Update License and copyright

Update Dockerfile

README.md

@@ -15,7 +15,7 @@ In addition, a docker-compose file is provided to launch the containers mentione
 
 ## Current release
 
-Containers are currently tested on Wazuh version 3.1.0 and Elastic Stack version 6.1.0. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
+Containers are currently tested on Wazuh version 3.2.1 and Elastic Stack version 6.2.2. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
 
 ## Installation notes
 
@@ -25,7 +25,34 @@ To run all docker instances you can just run ``docker-compose up``, from the dir
 * Kibana container can take a few minutes to install Wazuh plugin, this takes place after ``Optimizing and caching browser bundles...`` is printed out.
 * It is recommended to set Docker host preferences to give at least 4GB memory per container (this doesn't necessarily mean they all will use it, but Elasticsearch requires them to work properly).
 
-Once installed you can browse through the interface at: http://127.0.0.1:5601
+Once installed you can browse through the interface at: https://127.0.0.1.
+
+## Mount custom Wazuh configuration files
+
+To mount custom Wazuh configuration files in the Wazuh manager container, mount them in the `/wazuh-config-mount` folder. For example, to mount a custom `ossec.conf` file, mount it in `/wazuh-config-mount/etc/ossec.conf` and the [run.sh](wazuh/config/run.sh) script will copy the file at the right place on boot while respecting the destination file permissions.
+
+Here is an example of a `/wazuh-config-mount` folder used to mount some common custom configuration files:
+```
+root@wazuh-manager:/# tree /wazuh-config-mount/
+/wazuh-config-mount/
+└── etc
+    ├── ossec.conf
+    ├── rules
+    │   └── local_rules.xml
+    └── shared
+        └── default
+            └── agent.conf
+
+4 directories, 3 files
+```
+
+In that case, you will see this in the Wazuh manager logs on boot:
+```
+Identified Wazuh configuration files to mount...
+'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/data/etc/ossec.conf'
+'/wazuh-config-mount/etc/rules/local_rules.xml' -> '/var/ossec/data/etc/rules/local_rules.xml'
+'/wazuh-config-mount/etc/shared/default/agent.conf' -> '/var/ossec/data/etc/shared/default/agent.conf'
+```
 
 ## More documentation
 
@@ -42,6 +69,10 @@ These Docker containers are based on:
 
 We thank you them and everyone else who has contributed to this project.
 
+## License and copyright
+
+Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+
 ## Wazuh official website
 
 [Wazuh website](http://wazuh.com)

docker-compose.yml

@@ -1,3 +1,4 @@
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 version: '2'
 
 services:
@@ -10,11 +11,14 @@ services:
       - "1515:1515"
       - "514:514/udp"
       - "55000:55000"
+#      - "1516:1516"
     networks:
         - docker_elk
 #    volumes:
 #      - my-path:/var/ossec/data:Z
 #      - my-path:/etc/postfix:Z
+#      - my-path:/etc/filebeat
+#      - my-custom-config-path/ossec.conf:/wazuh-config-mount/etc/ossec.conf
     depends_on:
       - elasticsearch
   logstash:
@@ -37,7 +41,7 @@ services:
       - LS_HEAP_SIZE=2048m
       - XPACK_MONITORING_ENABLED=false
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:6.1.3
+    image: docker.elastic.co/elasticsearch/elasticsearch:6.2.3
     hostname: elasticsearch
     restart: always
     ports:

kibana/Dockerfile

@@ -1,21 +1,26 @@
-FROM docker.elastic.co/kibana/kibana:6.1.3
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
-
+FROM docker.elastic.co/kibana/kibana:6.2.3
+ARG WAZUH_APP_VERSION=3.2.1_6.2.3
 USER root
 
 COPY ./config/kibana.yml /usr/share/kibana/config/kibana.yml
 
 COPY config/wait-for-it.sh /wait-for-it.sh
 
-ADD https://packages.wazuh.com/wazuhapp/wazuhapp-3.1.0_6.1.3.zip /tmp
+ADD https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 
-ADD https://raw.githubusercontent.com/wazuh/wazuh/3.1/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/kibana/config
+ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/kibana/config
 
-ADD https://raw.githubusercontent.com/wazuh/wazuh/3.1/extensions/elasticsearch/wazuh-elastic6-template-monitoring.json /usr/share/kibana/config
+ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/wazuh-elastic6-template-monitoring.json /usr/share/kibana/config
 
-ADD https://raw.githubusercontent.com/wazuh/wazuh/3.1/extensions/elasticsearch/alert_sample.json /usr/share/kibana/config
+ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/alert_sample.json /usr/share/kibana/config
 
-RUN /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-3.1.0_6.1.3.zip
+RUN /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip
+
+RUN chown -R kibana.kibana /usr/share/kibana
 
 RUN rm -rf /tmp/*
 
 RUN chmod 755 /wait-for-it.sh
+
+USER kibana

kibana/config/wait-for-it.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -15,15 +16,15 @@ done
 
 sleep 5
 #Insert default templates
-cat /usr/share/kibana/config/wazuh-elastic6-template-alerts.json | curl -XPUT 'http://elasticsearch:9200/_template/wazuh' -H 'Content-Type: application/json' -d @-
+cat /usr/share/kibana/config/wazuh-elastic6-template-alerts.json | curl -XPUT "http://$host:9200/_template/wazuh" -H 'Content-Type: application/json' -d @-
 
 sleep 5
 #Insert default templates
-cat /usr/share/kibana/config/wazuh-elastic6-template-monitoring.json | curl -XPUT 'http://elasticsearch:9200/_template/wazuh-agent' -H 'Content-Type: application/json' -d @-
+cat /usr/share/kibana/config/wazuh-elastic6-template-monitoring.json | curl -XPUT "http://$host:9200/_template/wazuh-agent" -H 'Content-Type: application/json' -d @-
 
 #Insert sample alert:
 sleep 5
-cat /usr/share/kibana/config/alert_sample.json | curl -XPUT "http://elasticsearch:9200/wazuh-alerts-3.x-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-
+cat /usr/share/kibana/config/alert_sample.json | curl -XPUT "http://$host:9200/wazuh-alerts-3.x-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-
 
 sleep 5
 echo "Setting API credentials into Wazuh APP"
@@ -45,7 +46,9 @@ if [ "x$CONFIG_CODE" = "x404" ]; then
       "extensions": {
         "oscap": true,
         "audit": true,
-        "pci": true
+        "pci": true,
+        "aws": true,
+        "virustotal": true
       }
     }
     ' > /dev/null

logstash/Dockerfile

@@ -1,3 +1,4 @@
-FROM docker.elastic.co/logstash/logstash:6.1.3
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+FROM docker.elastic.co/logstash/logstash:6.2.3
 
 COPY config/logstash.conf /etc/logstash/conf.d/logstash.conf

logstash/config/logstash.conf

@@ -1,3 +1,4 @@
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 # Wazuh - Logstash configuration file
 ## Remote Wazuh Manager - Filebeat input
 input {

logstash/config/run.sh

@@ -1,12 +1,5 @@
 #!/bin/bash
-
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
-#
-# OSSEC container bootstrap. See the README for information of the environment
-# variables expected by this script.
-#
-
-#
-
 #
 # Apply Templates
 #

nginx/Dockerfile

@@ -1,7 +1,8 @@
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 FROM nginx:latest
 
 RUN apt-get update && apt-get install -y openssl apache2-utils
 
-COPY ./config/run.sh /run.sh
+COPY config/run.sh /run.sh
 
 RUN chmod 755 /run.sh

nginx/config/run.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 set -e
 
 if [ ! -d /etc/pki/tls/certs ]; then

wazuh/Dockerfile

@@ -1,5 +1,7 @@
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 FROM phusion/baseimage:latest
-ARG FILEBEAT_VERSION=6.1.3
+ARG FILEBEAT_VERSION=6.2.3
+ARG WAZUH_VERSION=3.2.1-1
 
 RUN apt-get update; apt-get -y dist-upgrade
 RUN apt-get -y install openssl postfix bsd-mailx curl apt-transport-https lsb-release
@@ -9,7 +11,7 @@ RUN curl --silent --location https://deb.nodesource.com/setup_6.x | bash - &&\
     apt-get install -y nodejs
 RUN curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
 RUN echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
-RUN apt-get update && apt-get -y install wazuh-manager wazuh-api expect
+RUN apt-get update && apt-get -y install wazuh-manager=${WAZUH_VERSION} wazuh-api=${WAZUH_VERSION} expect && apt-get clean
 
 ADD config/data_dirs.env /data_dirs.env
 ADD config/init.bash /init.bash
@@ -28,8 +30,9 @@ ADD config/run.sh /tmp/run.sh
 RUN chmod 755 /tmp/run.sh
 
 VOLUME ["/var/ossec/data"]
+VOLUME ["/etc/filebeat"]
 
-EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp
+EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
 
 # Run supervisord so that the container will stay alive
 

wazuh/config/filebeat.yml

@@ -1,3 +1,4 @@
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 filebeat:
  prospectors:
   - input_type: log

wazuh/config/init.bash

@@ -1,5 +1,5 @@
 #!/bin/bash
-
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
 #
 # Initialize the custom data directory layout
 #

wazuh/config/run.sh

@@ -1,19 +1,16 @@
 #!/bin/bash
-
+# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
-#
-# OSSEC container bootstrap. See the README for information of the environment
-# variables expected by this script.
-#
-
-#
-
-#
 # Startup the services
 #
 
 source /data_dirs.env
+
 FIRST_TIME_INSTALLATION=false
-DATA_PATH=/var/ossec/data
+
+WAZUH_INSTALL_PATH=/var/ossec
+DATA_PATH=${WAZUH_INSTALL_PATH}/data
+
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
 
 print() {
     echo -e $1
@@ -29,6 +26,9 @@ exec_cmd() {
     eval $1 > /dev/null 2>&1 || error_and_exit "$1"
 }
 
+exec_cmd_stdout() {
+    eval $1 2>&1 || error_and_exit "$1"
+}
 
 edit_configuration() { # $1 -> setting,  $2 -> value
     sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
@@ -75,11 +75,28 @@ then
   fi
 fi
 
-#Enabling ossec-authd.
+##############################################################################
+# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect
+# destination files permissions
+#
+# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
+# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
+# replace the ossec.conf file in /var/ossec/data/etc with yours.
+##############################################################################
+if [ -e "$WAZUH_CONFIG_MOUNT" ]
+then
+  print "Identified Wazuh configuration files to mount..."
+
+  exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH"
+else
+  print "No Wazuh configuration files to mount..."
+fi
+
+# Enabling ossec-authd.
 exec_cmd "/var/ossec/bin/ossec-control enable auth"
 
 function ossec_shutdown(){
-  ${DATA_PATH}/bin/ossec-control stop;
+  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
 }
 
 # Trap exit signals and do a proper shutdown