Home Explore Help
Sign In
tum
/
soc
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Commits 22 Releases 0 Wiki

No Description

Tree: 922e61ec37
Branches Tags
soc
/
wazuh-docker
/
indexer-cert...
/
config
/
entrypoint.sh

entrypoint.sh 2.1KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. #!/bin/bash
    2. 

  2. # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
    3. 

  3. 

  4. ##############################################################################
    5. 

  5. # Downloading Cert Gen Tool
    6. 

  6. ##############################################################################
    7. 

  7. 

  8. ## Variables
    9. 

  9. CERT_TOOL=wazuh-certs-tool.sh
    10. 

  10. PASSWORD_TOOL=wazuh-passwords-tool.sh
    11. 

  11. PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
    12. 

  12. PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
    13. 

  13. 

  14. OUTPUT_FILE="/$CERT_TOOL"
    15. 

  15. 

  16. download_package() {
    17. 

  17.     local url=$1
    18. 

  18.     echo "Checking $url$CERT_TOOL ..."
    19. 

  19.     if curl -fsL "$url$CERT_TOOL" -o "$OUTPUT_FILE"; then
    20. 

  20.         echo "Downloaded $CERT_TOOL from $url"
    21. 

  21.         return 0
    22. 

  22.     else
    23. 

  23.         return 1
    24. 

  24.     fi
    25. 

  25. }
    26. 

  26. 

  27. # Try first the prod URL, if it fails try the dev URL
    28. 

  28. if download_package "$PACKAGES_URL"; then
    29. 

  29.     :
    30. 

  30. elif download_package "$PACKAGES_DEV_URL"; then
    31. 

  31.     :
    32. 

  32. else
    33. 

  33.     echo "The tool to create the certificates does not exist in any bucket"
    34. 

  34.     echo "ERROR: certificates were not created"
    35. 

  35.     exit 1
    36. 

  36. fi
    37. 

  37. 

  38. cp /config/certs.yml /config.yml
    39. 

  39. chmod 700 "$OUTPUT_FILE"
    40. 

  40. 

  41. ##############################################################################
    42. 

  42. # Creating Cluster certificates
    43. 

  43. ##############################################################################
    44. 

  44. 

  45. ## Execute cert tool and parsin cert.yml to set UID permissions
    46. 

  46. source /$CERT_TOOL -A
    47. 

  47. nodes_server=$( cert_parseYaml /config.yml | grep -E "nodes[_]+server[_]+[0-9]+=" | sed -e 's/nodes__server__[0-9]=//' | sed 's/"//g' )
    48. 

  48. node_names=($nodes_server)
    49. 

  49. 

  50. echo "Moving created certificates to the destination directory"
    51. 

  51. cp /wazuh-certificates/* /certificates/
    52. 

  52. echo "Changing certificate permissions"
    53. 

  53. chmod -R 500 /certificates
    54. 

  54. chmod -R 400 /certificates/*
    55. 

  55. echo "Setting UID indexer and dashboard"
    56. 

  56. chown 1000:1000 /certificates/*
    57. 

  57. echo "Setting UID for wazuh manager and worker"
    58. 

  58. cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
    59. 

  59. cp /certificates/root-ca.key /certificates/root-ca-manager.key
    60. 

  60. chown 999:999 /certificates/root-ca-manager.pem
    61. 

  61. chown 999:999 /certificates/root-ca-manager.key
    62. 

  62. 

  63. for i in ${node_names[@]};
    64. 

  64. do
    65. 

  65.   chown 999:999 "/certificates/${i}.pem"
    66. 

  66.   chown 999:999 "/certificates/${i}-key.pem"
    67. 

  67. done
    68. 

  68. 

  69.