update to v4.2.5

Former-commit-id: 02f024ef9a
Update Wazuh version to v4.2.4 (#542 )
2025-10-23 04:51:57 +00:00 · 2021-11-23 13:08:33 +01:00 · 2021-11-08 17:34:13 +01:00 · 2021-09-24 09:45:11 +02:00 · 2021-09-16 20:20:22 +02:00 · 2021-04-22 20:28:44 +02:00
4 changed files with 66 additions and 58 deletions
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -2,8 +2,8 @@
 FROM waystonesystems/baseimage-centos:0.2.0

 # Arguments
-ARG FILEBEAT_VERSION=7.9.1
-ARG WAZUH_VERSION=4.0.1-1
+ARG FILEBEAT_VERSION=7.10.2
+ARG WAZUH_VERSION=4.2.5-1

 # Environment variables
 ENV API_USER="foo" \
@@ -17,13 +17,13 @@ RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
 RUN echo $'[wazuh] \n\
 gpgcheck=1\n\
 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\n\
-gpgcheck=0\n\
 enabled=1\n\
 name=Wazuh repository\n\
 baseurl=https://packages.wazuh.com/4.x/yum/\n\
 protect=1\n'\
 >> /etc/yum.repos.d/wazuh.repo

+
 # Install packages
 RUN set -x && \
    curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \
@@ -41,7 +41,7 @@ RUN set -x && \
    rm -f /var/ossec/logs/firewall/*/*/* && \
    rm -f /var/ossec/logs/api/*/*/* && \
    rm -f /var/ossec/logs/cluster/*/*/* && \
-    rm -f /var/ossec/logs/ossec/*/*/* && \
+    rm -f /var/ossec/logs/wazuh/*/*/* && \
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
    rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
    sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
@@ -121,4 +121,4 @@ ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/e
 RUN chmod go-w /etc/filebeat/wazuh-template.json 

 # Run all services
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
--- a/wazuh/config/01-wazuh.sh
+++ b/wazuh/config/01-wazuh.sh
@@ -35,42 +35,54 @@ exec_cmd_stdout() {
 ##############################################################################
 # Check_update
 # This function considers the following cases:
-# - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
-# - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5.
-# - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one.
-# - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version.
+# - If /var/ossec/etc/VERSION does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
+# - If different Wazuh version -> Action: Update. The previous version is older than the current one.
+# - If the same Wazuh version -> Acton: Nothing. Same Wazuh version.
 ##############################################################################

 check_update() {
-  if [ -e /var/ossec/etc/ossec-init.conf ]
+  if [ -e /var/ossec/etc/VERSION ]
  then
-    if [ -e /var/ossec/etc/VERSION ]
+    previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
+    echo "Previous version: $previous_version"
+    current_version=$(/var/ossec/bin/wazuh-control -j info | jq .data[0].WAZUH_VERSION | cut -d'"' -f2)
+    echo "Current version: $current_version"
+    if [ $previous_version == $current_version ]
    then
-      previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
-      echo "Previous version: $previous_version"
-      current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2)
-      echo "Current version: $current_version"
-      if [ $previous_version == $current_version ]
-      then
-        echo "Same Wazuh version in the EBS and image"
-        return 0
-      else
-        echo "Different Wazuh version: Update"
-        mayor_previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2 | cut -d'.' -f1)
-        if [[ ${mayor_previous_version} == "v3" ]]; then
-          echo "Remove Wazuh API deprecated files"
-          rm -rf "${WAZUH_INSTALL_PATH}/api/configuration/auth"
-          rm "${WAZUH_INSTALL_PATH}/api/configuration/config.js"
-          rm "${WAZUH_INSTALL_PATH}/api/configuration/preloaded_vars.conf"
-          echo "Load new API configuration"
-          exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/api/configuration/. /var/ossec/api/configuration"
-          echo "Remove Wazuh agent-info queue"
-          rm -rf "${WAZUH_INSTALL_PATH}/queue/agent-info"
-        fi
-        return 1
-      fi
+      echo "Same Wazuh version in the EBS and image"
+      return 0
    else
-      echo "Previous version prior to 3.11.5: Update"
+      echo "Different Wazuh version: Update"
+      if [ $previous_version == "v4.1.5" ]
+      then
+        echo "Remove simbolic link from ossec-init.conf"
+        unlink /var/ossec/etc/ossec-init.conf
+        echo "Change /var/ossec/queue/ossec path to /var/ossec/queue/sockets"
+        mkdir /var/ossec/queue/sockets
+        chown ossec:ossec /var/ossec/queue/sockets
+        chmod 770 /var/ossec/queue/sockets
+        exec_cmd "cp -ra /var/ossec/queue/ossec/. /var/ossec/queue/sockets/"
+        rm -rf /var/ossec/queue/ossec
+
+        echo "Change /var/ossec/logs/ossec path to /var/ossec/logs/wazuh"
+        mkdir /var/ossec/logs/wazuh
+        chown ossec:ossec /var/ossec/logs/wazuh
+        chmod 750 /var/ossec/logs/wazuh
+        exec_cmd "cp -ra /var/ossec/logs/ossec/. /var/ossec/logs/wazuh/"
+        rm -rf /var/ossec/logs/ossec
+
+        echo "Restore logcollector queue dir"
+        mkdir /var/ossec/queue/logcollector
+        chown ossec:ossec /var/ossec/queue/logcollector
+        chmod 750 /var/ossec/queue/logcollector
+        exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/queue/logcollector/. /var/ossec/queue/logcollector"
+
+        echo "Restore syscollector queue dir"
+        mkdir /var/ossec/queue/syscollector
+        chown ossec:ossec /var/ossec/queue/syscollector
+        chmod 750 /var/ossec/queue/syscollector
+        exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/queue/syscollector/. /var/ossec/queue/syscollector"
+      fi
      return 1
    fi
  else
@@ -150,7 +162,7 @@ remove_data_files() {
 ##############################################################################

 create_ossec_key_cert() {
-  print "Creating ossec-authd key and cert"
+  print "Creating wazuh-authd key and cert"
  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
 }
@@ -180,7 +192,7 @@ mount_files() {
 ##############################################################################

 function ossec_shutdown(){
-  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
+  ${WAZUH_INSTALL_PATH}/bin/wazuh-control stop;
 }

 ##############################################################################
@@ -188,7 +200,7 @@ function ossec_shutdown(){
 # paths or commands, and execute them. 
 #
 # This can be useful for actions that need to be run before the services are
-# started, such as "/var/ossec/bin/ossec-control enable agentless".
+# started, such as "/var/ossec/bin/wazuh-control enable agentless".
 ##############################################################################

 docker_custom_args() {
@@ -280,7 +292,7 @@ main() {
    echo "Keeping databases"
  fi

-  # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
+  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
  if [ $AUTO_ENROLLMENT_ENABLED == true ]
  then
    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
--- a/wazuh/config/85-save_wazuh_version.sh
+++ b/wazuh/config/85-save_wazuh_version.sh
@@ -3,4 +3,4 @@

 # Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod.
 echo "Adding Wazuh version to /var/ossec/etc/VERSION"
-cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION
+/var/ossec/bin/wazuh-control info > /var/ossec/etc/VERSION
--- a/wazuh/config/permanent_data.env
+++ b/wazuh/config/permanent_data.env
@@ -16,31 +16,27 @@ export PERMANENT_DATA

 # Files mounted in a volume that should not be permanent
 i=0
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/api/configuration/ssl/server.crt"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/api/configuration/ssl/server.key"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -63,8 +59,8 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
 export PERMANENT_DATA_EXCP
Author	SHA1	Message	Date
AlfonsoRBJ	84de38624c	update to v4.2.5 Former-commit-id: `02f024ef9a`	2021-11-23 13:08:33 +01:00
AlfonsoRBJ	5b4e9dc38f	Update Wazuh version to v4.2.4 (#542 ) Former-commit-id: `6bdf2c55b7`	2021-11-08 17:34:13 +01:00
AlfonsoRBJ	848f512a60	Add utils.py to files mounted that should not be permanent (#520 ) Former-commit-id: `9e168906b0`	2021-09-24 09:45:11 +02:00
AlfonsoRBJ	741b530585	Adapt cloud to v4.2.1 (#488 ) Former-commit-id: `dd797edf51`	2021-09-16 20:20:22 +02:00
AlfonsoRBJ	68547952ec	Merge branch 'cloud-0.81' into cloud-0.91 Former-commit-id: `eb8f49aa30`	2021-04-22 20:28:44 +02:00
AlfonsoRBJ	aeafdf83f9	update to wazuh 4.1.5 (#471 ) Former-commit-id: `cb1cdcca9f`	2021-04-22 19:45:05 +02:00
AlfonsoRBJ	d29584ab18	Update Filebeat to 7.10.2 (#460 ) Former-commit-id: `eaf648a232`	2021-04-14 09:53:03 +02:00
AlfonsoRBJ	10d87cc223	Update Wazuh to v4.1.4 (#458 ) Former-commit-id: `327d7ed854`	2021-03-31 10:13:54 +02:00
AlfonsoRBJ	a42a818d88	Adap to wazuh 4.1.2 (#454 ) Former-commit-id: `19ed9666b9`	2021-03-25 15:47:01 +01:00
AlfonsoRBJ	40d15ec6f8	Merge branch 'cloud-0.61' into cloud-0.70 Former-commit-id: `1746edb2e1`	2021-02-27 10:11:08 +01:00
AlfonsoRBJ	c6225fa8f0	Update Filebeat version to 7.10.0 (#434 ) Former-commit-id: `6fdb7c8dc6`	2021-02-03 11:37:39 +01:00
Franco Giovanolli	87580a2edc	Merge pull request #429 from wazuh/cloud-0.60 Update to Wazuh 4.0.4 Former-commit-id: `c95f0153c9`	2021-01-15 09:22:49 -03:00
Franco Giovanolli	f0590349d0	Merge branch 'cloud-0.70' into cloud-0.60 Former-commit-id: `b890282ecd`	2021-01-15 09:20:01 -03:00
AlfonsoRBJ	13ba5ee731	Update to wazuh 4.0.4 (#428 ) Former-commit-id: `e58c2b25d8`	2021-01-14 17:22:43 +01:00
Mayte Ariza	244eb2500a	Update wazuh version to 4.0.3 + block remote commands (#425 ) Former-commit-id: `c8536efd43`	2021-01-04 12:46:41 +01:00
AlfonsoRBJ	d23cee6898	update wazuh version to 4.0.3 (#417 ) Former-commit-id: `b0187c24d4`	2020-12-14 16:01:54 +01:00