Fix Bash syntax error with multiple conditions on ES and Kibana

Changing Filebeat configuration if environment variable is set

CHANGELOG.md

@@ -1,6 +1,18 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v3.9.2_7.1.1
+
+### Added
+
+- Update to Wazuh version 3.9.2_7.1.1
+
+## Wazuh Docker v3.9.2_6.8.0
+
+### Added
+
+- Update to Wazuh version 3.9.2_6.8.0
+
 ## Wazuh Docker v3.9.1_7.1.0
 
 ### Added

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.9.1_7.1.0"
-REVISION="3911"
+WAZUH-DOCKER_VERSION="3.9.2_7.1.1"
+REVISION="3920"

docker-compose.yml

@@ -1,36 +1,35 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 version: '2'
 
 services:
   wazuh:
-    build: wazuh
+    image: wazuh/wazuh:3.9.2_7.1.1
     hostname: wazuh-manager
     restart: always
     ports:
-      - '1514:1514/udp'
-      - '1515:1515'
-      - '514:514/udp'
-      - '55000:55000'
+      - "1514:1514/udp"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
   elasticsearch:
-    build: elasticsearch
+    image: wazuh/wazuh-elasticsearch:3.9.2_7.1.1
     hostname: elasticsearch
     restart: always
     ports:
-      - '9200:9200'
+      - "9200:9200"
     environment:
       - node.name=node-1
       - cluster.name=wazuh
-      - network.host=localhost
-      - discovery.type=single-node
+      - network.host=0.0.0.0
       - bootstrap.memory_lock=true
-      - 'ES_JAVA_OPTS=-Xms1g -Xmx1g'
+      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
     ulimits:
       memlock:
         soft: -1
         hard: -1
     mem_limit: 2g
   kibana:
-    build: kibana
+    image: wazuh/wazuh-kibana:3.9.2_7.1.1
     hostname: kibana
     restart: always
     depends_on:
@@ -39,15 +38,15 @@ services:
       - elasticsearch:elasticsearch
       - wazuh:wazuh
   nginx:
-    build: nginx
+    image: wazuh/wazuh-nginx:3.9.2_7.1.1
     hostname: nginx
     restart: always
     environment:
       - NGINX_PORT=443
       - NGINX_CREDENTIALS
     ports:
-      - '80:80'
-      - '443:443'
+      - "80:80"
+      - "443:443"
     depends_on:
       - kibana
     links:

elasticsearch/Dockerfile

@@ -1,5 +1,7 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/elasticsearch/elasticsearch:7.1.0
+ARG ELASTIC_VERSION=7.1.1
+FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
+ARG S3_PLUGIN_URL="https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-${ELASTIC_VERSION}.zip"
 
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 
@@ -13,7 +15,7 @@ ENV XPACK_ML="true"
 
 ENV ENABLE_CONFIGURE_S3="false"
 
-ENV TEMPLATE_VERSION=v3.9.1
+ARG TEMPLATE_VERSION=v3.9.2
 
 # Elasticearch cluster configuration environment variables
 # If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
@@ -41,7 +43,7 @@ COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
 
 RUN chmod +x ./load_settings.sh
 
-RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-7.1.0.zip
+RUN ${bin/elasticsearch-plugin install --batch S3_PLUGIN_URL}
 
 COPY config/configure_s3.sh ./config/configure_s3.sh
 RUN chmod 755 ./config/configure_s3.sh

kibana/Dockerfile

@@ -1,6 +1,9 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:7.1.0
-ARG WAZUH_APP_VERSION=3.9.1_7.1.0
+FROM docker.elastic.co/kibana/kibana:7.1.1
+ARG ELASTIC_VERSION=7.1.1
+ARG WAZUH_VERSION=3.9.2
+ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
+
 USER root
 
 ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp

kibana/config/entrypoint.sh

@@ -13,7 +13,7 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
-if [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
+if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
   auth=""
 else
   auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"

kibana/config/xpack_config.sh

@@ -10,7 +10,6 @@ then
     [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
     [xpack.ml.enabled]=$XPACK_ML
     [xpack.canvas.enabled]=$XPACK_CANVAS
-    [xpack.logstash.enabled]=$XPACK_LOGS
     [xpack.infra.enabled]=$XPACK_INFRA
     [xpack.monitoring.enabled]=$XPACK_MONITORING
     [console.enabled]=$XPACK_DEVTOOLS
@@ -29,7 +28,6 @@ xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
 xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
 xpack.ml.enabled: $XPACK_ML
 xpack.canvas.enabled: $XPACK_CANVAS
-xpack.logstash.enabled: $XPACK_LOGS
 xpack.infra.enabled: $XPACK_INFRA
 xpack.monitoring.enabled: $XPACK_MONITORING
 console.enabled: $XPACK_DEVTOOLS

wazuh/Dockerfile

@@ -1,12 +1,14 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM phusion/baseimage:latest
-ARG FILEBEAT_VERSION=7.1.0
-ARG WAZUH_VERSION=3.9.1-1
+
+ARG FILEBEAT_VERSION=7.1.1
+
+ARG WAZUH_VERSION=3.9.2-1
 
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ENV TEMPLATE_VERSION="v3.9.1"
+ARG TEMPLATE_VERSION="v3.9.2"
 
 # Set repositories.
 RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
@@ -18,8 +20,8 @@ RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /
 
 RUN add-apt-repository universe && apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
    apt-get --no-install-recommends --no-install-suggests -y install openssl postfix bsd-mailx python-boto python-pip  \
-   apt-transport-https vim expect nodejs python-cryptography mailutils libsasl2-modules wazuh-manager \
-   wazuh-api && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && rm -f \
+   apt-transport-https vim expect nodejs python-cryptography mailutils libsasl2-modules wazuh-manager=${WAZUH_VERSION} \
+   wazuh-api=${WAZUH_VERSION} && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && rm -f \
    /var/ossec/logs/alerts/*/*/*.log && rm -f /var/ossec/logs/alerts/*/*/*.json && rm -f \
    /var/ossec/logs/archives/*/*/*.log && rm -f /var/ossec/logs/archives/*/*/*.json && rm -f \
    /var/ossec/logs/firewall/*/*/*.log && rm -f /var/ossec/logs/firewall/*/*/*.json
@@ -30,6 +32,7 @@ COPY config/init.bash /init.bash
 RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
 COPY config/00-wazuh.sh /entrypoint-scripts/00-wazuh.sh
+COPY config/01-config_filebeat.sh /entrypoint-scripts/01-config_filebeat.sh
 
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 RUN chmod 755 /init.bash && \
@@ -38,10 +41,11 @@ RUN chmod 755 /init.bash && \
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
    chmod 755 /entrypoint.sh && \
-   chmod 755 /entrypoint-scripts/00-wazuh.sh 
+   chmod 755 /entrypoint-scripts/00-wazuh.sh && \
+   chmod 755 /entrypoint-scripts/01-config_filebeat.sh
 
 COPY config/filebeat.yml /etc/filebeat/
-RUN chmod go-w /etc/filebeat/filebeat.yml 
+RUN chmod go-w /etc/filebeat/filebeat.yml
 
 # Setting volumes
 VOLUME ["/var/ossec/data"]
@@ -73,5 +77,4 @@ ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/e
 RUN chmod go-w /etc/filebeat/wazuh-template.json 
 
 # Run all services
-ENTRYPOINT ["/entrypoint.sh"]
-
+ENTRYPOINT ["/entrypoint.sh"]

wazuh/config/01-config_filebeat.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+set -e
+
+# Modify the output to Elasticsearch if th ELASTICSEARCH_URL is set
+if [ "$ELASTICSEARCH_URL" != "" ]; then
+  >&2 echo "Customize Elasticsearch ouput IP."
+  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_URL'|g' /etc/filebeat/filebeat.yml
+fi