update fixed version
This commit is contained in:
Maik Ro
parent
eaec953d40
commit
060d818416
|
|
@ -29,7 +29,6 @@ The first step would be to add a certificate for wazuh.
|
||||||
|
|
||||||
You can generate a new one under `System` -> `Certificates` -> `Generate`
|
You can generate a new one under `System` -> `Certificates` -> `Generate`
|
||||||
|
|
||||||
|
|
||||||
Add a name, set the validity period to 365 days and click `Generate`
|
Add a name, set the validity period to 365 days and click `Generate`
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -89,13 +88,13 @@ Now create an application to use the newly created provider. `Applications` -> `
|
||||||
`Provider: SAML`
|
`Provider: SAML`
|
||||||
`Policy Engine: any`
|
`Policy Engine: any`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
You can change the UI / upload a logo so that in the applications overview you have a nice layout and can easily identify the new wazuh app.
|
You can change the UI / upload a logo so that in the applications overview you have a nice layout and can easily identify the new wazuh app.
|
||||||
|
|
||||||
|
|
||||||
### Step 5 - metadata + wazuh opensearch-security configuration
|
### Step 5 - metadata + wazuh opensearch-security configuration
|
||||||
|
|
||||||
Now download the metadata file `saml_authentik_meta.xml` from the `Applications` -> `Provider` -> `Related Objects` -> `Download`
|
Now download the metadata file `saml_authentik_meta.xml` from the `Applications` -> `Provider` -> `Related Objects` -> `Download`
|
||||||
|
|
||||||
and copy/save it on the wazuh server - ideally under `/etc/wazuh-indexer/opensearch-security/idp-metadata.xml`
|
and copy/save it on the wazuh server - ideally under `/etc/wazuh-indexer/opensearch-security/idp-metadata.xml`
|
||||||
|
|
@ -181,31 +180,37 @@ all_access:
|
||||||
```
|
```
|
||||||
|
|
||||||
save the file and use the securityadmin.sh with the following command to load the adjusted `roles_mapping.yml`:
|
save the file and use the securityadmin.sh with the following command to load the adjusted `roles_mapping.yml`:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h localhost -nhnv
|
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h localhost -nhnv
|
||||||
```
|
```
|
||||||
|
|
||||||
If all goes well this shows `Done with success` in the end
|
If all goes well this shows `Done with success` in the end
|
||||||
|
|
||||||
|
|
||||||
### Step 8 - wazuh.yml
|
### Step 8 - wazuh.yml
|
||||||
|
|
||||||
Check `/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml` and make sure that `run_as` is set to `false`.
|
Check `/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml` and make sure that `run_as` is set to `false`.
|
||||||
|
|
||||||
|
|
||||||
### Step 9 - security role mapping
|
### Step 9 - security role mapping
|
||||||
|
|
||||||
open the wazuh dashboard - click on the downward pointing triangle next to the wazuh logo then on `Security` and `Roles mapping`.
|
open the wazuh dashboard - click on the downward pointing triangle next to the wazuh logo then on `Security` and `Roles mapping`.
|
||||||
|
|
||||||
We will now add a new role mapping - add any name + the respective Roles -> in this case administrator and add a new custom rule at the bottom that matches (`FIND`) the `user_name` to `wazuh-admin`.
|
We will now add a new role mapping - add any name + the respective Roles -> in this case administrator and add a new custom rule at the bottom that matches (`FIND`) the `user_name` to `wazuh-admin`.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Step 10 - final step - opensearch_dashboards.yml
|
### Step 10 - final step - opensearch_dashboards.yml
|
||||||
|
|
||||||
The last step is to adapt the `/etc/wazuh-dashboard/opensearch_dashboards.yml` and add three lines to the bottom of the file:
|
The last step is to adapt the `/etc/wazuh-dashboard/opensearch_dashboards.yml` and add three lines to the bottom of the file:
|
||||||
|
|
||||||
```yml
|
```yml
|
||||||
opensearch_security.auth.type: "saml"
|
opensearch_security.auth.type: "saml"
|
||||||
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_security/saml/acs/idpinitiated"]
|
server.xsrf.allowlist:
|
||||||
|
[
|
||||||
|
"/_opendistro/_security/saml/acs",
|
||||||
|
"/_opendistro/_security/saml/logout",
|
||||||
|
"/_opendistro/_security/saml/acs/idpinitiated",
|
||||||
|
]
|
||||||
opensearch_security.session.keepalive: false
|
opensearch_security.session.keepalive: false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
Reference in a new issue