mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-24 00:23:44 +00:00
Compare commits
40 Commits
3.2.1_6.2.
...
3.6.1_6.4.
Author | SHA1 | Date | |
---|---|---|---|
|
80184b5c49 | ||
|
f308ddcaab | ||
|
d6bbc3db77 | ||
|
f14642ac1a | ||
|
04e0d4793a | ||
|
d514ab7830 | ||
|
9ef39510fc | ||
|
9a3a89abdc | ||
|
8ddcda6e84 | ||
|
915a395557 | ||
|
b927c98585 | ||
|
74c2948bc8 | ||
|
b702c67865 | ||
|
4575c30a00 | ||
|
5c39d1f0ea | ||
|
357a17e791 | ||
|
f1a2762984 | ||
|
7200d6f9c2 | ||
|
23d0cb7f63 | ||
|
e03b222f05 | ||
|
4050621326 | ||
|
36cc2607a7 | ||
|
b91e9ba308 | ||
|
9829b98cae | ||
|
073bf284f3 | ||
|
6dacfbcc40 | ||
|
2f91f5aa10 | ||
|
2016322c0a | ||
|
fec53979ea | ||
|
ee3ff4847b | ||
|
290ea29c1d | ||
|
711c3c0f8e | ||
|
70171d490d | ||
|
0df2367e7a | ||
|
efb5f9ef04 | ||
|
97c7b82aec | ||
|
a9e16e79a9 | ||
|
9294617a0e | ||
|
8408f401d5 | ||
|
575708310b |
@@ -15,7 +15,7 @@ In addition, a docker-compose file is provided to launch the containers mentione
|
||||
|
||||
## Current release
|
||||
|
||||
Containers are currently tested on Wazuh version 3.2.1 and Elastic Stack version 6.2.2. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
|
||||
Containers are currently tested on Wazuh version 3.6.1 and Elastic Stack version 6.4.1. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
|
||||
|
||||
## Installation notes
|
||||
|
||||
@@ -25,7 +25,7 @@ To run all docker instances you can just run ``docker-compose up``, from the dir
|
||||
* Kibana container can take a few minutes to install Wazuh plugin, this takes place after ``Optimizing and caching browser bundles...`` is printed out.
|
||||
* It is recommended to set Docker host preferences to give at least 4GB memory per container (this doesn't necessarily mean they all will use it, but Elasticsearch requires them to work properly).
|
||||
|
||||
Once installed you can browse through the interface at: https://127.0.0.1.
|
||||
Once installed you can browse through the interface at: https://127.0.0.1
|
||||
|
||||
## Mount custom Wazuh configuration files
|
||||
|
||||
@@ -69,6 +69,10 @@ These Docker containers are based on:
|
||||
|
||||
We thank you them and everyone else who has contributed to this project.
|
||||
|
||||
## License and copyright
|
||||
|
||||
Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
|
||||
## Wazuh official website
|
||||
|
||||
[Wazuh website](http://wazuh.com)
|
||||
|
@@ -1,8 +1,9 @@
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
wazuh:
|
||||
image: wazuh/wazuh
|
||||
image: wazuh/wazuh:3.6.1_6.4.1
|
||||
hostname: wazuh-manager
|
||||
restart: always
|
||||
ports:
|
||||
@@ -10,6 +11,7 @@ services:
|
||||
- "1515:1515"
|
||||
- "514:514/udp"
|
||||
- "55000:55000"
|
||||
# - "1516:1516"
|
||||
networks:
|
||||
- docker_elk
|
||||
# volumes:
|
||||
@@ -18,16 +20,14 @@ services:
|
||||
# - my-path:/etc/filebeat
|
||||
# - my-custom-config-path/ossec.conf:/wazuh-config-mount/etc/ossec.conf
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
- logstash
|
||||
logstash:
|
||||
image: wazuh/wazuh-logstash
|
||||
image: wazuh/wazuh-logstash:3.6.1_6.4.1
|
||||
hostname: logstash
|
||||
restart: always
|
||||
command: -f /etc/logstash/conf.d/
|
||||
# volumes:
|
||||
# - my-path:/etc/logstash/conf.d:Z
|
||||
links:
|
||||
- kibana
|
||||
- elasticsearch:elasticsearch
|
||||
ports:
|
||||
- "5000:5000"
|
||||
@@ -37,9 +37,8 @@ services:
|
||||
- elasticsearch
|
||||
environment:
|
||||
- LS_HEAP_SIZE=2048m
|
||||
- XPACK_MONITORING_ENABLED=false
|
||||
elasticsearch:
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:6.2.2
|
||||
image: docker.elastic.co/elasticsearch/elasticsearch:6.4.1
|
||||
hostname: elasticsearch
|
||||
restart: always
|
||||
ports:
|
||||
@@ -50,11 +49,6 @@ services:
|
||||
- cluster.name=wazuh
|
||||
- network.host=0.0.0.0
|
||||
- bootstrap.memory_lock=true
|
||||
- xpack.security.enabled=false
|
||||
- xpack.monitoring.enabled=false
|
||||
- xpack.ml.enabled=false
|
||||
- xpack.watcher.enabled=false
|
||||
- xpack.graph.enabled=false
|
||||
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
|
||||
ulimits:
|
||||
memlock:
|
||||
@@ -66,26 +60,24 @@ services:
|
||||
networks:
|
||||
- docker_elk
|
||||
kibana:
|
||||
image: wazuh/wazuh-kibana
|
||||
image: wazuh/wazuh-kibana:3.6.1_6.4.1
|
||||
hostname: kibana
|
||||
restart: always
|
||||
# ports:
|
||||
# - "5601:5601"
|
||||
environment:
|
||||
- "NODE_OPTIONS=--max-old-space-size=3072"
|
||||
# environment:
|
||||
# - ELASTICSEARCH_URL=http://elasticsearch:9200
|
||||
networks:
|
||||
- docker_elk
|
||||
depends_on:
|
||||
- elasticsearch
|
||||
links:
|
||||
- elasticsearch:elasticsearch
|
||||
- wazuh
|
||||
entrypoint: /wait-for-it.sh elasticsearch
|
||||
- wazuh:wazuh
|
||||
nginx:
|
||||
image: wazuh/wazuh-nginx
|
||||
image: wazuh/wazuh-nginx:3.6.1_6.4.1
|
||||
hostname: nginx
|
||||
restart: always
|
||||
entrypoint: /run.sh
|
||||
environment:
|
||||
- NGINX_PORT=443
|
||||
ports:
|
||||
@@ -98,7 +90,7 @@ services:
|
||||
depends_on:
|
||||
- kibana
|
||||
links:
|
||||
- kibana
|
||||
- kibana:kibana
|
||||
|
||||
networks:
|
||||
docker_elk:
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 81 KiB |
Binary file not shown.
Before Width: | Height: | Size: 86 KiB |
@@ -1,25 +1,19 @@
|
||||
FROM docker.elastic.co/kibana/kibana:6.2.2
|
||||
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
FROM docker.elastic.co/kibana/kibana:6.4.1
|
||||
ARG WAZUH_APP_VERSION=3.6.1_6.4.1
|
||||
USER root
|
||||
|
||||
COPY ./config/kibana.yml /usr/share/kibana/config/kibana.yml
|
||||
ADD https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
|
||||
|
||||
COPY config/wait-for-it.sh /wait-for-it.sh
|
||||
ADD https://raw.githubusercontent.com/wazuh/wazuh/3.6/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/kibana/config
|
||||
|
||||
ADD https://packages.wazuh.com/wazuhapp/wazuhapp-3.2.1_6.2.2.zip /tmp
|
||||
RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip &&\
|
||||
chown -R kibana:kibana /usr/share/kibana &&\
|
||||
rm -rf /tmp/*
|
||||
|
||||
ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/kibana/config
|
||||
|
||||
ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/wazuh-elastic6-template-monitoring.json /usr/share/kibana/config
|
||||
|
||||
ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/alert_sample.json /usr/share/kibana/config
|
||||
|
||||
RUN /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-3.2.1_6.2.2.zip
|
||||
|
||||
RUN chown -R kibana.kibana /usr/share/kibana
|
||||
|
||||
RUN rm -rf /tmp/*
|
||||
|
||||
RUN chmod 755 /wait-for-it.sh
|
||||
COPY config/entrypoint.sh /entrypoint.sh
|
||||
RUN chmod 755 /entrypoint.sh
|
||||
|
||||
USER kibana
|
||||
|
||||
ENTRYPOINT /entrypoint.sh
|
||||
|
56
kibana/config/entrypoint.sh
Normal file
56
kibana/config/entrypoint.sh
Normal file
@@ -0,0 +1,56 @@
|
||||
#!/bin/bash
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
|
||||
set -e
|
||||
|
||||
if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
|
||||
el_url="http://elasticsearch:9200"
|
||||
else
|
||||
el_url="${ELASTICSEARCH_URL}"
|
||||
fi
|
||||
|
||||
until curl -XGET $el_url; do
|
||||
>&2 echo "Elastic is unavailable - sleeping"
|
||||
sleep 5
|
||||
done
|
||||
|
||||
>&2 echo "Elastic is up - executing command"
|
||||
|
||||
#Insert default templates
|
||||
cat /usr/share/kibana/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" -H 'Content-Type: application/json' -d @-
|
||||
sleep 5
|
||||
|
||||
echo "Setting API credentials into Wazuh APP"
|
||||
CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013)
|
||||
if [ "x$CONFIG_CODE" = "x404" ]; then
|
||||
curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
|
||||
{
|
||||
"api_user": "foo",
|
||||
"api_password": "YmFy",
|
||||
"url": "https://wazuh",
|
||||
"api_port": "55000",
|
||||
"insecure": "true",
|
||||
"component": "API",
|
||||
"cluster_info": {
|
||||
"manager": "wazuh-manager",
|
||||
"cluster": "Disabled",
|
||||
"status": "disabled"
|
||||
},
|
||||
"extensions": {
|
||||
"oscap": true,
|
||||
"audit": true,
|
||||
"pci": true,
|
||||
"aws": true,
|
||||
"virustotal": true,
|
||||
"gdpr": true,
|
||||
"ciscat": true
|
||||
}
|
||||
}
|
||||
' > /dev/null
|
||||
else
|
||||
echo "Wazuh APP already configured"
|
||||
fi
|
||||
|
||||
sleep 5
|
||||
|
||||
/usr/local/bin/kibana-docker
|
@@ -90,10 +90,3 @@ logging.quiet: true
|
||||
# Set the interval in milliseconds to sample system and process performance
|
||||
# metrics. Minimum is 100ms. Defaults to 10000.
|
||||
# ops.interval: 10000
|
||||
|
||||
xpack.security.enabled: false
|
||||
xpack.grokdebugger.enabled: false
|
||||
xpack.graph.enabled: false
|
||||
xpack.ml.enabled: false
|
||||
xpack.monitoring.enabled: false
|
||||
xpack.reporting.enabled: false
|
@@ -1,60 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
host="$1"
|
||||
shift
|
||||
cmd="kibana"
|
||||
|
||||
until curl -XGET $host:9200; do
|
||||
>&2 echo "Elastic is unavailable - sleeping"
|
||||
sleep 5
|
||||
done
|
||||
|
||||
>&2 echo "Elastic is up - executing command"
|
||||
|
||||
sleep 5
|
||||
#Insert default templates
|
||||
cat /usr/share/kibana/config/wazuh-elastic6-template-alerts.json | curl -XPUT "http://$host:9200/_template/wazuh" -H 'Content-Type: application/json' -d @-
|
||||
|
||||
sleep 5
|
||||
#Insert default templates
|
||||
cat /usr/share/kibana/config/wazuh-elastic6-template-monitoring.json | curl -XPUT "http://$host:9200/_template/wazuh-agent" -H 'Content-Type: application/json' -d @-
|
||||
|
||||
#Insert sample alert:
|
||||
sleep 5
|
||||
cat /usr/share/kibana/config/alert_sample.json | curl -XPUT "http://$host:9200/wazuh-alerts-3.x-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-
|
||||
|
||||
sleep 5
|
||||
echo "Setting API credentials into Wazuh APP"
|
||||
CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET http://$host:9200/.wazuh/wazuh-configuration/1513629884013)
|
||||
if [ "x$CONFIG_CODE" = "x404" ]; then
|
||||
curl -s -XPOST http://$host:9200/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
|
||||
{
|
||||
"api_user": "foo",
|
||||
"api_password": "YmFy",
|
||||
"url": "https://wazuh",
|
||||
"api_port": "55000",
|
||||
"insecure": "true",
|
||||
"component": "API",
|
||||
"cluster_info": {
|
||||
"manager": "wazuh-manager",
|
||||
"cluster": "Disabled",
|
||||
"status": "disabled"
|
||||
},
|
||||
"extensions": {
|
||||
"oscap": true,
|
||||
"audit": true,
|
||||
"pci": true,
|
||||
"aws": true,
|
||||
"virustotal": true
|
||||
}
|
||||
}
|
||||
' > /dev/null
|
||||
else
|
||||
echo "Wazuh APP already configured"
|
||||
fi
|
||||
|
||||
sleep 5
|
||||
|
||||
exec $cmd
|
@@ -1,3 +1,6 @@
|
||||
FROM docker.elastic.co/logstash/logstash:6.2.2
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
FROM docker.elastic.co/logstash/logstash:6.4.1
|
||||
|
||||
COPY config/logstash.conf /etc/logstash/conf.d/logstash.conf
|
||||
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
|
||||
|
||||
COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf
|
||||
|
@@ -1,3 +1,4 @@
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
# Wazuh - Logstash configuration file
|
||||
## Remote Wazuh Manager - Filebeat input
|
||||
input {
|
||||
@@ -25,14 +26,14 @@ filter {
|
||||
geoip {
|
||||
source => "@src_ip"
|
||||
target => "GeoLocation"
|
||||
fields => ["city_name", "continent_code", "country_code2", "country_name", "region_name", "location"]
|
||||
fields => ["city_name", "country_name", "region_name", "location"]
|
||||
}
|
||||
date {
|
||||
match => ["timestamp", "ISO8601"]
|
||||
target => "@timestamp"
|
||||
}
|
||||
mutate {
|
||||
remove_field => [ "timestamp", "beat", "input_type", "tags", "count", "@version", "log", "offset", "type","@src_ip"]
|
||||
remove_field => [ "timestamp", "beat", "input_type", "tags", "count", "@version", "log", "offset", "type", "@src_ip", "host"]
|
||||
}
|
||||
}
|
||||
output {
|
@@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
#
|
||||
# OSSEC container bootstrap. See the README for information of the environment
|
||||
# variables expected by this script.
|
||||
|
@@ -1,7 +1,16 @@
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
FROM nginx:latest
|
||||
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
|
||||
RUN apt-get update && apt-get install -y openssl apache2-utils
|
||||
|
||||
COPY ./config/run.sh /run.sh
|
||||
COPY config/entrypoint.sh /entrypoint.sh
|
||||
|
||||
RUN chmod 755 /run.sh
|
||||
RUN chmod 755 /entrypoint.sh
|
||||
|
||||
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
VOLUME ["/etc/nginx/conf.d"]
|
||||
|
||||
ENTRYPOINT /entrypoint.sh
|
||||
|
54
nginx/config/entrypoint.sh
Normal file
54
nginx/config/entrypoint.sh
Normal file
@@ -0,0 +1,54 @@
|
||||
#!/bin/sh
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
|
||||
set -e
|
||||
|
||||
# Generating certificates.
|
||||
if [ ! -d /etc/nginx/conf.d/ssl ]; then
|
||||
echo "Generating SSL certificates"
|
||||
mkdir -p /etc/nginx/conf.d/ssl/certs /etc/nginx/conf.d/ssl/private
|
||||
openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/conf.d/ssl/private/kibana-access.key -out /etc/nginx/conf.d/ssl/certs/kibana-access.pem >/dev/null
|
||||
else
|
||||
echo "SSL certificates already present"
|
||||
fi
|
||||
|
||||
# Configuring default credentiales.
|
||||
if [ ! -f /etc/nginx/conf.d/kibana.htpasswd ]; then
|
||||
echo "Setting Nginx credentials"
|
||||
echo bar|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd foo >/dev/null
|
||||
else
|
||||
echo "Kibana credentials already configured"
|
||||
fi
|
||||
|
||||
|
||||
if [ "x${NGINX_PORT}" = "x" ]; then
|
||||
NGINX_PORT=443
|
||||
fi
|
||||
|
||||
if [ "x${KIBANA_HOST}" = "x" ]; then
|
||||
KIBANA_HOST="kibana:5601"
|
||||
fi
|
||||
|
||||
echo "Configuring NGINX"
|
||||
cat > /etc/nginx/conf.d/default.conf <<EOF
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://\$host:${NGINX_PORT}\$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen ${NGINX_PORT} default_server;
|
||||
listen [::]:${NGINX_PORT};
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/conf.d/ssl/certs/kibana-access.pem;
|
||||
ssl_certificate_key /etc/nginx/conf.d/ssl/private/kibana-access.key;
|
||||
location / {
|
||||
auth_basic "Restricted";
|
||||
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
|
||||
proxy_pass http://${KIBANA_HOST}/;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
nginx -g 'daemon off;'
|
@@ -1,43 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
if [ ! -d /etc/pki/tls/certs ]; then
|
||||
echo "Generating SSL certificates"
|
||||
mkdir -p /etc/pki/tls/certs /etc/pki/tls/private
|
||||
openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/kibana-access.key -out /etc/pki/tls/certs/kibana-access.pem >/dev/null
|
||||
else
|
||||
echo "SSL certificates already present"
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/kibana.htpasswd ]; then
|
||||
echo "Setting Nginx credentials"
|
||||
echo bar|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd foo >/dev/null
|
||||
else
|
||||
echo "Kibana credentials already configured"
|
||||
fi
|
||||
|
||||
echo "Configuring NGINX"
|
||||
cat > /etc/nginx/conf.d/default.conf <<EOF
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://\$host:$NGINX_PORT\$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen $NGINX_PORT default_server;
|
||||
listen [::]:$NGINX_PORT;
|
||||
ssl on;
|
||||
ssl_certificate /etc/pki/tls/certs/kibana-access.pem;
|
||||
ssl_certificate_key /etc/pki/tls/private/kibana-access.key;
|
||||
location / {
|
||||
auth_basic "Restricted";
|
||||
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
|
||||
proxy_pass http://kibana:5601/;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
echo "Starting Nginx"
|
||||
nginx -g 'daemon off; error_log /dev/stdout info;'
|
@@ -1,16 +1,32 @@
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
FROM phusion/baseimage:latest
|
||||
ARG FILEBEAT_VERSION=6.2.2
|
||||
ARG FILEBEAT_VERSION=6.4.1
|
||||
ARG WAZUH_VERSION=3.6.1-1
|
||||
|
||||
RUN apt-get update; apt-get -y dist-upgrade
|
||||
RUN apt-get -y install openssl postfix bsd-mailx curl apt-transport-https lsb-release
|
||||
# Updating image
|
||||
RUN apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold"
|
||||
|
||||
# Set Wazuh repository.
|
||||
RUN echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
|
||||
RUN curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
|
||||
|
||||
# Set nodejs repository.
|
||||
RUN curl --silent --location https://deb.nodesource.com/setup_8.x | bash -
|
||||
|
||||
# Creating ossec user as uid:gid 1000:1000
|
||||
RUN groupadd -g 1000 ossec
|
||||
RUN useradd -u 1000 -g 1000 ossec
|
||||
RUN curl --silent --location https://deb.nodesource.com/setup_6.x | bash - &&\
|
||||
apt-get install -y nodejs
|
||||
RUN curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
|
||||
RUN echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
|
||||
RUN apt-get update && apt-get -y install wazuh-manager=3.2.1-1 wazuh-api=3.2.1-1 expect && apt-get clean
|
||||
|
||||
# Configure postfix
|
||||
RUN echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections
|
||||
RUN echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
|
||||
|
||||
# Install packages
|
||||
RUN apt-get update && apt-get -y install openssl postfix bsd-mailx python-boto python-pip \
|
||||
apt-transport-https vim expect nodejs python-cryptography wazuh-manager=${WAZUH_VERSION} \
|
||||
wazuh-api=${WAZUH_VERSION}
|
||||
|
||||
# Adding first run script.
|
||||
ADD config/data_dirs.env /data_dirs.env
|
||||
ADD config/init.bash /init.bash
|
||||
|
||||
@@ -19,19 +35,43 @@ RUN chmod 755 /init.bash &&\
|
||||
sync && /init.bash &&\
|
||||
sync && rm /init.bash
|
||||
|
||||
# Installing and configuring fiebeat
|
||||
RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
|
||||
dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm filebeat-${FILEBEAT_VERSION}-amd64.deb
|
||||
|
||||
dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb
|
||||
COPY config/filebeat.yml /etc/filebeat/
|
||||
RUN chmod go-w /etc/filebeat/filebeat.yml
|
||||
|
||||
ADD config/run.sh /tmp/run.sh
|
||||
RUN chmod 755 /tmp/run.sh
|
||||
# Adding entrypoint
|
||||
ADD config/entrypoint.sh /entrypoint.sh
|
||||
RUN chmod 755 /entrypoint.sh
|
||||
|
||||
# Setting volumes
|
||||
VOLUME ["/var/ossec/data"]
|
||||
VOLUME ["/etc/filebeat"]
|
||||
VOLUME ["/etc/postfix"]
|
||||
|
||||
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp
|
||||
# Services ports
|
||||
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
|
||||
|
||||
# Run supervisord so that the container will stay alive
|
||||
# Clean up
|
||||
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
ENTRYPOINT ["/tmp/run.sh"]
|
||||
# Adding services
|
||||
RUN mkdir /etc/service/wazuh
|
||||
COPY config/wazuh.runit.service /etc/service/wazuh/run
|
||||
RUN chmod +x /etc/service/wazuh/run
|
||||
|
||||
RUN mkdir /etc/service/wazuh-api
|
||||
COPY config/wazuh-api.runit.service /etc/service/wazuh-api/run
|
||||
RUN chmod +x /etc/service/wazuh-api/run
|
||||
|
||||
RUN mkdir /etc/service/postfix
|
||||
COPY config/postfix.runit.service /etc/service/postfix/run
|
||||
RUN chmod +x /etc/service/postfix/run
|
||||
|
||||
RUN mkdir /etc/service/filebeat
|
||||
COPY config/filebeat.runit.service /etc/service/filebeat/run
|
||||
RUN chmod +x /etc/service/filebeat/run
|
||||
|
||||
# Run all services
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
@@ -1,4 +1,5 @@
|
||||
#!/bin/bash
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
|
||||
#
|
||||
# OSSEC container bootstrap. See the README for information of the environment
|
||||
@@ -112,9 +113,4 @@ trap "ossec_shutdown; exit" SIGINT SIGTERM
|
||||
|
||||
chmod -R g+rw ${DATA_PATH}
|
||||
|
||||
service postfix start
|
||||
service wazuh-api start
|
||||
service wazuh-manager start
|
||||
service filebeat start
|
||||
|
||||
tail -f /var/ossec/logs/ossec.log
|
||||
/sbin/my_init
|
3
wazuh/config/filebeat.runit.service
Normal file
3
wazuh/config/filebeat.runit.service
Normal file
@@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
service filebeat start
|
||||
tail -f /var/log/filebeat/filebeat
|
@@ -1,3 +1,4 @@
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
filebeat:
|
||||
prospectors:
|
||||
- input_type: log
|
||||
|
@@ -1,4 +1,5 @@
|
||||
#!/bin/bash
|
||||
# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
|
||||
|
||||
#
|
||||
# Initialize the custom data directory layout
|
||||
|
3
wazuh/config/postfix.runit.service
Normal file
3
wazuh/config/postfix.runit.service
Normal file
@@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
service postfix start
|
||||
tail -f /var/log/mail.log
|
4
wazuh/config/wazuh-api.runit.service
Normal file
4
wazuh/config/wazuh-api.runit.service
Normal file
@@ -0,0 +1,4 @@
|
||||
#!/bin/sh
|
||||
service wazuh-api start
|
||||
tail -f /var/ossec/data/logs/api.log
|
||||
|
4
wazuh/config/wazuh.runit.service
Normal file
4
wazuh/config/wazuh.runit.service
Normal file
@@ -0,0 +1,4 @@
|
||||
#!/bin/sh
|
||||
service wazuh-manager start
|
||||
tail -f /var/ossec/data/logs/ossec.log
|
||||
|
Reference in New Issue
Block a user