paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-03 21:43:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
0c8a36fe06b010fa3c9463bb2007e732aa6735e9
wazuh-docker-orginal/build-docker-images/wazuh-indexer/config/config.sh
Victor Carlos Erenu 0c8a36fe06 Delete Wazuh indexer config files
2025-10-22 22:45:39 +07:00

99 lines
3.4 KiB
Bash
Raw Blame History

# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
# This has to be exported to make some magic below work.
export DH_OPTIONS
export NAME=wazuh-indexer
# Package build options
export USER=${NAME}
export GROUP=${NAME}
export VERSION=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
export LOG_DIR=/var/log/${NAME}
export LIB_DIR=/var/lib/${NAME}
export PID_DIR=/run/${NAME}
export INSTALLATION_DIR=/usr/share/${NAME}
export CONFIG_DIR=${INSTALLATION_DIR}/config
##############################################################################
# Downloading Cert Gen Tool
##############################################################################
## Variables
CERT_TOOL=wazuh-certs-tool.sh
CERT_CONFIG_FILE=config.yml
CERT_TOOL_VERSION="4.14"
PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
download_package() {
local url=$1
local package=$2
local output=$2
echo "Checking $url$package ..."
if curl -fsL "$url$package" -o "$output"; then
echo "Downloaded $package from $url"
return 0
else
return 1
fi
}
# Download the tool to create the certificates
echo "Downloading the tool to create the certificates..."
# Try first the prod URL, if it fails try the dev URL
if download_package "$PACKAGES_URL" "$CERT_TOOL"; then
:
elif download_package "$PACKAGES_DEV_URL" "$CERT_TOOL"; then
:
else
echo "The tool to create the certificates does not exist in any bucket"
echo "ERROR: certificates were not created"
exit 1
fi
# Download the config file for the certificate tool
echo "Downloading the config file for the certificate tool..."
# Try first the prod URL, if it fails try the dev URL
if download_package "$PACKAGES_URL" "$CERT_CONFIG_FILE"; then
:
elif download_package "$PACKAGES_DEV_URL" "$CERT_CONFIG_FILE"; then
:
else
echo "The config file for the certificate tool does not exist in any bucket"
echo "ERROR: certificates were not created"
exit 1
fi
awk '
/^ indexer:/ {in_indexer=1}
/^ # Wazuh server nodes/ {in_indexer=0}
in_indexer && /^[[:space:]]*[^#].*name:/ {sub(/name:.*/, "name: indexer")}
/^[[:space:]]*[^#].*ip:/ {sub(/ip:.*/, "ip: \"127.0.0.1\"")}
{print}
' config.yml > config.yml.tmp && mv config.yml config.yml.bak && mv config.yml.tmp config.yml
chmod 700 "$CERT_CONFIG_FILE"
# Create the certificates
chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A
# Copy Wazuh indexer's certificates
mkdir -p ${CONFIG_DIR}/certs
cp -pr /wazuh-certificates/indexer.pem ${CONFIG_DIR}/certs/indexer.pem
cp -pr /wazuh-certificates/indexer-key.pem ${CONFIG_DIR}/certs/indexer-key.pem
cp -pr /wazuh-certificates/root-ca.key ${CONFIG_DIR}/certs/root-ca.key
cp -pr /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
cp -pr /wazuh-certificates/admin.pem ${CONFIG_DIR}/certs/admin.pem
cp -pr /wazuh-certificates/admin-key.pem ${CONFIG_DIR}/certs/admin-key.pem
# Delete xms and xmx parameters in jvm.options
sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options
sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options
sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options
chown -R ${USER}:${GROUP} ${CONFIG_DIR}
chmod -R 500 ${CONFIG_DIR}/certs
chmod -R 400 ${CONFIG_DIR}/certs/*
Reference in New Issue View Git Blame Copy Permalink