paulmataruso/wazuh-docker-mirror
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-04 05:53:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Wazuh-Elasticsearch (#106)

Browse Source
This commit is contained in:
AlfonsoRBJ
2019-02-01 18:43:51 +01:00
committed by Jesús Linares
parent 046b2f049b
commit cb2e49eb54
8 changed files with 140 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.yml
View File

@@ -39,7 +39,7 @@ services:
environment: environment:
- LS_HEAP_SIZE=2048m - LS_HEAP_SIZE=2048m
elasticsearch: elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.5.4 image: wazuh/wazuh-elasticsearch:3.8.2_6.5.4
hostname: elasticsearch hostname: elasticsearch
restart: always restart: always
ports: ports:

23
elasticsearch/Dockerfile Normal file
View File

@@ -0,0 +1,23 @@
# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
FROM docker.elastic.co/elasticsearch/elasticsearch:6.5.4
ENV ALERTS_SHARDS="1" \
ALERTS_REPLICAS="0"
ENV API_USER="foo" \
API_PASS="bar"
ENV TEMPLATE_VERSION=v3.8.2
ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/elasticsearch/config
COPY config/entrypoint.sh /entrypoint.sh
RUN chmod 755 /entrypoint.sh
COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
RUN chmod +x ./load_settings.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["elasticsearch"]

28
elasticsearch/config/entrypoint.sh Normal file
View File

@@ -0,0 +1,28 @@
#!/bin/bash
# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
# For more information https://github.com/elastic/elasticsearch-docker/blob/6.5.4/build/elasticsearch/bin/docker-entrypoint.sh
set -e
# Files created by Elasticsearch should always be group writable too
umask 0002
run_as_other_user_if_needed() {
if [[ "$(id -u)" == "0" ]]; then
# If running as root, drop to specified UID and run command
exec chroot --userspec=1000 / "${@}"
else
# Either we are running in Openshift with random uid and are a member of the root group
# or with a custom --user
exec "${@}"
fi
}
# Run load settings script.
./load_settings.sh &
# Execute elasticsearch
run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch

71
elasticsearch/config/load_settings.sh Normal file
View File

@@ -0,0 +1,71 @@
#!/bin/bash
# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
set -e
if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
el_url="http://elasticsearch:9200"
else
el_url="${ELASTICSEARCH_URL}"
fi
until curl -XGET $el_url; do
>&2 echo "Elastic is unavailable - sleeping"
sleep 5
done
>&2 echo "Elastic is up - executing command"
#Insert default templates
sed -i 's| "index.refresh_interval": "5s"| "index.refresh_interval": "5s", "number_of_shards" : '"${ALERTS_SHARDS}"', "number_of_replicas" : '"${ALERTS_REPLICAS}"'|' /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json
cat /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" -H 'Content-Type: application/json' -d @-
sleep 5
API_PASS_Q=`echo "$API_PASS" | tr -d '"'`
API_USER_Q=`echo "$API_USER" | tr -d '"'`
API_PASSWORD=`echo -n $API_PASS_Q | base64`
echo "Setting API credentials into Wazuh APP"
CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013)
if [ "x$CONFIG_CODE" = "x404" ]; then
curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
{
"api_user": "'"$API_USER_Q"'",
"api_password": "'"$API_PASSWORD"'",
"url": "https://wazuh",
"api_port": "55000",
"insecure": "true",
"component": "API",
"cluster_info": {
"manager": "wazuh-manager",
"cluster": "Disabled",
"status": "disabled"
},
"extensions": {
"oscap": true,
"audit": true,
"pci": true,
"aws": true,
"virustotal": true,
"gdpr": true,
"ciscat": true
}
}
' > /dev/null
else
echo "Wazuh APP already configured"
fi
sleep 5
curl -XPUT "$el_url/_cluster/settings" -H 'Content-Type: application/json' -d'
{
"persistent": {
"xpack.monitoring.collection.enabled": true
}
}
'
echo "Elasticsearch is ready."

2
kibana/Dockerfile
View File

@@ -5,8 +5,6 @@ USER root
ADD https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp ADD https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
ADD https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/kibana/config
RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip &&\ RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip &&\
chown -R kibana:kibana /usr/share/kibana &&\ chown -R kibana:kibana /usr/share/kibana &&\
rm -rf /tmp/* rm -rf /tmp/*

35
kibana/config/entrypoint.sh
View File

@@ -16,41 +16,6 @@ done
>&2 echo "Elastic is up - executing command" >&2 echo "Elastic is up - executing command"
#Insert default templates
cat /usr/share/kibana/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" -H 'Content-Type: application/json' -d @-
sleep 5
echo "Setting API credentials into Wazuh APP"
CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013)
if [ "x$CONFIG_CODE" = "x404" ]; then
curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
{
"api_user": "foo",
"api_password": "YmFy",
"url": "https://wazuh",
"api_port": "55000",
"insecure": "true",
"component": "API",
"cluster_info": {
"manager": "wazuh-manager",
"cluster": "Disabled",
"status": "disabled"
},
"extensions": {
"oscap": true,
"audit": true,
"pci": true,
"aws": true,
"virustotal": true,
"gdpr": true,
"ciscat": true
}
}
' > /dev/null
else
echo "Wazuh APP already configured"
fi
sleep 5
./wazuh_app_config.sh ./wazuh_app_config.sh

2
wazuh/Dockerfile
View File

@@ -3,6 +3,8 @@ FROM phusion/baseimage:latest
ARG FILEBEAT_VERSION=6.5.4 ARG FILEBEAT_VERSION=6.5.4
ARG WAZUH_VERSION=3.8.2-1 ARG WAZUH_VERSION=3.8.2-1
ENV API_USER="foo" \
API_PASS="bar"
# Updating image # Updating image
RUN apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold" RUN apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold"

15
wazuh/config/entrypoint.sh
View File

@@ -129,4 +129,19 @@ do
exec_cmd_stdout "${CUSTOM_COMMAND}" exec_cmd_stdout "${CUSTOM_COMMAND}"
done done
##############################################################################
# Change Wazuh API user credentials.
##############################################################################
pushd /var/ossec/api/configuration/auth/
echo "Change Wazuh API user credentials"
change_user="node htpasswd -b -c user $API_USER $API_PASS"
eval $change_user
popd
/sbin/my_init /sbin/my_init