Merge branch '4.10.0' into enhancement/19-installation-assistant-file…

…s-migration

builder.sh

@@ -32,13 +32,13 @@ function getHelp() {
     echo -e "                Builds the installation assistant (wazuh-install.sh)"
     echo -e ""
     echo -e "        -c,  --cert-tool"
-    echo -e "                Builds the certificate tool (wazuh-certs-tool.sh)"
+    echo -e "                Builds the certificates tool (wazuh-certs-tool.sh)"
     echo -e ""
     echo -e "        -d [pre-release|staging],  --development"
     echo -e "                Use development repositories. By default it uses the pre-release package repository. If staging is specified, it will use that repository."
     echo -e ""
     echo -e "        -p,  --password-tool"
-    echo -e "                Builds the password tool (wazuh-passwords-tool.sh)"
+    echo -e "                Builds the passwords tool (wazuh-passwords-tool.sh)"
     echo -e ""
     echo -e "        -h,  --help"
     echo -e "                Shows help."

config/dashboard/dashboard_unattended.yml

@@ -0,0 +1,15 @@
+server.host: 0.0.0.0
+opensearch.hosts: https://127.0.0.1:9200
+server.port: 443
+opensearch.ssl.verificationMode: certificate
+# opensearch.username: kibanaserver
+# opensearch.password: kibanaserver
+opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
+opensearch_security.cookie.secure: true

config/dashboard/dashboard_unattended_distributed.yml

@@ -0,0 +1,13 @@
+server.port: 443
+opensearch.ssl.verificationMode: certificate
+# opensearch.username: kibanaserver
+# opensearch.password: kibanaserver
+opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
+opensearch_security.cookie.secure: true

config/filebeat/filebeat_unattended.yml

@@ -0,0 +1,43 @@
+# Wazuh - Filebeat configuration file
+output.elasticsearch.hosts:
+        - 127.0.0.1:9200
+#        - <elasticsearch_ip_node_2>:9200 
+#        - <elasticsearch_ip_node_3>:9200
+
+output.elasticsearch:
+  protocol: https
+  username: ${username}
+  password: ${password}
+  ssl.certificate_authorities:
+    - /etc/filebeat/certs/root-ca.pem
+  ssl.certificate: "/etc/filebeat/certs/filebeat.pem"
+  ssl.key: "/etc/filebeat/certs/filebeat-key.pem"
+setup.template.json.enabled: true
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
+setup.ilm.overwrite: true
+setup.ilm.enabled: false
+
+filebeat.modules:
+  - module: wazuh
+    alerts:
+      enabled: true
+    archives:
+      enabled: false
+
+logging.level: info
+logging.to_files: true
+logging.files:
+  path: /var/log/filebeat
+  name: filebeat
+  keepfiles: 7
+  permissions: 0644
+
+logging.metrics.enabled: false
+
+seccomp:
+  default_action: allow
+  syscalls:
+  - action: allow
+    names:
+    - rseq

config/indexer/indexer_unattended_distributed.yml

@@ -0,0 +1,41 @@
+node.master: true
+node.data: true
+node.ingest: true
+
+cluster.name: wazuh-indexer-cluster
+cluster.routing.allocation.disk.threshold_enabled: false
+
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+
+
+plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.ssl.http.enabled_ciphers:
+  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+plugins.security.ssl.http.enabled_protocols:
+  - "TLSv1.2"
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+
+### Option to allow Filebeat-oss 7.10.2 to work ###
+compatibility.override_main_response_version: true

install_functions/indexer.sh

@@ -213,6 +213,4 @@ function indexer_startCluster() {
     else
         common_logger -d "Inserted wazuh-alerts template into the Wazuh indexer cluster."
     fi
-
-
-}
+}

install_functions/installCommon.sh

@@ -935,4 +935,4 @@ function installCommon_checkAptLock() {
         sleep "${seconds}"
     done
 
-}
+}

install_functions/installMain.sh

@@ -364,10 +364,12 @@ function main() {
             manager_startCluster
         fi
         installCommon_startService "wazuh-manager"
+        manager_checkService
         filebeat_install
         filebeat_configure
         installCommon_changePasswords
         installCommon_startService "filebeat"
+        filebeat_checkService
         installCommon_removeWIADependencies
     fi
 
@@ -384,9 +386,11 @@ function main() {
         manager_install
         manager_configure
         installCommon_startService "wazuh-manager"
+        manager_checkService
         filebeat_install
         filebeat_configure
         installCommon_startService "filebeat"
+        filebeat_checkService
         common_logger "--- Wazuh dashboard ---"
         dashboard_install
         dashboard_configure
@@ -418,4 +422,4 @@ function main() {
         common_logger "Wazuh indexer cluster started."
     fi
 
-}
+}

install_functions/installVariables.sh

@@ -65,4 +65,4 @@ readonly indexer_yum_dependencies=( coreutils )
 readonly indexer_apt_dependencies=( debconf adduser procps gnupg apt-transport-https )
 readonly dashboard_yum_dependencies=( libcap )
 readonly dashboard_apt_dependencies=( debhelper tar curl libcap2-bin gnupg apt-transport-https )
-wia_dependencies_installed=()
+wia_dependencies_installed=()

install_functions/wazuh-offline-installation.sh

@@ -100,4 +100,4 @@ function offline_extractFiles() {
     done
 
     common_logger -d "Offline files extracted successfully."
-}
+}

passwords_tool/passwordsFunctions.sh

@@ -17,7 +17,7 @@ function passwords_changePassword() {
         for i in "${!passwords[@]}"
         do
             if [ -n "${indexer_installed}" ] && [ -f "/etc/wazuh-indexer/backup/internal_users.yml" ]; then
-                awk -v new=${hashes[i]} 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
+                awk -v new='"'"${hashes[i]}"'"' 'prev=="'${users[i]}':"{sub(/\042.*/,""); $0=$0 new} {prev=$1} 1' /etc/wazuh-indexer/backup/internal_users.yml > internal_users.yml_tmp && mv -f internal_users.yml_tmp /etc/wazuh-indexer/backup/internal_users.yml
             fi
 
             if [ "${users[i]}" == "admin" ]; then
@@ -277,10 +277,11 @@ function passwords_generatePassword() {
 function passwords_generatePasswordFile() {
 
     common_logger -d "Generating password file."
-    users=( admin kibanaserver kibanaro logstash readall snapshotrestore )
+    users=( admin anomalyadmin kibanaserver kibanaro logstash readall snapshotrestore )
     api_users=( wazuh wazuh-wui )
     user_description=(
         "Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard"
+        "Anomaly detection user for the web user interface"
         "Wazuh dashboard user for establishing the connection with Wazuh indexer"
         "Regular Dashboard user, only has read permissions to all indices and all permissions on the .kibana index"
         "Filebeat user for CRUD operations on Wazuh indices"