From 97a042cfcdafe11bc857e1b9eca2d1147b69cc33 Mon Sep 17 00:00:00 2001 From: Miguelangel Freitas Date: Sun, 19 Nov 2017 22:42:36 -0500 Subject: [PATCH] Refactoring to new Elastic Stack versions. --- docker-compose.yml | 26 ++++++++++++++++++++------ kibana/Dockerfile | 10 ++++++---- kibana/config/kibana.yml | 7 +++++++ kibana/config/wait-for-it.sh | 14 ++++++-------- logstash/Dockerfile | 10 +--------- nginx/Dockerfile | 2 ++ wazuh/Dockerfile | 7 ++++--- 7 files changed, 46 insertions(+), 30 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ce93581b..faea2709 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,16 +35,30 @@ services: - elasticsearch environment: - LS_HEAP_SIZE=2048m + - XPACK_MONITORING_ENABLED=false elasticsearch: - image: elasticsearch:5.5.2 + image: docker.elastic.co/elasticsearch/elasticsearch:5.6.4 hostname: elasticsearch restart: always - command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0 ports: - "9200:9200" - - "9300:9300" +# - "9300:9300" environment: - ES_JAVA_OPTS: "-Xms2g -Xmx2g" + - node.name=node-1 + - cluster.name=wazuh + - network.host=0.0.0.0 + - bootstrap.memory_lock=true + - xpack.security.enabled=false + - xpack.monitoring.enabled=false + - xpack.ml.enabled=false + - xpack.watcher.enabled=false + - xpack.graph.enabled=false + - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + ulimits: + memlock: + soft: -1 + hard: -1 + mem_limit: 2g # volumes: # - my-path:/usr/share/elasticsearch/data networks: @@ -62,14 +76,14 @@ services: links: - elasticsearch:elasticsearch - wazuh - entrypoint: sh wait-for-it.sh elasticsearch + entrypoint: /wait-for-it.sh elasticsearch # environment: # - "WAZUH_KIBANA_PLUGIN_URL=http://your.repo/wazuhapp-2.1.0-5.5.1.zip" nginx: image: wazuh/wazuh-nginx hostname: nginx restart: always - entrypoint: sh run.sh + entrypoint: /run.sh environment: - NGINX_PORT=443 ports: diff --git a/kibana/Dockerfile b/kibana/Dockerfile index 3985b3fd..90b81d58 100644 --- a/kibana/Dockerfile +++ b/kibana/Dockerfile @@ -1,7 +1,9 @@ -FROM kibana:5.5.2 +FROM docker.elastic.co/kibana/kibana:5.6.4 -RUN apt-get update && apt-get install -y curl +USER root -COPY ./config/kibana.yml /opt/kibana/config/kibana.yml +COPY ./config/kibana.yml /usr/share/kibana/config/kibana.yml -COPY config/wait-for-it.sh / +COPY config/wait-for-it.sh /wait-for-it.sh + +RUN chmod 755 /wait-for-it.sh diff --git a/kibana/config/kibana.yml b/kibana/config/kibana.yml index 993ad7da..e898fe1a 100644 --- a/kibana/config/kibana.yml +++ b/kibana/config/kibana.yml @@ -90,3 +90,10 @@ logging.quiet: true # Set the interval in milliseconds to sample system and process performance # metrics. Minimum is 100ms. Defaults to 10000. # ops.interval: 10000 + +xpack.security.enabled: false +xpack.grokdebugger.enabled: false +xpack.graph.enabled: false +xpack.ml.enabled: false +xpack.monitoring.enabled: false +xpack.reporting.enabled: false \ No newline at end of file diff --git a/kibana/config/wait-for-it.sh b/kibana/config/wait-for-it.sh index 88cb344f..7fd776fc 100644 --- a/kibana/config/wait-for-it.sh +++ b/kibana/config/wait-for-it.sh @@ -5,15 +5,13 @@ set -e host="$1" shift cmd="kibana" -WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-2.1.0_5.5.2.zip} +WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-2.1.1_5.6.4.zip} until curl -XGET $host:9200; do >&2 echo "Elastic is unavailable - sleeping" - sleep 1 + sleep 5 done -sleep 30 - >&2 echo "Elastic is up - executing command" if /usr/share/kibana/bin/kibana-plugin list | grep wazuh; then @@ -26,9 +24,7 @@ sleep 30 echo "Configuring defaultIndex to wazuh-alerts-*" -curl -s -XPUT http://$host:9200/.kibana/config/5.5.2 -H 'Content-Type: application/json' -d '{"defaultIndex" : "wazuh-alerts-*"}' > /dev/null - -sleep 30 +curl -s -XPUT http://$host:9200/.kibana/config/5.6.4 -H 'Content-Type: application/json' -d '{"defaultIndex" : "wazuh-alerts-*"}' > /dev/null echo "Setting API credentials into Wazuh APP" @@ -38,7 +34,7 @@ if [ "x$CONFIG_CODE" = "x404" ]; then { "api_user": "foo", "api_password": "YmFy", - "url": "http://wazuh", + "url": "https://wazuh", "api_port": "55000", "insecure": "true", "component": "API", @@ -55,4 +51,6 @@ else echo "Wazuh APP already configured" fi +sleep 5 + exec $cmd diff --git a/logstash/Dockerfile b/logstash/Dockerfile index 48db68be..6510c2ae 100644 --- a/logstash/Dockerfile +++ b/logstash/Dockerfile @@ -1,12 +1,4 @@ -FROM logstash:5.5.2 - -RUN apt-get update +FROM docker.elastic.co/logstash/logstash:5.6.4 COPY config/logstash.conf /etc/logstash/conf.d/logstash.conf COPY config/wazuh-elastic5-template.json /etc/logstash/wazuh-elastic5-template.json - - -ADD config/run.sh /tmp/run.sh -RUN chmod 755 /tmp/run.sh - -ENTRYPOINT ["/tmp/run.sh"] diff --git a/nginx/Dockerfile b/nginx/Dockerfile index 4315179d..be30a2aa 100644 --- a/nginx/Dockerfile +++ b/nginx/Dockerfile @@ -3,3 +3,5 @@ FROM nginx:latest RUN apt-get update && apt-get install -y openssl apache2-utils COPY ./config/run.sh /run.sh + +RUN chmod 755 /run.sh diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile index 00d2ebac..ebf8c215 100644 --- a/wazuh/Dockerfile +++ b/wazuh/Dockerfile @@ -1,15 +1,15 @@ FROM centos:latest -ARG FILEBEAT_VERSION=5.5.2 +ARG FILEBEAT_VERSION=5.6.4 COPY config/*.repo /etc/yum.repos.d/ RUN yum -y update; yum clean all; -RUN yum -y install epel-release openssl useradd; yum clean all +RUN yum -y install epel-release openssl useradd which; yum clean all RUN yum -y install postfix mailx cyrus-sasl cyrus-sasl-plain; yum clean all RUN groupadd -g 1000 ossec RUN useradd -u 1000 -g 1000 ossec RUN curl --silent --location https://rpm.nodesource.com/setup_6.x | bash - &&\ yum install -y nodejs -RUN yum install -y wazuh-manager-2.1.0 wazuh-api-2.1.0 +RUN yum install -y wazuh-manager wazuh-api ADD config/data_dirs.env /data_dirs.env @@ -19,6 +19,7 @@ RUN chmod 755 /init.bash &&\ sync && /init.bash &&\ sync && rm /init.bash +RUN sed -i 's/inet_protocols = all/inet_protocols = ipv4/g' /etc/postfix/main.cf RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm &&\ rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm filebeat-${FILEBEAT_VERSION}-x86_64.rpm