Add wazuh-template.json to packages (#116)

* Download wazuh-template.json from wazuh/wazuh repo

* Add wazuh-template.json to RPM package spec

* Setting wazuh-template.json attributes to 660

* Change wazuh-template.json attributes in debmake_install.sh

* Put template download command within a function

* Small fixes and format

* Apply correct file permissions to the wazuh-template.json

---------

Co-authored-by: Álex Ruiz <[email protected]>

Author: 2 people

.gitignore

@@ -65,4 +65,7 @@ testfixtures_shared/
 .ci/jobs/
 
 # build files generated
-doc-tools/missing-doclet/bin/
+doc-tools/missing-doclet/bin/
+
+# Wazuh template (currently downloaded from the wazuh/wazuh repo directly)
+distribution/src/config/wazuh-template.json

distribution/packages/src/deb/debmake_install.sh

@@ -18,7 +18,7 @@ fi
 
 curdir=$1
 product_dir=/usr/share/wazuh-indexer
-# config_dir=/etc/wazuh-indexer
+config_dir=/etc/wazuh-indexer
 data_dir=/var/lib/wazuh-indexer
 log_dir=/var/log/wazuh-indexer
 pid_dir=/run/wazuh-indexer
@@ -38,5 +38,6 @@ fi
 
 # Change Permissions
 chmod -Rf a+rX,u+w,g-w,o-w "${buildroot}"/*
+chmod -c 660 "${buildroot}${config_dir}"/wazuh-template.json
 
 exit 0

distribution/packages/src/rpm/wazuh-indexer.rpm.spec

@@ -64,9 +64,10 @@ mkdir -p %{buildroot}%{pid_dir}
 mkdir -p %{buildroot}%{product_dir}/plugins
 # Install directories/files
 cp -a etc usr var %{buildroot}
-chmod 0755 %{buildroot}%{product_dir}/bin/*
+chmod 0750 %{buildroot}%{product_dir}/bin/*
 if [ -d %{buildroot}%{product_dir}/plugins/opensearch-security ]; then
-    chmod 0755 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*
+    chmod 0640 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*
+    chmod 0740 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*.sh
 fi
 # Pre-populate the folders to ensure rpm build success even without all plugins
 mkdir -p %{buildroot}%{config_dir}/opensearch-observability
@@ -192,9 +193,7 @@ exit 0
 
 # Wazuh additional files
 %attr(440, %{name}, %{name}) %{product_dir}/VERSION
-%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-security-init.sh
-%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-ism-init.sh
-%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-init.sh
+%attr(660, %{name}, %{name}) %{config_dir}/wazuh-template.json
 
 %changelog
 * Thu Mar 28 2024 support <[email protected]> - 4.9.0

scripts/build.sh

@@ -24,45 +24,48 @@ function usage() {
     echo -e "-h help"
 }
 
-while getopts ":h:v:q:s:o:p:a:d:r:" arg; do
+while getopts ":h:v:q:s:o:p:a:d:r:b:" arg; do
     case $arg in
-        h)
-            usage
-            exit 1
-            ;;
-        v)
-            VERSION=$OPTARG
-            ;;
-        q)
-            QUALIFIER=$OPTARG
-            ;;
-        s)
-            SNAPSHOT=$OPTARG
-            ;;
-        o)
-            OUTPUT=$OPTARG
-            ;;
-        p)
-            PLATFORM=$OPTARG
-            ;;
-        a)
-            ARCHITECTURE=$OPTARG
-            ;;
-        d)
-            DISTRIBUTION=$OPTARG
-            ;;
-        r)
-            REVISION=$OPTARG
-            ;;
-        :)
-            echo "Error: -${OPTARG} requires an argument"
-            usage
-            exit 1
-            ;;
-        ?)
-            echo "Invalid option: -${arg}"
-            exit 1
-            ;;
+    h)
+        usage
+        exit 1
+        ;;
+    v)
+        VERSION=$OPTARG
+        ;;
+    q)
+        QUALIFIER=$OPTARG
+        ;;
+    s)
+        SNAPSHOT=$OPTARG
+        ;;
+    o)
+        OUTPUT=$OPTARG
+        ;;
+    p)
+        PLATFORM=$OPTARG
+        ;;
+    a)
+        ARCHITECTURE=$OPTARG
+        ;;
+    d)
+        DISTRIBUTION=$OPTARG
+        ;;
+    r)
+        REVISION=$OPTARG
+        ;;
+    b)
+        BRANCH=$OPTARG
+        ;;
+    :)
+        echo "Error: -${OPTARG} requires an argument"
+        usage
+        exit 1
+        ;;
+    ?)
+        echo "Invalid option: -${arg}"
+        exit 1
+        ;;
     esac
 done
 
@@ -96,16 +99,33 @@ cp -r ./build/local-test-repo/org/opensearch "${OUTPUT}"/maven/org
 [ -z "$ARCHITECTURE" ] && ARCHITECTURE=$(uname -m)
 [ -z "$DISTRIBUTION" ] && DISTRIBUTION="tar"
 [ -z "$REVISION" ] && REVISION="1"
+[ -z "$BRANCH" ] && BRANCH="master"
+
+# ====
+# Function to download the alerts template
+# ====
+function download_template() {
+    echo "Downloading wazuh-template.json"
+    local download_url="https://raw.githubusercontent.com/wazuh/wazuh/${BRANCH}/extensions/elasticsearch/7.x/wazuh-template.json"
+
+    if ! curl -s "${download_url}" -o distribution/src/config/wazuh-template.json; then
+        echo "Unable to download wazuh-template.json"
+        return 1
+    fi
+
+    echo "Successfully downloaded wazuh-template.json"
+    return 0
+}
 
 case $PLATFORM-$DISTRIBUTION-$ARCHITECTURE in
-    linux-tar-x64|darwin-tar-x64)
+    linux-tar-x64 | darwin-tar-x64)
         PACKAGE="tar"
         EXT="tar.gz"
         TYPE="archives"
         TARGET="$PLATFORM-$PACKAGE"
         SUFFIX="$PLATFORM-x64"
         ;;
-    linux-tar-arm64|darwin-tar-arm64)
+    linux-tar-arm64 | darwin-tar-arm64)
         PACKAGE="tar"
         EXT="tar.gz"
         TYPE="archives"
@@ -162,25 +182,22 @@ esac
 
 echo "Building OpenSearch for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE"
 
+if ! download_template; then
+    exit 1
+fi
+
 ./gradlew ":distribution:$TYPE:$TARGET:assemble" -Dbuild.snapshot="$SNAPSHOT" -Dbuild.version_qualifier="$QUALIFIER"
 
 # Copy artifact to dist folder in bundle build output
 echo "Copying artifact to ${OUTPUT}/dist"
-# [[ "$SNAPSHOT" == "true" ]] && IDENTIFIER="-SNAPSHOT"
-
 
 ARTIFACT_BUILD_NAME=$(ls "distribution/$TYPE/$TARGET/build/distributions/" | grep "wazuh-indexer-min.*$SUFFIX.$EXT")
-
 GIT_COMMIT=$(git rev-parse --short HEAD)
-
 WI_VERSION=$(<VERSION)
-
-
 ARTIFACT_PACKAGE_NAME=wazuh-indexer-min_"$WI_VERSION"-"$REVISION"_"$SUFFIX"_"$GIT_COMMIT"."$EXT"
 
-# [WAZUH] Used by the GH workflow to upload the artifact
-
-echo "$ARTIFACT_PACKAGE_NAME" > "$OUTPUT/artifact_min_name.txt"
+# Used by the GH workflow to upload the artifact
+echo "$ARTIFACT_PACKAGE_NAME" >"$OUTPUT/artifact_min_name.txt"
 
 mkdir -p "${OUTPUT}/dist"
 cp "distribution/$TYPE/$TARGET/build/distributions/$ARTIFACT_BUILD_NAME" "${OUTPUT}/dist/$ARTIFACT_PACKAGE_NAME"