Changing permissions within files in wazuh kubernetes
242 views
Skip to first unread message
Aishwarya Vinod
Jul 24, 2024, 1:43:53 PM7/24/24
to Wazuh | Mailing List
Hi Team,
chmod 750 /var/ossec/integrations/custom-urlhaus.py
chown root:wazuh /var/ossec/integrations/custom-urlhaus.py
so should I create a new docker image from the existing image provided, as permission change within pods are quite challenging. Any suggestions would be helpful
Need suggestion for the following, I have my wazuh deployment on kubernetes cluster. I need to integrate microsoft teams with wazuh . For that I need to mount additional files which are part of teams in var/ossec/intergrations path. Once the script has been created, the file owner and group are changed to root:wazuh, and execution permissions are given.
chmod 750 /var/ossec/integrations/custom-urlhaus.py
chown root:wazuh /var/ossec/integrations/custom-urlhaus.py
so should I create a new docker image from the existing image provided, as permission change within pods are quite challenging. Any suggestions would be helpful
Rodolfo Arce Sannemann
Jul 25, 2024, 12:50:46 PM7/25/24
to Wazuh | Mailing List
Hello Aishwarya
I think that it depends on your minimal requirements and your deployment needs.
I think the more straightforward approach is to deploy a volume with the integration script to the pod. However, you might need to do it for the files, not the full directory, because there are other scripts in that directory.
I think that it depends on your minimal requirements and your deployment needs.
I think the more straightforward approach is to deploy a volume with the integration script to the pod. However, you might need to do it for the files, not the full directory, because there are other scripts in that directory.
What you mention is also a great solution to customize the container image with your scripts, but I think that is an approach when you deploy multiple instances, and all of them need that customization. When creating and destroying instances many times, the script must be present each time. It's persistent in the image (all the times you might deploy) rather than doing it once for a single deployment.
Regards.. R
Aishwarya Vinod
Jul 26, 2024, 10:53:25 AM7/26/24
to Wazuh | Mailing List
Hey
Rodolfo,
chmod 750 /var/ossec/integrations/custom-urlhaus.py
chown root:wazuh /var/ossec/integrations/custom-urlhaus.py
Thanks much for the response. I am still doubtful on the volume part as I have multiple integrations to be added in my master statefulset file (Teams, GCP, Virustotal, Suricata), so did proceed with creating a custom image from existing
image wazuh/wazuh-manager:4.8.1, tried sample testing where I added below permission script
image wazuh/wazuh-manager:4.8.1, tried sample testing where I added below permission script
chmod 750 /var/ossec/integrations/custom-urlhaus.py
chown root:wazuh /var/ossec/integrations/custom-urlhaus.py
I checked the path and saw this :
-rwxrwxr-x 1 root wazuh 0 Jul 19 10:21 custom-urlhaus.py
And I saw this error coming post debugging
wazuh-integratord: ERROR: At wpopenv(): file 'integrations/custom-urlhaus.py' has write permissions. wazuh-integratord: ERROR: Couldn't execute command (integrations /tmp/custom-urlhaus.py.alert
-rwxrwxr-x 1 root wazuh 0 Jul 19 10:21 custom-urlhaus.py
And I saw this error coming post debugging
wazuh-integratord: ERROR: At wpopenv(): file 'integrations/custom-urlhaus.py' has write permissions. wazuh-integratord: ERROR: Couldn't execute command (integrations /tmp/custom-urlhaus.py.alert
Aishwarya Vinod
Jul 31, 2024, 3:29:23 AM7/31/24
to Wazuh | Mailing List
Hi Rodolfo,
I did use the mounting approach you suggested, added configmaps for the python script and used below configuration in statefulset :
(I am following this documentation of urlhaus : https://wazuh.com/blog/detecting-malicious-urls-using-wazuh-and-urlhaus/)
initContainers:
- name: volume-mount-hack
image: busybox
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
command:
- sh
- '-c'
- 'chmod 750 /var/ossec/integrations/custom-urlhaus.py && chown root:wazuh /var/ossec/integrations/custom-urlhaus.py'
volumeMounts:
- name: config
mountPath: /var/ossec/integrations/custom-urlhaus.py
subPath: custom-urlhaus.py
volumeMounts:
- name: config
mountPath: /var/ossec/integrations/custom-urlhaus.py
subPath: custom-urlhaus.py
readOnly: false
I see that permisisons are failing due to the error : chmod: /var/ossec/integrations/custom-urlhaus.py: Read-only file system
Can someone help me on how to change the permissions? Right now post mounting permissions are
-rw-r--r-- 1 root 101 5441 custom-urlhaus.py
I believe user is 101 since we add
securityContext:
fsGroup: 101
Any suggestions?
- name: volume-mount-hack
image: busybox
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
command:
- sh
- '-c'
- 'chmod 750 /var/ossec/integrations/custom-urlhaus.py && chown root:wazuh /var/ossec/integrations/custom-urlhaus.py'
volumeMounts:
- name: config
mountPath: /var/ossec/integrations/custom-urlhaus.py
subPath: custom-urlhaus.py
volumeMounts:
- name: config
mountPath: /var/ossec/integrations/custom-urlhaus.py
subPath: custom-urlhaus.py
readOnly: false
I see that permisisons are failing due to the error : chmod: /var/ossec/integrations/custom-urlhaus.py: Read-only file system
Can someone help me on how to change the permissions? Right now post mounting permissions are
-rw-r--r-- 1 root 101 5441 custom-urlhaus.py
I believe user is 101 since we add
securityContext:
fsGroup: 101
Any suggestions?
Rodolfo Arce Sannemann
Aug 2, 2024, 7:19:19 AM8/2/24
to Wazuh | Mailing List
Hello Aishwarya:
When you apply fsGroups and volumes, you can set up a policy to match the root fs and the volume's permissions and owners.
When you apply fsGroups and volumes, you can set up a policy to match the root fs and the volume's permissions and owners.
This documentation may be of help.
Regards.. R
Patricio Roig
Oct 23, 2024, 8:03:47 AM10/23/24
to Wazuh | Mailing List
Hi Aishwarya, did you find a way to solve the problem of mounting files for the integrations of Wazuh and changing the perms & owner? I'm having the same trouble, any help would be apreciated! Regards.
Reply all
Reply to author
Forward
0 new messages