mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-23 16:13:42 +00:00
Compare commits
20 Commits
cloud-v1.1
...
cloud-2.0.
| Author | SHA1 | Date | |
|---|---|---|---|
|
803f940d15 | ||
|
|
9300bd9542 | ||
|
|
2d78972166 | ||
|
|
fb09148e17 | ||
|
|
ea1501bff9 | ||
|
|
864dfc624f | ||
|
|
6f762ff04d | ||
|
|
a8b2c43dfc | ||
|
|
03fbcd8d99 | ||
|
|
93d686a0f5 | ||
|
b46c346ebe | ||
|
|
91675fecd1 | ||
|
83370eda56 | ||
|
8336d36509 | ||
|
|
2a2db1b8b3 | ||
|
68198a2138 | ||
|
7a2356f6ff | ||
|
|
c586c0cf88 | ||
|
|
f2ed432084 | ||
|
|
0bb118dce6 |
@@ -3,7 +3,7 @@ FROM waystonesystems/baseimage-centos:0.2.0
|
|||||||
|
|
||||||
# Arguments
|
# Arguments
|
||||||
ARG FILEBEAT_VERSION=7.10.2
|
ARG FILEBEAT_VERSION=7.10.2
|
||||||
ARG WAZUH_VERSION=4.3.6-1
|
ARG WAZUH_VERSION=4.7.2-0.debug
|
||||||
|
|
||||||
# Environment variables
|
# Environment variables
|
||||||
ENV API_USER="foo" \
|
ENV API_USER="foo" \
|
||||||
@@ -12,28 +12,19 @@ ENV API_USER="foo" \
|
|||||||
ARG TEMPLATE_VERSION="4.0"
|
ARG TEMPLATE_VERSION="4.0"
|
||||||
ENV FILEBEAT_DESTINATION="elasticsearch"
|
ENV FILEBEAT_DESTINATION="elasticsearch"
|
||||||
|
|
||||||
RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
|
|
||||||
|
|
||||||
RUN echo $'[wazuh] \n\
|
|
||||||
gpgcheck=1\n\
|
|
||||||
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\n\
|
|
||||||
enabled=1\n\
|
|
||||||
name=Wazuh repository\n\
|
|
||||||
baseurl=https://packages.wazuh.com/4.x/yum/\n\
|
|
||||||
protect=1\n'\
|
|
||||||
>> /etc/yum.repos.d/wazuh.repo
|
|
||||||
|
|
||||||
|
|
||||||
# Install packages
|
# Install packages
|
||||||
RUN set -x && \
|
RUN set -x && \
|
||||||
curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \
|
|
||||||
groupadd -g 1000 wazuh && \
|
groupadd -g 1000 wazuh && \
|
||||||
useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
|
useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
|
||||||
|
# Retrieve DEV package
|
||||||
|
#curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages-dev.wazuh.com/pre-release/yum/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||||
|
# Retrieve PROD package
|
||||||
|
curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages.wazuh.com/cloud/4.7.x/rpm/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||||
yum update -y && \
|
yum update -y && \
|
||||||
yum upgrade -y &&\
|
yum upgrade -y &&\
|
||||||
yum install -y openssl vim expect python-boto python-pip python-cryptography && \
|
yum install -y openssl vim expect python-boto python-pip python-cryptography postfix bsd-mailx mailx ca-certificates && \
|
||||||
yum install -y postfix bsd-mailx mailx ca-certificates && \
|
yum localinstall -y /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||||
yum install -y wazuh-manager-${WAZUH_VERSION} && \
|
rm -f /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||||
yum clean all && \
|
yum clean all && \
|
||||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
|
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
|
||||||
rm -f /var/ossec/logs/alerts/*/*/* && \
|
rm -f /var/ossec/logs/alerts/*/*/* && \
|
||||||
@@ -43,8 +34,7 @@ RUN set -x && \
|
|||||||
rm -f /var/ossec/logs/cluster/*/*/* && \
|
rm -f /var/ossec/logs/cluster/*/*/* && \
|
||||||
rm -f /var/ossec/logs/wazuh/*/*/* && \
|
rm -f /var/ossec/logs/wazuh/*/*/* && \
|
||||||
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
|
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
|
||||||
rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
|
rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm
|
||||||
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
|
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
RUN mkdir /etc/service/wazuh && \
|
RUN mkdir /etc/service/wazuh && \
|
||||||
@@ -73,9 +63,6 @@ RUN chmod 755 /permanent_data.sh && \
|
|||||||
sync && \
|
sync && \
|
||||||
rm /permanent_data.sh
|
rm /permanent_data.sh
|
||||||
|
|
||||||
# Expose ports
|
|
||||||
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
|
|
||||||
|
|
||||||
# Setting volumes
|
# Setting volumes
|
||||||
# Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
|
# Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
|
||||||
# to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
|
# to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
|
||||||
@@ -117,8 +104,12 @@ RUN chmod 755 /entrypoint.sh && \
|
|||||||
chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
|
chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
|
||||||
|
|
||||||
# Load wazuh alerts template.
|
# Load wazuh alerts template.
|
||||||
ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
|
#ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
|
||||||
RUN chmod go-w /etc/filebeat/wazuh-template.json
|
#RUN chmod go-w /etc/filebeat/wazuh-template.json
|
||||||
|
|
||||||
|
# Expose ports
|
||||||
|
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
|
||||||
|
|
||||||
# Run all services
|
# Run all services
|
||||||
ENTRYPOINT ["/entrypoint.sh"]
|
ENTRYPOINT ["/entrypoint.sh"]
|
||||||
|
|
||||||
|
|||||||
@@ -53,7 +53,8 @@ check_update() {
|
|||||||
return 0
|
return 0
|
||||||
else
|
else
|
||||||
echo "CHECK UPDATE - Different Wazuh version: Update"
|
echo "CHECK UPDATE - Different Wazuh version: Update"
|
||||||
if [ $previous_version == "v4.2.5" ]
|
wazuh_version_regex='v4.2.[0-9]'
|
||||||
|
if [[ "$previous_version" =~ $wazuh_version_regex ]]
|
||||||
then
|
then
|
||||||
echo "CHECK UPDATE - Change ossec user to wazuh user"
|
echo "CHECK UPDATE - Change ossec user to wazuh user"
|
||||||
ossec_group_files=$(find /var/ossec -group 1000)
|
ossec_group_files=$(find /var/ossec -group 1000)
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json"
|
|||||||
WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json"
|
WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json"
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from wazuh.rbac.orm import create_rbac_db
|
from wazuh.rbac.orm import check_database_integrity
|
||||||
from wazuh.security import (
|
from wazuh.security import (
|
||||||
create_user,
|
create_user,
|
||||||
get_users,
|
get_users,
|
||||||
@@ -44,7 +44,7 @@ if __name__ == "__main__":
|
|||||||
|
|
||||||
wui_password = read_wui_user_file()
|
wui_password = read_wui_user_file()
|
||||||
wazuh_password = read_wazuh_user_file()
|
wazuh_password = read_wazuh_user_file()
|
||||||
create_rbac_db()
|
check_database_integrity()
|
||||||
initial_users = db_users()
|
initial_users = db_users()
|
||||||
|
|
||||||
# set a random password for all other users (not wazuh-wui)
|
# set a random password for all other users (not wazuh-wui)
|
||||||
@@ -60,4 +60,4 @@ if __name__ == "__main__":
|
|||||||
str(id),
|
str(id),
|
||||||
],
|
],
|
||||||
password=custom_pass,
|
password=custom_pass,
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -22,6 +22,8 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
|
|||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
|
||||||
@@ -53,12 +55,17 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
|
|||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
|
||||||
@@ -73,4 +80,4 @@ PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*"
|
|||||||
PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
|
PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
|
||||||
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
|
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
|
||||||
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
|
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
|
||||||
export PERMANENT_DATA_DEL
|
export PERMANENT_DATA_DEL
|
||||||
Reference in New Issue
Block a user