diff --git a/stack/indexer/deb/debian/rules b/stack/indexer/deb/debian/rules index 62beff43a8..d2874bd4c2 100644 --- a/stack/indexer/deb/debian/rules +++ b/stack/indexer/deb/debian/rules @@ -100,6 +100,7 @@ override_dh_install: cp /root/documentation-templates/wazuh/config.yml $(TARGET_DIR)$(INSTALLATION_DIR)/plugins/opensearch-security/tools/config.yml # Copy Wazuh's config files for the security plugin + cp -pr $(REPO_DIR)/config/indexer/roles/action_groups.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ cp -pr $(REPO_DIR)/config/indexer/roles/roles_mapping.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ cp -pr $(REPO_DIR)/config/indexer/roles/roles.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ cp -pr $(REPO_DIR)/config/indexer/roles/internal_users.yml $(TARGET_DIR)$(CONFIG_DIR)/opensearch-security/ diff --git a/stack/indexer/rpm/wazuh-indexer.spec b/stack/indexer/rpm/wazuh-indexer.spec index ee88666ca6..c52c3fb3a7 100755 --- a/stack/indexer/rpm/wazuh-indexer.spec +++ b/stack/indexer/rpm/wazuh-indexer.spec @@ -93,6 +93,7 @@ cp %{REPO_DIR}/wazuh-passwords-tool.sh ${RPM_BUILD_ROOT}%{INSTALL_DIR}/plugins/o cp /root/documentation-templates/wazuh/config.yml ${RPM_BUILD_ROOT}%{INSTALL_DIR}/plugins/opensearch-security/tools/config.yml # Copy Wazuh's config files for the security plugin +cp %{REPO_DIR}/config/indexer/roles/action_groups.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security cp %{REPO_DIR}/config/indexer/roles/internal_users.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security cp %{REPO_DIR}/config/indexer/roles/roles.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security cp %{REPO_DIR}/config/indexer/roles/roles_mapping.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security diff --git a/unattended_installer/config/indexer/roles/action_groups.yml b/unattended_installer/config/indexer/roles/action_groups.yml new file mode 100644 index 0000000000..04119c8a23 --- /dev/null +++ b/unattended_installer/config/indexer/roles/action_groups.yml @@ -0,0 +1,12 @@ +--- +_meta: + type: "actiongroups" + config_version: 2 + +# ISM API permissions group +manage_ism: + reserved: true + hidden: false + allowed_actions: + - "cluster:admin/opendistro/ism/*" + static: false \ No newline at end of file diff --git a/unattended_installer/config/indexer/roles/roles.yml b/unattended_installer/config/indexer/roles/roles.yml index ec669b2fe2..d64d6228ec 100644 --- a/unattended_installer/config/indexer/roles/roles.yml +++ b/unattended_installer/config/indexer/roles/roles.yml @@ -146,4 +146,12 @@ manage_wazuh_index: - "manage" - "index" tenant_permissions: [] - static: false \ No newline at end of file + static: false + +# ISM API permissions role +manage_ism: + reserved: true + hidden: false + cluster_permissions: + - "manage_ism" + static: false diff --git a/unattended_installer/config/indexer/roles/roles_mapping.yml b/unattended_installer/config/indexer/roles/roles_mapping.yml index 66d530d8e0..dc4e78e0b5 100644 --- a/unattended_installer/config/indexer/roles/roles_mapping.yml +++ b/unattended_installer/config/indexer/roles/roles_mapping.yml @@ -76,7 +76,7 @@ kibana_user: and_backend_roles: [] description: "Maps kibanauser to kibana_user" - # Wazuh monitoring and statistics index permissions +# Wazuh monitoring and statistics index permissions manage_wazuh_index: reserved: true hidden: false @@ -84,4 +84,11 @@ manage_wazuh_index: hosts: [] users: - "kibanaserver" - and_backend_roles: [] \ No newline at end of file + and_backend_roles: [] + +# ISM API permissions role mapping +manage_ism: + reserved: true + hidden: false + users: + - "kibanaserver"