From f63d9fa387c07cede948a900d3d936ec9d6bc4b0 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Fri, 10 May 2019 22:24:41 +0200 Subject: [PATCH 1/5] Include protocol and port in LOGSTASH_OUTPUT environment variable (#164) * Including protocol and port in the LOGSTASH_OUTPUT env var. --- logstash/config/entrypoint.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/logstash/config/entrypoint.sh b/logstash/config/entrypoint.sh index 88c3d169..4aaff056 100644 --- a/logstash/config/entrypoint.sh +++ b/logstash/config/entrypoint.sh @@ -17,6 +17,16 @@ else el_url="${ELASTICSEARCH_URL}" fi +############################################################################## +# Customize logstash output ip +############################################################################## + +if [ "$LOGSTASH_OUTPUT" != "" ]; then + >&2 echo "Customize Logstash ouput ip." + sed -i 's|elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/pipeline/01-wazuh.conf + sed -i 's|http://elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/config/logstash.yml +fi + until curl -XGET $el_url; do >&2 echo "Elastic is unavailable - sleeping." sleep 5 @@ -44,16 +54,6 @@ sleep 2 >&2 echo "Wazuh alerts template is loaded." -############################################################################## -# Customize logstash output ip -############################################################################## - -if [ "$LOGSTASH_OUTPUT" != "" ]; then - >&2 echo "Customize Logstash ouput ip." - sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/pipeline/01-wazuh.conf - sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/config/logstash.yml -fi - ############################################################################## # Map environment variables to entries in logstash.yml. # Note that this will mutate logstash.yml in place if any such settings are found. From 447c15c8238779dadcc02a67e8e6052d00bd63e4 Mon Sep 17 00:00:00 2001 From: Javier Castro Date: Fri, 17 May 2019 12:56:45 -0700 Subject: [PATCH 2/5] Allow port change for elasticsearch url in kibana --- kibana/config/kibana_settings.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kibana/config/kibana_settings.sh b/kibana/config/kibana_settings.sh index 77b116d7..3255338b 100644 --- a/kibana/config/kibana_settings.sh +++ b/kibana/config/kibana_settings.sh @@ -19,7 +19,7 @@ WAZUH_MAJOR=3 # Customize elasticsearch ip ############################################################################## if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then - sed -i "s/elasticsearch:9200/$ELASTICSEARCH_KIBANA_IP:9200/" /usr/share/kibana/config/kibana.yml + sed -i "s/elasticsearch:9200/$ELASTICSEARCH_KIBANA_IP/" /usr/share/kibana/config/kibana.yml fi if [ "$KIBANA_IP" != "" ]; then From 569d3ee931821be38dc91e9f5f3df3d3d0bd5bdd Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 21 May 2019 23:18:35 +0200 Subject: [PATCH 3/5] Changed entrypoint copy location --- kibana/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kibana/Dockerfile b/kibana/Dockerfile index 92beac63..f72e8093 100644 --- a/kibana/Dockerfile +++ b/kibana/Dockerfile @@ -9,8 +9,8 @@ RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin chown -R kibana:kibana /usr/share/kibana &&\ rm -rf /tmp/* -COPY config/entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh +COPY config/entrypoint.sh ./entrypoint.sh +RUN chmod 755 ./entrypoint.sh USER kibana @@ -73,4 +73,4 @@ RUN ./welcome_wazuh.sh RUN /usr/local/bin/kibana-docker --optimize -ENTRYPOINT /entrypoint.sh +ENTRYPOINT ./entrypoint.sh From f66f986abb355bba95a1cdca1cb9f868140f4096 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 21 May 2019 23:18:51 +0200 Subject: [PATCH 4/5] Fixed sed command in kibana_settings --- kibana/config/kibana_settings.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kibana/config/kibana_settings.sh b/kibana/config/kibana_settings.sh index 3255338b..96e5f35b 100644 --- a/kibana/config/kibana_settings.sh +++ b/kibana/config/kibana_settings.sh @@ -19,7 +19,8 @@ WAZUH_MAJOR=3 # Customize elasticsearch ip ############################################################################## if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then - sed -i "s/elasticsearch:9200/$ELASTICSEARCH_KIBANA_IP/" /usr/share/kibana/config/kibana.yml + sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml + fi if [ "$KIBANA_IP" != "" ]; then From 22ad4360f548e54bb0c5e929f8c84a186ad2ab88 Mon Sep 17 00:00:00 2001 From: manuasir Date: Mon, 3 Jun 2019 17:20:11 +0200 Subject: [PATCH 5/5] Add XPACK_SECURITY_ENABLED and KIBANA_INDEX options to Kibana container. --- kibana/config/kibana_settings.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/kibana/config/kibana_settings.sh b/kibana/config/kibana_settings.sh index 96e5f35b..fb5768e5 100644 --- a/kibana/config/kibana_settings.sh +++ b/kibana/config/kibana_settings.sh @@ -20,7 +20,22 @@ WAZUH_MAJOR=3 ############################################################################## if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml +fi +# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate. +if [ "$KIBANA_INDEX" != "" ]; then + if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then + sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml + fi + echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml +fi + +# If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false. +if [ "$XPACK_SECURITY_ENABLED" != "" ]; then + if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then + sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml + fi + echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml fi if [ "$KIBANA_IP" != "" ]; then