Merge pull request #2320 from wazuh/modify-so-amzn2

OS modification of the OVA

ova/Vagrantfile

@@ -3,21 +3,24 @@
 
 Vagrant.configure("2") do |config|
 
-  config.vm.box = "centos/7"
+  config.vm.box_url = "https://packages-dev.wazuh.com/vms/ova/amazonlinux-2.box"
+  config.vm.box = "amazonlinux-2"
   config.vm.hostname = "wazuh-server"
   config.vm.provider "virtualbox" do |vb|
     vb.name = "vm_wazuh"
     vb.memory = "8192"
     vb.cpus = "4"
   end
 
+  config.ssh.username = "wazuh-user"
+  config.ssh.password = "wazuh"
+  config.ssh.insert_key = true
+
   # Synced folder configuration
   config.vm.synced_folder ".", "/vagrant", disabled: true
   config.vm.synced_folder ".", "/tmp", type: "rsync", :rsync__exclude => ['output']
 
   # Provision stage
   config.vm.provision :shell, path: "provision.sh", :args => "#{ENV['PACKAGES_REPOSITORY']} #{ENV['DEBUG']}"
-  # Provision cleanup stage
-  config.vm.provision :shell, path: "assets/postProvision.sh", :args => "#{ENV['DEBUG']}"
 
 end

ova/assets/custom/enable_fips.sh

@@ -0,0 +1,9 @@
+# Update the Operating System (OS) packages to ensure the OS is up to date
+sudo yum update -y
+
+# Install and enable the FIPS module
+sudo yum install -y dracut-fips
+sudo dracut -f
+
+# Enable FIPS mode by adding kernel argument:
+sudo /sbin/grubby --update-kernel=ALL --args="fips=1"

ova/assets/custom/messages.sh

@@ -12,15 +12,16 @@ cat > /etc/issue <<EOF
 Welcome to the Wazuh OVA version
 Wazuh - ${WAZUH_VERSION}
 Login credentials:
-  User: wazuh-user
+  User: ${SYSTEM_USER}
   Password: wazuh
 
 EOF
 
 # User Welcome message
-cat > /etc/motd <<EOF
-
+cat > /etc/update-motd.d/30-banner <<EOF
 
+#!/bin/sh
+cat << EOF
 wwwwww.           wwwwwww.          wwwwwww.
 wwwwwww.          wwwwwww.          wwwwwww.
  wwwwww.         wwwwwwwww.        wwwwwww.

ova/assets/steps.sh

@@ -13,21 +13,18 @@ systemConfig() {
   mv ${CUSTOM_PATH}/grub/grub /etc/default/
   grub2-mkconfig -o /boot/grub2/grub.cfg > /dev/null 2>&1
 
+  # Enable fips
+  mv ${CUSTOM_PATH}/enable_fips.sh /tmp/
+  chmod 755 /tmp/enable_fips.sh
+  bash /tmp/enable_fips.sh
+
   # Update Wazuh indexer jvm heap
   mv ${CUSTOM_PATH}/automatic_set_ram.sh /etc/
   chmod 755 /etc/automatic_set_ram.sh
   mv ${CUSTOM_PATH}/updateIndexerHeap.service /etc/systemd/system/
   systemctl daemon-reload
   systemctl enable updateIndexerHeap.service
 
-  # Change root password (root:wazuh)
-  sed -i "s/root:.*:/root:\$1\$pNjjEA7K\$USjdNwjfh7A\.vHCf8suK41::0:99999:7:::/g" /etc/shadow
-
-  # Add custom user ($1$pNjjEA7K$USjdNwjfh7A.vHCf8suK41 -> wazuh)
-  adduser ${SYSTEM_USER}
-  sed -i "s/${SYSTEM_USER}:!!/${SYSTEM_USER}:\$1\$pNjjEA7K\$USjdNwjfh7A\.vHCf8suK41/g" /etc/shadow
-
-  gpasswd -a ${SYSTEM_USER} wheel
   hostname ${HOSTNAME}
 
   # AWS instance has this enabled
@@ -66,4 +63,15 @@ clean() {
   rm -f /securityadmin_demo.sh
   yum clean all
 
+  systemctl daemon-reload
+
+  # Clear synced files
+  rm -rf ${CURRENT_PATH}/* ${CURRENT_PATH}/.gitignore
+
+  # Remove logs
+  find /var/log/ -type f -exec bash -c 'cat /dev/null > {}' \;
+  find /var/ossec/logs/ -type f -exec bash -c 'cat /dev/null > {}' \;
+
+  cat /dev/null > ~/.bash_history && history -c
+
 }

ova/generate_ova.sh

@@ -41,7 +41,7 @@ help () {
     echo -e "DESCRIPTION"
     echo -e "        -r,  --repository"
     echo -e "                Use development or production repository."
-    echo -e "                Values: [prod|dev]. By default: ${PACKAGES_REPOSITORY}."
+    echo -e "                Values: [prod|dev|staging]. By default: ${PACKAGES_REPOSITORY}."
     echo -e ""
     echo -e "        -s,  --store"
     echo -e "                Set the destination absolute path where the OVA file will be stored."
@@ -141,14 +141,14 @@ main() {
 
         "-r" | "--repository")
             if [ -n "$2" ]; then
-                if [ "$2" != "prod" ] && [ "$2" != "dev" ]; then
-                    echo "ERROR: Repository must be: [prod/dev]"
+                if [ "$2" != "prod" ] && [ "$2" != "dev" ] && [ "$2" != "staging" ]; then
+                    echo "ERROR: Repository must be: [prod/dev/staging]"
                     help 1
                 fi
                 PACKAGES_REPOSITORY="$2"
                 shift 2
             else
-                echo "ERROR: Value must be: [prod/dev]"
+                echo "ERROR: Value must be: [prod/dev/staging]"
                 help 1
             fi
         ;;
@@ -230,5 +230,4 @@ main() {
 
 }
 
-main "$@"
-
+main "$@"

ova/provision.sh

@@ -17,6 +17,8 @@ INSTALL_ARGS="-a"
 
 if [[ "${PACKAGES_REPOSITORY}" == "dev" ]]; then
   BUILDER_ARGS+=" -d"
+elif [[ "${PACKAGES_REPOSITORY}" == "staging" ]]; then
+  BUILDER_ARGS+=" -d staging"
 fi
 
 if [[ "${DEBUG}" = "yes" ]]; then