From 31a0c76d39ad8ce3ac0e48bef874ee69bc1c02f3 Mon Sep 17 00:00:00 2001 From: Jose Luis Ruiz Date: Fri, 10 Feb 2017 23:27:31 +0100 Subject: [PATCH] update docker kibana code --- docker-compose.yml | 44 ++++++++---------------------------- kibana/Dockerfile | 4 +--- kibana/config/wait-for-it.sh | 9 +++++++- logstash/Dockerfile | 2 +- wazuh/Dockerfile | 2 -- wazuh/config/run.sh | 31 +------------------------ wazuh/config/wazuh.repo | 2 +- 7 files changed, 22 insertions(+), 72 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index aebc9f2c..f1d4b5e2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: wazuh: - build: wazuh/ + image: wazuh/wazuh hostname: wazuh-manager restart: always ports: @@ -11,38 +11,26 @@ services: # - "514/udp:514/udp" - "55000:55000" networks: - docker_elk: - ipv4_address: 172.25.0.101 - extra_hosts: - - "logstash:172.25.0.102" - - "elasticsearch:172.25.0.103" - - "kibana:172.25.0.104" -# volumes: -# - /mnt/data/ossec/wazuh:/var/ossec/data + - docker_elk depends_on: - elasticsearch logstash: - build: logstash/ + image: wazuh/wazuh-logstash hostname: logstash command: -f /etc/logstash/conf.d/ links: - kibana - elasticsearch -# ports: -# - "5000:5000" + ports: + - "5000:5000" networks: - docker_elk: - ipv4_address: 172.25.0.102 - extra_hosts: - - "wazuh:172.25.0.101" - - "elasticsearch:172.25.0.103" - - "kibana:172.25.0.104" + - docker_elk depends_on: - elasticsearch environment: - LS_HEAP_SIZE=2048m elasticsearch: - image: elasticsearch:5.1.2 + image: elasticsearch:5.2.0 hostname: elasticsearch restart: always command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0 @@ -51,28 +39,16 @@ services: - "9300:9300" environment: ES_JAVA_OPTS: "-Xms2g -Xmx2g" -# volumes: -# - /mnt/data/ossec/elasticsearch:/usr/share/elasticsearch/data networks: - docker_elk: - ipv4_address: 172.25.0.103 - extra_hosts: - - "wazuh:172.25.0.101" - - "logstash:172.25.0.102" - - "kibana:172.25.0.104" + - docker_elk kibana: - build: kibana/ + image: wazuh/wazuh-kibana hostname: kibana restart: always ports: - "5601:5601" networks: - docker_elk: - ipv4_address: 172.25.0.104 - extra_hosts: - - "wazuh:172.25.0.101" - - "logstash:172.25.0.102" - - "elasticsearch:172.25.0.103" + - docker_elk depends_on: - elasticsearch entrypoint: sh wait-for-it.sh elasticsearch diff --git a/kibana/Dockerfile b/kibana/Dockerfile index c13271d3..5a11c0f2 100644 --- a/kibana/Dockerfile +++ b/kibana/Dockerfile @@ -1,9 +1,7 @@ -FROM kibana:5.1.2 +FROM kibana:5.2.0 RUN apt-get update && apt-get install -y curl COPY ./config/kibana.yml /opt/kibana/config/kibana.yml -RUN /usr/share/kibana/bin/kibana-plugin install http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/wazuhapp/wazuhapp.zip - COPY config/wait-for-it.sh / diff --git a/kibana/config/wait-for-it.sh b/kibana/config/wait-for-it.sh index d586cd7b..6f5ab1ec 100644 --- a/kibana/config/wait-for-it.sh +++ b/kibana/config/wait-for-it.sh @@ -11,7 +11,14 @@ until curl -XGET $host:9200; do sleep 1 done -sleep 60 +sleep 30 >&2 echo "Elastic is up - executing command" + +if /usr/share/kibana/bin/kibana-plugin list | grep wazuh; then + echo "Wazuh APP already installed" +else + /usr/share/kibana/bin/kibana-plugin install http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/wazuhapp/wazuhapp.zip +fi + exec $cmd diff --git a/logstash/Dockerfile b/logstash/Dockerfile index 9a509260..2eff489f 100644 --- a/logstash/Dockerfile +++ b/logstash/Dockerfile @@ -1,4 +1,4 @@ -FROM logstash:5.1.2 +FROM logstash:5.2.0 RUN apt-get update diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile index 7918d20c..097c9b74 100644 --- a/wazuh/Dockerfile +++ b/wazuh/Dockerfile @@ -4,8 +4,6 @@ COPY config/*.repo /etc/yum.repos.d/ RUN yum -y update; yum clean all; RUN yum -y install epel-release openssl useradd; yum clean all -RUN groupadd -g 1000 ossec -RUN useradd -u 1000 -g 1000 ossec RUN yum install -y wazuh-manager wazuh-api ADD config/data_dirs.env /data_dirs.env diff --git a/wazuh/config/run.sh b/wazuh/config/run.sh index fabd4951..32bc786a 100644 --- a/wazuh/config/run.sh +++ b/wazuh/config/run.sh @@ -45,33 +45,6 @@ then -subj /CN=${HOSTNAME}/ fi fi - # - # Support SYSLOG forwarding, if configured - # - SYSLOG_FORWADING_ENABLED=${SYSLOG_FORWADING_ENABLED:-false} - if [ $SYSLOG_FORWADING_ENABLED == true ] - then - if [ -z "$SYSLOG_FORWARDING_SERVER_IP" ] - then - echo "Cannot setup sylog forwarding because SYSLOG_FORWARDING_SERVER_IP is not defined" - else - SYSLOG_FORWARDING_SERVER_PORT=${SYSLOG_FORWARDING_SERVER_PORT:-514} - SYSLOG_FORWARDING_FORMAT=${SYSLOG_FORWARDING_FORMAT:-default} - SYSLOG_XML_SNIPPET="\ - \n\ - ${SYSLOG_FORWARDING_SERVER_IP}\n\ - ${SYSLOG_FORWARDING_SERVER_PORT}\n\ - ${SYSLOG_FORWARDING_FORMAT}\n\ - "; - - cat /var/ossec/etc/ossec.conf |\ - perl -pe "s,,\n${SYSLOG_XML_SNIPPET}\n," \ - > /var/ossec/etc/ossec.conf-new - mv -f /var/ossec/etc/ossec.conf-new /var/ossec/etc/ossec.conf - chgrp ossec /var/ossec/etc/ossec.conf - /var/ossec/bin/ossec-control enable client-syslog - fi - fi fi function ossec_shutdown(){ @@ -87,7 +60,6 @@ trap "ossec_shutdown; exit" SIGINT SIGTERM chmod -R g+rw ${DATA_PATH} - if [ $AUTO_ENROLLMENT_ENABLED == true ] then echo "Starting ossec-authd..." @@ -97,8 +69,7 @@ fi sleep 15 # give ossec a reasonable amount of time to start before checking status LAST_OK_DATE=`date +%s` -## Update rules and decoders with Wazuh Ruleset -#cd /var/ossec/update/ruleset && python ossec_ruleset.py +## Start services /bin/node /var/ossec/api/app.js & /usr/bin/filebeat.sh & diff --git a/wazuh/config/wazuh.repo b/wazuh/config/wazuh.repo index c1486ba4..6161b05c 100644 --- a/wazuh/config/wazuh.repo +++ b/wazuh/config/wazuh.repo @@ -3,5 +3,5 @@ gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=CENTOS-$releasever - Wazuh -baseurl=http://packages.wazuh.com.s3-website-us-west-1.amazonaws.com/yum/el/$releasever/$basearch +baseurl=https://packages.wazuh.com/yum/el/$releasever/$basearch protect=1