From 2efaf8c8d6330e35bf5d9ec7ab938c705a24ea92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Victor=20Ere=C3=B1=C3=BA?= <56500015+vcerenu@users.noreply.github.com> Date: Tue, 13 May 2025 01:01:03 +1000 Subject: [PATCH 1/9] Revert "Add wazuh agent test and push" --- .../Procedure_push_docker_images.yml | 4 +- .github/workflows/push.yml | 61 +++---------------- CHANGELOG.md | 1 - 3 files changed, 10 insertions(+), 56 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 0c2ba934..b9eb62e5 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -14,7 +14,7 @@ on: required: true products: description: 'Comma-separated list of the image names to build and push' - default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent' + default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer' required: true filebeat_module_version: description: 'Filebeat module version' @@ -52,7 +52,7 @@ on: type: string products: description: 'Comma-separated list of the image names to build and push' - default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent' + default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer' required: true type: string filebeat_module_version: diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 8e508384..94bf3b7c 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -8,7 +8,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v3 - name: Install docker-compose run: | @@ -27,7 +27,6 @@ jobs: docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar - docker save wazuh/wazuh-agent:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar - name: Temporarily save Wazuh manager Docker image uses: actions/upload-artifact@v4 @@ -50,13 +49,6 @@ jobs: path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar retention-days: 1 - - name: Temporarily save Wazuh agent Docker image - uses: actions/upload-artifact@v4 - with: - name: docker-artifact-agent - path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar - retention-days: 1 - - name: Install Goss uses: e1himself/goss-installation-action@v1.0.3 with: @@ -74,7 +66,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v3 - name: Install docker-compose run: | @@ -99,17 +91,12 @@ jobs: with: name: docker-artifact-dashboard - - name: Retrieve saved Wazuh agent Docker image - uses: actions/download-artifact@v4 - with: - name: docker-artifact-agent - - name: Docker load run: | docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar - docker load --input ./wazuh-agent.tar + - name: Create single node certficates run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator @@ -198,20 +185,7 @@ jobs: exit 1 fi - - name: Modify Docker endpoint into Wazuh agent docker-compose.yml file - run: sed -i "s//$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml - - - name: Start Wazuh agent - run: docker-compose -f wazuh-agent/docker-compose.yml up -d - - - name: Check Wazuh agent enrollment - run: | - sleep 20 - curl -k -s -X GET "https://localhost:55000/agents?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" - env: - TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") - - - name: Check errors in ossec.log for Wazuh manager + - name: Check errors in ossec.log run: ./.github/single-node-log-check.sh check-multi-node: @@ -220,7 +194,7 @@ jobs: steps: - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@v3 - name: Install docker-compose run: | @@ -248,18 +222,12 @@ jobs: with: name: docker-artifact-indexer - - name: Retrieve saved Wazuh agent Docker image - uses: actions/download-artifact@v4 - with: - name: docker-artifact-agent - - name: Docker load run: | docker load --input ./wazuh-manager.tar docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar - docker load --input ./wazuh-agent.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-agent.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar - name: Create multi node certficates run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator @@ -366,18 +334,5 @@ jobs: exit 1 fi - - name: Modify Docker endpoint into Wazuh agent docker-compose.yml file - run: sed -i "s//$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml - - - name: Start Wazuh agent - run: docker-compose -f wazuh-agent/docker-compose.yml up -d - - - name: Check Wazuh agent enrollment - run: | - sleep 20 - curl -k -s -X GET "https://localhost:55000/agents?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" - env: - TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") - - - name: Check errors in ossec.log for Wazuh manager - run: ./.github/multi-node-log-check.sh + - name: Check errors in ossec.log + run: ./.github/multi-node-log-check.sh \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 83a54908..fabec1b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,6 @@ All notable changes to this project will be documented in this file. ### Added -- Add wazuh agent test and push ([#1809](https://github.com/wazuh/wazuh-docker/pull/1809)) - Add Wazuh agent image build and deploy ([#1801](https://github.com/wazuh/wazuh-docker/pull/1801)) ### Changed From 6875c81bed78e39ec9397bd9063236964068fab5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Victor=20Ere=C3=B1=C3=BA?= <56500015+vcerenu@users.noreply.github.com> Date: Tue, 13 May 2025 01:04:03 +1000 Subject: [PATCH 2/9] Revert "Add Wazuh agent image build and deploy" --- CHANGELOG.md | 2 +- build-docker-images/build-images.yml | 10 - build-docker-images/wazuh-agent/Dockerfile | 36 ---- .../wazuh-agent/config/check_repository.sh | 15 -- .../config/etc/cont-init.d/0-wazuh-init | 90 -------- .../config/etc/cont-init.d/1-agent | 44 ---- .../config/etc/services.d/ossec-logs/run | 4 - wazuh-agent/config/wazuh-agent-conf | 194 ------------------ wazuh-agent/docker-compose.yml | 11 - 9 files changed, 1 insertion(+), 405 deletions(-) delete mode 100644 build-docker-images/wazuh-agent/Dockerfile delete mode 100644 build-docker-images/wazuh-agent/config/check_repository.sh delete mode 100644 build-docker-images/wazuh-agent/config/etc/cont-init.d/0-wazuh-init delete mode 100644 build-docker-images/wazuh-agent/config/etc/cont-init.d/1-agent delete mode 100644 build-docker-images/wazuh-agent/config/etc/services.d/ossec-logs/run delete mode 100644 wazuh-agent/config/wazuh-agent-conf delete mode 100644 wazuh-agent/docker-compose.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index fabec1b3..f64412d8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. ### Added -- Add Wazuh agent image build and deploy ([#1801](https://github.com/wazuh/wazuh-docker/pull/1801)) +- None ### Changed diff --git a/build-docker-images/build-images.yml b/build-docker-images/build-images.yml index afa31d98..90fbb897 100644 --- a/build-docker-images/build-images.yml +++ b/build-docker-images/build-images.yml @@ -36,16 +36,6 @@ services: - filebeat_etc:/etc/filebeat - filebeat_var:/var/lib/filebeat - wazuh.agent: - build: - context: wazuh-agent/ - args: - WAZUH_VERSION: ${WAZUH_VERSION} - WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} - image: wazuh/wazuh-agent:${WAZUH_IMAGE_VERSION} - hostname: wazuh.agent - restart: always - wazuh.indexer: build: context: wazuh-indexer/ diff --git a/build-docker-images/wazuh-agent/Dockerfile b/build-docker-images/wazuh-agent/Dockerfile deleted file mode 100644 index 8a237787..00000000 --- a/build-docker-images/wazuh-agent/Dockerfile +++ /dev/null @@ -1,36 +0,0 @@ -# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) -FROM amazonlinux:2023 - -RUN rm /bin/sh && ln -s /bin/bash /bin/sh - -ARG WAZUH_VERSION -ARG WAZUH_TAG_REVISION -ARG S6_VERSION="v2.2.0.3" -ARG WAZUH_MANAGER='CHANGE_MANAGER_IP' -ARG WAZUH_MANAGER_PORT='CHANGE_MANAGER_PORT' -ARG WAZUH_REGISTRATION_SERVER='CHANGE_ENROLL_IP' -ARG WAZUH_REGISTRATION_PORT='CHANGE_ENROLL_PORT' -ARG WAZUH_AGENT_NAME='CHANGEE_AGENT_NAME' - -COPY config/check_repository.sh / - -RUN yum install curl-minimal tar gzip procps -y &&\ - yum clean all - -RUN chmod 775 /check_repository.sh -RUN source /check_repository.sh - -RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ - yum clean all && \ - sed -i '//d' /var/ossec/etc/ossec.conf && \ - curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ - -o /tmp/s6-overlay-amd64.tar.gz && \ - tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \ - tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \ - rm /tmp/s6-overlay-amd64.tar.gz - -COPY config/etc/ /etc/ - -RUN rm /etc/yum.repos.d/wazuh.repo - -ENTRYPOINT [ "/init" ] diff --git a/build-docker-images/wazuh-agent/config/check_repository.sh b/build-docker-images/wazuh-agent/config/check_repository.sh deleted file mode 100644 index e49e69c2..00000000 --- a/build-docker-images/wazuh-agent/config/check_repository.sh +++ /dev/null @@ -1,15 +0,0 @@ -## variables -APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH -GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" -REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" -WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$) - -## check tag to use the correct repository -if [[ -n "${WAZUH_TAG}" ]]; then - APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH - GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1" -fi - -rpm --import "${APT_KEY}" -echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-agent/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-agent/config/etc/cont-init.d/0-wazuh-init deleted file mode 100644 index 2fcf4a88..00000000 --- a/build-docker-images/wazuh-agent/config/etc/cont-init.d/0-wazuh-init +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/with-contenv bash -# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) - -WAZUH_INSTALL_PATH=/var/ossec -WAZUH_CONFIG_MOUNT=/wazuh-config-mount -WAZUH_MANAGER_SERVER=$WAZUH_MANAGER_SERVER -WAZUH_MANAGER_PORT=${WAZUH_MANAGER_PORT:-"1514"} -WAZUH_REGISTRATION_SERVER=${WAZUH_REGISTRATION_SERVER:-$WAZUH_MANAGER_SERVER} -WAZUH_REGISTRATION_PORT=${WAZUH_REGISTRATION_PORT:-"1515"} -WAZUH_REGISTRATION_PASSWORD=$WAZUH_REGISTRATION_PASSWORD -WAZUH_AGENT_NAME=${WAZUH_AGENT_NAME:-"wazuh-agent-$HOSTNAME"} - -############################################################################## -# Aux functions -############################################################################## -print() { - echo -e $1 -} - -error_and_exit() { - echo "Error executing command: '$1'." - echo 'Exiting.' - exit 1 -} - -exec_cmd() { - eval $1 > /dev/null 2>&1 || error_and_exit "$1" -} - -exec_cmd_stdout() { - eval $1 2>&1 || error_and_exit "$1" -} - -############################################################################## -# Copy all files from $WAZUH_CONFIG_MOUNT to $WAZUH_INSTALL_PATH and respect -# destination files permissions -# -# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at -# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will -# replace the ossec.conf file in /var/ossec/data/etc with yours. -############################################################################## - -mount_files() { - if [ -e "$WAZUH_CONFIG_MOUNT" ] - then - print "Identified Wazuh configuration files to mount..." - exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $WAZUH_INSTALL_PATH" - else - print "No Wazuh configuration files to mount..." - fi -} - -############################################################################## -# Allow users to set the manager ip and port, enrollment ip and port and -# enroll dynamically on container start. -# -# To use this: -# 1. Create your own ossec.conf file -# 2. In your ossec.conf file, use the configuration -# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf -############################################################################## - -set_manager_conn() { - echo "ossec.conf configuration" - sed -i "s#
CHANGE_MANAGER_IP
#
$WAZUH_MANAGER_SERVER
#g" ${WAZUH_INSTALL_PATH}/etc/ossec.conf - sed -i "s#CHANGE_MANAGER_PORT#$WAZUH_MANAGER_PORT#g" ${WAZUH_INSTALL_PATH}/etc/ossec.conf - sed -i "s#CHANGE_ENROLL_IP#$WAZUH_REGISTRATION_SERVER#g" ${WAZUH_INSTALL_PATH}/etc/ossec.conf - sed -i "s#CHANGE_ENROLL_PORT#$WAZUH_REGISTRATION_PORT#g" ${WAZUH_INSTALL_PATH}/etc/ossec.conf - sed -i "s#CHANGEE_AGENT_NAME#$WAZUH_AGENT_NAME#g" ${WAZUH_INSTALL_PATH}/etc/ossec.conf - [ -n "$WAZUH_REGISTRATION_PASSWORD" ] && \ - echo "$WAZUH_REGISTRATION_PASSWORD" > ${WAZUH_INSTALL_PATH}/etc/authd.pass && \ - chown root:wazuh ${WAZUH_INSTALL_PATH}/etc/authd.pass && \ - chmod 640 ${WAZUH_INSTALL_PATH}/etc/authd.pass -} - -############################################################################## -# Main function -############################################################################## - -main() { - - # Mount selected files (WAZUH_CONFIG_MOUNT) to container - mount_files - - # Configure agent variables - set_manager_conn - -} - -main diff --git a/build-docker-images/wazuh-agent/config/etc/cont-init.d/1-agent b/build-docker-images/wazuh-agent/config/etc/cont-init.d/1-agent deleted file mode 100644 index 076ac6ce..00000000 --- a/build-docker-images/wazuh-agent/config/etc/cont-init.d/1-agent +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/with-contenv bash - -############################################################################## -# Migration sequence -# Detect if there is a mounted volume on /wazuh-migration and copy the data -# to /var/ossec, finally it will create a flag ".migration-completed" inside -# the mounted volume -############################################################################## - -function __colortext() -{ - echo -e " \e[1;$2m$1\e[0m" -} - -function echogreen() -{ - echo $(__colortext "$1" "32") -} - -function echoyellow() -{ - echo $(__colortext "$1" "33") -} - -function echored() -{ - echo $(__colortext "$1" "31") -} - -function_entrypoint_scripts() { - # It will run every .sh script located in entrypoint-scripts folder in lexicographical order - if [ -d "/entrypoint-scripts/" ] - then - for script in `ls /entrypoint-scripts/*.sh | sort -n`; do - bash "$script" - done - fi -} - -# run entrypoint scripts -function_entrypoint_scripts - -# Start Wazuh -/var/ossec/bin/wazuh-control start diff --git a/build-docker-images/wazuh-agent/config/etc/services.d/ossec-logs/run b/build-docker-images/wazuh-agent/config/etc/services.d/ossec-logs/run deleted file mode 100644 index e96cba8f..00000000 --- a/build-docker-images/wazuh-agent/config/etc/services.d/ossec-logs/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -# dumping ossec.log to standard output -exec tail -F /var/ossec/logs/ossec.log diff --git a/wazuh-agent/config/wazuh-agent-conf b/wazuh-agent/config/wazuh-agent-conf deleted file mode 100644 index 73a355f1..00000000 --- a/wazuh-agent/config/wazuh-agent-conf +++ /dev/null @@ -1,194 +0,0 @@ - - - - - -
CHANGE_MANAGER_IP
- CHANGE_MANAGER_PORT - tcp - - amzn, amzn2023 - 10 - 60 - yes - aes - - yes - CHANGE_ENROLL_IP - CHANGE_ENROLL_PORT - CHANGEE_AGENT_NAME - etc/authd.pass - - - - - - no - 5000 - 500 - - - - - no - yes - yes - yes - yes - yes - yes - yes - - - 43200 - - etc/shared/rootkit_files.txt - etc/shared/rootkit_trojans.txt - - yes - - /var/lib/containerd - /var/lib/docker/overlay2 - - - - yes - 1800 - 1d - yes - - wodles/java - wodles/ciscat - - - - - yes - yes - /var/log/osquery/osqueryd.results.log - /etc/osquery/osquery.conf - yes - - - - - no - 1h - yes - yes - yes - yes - yes - yes - yes - - - - 10 - - - - - yes - yes - 12h - yes - - - - - no - - - 43200 - - yes - - - /etc,/usr/bin,/usr/sbin - /bin,/sbin,/boot - - - /etc/mtab - /etc/hosts.deny - /etc/mail/statistics - /etc/random-seed - /etc/random.seed - /etc/adjtime - /etc/httpd/logs - /etc/utmpx - /etc/wtmpx - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - - .log$|.swp$ - - - /etc/ssl/private.key - - yes - yes - yes - yes - - - 10 - - - 50 - - - - yes - 5m - 10 - - - - - - command - df -P - 360 - - - - full_command - netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - netstat listening ports - 360 - - - - full_command - last -n 20 - 360 - - - - - no - etc/wpk_root.pem - yes - - - - - plain - - - - - - - syslog - /var/ossec/logs/active-responses.log - - - diff --git a/wazuh-agent/docker-compose.yml b/wazuh-agent/docker-compose.yml deleted file mode 100644 index 3912908f..00000000 --- a/wazuh-agent/docker-compose.yml +++ /dev/null @@ -1,11 +0,0 @@ -# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) -version: '3.7' - -services: - wazuh.agent: - image: wazuh/wazuh-agent:4.12.1 - restart: always - environment: - - WAZUH_MANAGER_SERVER= - volumes: - - ./config/wazuh-agent-conf:/wazuh-config-mount/etc/ossec.conf \ No newline at end of file From b23ae2f4cc6db21eac57fd79c20b4fa6755e4411 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 30 May 2025 10:33:50 -0300 Subject: [PATCH 3/9] Bump revision and image tag for rc1 stage --- VERSION.json | 2 +- multi-node/docker-compose.yml | 12 ++++++------ single-node/docker-compose.yml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/VERSION.json b/VERSION.json index 116fc47a..8e062521 100644 --- a/VERSION.json +++ b/VERSION.json @@ -1,4 +1,4 @@ { "version": "4.12.1", - "stage": "alpha0" + "stage": "rc1" } diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 7896aa85..d99fa623 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:4.12.1 + image: wazuh/wazuh-manager:4.12.1-rc1 hostname: wazuh.master restart: always ulimits: @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.12.1 + image: wazuh/wazuh-manager:4.12.1-rc1 hostname: wazuh.worker restart: always ulimits: @@ -81,7 +81,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.12.1 + image: wazuh/wazuh-indexer:4.12.1-rc1 hostname: wazuh1.indexer restart: always ports: @@ -107,7 +107,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.12.1 + image: wazuh/wazuh-indexer:4.12.1-rc1 hostname: wazuh2.indexer restart: always environment: @@ -129,7 +129,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.12.1 + image: wazuh/wazuh-indexer:4.12.1-rc1 hostname: wazuh3.indexer restart: always environment: @@ -151,7 +151,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.12.1 + image: wazuh/wazuh-dashboard:4.12.1-rc1 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 607a7ef8..bc1f949b 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:4.12.1 + image: wazuh/wazuh-manager:4.12.1-rc1 hostname: wazuh.manager restart: always ulimits: @@ -46,7 +46,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.12.1 + image: wazuh/wazuh-indexer:4.12.1-rc1 hostname: wazuh.indexer restart: always ports: @@ -71,7 +71,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.12.1 + image: wazuh/wazuh-dashboard:4.12.1-rc1 hostname: wazuh.dashboard restart: always ports: From 0cf60da585f9f6be17903e9ccdeeae6f4e7a8aa7 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 30 May 2025 10:53:10 -0300 Subject: [PATCH 4/9] Revert image tag --- multi-node/docker-compose.yml | 12 ++++++------ single-node/docker-compose.yml | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index d99fa623..7896aa85 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:4.12.1-rc1 + image: wazuh/wazuh-manager:4.12.1 hostname: wazuh.master restart: always ulimits: @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.12.1-rc1 + image: wazuh/wazuh-manager:4.12.1 hostname: wazuh.worker restart: always ulimits: @@ -81,7 +81,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.12.1-rc1 + image: wazuh/wazuh-indexer:4.12.1 hostname: wazuh1.indexer restart: always ports: @@ -107,7 +107,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.12.1-rc1 + image: wazuh/wazuh-indexer:4.12.1 hostname: wazuh2.indexer restart: always environment: @@ -129,7 +129,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.12.1-rc1 + image: wazuh/wazuh-indexer:4.12.1 hostname: wazuh3.indexer restart: always environment: @@ -151,7 +151,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.12.1-rc1 + image: wazuh/wazuh-dashboard:4.12.1 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index bc1f949b..607a7ef8 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:4.12.1-rc1 + image: wazuh/wazuh-manager:4.12.1 hostname: wazuh.manager restart: always ulimits: @@ -46,7 +46,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.12.1-rc1 + image: wazuh/wazuh-indexer:4.12.1 hostname: wazuh.indexer restart: always ports: @@ -71,7 +71,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.12.1-rc1 + image: wazuh/wazuh-dashboard:4.12.1 hostname: wazuh.dashboard restart: always ports: From 44aa64c81f4918847103dd2f52625b90e25815f2 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 5 Jun 2025 15:54:04 -0300 Subject: [PATCH 5/9] Fixes some merge differences --- .github/workflows/push.yml | 3 +-- build-docker-images/wazuh-agent/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 45dcd540..0d036999 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -101,7 +101,6 @@ jobs: docker load --input ./wazuh-manager.tar docker load --input ./wazuh-agent.tar - - name: Create single node certficates run: docker compose -f single-node/generate-indexer-certs.yml run --rm generator @@ -202,7 +201,7 @@ jobs: env: TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") - - name: Check errors in ossec.log + - name: Check errors in ossec.log for Wazuh manager run: ./.github/single-node-log-check.sh check-multi-node: diff --git a/build-docker-images/wazuh-agent/Dockerfile b/build-docker-images/wazuh-agent/Dockerfile index 9056a469..8a237787 100644 --- a/build-docker-images/wazuh-agent/Dockerfile +++ b/build-docker-images/wazuh-agent/Dockerfile @@ -33,4 +33,4 @@ COPY config/etc/ /etc/ RUN rm /etc/yum.repos.d/wazuh.repo -ENTRYPOINT [ "/init" ] \ No newline at end of file +ENTRYPOINT [ "/init" ] From beaf93d9ab3e3c5daed0619d512054787d3c91c7 Mon Sep 17 00:00:00 2001 From: c-bordon Date: Thu, 5 Jun 2025 15:55:38 -0300 Subject: [PATCH 6/9] Moved wazuh-agent.conf file --- .../wazuh-agent => wazuh-agent}/config/wazuh-agent-conf | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {build-docker-images/wazuh-agent => wazuh-agent}/config/wazuh-agent-conf (100%) diff --git a/build-docker-images/wazuh-agent/config/wazuh-agent-conf b/wazuh-agent/config/wazuh-agent-conf similarity index 100% rename from build-docker-images/wazuh-agent/config/wazuh-agent-conf rename to wazuh-agent/config/wazuh-agent-conf From 1e21b09e62a2a045bd0c38561f199f88db60d6d6 Mon Sep 17 00:00:00 2001 From: Enrique Araque Date: Mon, 9 Jun 2025 11:54:09 +0200 Subject: [PATCH 7/9] Add missing malicious-ioc ruleset lists --- multi-node/config/wazuh_cluster/wazuh_manager.conf | 3 +++ multi-node/config/wazuh_cluster/wazuh_worker.conf | 3 +++ single-node/config/wazuh_cluster/wazuh_manager.conf | 3 +++ 3 files changed, 9 insertions(+) diff --git a/multi-node/config/wazuh_cluster/wazuh_manager.conf b/multi-node/config/wazuh_cluster/wazuh_manager.conf index 61d4721f..23cc0204 100644 --- a/multi-node/config/wazuh_cluster/wazuh_manager.conf +++ b/multi-node/config/wazuh_cluster/wazuh_manager.conf @@ -257,6 +257,9 @@ etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel + etc/lists/malicious-ioc/malicious-ip + etc/lists/malicious-ioc/malicious-domains + etc/lists/malicious-ioc/malware-hashes etc/decoders diff --git a/multi-node/config/wazuh_cluster/wazuh_worker.conf b/multi-node/config/wazuh_cluster/wazuh_worker.conf index d1caecc9..36afa4ce 100644 --- a/multi-node/config/wazuh_cluster/wazuh_worker.conf +++ b/multi-node/config/wazuh_cluster/wazuh_worker.conf @@ -257,6 +257,9 @@ etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel + etc/lists/malicious-ioc/malicious-ip + etc/lists/malicious-ioc/malicious-domains + etc/lists/malicious-ioc/malware-hashes etc/decoders diff --git a/single-node/config/wazuh_cluster/wazuh_manager.conf b/single-node/config/wazuh_cluster/wazuh_manager.conf index 64da4d81..8820caf4 100644 --- a/single-node/config/wazuh_cluster/wazuh_manager.conf +++ b/single-node/config/wazuh_cluster/wazuh_manager.conf @@ -255,6 +255,9 @@ etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel + etc/lists/malicious-ioc/malicious-ip + etc/lists/malicious-ioc/malicious-domains + etc/lists/malicious-ioc/malware-hashes etc/decoders From 6df029fde79d055b4c3a4bcb544ac4bdfb831cc7 Mon Sep 17 00:00:00 2001 From: Enrique Araque Date: Mon, 9 Jun 2025 12:59:07 +0200 Subject: [PATCH 8/9] Update changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b9750fad..b0a5d58e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,7 +17,7 @@ All notable changes to this project will be documented in this file. ### Fixed -- None +- Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870)) ### Deleted From b8bcf7687ef6c3fe1d56d507a247189c442ea4c8 Mon Sep 17 00:00:00 2001 From: Enrique Araque Date: Mon, 9 Jun 2025 15:14:17 +0200 Subject: [PATCH 9/9] Fix changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0a5d58e..80cc10c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file. ### Added +- Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870)) - Added repository_bumper script. ([#1781](https://github.com/wazuh/wazuh-docker/pull/1781)) - Fix Warning message when migrating Docker compose v2 ([#1828](https://github.com/wazuh/wazuh-docker/pull/1828)) - Add technical documentation ([#1822](https://github.com/wazuh/wazuh-docker/pull/1822)) @@ -17,7 +18,7 @@ All notable changes to this project will be documented in this file. ### Fixed -- Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870)) +- None ### Deleted