Merge branch 'master' into 571-add-interface-fields-root-level-invent…

…ory-networks-index Signed-off-by: Kevin Ledesma <[email protected]>
wazuh · Dec 2, 2024 · d6dbac8 · d6dbac8
2 parents f716d90 + 6f5398d
commit d6dbac8
Show file tree

Hide file tree

Showing 33 changed files with 244 additions and 363 deletions.
diff --git a/build-scripts/assemble.sh b/build-scripts/assemble.sh
@@ -159,9 +159,9 @@ function parse_args() {
 # ====
 function add_configuration_files() {
     # Add our settings to the configuration files
-    cat "$PATH_CONF/security/roles.wazuh.yml" >> "$PATH_CONF/opensearch-security/roles.yml"
-    cat "$PATH_CONF/security/roles_mapping.wazuh.yml" >> "$PATH_CONF/opensearch-security/roles_mapping.yml"
-    
+    cat "$PATH_CONF/security/roles.wazuh.yml" >>"$PATH_CONF/opensearch-security/roles.yml"
+    cat "$PATH_CONF/security/roles_mapping.wazuh.yml" >>"$PATH_CONF/opensearch-security/roles_mapping.yml"
+
     cp "$PATH_CONF/opensearch.prod.yml" "$PATH_CONF/opensearch.yml"
 
     rm -r "$PATH_CONF/security"
@@ -188,9 +188,16 @@ function add_wazuh_tools() {
     local download_url
     download_url="https://packages-dev.wazuh.com/${version}"
 
-    curl -sL "${download_url}/config.yml" -o "$PATH_PLUGINS/opensearch-security/tools/config.yml"
-    curl -sL "${download_url}/wazuh-passwords-tool.sh" -o "$PATH_PLUGINS/opensearch-security/tools/wazuh-passwords-tool.sh"
-    curl -sL "${download_url}/wazuh-certs-tool.sh" -o "$PATH_PLUGINS/opensearch-security/tools/wazuh-certs-tool.sh"
+    curl -sL "${download_url}/config.yml" -o "$PATH_PLUGINS"/opensearch-security/tools/config.yml
+    curl -sL "${download_url}/wazuh-passwords-tool.sh" -o "$PATH_PLUGINS"/opensearch-security/tools/wazuh-passwords-tool.sh
+    curl -sL "${download_url}/wazuh-certs-tool.sh" -o "$PATH_PLUGINS"/opensearch-security/tools/wazuh-certs-tool.sh
+}
+
+# ====
+# Add demo certificates installer
+# ====
+function add_demo_certs_installer() {
+    cp install-demo-certificates.sh "$PATH_PLUGINS"/opensearch-security/tools/
 }
 
 # ====
@@ -282,6 +289,7 @@ function assemble_tar() {
     # Install plugins
     install_plugins "${version}"
     fix_log_rotation "${PATH_CONF}"
+    add_demo_certs_installer
     # Swap configuration files
     add_configuration_files
     remove_unneeded_files
@@ -322,6 +330,7 @@ function assemble_rpm() {
     install_plugins "${version}"
     fix_log_rotation ${PATH_CONF}
     enable_performance_analyzer_rca ${src_path}
+    add_demo_certs_installer
     # Swap configuration files
     add_configuration_files
     remove_unneeded_files
@@ -376,6 +385,7 @@ function assemble_deb() {
     install_plugins "${version}"
     fix_log_rotation ${PATH_CONF}
     enable_performance_analyzer_rca ${src_path}
+    add_demo_certs_installer
     # Swap configuration files
     add_configuration_files
     remove_unneeded_files
@@ -421,6 +431,8 @@ function main() {
     TMP_DIR="${OUTPUT}/tmp/${TARGET}"
     mkdir -p "$TMP_DIR"
     cp "${OUTPUT}/dist/$ARTIFACT_BUILD_NAME" "${TMP_DIR}"
+    # Copy the demo certificates generator
+    cp distribution/packages/src/common/scripts/install-demo-certificates.sh "$TMP_DIR"
 
     case $PACKAGE in
     tar)

diff --git a/distribution/packages/src/common/scripts/install-demo-certificates.sh b/distribution/packages/src/common/scripts/install-demo-certificates.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# Directories
+TMP_DIR="/tmp/wazuh-indexer/certs"
+CERTS_DIR="/etc/wazuh-indexer/certs"
+
+# Create directories
+mkdir -p "$TMP_DIR"
+
+# Root CA
+openssl genrsa -out "$TMP_DIR/root-ca-key-temp.pem" 2048
+openssl req -new -x509 -sha256 -key "$TMP_DIR/root-ca-key-temp.pem" -subj "/OU=Wazuh/O=Wazuh/L=California/" -out "$TMP_DIR/root-ca.pem" -days 3650
+
+# Admin cert
+openssl genrsa -out "$TMP_DIR/admin-key-temp.pem" 2048
+openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR/admin-key-temp.pem" -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR/admin-key.pem"
+openssl req -new -key "$TMP_DIR/admin-key.pem" -subj "/C=US/L=California/O=Wazuh/OU=Wazuh/CN=admin" -out "$TMP_DIR/admin.csr"
+openssl x509 -req -in "$TMP_DIR/admin.csr" -CA "$TMP_DIR/root-ca.pem" -CAkey "$TMP_DIR/root-ca-key-temp.pem" -CAcreateserial -sha256 -out "$TMP_DIR/admin.pem" -days 3650
+
+# Node cert
+openssl genrsa -out "$TMP_DIR/indexer-key-temp.pem" 2048
+openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR/indexer-key-temp.pem" -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR/indexer-key.pem"
+openssl req -new -key "$TMP_DIR/indexer-key.pem" -subj "/C=US/L=California/O=Wazuh/OU=Wazuh/CN=node-0.wazuh.indexer" -out "$TMP_DIR/indexer.csr"
+cat <<'INDEXER_EXT' >$TMP_DIR/indexer.ext
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = localhost
+DNS.2 = *.wazuh.indexer
+RID.1 = 1.2.3.4.5
+IP.1 = 127.0.0.1
+IP.2 =  0:0:0:0:0:0:0:1
+INDEXER_EXT
+
+openssl x509 -req -in "$TMP_DIR/indexer.csr" -CA "$TMP_DIR/root-ca.pem" -CAkey "$TMP_DIR/root-ca-key-temp.pem" -CAcreateserial -sha256 -out "$TMP_DIR/indexer.pem" -days 3650 -extfile "$TMP_DIR/indexer.ext"
+
+# Cleanup temporary files
+rm "$TMP_DIR/"*.csr "$TMP_DIR"/*.ext "$TMP_DIR"/*.srl "$TMP_DIR"/*-temp.pem
+
+# Move certs to permanent location
+mkdir -p "$CERTS_DIR"
+mv "$TMP_DIR"/* "$CERTS_DIR/"
+
+chmod 500 "$CERTS_DIR"
+chmod 400 "$CERTS_DIR"/*
+chown -R wazuh-indexer:wazuh-indexer "$CERTS_DIR"
+
+# Cleanup /tmp directory
+rm -r "$TMP_DIR"
diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst
@@ -32,7 +32,6 @@ chown -R wazuh-indexer:wazuh-indexer ${data_dir}
 chown -R wazuh-indexer:wazuh-indexer ${pid_dir}
 chown -R wazuh-indexer:wazuh-indexer ${tmp_dir}
 
-
 export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-${config_dir}}
 # Apply Performance Analyzer settings, as per https://github.com/opensearch-project/opensearch-build/blob/2.18.0/scripts/pkg/build_templates/current/opensearch/deb/debian/postinst#L28-L37
 if ! grep -q '## OpenSearch Performance Analyzer' "$OPENSEARCH_PATH_CONF/jvm.options"; then
@@ -44,28 +43,34 @@ if ! grep -q '## OpenSearch Performance Analyzer' "$OPENSEARCH_PATH_CONF/jvm.opt
         echo "-Djdk.attach.allowAttachSelf=true"
         echo "-Djava.security.policy=file://$OPENSEARCH_PATH_CONF/opensearch-performance-analyzer/opensearch_security.policy"
         echo "--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED"
-    } >> "$OPENSEARCH_PATH_CONF/jvm.options"
+    } >>"$OPENSEARCH_PATH_CONF/jvm.options"
 fi
 
 # Reload systemctl daemon
-if command -v systemctl > /dev/null; then
+if command -v systemctl >/dev/null; then
     systemctl daemon-reload
 fi
 
 # Reload other configs
-if command -v systemctl > /dev/null; then
+if command -v systemctl >/dev/null; then
     systemctl restart systemd-sysctl.service || true
 fi
 
-if command -v systemd-tmpfiles > /dev/null; then
+if command -v systemd-tmpfiles >/dev/null; then
     systemd-tmpfiles --create wazuh-indexer.conf
 fi
 
+if ! [ -d "${config_dir}/certs" ] && [ -f "${product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh" ]; then
+    echo "No certificates detected in ${config_dir}, installing demo certificates..."
+    echo "### If you are using a custom certificates path, ignore this message."
+    bash "${product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh" >"${log_dir}/install_demo_certificates.log" 2>&1
+fi
+
 if [ -f $restart_service ]; then
     rm -f $restart_service
     echo "Restarting wazuh-indexer service..."
-    if command -v systemctl > /dev/null; then
-        systemctl restart wazuh-indexer.service > /dev/null 2>&1
+    if command -v systemctl >/dev/null; then
+        systemctl restart wazuh-indexer.service >/dev/null 2>&1
     fi
     exit 0
 fi

diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -207,6 +207,12 @@ if command -v systemd-tmpfiles > /dev/null; then
     systemd-tmpfiles --create %{name}.conf
 fi
 
+if ! [ -d %{config_dir}/certs ] && [ -f %{product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh ]; then
+    echo "No certificates detected in %{config_dir}, installing demo certificates..."
+    echo "### If you are using a custom certificates path, ignore this message."
+    bash %{product_dir}/plugins/opensearch-security/tools/install-demo-certificates.sh > %{log_dir}/install_demo_certificates.log 2>&1
+fi
+
 if [ -f %{tmp_dir}/wazuh-indexer.restart ]; then
     rm -f %{tmp_dir}/wazuh-indexer.restart
     if command -v systemctl > /dev/null; then

diff --git a/ecs/docs/README.md b/ecs/docs/README.md
@@ -0,0 +1,22 @@
+# Wazuh Common Schema
+
+The Wazuh Common Schema is a derivation of the [Elastic Common Schema](https://www.elastic.co/guide/en/ecs/current/ecs-field-reference.html) (ECS) providing a common data schema for the different central components of Wazuh.
+
+- [agent](./agent.md)
+- [alerts](alerts.md)
+- [command](commands.md)
+- [states-fim](states-fim.md)
+- [states-inventory-hardware](states-inventory-hardware.md)
+- [states-inventory-hotfixes](states-inventory-hotfixes.md)
+- [states-inventory-networks](states-inventory-networks.md)
+- [states-inventory-packages](states-inventory-packages.md)
+- [states-inventory-ports](states-inventory-ports.md)
+- [states-inventory-processes](states-inventory-processes.md)
+- [states-inventory-system](states-inventory-system.md)
+- [states-vulnerabilities](states-vulnerabilities.md)
+
+---
+
+### Useful resources
+For more information and additional resources, please refer to the following links:
+- [ECS schemas repository](https://github.com/elastic/ecs/tree/main/schemas)
diff --git a/ecs/docs/inventory-hardware.md b/ecs/docs/inventory-hardware.md
@@ -34,25 +34,17 @@ fields:
       "@timestamp": {}
   agent:
     fields:
-      id: {}
       groups: {}
+      id: {}
+      name: {}
+      type: {}
+      version: {}
+      host:
+        fields: "*"
   observer:
     fields:
       serial_number: {}
-  host:
-    fields:
-      memory:
-        fields:
-          total: {}
-          free: {}
-          used:
-            fields:
-              percentage: {}
-      cpu:
-        fields:
-          name: {}
-          cores: {}
-          speed: {}
+
 ```
 
 ### Index settings
@@ -64,77 +56,12 @@ fields:
   "template": {
     "settings": {
       "index": {
-        "number_of_replicas": "0",
         "number_of_shards": "1",
-        "query.default_field": ["observer.board_serial"],
-        "refresh_interval": "5s"
-      }
-    },
-    "mappings": {
-      "date_detection": false,
-      "dynamic": "strict",
-      "properties": {
-        "@timestamp": {
-          "type": "date"
-        },
-        "agent": {
-          "properties": {
-            "groups": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "id": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        },
-        "host": {
-          "properties": {
-            "cpu": {
-              "properties": {
-                "cores": {
-                  "type": "long"
-                },
-                "name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                },
-                "speed": {
-                  "type": "long"
-                }
-              },
-              "type": "object"
-            },
-            "memory": {
-              "properties": {
-                "free": {
-                  "type": "long"
-                },
-                "total": {
-                  "type": "long"
-                },
-                "used": {
-                  "properties": {
-                    "percentage": {
-                      "type": "long"
-                    }
-                  },
-                  "type": "object"
-                }
-              },
-              "type": "object"
-            }
-          }
-        },
-        "observer": {
-          "properties": {
-            "serial_number": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        }
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "observer.board_serial"
+        ]
       }
     }
   }

diff --git a/ecs/docs/inventory-hotfixes.md b/ecs/docs/inventory-hotfixes.md
@@ -27,13 +27,19 @@ fields:
       "@timestamp": {}
   agent:
     fields:
-      id: {}
       groups: {}
+      id: {}
+      name: {}
+      type: {}
+      version: {}
+      host:
+        fields: "*"
   package:
     fields:
       hotfix:
         fields:
           name: {}
+
 ```
 
 ### Index settings
@@ -45,44 +51,12 @@ fields:
   "template": {
     "settings": {
       "index": {
-        "number_of_replicas": "0",
         "number_of_shards": "1",
-        "query.default_field": ["package.hotfix.name"],
-        "refresh_interval": "5s"
-      }
-    },
-    "mappings": {
-      "date_detection": false,
-      "dynamic": "strict",
-      "properties": {
-        "@timestamp": {
-          "type": "date"
-        },
-        "agent": {
-          "properties": {
-            "groups": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            },
-            "id": {
-              "ignore_above": 1024,
-              "type": "keyword"
-            }
-          }
-        },
-        "package": {
-          "properties": {
-            "hotfix": {
-              "properties": {
-                "name": {
-                  "ignore_above": 1024,
-                  "type": "keyword"
-                }
-              },
-              "type": "object"
-            }
-          }
-        }
+        "number_of_replicas": "0",
+        "refresh_interval": "5s",
+        "query.default_field": [
+          "package.hotfix.name"
+        ]
       }
     }
   }