update docker kibana code

docker-compose.yml

@@ -2,7 +2,7 @@ version: '2'
 
 services:
   wazuh:
-    build: wazuh/
+    image: wazuh/wazuh
     hostname: wazuh-manager
     restart: always
     ports:
@@ -11,38 +11,26 @@ services:
 #      - "514/udp:514/udp"
       - "55000:55000"
     networks:
-       docker_elk:
-          ipv4_address: 172.25.0.101
-    extra_hosts:
-      - "logstash:172.25.0.102"
-      - "elasticsearch:172.25.0.103"
-      - "kibana:172.25.0.104"
-#    volumes:
-#      - /mnt/data/ossec/wazuh:/var/ossec/data
+        - docker_elk
     depends_on:
       - elasticsearch
   logstash:
-    build: logstash/
+    image: wazuh/wazuh-logstash
     hostname: logstash
     command: -f /etc/logstash/conf.d/
     links:
      - kibana
      - elasticsearch
-#    ports:
-#      - "5000:5000"
+    ports:
+      - "5000:5000"
     networks:
-       docker_elk:
-          ipv4_address: 172.25.0.102
-    extra_hosts:
-      - "wazuh:172.25.0.101"
-      - "elasticsearch:172.25.0.103"
-      - "kibana:172.25.0.104"
+        - docker_elk
     depends_on:
       - elasticsearch
     environment:
       - LS_HEAP_SIZE=2048m
   elasticsearch:
-    image: elasticsearch:5.1.2
+    image: elasticsearch:5.2.0
     hostname: elasticsearch
     restart: always
     command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0
@@ -51,28 +39,16 @@ services:
       - "9300:9300"
     environment:
       ES_JAVA_OPTS: "-Xms2g -Xmx2g"
-#    volumes:
-#      - /mnt/data/ossec/elasticsearch:/usr/share/elasticsearch/data
     networks:
-       docker_elk:
-          ipv4_address: 172.25.0.103
-    extra_hosts:
-      - "wazuh:172.25.0.101"
-      - "logstash:172.25.0.102"
-      - "kibana:172.25.0.104"
+        - docker_elk
   kibana:
-    build: kibana/
+    image: wazuh/wazuh-kibana
     hostname: kibana
     restart: always
     ports:
       - "5601:5601"
     networks:
-       docker_elk:
-          ipv4_address: 172.25.0.104
-    extra_hosts:
-      - "wazuh:172.25.0.101"
-      - "logstash:172.25.0.102"
-      - "elasticsearch:172.25.0.103"
+        - docker_elk
     depends_on:
       - elasticsearch
     entrypoint: sh wait-for-it.sh elasticsearch

kibana/Dockerfile

@@ -1,9 +1,7 @@
-FROM kibana:5.1.2
+FROM kibana:5.2.0
 
 RUN apt-get update && apt-get install -y curl
 
 COPY ./config/kibana.yml /opt/kibana/config/kibana.yml
 
-RUN /usr/share/kibana/bin/kibana-plugin install http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/wazuhapp/wazuhapp.zip
-
 COPY config/wait-for-it.sh /

kibana/config/wait-for-it.sh

@@ -11,7 +11,14 @@ until curl -XGET $host:9200; do
   sleep 1
 done
 
-sleep 60
+sleep 30
 
 >&2 echo "Elastic is up - executing command"
+
+if /usr/share/kibana/bin/kibana-plugin list | grep wazuh; then
+  echo "Wazuh APP already installed"
+else
+  /usr/share/kibana/bin/kibana-plugin install http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/wazuhapp/wazuhapp.zip
+fi
+
 exec $cmd

logstash/Dockerfile

@@ -1,4 +1,4 @@
-FROM logstash:5.1.2
+FROM logstash:5.2.0
 
 RUN apt-get update
 

wazuh/Dockerfile

@@ -4,8 +4,6 @@ COPY config/*.repo /etc/yum.repos.d/
 
 RUN yum -y update; yum clean all;
 RUN yum -y install epel-release openssl useradd; yum clean all
-RUN groupadd -g 1000 ossec
-RUN useradd -u 1000 -g 1000 ossec
 RUN yum install -y wazuh-manager wazuh-api
 
 ADD config/data_dirs.env /data_dirs.env

wazuh/config/run.sh

@@ -45,33 +45,6 @@ then
         -subj /CN=${HOSTNAME}/
     fi
   fi
-  #
-  # Support SYSLOG forwarding, if configured
-  #
-  SYSLOG_FORWADING_ENABLED=${SYSLOG_FORWADING_ENABLED:-false}
-  if [ $SYSLOG_FORWADING_ENABLED == true ]
-  then
-    if [ -z "$SYSLOG_FORWARDING_SERVER_IP" ]
-    then
-      echo "Cannot setup sylog forwarding because SYSLOG_FORWARDING_SERVER_IP is not defined"
-    else
-      SYSLOG_FORWARDING_SERVER_PORT=${SYSLOG_FORWARDING_SERVER_PORT:-514}
-      SYSLOG_FORWARDING_FORMAT=${SYSLOG_FORWARDING_FORMAT:-default}
-      SYSLOG_XML_SNIPPET="\
-  <syslog_output>\n\
-    <server>${SYSLOG_FORWARDING_SERVER_IP}</server>\n\
-    <port>${SYSLOG_FORWARDING_SERVER_PORT}</port>\n\
-    <format>${SYSLOG_FORWARDING_FORMAT}</format>\n\
-  </syslog_output>";
-
-      cat /var/ossec/etc/ossec.conf |\
-        perl -pe "s,<ossec_config>,<ossec_config>\n${SYSLOG_XML_SNIPPET}\n," \
-        > /var/ossec/etc/ossec.conf-new
-      mv -f /var/ossec/etc/ossec.conf-new /var/ossec/etc/ossec.conf
-      chgrp ossec /var/ossec/etc/ossec.conf
-      /var/ossec/bin/ossec-control enable client-syslog
-    fi
-  fi
 fi
 
 function ossec_shutdown(){
@@ -87,7 +60,6 @@ trap "ossec_shutdown; exit" SIGINT SIGTERM
 
 chmod -R g+rw ${DATA_PATH}
 
-
 if [ $AUTO_ENROLLMENT_ENABLED == true ]
 then
   echo "Starting ossec-authd..."
@@ -97,8 +69,7 @@ fi
 sleep 15 # give ossec a reasonable amount of time to start before checking status
 LAST_OK_DATE=`date +%s`
 
-## Update rules and decoders with Wazuh Ruleset
-#cd /var/ossec/update/ruleset && python ossec_ruleset.py
+## Start services
 
 /bin/node /var/ossec/api/app.js &
 /usr/bin/filebeat.sh &

wazuh/config/wazuh.repo

@@ -3,5 +3,5 @@ gpgcheck=1
 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 enabled=1
 name=CENTOS-$releasever - Wazuh
-baseurl=http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/yum/el/$releasever/$basearch
+baseurl=https://packages.wazuh.com/yum/el/$releasever/$basearch
 protect=1