From be19c70082cd8805df31726583cf8c771b170e9e Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 14 Sep 2023 12:25:57 -0300 Subject: [PATCH 1/5] remove goss install --- .github/goss/goss.yaml | 103 +++++++++++++++++++ build-docker-images/wazuh-manager/Dockerfile | 2 - 2 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 .github/goss/goss.yaml diff --git a/.github/goss/goss.yaml b/.github/goss/goss.yaml new file mode 100644 index 00000000..ee81b870 --- /dev/null +++ b/.github/goss/goss.yaml @@ -0,0 +1,103 @@ +file: + /etc/filebeat/filebeat.yml: + exists: true + mode: "0644" + owner: root + group: root + filetype: file + contains: [] + /var/ossec/bin/wazuh-control: + exists: true + mode: "0750" + owner: root + group: root + filetype: file + contains: [] + /var/ossec/etc/lists/audit-keys: + exists: true + mode: "0660" + owner: wazuh + group: wazuh + filetype: file + contains: [] + /var/ossec/etc/ossec.conf: + exists: true + mode: "0660" + owner: root + group: wazuh + filetype: file + contains: [] + /var/ossec/etc/rules/local_rules.xml: + exists: true + mode: "0660" + owner: wazuh + group: wazuh + filetype: file + contains: [] + /var/ossec/etc/sslmanager.cert: + exists: true + mode: "0640" + owner: root + group: root + filetype: file + contains: [] + /var/ossec/etc/sslmanager.key: + exists: true + mode: "0640" + owner: root + group: root + filetype: file + contains: [] +package: + filebeat: + installed: true + versions: + - 7.10.2 + wazuh-manager: + installed: true + versions: + - 4.5.2-1 +port: + tcp:1514: + listening: true + ip: + - 0.0.0.0 + tcp:1515: + listening: true + ip: + - 0.0.0.0 + tcp:55000: + listening: true + ip: + - 0.0.0.0 +process: + filebeat: + running: true + wazuh-analysisd: + running: true + wazuh-authd: + running: true + wazuh-execd: + running: true + wazuh-monitord: + running: true + wazuh-remoted: + running: true + wazuh-syscheckd: + running: true + s6-supervise: + running: true + wazuh-db: + running: true + wazuh-modulesd: + running: true +user: + wazuh: + exists: true + groups: + - wazuh + home: /var/ossec + shell: /sbin/nologin +group: + wazuh: + exists: true \ No newline at end of file diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile index c1894489..d0e59189 100644 --- a/build-docker-images/wazuh-manager/Dockerfile +++ b/build-docker-images/wazuh-manager/Dockerfile @@ -24,8 +24,6 @@ RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_ dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \ curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module -RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss - ARG S6_VERSION="v2.2.0.3" RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ -o /tmp/s6-overlay-amd64.tar.gz && \ From e9f689dbfce41f6604167d76a41a99c03f00dd91 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Thu, 14 Sep 2023 15:17:13 -0300 Subject: [PATCH 2/5] remove goss directory --- .github/goss/goss.yaml | 103 ----------------------------------------- 1 file changed, 103 deletions(-) delete mode 100644 .github/goss/goss.yaml diff --git a/.github/goss/goss.yaml b/.github/goss/goss.yaml deleted file mode 100644 index ee81b870..00000000 --- a/.github/goss/goss.yaml +++ /dev/null @@ -1,103 +0,0 @@ -file: - /etc/filebeat/filebeat.yml: - exists: true - mode: "0644" - owner: root - group: root - filetype: file - contains: [] - /var/ossec/bin/wazuh-control: - exists: true - mode: "0750" - owner: root - group: root - filetype: file - contains: [] - /var/ossec/etc/lists/audit-keys: - exists: true - mode: "0660" - owner: wazuh - group: wazuh - filetype: file - contains: [] - /var/ossec/etc/ossec.conf: - exists: true - mode: "0660" - owner: root - group: wazuh - filetype: file - contains: [] - /var/ossec/etc/rules/local_rules.xml: - exists: true - mode: "0660" - owner: wazuh - group: wazuh - filetype: file - contains: [] - /var/ossec/etc/sslmanager.cert: - exists: true - mode: "0640" - owner: root - group: root - filetype: file - contains: [] - /var/ossec/etc/sslmanager.key: - exists: true - mode: "0640" - owner: root - group: root - filetype: file - contains: [] -package: - filebeat: - installed: true - versions: - - 7.10.2 - wazuh-manager: - installed: true - versions: - - 4.5.2-1 -port: - tcp:1514: - listening: true - ip: - - 0.0.0.0 - tcp:1515: - listening: true - ip: - - 0.0.0.0 - tcp:55000: - listening: true - ip: - - 0.0.0.0 -process: - filebeat: - running: true - wazuh-analysisd: - running: true - wazuh-authd: - running: true - wazuh-execd: - running: true - wazuh-monitord: - running: true - wazuh-remoted: - running: true - wazuh-syscheckd: - running: true - s6-supervise: - running: true - wazuh-db: - running: true - wazuh-modulesd: - running: true -user: - wazuh: - exists: true - groups: - - wazuh - home: /var/ossec - shell: /sbin/nologin -group: - wazuh: - exists: true \ No newline at end of file From 2ac53b9b3d3e010b7016509fae1d1a81d7b1e523 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 15 Sep 2023 12:41:05 -0300 Subject: [PATCH 3/5] add custom directory and persistence --- build-docker-images/wazuh-dashboard/Dockerfile | 4 ++++ single-node/docker-compose.yml | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index 1b95ca88..27ca9865 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -102,6 +102,10 @@ RUN chown 1000:1000 /*.sh # Copy Install dir from builder to current image COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR +# Create custom directory +RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom +RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + # Set workdir and user WORKDIR $INSTALL_DIR USER wazuh-dashboard diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 063cf6d1..92077eb3 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -89,8 +89,9 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: - wazuh.indexer links: @@ -111,3 +112,4 @@ volumes: filebeat_var: wazuh-indexer-data: wazuh-dashboard-config: + wazuh-dashboard-custom: From 37f565bb8aaa21c0d1e96381a82bcc597768b1c5 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 15 Sep 2023 12:49:32 -0300 Subject: [PATCH 4/5] add custom directory and persistence --- multi-node/docker-compose.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 4fe149a3..a83f36f8 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -168,8 +168,9 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: - wazuh1.indexer links: @@ -220,3 +221,4 @@ volumes: wazuh-indexer-data-2: wazuh-indexer-data-3: wazuh-dashboard-config: + wazuh-dashboard-custom: From 0fbbf5aee2e3d7cd3849f1a35ac10d81f5d23873 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Fri, 15 Sep 2023 13:31:00 -0300 Subject: [PATCH 5/5] add shuffle scripts into permanent data --- build-docker-images/wazuh-manager/config/permanent_data.env | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build-docker-images/wazuh-manager/config/permanent_data.env b/build-docker-images/wazuh-manager/config/permanent_data.env index 0a3ebd35..5d797624 100644 --- a/build-docker-images/wazuh-manager/config/permanent_data.env +++ b/build-docker-images/wazuh-manager/config/permanent_data.env @@ -21,6 +21,8 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"