update fixed version

This commit is contained in:
Maik Ro 2023-11-24 21:35:46 +01:00
parent eaec953d40
commit 060d818416

View file

@ -29,7 +29,6 @@ The first step would be to add a certificate for wazuh.
You can generate a new one under `System` -> `Certificates` -> `Generate` You can generate a new one under `System` -> `Certificates` -> `Generate`
Add a name, set the validity period to 365 days and click `Generate` Add a name, set the validity period to 365 days and click `Generate`
![](./certificate.png) ![](./certificate.png)
@ -89,13 +88,13 @@ Now create an application to use the newly created provider. `Applications` -> `
`Provider: SAML` `Provider: SAML`
`Policy Engine: any` `Policy Engine: any`
![](./application.png) ![](./application.png)
You can change the UI / upload a logo so that in the applications overview you have a nice layout and can easily identify the new wazuh app. You can change the UI / upload a logo so that in the applications overview you have a nice layout and can easily identify the new wazuh app.
![](./applications_overview.png) ![](./applications_overview.png)
### Step 5 - metadata + wazuh opensearch-security configuration ### Step 5 - metadata + wazuh opensearch-security configuration
Now download the metadata file `saml_authentik_meta.xml` from the `Applications` -> `Provider` -> `Related Objects` -> `Download` Now download the metadata file `saml_authentik_meta.xml` from the `Applications` -> `Provider` -> `Related Objects` -> `Download`
and copy/save it on the wazuh server - ideally under `/etc/wazuh-indexer/opensearch-security/idp-metadata.xml` and copy/save it on the wazuh server - ideally under `/etc/wazuh-indexer/opensearch-security/idp-metadata.xml`
@ -105,7 +104,7 @@ Next up change the `/etc/wazuh-indexer/opensearch-security/config.yml` and make
- you need to adjust the `metadata_file` if your name differs from the one shown above/below - you need to adjust the `metadata_file` if your name differs from the one shown above/below
- `entity_id` needs to change twice, once in the `idp` section and once in the `sp` section - you can look it up in the metadata xml file - search for `entityID` - `entity_id` needs to change twice, once in the `idp` section and once in the `sp` section - you can look it up in the metadata xml file - search for `entityID`
![Alt text](entityid.png) ![Alt text](entityid.png)
- adapt the `kibana_url` to match your wazuh dashboard url - e.g. `https://wazuh.myhomelab.com/` - adapt the `kibana_url` to match your wazuh dashboard url - e.g. `https://wazuh.myhomelab.com/`
- copy/paste the `exchange_key`, you can get it from the metadata file (find the key between the `<ds:X509Certificate></ds:X509Certificate>` tags, it usually starts with MII...) - DO NOT FORGET TO PUT QUOTES AROUND THE CERTIFICATE - copy/paste the `exchange_key`, you can get it from the metadata file (find the key between the `<ds:X509Certificate></ds:X509Certificate>` tags, it usually starts with MII...) - DO NOT FORGET TO PUT QUOTES AROUND THE CERTIFICATE
- make sure to adjust the ownership and access rights via the following commands: - make sure to adjust the ownership and access rights via the following commands:
@ -181,31 +180,37 @@ all_access:
``` ```
save the file and use the securityadmin.sh with the following command to load the adjusted `roles_mapping.yml`: save the file and use the securityadmin.sh with the following command to load the adjusted `roles_mapping.yml`:
```bash ```bash
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h localhost -nhnv export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -f /etc/wazuh-indexer/opensearch-security/roles_mapping.yml -icl -key /etc/wazuh-indexer/certs/admin-key.pem -cert /etc/wazuh-indexer/certs/admin.pem -cacert /etc/wazuh-indexer/certs/root-ca.pem -h localhost -nhnv
``` ```
If all goes well this shows `Done with success` in the end If all goes well this shows `Done with success` in the end
### Step 8 - wazuh.yml ### Step 8 - wazuh.yml
Check `/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml` and make sure that `run_as` is set to `false`. Check `/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml` and make sure that `run_as` is set to `false`.
![](wazuhyml.png) ![](wazuhyml.png)
### Step 9 - security role mapping ### Step 9 - security role mapping
open the wazuh dashboard - click on the downward pointing triangle next to the wazuh logo then on `Security` and `Roles mapping`. open the wazuh dashboard - click on the downward pointing triangle next to the wazuh logo then on `Security` and `Roles mapping`.
![](roles_mapping1.png) ![](roles_mapping1.png)
We will now add a new role mapping - add any name + the respective Roles -> in this case administrator and add a new custom rule at the bottom that matches (`FIND`) the `user_name` to `wazuh-admin`. We will now add a new role mapping - add any name + the respective Roles -> in this case administrator and add a new custom rule at the bottom that matches (`FIND`) the `user_name` to `wazuh-admin`.
![](saml-admin.png) ![](saml-admin.png)
### Step 10 - final step - opensearch_dashboards.yml ### Step 10 - final step - opensearch_dashboards.yml
The last step is to adapt the `/etc/wazuh-dashboard/opensearch_dashboards.yml` and add three lines to the bottom of the file: The last step is to adapt the `/etc/wazuh-dashboard/opensearch_dashboards.yml` and add three lines to the bottom of the file:
```yml ```yml
opensearch_security.auth.type: "saml" opensearch_security.auth.type: "saml"
server.xsrf.allowlist: ["/_opendistro/_security/saml/acs", "/_opendistro/_security/saml/logout", "/_opendistro/_security/saml/acs/idpinitiated"] server.xsrf.allowlist:
[
"/_opendistro/_security/saml/acs",
"/_opendistro/_security/saml/logout",
"/_opendistro/_security/saml/acs/idpinitiated",
]
opensearch_security.session.keepalive: false opensearch_security.session.keepalive: false
``` ```