From 891ece3063ffa76272f55b91f97391297d3e55a0 Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 3 Dec 2021 13:47:30 +0100 Subject: [PATCH 1/2] Update unattended version --- .../all-in-one-installation.sh | 30 +- .../distributed/elastic-stack-installation.sh | 24 +- .../certificate-utility/wazuh-cert-tool.sh | 4 +- .../open-distro/tools/wazuh-passwords-tool.sh | 34 +- .../all-in-one-installation.sh | 454 ------------------ .../distributed/elastic-stack-installation.sh | 21 +- .../distributed/wazuh-server-installation.sh | 14 +- .../unattended-installation.sh | 15 +- 8 files changed, 87 insertions(+), 509 deletions(-) delete mode 100644 unattended_scripts/open-distro/unattended-installation/all-in-one-installation.sh diff --git a/unattended_scripts/elastic-stack/unattended-installation/all-in-one-installation.sh b/unattended_scripts/elastic-stack/unattended-installation/all-in-one-installation.sh index 499176a360..e8843e63ca 100644 --- a/unattended_scripts/elastic-stack/unattended-installation/all-in-one-installation.sh +++ b/unattended_scripts/elastic-stack/unattended-installation/all-in-one-installation.sh @@ -8,6 +8,12 @@ # License (version 2) as published by the FSF - Free Software # Foundation. +WAZUH_VER="4.3.0" +WAZUH_REV="1" +ELK_VER="7.14.2" + +WAZUH_KIB_PLUG_REV="1" + ## Check if system is based on yum or apt-get or zypper char="." debug='> /dev/null 2>&1' @@ -184,7 +190,7 @@ addWazuhrepo() { if [ $sys_type == "yum" ] then eval "rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH $debug" - eval "echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo $debug" + eval "echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo $debug" elif [ $sys_type == "zypper" ] then rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH > /dev/null 2>&1 @@ -243,13 +249,13 @@ installElasticsearch() { if [ $sys_type == "yum" ] then - eval "yum install elasticsearch-7.11.2 -y -q $debug" + eval "yum install elasticsearch-${ELK_VER} -y -q $debug" elif [ $sys_type == "apt-get" ] then - eval "apt-get install elasticsearch=7.11.2 -y -q $debug" + eval "apt-get install elasticsearch=${ELK_VER} -y -q $debug" elif [ $sys_type == "zypper" ] then - eval "zypper -n install elasticsearch-7.11.2 $debug" + eval "zypper -n install elasticsearch-${ELK_VER} $debug" fi if [ "$?" != 0 ] @@ -317,13 +323,13 @@ installFilebeat() { logger "Installing Filebeat..." if [ $sys_type == "yum" ] then - eval "yum install filebeat-7.11.2 -y -q $debug" + eval "yum install filebeat-${ELK_VER} -y -q $debug" elif [ $sys_type == "zypper" ] then - eval "zypper -n install filebeat-7.11.2 $debug" + eval "zypper -n install filebeat-${ELK_VER} $debug" elif [ $sys_type == "apt-get" ] then - eval "apt-get install filebeat=7.11.2 -y -q $debug" + eval "apt-get install filebeat=${ELK_VER} -y -q $debug" fi if [ "$?" != 0 ] then @@ -354,13 +360,13 @@ installKibana() { logger "Installing Kibana..." if [ $sys_type == "yum" ] then - eval "yum install kibana-7.11.2 -y -q $debug" + eval "yum install kibana-${ELK_VER} -y -q $debug" elif [ $sys_type == "zypper" ] then - eval "zypper -n install kibana-7.11.2 $debug" + eval "zypper -n install kibana-${ELK_VER} $debug" elif [ $sys_type == "apt-get" ] then - eval "apt-get install kibana=7.11.2 -y -q $debug" + eval "apt-get install kibana=${ELK_VER} -y -q $debug" fi if [ "$?" != 0 ] then @@ -371,7 +377,7 @@ installKibana() { eval "mkdir /usr/share/kibana/data ${debug}" eval "chown -R kibana:kibana /usr/share/kibana/ ${debug}" eval "cd /usr/share/kibana ${debug}" - eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.11.2-1.zip ${debug}" + eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_VER}_${ELK_VER}-${WAZUH_KIB_PLUG_REV}.zip ${debug}" if [ "$?" != 0 ]; then logger -e "Wazuh Kibana plugin could not be installed." exit 1; @@ -406,7 +412,7 @@ healthCheck() { logger -e "Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores . If you want to proceed with the installation use the -i option to ignore these requirements." exit 1; elif [[ -f /etc/elasticsearch/elasticsearch.yml ]] && [[ -f /etc/kibana/kibana.yml ]] && [[ -f /etc/filebeat/filebeat.yml ]]; then - logger -w "All the componens have already been installed." + logger -e "All the components have already been installed." exit 1; else logger "Starting the installation..." diff --git a/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh b/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh index afd5905f30..2d5e5aec30 100644 --- a/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh +++ b/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh @@ -8,6 +8,13 @@ # License (version 2) as published by the FSF - Free Software # Foundation. +WAZUH_MAJOR="4.2" +WAZUH_VER="4.3.0" +WAZUH_REV="1" +ELK_VER="7.14.2" + +WAZUH_KIB_PLUG_REV="1" + ## Check if system is based on yum or apt-get char="." debug='> /dev/null 2>&1' @@ -228,13 +235,13 @@ installElasticsearch() { if [ $sys_type == "yum" ] then - eval "yum install elasticsearch-7.11.2 -y -q $debug" + eval "yum install elasticsearch-${ELK_VER} -y -q $debug" elif [ $sys_type == "apt-get" ] then - eval "apt-get install elasticsearch=7.11.2 -y -q $debug" + eval "apt-get install elasticsearch=${ELK_VER} -y -q $debug" elif [ $sys_type == "zypper" ] then - eval "zypper -n install elasticsearch-7.11.2 $debug" + eval "zypper -n install elasticsearch-${ELK_VER} $debug" fi if [ "$?" != 0 ] @@ -323,6 +330,7 @@ installElasticsearch() { copyCertificates iname fi initializeElastic + logger "Done" fi @@ -434,13 +442,13 @@ installKibana() { logger "Installing Kibana..." if [ $sys_type == "yum" ] then - eval "yum install kibana-7.11.2 -y -q $debug" + eval "yum install kibana-${ELK_VER} -y -q $debug" elif [ $sys_type == "zypper" ] then - eval "zypper -n install kibana-7.11.2 $debug" + eval "zypper -n install kibana-${ELK_VER} $debug" elif [ $sys_type == "apt-get" ] then - eval "apt-get install kibana=7.11.2 -y -q $debug" + eval "apt-get install kibana=${ELK_VER} -y -q $debug" fi if [ "$?" != 0 ] then @@ -452,7 +460,7 @@ installKibana() { eval "mkdir /usr/share/kibana/data ${debug}" eval "chown -R kibana:kibana /usr/share/kibana/ ${debug}" eval "cd /usr/share/kibana ${debug}" - eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.11.2-1.zip ${debug}" + eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_VER}_${ELK_VER}-${WAZUH_KIB_PLUG_REV}.zip ${debug}" if [ "$?" != 0 ]; then logger -e "Wazuh Kibana plugin could not be installed." exit 1; @@ -518,7 +526,7 @@ initializeKibana() { echo -ne $char sleep 10 done - echo "" + echo "" sleep 10 wip=$(grep -A 2 ${iname} ~/config.yml | tail -1) rw1="- " diff --git a/unattended_scripts/open-distro/tools/certificate-utility/wazuh-cert-tool.sh b/unattended_scripts/open-distro/tools/certificate-utility/wazuh-cert-tool.sh index 2fb554091d..bd4539cb96 100644 --- a/unattended_scripts/open-distro/tools/certificate-utility/wazuh-cert-tool.sh +++ b/unattended_scripts/open-distro/tools/certificate-utility/wazuh-cert-tool.sh @@ -43,7 +43,7 @@ readInstances() { logger "Configuration file found. Creating certificates..." eval "mkdir ~/certs $debug" else - logger -e "no configuration file found." + logger -e "No configuration file found." exit 1; fi @@ -167,7 +167,7 @@ generateCertificateconfiguration() { conf="$(awk '{sub("IP.1 = cip", "DNS.1 = '${cip}'")}1' ~/certs/$cname.conf)" echo "${conf}" > ~/certs/$cname.conf else - echo "Error. The given information does not match with an IP or a DNS" + logger -e "The given information does not match with an IP or a DNS" exit 1; fi diff --git a/unattended_scripts/open-distro/tools/wazuh-passwords-tool.sh b/unattended_scripts/open-distro/tools/wazuh-passwords-tool.sh index 8b3e7b4010..261a2a871c 100644 --- a/unattended_scripts/open-distro/tools/wazuh-passwords-tool.sh +++ b/unattended_scripts/open-distro/tools/wazuh-passwords-tool.sh @@ -35,10 +35,11 @@ logger() { message="$1" ;; esac - echo $now $mtype $message + echo $now $mtype $message } ## Checks if the script is run with enough privileges + checkRoot() { if [ "$EUID" -ne 0 ]; then logger -e "This script must be run as root." @@ -165,15 +166,16 @@ readFileUsers() { FILECORRECT=$(grep -Pzc '\A(User:\s*name:\s*\w+\s*password:\s*\w+\s*)+\Z' $FILE) if [ $FILECORRECT -ne 1 ]; then - logger -e "the password file doesn't have a correct format. - It must have this format: - User: - name: wazuh - password: wazuhpasword - User: - name: kibanaserver - password: kibanaserverpassword" - exit 1 + logger -e "The password file doesn't have a correct format. + +It must have this format: +User: + name: wazuh + password: wazuhpasword +User: + name: kibanaserver + password: kibanaserverpassword" + exit 1 fi SFILEUSERS=$(grep name: ${FILE} | awk '{ print substr( $2, 1, length($2) ) }') @@ -199,7 +201,6 @@ readFileUsers() { if [ $supported = false ]; then logger -e "The given user ${FILEUSERS[j]} does not exist" fi - done else FINALUSERS=() @@ -214,7 +215,7 @@ readFileUsers() { supported=true fi done - if [ $supported = false ];then + if [ $supported = false ]; then logger -e "The given user ${FILEUSERS[j]} does not exist" fi done @@ -374,7 +375,6 @@ changePassword() { restartService "kibana" fi fi - } ## Runs the Security Admin script to load the changes @@ -393,11 +393,11 @@ runSecurityAdmin() { if [[ -n "${NUSER}" ]] && [[ -n ${AUTOPASS} ]]; then echo -e "The password for user '${NUSER}' is '${PASSWORD}'\n" - logger "Passwords changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary and restart the services. More info: https://documentation.wazuh.com/current/user-manual/elasticsearch/elastic-tuning.html#change-users-password" + logger -w "Password changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary and restart the services." fi if [[ -n "${NUSER}" ]] && [[ -z ${AUTOPASS} ]]; then - logger "Passwords changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary and restart the services. More info: https://documentation.wazuh.com/current/user-manual/elasticsearch/elastic-tuning.html#change-users-password" + logger -w "Password changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary and restart the services." fi if [ -n "${CHANGEALL}" ]; then @@ -406,7 +406,7 @@ runSecurityAdmin() { do echo -e "The password for ${USERS[i]} is ${PASSWORDS[i]}\n" done - logger "Passwords changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary and restart the services. More info: https://documentation.wazuh.com/current/user-manual/elasticsearch/elastic-tuning.html#change-users-password" + logger -w "Passwords changed. Remember to update the password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary and restart the services." fi } @@ -477,7 +477,7 @@ main() { if [ -n "${PASSWORD}" ] && [ -n "${CHANGEALL}" ]; then getHelp fi - + if [ -n "${NUSER}" ] && [ -n "${FILE}" ]; then getHelp fi diff --git a/unattended_scripts/open-distro/unattended-installation/all-in-one-installation.sh b/unattended_scripts/open-distro/unattended-installation/all-in-one-installation.sh deleted file mode 100644 index dba3c252d9..0000000000 --- a/unattended_scripts/open-distro/unattended-installation/all-in-one-installation.sh +++ /dev/null @@ -1,454 +0,0 @@ -#!/bin/bash - -# Program to install Wazuh manager along Open Distro for Elasticsearch -# Copyright (C) 2015-2021, Wazuh Inc. -# -# This program is a free software; you can redistribute it -# and/or modify it under the terms of the GNU General Public -# License (version 2) as published by the FSF - Free Software -# Foundation. - -## Check if system is based on yum or apt-get -char="." -debug='> /dev/null 2>&1' -WAZUH_VER="4.2.2" -WAZUH_REV="1" -ELK_VER="7.10.2" -OD_VER="1.13.2" -OD_REV="1" -if [ -n "$(command -v yum)" ]; then - sys_type="yum" - sep="-" -elif [ -n "$(command -v zypper)" ]; then - sys_type="zypper" - sep="-" -elif [ -n "$(command -v apt-get)" ]; then - sys_type="apt-get" - sep="=" -fi - -logger() { - - echo $1 - -} - -checkArch() { - arch=$(uname -m) - - if [ ${arch} != "x86_64" ]; then - echo "Uncompatible system. This script must be run on a 64-bit system." - exit 1; - fi -} - -startService() { - - if [ -n "$(ps -e | egrep ^\ *1\ .*systemd$)" ]; then - eval "systemctl daemon-reload ${debug}" - eval "systemctl enable $1.service ${debug}" - eval "systemctl start $1.service ${debug}" - if [ "$?" != 0 ]; then - echo "${1^} could not be started." - exit 1; - else - echo "${1^} started" - fi - elif [ -n "$(ps -e | egrep ^\ *1\ .*init$)" ]; then - eval "chkconfig $1 on ${debug}" - eval "service $1 start ${debug}" - eval "/etc/init.d/$1 start ${debug}" - if [ "$?" != 0 ]; then - echo "${1^} could not be started." - exit 1; - else - echo "${1^} started" - fi - elif [ -x /etc/rc.d/init.d/$1 ] ; then - eval "/etc/rc.d/init.d/$1 start ${debug}" - if [ "$?" != 0 ]; then - echo "${1^} could not be started." - exit 1; - else - echo "${1^} started" - fi - else - echo "Error: ${1^} could not start. No service manager found on the system." - exit 1; - fi - -} - -## Show script usage -getHelp() { - - echo "" - echo "Usage: $0 arguments" - echo -e "\t-d | --debug Shows the complete installation output" - echo -e "\t-i | --ignore-health-check Ignores the health-check" - echo -e "\t-h | --help Shows help" - exit 1 # Exit script after printing help - -} - - -## Install the required packages for the installation -installPrerequisites() { - - logger "Installing all necessary utilities for the installation..." - - if [ ${sys_type} == "yum" ]; then - eval "yum install curl unzip wget libcap -y -q ${debug}" - eval "yum install java-11-openjdk-devel -y -q ${debug}" - if [ "$?" != 0 ]; then - os=$(cat /etc/os-release | awk -F"ID=" '/ID=/{print $2; exit}' | tr -d \") - if [ -z "${os}" ]; then - os="centos" - fi - lv=$(cat /etc/os-release | grep 'PRETTY_NAME="') - rm="PRETTY_NAME=" - rmc='"' - ral="Amazon Linux " - lv="${lv//$rm}" - lv="${lv//$rmc}" - lv="${lv//$ral}" - lv=$(echo "$lv" | awk '{print $1;}') - if [ ${lv} == "2" ]; then - echo -e '[AdoptOpenJDK] \nname=AdoptOpenJDK \nbaseurl=https://adoptopenjdk.jfrog.io/artifactory/rpm/amazonlinux/2/x86_64\nenabled=1\ngpgcheck=1\ngpgkey=https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public' | eval "tee /etc/yum.repos.d/adoptopenjdk.repo ${debug}" - elif [ ${lv} == "AMI" ]; then - echo -e '[AdoptOpenJDK] \nname=AdoptOpenJDK \nbaseurl=https://adoptopenjdk.jfrog.io/artifactory/rpm/amazonlinux/1/x86_64\nenabled=1\ngpgcheck=1\ngpgkey=https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public' | eval "tee /etc/yum.repos.d/adoptopenjdk.repo ${debug}" - elif [ ${os} == "rhel" ]; then - wget https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.10%2B9/OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz - tar xzf OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz - export PATH=$PWD/jdk-11.0.10+9/bin:$PATH - else - echo -e '[AdoptOpenJDK] \nname=AdoptOpenJDK \nbaseurl=http://adoptopenjdk.jfrog.io/adoptopenjdk/rpm/system-ver/$releasever/x86_64\nenabled=1\ngpgcheck=1\ngpgkey=https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public' | eval "tee /etc/yum.repos.d/adoptopenjdk.repo ${debug}" - conf="$(awk '{sub("system-ver", "'"${os}"'")}1' /etc/yum.repos.d/adoptopenjdk.repo)" - echo "$conf" > /etc/yum.repos.d/adoptopenjdk.repo - fi - eval "yum install adoptopenjdk-11-hotspot -y -q ${debug}" - fi - export JAVA_HOME=/usr/ - elif [ ${sys_type} == "zypper" ]; then - eval "zypper -n install curl unzip wget ${debug}" - eval "zypper -n install libcap-progs ${debug} || zypper -n install libcap2 ${debug}" - eval "zypper -n install java-11-openjdk-devel ${debug}" - if [ "$?" != 0 ]; then - eval "zypper ar -f http://adoptopenjdk.jfrog.io/adoptopenjdk/rpm/opensuse/15.0/$(uname -m) adoptopenjdk ${debug}" | echo 'a' - eval "zypper -n install adoptopenjdk-11-hotspot ${debug} " - - fi - export JAVA_HOME=/usr/ - elif [ ${sys_type} == "apt-get" ]; then - eval "apt-get update -q ${debug}" - eval "apt-get install apt-transport-https curl unzip wget libcap2-bin -y -q ${debug}" - - if [ -n "$(command -v add-apt-repository)" ]; then - eval "add-apt-repository ppa:openjdk-r/ppa -y ${debug}" - else - echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list - fi - eval "apt-get update -q ${debug}" - eval "apt-get install openjdk-11-jdk -y -q ${debug}" - if [ "$?" != 0 ]; then - logger "JDK installation failed." - exit 1; - fi - export JAVA_HOME=/usr/ - - fi - - if [ "$?" != 0 ]; then - echo "Error: Prerequisites could not be installed" - exit 1; - else - logger "Done" - fi - -} - -## Add the Wazuh repository -addWazuhrepo() { - logger "Adding the Wazuh repository..." - - if [ ${sys_type} == "yum" ]; then - eval "rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH ${debug}" - eval "echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo ${debug}" - elif [ ${sys_type} == "zypper" ]; then - eval "rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH ${debug}" - eval "echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/zypp/repos.d/wazuh.repo ${debug}" - elif [ ${sys_type} == "apt-get" ]; then - eval "curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH --max-time 300 | apt-key add - ${debug}" - eval "echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list ${debug}" - eval "apt-get update -q ${debug}" - fi - - logger "Done" -} - -## Wazuh manager -installWazuh() { - - logger "Installing the Wazuh manager..." - if [ ${sys_type} == "zypper" ]; then - eval "zypper -n install wazuh-manager-${WAZUH_VER}-${WAZUH_REV} ${debug}" - else - eval "${sys_type} install wazuh-manager${sep}${WAZUH_VER}-${WAZUH_REV} -y -q ${debug}" - fi - if [ "$?" != 0 ]; then - echo "Error: Wazuh installation failed" - exit 1; - else - logger "Done" - fi - startService "wazuh-manager" - -} - -## Elasticsearch -installElasticsearch() { - - logger "Installing Open Distro for Elasticsearch..." - - if [ ${sys_type} == "yum" ]; then - eval "yum install opendistroforelasticsearch-${OD_VER}-${OD_REV} -y -q ${debug}" - elif [ ${sys_type} == "zypper" ]; then - eval "zypper -n install opendistroforelasticsearch-${OD_VER}-${OD_REV} ${debug}" - elif [ ${sys_type} == "apt-get" ]; then - eval "apt-get install elasticsearch-oss opendistroforelasticsearch=${OD_VER}-${OD_REV} -y -q ${debug}" - fi - - if [ "$?" != 0 ]; then - echo "Error: Elasticsearch installation failed" - exit 1; - else - logger "Done" - - logger "Configuring Elasticsearch..." - - eval "curl -so /etc/elasticsearch/elasticsearch.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/7.x/elasticsearch_all_in_one.yml --max-time 300 ${debug}" - eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles.yml --max-time 300 ${debug}" - eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles_mapping.yml --max-time 300 ${debug}" - eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/internal_users.yml --max-time 300 ${debug}" - eval "rm /etc/elasticsearch/esnode-key.pem /etc/elasticsearch/esnode.pem /etc/elasticsearch/kirk-key.pem /etc/elasticsearch/kirk.pem /etc/elasticsearch/root-ca.pem -f ${debug}" - eval "mkdir /etc/elasticsearch/certs ${debug}" - eval "cd /etc/elasticsearch/certs ${debug}" - eval "curl -so ~/search-guard-tlstool-1.8.zip https://maven.search-guard.com/search-guard-tlstool/1.8/search-guard-tlstool-1.8.zip --max-time 300 ${debug}" - eval "unzip ~/search-guard-tlstool-1.8.zip -d ~/searchguard ${debug}" - eval "curl -so ~/searchguard/search-guard.yml https://packages.wazuh.com/resources/4.2/open-distro/searchguard/search-guard-aio.yml --max-time 300 ${debug}" - eval "chmod +x ~/searchguard/tools/sgtlstool.sh ${debug}" - eval "bash ~/searchguard/tools/sgtlstool.sh -c ~/searchguard/search-guard.yml -ca -crt -t /etc/elasticsearch/certs/ ${debug}" - if [ "$?" != 0 ]; then - echo "Error: certificates were not created" - exit 1; - else - logger "Certificates created" - fi - eval "rm /etc/elasticsearch/certs/client-certificates.readme /etc/elasticsearch/certs/elasticsearch_elasticsearch_config_snippet.yml ~/search-guard-tlstool-1.8.zip -f ${debug}" - - # Configure JVM options for Elasticsearch - ram_gb=$(free -g | awk '/^Mem:/{print $2}') - ram=$(( ${ram_gb} / 2 )) - - if [ ${ram} -eq "0" ]; then - ram=1; - fi - eval "sed -i "s/-Xms1g/-Xms${ram}g/" /etc/elasticsearch/jvm.options ${debug}" - eval "sed -i "s/-Xmx1g/-Xmx${ram}g/" /etc/elasticsearch/jvm.options ${debug}" - - jv=$(java -version 2>&1 | grep -o -m1 '1.8.0' ) - if [ "${jv}" == "1.8.0" ]; then - echo "root hard nproc 4096" >> /etc/security/limits.conf - echo "root soft nproc 4096" >> /etc/security/limits.conf - echo "elasticsearch hard nproc 4096" >> /etc/security/limits.conf - echo "elasticsearch soft nproc 4096" >> /etc/security/limits.conf - echo "bootstrap.system_call_filter: false" >> /etc/elasticsearch/elasticsearch.yml - fi - eval "/usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro-performance-analyzer ${debug}" - # Start Elasticsearch - startService "elasticsearch" - echo "Initializing Elasticsearch..." - until $(curl -XGET https://localhost:9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null); do - echo -ne ${char} - sleep 10 - done - - eval "cd /usr/share/elasticsearch/plugins/opendistro_security/tools/ ${debug}" - eval "./securityadmin.sh -cd ../securityconfig/ -nhnv -cacert /etc/elasticsearch/certs/root-ca.pem -cert /etc/elasticsearch/certs/admin.pem -key /etc/elasticsearch/certs/admin.key ${debug}" - echo "Done" - - fi - -} - -## Filebeat -installFilebeat() { - - logger "Installing Filebeat..." - - if [ ${sys_type} == "zypper" ]; then - eval "zypper -n install filebeat-${ELK_VER} ${debug}" - else - eval "${sys_type} install filebeat${sep}${ELK_VER} -y -q ${debug}" - fi - if [ "$?" != 0 ]; then - echo "Error: Filebeat installation failed" - exit 1; - else - eval "curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/resources/4.2/open-distro/filebeat/7.x/filebeat_all_in_one.yml --max-time 300 ${debug}" - eval "curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json --max-time 300 ${debug}" - eval "chmod go+r /etc/filebeat/wazuh-template.json ${debug}" - eval "curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.1.tar.gz --max-time 300 | tar -xvz -C /usr/share/filebeat/module ${debug}" - eval "mkdir /etc/filebeat/certs ${debug}" - eval "cp /etc/elasticsearch/certs/root-ca.pem /etc/filebeat/certs/ ${debug}" - eval "mv /etc/elasticsearch/certs/filebeat* /etc/filebeat/certs/ ${debug}" - - # Start Filebeat - startService "filebeat" - - logger "Done" - fi - -} - -## Kibana -installKibana() { - - logger "Installing Open Distro for Kibana..." - if [ ${sys_type} == "zypper" ]; then - eval "zypper -n install opendistroforelasticsearch-kibana-${OD_VER} ${debug}" - else - eval "${sys_type} install opendistroforelasticsearch-kibana${sep}${OD_VER} -y -q ${debug}" - fi - if [ "$?" != 0 ]; then - echo "Error: Kibana installation failed" - exit 1; - else - eval "curl -so /etc/kibana/kibana.yml https://packages.wazuh.com/resources/4.2/open-distro/kibana/7.x/kibana_all_in_one.yml --max-time 300 ${debug}" - eval "mkdir /usr/share/kibana/data ${debug}" - eval "chown -R kibana:kibana /usr/share/kibana/ ${debug}" - eval "cd /usr/share/kibana ${debug}" - eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.10.2-1.zip ${debug}" - if [ "$?" != 0 ]; then - echo "Error: Wazuh Kibana plugin could not be installed." - exit 1; - fi - eval "mkdir /etc/kibana/certs ${debug}" - eval "mv /etc/elasticsearch/certs/kibana_http.key /etc/kibana/certs/kibana.key ${debug}" - eval "mv /etc/elasticsearch/certs/kibana_http.pem /etc/kibana/certs/kibana.pem ${debug}" - eval "cp /etc/elasticsearch/certs/root-ca.pem /etc/kibana/certs/ ${debug}" - eval "setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/node ${debug}" - - # Start Kibana - startService "kibana" - - logger "Done" - fi - -} - -## Health check -healthCheck() { - - cores=$(cat /proc/cpuinfo | grep processor | wc -l) - ram_gb=$(free -m | awk '/^Mem:/{print $2}') - - if [ ${cores} -lt 2 ] || [ ${ram_gb} -lt 3700 ]; then - echo "Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements." - exit 1; - elif [[ -f /etc/elasticsearch/elasticsearch.yml ]] && [[ -f /etc/kibana/kibana.yml ]] && [[ -f /etc/filebeat/filebeat.yml ]]; then - echo "All the componens have already been installed." - exit 1; - else - echo "Starting the installation..." - fi - -} - -checkInstallation() { - - logger "Checking the installation..." - eval "curl -XGET https://localhost:9200 -uadmin:admin -k --max-time 300 ${debug}" - if [ "$?" != 0 ]; then - echo "Error: Elasticsearch was not successfully installed." - exit 1; - else - echo "Elasticsearch installation succeeded." - fi - eval "filebeat test output ${debug}" - if [ "$?" != 0 ]; then - echo "Error: Filebeat was not successfully installed." - exit 1; - else - echo "Filebeat installation succeeded." - fi - logger "Initializing Kibana (this may take a while)" - until [[ "$(curl -XGET https://localhost/status -I -uadmin:admin -k -s --max-time 300 | grep "200 OK")" ]]; do - echo -ne $char - sleep 10 - done - echo $'\nInstallation finished' - echo $'\nYou can access the web interface https://. The credentials are admin:admin' - exit 0; - -} - -main() { - - if [ "$EUID" -ne 0 ]; then - echo "This script must be run as root." - exit 1; - fi - - checkArch - - if [ -n "$1" ]; then - while [ -n "$1" ] - do - case "$1" in - "-i"|"--ignore-healthcheck") - ignore=1 - shift 1 - ;; - "-d"|"--debug") - debugEnabled=1 - shift 1 - ;; - "-h"|"--help") - getHelp - ;; - *) - getHelp - esac - done - - if [ -n "${debugEnabled}" ]; then - debug="" - fi - - if [ -n "${ignore}" ]; then - echo "Health-check ignored." - else - healthCheck - fi - installPrerequisites - addWazuhrepo - installWazuh - installElasticsearch - installFilebeat - installKibana - checkInstallation - else - healthCheck - installPrerequisites - addWazuhrepo - installWazuh - installElasticsearch - installFilebeat - installKibana - checkInstallation - fi - -} - -main "$@" diff --git a/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh b/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh index ef94c82cd6..af051aebf9 100644 --- a/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh +++ b/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh @@ -8,14 +8,17 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -## Check if system is based on yum or apt-get char="." debug='> /dev/null 2>&1' -WAZUH_VER="4.2.2" +WAZUH_VER="4.3.0" +WAZUH_MAJOR="4.2" WAZUH_REV="1" ELK_VER="7.10.2" OD_VER="1.13.2" OD_REV="1" +WAZUH_KIB_PLUG_REV="1" + +## Check if system is based on yum or apt-get if [ -n "$(command -v yum)" ]; then sys_type="yum" sep="-" @@ -244,10 +247,10 @@ installElasticsearch() { logger "Configuring Elasticsearch..." - eval "curl -so /etc/elasticsearch/elasticsearch.yml https://packages.wazuh.com/resources/4.2/open-distro/unattended-installation/distributed/templates/elasticsearch_unattended.yml --max-time 300 ${debug}" - eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles.yml --max-time 300 ${debug}" - eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/roles_mapping.yml --max-time 300 ${debug}" - eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml https://packages.wazuh.com/resources/4.2/open-distro/elasticsearch/roles/internal_users.yml --max-time 300 ${debug}" + eval "curl -so /etc/elasticsearch/elasticsearch.yml https://packages.wazuh.com/resources/${WAZUH_MAJOR}/open-distro/unattended-installation/distributed/templates/elasticsearch_unattended.yml --max-time 300 ${debug}" + eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml https://packages.wazuh.com/resources/${WAZUH_MAJOR}/open-distro/elasticsearch/roles/roles.yml --max-time 300 ${debug}" + eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml https://packages.wazuh.com/resources/${WAZUH_MAJOR}/open-distro/elasticsearch/roles/roles_mapping.yml --max-time 300 ${debug}" + eval "curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml https://packages.wazuh.com/resources/${WAZUH_MAJOR}/open-distro/elasticsearch/roles/internal_users.yml --max-time 300 ${debug}" if [ -n "${single}" ]; then nh=$(awk -v RS='' '/network.host:/' ~/config.yml) @@ -354,7 +357,7 @@ createCertificates() { logger "Creating the certificates..." eval "curl -so ~/search-guard-tlstool-1.8.zip https://maven.search-guard.com/search-guard-tlstool/1.8/search-guard-tlstool-1.8.zip --max-time 300 ${debug}" eval "unzip ~/search-guard-tlstool-1.8.zip -d ~/searchguard ${debug}" - eval "curl -so ~/searchguard/search-guard.yml https://packages.wazuh.com/resources/4.2/open-distro/unattended-installation/distributed/templates/search-guard-unattended.yml --max-time 300 ${debug}" + eval "curl -so ~/searchguard/search-guard.yml https://packages.wazuh.com/resources/${WAZUH_MAJOR}/open-distro/unattended-installation/distributed/templates/search-guard-unattended.yml --max-time 300 ${debug}" if [ -n "${single}" ]; then echo -e "\n" >> ~/searchguard/search-guard.yml @@ -463,11 +466,11 @@ installKibana() { logger -e "Kibana installation failed" exit 1; else - eval "curl -so /etc/kibana/kibana.yml https://packages.wazuh.com/resources/4.2/open-distro/unattended-installation/distributed/templates/kibana_unattended.yml --max-time 300 ${debug}" + eval "curl -so /etc/kibana/kibana.yml https://packages.wazuh.com/resources/${WAZUH_MAJOR}/open-distro/unattended-installation/distributed/templates/kibana_unattended.yml --max-time 300 ${debug}" eval "mkdir /usr/share/kibana/data ${debug}" eval "chown -R kibana:kibana /usr/share/kibana/ ${debug}" eval "cd /usr/share/kibana ${debug}" - eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.2.2_7.10.2-1.zip ${debug}" + eval "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_VER}_${ELK_VER}-${WAZUH_KIB_PLUG_REV}.zip ${debug}" if [ "$?" != 0 ]; then logger -e "Wazuh Kibana plugin could not be installed." exit 1; diff --git a/unattended_scripts/open-distro/unattended-installation/distributed/wazuh-server-installation.sh b/unattended_scripts/open-distro/unattended-installation/distributed/wazuh-server-installation.sh index 8c45e95559..cd54bae591 100644 --- a/unattended_scripts/open-distro/unattended-installation/distributed/wazuh-server-installation.sh +++ b/unattended_scripts/open-distro/unattended-installation/distributed/wazuh-server-installation.sh @@ -11,7 +11,7 @@ ## Check if system is based on yum or apt-get char="." debug='> /dev/null 2>&1' -WAZUH_VER="4.2.2" +WAZUH_VER="4.3.0" WAZUH_REV="1" ELK_VER="7.10.2" OD_VER="1.13.2" @@ -65,7 +65,7 @@ startService() { eval "systemctl start $1.service ${debug}" if [ "$?" != 0 ] then - logger -e "${1^} could not be started." + logger -e "${1^} could not be started." exit 1; else logger "${1^} started" @@ -76,7 +76,7 @@ startService() { eval "/etc/init.d/$1 start ${debug}" if [ "$?" != 0 ] then - logger -e "${1^} could not be started." + logger -e "${1^} could not be started." exit 1; else logger "${1^} started" @@ -270,6 +270,12 @@ healthCheck() { fi } +setWazuhUserRBACPermissions() { + TOKEN=$(curl -u wazuh:wazuh -s -k -X GET "https://localhost:55000/security/user/authenticate?raw=true") + eval "curl -s -k -X POST \"https://localhost:55000/security/rules?pretty=true\" -H \"Authorization: Bearer $TOKEN\" -H \"Content-Type: application/json\" -d '{\"name\": \"wazuh_rbac\",\"rule\": {\"FIND\": {\"user_name\": \"wazuh\"}}}' ${debug}" + eval "curl -s -k -X POST \"https://localhost:55000/security/roles/1/rules?rule_ids=100&pretty=true\" -H \"Authorization: Bearer $TOKEN\" ${debug}" +} + ## Main main() { @@ -329,6 +335,8 @@ main() { installWazuh installFilebeat iname configureFilebeat + setWazuhUserRBACPermissions + else getHelp fi diff --git a/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh b/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh index 31647478f3..09c60ab977 100644 --- a/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh +++ b/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh @@ -12,7 +12,7 @@ char="." debug='>> /var/log/wazuh-unattended-installation.log 2>&1' WAZUH_MAJOR="4.2" -WAZUH_VER="4.2.2" +WAZUH_VER="4.3.0" WAZUH_REV="1" ELK_VER="7.10.2" OD_VER="1.13.2" @@ -351,7 +351,7 @@ installFilebeat() { else filebeatinstalled="1" eval "curl -so /etc/filebeat/filebeat.yml ${resources}/open-distro/filebeat/7.x/filebeat_unattended.yml --max-time 300 ${debug}" - eval "curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json --max-time 300 ${debug}" + eval "curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json --max-time 300 ${debug}" eval "chmod go+r /etc/filebeat/wazuh-template.json ${debug}" eval "curl -s '${repobaseurl}'/filebeat/wazuh-filebeat-0.1.tar.gz --max-time 300 | tar -xvz -C /usr/share/filebeat/module ${debug}" eval "mkdir /etc/filebeat/certs ${debug}" @@ -494,7 +494,7 @@ checkInstalled() { overwrite elif [ -n "${uninstall}" ]; then - logger "Removing the installed items" + logger -w "Removing the installed items" rollBack else logger -e "All the Wazuh componets were found on this host. If you want to overwrite the current installation, run this script back using the option -o/--overwrite. NOTE: This will erase all the existing configuration and data." @@ -594,8 +594,9 @@ checkInstallation() { until [[ "$(curl -XGET https://localhost/status -I -uwazuh:${wazuhpass} -k -s --max-time 300 | grep "200 OK")" ]]; do echo -ne $char sleep 10 - done + done echo "" + setWazuhUserRBACPermissions logger $'\nInstallation finished' logger $'\nYou can access the web interface https://. The credentials are wazuh:'${wazuhpass}'' @@ -603,6 +604,12 @@ checkInstallation() { } +setWazuhUserRBACPermissions() { + TOKEN=$(curl -u wazuh:wazuh -s -k -X GET "https://localhost:55000/security/user/authenticate?raw=true") + eval "curl -s -k -X POST \"https://localhost:55000/security/rules?pretty=true\" -H \"Authorization: Bearer $TOKEN\" -H \"Content-Type: application/json\" -d '{\"name\": \"wazuh_rbac\",\"rule\": {\"FIND\": {\"user_name\": \"wazuh\"}}}' ${debug}" + eval "curl -s -k -X POST \"https://localhost:55000/security/roles/1/rules?rule_ids=100&pretty=true\" -H \"Authorization: Bearer $TOKEN\" ${debug}" +} + main() { if [ "$EUID" -ne 0 ]; then From a600908e3c0e9ec5755d7fd960fe651f3026652f Mon Sep 17 00:00:00 2001 From: dfolcha Date: Fri, 3 Dec 2021 13:57:36 +0100 Subject: [PATCH 2/2] Update WAZUH_MAJOR --- .../distributed/elastic-stack-installation.sh | 2 +- .../distributed/elastic-stack-installation.sh | 2 +- .../unattended-installation/unattended-installation.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh b/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh index 2d5e5aec30..4b97d41b95 100644 --- a/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh +++ b/unattended_scripts/elastic-stack/unattended-installation/distributed/elastic-stack-installation.sh @@ -8,7 +8,7 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_MAJOR="4.2" +WAZUH_MAJOR="4.3" WAZUH_VER="4.3.0" WAZUH_REV="1" ELK_VER="7.14.2" diff --git a/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh b/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh index af051aebf9..119b5f8aae 100644 --- a/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh +++ b/unattended_scripts/open-distro/unattended-installation/distributed/elastic-stack-installation.sh @@ -11,7 +11,7 @@ char="." debug='> /dev/null 2>&1' WAZUH_VER="4.3.0" -WAZUH_MAJOR="4.2" +WAZUH_MAJOR="4.3" WAZUH_REV="1" ELK_VER="7.10.2" OD_VER="1.13.2" diff --git a/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh b/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh index 09c60ab977..bfba00dd97 100644 --- a/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh +++ b/unattended_scripts/open-distro/unattended-installation/unattended-installation.sh @@ -11,7 +11,7 @@ ## Check if system is based on yum or apt-get char="." debug='>> /var/log/wazuh-unattended-installation.log 2>&1' -WAZUH_MAJOR="4.2" +WAZUH_MAJOR="4.3" WAZUH_VER="4.3.0" WAZUH_REV="1" ELK_VER="7.10.2"