2017-10-27 09:07:38 +00:00
const needle = require ( 'needle' ) ;
2018-03-12 11:57:14 +00:00
const colors = require ( 'ansicolors' ) ;
2017-10-27 09:07:38 +00:00
const blueWazuh = colors . blue ( 'wazuh' ) ;
2018-03-12 11:57:14 +00:00
const fs = require ( 'fs' ) ;
const yml = require ( 'js-yaml' ) ;
const path = require ( 'path' ) ;
const { log } = require ( './logger' ) ;
2017-10-27 09:07:38 +00:00
2018-03-12 11:57:14 +00:00
const OBJECTS _FILE = './integration-files/objects-file.json' ;
2018-02-15 14:45:56 +00:00
const APP _OBJECTS _FILE = './integration-files/app-objects-file-alerts.json' ;
2018-03-12 11:57:14 +00:00
const KIBANA _TEMPLATE = './integration-files/kibana-template.json' ;
2018-03-12 11:29:24 +00:00
2018-03-11 17:57:32 +00:00
2017-10-27 09:07:38 +00:00
module . exports = ( server , options ) => {
2018-01-25 12:44:25 +00:00
2018-03-12 11:29:24 +00:00
log ( 'initialize.js' , 'Initializing' , 'info' ) ;
2018-03-12 10:27:19 +00:00
2017-12-04 18:59:36 +00:00
// Elastic JS Client
const elasticRequest = server . plugins . elasticsearch . getCluster ( 'data' ) ;
2016-12-13 15:32:35 +00:00
2018-03-12 11:29:24 +00:00
let objects = { } ;
let app _objects = { } ;
let kibana _template = { } ;
let packageJSON = { } ;
2018-02-27 12:16:56 +00:00
let configurationFile = { } ;
2018-03-12 11:29:24 +00:00
let pattern = null ;
2018-01-29 12:57:28 +00:00
// Read config from package.json and config.yml
2017-12-04 18:59:36 +00:00
try {
2018-03-12 11:29:24 +00:00
configurationFile = yml . load ( fs . readFileSync ( path . join ( _ _dirname , '../config.yml' ) , { encoding : 'utf-8' } ) ) ;
2018-01-30 10:46:42 +00:00
2018-01-30 15:33:38 +00:00
global . loginEnabled = ( configurationFile && typeof configurationFile [ 'login.enabled' ] !== 'undefined' ) ? configurationFile [ 'login.enabled' ] : false ;
2018-03-12 11:29:24 +00:00
pattern = ( configurationFile && typeof configurationFile . pattern !== 'undefined' ) ? configurationFile . pattern : 'wazuh-alerts-3.x-*' ;
2017-12-04 18:59:36 +00:00
packageJSON = require ( '../package.json' ) ;
} catch ( e ) {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js' , e . message || e ) ;
2018-01-29 12:57:28 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Something went wrong while reading the configuration.' + e . message ) ;
2018-01-25 12:44:25 +00:00
}
2018-03-12 11:29:24 +00:00
if ( typeof global . sessions === 'undefined' ) {
global . sessions = { } ;
2018-01-25 12:44:25 +00:00
}
2018-01-29 12:57:28 +00:00
2018-01-25 12:44:25 +00:00
global . protectedRoute = req => {
2018-03-12 11:29:24 +00:00
if ( ! loginEnabled ) return true ;
2018-01-25 12:44:25 +00:00
const session = ( req . headers && req . headers . code ) ? sessions [ req . headers . code ] : null ;
2018-03-12 11:29:24 +00:00
if ( ! session ) return false ;
2018-01-25 12:44:25 +00:00
const timeElapsed = ( new Date ( ) - session . created ) / 1000 ;
2018-03-12 11:29:24 +00:00
if ( timeElapsed >= session . exp ) {
2018-01-25 12:44:25 +00:00
delete sessions [ req . payload . code ] ;
return false ;
}
return true ;
2017-12-04 18:59:36 +00:00
}
2017-09-29 05:26:18 +00:00
2018-01-24 11:54:19 +00:00
let index _pattern = pattern || "wazuh-alerts-3.x-*" ;
2017-12-03 14:30:47 +00:00
2017-12-04 18:59:36 +00:00
// Importing Wazuh built-in visualizations and dashboards
const importObjects = ( id ) => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js importObjects' , 'Importing objects (Searches, visualizations and dashboards) into Elasticsearch...' , 'info' ) ;
2017-12-04 18:59:36 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Importing objects (Searches, visualizations and dashboards) into Elasticsearch...' ) ;
2017-09-29 05:26:18 +00:00
2017-12-04 18:59:36 +00:00
try {
objects = require ( OBJECTS _FILE ) ;
} catch ( e ) {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js' , e . message || e ) ;
2017-12-04 18:59:36 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not read the objects file.' ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Path: ' + OBJECTS _FILE ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Exception: ' + e ) ;
}
2017-02-14 12:37:51 +00:00
2017-12-04 18:59:36 +00:00
let body = '' ;
2018-03-12 11:29:24 +00:00
for ( let element of objects ) {
body += '{ "index": { "_index": ".kibana", "_type": "doc", ' +
'"_id": "' + element . _type + ':' + element . _id + '" } }\n' ;
2017-10-27 09:34:33 +00:00
2017-12-04 18:59:36 +00:00
let temp = { } ;
2018-03-12 11:29:24 +00:00
let aux = JSON . stringify ( element . _source ) ;
aux = aux . replace ( "wazuh-alerts" , id ) ;
aux = JSON . parse ( aux ) ;
2017-12-04 18:59:36 +00:00
temp [ element . _type ] = aux ;
2018-03-12 11:29:24 +00:00
2017-12-04 18:59:36 +00:00
if ( temp [ element . _type ] . kibanaSavedObjectMeta . searchSourceJSON . index ) {
temp [ element . _type ] . kibanaSavedObjectMeta . searchSourceJSON . index = id ;
}
2018-03-12 11:29:24 +00:00
2017-12-04 18:59:36 +00:00
temp [ "type" ] = element . _type ;
2018-03-12 11:29:24 +00:00
body += JSON . stringify ( temp ) + "\n" ;
2017-12-04 18:59:36 +00:00
}
2017-10-27 09:34:33 +00:00
2017-12-04 18:59:36 +00:00
elasticRequest . callWithInternalUser ( 'bulk' , {
index : '.kibana' ,
2018-03-12 11:29:24 +00:00
body : body
2017-12-04 18:59:36 +00:00
} )
2018-03-12 11:29:24 +00:00
. then ( ( ) => elasticRequest . callWithInternalUser ( 'indices.refresh' , {
index : [ '.kibana' , index _pattern ]
} ) )
. then ( ( ) => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js importObjects' , 'Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used.' , 'info' ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Templates, mappings, index patterns, visualizations, searches and dashboards were successfully installed. App ready to be used.' ) ;
} )
. catch ( error => {
log ( 'initialize.js importObjects' , error . message || error ) ;
server . log ( [ blueWazuh , 'server' , 'error' ] , 'Error importing objects into elasticsearch. Bulk request failed.' ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-04 18:59:36 +00:00
} ;
2016-12-05 16:59:53 +00:00
2017-12-04 18:59:36 +00:00
// Importing Wazuh app visualizations and dashboards
const importAppObjects = ( id ) => {
console . log ( "Importing objects" ) ;
2018-03-12 11:57:14 +00:00
log ( 'initialize.js importAppObjects' , 'Importing Wazuh app visualizations...' , 'info' )
2017-12-04 18:59:36 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Importing Wazuh app visualizations...' ) ;
2017-11-14 15:55:35 +00:00
2017-12-04 18:59:36 +00:00
try {
app _objects = require ( APP _OBJECTS _FILE ) ;
} catch ( e ) {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js importAppObjects' , e . message || e )
2017-12-04 18:59:36 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not read the objects file.' ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Path: ' + APP _OBJECTS _FILE ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Exception: ' + e ) ;
}
2017-11-14 15:55:35 +00:00
2017-12-04 18:59:36 +00:00
let body = '' ;
2018-03-12 11:29:24 +00:00
for ( let element of app _objects ) {
2017-12-04 18:59:36 +00:00
body += '{ "index": { "_index": ".kibana", "_type": "doc", ' + '"_id": "' + element . _type + ':' + element . _id + '" } }\n' ;
2017-11-14 15:55:35 +00:00
2017-12-04 18:59:36 +00:00
let temp = { } ;
2018-03-12 11:29:24 +00:00
let aux = JSON . stringify ( element . _source ) ;
aux = aux . replace ( "wazuh-alerts" , id ) ;
aux = JSON . parse ( aux ) ;
2017-12-04 18:59:36 +00:00
temp [ element . _type ] = aux ;
2018-03-12 11:29:24 +00:00
2017-12-04 18:59:36 +00:00
if ( temp [ element . _type ] . kibanaSavedObjectMeta . searchSourceJSON . index ) {
temp [ element . _type ] . kibanaSavedObjectMeta . searchSourceJSON . index = id ;
}
2018-03-12 11:29:24 +00:00
2017-12-04 18:59:36 +00:00
temp [ "type" ] = element . _type ;
2018-03-12 11:29:24 +00:00
body += JSON . stringify ( temp ) + "\n" ;
2017-12-04 18:59:36 +00:00
}
2017-11-14 15:55:35 +00:00
2017-12-04 18:59:36 +00:00
elasticRequest . callWithInternalUser ( 'bulk' , {
index : '.kibana' ,
2018-03-12 11:29:24 +00:00
body : body
2017-12-04 18:59:36 +00:00
} )
2018-03-12 11:29:24 +00:00
. then ( ( ) => elasticRequest . callWithInternalUser ( 'indices.refresh' , {
index : [ '.kibana' , index _pattern ]
} ) )
. then ( ( ) => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js importAppObjects' , 'Wazuh app visualizations were successfully installed. App ready to be used.' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Wazuh app visualizations were successfully installed. App ready to be used.' ) ;
} )
. catch ( error => {
log ( 'initialize.js importAppObjects' , error . message || error ) ;
server . log ( [ blueWazuh , 'server' , 'error' ] , 'Error importing objects into elasticsearch. Bulk request failed.' ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-04 18:59:36 +00:00
} ;
2017-11-14 15:55:35 +00:00
2017-12-04 18:59:36 +00:00
// Create index pattern TODO: remove hardcoded index-patterns ids
2018-03-12 11:57:14 +00:00
const createIndexPattern = ( ) => {
log ( 'initialize.js createIndexPattern' , ` Creating index pattern: ${ index _pattern } ` , 'info' )
2017-12-04 18:59:36 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , ` Creating index pattern: ${ index _pattern } ` ) ;
2017-09-29 05:26:18 +00:00
2017-12-26 17:50:18 +00:00
let patternId = 'index-pattern:' + index _pattern ;
2018-03-12 11:29:24 +00:00
elasticRequest . callWithInternalUser ( 'create' , {
index : '.kibana' ,
type : 'doc' ,
id : patternId ,
2017-12-04 18:59:36 +00:00
body : {
2018-03-12 11:29:24 +00:00
"type" : 'index-pattern' ,
"index-pattern" : {
"title" : index _pattern ,
2018-02-06 12:36:05 +00:00
"timeFieldName" : '@timestamp' ,
2018-03-12 11:29:24 +00:00
"fieldFormatMap" : '{"data.virustotal.permalink":{"id":"url"},"data.vulnerability.reference":{"id":"url"},"data.url":{"id":"url"}}'
}
}
2017-12-04 18:59:36 +00:00
} )
2018-03-12 11:29:24 +00:00
. then ( resp => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js createIndexPattern' , ` Created index pattern: ${ index _pattern } ` , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Created index pattern: ' + index _pattern ) ;
// Import objects (dashboards and visualizations)
importObjects ( index _pattern ) ;
importAppObjects ( index _pattern ) ;
} )
. catch ( error => {
log ( 'initialize.js createIndexPattern' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Error creating index-pattern.' ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-04 18:59:36 +00:00
} ;
2017-09-29 05:26:18 +00:00
2017-12-04 18:59:36 +00:00
// Configure Kibana status: Index pattern, default index pattern, default time, import dashboards.
const configureKibana = ( type ) => {
if ( type === "install" ) {
2018-03-12 11:29:24 +00:00
elasticRequest . callWithInternalUser ( 'search' , {
2017-12-04 18:59:36 +00:00
index : '.kibana' ,
2018-03-12 11:29:24 +00:00
type : 'doc' ,
q : ` index-pattern.title:" ${ index _pattern } " `
2017-12-04 18:59:36 +00:00
} )
2018-03-12 11:29:24 +00:00
. then ( data => {
2018-03-12 11:57:14 +00:00
if ( data . hits . total >= 1 ) {
log ( 'initialize.js configureKibana' , 'Skipping index-pattern creation. Already exists.' , 'info' )
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Skipping index-pattern creation. Already exists.' ) ;
}
2018-03-12 11:29:24 +00:00
else createIndexPattern ( ) ;
} )
. catch ( error => {
log ( 'initialize.js configureKibana' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not reach elasticsearch.' ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-04 18:59:36 +00:00
}
} ;
2017-09-29 05:26:18 +00:00
2018-01-29 12:57:28 +00:00
// Save Wazuh App setup
const saveConfiguration = ( ) => {
2018-02-27 12:16:56 +00:00
let shards = 1 ;
let replicas = 1 ;
if ( configurationFile ) {
if ( configurationFile [ "wazuh-version.shards" ] ) {
shards = configurationFile [ "wazuh-version.shards" ] ;
}
if ( configurationFile [ "wazuh-version.replicas" ] ) {
replicas = configurationFile [ "wazuh-version.replicas" ] ;
}
}
let shard _configuration = {
2018-03-12 11:29:24 +00:00
"settings" : {
"index" : {
"number_of_shards" : shards ,
"number_of_replicas" : replicas
2018-02-27 12:16:56 +00:00
}
}
2018-01-29 12:57:28 +00:00
} ;
2018-02-27 12:16:56 +00:00
elasticRequest . callWithInternalUser ( 'indices.create' , {
index : '.wazuh-version' ,
body : shard _configuration
2018-01-29 12:57:28 +00:00
} )
. then ( ( ) => {
2018-03-12 15:34:58 +00:00
const commonDate = new Date ( ) . toISOString ( ) ;
const configuration = {
name : 'Wazuh App' ,
'app-version' : packageJSON . version ,
revision : packageJSON . revision ,
installationDate : commonDate ,
lastRestart : commonDate
2018-02-27 12:16:56 +00:00
} ;
elasticRequest . callWithInternalUser ( 'create' , {
index : ".wazuh-version" ,
type : 'wazuh-version' ,
id : 1 ,
body : configuration
} )
. then ( ( ) => {
2018-03-12 11:29:24 +00:00
let configuration = {
"name" : "Wazuh App" ,
"app-version" : packageJSON . version ,
"revision" : packageJSON . revision ,
"installationDate" : new Date ( ) . toISOString ( )
} ;
elasticRequest . callWithInternalUser ( 'create' , {
index : ".wazuh-version" ,
type : 'wazuh-version' ,
id : 1 ,
body : configuration
} )
. then ( ( ) => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js saveConfiguration' , 'Wazuh configuration inserted' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Wazuh configuration inserted' ) ;
} )
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js saveConfiguration' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not insert Wazuh configuration' ) ;
} ) ;
2018-02-27 12:16:56 +00:00
} )
2018-03-11 16:58:47 +00:00
. catch ( error => {
2018-03-12 11:29:24 +00:00
log ( 'initialize.js saveConfiguration' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Error creating index .wazuh-version.' ) ;
2018-02-27 12:16:56 +00:00
} ) ;
2018-01-29 12:57:28 +00:00
} ;
2017-12-04 18:59:36 +00:00
// Init function. Check for "wazuh-version" document existance.
const init = ( ) => {
elasticRequest . callWithInternalUser ( 'indices.exists' , {
index : '.wazuh'
} )
2018-03-12 15:34:58 +00:00
. then ( result => {
2017-12-04 18:59:36 +00:00
if ( ! result ) {
2018-02-27 12:16:56 +00:00
let shards = 1 ;
let replicas = 1 ;
if ( configurationFile ) {
if ( configurationFile [ "wazuh.shards" ] ) {
shards = configurationFile [ "wazuh.shards" ] ;
}
if ( configurationFile [ "wazuh.replicas" ] ) {
replicas = configurationFile [ "wazuh.replicas" ] ;
}
}
2018-03-12 11:29:24 +00:00
let shards = 1 ;
let replicas = 1 ;
if ( configurationFile ) {
if ( configurationFile [ "wazuh.shards" ] ) {
shards = configurationFile [ "wazuh.shards" ] ;
}
if ( configurationFile [ "wazuh.replicas" ] ) {
replicas = configurationFile [ "wazuh.replicas" ] ;
2018-02-27 12:16:56 +00:00
}
}
2018-03-12 11:29:24 +00:00
let configuration = {
"settings" : {
"index" : {
"number_of_shards" : shards ,
"number_of_replicas" : replicas
}
}
} ;
elasticRequest . callWithInternalUser ( 'indices.create' , {
index : '.wazuh' ,
body : configuration
} )
. then ( ( ) => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js init' , 'Index .wazuh created.' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Index .wazuh created.' ) ;
} )
. catch ( error => {
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Error creating index .wazuh.' ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2018-03-12 11:29:24 +00:00
} else { // The .wazuh index exists, we now proceed to check whether it's from an older version
elasticRequest . callWithInternalUser ( 'get' , {
index : ".wazuh" ,
type : "wazuh-setup" ,
id : "1"
} )
. then ( data => {
// Reindex!
reindexOldVersion ( ) ;
} )
. catch ( error => {
if ( error . message && error . message !== 'Not Found' ) {
log ( 'initialize.js init 1' , error . message || error ) ;
}
2018-03-12 11:57:14 +00:00
log ( 'initialize.js init' , 'No older .wazuh index found -> no need to reindex.' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'No older .wazuh index found -> no need to reindex.' ) ;
} ) ;
}
} )
. catch ( error => {
log ( 'initialize.js init 2' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not check if .wazuh index exists due to ' + error ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-10-27 09:34:33 +00:00
2017-12-04 18:59:36 +00:00
elasticRequest . callWithInternalUser ( 'get' , {
index : ".wazuh-version" ,
type : "wazuh-version" ,
id : "1"
} )
2018-03-12 15:34:58 +00:00
. then ( data => {
2018-01-29 12:57:28 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , '.wazuh-version document already exists. Updating version information and visualizations...' ) ;
2018-03-12 15:34:58 +00:00
2018-01-16 10:59:26 +00:00
elasticRequest . callWithInternalUser ( 'update' , {
index : '.wazuh-version' ,
2018-03-12 15:34:58 +00:00
type : 'wazuh-version' ,
id : 1 ,
body : {
doc : {
'app-version' : packageJSON . version ,
revision : packageJSON . revision ,
lastRestart : new Date ( ) . toISOString ( ) // Indice exists so we update the lastRestarted date only
2018-01-16 10:59:26 +00:00
}
}
} )
. then ( ( response ) => {
2018-01-18 11:44:58 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Successfully updated version information' ) ;
2018-01-16 10:59:26 +00:00
} )
. catch ( ( error ) => {
2018-01-18 11:44:58 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not update version information due to ' + error ) ;
2018-01-16 10:59:26 +00:00
} ) ;
2018-01-16 19:02:46 +00:00
2018-03-12 11:29:24 +00:00
elasticRequest . callWithInternalUser ( 'update' , {
index : '.wazuh-version' ,
type : 'wazuh-version' ,
id : 1 ,
2018-01-16 19:02:46 +00:00
body : {
2018-03-12 11:29:24 +00:00
'doc' : {
"app-version" : packageJSON . version ,
"revision" : packageJSON . revision
2018-01-16 19:02:46 +00:00
}
2018-03-12 11:29:24 +00:00
}
2018-01-16 19:02:46 +00:00
} )
2018-03-12 11:57:14 +00:00
. then ( response => {
log ( 'initialize.js init' , 'Successfully updated version information' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Successfully updated version information' ) ;
} )
. catch ( error => {
log ( 'initialize.js init 3' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not update version information due to ' + error ) ;
} ) ;
// We search for the currently applied pattern in the visualizations
elasticRequest . callWithInternalUser ( 'search' , {
index : '.kibana' ,
type : 'doc' ,
q : ` visualization.title:"Wazuh App Overview General Metric alerts" `
2018-01-16 19:02:46 +00:00
} )
2018-03-12 11:29:24 +00:00
. then ( data => {
elasticRequest . callWithInternalUser ( 'deleteByQuery' , {
index : '.kibana' ,
body : {
'query' : {
'bool' : {
'must' : {
'match' : {
"visualization.title" : 'Wazuh App*'
}
} ,
'must_not' : {
"match" : {
"visualization.title" : 'Wazuh App Overview General Agents status'
}
}
}
}
}
} )
. then ( ( response ) => {
// Update the visualizations
importAppObjects ( JSON . parse ( data . hits . hits [ 0 ] . _source . visualization . kibanaSavedObjectMeta . searchSourceJSON ) . index ) ;
} )
. catch ( error => {
log ( 'initialize.js init 4' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not update visualizations due to ' + error ) ;
} ) ;
} )
. catch ( error => {
log ( 'initialize.js init 5' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not get a sample for the pattern due to ' + error ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2018-01-16 19:02:46 +00:00
} )
2018-03-11 16:58:47 +00:00
. catch ( error => {
2018-03-12 11:29:24 +00:00
log ( 'initialize.js init 6' , error . message || error ) ;
server . log ( [ blueWazuh , 'initialize' , 'info' ] , '.wazuh-version document does not exist. Initializating configuration...' ) ;
2018-01-29 12:57:28 +00:00
2018-03-12 11:29:24 +00:00
// Save Setup Info
saveConfiguration ( index _pattern ) ;
configureKibana ( "install" ) ;
} ) ;
2017-12-04 18:59:36 +00:00
} ;
2017-10-27 09:07:38 +00:00
2017-12-19 16:23:42 +00:00
const createKibanaTemplate = ( ) => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js createKibanaTemplate' , 'Creating template for .kibana.' , 'info' )
2017-12-19 16:23:42 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Creating template for .kibana.' ) ;
2018-03-12 11:29:24 +00:00
try {
2017-12-19 16:23:42 +00:00
kibana _template = require ( KIBANA _TEMPLATE ) ;
2018-03-12 11:57:14 +00:00
} catch ( error ) {
log ( 'initialize.js init 6' , error . message || error ) ;
2018-01-29 12:57:28 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not read the .kibana template file.' ) ;
2017-12-19 16:23:42 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Path: ' + KIBANA _TEMPLATE ) ;
2018-03-12 11:57:14 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Exception: ' + error ) ;
2017-12-19 16:23:42 +00:00
}
2018-03-12 11:29:24 +00:00
return elasticRequest . callWithInternalUser ( 'indices.putTemplate' ,
{
name : 'wazuh-kibana' ,
order : 0 ,
create : true ,
body : kibana _template
} ) ;
2017-12-14 12:24:51 +00:00
} ;
2017-12-19 16:23:42 +00:00
// Does .kibana index exist?
2018-03-12 11:29:24 +00:00
const checkKibanaStatus = ( ) => {
2017-12-19 16:23:42 +00:00
elasticRequest . callWithInternalUser ( 'indices.exists' , {
index : ".kibana"
2017-11-15 09:35:23 +00:00
} )
2018-03-12 11:29:24 +00:00
. then ( data => {
if ( data ) { // It exists, initialize!
init ( ) ;
}
else { // No .kibana index created...
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , 'Didn\'t find .kibana index...' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , "Didn't find .kibana index..." ) ;
2017-12-21 16:24:48 +00:00
2018-03-12 11:29:24 +00:00
elasticRequest . callWithInternalUser ( 'indices.getTemplate' ,
{
name : 'wazuh-kibana'
} )
2018-03-11 16:58:47 +00:00
. then ( data => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , 'No need to create the .kibana template, already exists.' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'No need to create the .kibana template, already exists.' ) ;
elasticRequest . callWithInternalUser ( 'indices.create' , { index : '.kibana' } )
. then ( data => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , 'Successfully created .kibana index.' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Successfully created .kibana index.' ) ;
init ( ) ;
} )
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Error creating .kibana index due to ' + error ) ;
} ) ;
2017-12-21 16:24:48 +00:00
} )
2018-03-11 16:58:47 +00:00
. catch ( error => {
2018-03-12 11:29:24 +00:00
log ( 'initialize.js checkKibanaStatus' ,
error . message || error
) ;
createKibanaTemplate ( )
. then ( data => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , 'Successfully created .kibana template.' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Successfully created .kibana template.' ) ;
elasticRequest . callWithInternalUser ( 'indices.create' , { index : '.kibana' } )
. then ( data => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , 'Successfully created .kibana index.' , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Successfully created .kibana index.' ) ;
init ( ) ;
} )
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Error creating .kibana index due to ' + error ) ;
} ) ;
} ) . catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Error creating template for .kibana due to ' + error ) ;
} ) ;
2017-12-21 16:24:48 +00:00
} ) ;
2018-03-12 11:29:24 +00:00
}
} )
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkKibanaStatus' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'error' ] , 'Could not check .kibana index due to ' + error ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-05 15:02:09 +00:00
} ;
2017-11-15 09:35:23 +00:00
2017-12-19 16:23:42 +00:00
// Wait until Elasticsearch js is ready
const checkStatus = ( ) => {
2018-03-11 16:58:47 +00:00
server . plugins . elasticsearch . waitUntilReady ( ) . then ( data => { checkKibanaStatus ( ) } )
2018-03-12 11:29:24 +00:00
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js checkStatus' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'initialize' , 'info' ] , 'Waiting for elasticsearch plugin to be ready...' ) ;
setTimeout ( ( ) => checkStatus ( ) , 3000 ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-04 18:59:36 +00:00
} ;
2017-10-27 09:07:38 +00:00
2017-12-05 15:02:09 +00:00
const reachAPI = ( wapi _config ) => {
// Now, let's see whether they have a 2.x or 3.x version
let id = wapi _config . _id ;
wapi _config = wapi _config . _source ;
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , 'Reaching ' + wapi _config . manager , 'info' )
2017-12-05 15:02:09 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'Reaching ' + wapi _config . manager ) ;
let decoded _password = Buffer . from ( wapi _config . api _password , 'base64' ) . toString ( "ascii" ) ;
if ( wapi _config . cluster _info === undefined ) { // No cluster_info in the API configuration data -> 2.x version
needle ( 'get' , ` ${ wapi _config . url } : ${ wapi _config . api _port } /version ` , { } , {
2018-03-12 11:29:24 +00:00
username : wapi _config . api _user ,
password : decoded _password ,
2017-12-05 15:02:09 +00:00
rejectUnauthorized : ! wapi _config . insecure
} )
2018-03-12 11:57:14 +00:00
. then ( response => {
log ( 'initialize.js reachAPI' , 'API is reachable ' + wapi _config . manager , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'API is reachable ' + wapi _config . manager ) ;
if ( parseInt ( response . body . error ) === 0 && response . body . data ) {
needle ( 'get' , ` ${ wapi _config . url } : ${ wapi _config . api _port } /cluster/status ` , { } , { // Checking the cluster status
username : wapi _config . api _user ,
password : decoded _password ,
rejectUnauthorized : ! wapi _config . insecure
} )
. then ( ( response ) => {
if ( ! response . body . error ) {
if ( response . body . data . enabled === 'yes' ) { // If cluster mode is active
needle ( 'get' , ` ${ wapi _config . url } : ${ wapi _config . api _port } /cluster/node ` , { } , {
username : wapi _config . api _user ,
password : decoded _password ,
rejectUnauthorized : ! wapi _config . insecure
} )
. then ( ( response ) => {
if ( ! response . body . error ) {
wapi _config . cluster _info = { } ;
wapi _config . cluster _info . status = 'enabled' ;
wapi _config . cluster _info . manager = wapi _config . manager ;
wapi _config . cluster _info . node = response . body . data . node ;
wapi _config . cluster _info . cluster = response . body . data . cluster ;
} else if ( response . body . error ) {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , response . body . error || response . body ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Could not get cluster/node information for ' , wapi _config . manager ) ;
}
} ) ;
}
else { // Cluster mode is not active
2017-12-05 15:02:09 +00:00
wapi _config . cluster _info = { } ;
2018-03-12 11:29:24 +00:00
wapi _config . cluster _info . status = 'disabled' ;
wapi _config . cluster _info . cluster = 'Disabled' ;
2017-12-05 15:02:09 +00:00
wapi _config . cluster _info . manager = wapi _config . manager ;
}
2018-03-12 11:29:24 +00:00
// We filled data for the API, let's insert it now
elasticRequest . callWithInternalUser ( 'update' , {
index : '.wazuh' ,
type : 'wazuh-configuration' ,
id : id ,
body : {
'doc' : {
"api_user" : wapi _config . api _user ,
"api_password" : wapi _config . api _password ,
"url" : wapi _config . url ,
"api_port" : wapi _config . api _port ,
"manager" : wapi _config . manager ,
"cluster_info" : {
"manager" : wapi _config . manager ,
"node" : wapi _config . cluster _info . node ,
"cluster" : wapi _config . cluster _info . cluster ,
"status" : wapi _config . cluster _info . status
} ,
}
}
} )
. then ( resp => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , 'Successfully updated proper cluster information for ' + wapi _config . manager , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'Successfully updated proper cluster information for ' + wapi _config . manager ) ;
} )
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Could not update proper cluster information for ' + wapi _config . manager + 'due to ' + err ) ;
} ) ;
} else {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , 'Could not get cluster/status information for ' + wapi _config . manager )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Could not get cluster/status information for ' + wapi _config . manager ) ;
}
2017-12-05 15:02:09 +00:00
} ) ;
2018-03-12 11:29:24 +00:00
} else {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , 'The API responded with some kind of error for ' + wapi _config . manager )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'The API responded with some kind of error for ' + wapi _config . manager ) ;
}
2017-12-05 15:02:09 +00:00
} )
2018-03-11 16:58:47 +00:00
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'API is NOT reachable ' + wapi _config . manager ) ;
// We weren't able to reach the API, reorganize data and fill with sample node and cluster name information
elasticRequest . callWithInternalUser ( 'update' , {
index : '.wazuh' ,
type : 'wazuh-configuration' ,
id : id ,
body : {
'doc' : {
"api_user" : wapi _config . api _user ,
"api_password" : wapi _config . api _password ,
"url" : wapi _config . url ,
"api_port" : wapi _config . api _port ,
"manager" : wapi _config . manager ,
"cluster_info" : {
"manager" : wapi _config . manager ,
"node" : "nodata" ,
"cluster" : "nodata" ,
"status" : "disabled"
} ,
}
}
} )
. then ( resp => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , 'Successfully updated sample cluster information for ' + wapi _config . manager , 'info' )
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'Successfully updated sample cluster information for ' + wapi _config . manager ) ;
} )
. catch ( error => {
log ( 'initialize.js reachAPI' , error . message || error ) ;
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Could not update sample cluster information for ' + wapi _config . manager + 'due to ' + err ) ;
} ) ;
2017-12-05 15:02:09 +00:00
} ) ;
} else { // 3.x version
// Nothing to be done, cluster_info is present
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPI' , 'Nothing to be done for ' + wapi _config . manager + ' as it is already a 3.x version.' + wapi _config . manager , 'info' )
2017-12-05 15:02:09 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'Nothing to be done for ' + wapi _config . manager + ' as it is already a 3.x version.' ) ;
}
} ;
// Reindex a .wazuh index from 2.x-5.x or 3.x-5.x to .wazuh and .wazuh-version in 3.x-6.x
const reindexOldVersion = ( ) => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reindexOldVersion' , ` Old version detected. Proceeding to reindex. ` , 'info' )
2017-12-05 15:02:09 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , ` Old version detected. Proceeding to reindex. ` ) ;
let configuration = {
2018-03-12 11:29:24 +00:00
"source" : {
"index" : ".wazuh" ,
"type" : "wazuh-configuration"
} ,
"dest" : {
"index" : ".old-wazuh"
}
2017-12-05 15:02:09 +00:00
} ;
// Backing up .wazuh index
elasticRequest . callWithInternalUser ( 'reindex' , { body : configuration } )
2018-03-12 11:57:14 +00:00
. then ( result => {
log ( 'initialize.js reindexOldVersion' , 'Successfully backed up .wazuh index' , 'info' )
2018-03-12 11:29:24 +00:00
// And...this response does not take into acount new index population so...let's wait for it
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'Successfully backed up .wazuh index' ) ;
setTimeout ( ( ) => swapIndex ( ) , 3000 ) ;
} )
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reindexOldVersion' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Could not begin the reindex process: ' + error ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-05 15:02:09 +00:00
} ;
const swapIndex = ( ) => {
// Deleting old .wazuh index
2018-03-12 11:57:14 +00:00
log ( 'initialize.js swapIndex' , 'Deleting old .wazuh index' , 'info' ) ;
2017-12-05 15:02:09 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'Deleting old .wazuh index.' ) ;
elasticRequest . callWithInternalUser ( 'indices.delete' , { index : ".wazuh" } )
2018-03-12 11:29:24 +00:00
. then ( data => {
let configuration = {
"source" : {
"index" : ".old-wazuh" ,
"type" : "wazuh-configuration"
} ,
2017-12-22 15:20:13 +00:00
"dest" : {
2018-03-12 11:29:24 +00:00
"index" : ".wazuh"
} ,
"script" : {
"source" : "ctx._id = new Date().getTime()" ,
"lang" : "painless"
}
} ;
2018-03-12 11:57:14 +00:00
log ( 'initialize.js swapIndex' , 'Reindexing into the new .wazuh' , 'info' ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'info' ] , 'Reindexing into the new .wazuh' ) ;
// Reindexing from .old-wazuh where the type of document is wazuh-configuration into the new index .wazuh
elasticRequest . callWithInternalUser ( 'reindex' , { body : configuration } )
. then ( ( result ) => {
// Now we need to properly replace the cluster_info into the configuration -> improvement: pagination?
// And...this response does not take into acount new index population so...let's wait for it
setTimeout ( ( ) => reachAPIs ( ) , 3000 ) ;
} )
. catch ( error => {
log ( 'initialize.js swapIndex' , error . message || error ) ;
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Could not reindex the new .wazuh: ' + error ) ;
} ) ;
2017-12-05 15:02:09 +00:00
} )
2018-03-11 16:58:47 +00:00
. catch ( error => {
2018-03-12 11:29:24 +00:00
log ( 'initialize.js swapIndex' , error . message || error ) ;
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Could not delete the old .wazuh index: ' + error ) ;
2017-12-05 15:02:09 +00:00
} ) ;
} ;
const reachAPIs = ( ) => {
2018-03-12 11:29:24 +00:00
elasticRequest . callWithInternalUser ( 'search' , { index : ".wazuh" } )
. then ( data => {
for ( var i = 0 ; i < data . hits . hits . length ; i ++ ) {
reachAPI ( data . hits . hits [ i ] ) ;
}
} )
. catch ( error => {
2018-03-12 11:57:14 +00:00
log ( 'initialize.js reachAPIs' , error . message || error ) ;
2018-03-12 11:29:24 +00:00
server . log ( [ blueWazuh , 'reindex' , 'error' ] , 'Something happened while getting old API configuration data: ' + error ) ;
2018-03-11 16:58:47 +00:00
} ) ;
2017-12-05 15:02:09 +00:00
} ;
2017-12-04 18:59:36 +00:00
// Check Kibana index and if it is prepared, start the initialization of Wazuh App.
2017-12-19 16:23:42 +00:00
checkStatus ( ) ;
2017-12-03 14:30:47 +00:00
module . exports = importAppObjects ;
2017-11-02 16:49:24 +00:00
} ;
