remove outadated workaround (#352)

Former-commit-id: 2018a22381

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.10.2_7.3.2"
+WAZUH-DOCKER_VERSION="3.11.5_7.3.2"
-REVISION="31020"
+REVISION="31150"

kibana/Dockerfile

@@ -1,7 +1,7 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM docker.elastic.co/kibana/kibana:7.4.2
 ARG ELASTIC_VERSION=7.4.2
-ARG WAZUH_VERSION=3.11.4
+ARG WAZUH_VERSION=3.11.5
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 USER root

kibana/config/wazuhapp-3.11.4_7.4.2.zip.REMOVED.git-id

@@ -1 +0,0 @@
-a58d8e7a4edaa0b4aa7e5fa76e16e49f884faddf

kibana/config/wazuhapp-3.11.5_7.4.2.zip.REMOVED.git-id

@@ -0,0 +1 @@
+d3370881d16407941e250126bd331db13e7c8b63

wazuh/Dockerfile

@@ -2,14 +2,14 @@
 FROM phusion/baseimage:latest
 
 # Arguments
-ARG FILEBEAT_VERSION=7.4.2
+ARG FILEBEAT_VERSION=7.6.1
-ARG WAZUH_VERSION=3.11.4-1
+ARG WAZUH_VERSION=3.12.3-1
 
 # Environment variables
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ARG TEMPLATE_VERSION="v3.11.4"
+ARG TEMPLATE_VERSION="v3.12.3"
 ENV FILEBEAT_DESTINATION="elasticsearch"
 
 # Install packages
@@ -100,6 +100,7 @@ COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh
 COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh
 COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh
 COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh
+COPY config/85-save_wazuh_version.sh /entrypoint-scripts/85-save_wazuh_version.sh
 RUN chmod 755 /entrypoint.sh && \
     chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \
     chmod 755 /entrypoint-scripts/01-wazuh.sh && \
@@ -107,14 +108,8 @@ RUN chmod 755 /entrypoint.sh && \
     chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \
     chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \
     chmod 755 /entrypoint-scripts/25-backups.sh && \
-    chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh
+    chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh && \
-
+    chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
-# Workaround. 
-# Issues: Wazuh-api
-# https://github.com/wazuh/wazuh-api/issues/440  
-# https://github.com/wazuh/wazuh-api/issues/443
-COPY --chown=root:ossec config/agents.js /var/ossec/api/controllers/agents.js
-RUN chmod 770 /var/ossec/api/controllers/agents.js
 
 # Load wazuh alerts template.
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat

wazuh/config/01-wazuh.sh

@@ -32,6 +32,42 @@ exec_cmd_stdout() {
 }
 
 
+##############################################################################
+# Check_update
+# This function considers the following cases:
+# - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
+# - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5.
+# - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one.
+# - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version.
+##############################################################################
+
+check_update() {
+  if [ -e /var/ossec/etc/ossec-init.conf ]
+  then
+    if [ -e /var/ossec/etc/VERSION ]
+    then
+      previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
+      echo "Previous version: $previous_version"
+      current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2)
+      echo "Current version: $current_version"
+      if [ $previous_version == $current_version ]
+      then
+        echo "Same Wazuh version in the EBS and image"
+        return 0
+      else
+        echo "Different Wazuh version: Update"
+        return 1
+      fi
+    else
+      echo "Previous version prior to 3.11.5: Update"
+      return 1
+    fi
+  else
+    echo "First time mounting EBS"
+    return 0
+  fi
+}
+
 ##############################################################################
 # Edit configuration
 ##############################################################################
@@ -90,7 +126,7 @@ apply_exclusion_data() {
 
 remove_data_files() {
   for del_file in "${PERMANENT_DATA_DEL[@]}"; do
-    if [ -e ${del_file} ]
+    if [ $(ls ${del_file} 2> /dev/null | wc -l) -ne 0 ]
     then 
       print "Removing ${del_file}"
       exec_cmd "rm ${del_file}"
@@ -202,14 +238,25 @@ change_api_user_credentials() {
 ##############################################################################
 
 main() {
+
+  # Check Wazuh version in the image and EBS (It returns 1 when updating the environment)
+  check_update
+  update=$?
+
   # Mount permanent data  (i.e. ossec.conf)
   mount_permanent_data
 
   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
   apply_exclusion_data
 
-  # Remove some files in permanent_data (i.e. .template.db)
+  # When updating the environment, remove some files in permanent_data (i.e. .template.db)
+  if [ $update == 1 ]
+  then
+    echo "Removing databases"
     remove_data_files
+  else
+    echo "Keeping databases"
+  fi
 
   # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
   if [ $AUTO_ENROLLMENT_ENABLED == true ]

wazuh/config/85-save_wazuh_version.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+
+# Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod.
+echo "Adding Wazuh version to /var/ossec/etc/VERSION"
+cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION

wazuh/config/permanent_data.env

@@ -53,9 +53,18 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial-
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz"
 export PERMANENT_DATA_EXCP
 
-# Files mounted in a volume that should be deleted 
+# Files mounted in a volume that should be deleted when updating
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/global.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.profile.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.template.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
 export PERMANENT_DATA_DEL

wazuh/config/wazuh-manager_3.11.5-1_amd64.deb.REMOVED.git-id

@@ -0,0 +1 @@
+b4bbb79aca532ca4f5321a89f9dffae1f934bc6f