From 9b6a5104fe2c17b8ee010f5718984a23c501b977 Mon Sep 17 00:00:00 2001 From: Fede Tux <federico.galland@wazuh.com> Date: Thu, 11 Jan 2024 15:07:27 -0300 Subject: [PATCH 1/7] Download wazuh-template.json from wazuh/wazuh repo --- .gitignore | 5 ++++- scripts/build.sh | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 36172e2b263aa..13c0ba149b575 100644 --- a/.gitignore +++ b/.gitignore @@ -65,4 +65,7 @@ testfixtures_shared/ .ci/jobs/ # build files generated -doc-tools/missing-doclet/bin/ \ No newline at end of file +doc-tools/missing-doclet/bin/ + +# Wazuh template (currently downloaded from the wazuh/wazuh repo directly) +distribution/src/config/wazuh-template.json diff --git a/scripts/build.sh b/scripts/build.sh index 92e1995e57e04..d4d1644356afb 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -54,6 +54,9 @@ while getopts ":h:v:q:s:o:p:a:d:r:" arg; do r) REVISION=$OPTARG ;; + b) + BRANCH=$OPTARG + ;; :) echo "Error: -${OPTARG} requires an argument" usage @@ -96,6 +99,7 @@ cp -r ./build/local-test-repo/org/opensearch "${OUTPUT}"/maven/org [ -z "$ARCHITECTURE" ] && ARCHITECTURE=$(uname -m) [ -z "$DISTRIBUTION" ] && DISTRIBUTION="tar" [ -z "$REVISION" ] && REVISION="1" +[ -z "$BRANCH" ] && BRANCH="master" case $PLATFORM-$DISTRIBUTION-$ARCHITECTURE in linux-tar-x64|darwin-tar-x64) @@ -162,6 +166,9 @@ esac echo "Building OpenSearch for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" + +wget -q https://raw.githubusercontent.com/wazuh/wazuh/$BRANCH/extensions/elasticsearch/7.x/wazuh-template.json -O distribution/src/config/wazuh-template.json + ./gradlew ":distribution:$TYPE:$TARGET:assemble" -Dbuild.snapshot="$SNAPSHOT" -Dbuild.version_qualifier="$QUALIFIER" # Copy artifact to dist folder in bundle build output From 939cdbd2315260a6d13dc7058b8cc9e29b04683b Mon Sep 17 00:00:00 2001 From: Fede Tux <federico.galland@wazuh.com> Date: Mon, 15 Jan 2024 10:28:50 -0300 Subject: [PATCH 2/7] Add wazuh-template.json to RPM package spec --- distribution/packages/src/rpm/wazuh-indexer.rpm.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index c1f196577212a..be8cbb95a3530 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -182,6 +182,7 @@ exit 0 %config(noreplace) %{config_dir}/opensearch.yml %config(noreplace) %{config_dir}/jvm.options %config(noreplace) %{config_dir}/log4j2.properties +%config(noreplace) %{config_dir}/wazuh-template.json %config(noreplace) %{data_dir}/rca_enabled.conf %config(noreplace) %{data_dir}/performance_analyzer_enabled.conf @@ -271,4 +272,4 @@ exit 0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-3-1.html * Thu May 05 2022 support <info@wazuh.com> - 4.3.0 - More info: https://documentation.wazuh.com/current/release-notes/release-4-3-0.html -- Initial package \ No newline at end of file +- Initial package From 3be840a6a5ffa61fea0477e121c812dcda4112f2 Mon Sep 17 00:00:00 2001 From: Fede Tux <federico.galland@wazuh.com> Date: Tue, 16 Jan 2024 08:50:34 -0300 Subject: [PATCH 3/7] Setting wazuh-template.json attributes to 660 --- distribution/packages/src/deb/debmake_install.sh | 3 ++- .../packages/src/rpm/wazuh-indexer.rpm.spec | 14 ++++++++------ 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/distribution/packages/src/deb/debmake_install.sh b/distribution/packages/src/deb/debmake_install.sh index 4b10a36e001c4..b8b167f7fe548 100644 --- a/distribution/packages/src/deb/debmake_install.sh +++ b/distribution/packages/src/deb/debmake_install.sh @@ -18,7 +18,7 @@ fi curdir=$1 product_dir=/usr/share/wazuh-indexer -# config_dir=/etc/wazuh-indexer +config_dir=/etc/wazuh-indexer data_dir=/var/lib/wazuh-indexer log_dir=/var/log/wazuh-indexer pid_dir=/var/run/wazuh-indexer @@ -35,6 +35,7 @@ chmod -c 0755 "${buildroot}${product_dir}"/bin/* if [ -d "${buildroot}${product_dir}"/plugins/opensearch-security ]; then chmod -c 0755 "${buildroot}${product_dir}"/plugins/opensearch-security/tools/* fi +chmod -c 660 ${config_dir}/wazuh-template.json # Symlinks (do not symlink config dir as security demo installer has dependency, if no presense it will switch to rpm/deb mode) ln -s ${data_dir} "${buildroot}${product_dir}/data" diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index be8cbb95a3530..2538e5617f8ab 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -64,9 +64,10 @@ mkdir -p %{buildroot}%{pid_dir} mkdir -p %{buildroot}%{product_dir}/plugins # Install directories/files cp -a etc usr var %{buildroot} -chmod 0755 %{buildroot}%{product_dir}/bin/* +chmod 0750 %{buildroot}%{product_dir}/bin/* if [ -d %{buildroot}%{product_dir}/plugins/opensearch-security ]; then - chmod 0755 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/* + chmod 0640 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/* + chmod 0740 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*.sh fi # Pre-populate the folders to ensure rpm build success even without all plugins mkdir -p %{buildroot}%{config_dir}/opensearch-observability @@ -182,7 +183,6 @@ exit 0 %config(noreplace) %{config_dir}/opensearch.yml %config(noreplace) %{config_dir}/jvm.options %config(noreplace) %{config_dir}/log4j2.properties -%config(noreplace) %{config_dir}/wazuh-template.json %config(noreplace) %{data_dir}/rca_enabled.conf %config(noreplace) %{data_dir}/performance_analyzer_enabled.conf @@ -211,9 +211,11 @@ exit 0 # Wazuh additional files %attr(440, %{name}, %{name}) %{product_dir}/VERSION -%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-security-init.sh -%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-ism-init.sh -%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-init.sh +## Removing as %{product_dir}/bin is included in line 199 +# %attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-security-init.sh +# %attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-ism-init.sh +# %attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-init.sh +%attr(660, %{name}, %{name}) %{config_dir}/wazuh-template.json %changelog * Thu Mar 28 2024 support <info@wazuh.com> - 4.9.0 From 11fcf398bea82fce5d6fdcd849f6b1af8e80a91d Mon Sep 17 00:00:00 2001 From: Fede Tux <federico.galland@wazuh.com> Date: Tue, 16 Jan 2024 09:39:11 -0300 Subject: [PATCH 4/7] Change wazuh-template.json attributes in debmake_install.sh --- distribution/packages/src/deb/debmake_install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distribution/packages/src/deb/debmake_install.sh b/distribution/packages/src/deb/debmake_install.sh index b8b167f7fe548..a818858081835 100644 --- a/distribution/packages/src/deb/debmake_install.sh +++ b/distribution/packages/src/deb/debmake_install.sh @@ -35,7 +35,7 @@ chmod -c 0755 "${buildroot}${product_dir}"/bin/* if [ -d "${buildroot}${product_dir}"/plugins/opensearch-security ]; then chmod -c 0755 "${buildroot}${product_dir}"/plugins/opensearch-security/tools/* fi -chmod -c 660 ${config_dir}/wazuh-template.json +chmod -c 660 "${buildroot}${config_dir}"/wazuh-template.json # Symlinks (do not symlink config dir as security demo installer has dependency, if no presense it will switch to rpm/deb mode) ln -s ${data_dir} "${buildroot}${product_dir}/data" From a246f0bf1e212a45cf00f03c2cf7598b7abcf36b Mon Sep 17 00:00:00 2001 From: Fede Tux <federico.galland@wazuh.com> Date: Wed, 17 Jan 2024 14:56:01 -0300 Subject: [PATCH 5/7] Put template download command within a function --- .../packages/src/rpm/wazuh-indexer.rpm.spec | 4 ---- scripts/build.sh | 19 +++++++++++++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index e4fecbae5b01d..ff8e63e57204d 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -205,10 +205,6 @@ exit 0 # Wazuh additional files %attr(440, %{name}, %{name}) %{product_dir}/VERSION -## Removing as %{product_dir}/bin is included in line 199 -# %attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-security-init.sh -# %attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-ism-init.sh -# %attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-init.sh %attr(660, %{name}, %{name}) %{config_dir}/wazuh-template.json %changelog diff --git a/scripts/build.sh b/scripts/build.sh index d4d1644356afb..ef5a776443069 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -77,6 +77,7 @@ fi [ -z "$OUTPUT" ] && OUTPUT=artifacts + echo "Creating output directory $OUTPUT/maven/org/opensearch if it doesn't already exist" mkdir -p "$OUTPUT/maven/org/opensearch" @@ -101,6 +102,21 @@ cp -r ./build/local-test-repo/org/opensearch "${OUTPUT}"/maven/org [ -z "$REVISION" ] && REVISION="1" [ -z "$BRANCH" ] && BRANCH="master" +function download_template() +{ + echo "Downloading wazuh-template.json" + local download_url + download_url='https://raw.githubusercontent.com/wazuh/wazuh/$BRANCH/extensions/elasticsearch/7.x/' + curl -s ${download_url}wazuh-template.json -o distribution/src/config/wazuh-template.json + + if [ $? -ne 0 ]; then + echo "Unable to download wazuh-template.json" + exit 1 + fi + + echo "Successfully downloaded wazuh-template.json" +} + case $PLATFORM-$DISTRIBUTION-$ARCHITECTURE in linux-tar-x64|darwin-tar-x64) PACKAGE="tar" @@ -166,8 +182,7 @@ esac echo "Building OpenSearch for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" - -wget -q https://raw.githubusercontent.com/wazuh/wazuh/$BRANCH/extensions/elasticsearch/7.x/wazuh-template.json -O distribution/src/config/wazuh-template.json +download_template ./gradlew ":distribution:$TYPE:$TARGET:assemble" -Dbuild.snapshot="$SNAPSHOT" -Dbuild.version_qualifier="$QUALIFIER" From 80772be335169de0e6249e11a275f8c1363e2d1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com> Date: Thu, 18 Jan 2024 13:56:17 +0100 Subject: [PATCH 6/7] Small fixes and format --- scripts/build.sh | 129 +++++++++++++++++++++++------------------------ 1 file changed, 62 insertions(+), 67 deletions(-) diff --git a/scripts/build.sh b/scripts/build.sh index ef5a776443069..c7fad736eaf3d 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -24,48 +24,48 @@ function usage() { echo -e "-h help" } -while getopts ":h:v:q:s:o:p:a:d:r:" arg; do +while getopts ":h:v:q:s:o:p:a:d:r:b:" arg; do case $arg in - h) - usage - exit 1 - ;; - v) - VERSION=$OPTARG - ;; - q) - QUALIFIER=$OPTARG - ;; - s) - SNAPSHOT=$OPTARG - ;; - o) - OUTPUT=$OPTARG - ;; - p) - PLATFORM=$OPTARG - ;; - a) - ARCHITECTURE=$OPTARG - ;; - d) - DISTRIBUTION=$OPTARG - ;; - r) - REVISION=$OPTARG - ;; - b) - BRANCH=$OPTARG - ;; - :) - echo "Error: -${OPTARG} requires an argument" - usage - exit 1 - ;; - ?) - echo "Invalid option: -${arg}" - exit 1 - ;; + h) + usage + exit 1 + ;; + v) + VERSION=$OPTARG + ;; + q) + QUALIFIER=$OPTARG + ;; + s) + SNAPSHOT=$OPTARG + ;; + o) + OUTPUT=$OPTARG + ;; + p) + PLATFORM=$OPTARG + ;; + a) + ARCHITECTURE=$OPTARG + ;; + d) + DISTRIBUTION=$OPTARG + ;; + r) + REVISION=$OPTARG + ;; + b) + BRANCH=$OPTARG + ;; + :) + echo "Error: -${OPTARG} requires an argument" + usage + exit 1 + ;; + ?) + echo "Invalid option: -${arg}" + exit 1 + ;; esac done @@ -77,7 +77,6 @@ fi [ -z "$OUTPUT" ] && OUTPUT=artifacts - echo "Creating output directory $OUTPUT/maven/org/opensearch if it doesn't already exist" mkdir -p "$OUTPUT/maven/org/opensearch" @@ -102,30 +101,31 @@ cp -r ./build/local-test-repo/org/opensearch "${OUTPUT}"/maven/org [ -z "$REVISION" ] && REVISION="1" [ -z "$BRANCH" ] && BRANCH="master" -function download_template() -{ - echo "Downloading wazuh-template.json" - local download_url - download_url='https://raw.githubusercontent.com/wazuh/wazuh/$BRANCH/extensions/elasticsearch/7.x/' - curl -s ${download_url}wazuh-template.json -o distribution/src/config/wazuh-template.json - - if [ $? -ne 0 ]; then - echo "Unable to download wazuh-template.json" - exit 1 - fi - - echo "Successfully downloaded wazuh-template.json" +# ==== +# Function to download the alerts template +# ==== +function download_template() { + echo "Downloading wazuh-template.json" + local download_url="https://raw.githubusercontent.com/wazuh/wazuh/${BRANCH}/extensions/elasticsearch/7.x/wazuh-template.json" + + if ! curl -s "${download_url}" -o distribution/src/config/wazuh-template.json; then + echo "Unable to download wazuh-template.json" + return 1 + fi + + echo "Successfully downloaded wazuh-template.json" + return 0 } case $PLATFORM-$DISTRIBUTION-$ARCHITECTURE in - linux-tar-x64|darwin-tar-x64) + linux-tar-x64 | darwin-tar-x64) PACKAGE="tar" EXT="tar.gz" TYPE="archives" TARGET="$PLATFORM-$PACKAGE" SUFFIX="$PLATFORM-x64" ;; - linux-tar-arm64|darwin-tar-arm64) + linux-tar-arm64 | darwin-tar-arm64) PACKAGE="tar" EXT="tar.gz" TYPE="archives" @@ -182,27 +182,22 @@ esac echo "Building OpenSearch for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" -download_template +if ! download_template; then + exit 1 +fi ./gradlew ":distribution:$TYPE:$TARGET:assemble" -Dbuild.snapshot="$SNAPSHOT" -Dbuild.version_qualifier="$QUALIFIER" # Copy artifact to dist folder in bundle build output echo "Copying artifact to ${OUTPUT}/dist" -# [[ "$SNAPSHOT" == "true" ]] && IDENTIFIER="-SNAPSHOT" - ARTIFACT_BUILD_NAME=$(ls "distribution/$TYPE/$TARGET/build/distributions/" | grep "wazuh-indexer-min.*$SUFFIX.$EXT") - GIT_COMMIT=$(git rev-parse --short HEAD) - WI_VERSION=$(<VERSION) - - ARTIFACT_PACKAGE_NAME=wazuh-indexer-min_"$WI_VERSION"-"$REVISION"_"$SUFFIX"_"$GIT_COMMIT"."$EXT" -# [WAZUH] Used by the GH workflow to upload the artifact - -echo "$ARTIFACT_PACKAGE_NAME" > "$OUTPUT/artifact_min_name.txt" +# Used by the GH workflow to upload the artifact +echo "$ARTIFACT_PACKAGE_NAME" >"$OUTPUT/artifact_min_name.txt" mkdir -p "${OUTPUT}/dist" cp "distribution/$TYPE/$TARGET/build/distributions/$ARTIFACT_BUILD_NAME" "${OUTPUT}/dist/$ARTIFACT_PACKAGE_NAME" From 8db44473a4090b1797ec681fb48a40b2827ff8b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com> Date: Thu, 18 Jan 2024 13:59:11 +0100 Subject: [PATCH 7/7] Apply correct file permissions to the wazuh-template.json --- distribution/packages/src/deb/debmake_install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distribution/packages/src/deb/debmake_install.sh b/distribution/packages/src/deb/debmake_install.sh index 6bf87617ff707..4647707b2da3f 100644 --- a/distribution/packages/src/deb/debmake_install.sh +++ b/distribution/packages/src/deb/debmake_install.sh @@ -35,9 +35,9 @@ chmod -c 0755 "${buildroot}${product_dir}"/bin/* if [ -d "${buildroot}${product_dir}"/plugins/opensearch-security ]; then chmod -c 0755 "${buildroot}${product_dir}"/plugins/opensearch-security/tools/* fi -chmod -c 660 "${buildroot}${config_dir}"/wazuh-template.json # Change Permissions chmod -Rf a+rX,u+w,g-w,o-w "${buildroot}"/* +chmod -c 660 "${buildroot}${config_dir}"/wazuh-template.json exit 0