Merge pull request #33 from wazuh/bump-4.10.0-into-master

Bump 4.10.0 into master

.github/workflows/builder_OVA.yaml

@@ -0,0 +1,44 @@
+run-name: Build OVA - Wazuh ${{ inputs.PACKAGE_VERSION }} Version - Launched by @${{ github.actor }}
+name: Build OVA
+
+on:
+  workflow_dispatch:
+    inputs:
+      WAZUH_VIRTUAL_MACHINES_REFERENCE:
+        description: 'Branch or tag of the wazuh-virtual-machines repository'
+        required: true
+        default: '4.10.0'
+      WAZUH_INSTALLATION_ASSISTANT_REFERENCE:
+        description: 'Branch or tag of the wazuh-installation-assistant repository'
+        required: true
+        default: '4.10.0'
+      WAZUH_AUTOMATION_REFERENCE:
+        description: 'Branch or tag of the wazuh-automation repository'
+        required: true
+        default: '4.10.0'
+      WAZUH_PACKAGE_REPOSITORY:
+        type: choice
+        description: 'Wazuh package repository from which to download the packages'
+        required: true
+        options:
+          - prod
+          - dev
+          - staging
+      S3_REPOSITORY:
+        type: choice
+        description: 'packages-dev repository to upload the OVA'
+        required: true
+        options:
+          - pre-release
+          - staging
+
+env:
+  LABEL: ubuntu-latest
+
+jobs:
+  initialize-environment:
+    runs-on: $LABEL
+
+    steps:
+    - name: Set up Git
+      uses: actions/checkout@v3

ova/.gitignore

@@ -0,0 +1,4 @@
+.vagrant
+*.ova
+*.ovf
+*.vmdk

ova/Ova2Ovf.py

@@ -0,0 +1,64 @@
+#!/usr/bin/env python
+# Copyright (C) 2019, Wazuh Inc.
+#
+# Ova2Ovf.py        Helper script to convert VBox .ova export
+#                   for import to VMWare ESXi
+#
+# Original author: eshizhan https://github.com/eshizhan
+# Author: Neova Health
+# forked from : https://gist.github.com/eshizhan/6650285
+# Modified by Wazuh, Inc
+
+import sys
+import tarfile
+import os
+import hashlib
+import argparse
+
+parser = argparse.ArgumentParser()
+parser.add_argument('-s', '--srcfile', help="Source VirtualBox Ova", type=str, dest='srcfile')
+parser.add_argument('-d', '--destfile', help="Modified Ova", type=str, dest='destfile')
+args = parser.parse_args()
+
+if not args.srcfile or not args.destfile:
+    print("Source Ova and Destination Ova are needed")
+    exit
+
+srcfile = args.srcfile
+fileName, fileExtension = os.path.splitext(srcfile)
+destfile = args.destfile
+
+with tarfile.open(srcfile) as t:
+    ovaFiles = t.getnames()
+    t.extractall()
+
+
+ovaF = ovaFiles[0]
+ovaV = ovaFiles[1]
+
+
+with open(ovaF) as fn:
+    fp=fn.read()
+    if hasattr(fp, 'decode'):
+        fp = fp.decode('utf-8')
+
+    fp = fp.replace('<OperatingSystemSection ovf:id="80">','<OperatingSystemSection ovf:id="101">')
+    fp = fp.replace('<vssd:VirtualSystemType>virtualbox-2.2','<vssd:VirtualSystemType>vmx-7')
+    fp = fp.replace('<rasd:Caption>sataController', '<rasd:Caption>scsiController')
+    fp = fp.replace('<rasd:Description>SATA Controller','<rasd:Description>SCSI Controller')
+    fp = fp.replace('<rasd:ElementName>sataController','<rasd:ElementName>scsiController')
+    fp = fp.replace('<rasd:ResourceSubType>AHCI', '<rasd:ResourceSubType>lsilogic')
+    fp = fp.replace('<rasd:ResourceType>20', '<rasd:ResourceType>6')
+
+    end = fp.find('<rasd:Caption>sound')
+    start = fp.rfind('<Item>', 0, end)
+    fp = fp[:start] + '<Item ovf:required="false">' + fp[start+len('<Item>'):]
+
+
+with open(ovaF, 'wb') as nfp:
+    nfp.write(fp.encode('utf8'))
+
+# Create new .ova
+with tarfile.open(destfile, "w") as t:
+    for name in ovaFiles:
+        t.add(name)

ova/README.md

@@ -0,0 +1,29 @@
+# Wazuh Virtual Machine
+
+In this repository, you can find the necessary tools to build your own OVA file with all Wazuh components installed.
+
+## Building OVA file:
+
+Please, visit the following link for the full OVA building documentation: [Generate Wazuh virtual machine.](https://documentation.wazuh.com/current/development/packaging/generate-ova.html)
+
+## More Packages
+
+- [AIX](/aix/README.md)
+- [Arch](/arch/README.md)
+- [Debian](/debs/README.md)
+- [HP-UX](/hp-ux/README.md)
+- [KibanaApp](/wazuhapp/README.md)
+- [macOS](/macos/README.md)
+- [RPM](/rpms/README.md)
+- [Solaris](/solaris/README.md)
+- [SplunkApp](/splunkapp/README.md)
+- [Windows](/windows/README.md)
+- [WPK](/wpk/README.md)
+
+## Contribute
+
+If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users [mailing list](https://groups.google.com/d/forum/wazuh) by sending an email to [[email protected]](mailto:[email protected])or join to our Slack channel by filling this [form](https://wazuh.com/community/join-us-on-slack/) to ask questions and participate in discussions.
+
+## License and copyright
+
+WAZUH Copyright (C) 2015 Wazuh Inc.  (License GPLv2)

ova/Vagrantfile

@@ -0,0 +1,28 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+
+  config.vm.box_url = "https://packages-dev.wazuh.com/vms/ova/amznlinux-2.box"
+  config.vm.box = "amznlinux-2"
+  config.vm.hostname = "wazuh-server"
+  config.vm.provider "virtualbox" do |vb|
+    vb.name = "vm_wazuh"
+    vb.memory = "8192"
+    vb.cpus = "4"
+  end
+
+  config.ssh.username = "wazuh-user"
+  config.ssh.password = "wazuh"
+  config.ssh.insert_key = true
+
+  # Synced folder configuration
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  config.vm.synced_folder ".", "/tmp", type: "rsync", :rsync__exclude => ['output']
+
+  # Provision stage
+  config.vm.provision :shell, path: "provision.sh", :args => "#{ENV['PACKAGES_REPOSITORY']} #{ENV['DEBUG']}"
+
+  # Provision cleanup stage
+  config.vm.provision :shell, path: "assets/postProvision.sh", :args => "#{ENV['DEBUG']}"
+end

ova/assets/custom/automatic_set_ram.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Configure JVM options for Wazuh indexer
+ram_mb=$(free -m | awk '/^Mem:/{print $2}')
+ram="$(( ram_mb / 2 ))"
+
+if [ "${ram}" -eq "0" ]; then
+    ram=1024;
+fi
+
+regex="^\-Xmx\K[0-9]+"
+file="/etc/wazuh-indexer/jvm.options"
+value=$(grep -oP ${regex} ${file})
+
+if [[ "${value}" != "${ram}" ]]; then
+    eval "sed -i "s/^-Xms.*$/-Xms${ram}m/" ${file} ${debug}"
+    eval "sed -i "s/^-Xmx.*$/-Xmx${ram}m/" ${file} ${debug}"
+fi
+
+systemctl stop updateIndexerHeap.service

ova/assets/custom/enable_fips.sh

@@ -0,0 +1,9 @@
+# Update the Operating System (OS) packages to ensure the OS is up to date
+sudo yum update -y
+
+# Install and enable the FIPS module
+sudo yum install -y dracut-fips
+sudo dracut -f
+
+# Enable FIPS mode by adding kernel argument:
+sudo /sbin/grubby --update-kernel=ALL --args="fips=1"

ova/assets/custom/functions.sh

@@ -0,0 +1,29 @@
+function installCommon_changePasswords() {
+
+    common_logger -d "Setting Wazuh indexer cluster passwords."
+    if [ -f "${tar_file}" ]; then
+        eval "tar -xf ${tar_file} -C /tmp wazuh-install-files/wazuh-passwords.txt ${debug}"
+        p_file="/tmp/wazuh-install-files/wazuh-passwords.txt"
+        common_checkInstalled
+        if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then
+            changeall=1
+            passwords_readUsers
+        fi
+        installCommon_readPasswordFileUsers
+    else
+        common_logger -e "Cannot find passwords file. Exiting"
+        exit 1
+    fi
+    if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then
+        passwords_getNetworkHost
+        passwords_createBackUp
+        passwords_generateHash
+    fi
+
+    passwords_changePassword
+
+    if [ -n "${start_indexer_cluster}" ] || [ -n "${AIO}" ]; then
+        passwords_runSecurityAdmin
+    fi
+
+}

ova/assets/custom/grub/grub

@@ -0,0 +1,8 @@
+GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 nvme_core.io_timeout=4294967295 rd.emergency=poweroff quiet splash rd.plymouth=0 plymouth.enable=0 loglevel=0 systemd.show_status=0 systemd.log_level=0 vt.cur_default=0 rd.shell=0 root=/dev/sda1"
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=0
+GRUB_HIDDEN_TIMEOUT=2
+GRUB_DISABLE_RECOVERY="true"
+GRUB_DISABLE_SUBMENU=y
+GRUB_DISABLE_LINUX_UUID=true
+GRUB_BACKGROUND="/boot/grub2/wazuh.png"

ova/assets/custom/messages.sh

@@ -0,0 +1,50 @@
+#!/bin/sh
+
+DEBUG=$1
+WAZUH_VERSION=$2
+SYSTEM_USER=$3
+
+[[ ${DEBUG} = "yes" ]] && set -ex || set -e
+
+# OVA Welcome message
+cat > /etc/issue <<EOF
+
+Welcome to the Wazuh OVA version
+Wazuh - ${WAZUH_VERSION}
+Login credentials:
+  User: ${SYSTEM_USER}
+  Password: wazuh
+
+EOF
+
+# User Welcome message
+cat > /etc/update-motd.d/30-banner <<EOF
+
+#!/bin/sh
+cat << EOF
+wwwwww.           wwwwwww.          wwwwwww.
+wwwwwww.          wwwwwww.          wwwwwww.
+ wwwwww.         wwwwwwwww.        wwwwwww.
+ wwwwwww.        wwwwwwwww.        wwwwwww.
+  wwwwww.       wwwwwwwwwww.      wwwwwww.
+  wwwwwww.      wwwwwwwwwww.      wwwwwww.
+   wwwwww.     wwwwww.wwwwww.    wwwwwww.
+   wwwwwww.    wwwww. wwwwww.    wwwwwww.
+    wwwwww.   wwwwww.  wwwwww.  wwwwwww.
+    wwwwwww.  wwwww.   wwwwww.  wwwwwww.
+     wwwwww. wwwwww.    wwwwww.wwwwwww.
+     wwwwwww.wwwww.     wwwwww.wwwwwww.
+      wwwwwwwwwwww.      wwwwwwwwwwww.
+      wwwwwwwwwww.       wwwwwwwwwwww.      oooooo
+       wwwwwwwwww.        wwwwwwwwww.      oooooooo
+       wwwwwwwww.         wwwwwwwwww.     oooooooooo
+        wwwwwwww.          wwwwwwww.      oooooooooo
+        wwwwwww.           wwwwwwww.       oooooooo
+         wwwwww.            wwwwww.         oooooo
+
+
+         WAZUH Open Source Security Platform
+                  https://wazuh.com
+
+
+EOF

ova/assets/custom/removeVagrant.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Remove vagrant
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+ExecStart=/bin/bash /home/USER/removeVagrant.sh
+Type=simple
+User=root
+Group=root
+WorkingDirectory=/home/USER
+Restart=always
+RestartSec=3

ova/assets/custom/removeVagrant.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+
+userdel -rf vagrant
+
+# Remove vagrant from system files
+sed -i "/vagrant/d" /etc/group-
+sed -i "/vagrant/d" /etc/gshadow-
+sed -i "/vagrant/d" /etc/passwd-
+sed -i "/vagrant/d" /etc/shadow-
+sed -i "/\\\/d" /etc/pam.d/su
+sed -i "/vagrant/d" /etc/pam.d/su
+rm /etc/sudoers.d/vagrant
+
+# Autodestroy
+rm /home/USER/removeVagrant.sh
+rm /etc/systemd/system/removeVagrant.service
+rm /etc/systemd/system/multi-user.target.wants/removeVagrant.service
+systemctl daemon-reload

ova/assets/custom/updateIndexerHeap.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Update Wazuh Indexer jvm.option memory heap space
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+ExecStart=/bin/bash /etc/automatic_set_ram.sh

ova/assets/postProvision.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+DEBUG=$1
+[[ ${DEBUG} = "yes" ]] && set -ex || set -e
+
+CURRENT_PATH="$( cd $(dirname $0) ; pwd -P )"
+ASSETS_PATH="${CURRENT_PATH}/assets"
+CUSTOM_PATH="${ASSETS_PATH}/custom"
+SYSTEM_USER="wazuh-user"
+
+# Remove everything related to vagrant
+# mv ${CUSTOM_PATH}/removeVagrant.service /etc/systemd/system/
+# sed -i "s/USER/${SYSTEM_USER}/g" /etc/systemd/system/removeVagrant.service
+# mv ${CUSTOM_PATH}/removeVagrant.sh /home/${SYSTEM_USER}/
+# sed -i "s/USER/${SYSTEM_USER}/g" /home/${SYSTEM_USER}/removeVagrant.sh
+# chmod 755 /home/${SYSTEM_USER}/removeVagrant.sh
+# systemctl daemon-reload
+# systemctl enable removeVagrant.service
+
+# Clear synced files
+rm -rf ${CURRENT_PATH}/* ${CURRENT_PATH}/.gitignore
+
+# Remove logs
+find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \;
+find /var/ossec/logs -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+find /var/log/wazuh-indexer -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+find /var/log/filebeat -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+find /usr/share/wazuh-dashboard/data/wazuh/logs -type f -execdir sh -c 'cat /dev/null > "$1"' _ {} \;
+
+history -c
+shutdown -r now > /dev/null 2>&1