensearchwrapper" ]]; then
+  if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then
+    # Rewrite CMD args to replace $1 with `opensearch` explicitly,
+    # Without this, user could specify `opensearch -E x.y=z` but
+    # `bin/opensearch -E x.y=z` would not work.
+    set -- "opensearch" "${@:2}"
+    # Use chroot to switch to UID 1000 / GID 0
+    exec chroot --userspec=1000:0 / "$@"
+  else
+    # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
+    exec "$@"
+  fi
 fi
 
-if [ "$1" = "opensearch" ]; then
+# Allow environment variables to be set by creating a file with the
-    # If the first argument is opensearch, then run the setup script.
+# contents, and setting an environment variable with the suffix _FILE to
-    runOpensearch "$@"
+# point to it. This can be used to provide secrets to a container, without
-else
+# the values being specified explicitly when running the container.
-    # Otherwise, just exec the command.
+#
-    exec "$@"
+# This is also sourced in opensearch-env, and is only needed here
+# as well because we use INDEXER_PASSWORD below. Sourcing this script
+# is idempotent.
+source /usr/share/wazuh-indexer/bin/opensearch-env-from-file
+
+if [[ -f bin/opensearch-users ]]; then
+  # Check for the INDEXER_PASSWORD environment variable to set the
+  # bootstrap password for Security.
+  #
+  # This is only required for the first node in a cluster with Security
+  # enabled, but we have no way of knowing which node we are yet. We'll just
+  # honor the variable if it's present.
+  if [[ -n "$INDEXER_PASSWORD" ]]; then
+    [[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create)
+    if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then
+      # keystore is unencrypted
+      if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then
+        (run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password')
+      fi
+    else
+      # keystore requires password
+      if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \
+          | opensearch-keystore list | grep -q '^bootstrap.password$') ; then
+        COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")"
+        (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password')
+      fi
+    fi
+  fi
 fi
+
+if [[ "$(id -u)" == "0" ]]; then
+  # If requested and running as root, mutate the ownership of bind-mounts
+  if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
+    chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs}
+  fi
+fi
+
+
+#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
+  # run securityadmin.sh for single node with CACERT, CERT and KEY parameter
+#  nohup /securityadmin.sh &
+#  touch "/var/lib/wazuh-indexer/.flag"
+#fi
+
+run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

build-docker-images/wazuh-manager/Dockerfile

@@ -9,10 +9,6 @@ ARG S6_VERSION="v2.2.0.3"
 ARG TARGETARCH
 ARG wazuh_manager_url_amd64_rpm
 ARG wazuh_manager_url_arm64_rpm
-ARG wazuh_cert_tool
-ARG wazuh_config_yml
-
-COPY config/config.sh .
 
 RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
     manager_url="${!URL_VAR}" && \
@@ -20,10 +16,7 @@ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
     dnf clean all && \
     curl -o /wazuh-manager.rpm "${manager_url}" && \
     dnf install /wazuh-manager.rpm -y && \
-    rm -rf /wazuh-manager.rpm && \
     dnf clean all && \
-    chmod 755 /config.sh && \
-    /config.sh && \
     curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
     -o /tmp/s6-overlay-amd64.tar.gz && \
     tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \

build-docker-images/wazuh-manager/config/config.sh

@@ -1,39 +0,0 @@
-##############################################################################
-# Downloading Cert Gen Tool
-##############################################################################
-# Variables for certificate generation
-CERT_TOOL="wazuh-certs-tool.sh"
-CERT_CONFIG_FILE="config.yml"
-CERT_DIR=/var/ossec/etc/certs/
-download_package() {
-    local url=$1
-    local package=$2
-    if curl -fsL "$url" -o "$package"; then
-        echo "Downloaded $package"
-        return 0
-    else
-        echo "Error downloading $package from $url"
-        return 1
-    fi
-}
-# Download the tool to create the certificates
-echo "Downloading the tool to create the certificates..."
-download_package "$wazuh_cert_tool" $CERT_TOOL
-# Download the config file for the certificate tool
-echo "Downloading the config file for the certificate tool..."
-download_package "$wazuh_config_yml" $CERT_CONFIG_FILE
-
-# Modify the config file to set the IP to localhost
-sed -i 's/  ip:.*/  ip: "127.0.0.1"/' $CERT_CONFIG_FILE
-
-chmod 700 "$CERT_CONFIG_FILE"
-# Create the certificates
-chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
-
-# Copy Wazuh manager certs
-cp -pr /wazuh-certificates/wazuh-1.pem ${CERT_DIR}/wazuh-1.pem
-cp -pr /wazuh-certificates/wazuh-1-key.pem ${CERT_DIR}/wazuh-1-key.pem
-cp -pr /wazuh-certificates/root-ca.key ${CERT_DIR}/root-ca.key
-cp -pr /wazuh-certificates/root-ca.pem ${CERT_DIR}/root-ca.pem
-cp -pr /wazuh-certificates/admin.pem ${CERT_DIR}/admin.pem
-cp -pr /wazuh-certificates/admin-key.pem ${CERT_DIR}/admin-key.pem

build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init

@@ -152,76 +152,18 @@ set_custom_hostname() {
   sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
 }
 
-function_configure_ossec_conf() {
+##############################################################################
-OSSEC_CONF="${WAZUH_INSTALL_PATH}/etc/ossec.conf"
+# Allow users to set the container cluster key dynamically on
+# container start.
+#
+# To use this:
+# 1. Create your own ossec.conf file
+# 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key
+# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
+##############################################################################
 
-# --------------------------
+set_custom_cluster_key() {
-# Defaults based on OSSEC_CONF
+  sed -i 's/<key>to_be_replaced_by_cluster_key<\/key>/<key>'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
-# --------------------------
-if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
-    WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
-fi
-
-# Node type logic
-if [[ "$WAZUH_NODE_TYPE" != "worker" ]]; then
-    WAZUH_NODE_TYPE="master"
-fi
-
-# Default node name → HOSTNAME if not defined
-WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
-
-# --------------------------
-# Replace Indexer Hosts
-# --------------------------
-if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
-    TMP_HOSTS=$(mktemp)
-    {
-        echo "    <hosts>"
-        for NODE in $WAZUH_INDEXER_HOSTS; do
-            IP="${NODE%:*}"
-            PORT="${NODE#*:}"
-            echo "      <host>https://$IP:$PORT</host>"
-        done
-        echo "    </hosts>"
-    } > "$TMP_HOSTS";
-    sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
-            -e 'd }}' "$OSSEC_CONF";
-    rm -f "$TMP_HOSTS";
-fi
-
-# --------------------------
-# Cluster: node_name
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: node_type
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: key
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: nodes list
-# --------------------------
-if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
-    TMP_NODES=$(mktemp)
-    {
-        echo "    <nodes>"
-        for N in $WAZUH_CLUSTER_NODES; do
-            echo "        <node>$N</node>"
-        done
-        echo "    </nodes>"
-    } > "$TMP_NODES";
-    sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
-            -e 'd }}' "$OSSEC_CONF";
-    rm -f "$TMP_NODES";
-fi
-
-echo "Wazuh manager config modified successfully."
 }
 
 ##############################################################################
@@ -279,8 +221,8 @@ main() {
   # Allow setting custom hostname
   set_custom_hostname
 
-  # Configure ossec.conf based on environment variables
+  # Allow setting custom cluster key
-  function_configure_ossec_conf
+  set_custom_cluster_key
 
   # Delete temporary data folder
   rm -rf ${WAZUH_INSTALL_PATH}/data_tmp

single-node/config/wazuh_cluster/entrypoint.sh

@@ -1,85 +0,0 @@
-#!/bin/bash
-set -xe
-
-OSSEC_CONF="ossec.conf"
-
-# --------------------------
-# Defaults based on OSSEC_CONF
-# --------------------------
-if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
-    WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
-fi
-
-if [[ -z "$WAZUH_CLUSTER_PORT" ]]; then
-    WAZUH_CLUSTER_PORT=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<port>\(.*\)<\/port>.*/\1/p' "$OSSEC_CONF" | head -n1)
-fi
-
-# Node type logic
-if [[ -z "$WAZUH_NODE_TYPE" ]]; then
-    if [[ "$HOSTNAME" == "manager" || "$HOSTNAME" == "aio_node" ]]; then
-        WAZUH_NODE_TYPE="master"
-    else
-        WAZUH_NODE_TYPE="worker"
-    fi
-fi
-
-# Default node name → HOSTNAME if not defined
-WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
-
-# --------------------------
-# Replace Indexer Hosts
-# --------------------------
-if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
-    TMP_HOSTS=$(mktemp)
-    {
-        echo "    <hosts>"
-        for NODE in $WAZUH_INDEXER_HOSTS; do
-            IP="${NODE%:*}"
-            PORT="${NODE#*:}"
-            echo "      <host>https://$IP:$PORT</host>"
-        done
-        echo "    </hosts>"
-    } > "$TMP_HOSTS";
-    sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
-            -e 'd }}' "$OSSEC_CONF";
-    rm -f "$TMP_HOSTS";
-fi
-
-# --------------------------
-# Cluster: node_name
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: node_type
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: key
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: port
-# --------------------------
-sed -i "/<cluster>/,/<\/cluster>/ s|<port>.*</port>|<port>$WAZUH_CLUSTER_PORT</port>|" "$OSSEC_CONF"
-
-# --------------------------
-# Cluster: nodes list
-# --------------------------
-if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
-    TMP_NODES=$(mktemp)
-    {
-        echo "    <nodes>"
-        for N in $WAZUH_CLUSTER_NODES; do
-            echo "        <node>$N</node>"
-        done
-        echo "    </nodes>"
-    } > "$TMP_NODES";
-    sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
-            -e 'd }}' "$OSSEC_CONF";
-    rm -f "$TMP_NODES";
-fi
-
-echo "Wazuh manager config modified successfully."

single-node/config/wazuh_indexer/wazuh.indexer.yml

@@ -6,12 +6,12 @@ path.logs: /var/log/wazuh-indexer
 discovery.type: single-node
 http.port: 9200-9299
 transport.tcp.port: 9300-9399
-plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
-plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
-plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
-plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
 plugins.security.ssl.http.enabled: true
 plugins.security.ssl.transport.enforce_hostname_verification: false
 plugins.security.ssl.transport.resolve_hostname: false