Update Wazuh version to v4.3.5 (#683)

Former-commit-id: 428ba362afc66c556945b86dcda895cb00618ed2

wazuh/Dockerfile

@@ -3,7 +3,7 @@ FROM waystonesystems/baseimage-centos:0.2.0
 
 # Arguments
 ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.5-1
+ARG WAZUH_VERSION=4.3.5-1
 
 # Environment variables
 ENV API_USER="foo" \
@@ -27,8 +27,8 @@ protect=1\n'\
 # Install packages
 RUN set -x && \
     curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \
-    groupadd -g 1000 ossec && \
-    useradd -u 1000 -g 1000 -d /var/ossec ossec && \
+    groupadd -g 1000 wazuh && \
+    useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
     yum update -y && \
     yum upgrade -y &&\
     yum install -y openssl vim expect python-boto python-pip python-cryptography && \
@@ -97,7 +97,7 @@ VOLUME ["/var/lib/filebeat"]
 RUN mkdir /entrypoint-scripts
 
 COPY config/entrypoint.sh /entrypoint.sh
-COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py
+COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
 COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh
 COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
 COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh

wazuh/config/01-wazuh.sh

@@ -44,49 +44,58 @@ check_update() {
   if [ -e /var/ossec/etc/VERSION ]
   then
     previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
-    echo "Previous version: $previous_version"
+    echo "CHECK UPDATE - Previous version: $previous_version"
     current_version=$(/var/ossec/bin/wazuh-control -j info | jq .data[0].WAZUH_VERSION | cut -d'"' -f2)
-    echo "Current version: $current_version"
+    echo "CHECK UPDATE - Current version: $current_version"
     if [ $previous_version == $current_version ]
     then
-      echo "Same Wazuh version in the EBS and image"
+      echo "CHECK UPDATE - Same Wazuh version in the EBS and image"
       return 0
     else
-      echo "Different Wazuh version: Update"
-      if [ $previous_version == "v4.1.5" ]
+      echo "CHECK UPDATE - Different Wazuh version: Update"
+      if [ $previous_version == "v4.2.5" ]
       then
-        echo "Remove simbolic link from ossec-init.conf"
-        unlink /var/ossec/etc/ossec-init.conf
-        echo "Change /var/ossec/queue/ossec path to /var/ossec/queue/sockets"
-        mkdir /var/ossec/queue/sockets
-        chown ossec:ossec /var/ossec/queue/sockets
-        chmod 770 /var/ossec/queue/sockets
-        exec_cmd "cp -ra /var/ossec/queue/ossec/. /var/ossec/queue/sockets/"
-        rm -rf /var/ossec/queue/ossec
+        echo "CHECK UPDATE - Change ossec user to wazuh user"
+        ossec_group_files=$(find /var/ossec -group 1000)
+        ossec_user_files=$(find /var/ossec -user 1000)
 
-        echo "Change /var/ossec/logs/ossec path to /var/ossec/logs/wazuh"
-        mkdir /var/ossec/logs/wazuh
-        chown ossec:ossec /var/ossec/logs/wazuh
-        chmod 750 /var/ossec/logs/wazuh
-        exec_cmd "cp -ra /var/ossec/logs/ossec/. /var/ossec/logs/wazuh/"
-        rm -rf /var/ossec/logs/ossec
+        while IFS= read -r group; do
+          chgrp wazuh $group
+        done <<< "$ossec_group_files"
 
-        echo "Restore logcollector queue dir"
-        mkdir /var/ossec/queue/logcollector
-        chown ossec:ossec /var/ossec/queue/logcollector
-        chmod 750 /var/ossec/queue/logcollector
-        exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/queue/logcollector/. /var/ossec/queue/logcollector"
+        while IFS= read -r user; do
+          chown wazuh $user
+        done <<< "$ossec_user_files"
+
+        echo "CHECK UPDATE - Change ossecr user to wazuh user"
+        ossecr_group_files=$(find /var/ossec -group 998)
+        ossecr_user_files=$(find /var/ossec -user 998)
+
+        while IFS= read -r group; do
+          chgrp wazuh $group
+        done <<< "$ossecr_group_files"
+
+        while IFS= read -r user; do
+          chown wazuh $user
+        done <<< "$ossecr_user_files"
+
+        echo "CHECK UPDATE - Change ossecm user to wazuh user"
+        ossecm_group_files=$(find /var/ossec -group 997)
+        ossecm_user_files=$(find /var/ossec -user 997)
+
+        while IFS= read -r group; do
+          chgrp wazuh $group
+        done <<< "$ossecm_group_files"
+
+        while IFS= read -r user; do
+          chown wazuh $user
+        done <<< "$ossecm_user_files"
 
-        echo "Restore syscollector queue dir"
-        mkdir /var/ossec/queue/syscollector
-        chown ossec:ossec /var/ossec/queue/syscollector
-        chmod 750 /var/ossec/queue/syscollector
-        exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/queue/syscollector/. /var/ossec/queue/syscollector"
       fi
       return 1
     fi
   else
-    echo "First time mounting EBS"
+    echo "CHECK UPDATE - First time mounting EBS"
     return 0
   fi
 }

wazuh/config/create_user.py

@@ -9,7 +9,9 @@ import re
 sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework")
 WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json"
 WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json"
+
 try:
+    from wazuh.rbac.orm import create_rbac_db
     from wazuh.security import (
         create_user,
         get_users,
@@ -42,6 +44,7 @@ if __name__ == "__main__":
 
     wui_password = read_wui_user_file()
     wazuh_password = read_wazuh_user_file()
+    create_rbac_db()
     initial_users = db_users()
 
     # set a random password for all other users (not wazuh-wui)