diff --git a/CHANGELOG.md b/CHANGELOG.md index 508393b9..1d28d1ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,25 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Docker v3.9.0_6.7.1 + +### Added + +- Support for xPACK authorized requests ([@manuasir](https://github.com/manuasir)) ([#119](https://github.com/wazuh/wazuh-docker/pull/119)) +- Add Elasticsearch cluster configuration ([@SitoRBJ](https://github.com/SitoRBJ)). ([#146](https://github.com/wazuh/wazuh-docker/pull/146)) +- Add Elasticsearch cluster configuration ([@Phandora](https://github.com/Phandora)) ([#140](https://github.com/wazuh/wazuh-docker/pull/140)) +- Setting Nginx to support several user/passwords in Kibana ([@toniMR](https://github.com/toniMR)) ([#136](https://github.com/wazuh/wazuh-docker/pull/136)) + + +### Changed + +- Use LS_JAVA_OPTS instead of old LS_HEAP_SIZE ([@ruffy91](https://github.com/ruffy91)) ([#139](https://github.com/wazuh/wazuh-docker/pull/139)) +- Changing the original Wazuh docker image to allow adding code in the entrypoint ([@Phandora](https://github.com/phandora)) ([#151](https://github.com/wazuh/wazuh-docker/pull/151)) + +### Removed + +- Removing files from Wazuh image ([@Phandora](https://github.com/phandora)) ([#153](https://github.com/wazuh/wazuh-docker/pull/153)) + ## Wazuh Docker v3.8.2_6.7.0 ### Changed diff --git a/README.md b/README.md index f3e82a5d..d40faa98 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,8 @@ In this repository you will find the containers to run: In addition, a docker-compose file is provided to launch the containers mentioned above. +* Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml). + ## Documentation * [Wazuh full documentation](http://documentation.wazuh.com) @@ -61,7 +63,7 @@ In addition, a docker-compose file is provided to launch the containers mentione * `stable` branch on correspond to the latest Wazuh-Docker stable version. * `master` branch contains the latest code, be aware of possible bugs on this branch. -* `Wazuh.Version_ElasticStack.Version` (for example 3.8.2_6.7.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch. +* `Wazuh.Version_ElasticStack.Version` (for example 3.9.0_6.7.1) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch. ## Credits and Thank you diff --git a/VERSION b/VERSION index 2c9de155..eaee0e1b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-DOCKER_VERSION="3.8.2_6.7.0" -REVISION="3803" +WAZUH-DOCKER_VERSION="3.9.0_6.7.1" +REVISION="3900" \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 03af6a96..b5e4573f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '2' services: wazuh: - image: wazuh/wazuh:3.8.2_6.7.0 + image: wazuh/wazuh:3.9.0_6.7.1 hostname: wazuh-manager restart: always ports: @@ -14,7 +14,7 @@ services: depends_on: - logstash logstash: - image: wazuh/wazuh-logstash:3.8.2_6.7.0 + image: wazuh/wazuh-logstash:3.9.0_6.7.1 hostname: logstash restart: always links: @@ -26,7 +26,7 @@ services: environment: - LS_HEAP_SIZE=2048m elasticsearch: - image: wazuh/wazuh-elasticsearch:3.8.2_6.7.0 + image: wazuh/wazuh-elasticsearch:3.9.0_6.7.1 hostname: elasticsearch restart: always ports: @@ -43,7 +43,7 @@ services: hard: -1 mem_limit: 2g kibana: - image: wazuh/wazuh-kibana:3.8.2_6.7.0 + image: wazuh/wazuh-kibana:3.9.0_6.7.1 hostname: kibana restart: always depends_on: @@ -52,7 +52,7 @@ services: - elasticsearch:elasticsearch - wazuh:wazuh nginx: - image: wazuh/wazuh-nginx:3.8.2_6.7.0 + image: wazuh/wazuh-nginx:3.9.0_6.7.1 hostname: nginx restart: always environment: diff --git a/elasticsearch/Dockerfile b/elasticsearch/Dockerfile index 2a5ff67c..f0de83fd 100644 --- a/elasticsearch/Dockerfile +++ b/elasticsearch/Dockerfile @@ -1,5 +1,7 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) -FROM docker.elastic.co/elasticsearch/elasticsearch:6.7.0 +FROM docker.elastic.co/elasticsearch/elasticsearch:6.7.1 + +ENV ELASTICSEARCH_URL="http://elasticsearch:9200" ENV ALERTS_SHARDS="1" \ ALERTS_REPLICAS="0" @@ -11,7 +13,21 @@ ENV XPACK_ML="true" ENV ENABLE_CONFIGURE_S3="false" -ENV TEMPLATE_VERSION=v3.8.2 +ENV TEMPLATE_VERSION=v3.9.0 + +# Elasticearch cluster configuration environment variables +# If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration +ENV ELASTIC_CLUSTER="false" \ + CLUSTER_NAME="wazuh" \ + CLUSTER_NODE_MASTER="true" \ + CLUSTER_NODE_DATA="true" \ + CLUSTER_NODE_INGEST="true" \ + CLUSTER_NODE_NAME="wazuh-elasticsearch" \ + CLUSTER_MEMORY_LOCK="true" \ + CLUSTER_DISCOVERY_SERVICE="wazuh-elasticsearch" \ + CLUSTER_NUMBER_OF_MASTERS="2" \ + CLUSTER_MAX_NODES="1" \ + CLUSTER_DELAYED_TIMEOUT="1m" ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/elasticsearch/config @@ -23,10 +39,13 @@ COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./ RUN chmod +x ./load_settings.sh -RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-6.7.0.zip +RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-6.7.1.zip COPY config/configure_s3.sh ./config/configure_s3.sh RUN chmod 755 ./config/configure_s3.sh +COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./ +RUN chmod +x ./config_cluster.sh + ENTRYPOINT ["/entrypoint.sh"] CMD ["elasticsearch"] diff --git a/elasticsearch/config/config_cluster.sh b/elasticsearch/config/config_cluster.sh new file mode 100644 index 00000000..b4063825 --- /dev/null +++ b/elasticsearch/config/config_cluster.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) + +elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml" + + +# If Elasticsearch cluster is enable +if [[ $ELASTIC_CLUSTER == "true" ]] +then + + # Set the cluster.name and discovery.zen.minimun_master_nodes variables + sed -i 's:cluster.name\: "docker-cluster":cluster.name\: "'$CLUSTER_NAME'":g' $elastic_config_file + sed -i 's:discovery.zen.minimum_master_nodes\: 1:discovery.zen.minimum_master_nodes\: '$CLUSTER_NUMBER_OF_MASTERS':g' $elastic_config_file + + # Add the cluster configuration + echo " +#cluster node +node: + master: ${CLUSTER_NODE_MASTER} + data: ${CLUSTER_NODE_DATA} + ingest: ${CLUSTER_NODE_INGEST} + name: ${CLUSTER_NODE_NAME} + max_local_storage_nodes: ${CLUSTER_MAX_NODES} + +bootstrap: + memory_lock: ${CLUSTER_MEMORY_LOCK} + +discovery: + zen: + ping.unicast.hosts: ${CLUSTER_DISCOVERY_SERVICE} + +" >> $elastic_config_file +fi diff --git a/elasticsearch/config/entrypoint.sh b/elasticsearch/config/entrypoint.sh index 2c394cbd..c57703f1 100644 --- a/elasticsearch/config/entrypoint.sh +++ b/elasticsearch/config/entrypoint.sh @@ -43,6 +43,8 @@ fi # Run load settings script. +./config_cluster.sh + ./load_settings.sh & # Execute elasticsearch diff --git a/elasticsearch/config/load_settings.sh b/elasticsearch/config/load_settings.sh index 17154c29..2a69b36f 100644 --- a/elasticsearch/config/load_settings.sh +++ b/elasticsearch/config/load_settings.sh @@ -3,11 +3,7 @@ set -e -if [ "x${ELASTICSEARCH_URL}" = "x" ]; then - el_url="http://elasticsearch:9200" -else - el_url="${ELASTICSEARCH_URL}" -fi +el_url=${ELASTICSEARCH_URL} if [ "x${WAZUH_API_URL}" = "x" ]; then wazuh_url="https://wazuh" @@ -15,8 +11,13 @@ else wazuh_url="${WAZUH_API_URL}" fi +if [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then + auth="" +else + auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" +fi -until curl -XGET $el_url; do +until curl ${auth} -XGET $el_url; do >&2 echo "Elastic is unavailable - sleeping" sleep 5 done @@ -46,7 +47,7 @@ fi sed -i 's| "index.refresh_interval": "5s"| "index.refresh_interval": "5s", "number_of_shards" : '"${ALERTS_SHARDS}"', "number_of_replicas" : '"${ALERTS_REPLICAS}"'|' /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json -cat /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" -H 'Content-Type: application/json' -d @- +cat /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" ${auth} -H 'Content-Type: application/json' -d @- sleep 5 @@ -55,9 +56,9 @@ API_USER_Q=`echo "$API_USER" | tr -d '"'` API_PASSWORD=`echo -n $API_PASS_Q | base64` echo "Setting API credentials into Wazuh APP" -CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013) +CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013 ${auth}) if [ "x$CONFIG_CODE" = "x404" ]; then - curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d' + curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 ${auth} -H 'Content-Type: application/json' -d' { "api_user": "'"$API_USER_Q"'", "api_password": "'"$API_PASSWORD"'", @@ -86,7 +87,7 @@ else fi sleep 5 -curl -XPUT "$el_url/_cluster/settings" -H 'Content-Type: application/json' -d' +curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d' { "persistent": { "xpack.monitoring.collection.enabled": true @@ -94,5 +95,14 @@ curl -XPUT "$el_url/_cluster/settings" -H 'Content-Type: application/json' -d' } ' +# Set cluster delayed timeout when node falls +curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d' +{ + "settings": { + "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'" + } +} +' + echo "Elasticsearch is ready." diff --git a/kibana/Dockerfile b/kibana/Dockerfile index 767c33d2..2c358f1b 100644 --- a/kibana/Dockerfile +++ b/kibana/Dockerfile @@ -1,6 +1,6 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) -FROM docker.elastic.co/kibana/kibana:6.7.0 -ARG WAZUH_APP_VERSION=3.8.2_6.7.0 +FROM docker.elastic.co/kibana/kibana:6.7.1 +ARG WAZUH_APP_VERSION=3.9.0_6.7.1 USER root ADD https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp diff --git a/kibana/config/entrypoint.sh b/kibana/config/entrypoint.sh index f7788d29..f171374f 100644 --- a/kibana/config/entrypoint.sh +++ b/kibana/config/entrypoint.sh @@ -13,8 +13,14 @@ else el_url="${ELASTICSEARCH_URL}" fi -until curl -XGET $el_url; do - >&2 echo "Elastic is unavailable - sleeping." +if [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then + auth="" +else + auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" +fi + +until curl -XGET $el_url ${auth}; do + >&2 echo "Elastic is unavailable - sleeping" sleep 5 done diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile index e25f7936..c7b396b0 100644 --- a/wazuh/Dockerfile +++ b/wazuh/Dockerfile @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) FROM phusion/baseimage:latest ARG FILEBEAT_VERSION=6.7.0 -ARG WAZUH_VERSION=3.8.2-1 +ARG WAZUH_VERSION=3.9.0-1 ENV API_USER="foo" \ API_PASS="bar" @@ -18,12 +18,16 @@ RUN add-apt-repository universe && apt-get update && apt-get upgrade -y -o Dpkg: apt-get --no-install-recommends --no-install-suggests -y install openssl postfix bsd-mailx python-boto python-pip \ apt-transport-https vim expect nodejs python-cryptography mailutils libsasl2-modules wazuh-manager=${WAZUH_VERSION} \ wazuh-api=${WAZUH_VERSION} && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && rm -f \ - /var/ossec/logs/alerts/*/*/*.log && rm -f /var/ossec/logs/alerts/*/*/*.json + /var/ossec/logs/alerts/*/*/*.log && rm -f /var/ossec/logs/alerts/*/*/*.json && rm -f \ + /var/ossec/logs/archives/*/*/*.log && rm -f /var/ossec/logs/archives/*/*/*.json && rm -f \ + /var/ossec/logs/firewall/*/*/*.log && rm -f /var/ossec/logs/firewall/*/*/*.json # Adding first run script and entrypoint COPY config/data_dirs.env /data_dirs.env COPY config/init.bash /init.bash +RUN mkdir /entrypoint-scripts COPY config/entrypoint.sh /entrypoint.sh +COPY config/00-wazuh.sh /entrypoint-scripts/00-wazuh.sh # Sync calls are due to https://github.com/docker/docker/issues/9547 RUN chmod 755 /init.bash && \ @@ -31,7 +35,8 @@ RUN chmod 755 /init.bash && \ sync && rm /init.bash && \ curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\ dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \ - chmod 755 /entrypoint.sh + chmod 755 /entrypoint.sh && \ + chmod 755 /entrypoint-scripts/00-wazuh.sh COPY config/filebeat.yml /etc/filebeat/ RUN chmod go-w /etc/filebeat/filebeat.yml diff --git a/wazuh/config/00-wazuh.sh b/wazuh/config/00-wazuh.sh new file mode 100644 index 00000000..5935f8cb --- /dev/null +++ b/wazuh/config/00-wazuh.sh @@ -0,0 +1,151 @@ +#!/bin/bash +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) + +# +# OSSEC container bootstrap. See the README for information of the environment +# variables expected by this script. +# + +# + +# +# Startup the services +# + +source /data_dirs.env + +FIRST_TIME_INSTALLATION=false + +WAZUH_INSTALL_PATH=/var/ossec +DATA_PATH=${WAZUH_INSTALL_PATH}/data + +WAZUH_CONFIG_MOUNT=/wazuh-config-mount + +print() { + echo -e $1 +} + +error_and_exit() { + echo "Error executing command: '$1'." + echo 'Exiting.' + exit 1 +} + +exec_cmd() { + eval $1 > /dev/null 2>&1 || error_and_exit "$1" +} + +exec_cmd_stdout() { + eval $1 2>&1 || error_and_exit "$1" +} + +edit_configuration() { # $1 -> setting, $2 -> value + sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)" +} + +for ossecdir in "${DATA_DIRS[@]}"; do + if [ ! -e "${DATA_PATH}/${ossecdir}" ] + then + print "Installing ${ossecdir}" + exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})" + exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}" + FIRST_TIME_INSTALLATION=true + fi +done + +if [ -e ${WAZUH_INSTALL_PATH}/etc-template ] +then + cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf +fi +rm /var/ossec/queue/db/.template.db + +touch ${DATA_PATH}/process_list +chgrp ossec ${DATA_PATH}/process_list +chmod g+rw ${DATA_PATH}/process_list + +AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true} +API_GENERATE_CERTS=${API_GENERATE_CERTS:-true} + +if [ $FIRST_TIME_INSTALLATION == true ] +then + if [ $AUTO_ENROLLMENT_ENABLED == true ] + then + if [ ! -e ${DATA_PATH}/etc/sslmanager.key ] + then + print "Creating ossec-authd key and cert" + exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096" + exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" + fi + fi + if [ $API_GENERATE_CERTS == true ] + then + if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ] + then + print "Enabling Wazuh API HTTPS" + edit_configuration "https" "yes" + print "Create Wazuh API key and cert" + exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096" + exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/" + fi + fi +fi + +############################################################################## +# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect +# destination files permissions +# +# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at +# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will +# replace the ossec.conf file in /var/ossec/data/etc with yours. +############################################################################## +if [ -e "$WAZUH_CONFIG_MOUNT" ] +then + print "Identified Wazuh configuration files to mount..." + + exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH" +else + print "No Wazuh configuration files to mount..." +fi + +function ossec_shutdown(){ + ${WAZUH_INSTALL_PATH}/bin/ossec-control stop; +} + +# Trap exit signals and do a proper shutdown +trap "ossec_shutdown; exit" SIGINT SIGTERM + +chmod -R g+rw ${DATA_PATH} + +############################################################################## +# Interpret any passed arguments (via docker command to this entrypoint) as +# paths or commands, and execute them. +# +# This can be useful for actions that need to be run before the services are +# started, such as "/var/ossec/bin/ossec-control enable agentless". +############################################################################## +for CUSTOM_COMMAND in "$@" +do + echo "Executing command \`${CUSTOM_COMMAND}\`" + exec_cmd_stdout "${CUSTOM_COMMAND}" +done + +############################################################################## +# Change Wazuh API user credentials. +############################################################################## + +pushd /var/ossec/api/configuration/auth/ + +echo "Change Wazuh API user credentials" +change_user="node htpasswd -b -c user $API_USER $API_PASS" +eval $change_user + +popd + + +############################################################################## +# Customize filebeat output ip +############################################################################## +if [ "$FILEBEAT_OUTPUT" != "" ]; then + sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml +fi + diff --git a/wazuh/config/entrypoint.sh b/wazuh/config/entrypoint.sh index 67107f55..bc07ae4a 100644 --- a/wazuh/config/entrypoint.sh +++ b/wazuh/config/entrypoint.sh @@ -1,154 +1,12 @@ #!/bin/bash # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) -# -# OSSEC container bootstrap. See the README for information of the environment -# variables expected by this script. -# +# It will run every .sh script located in entrypoint-scripts folder in lexicographical order +for script in `ls /entrypoint-scripts/*.sh | sort -n`; do + bash "$script" -# - -# -# Startup the services -# - -source /data_dirs.env - -FIRST_TIME_INSTALLATION=false - -WAZUH_INSTALL_PATH=/var/ossec -DATA_PATH=${WAZUH_INSTALL_PATH}/data - -WAZUH_CONFIG_MOUNT=/wazuh-config-mount - -print() { - echo -e $1 -} - -error_and_exit() { - echo "Error executing command: '$1'." - echo 'Exiting.' - exit 1 -} - -exec_cmd() { - eval $1 > /dev/null 2>&1 || error_and_exit "$1" -} - -exec_cmd_stdout() { - eval $1 2>&1 || error_and_exit "$1" -} - -edit_configuration() { # $1 -> setting, $2 -> value - sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)" -} - -for ossecdir in "${DATA_DIRS[@]}"; do - if [ ! -e "${DATA_PATH}/${ossecdir}" ] - then - print "Installing ${ossecdir}" - exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})" - exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}" - FIRST_TIME_INSTALLATION=true - fi done -if [ -e ${WAZUH_INSTALL_PATH}/etc-template ] -then - cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf -fi -rm /var/ossec/queue/db/.template.db - -touch ${DATA_PATH}/process_list -chgrp ossec ${DATA_PATH}/process_list -chmod g+rw ${DATA_PATH}/process_list - -AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true} -API_GENERATE_CERTS=${API_GENERATE_CERTS:-true} - -if [ $FIRST_TIME_INSTALLATION == true ] -then - if [ $AUTO_ENROLLMENT_ENABLED == true ] - then - if [ ! -e ${DATA_PATH}/etc/sslmanager.key ] - then - print "Creating ossec-authd key and cert" - exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096" - exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" - fi - fi - if [ $API_GENERATE_CERTS == true ] - then - if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ] - then - print "Enabling Wazuh API HTTPS" - edit_configuration "https" "yes" - print "Create Wazuh API key and cert" - exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096" - exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/" - fi - fi -fi - -############################################################################## -# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect -# destination files permissions -# -# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at -# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will -# replace the ossec.conf file in /var/ossec/data/etc with yours. -############################################################################## -if [ -e "$WAZUH_CONFIG_MOUNT" ] -then - print "Identified Wazuh configuration files to mount..." - - exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH" -else - print "No Wazuh configuration files to mount..." -fi - -function ossec_shutdown(){ - ${WAZUH_INSTALL_PATH}/bin/ossec-control stop; -} - -# Trap exit signals and do a proper shutdown -trap "ossec_shutdown; exit" SIGINT SIGTERM - -chmod -R g+rw ${DATA_PATH} - -############################################################################## -# Interpret any passed arguments (via docker command to this entrypoint) as -# paths or commands, and execute them. -# -# This can be useful for actions that need to be run before the services are -# started, such as "/var/ossec/bin/ossec-control enable agentless". -############################################################################## -for CUSTOM_COMMAND in "$@" -do - echo "Executing command \`${CUSTOM_COMMAND}\`" - exec_cmd_stdout "${CUSTOM_COMMAND}" -done - -############################################################################## -# Change Wazuh API user credentials. -############################################################################## - -pushd /var/ossec/api/configuration/auth/ - -echo "Change Wazuh API user credentials" -change_user="node htpasswd -b -c user $API_USER $API_PASS" -eval $change_user - -popd - - -############################################################################## -# Customize filebeat output ip -############################################################################## -if [ "$FILEBEAT_OUTPUT" != "" ]; then - sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml -fi - ############################################################################## # Start Wazuh Server. ##############################################################################