From dadb661c98086157506e7e38058aa328987ef6ef Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Wed, 6 Sep 2023 01:17:36 +0200 Subject: [PATCH 1/6] Restored configuration file in service file --- stack/dashboard/base/files/etc/services/wazuh-dashboard.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/dashboard/base/files/etc/services/wazuh-dashboard.service b/stack/dashboard/base/files/etc/services/wazuh-dashboard.service index ef1d2afd42..86e61a9aa2 100644 --- a/stack/dashboard/base/files/etc/services/wazuh-dashboard.service +++ b/stack/dashboard/base/files/etc/services/wazuh-dashboard.service @@ -7,7 +7,7 @@ User=wazuh-dashboard Group=wazuh-dashboard EnvironmentFile=-/etc/default/wazuh-dashboard EnvironmentFile=-/etc/sysconfig/wazuh-dashboard -ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards +ExecStart=/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /etc/wazuh-dashboard/opensearch_dashboards.yml WorkingDirectory=/usr/share/wazuh-dashboard [Install] From b83e2a31c7e7fe43d0387c06e5ae0f3f9c2e131b Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Wed, 6 Sep 2023 01:19:31 +0200 Subject: [PATCH 2/6] Changed opensearch-dashboards.keystore location and added custom config directory to OpenSearch binaries --- stack/dashboard/base/builder.sh | 3 --- stack/dashboard/deb/debian/postinst | 2 +- stack/dashboard/deb/debian/rules | 5 +++-- stack/dashboard/rpm/wazuh-dashboard.spec | 8 ++++++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/stack/dashboard/base/builder.sh b/stack/dashboard/base/builder.sh index c474d56eca..edad446ec9 100755 --- a/stack/dashboard/base/builder.sh +++ b/stack/dashboard/base/builder.sh @@ -90,11 +90,8 @@ cp ./etc/styles.js ./src/core/server/rendering/views/styles.js sed -i "s|defaultValue: ''|defaultValue: \'Wazuh\'|g" ./src/core/server/opensearch_dashboards_config.js sed -i "90s|defaultValue: true|defaultValue: false|g" ./src/core/server/opensearch_dashboards_config.js # Replace config path -sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-keystore sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-plugin -sed -i "s'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$OSD_NODE_OPTS \$NODE_OPTIONS\" NODE_ENV=production exec \"\${NODE}\" \"\${DIR}/src/cli/dist\" \${@}'NODE_OPTIONS=\"--no-warnings --max-http-header-size=65536 \$OSD_NODE_OPTS \$NODE_OPTIONS\"'g" ./bin/opensearch-dashboards -echo "NODE_ENV=production exec \"\${NODE}\" \${NODE_OPTIONS} \"\${DIR}/src/cli/dist\" \${@}" >> ./bin/opensearch-dashboards # Replace the redirection to `home` in the header logo sed -i "s'/app/home'/app/wazuh'g" ./src/core/target/public/core.entry.js # Replace others redirections to `home` diff --git a/stack/dashboard/deb/debian/postinst b/stack/dashboard/deb/debian/postinst index 4084750dc6..6840e798a1 100644 --- a/stack/dashboard/deb/debian/postinst +++ b/stack/dashboard/deb/debian/postinst @@ -36,7 +36,7 @@ case "$1" in service wazuh-dashboard restart > /dev/null 2>&1 fi fi - if [ ! -f "${INSTALLATION_DIR}"/config/opensearch_dashboards.keystore ]; then + if [ ! -f "${CONFIG_DIR}"/opensearch_dashboards.keystore ]; then runuser "${NAME}" --shell="/bin/bash" --command="${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 runuser "${NAME}" --shell="/bin/bash" --command="echo kibanaserver | ${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 runuser "${NAME}" --shell="/bin/bash" --command="echo kibanaserver | ${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 diff --git a/stack/dashboard/deb/debian/rules b/stack/dashboard/deb/debian/rules index b011b00963..6b4bcbb1ec 100644 --- a/stack/dashboard/deb/debian/rules +++ b/stack/dashboard/deb/debian/rules @@ -58,7 +58,8 @@ override_dh_install: useradd -g $(GROUP) $(USER) tar -xf $(DASHBOARD_FILE) - sed -i "s/cross_platform_1.REPO_ROOT\, 'config\//'\/etc\/wazuh-dashboard\/', '/g" "wazuh-dashboard-base/node_modules/@osd/utils/target/path/index.js" + sed -i 's/OSD_NODE_OPTS_PREFIX/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_NODE_OPTS_PREFIX/g' "wazuh-dashboard-base/bin/opensearch-dashboards" + sed -i 's/OSD_USE_NODE_JS_FILE_PATH/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_USE_NODE_JS_FILE_PATH/g' "wazuh-dashboard-base/bin/opensearch-dashboards-keystore" mkdir -p $(TARGET_DIR)$(CONFIG_DIR) mkdir -p $(TARGET_DIR)$(INSTALLATION_DIR) @@ -105,7 +106,7 @@ override_dh_fixperms: chmod 750 $(TARGET_DIR)/etc/default/wazuh-dashboard chmod 640 "$(TARGET_DIR)$(CONFIG_DIR)"/opensearch_dashboards.yml chmod 640 "$(TARGET_DIR)$(CONFIG_DIR)"/node.options - chmod 640 $(TARGET_DIR)/etc/systemd/system/wazuh-dashboard.service + chmod 640 "$(TARGET_DIR)"/etc/systemd/system/wazuh-dashboard.service find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type d -exec chmod 750 {} \; find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 644 -exec chmod 640 {} \; find "$(TARGET_DIR)$(INSTALLATION_DIR)" -type f -perm 755 -exec chmod 750 {} \; diff --git a/stack/dashboard/rpm/wazuh-dashboard.spec b/stack/dashboard/rpm/wazuh-dashboard.spec index 37bc5366c9..87ba32767d 100644 --- a/stack/dashboard/rpm/wazuh-dashboard.spec +++ b/stack/dashboard/rpm/wazuh-dashboard.spec @@ -54,7 +54,10 @@ useradd -g %{GROUP} %{USER} %build tar -xf %{DASHBOARD_FILE} -sed -i "s/cross_platform_1.REPO_ROOT\, 'config\//'\/etc\/wazuh-dashboard\/', '/g" "wazuh-dashboard-base/node_modules/@osd/utils/target/path/index.js" + +# Set custom config dir +sed -i 's/OSD_NODE_OPTS_PREFIX/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_NODE_OPTS_PREFIX/g' "wazuh-dashboard-base/bin/opensearch-dashboards" +sed -i 's/OSD_USE_NODE_JS_FILE_PATH/OSD_PATH_CONF="\/etc\/wazuh-dashboard" OSD_USE_NODE_JS_FILE_PATH/g' "wazuh-dashboard-base/bin/opensearch-dashboards-keystore" # ----------------------------------------------------------------------------- @@ -133,7 +136,7 @@ fi %post setcap 'cap_net_bind_service=+ep' %{INSTALL_DIR}/node/bin/node -if [ ! -f %{INSTALLATION_DIR}/config/opensearch_dashboards.keystore ]; then +if [ ! -f %{CONFIG_DIR}/opensearch_dashboards.keystore ]; then runuser %{USER} --shell="/bin/bash" --command="%{INSTALL_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 @@ -398,6 +401,7 @@ rm -fr %{buildroot} %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin/opensearch-dashboards-keystore" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/config" %attr(640, %{USER}, %{GROUP}) "%{CONFIG_DIR}/node.options" +%attr(640, %{USER}, %{GROUP}) "%{CONFIG_DIR}/opensearch-dashboards.keystore" %attr(640, root, root) "/etc/systemd/system/wazuh-dashboard.service" %changelog From 8fbfb00f6d9913a136285cd565b1c2a1a298f9c0 Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Wed, 6 Sep 2023 16:17:52 +0200 Subject: [PATCH 3/6] Changed Node options call in OpenSearch use_node --- stack/dashboard/base/builder.sh | 3 +++ stack/dashboard/deb/debian/postinst | 6 +++++- stack/dashboard/rpm/wazuh-dashboard.spec | 6 +++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/stack/dashboard/base/builder.sh b/stack/dashboard/base/builder.sh index edad446ec9..f6fb8a4b33 100755 --- a/stack/dashboard/base/builder.sh +++ b/stack/dashboard/base/builder.sh @@ -92,6 +92,9 @@ sed -i "90s|defaultValue: true|defaultValue: false|g" ./src/core/server/opensear # Replace config path sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-keystore sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-plugin +# Add fix to Node variablas as Node is not using the NODE_OPTIONS environment variable +sed -i 's/NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"/NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"\n/g' ./bin/use_node +sed -i 's/exec "${NODE}"/NODE_ENV=production exec "${NODE}" ${NODE_OPTIONS} /g' ./bin/use_node # Replace the redirection to `home` in the header logo sed -i "s'/app/home'/app/wazuh'g" ./src/core/target/public/core.entry.js # Replace others redirections to `home` diff --git a/stack/dashboard/deb/debian/postinst b/stack/dashboard/deb/debian/postinst index 6840e798a1..8b23da9da1 100644 --- a/stack/dashboard/deb/debian/postinst +++ b/stack/dashboard/deb/debian/postinst @@ -36,10 +36,14 @@ case "$1" in service wazuh-dashboard restart > /dev/null 2>&1 fi fi - if [ ! -f "${CONFIG_DIR}"/opensearch_dashboards.keystore ]; then + # Move keystore file if upgrade (file exists in install dir in <= 4.6.0) + if [ -f "${INSTALLATION_DIR}"/opensearch_dashboards.keystore ]; then + mv "${INSTALLATION_DIR}"/opensearch_dashboards.keystore "${CONFIG_DIR}"/opensearch_dashboards.keystore + elif [ ! -f "${CONFIG_DIR}"/opensearch_dashboards.keystore ]; then runuser "${NAME}" --shell="/bin/bash" --command="${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 runuser "${NAME}" --shell="/bin/bash" --command="echo kibanaserver | ${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 runuser "${NAME}" --shell="/bin/bash" --command="echo kibanaserver | ${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 + chmod 640 "${CONFIG_DIR}"/opensearch_dashboards.keystore fi ;; diff --git a/stack/dashboard/rpm/wazuh-dashboard.spec b/stack/dashboard/rpm/wazuh-dashboard.spec index 87ba32767d..eeb725a28e 100644 --- a/stack/dashboard/rpm/wazuh-dashboard.spec +++ b/stack/dashboard/rpm/wazuh-dashboard.spec @@ -136,10 +136,14 @@ fi %post setcap 'cap_net_bind_service=+ep' %{INSTALL_DIR}/node/bin/node -if [ ! -f %{CONFIG_DIR}/opensearch_dashboards.keystore ]; then +# Move keystore file if upgrade (file exists in install dir in <= 4.6.0) +if [ -f "${INSTALLATION_DIR}"/opensearch_dashboards.keystore ]; then + mv "${INSTALLATION_DIR}"/opensearch_dashboards.keystore "${CONFIG_DIR}"/opensearch_dashboards.keystore +elif [ ! -f %{CONFIG_DIR}/opensearch_dashboards.keystore ]; then runuser %{USER} --shell="/bin/bash" --command="%{INSTALL_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 + chmod 640 "%{CONFIG_DIR}"/opensearch_dashboards.keystore fi # ----------------------------------------------------------------------------- From d4dc0fed3d1e378ce7805bd1cab217f79885a7c2 Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Wed, 6 Sep 2023 16:47:26 +0200 Subject: [PATCH 4/6] Removed keystore attr as the file is generated when the package is installed --- stack/dashboard/rpm/wazuh-dashboard.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/stack/dashboard/rpm/wazuh-dashboard.spec b/stack/dashboard/rpm/wazuh-dashboard.spec index eeb725a28e..63f0f14809 100644 --- a/stack/dashboard/rpm/wazuh-dashboard.spec +++ b/stack/dashboard/rpm/wazuh-dashboard.spec @@ -405,7 +405,6 @@ rm -fr %{buildroot} %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/bin/opensearch-dashboards-keystore" %dir %attr(750, %{USER}, %{GROUP}) "%{INSTALL_DIR}/config" %attr(640, %{USER}, %{GROUP}) "%{CONFIG_DIR}/node.options" -%attr(640, %{USER}, %{GROUP}) "%{CONFIG_DIR}/opensearch-dashboards.keystore" %attr(640, root, root) "/etc/systemd/system/wazuh-dashboard.service" %changelog From b842d320b4bbd833f839d9c1ad72220b0a7da0df Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Wed, 6 Sep 2023 20:05:22 +0200 Subject: [PATCH 5/6] Fixed OpenSearch keystore upgrade location --- stack/dashboard/deb/debian/postinst | 4 ++-- stack/dashboard/rpm/wazuh-dashboard.spec | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/stack/dashboard/deb/debian/postinst b/stack/dashboard/deb/debian/postinst index 8b23da9da1..71d13281d7 100644 --- a/stack/dashboard/deb/debian/postinst +++ b/stack/dashboard/deb/debian/postinst @@ -37,8 +37,8 @@ case "$1" in fi fi # Move keystore file if upgrade (file exists in install dir in <= 4.6.0) - if [ -f "${INSTALLATION_DIR}"/opensearch_dashboards.keystore ]; then - mv "${INSTALLATION_DIR}"/opensearch_dashboards.keystore "${CONFIG_DIR}"/opensearch_dashboards.keystore + if [ -f "${INSTALLATION_DIR}"/config/opensearch_dashboards.keystore ]; then + mv "${INSTALLATION_DIR}"/config/opensearch_dashboards.keystore "${CONFIG_DIR}"/opensearch_dashboards.keystore elif [ ! -f "${CONFIG_DIR}"/opensearch_dashboards.keystore ]; then runuser "${NAME}" --shell="/bin/bash" --command="${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 runuser "${NAME}" --shell="/bin/bash" --command="echo kibanaserver | ${INSTALLATION_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 diff --git a/stack/dashboard/rpm/wazuh-dashboard.spec b/stack/dashboard/rpm/wazuh-dashboard.spec index 63f0f14809..f0d3cea5ae 100644 --- a/stack/dashboard/rpm/wazuh-dashboard.spec +++ b/stack/dashboard/rpm/wazuh-dashboard.spec @@ -136,16 +136,6 @@ fi %post setcap 'cap_net_bind_service=+ep' %{INSTALL_DIR}/node/bin/node -# Move keystore file if upgrade (file exists in install dir in <= 4.6.0) -if [ -f "${INSTALLATION_DIR}"/opensearch_dashboards.keystore ]; then - mv "${INSTALLATION_DIR}"/opensearch_dashboards.keystore "${CONFIG_DIR}"/opensearch_dashboards.keystore -elif [ ! -f %{CONFIG_DIR}/opensearch_dashboards.keystore ]; then - runuser %{USER} --shell="/bin/bash" --command="%{INSTALL_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 - runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 - runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 - chmod 640 "%{CONFIG_DIR}"/opensearch_dashboards.keystore -fi - # ----------------------------------------------------------------------------- %preun @@ -191,6 +181,16 @@ if [ ! -d %{PID_DIR} ]; then chown %{USER}:%{GROUP} %{PID_DIR} fi +# Move keystore file if upgrade (file exists in install dir in <= 4.6.0) +if [ -f "%{INSTALL_DIR}"/config/opensearch_dashboards.keystore ]; then + mv "%{INSTALL_DIR}"/config/opensearch_dashboards.keystore "%{CONFIG_DIR}"/opensearch_dashboards.keystore +elif [ ! -f %{CONFIG_DIR}/opensearch_dashboards.keystore ]; then + runuser %{USER} --shell="/bin/bash" --command="%{INSTALL_DIR}/bin/opensearch-dashboards-keystore create" > /dev/null 2>&1 + runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.username --stdin" > /dev/null 2>&1 + runuser %{USER} --shell="/bin/bash" --command="echo kibanaserver | %{INSTALL_DIR}/bin/opensearch-dashboards-keystore add opensearch.password --stdin" > /dev/null 2>&1 + chmod 640 "%{CONFIG_DIR}"/opensearch_dashboards.keystore +fi + if [ -f %{INSTALL_DIR}/wazuh-dashboard.restart ]; then rm -f %{INSTALL_DIR}/wazuh-dashboard.restart if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then From 059f7bbb8b2cfcfda1d7bd967a222e99c9269649 Mon Sep 17 00:00:00 2001 From: Raul Del Pozo Moreno Date: Wed, 6 Sep 2023 20:07:05 +0200 Subject: [PATCH 6/6] Fixed typo in comment --- stack/dashboard/base/builder.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack/dashboard/base/builder.sh b/stack/dashboard/base/builder.sh index f6fb8a4b33..b109ed1e66 100755 --- a/stack/dashboard/base/builder.sh +++ b/stack/dashboard/base/builder.sh @@ -92,7 +92,7 @@ sed -i "90s|defaultValue: true|defaultValue: false|g" ./src/core/server/opensear # Replace config path sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-keystore sed -i "s'\$DIR/config'/etc/wazuh-dashboard'g" ./bin/opensearch-dashboards-plugin -# Add fix to Node variablas as Node is not using the NODE_OPTIONS environment variable +# Add fix to Node variables as Node is not using the NODE_OPTIONS environment variables sed -i 's/NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"/NODE_OPTIONS="$OSD_NODE_OPTS_PREFIX $OSD_NODE_OPTS $NODE_OPTIONS"\n/g' ./bin/use_node sed -i 's/exec "${NODE}"/NODE_ENV=production exec "${NODE}" ${NODE_OPTIONS} /g' ./bin/use_node # Replace the redirection to `home` in the header logo