Refactoring to new Elastic Stack versions.

docker-compose.yml

@@ -35,16 +35,30 @@ services:
       - elasticsearch
     environment:
       - LS_HEAP_SIZE=2048m
+      - XPACK_MONITORING_ENABLED=false
   elasticsearch:
-    image: elasticsearch:5.5.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:5.6.4
     hostname: elasticsearch
     restart: always
-    command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0
     ports:
       - "9200:9200"
-      - "9300:9300"
+#      - "9300:9300"
     environment:
-      ES_JAVA_OPTS: "-Xms2g -Xmx2g"
+      - node.name=node-1
+      - cluster.name=wazuh
+      - network.host=0.0.0.0
+      - bootstrap.memory_lock=true
+      - xpack.security.enabled=false
+      - xpack.monitoring.enabled=false
+      - xpack.ml.enabled=false
+      - xpack.watcher.enabled=false
+      - xpack.graph.enabled=false
+      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    mem_limit: 2g
 #    volumes:
 #      - my-path:/usr/share/elasticsearch/data
     networks:
@@ -62,14 +76,14 @@ services:
     links:
       - elasticsearch:elasticsearch
       - wazuh
-    entrypoint: sh wait-for-it.sh elasticsearch
+    entrypoint: /wait-for-it.sh elasticsearch
 #    environment:
 #      - "WAZUH_KIBANA_PLUGIN_URL=http://your.repo/wazuhapp-2.1.0-5.5.1.zip"
   nginx:
     image: wazuh/wazuh-nginx
     hostname: nginx
     restart: always
-    entrypoint: sh run.sh
+    entrypoint: /run.sh
     environment:
       - NGINX_PORT=443
     ports:

kibana/Dockerfile

@@ -1,7 +1,9 @@
-FROM kibana:5.5.2
+FROM docker.elastic.co/kibana/kibana:5.6.4
 
-RUN apt-get update && apt-get install -y curl
+USER root
 
-COPY ./config/kibana.yml /opt/kibana/config/kibana.yml
+COPY ./config/kibana.yml /usr/share/kibana/config/kibana.yml
 
-COPY config/wait-for-it.sh /
+COPY config/wait-for-it.sh /wait-for-it.sh
+
+RUN chmod 755 /wait-for-it.sh

kibana/config/kibana.yml

@@ -90,3 +90,10 @@ logging.quiet: true
 # Set the interval in milliseconds to sample system and process performance
 # metrics. Minimum is 100ms. Defaults to 10000.
 # ops.interval: 10000
+
+xpack.security.enabled: false
+xpack.grokdebugger.enabled: false
+xpack.graph.enabled: false
+xpack.ml.enabled: false
+xpack.monitoring.enabled: false
+xpack.reporting.enabled: false

kibana/config/wait-for-it.sh

@@ -5,15 +5,13 @@ set -e
 host="$1"
 shift
 cmd="kibana"
-WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-2.1.0_5.5.2.zip}
+WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-2.1.1_5.6.4.zip}
 
 until curl -XGET $host:9200; do
   >&2 echo "Elastic is unavailable - sleeping"
-  sleep 1
+  sleep 5
 done
 
-sleep 30
-
 >&2 echo "Elastic is up - executing command"
 
 if /usr/share/kibana/bin/kibana-plugin list | grep wazuh; then
@@ -26,9 +24,7 @@ sleep 30
 
 echo "Configuring defaultIndex to wazuh-alerts-*"
 
-curl -s -XPUT http://$host:9200/.kibana/config/5.5.2 -H 'Content-Type: application/json' -d '{"defaultIndex" : "wazuh-alerts-*"}' > /dev/null
-
-sleep 30
+curl -s -XPUT http://$host:9200/.kibana/config/5.6.4 -H 'Content-Type: application/json' -d '{"defaultIndex" : "wazuh-alerts-*"}' > /dev/null
 
 echo "Setting API credentials into Wazuh APP"
 
@@ -38,7 +34,7 @@ if [ "x$CONFIG_CODE" = "x404" ]; then
   {
     "api_user": "foo",
     "api_password": "YmFy",
-    "url": "http://wazuh",
+    "url": "https://wazuh",
     "api_port": "55000",
     "insecure": "true",
     "component": "API",
@@ -55,4 +51,6 @@ else
   echo "Wazuh APP already configured"
 fi
 
+sleep 5
+
 exec $cmd

logstash/Dockerfile

@@ -1,12 +1,4 @@
-FROM logstash:5.5.2
-
-RUN apt-get update
+FROM docker.elastic.co/logstash/logstash:5.6.4
 
 COPY config/logstash.conf /etc/logstash/conf.d/logstash.conf
 COPY config/wazuh-elastic5-template.json /etc/logstash/wazuh-elastic5-template.json
-
-
-ADD config/run.sh /tmp/run.sh
-RUN chmod 755 /tmp/run.sh
-
-ENTRYPOINT ["/tmp/run.sh"]

nginx/Dockerfile

@@ -3,3 +3,5 @@ FROM nginx:latest
 RUN apt-get update && apt-get install -y openssl apache2-utils
 
 COPY ./config/run.sh /run.sh
+
+RUN chmod 755 /run.sh

wazuh/Dockerfile

@@ -1,15 +1,15 @@
 FROM centos:latest
-ARG FILEBEAT_VERSION=5.5.2
+ARG FILEBEAT_VERSION=5.6.4
 COPY config/*.repo /etc/yum.repos.d/
 
 RUN yum -y update; yum clean all;
-RUN yum -y install epel-release openssl useradd; yum clean all
+RUN yum -y install epel-release openssl useradd which; yum clean all
 RUN yum -y install postfix mailx cyrus-sasl cyrus-sasl-plain; yum clean all
 RUN groupadd -g 1000 ossec
 RUN useradd -u 1000 -g 1000 ossec
 RUN curl --silent --location https://rpm.nodesource.com/setup_6.x | bash - &&\
     yum install -y nodejs
-RUN yum install -y wazuh-manager-2.1.0 wazuh-api-2.1.0
+RUN yum install -y wazuh-manager wazuh-api
 
 
 ADD config/data_dirs.env /data_dirs.env
@@ -19,6 +19,7 @@ RUN chmod 755 /init.bash &&\
   sync && /init.bash &&\
   sync && rm /init.bash
 
+RUN sed -i 's/inet_protocols = all/inet_protocols = ipv4/g' /etc/postfix/main.cf
 
 RUN  curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm &&\
   rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm filebeat-${FILEBEAT_VERSION}-x86_64.rpm