From eead9eaf041175c1b2d5f2f67cbf95302720e24b Mon Sep 17 00:00:00 2001 From: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com> Date: Tue, 25 Jun 2024 08:11:05 -0300 Subject: [PATCH] Remove references to indexer-ism-init.sh and wazuh-template.json (#281) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove references to indexer-ism-init.sh and wazuh-template.json * Roll back remaining content from ISM rollover+alias feature * Remove commented code --------- Co-authored-by: Álex Ruiz --- .gitignore | 3 - .../packages/src/deb/debmake_install.sh | 1 - .../packages/src/rpm/wazuh-indexer.cicd.spec | 2 - .../packages/src/rpm/wazuh-indexer.rpm.spec | 2 - distribution/src/bin/indexer-init.sh | 138 ------ distribution/src/bin/indexer-ism-init.sh | 438 ------------------ .../src/config/security/action_groups.yml | 12 - distribution/src/config/security/roles.yml | 8 - .../src/config/security/roles_mapping.yml | 9 +- integrations/tools/events-generator/README.md | 4 +- packaging_scripts/build.sh | 19 - 11 files changed, 2 insertions(+), 634 deletions(-) delete mode 100644 distribution/src/bin/indexer-init.sh delete mode 100644 distribution/src/bin/indexer-ism-init.sh delete mode 100644 distribution/src/config/security/action_groups.yml diff --git a/.gitignore b/.gitignore index 2790d2cfb49d1..376d0efeed3a3 100644 --- a/.gitignore +++ b/.gitignore @@ -75,6 +75,3 @@ testfixtures_shared/ # build files generated doc-tools/missing-doclet/bin/ - -# Wazuh template (currently downloaded from the wazuh/wazuh repo directly) -distribution/src/config/wazuh-template.json diff --git a/distribution/packages/src/deb/debmake_install.sh b/distribution/packages/src/deb/debmake_install.sh index 74064f87620e6..6bc8e89d48f68 100644 --- a/distribution/packages/src/deb/debmake_install.sh +++ b/distribution/packages/src/deb/debmake_install.sh @@ -90,6 +90,5 @@ for i in "${binary_files[@]}"; do chmod -c 750 "$i" done -chmod -c 660 "${buildroot}${config_dir}/wazuh-template.json" exit 0 diff --git a/distribution/packages/src/rpm/wazuh-indexer.cicd.spec b/distribution/packages/src/rpm/wazuh-indexer.cicd.spec index f17e6f7413aab..9172db51eb1a1 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.cicd.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.cicd.spec @@ -689,8 +689,6 @@ rm -fr %{buildroot} %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-performance-analyzer/performance-analyzer-agent %attr(440, %{USER}, %{GROUP}) %{INSTALL_DIR}/VERSION %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/indexer-security-init.sh -%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/indexer-ism-init.sh -%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/indexer-init.sh %attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/config.yml %attr(740, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/wazuh-certs-tool.sh %attr(740, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/wazuh-passwords-tool.sh diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index 15f33988385c7..61e1880c76ee1 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -117,7 +117,6 @@ set -- "$@" "%{_sysconfdir}/sysconfig/%{name}" set -- "$@" "%{config_dir}/log4j2.properties" set -- "$@" "%{config_dir}/jvm.options" set -- "$@" "%{config_dir}/opensearch.yml" -set -- "$@" "%{config_dir}/wazuh-template.json" set -- "$@" "%{product_dir}/VERSION" set -- "$@" "%{product_dir}/plugins/opensearch-security/tools/.*\.sh" set -- "$@" "%{product_dir}/bin/.*" @@ -262,7 +261,6 @@ exit 0 %attr(750, %{name}, %{name}) %{product_dir}/jdk/lib/jspawnhelper %attr(750, %{name}, %{name}) %{product_dir}/jdk/lib/modules %attr(750, %{name}, %{name}) %{product_dir}/performance-analyzer-rca/bin/* -%attr(660, %{name}, %{name}) %{config_dir}/wazuh-template.json %changelog * Thu Mar 28 2024 support - 4.9.0 diff --git a/distribution/src/bin/indexer-init.sh b/distribution/src/bin/indexer-init.sh deleted file mode 100644 index 80882e290e4e2..0000000000000 --- a/distribution/src/bin/indexer-init.sh +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/bash -# Wazuh Copyright (C) 2023 Wazuh Inc. (License GPLv2) -# Wazuh - indexer initialization script - -INSTALL_PATH="/usr/share/wazuh-indexer" -BIN_PATH="${INSTALL_PATH}/bin" - - -######################################################################### -# Parse arguments for security init script. -######################################################################### -function parse_security_args() { - security_args=() - - while [ -n "$1" ]; do - case "$1" in - "-h" | "--help") - security_args+=("${1}") - shift - ;; - "-ho" | "--host") - if [ -n "$2" ]; then - security_args+=("${1}" "${2}") - shift 2 - fi - ;; - "--port") - if [ -n "$2" ]; then - security_args+=("${1}" "${2}") - shift 2 - fi - ;; - "--options") - if [ -n "$2" ]; then - security_args+=("${1}" "${2}") - shift 2 - fi - ;; - *) - shift - ;; - esac - done -} - - -######################################################################### -# Run the security init script. -######################################################################### -function run_security_init() { - echo "Executing Wazuh indexer security init script..." - parse_security_args "$@" - /bin/bash "${BIN_PATH}/indexer-security-init.sh" "${security_args[@]}" -} - - -######################################################################### -# Parse arguments for ISM init script. -######################################################################### -function parse_ism_args() { - ism_args=() - - while [ -n "${1}" ]; do - case "${1}" in - "-a" | "--min-index-age") - if [ -n "${2}" ]; then - ism_args+=("${1}" "${2}") - shift 2 - fi - ;; - "-d" | "--min-doc-count") - if [ -n "${2}" ]; then - ism_args+=("${1}" "${2}") - shift 2 - fi - ;; - "-h" | "--help") - ism_args+=("${1}") - shift - ;; - "-i" | "--indexer-hostname") - if [ -n "${2}" ]; then - ism_args+=("${1}" "${2}") - shift 2 - fi - ;; - "-p" | "--indexer-password") - if [ -n "${2}" ]; then - ism_args+=("${1}" "${2}") - shift 2 - fi - ;; - "-s" | "--min-shard-size") - if [ -n "${2}" ]; then - ism_args+=("${1}" "${2}") - shift 2 - fi - ;; - "-P" | "--priority") - if [ -n "${2}" ]; then - ism_args+=("${1}" "${2}") - shift 2 - fi - ;; - "-v" | "--verbose") - ism_args+=("${1}") - shift - ;; - *) - shift - ;; - esac - done -} - - -######################################################################### -# Run the ISM init script. -######################################################################### -function run_ism_init() { - echo "Executing Wazuh indexer ISM init script..." - parse_ism_args "$@" - /bin/bash "${BIN_PATH}/indexer-ism-init.sh" "${ism_args[@]}"; -} - - -######################################################################### -# Main function. -######################################################################### -function main() { - # If run_security_init returns 0, then run_ism_init - if run_security_init "$@" -gt 0; then - run_ism_init "$@" - fi -} - - -main "$@" diff --git a/distribution/src/bin/indexer-ism-init.sh b/distribution/src/bin/indexer-ism-init.sh deleted file mode 100644 index 3e9e4a3f278f3..0000000000000 --- a/distribution/src/bin/indexer-ism-init.sh +++ /dev/null @@ -1,438 +0,0 @@ -#!/bin/bash -# Wazuh Copyright (C) 2023 Wazuh Inc. (License GPLv2) -# Wazuh - Indexer set rollover policy and templates - -# Policy settings -MIN_SHARD_SIZE="25" -MIN_INDEX_AGE="7d" -MIN_DOC_COUNT="600000000" -ISM_INDEX_PATTERNS='["wazuh-alerts-*", "wazuh-archives-*", "-wazuh-alerts-4.x-sample*"]' -ISM_PRIORITY="50" -INDEXER_PASSWORD="admin" -INDEXER_HOSTNAME="localhost" - -POLICY_NAME="rollover_policy" -LOG_FILE="/tmp/wazuh-indexer/ism-init.log" - -INDEXER_URL="https://${INDEXER_HOSTNAME}:9200" - -# curl settings shortcuts -C_AUTH="-u admin:${INDEXER_PASSWORD}" - -ALERTS_TEMPLATE="/etc/wazuh-indexer/wazuh-template.json" - -######################################################################### -# Creates the rollover_policy ISM policy. -# Globals: -# MIN_SHARD_SIZE: The minimum shard size in GB. -# MIN_INDEX_AGE: The minimum index age. -# MIN_DOC_COUNT: The minimum document count. -# ISM_INDEX_PATTERNS: The index patterns to apply the policy. -# ISM_PRIORITY: The policy priority. -# Arguments: -# None. -# Returns: -# The rollover policy as a JSON string -######################################################################### -function generate_rollover_policy() { - cat <<-EOF - { - "policy": { - "description": "Wazuh rollover and alias policy", - "default_state": "active", - "states": [ - { - "name": "active", - "actions": [ - { - "rollover": { - "min_primary_shard_size": "${MIN_SHARD_SIZE}gb", - "min_index_age": "${MIN_INDEX_AGE}", - "min_doc_count": "${MIN_DOC_COUNT}" - } - } - ] - } - ], - "ism_template": { - "index_patterns": ${ISM_INDEX_PATTERNS}, - "priority": "${ISM_PRIORITY}" - } - } - } - EOF -} - -######################################################################### -# Creates an index template with order 3 to set the rollover alias. -# Arguments: -# - The alias name, a string. Also used as index pattern. -# Returns: -# The index template as a JSON string. -######################################################################### -function generate_rollover_template() { - cat <<-EOF - { - "order": 3, - "index_patterns": ["${1}-*"], - "settings": { - "index.plugins.index_state_management.rollover_alias": "${1}" - } - } - EOF -} - -######################################################################### -# Creates an index template to disable replicas on ISM configurastion indices. -# Returns: -# The index template as a JSON string. -######################################################################### -function generate_ism_config_template() { - cat <<-EOF - { - "order": 1, - "index_patterns": [ - ".opendistro-ism-managed-index-history-*", - ".opendistro-ism-config", - ".opendistro-job-scheduler-lock" - ], - "settings": { - "number_of_replicas": 0 - } - } - EOF -} - -######################################################################### -# Creates persistent cluster's settings to disable replicas for ISM history. -# Returns: -# The setting as a JSON string. -######################################################################### -function generate_ism_config() { - cat <<-EOF - { - "persistent": { - "plugins": { - "index_state_management": { - "history": { - "number_of_replicas": "0" - } - } - } - } - } - EOF -} - -######################################################################### -# Loads the index templates for the rollover policy to the indexer. -######################################################################### -function load_templates() { - # Load wazuh-template.json, needed for initial indices creation. - echo "Will create 'wazuh' index template" - if [ -f "${ALERTS_TEMPLATE}" ]; then - cat "${ALERTS_TEMPLATE}" | - if ! curl -s -k ${C_AUTH} \ - -X PUT "${INDEXER_URL}/_template/wazuh" \ - -o "${LOG_FILE}" --create-dirs \ - -H 'Content-Type: application/json' -d @-; then - echo " ERROR: 'wazuh' template creation failed" - return 1 - else - echo " SUCC: 'wazuh' template created or updated" - fi - else - echo " ERROR: ${ALERTS_TEMPLATE} not found" - fi - - # Load template for ISM configuration indices - echo "Will create 'ism_history_indices' index template" - generate_ism_config_template | - if ! curl -s -k ${C_AUTH} \ - -X PUT "${INDEXER_URL}/_template/ism_history_indices" \ - -o "${LOG_FILE}" --create-dirs \ - -H 'Content-Type: application/json' -d @-; then - echo " ERROR: 'ism_history_indices' template creation failed" - return 1 - else - echo " SUCC: 'ism_history_indices' template created or updated" - fi - - # Make settings persistent - echo "Will disable replicas for 'plugins.index_state_management.history' indices" - generate_ism_config | - if ! curl -s -k ${C_AUTH} \ - -X PUT "${INDEXER_URL}/_cluster/settings" \ - -o "${LOG_FILE}" --create-dirs \ - -H 'Content-Type: application/json' -d @-; then - echo " ERROR: cluster's settings update failed" - return 1 - else - echo " SUCC: cluster's settings saved" - fi - - echo "Will create index templates to configure the alias" - for alias in "${aliases[@]}"; do - generate_rollover_template "${alias}" | - if ! curl -s -k ${C_AUTH} \ - -X PUT "${INDEXER_URL}/_template/${alias}-rollover" \ - -o "${LOG_FILE}" --create-dirs \ - -H 'Content-Type: application/json' -d @-; then - echo " ERROR: '${alias}' template creation failed" - return 1 - else - echo " SUCC: '${alias}' template created or updated" - fi - done -} - -######################################################################### -# Uploads the rollover policy. -# If the policy does not exist, the policy "${POLICY_NAME}" is created. -# If the policy exists, but the rollover conditions are different, the -# policy is updated. -# Arguments: -# None. -######################################################################### -function upload_rollover_policy() { - echo "Will create the '${POLICY_NAME}' policy" - policy_exists=$( - curl -s -k ${C_AUTH} \ - -X GET "${INDEXER_URL}/_plugins/_ism/policies/${POLICY_NAME}" \ - -o "${LOG_FILE}" --create-dirs \ - -w "%{http_code}" - ) - - # Check if the ${POLICY_NAME} ISM policy was loaded (404 error if not found) - if [[ "${policy_exists}" == "404" ]]; then - policy_uploaded=$( - curl -s -k ${C_AUTH} \ - -X PUT "${INDEXER_URL}/_plugins/_ism/policies/${POLICY_NAME}" \ - -o "${LOG_FILE}" --create-dirs \ - -H 'Content-Type: application/json' \ - -d "$(generate_rollover_policy)" \ - -w "%{http_code}" - ) - - if [[ "${policy_uploaded}" == "201" ]]; then - echo " SUCC: '${POLICY_NAME}' policy created" - else - echo " ERROR: '${POLICY_NAME}' policy not created => ${policy_uploaded}" - return 1 - fi - else - if [[ "${policy_exists}" == "200" ]]; then - echo " INFO: policy '${POLICY_NAME}' already exists. Skipping policy creation" - else - echo " ERROR: could not check if the policy '${POLICY_NAME}' exists => ${policy_exists}" - return 1 - fi - fi -} - -######################################################################### -# Check if an alias exists in the indexer. -# Arguments: -# 1. The alias to look for. String. -######################################################################### -function check_for_write_index() { - curl -s -k ${C_AUTH} "${INDEXER_URL}/_cat/aliases" | - grep -i "${1}" | - grep -i true | - awk '{print $2}' -} - -######################################################################### -# Creates the settings for the aliased write index. -# Arguments: -# 1. The alias. String. -######################################################################### -function generate_write_index_alias() { - cat <<-EOF - { - "aliases": { - "$1": { - "is_write_index": true - } - } - } - EOF -} - -######################################################################### -# Creates the initial aliased write index. -# Arguments: -# 1. The alias. String. -######################################################################### -function create_write_index() { - if ! curl -s -k ${C_AUTH} -o "${LOG_FILE}" --create-dirs \ - -X PUT "$INDEXER_URL/%3C${1}-4.x-%7Bnow%2Fd%7D-000001%3E" \ - -H 'Content-Type: application/json' \ - -d "$(generate_write_index_alias "${1}")"; then - echo " ERROR: creating '${1}' write index" - return 1 - else - echo " SUCC: '${1}' write index created" - fi -} - -######################################################################### -# Creates the write indices for the aliases given as parameter. -# Arguments: -# 1. List of aliases to initialize. -######################################################################### -function create_indices() { - echo "Will create initial indices for the aliases" - for alias in "${aliases[@]}"; do - # Check if there are any write indices for the current alias - write_index_exists=$(check_for_write_index "${alias}") - - # Create the write index if it does not exist - if [[ -z $write_index_exists ]]; then - create_write_index "${alias}" - else - echo " INFO: '${alias}' write index already exists. Skipping write index creation" - fi - done -} - -######################################################################### -# Shows usage help. -######################################################################### -function show_help() { - echo -e "" - echo -e "NAME" - echo -e " indexer-ism-init.sh - Manages the Index State Management plugin for Wazuh indexer index rollovers policies." - echo -e "" - echo -e "SYNOPSIS" - echo -e " indexer-ism-init.sh [OPTIONS]" - echo -e "" - echo -e "DESCRIPTION" - echo -e " -a, --min-index-age " - echo -e " Set the minimum index age. By default 7d." - echo -e "" - echo -e " -d, --min-doc-count " - echo -e " Set the minimum document count. By default 200000000." - echo -e "" - echo -e " -h, --help" - echo -e " Shows help." - echo -e "" - echo -e " -i, --indexer-hostname " - echo -e " Specifies the Wazuh indexer hostname or IP." - echo -e "" - echo -e " -p, --indexer-password " - echo -e " Specifies the Wazuh indexer admin user password." - echo -e "" - echo -e " -P, --priority " - echo -e " Specifies the policy's priority." - echo -e "" - echo -e " -s, --min-shard-size " - echo -e " Set the minimum shard size in GB. By default 25." - echo -e "" - echo -e " -v, --verbose" - echo -e " Set verbose mode. Prints more information." - echo -e "" - return 1 -} - -######################################################################### -# Main function. -######################################################################### -function main() { - # The list should contain every alias which indices implement the - # rollover policy - aliases=("wazuh-alerts" "wazuh-archives") - - while [ -n "${1}" ]; do - case "${1}" in - "-a" | "--min-index-age") - if [ -z "${2}" ]; then - echo "Error on arguments. Probably missing after -a|--min-index-age" - show_help - else - MIN_INDEX_AGE="${2}" - shift 2 - fi - ;; - "-d" | "--min-doc-count") - if [ -z "${2}" ]; then - echo "Error on arguments. Probably missing after -d|--min-doc-count" - show_help - else - MIN_DOC_COUNT="${2}" - shift 2 - fi - ;; - "-h" | "--help") - show_help - ;; - "-i" | "--indexer-hostname") - if [ -z "${2}" ]; then - echo "Error on arguments. Probably missing after -i|--indexer-hostname" - show_help - else - INDEXER_HOSTNAME="${2}" - INDEXER_URL="https://${INDEXER_HOSTNAME}:9200" - shift 2 - fi - ;; - "-p" | "--indexer-password") - if [ -z "${2}" ]; then - echo "Error on arguments. Probably missing after -p|--indexer-password" - show_help - else - INDEXER_PASSWORD="${2}" - C_AUTH="-u admin:${INDEXER_PASSWORD}" - shift 2 - fi - ;; - "-s" | "--min-shard-size") - if [ -z "${2}" ]; then - echo "Error on arguments. Probably missing after -s|--min-shard-size" - show_help - else - MIN_SHARD_SIZE="${2}" - shift 2 - fi - ;; - "-P" | "--priority") - if [ -z "${2}" ]; then - echo "Error on arguments. Probably missing after -P|--priority" - show_help - else - ISM_PRIORITY="${2}" - shift 2 - fi - ;; - "-t" | "--template") - if [ -z "${2}" ]; then - echo "Error on arguments. Probably missing