Add versioning for Manager and API

* Including protocol and port in the LOGSTASH_OUTPUT env var.

CHANGELOG.md

@@ -1,6 +1,53 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v3.9.1_6.8.0
+
+### Added
+
+- Update to Wazuh version 3.9.1_6.8.0 ([#181](https://github.com/wazuh/wazuh-docker/pull/181))
+
+### Fixed
+
+- Fixed `ELASTICSEARCH_KIBANA_IP` environment variable ([@manuasir](https://github.com/manuasir)) ([#181](https://github.com/wazuh/wazuh-docker/pull/181))
+
+## Wazuh Docker v3.9.0_6.7.2
+
+### Changed
+
+- Update Elastic Stack version to 6.7.2.
+
+## Wazuh Docker v3.9.0_6.7.1
+
+### Added
+
+- Support for xPACK authorized requests ([@manuasir](https://github.com/manuasir)) ([#119](https://github.com/wazuh/wazuh-docker/pull/119))
+- Add Elasticsearch cluster configuration ([@SitoRBJ](https://github.com/SitoRBJ)). ([#146](https://github.com/wazuh/wazuh-docker/pull/146))
+- Add Elasticsearch cluster configuration ([@Phandora](https://github.com/Phandora)) ([#140](https://github.com/wazuh/wazuh-docker/pull/140))
+- Setting Nginx to support several user/passwords in Kibana ([@toniMR](https://github.com/toniMR)) ([#136](https://github.com/wazuh/wazuh-docker/pull/136))
+
+
+### Changed
+
+- Use LS_JAVA_OPTS instead of old LS_HEAP_SIZE ([@ruffy91](https://github.com/ruffy91)) ([#139](https://github.com/wazuh/wazuh-docker/pull/139))
+- Changing the original Wazuh docker image to allow adding code in the entrypoint ([@Phandora](https://github.com/phandora)) ([#151](https://github.com/wazuh/wazuh-docker/pull/151))
+
+### Removed
+
+- Removing files from Wazuh image ([@Phandora](https://github.com/phandora)) ([#153](https://github.com/wazuh/wazuh-docker/pull/153))
+
+## Wazuh Docker v3.8.2_6.7.0
+
+### Changed
+
+- Update Elastic Stack version to 6.7.0. ([#144](https://github.com/wazuh/wazuh-docker/pull/144))
+
+## Wazuh Docker v3.8.2_6.6.2
+
+### Changed
+
+- Update Elastic Stack version to 6.6.2. ([#130](https://github.com/wazuh/wazuh-docker/pull/130))
+
 ## Wazuh Docker v3.8.2_6.6.1
 
 ### Changed

README.md

@@ -15,6 +15,8 @@ In this repository you will find the containers to run:
 
 In addition, a docker-compose file is provided to launch the containers mentioned above. 
 
+* Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
+
 ## Documentation
 
 * [Wazuh full documentation](http://documentation.wazuh.com)
@@ -61,7 +63,7 @@ In addition, a docker-compose file is provided to launch the containers mentione
 
 * `stable` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version_ElasticStack.Version` (for example 3.8.2_6.6.1) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `Wazuh.Version_ElasticStack.Version` (for example 3.9.1_6.8.2) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
 
 ## Credits and Thank you
 

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.8.2_6.6.1"
-REVISION="3802"
+WAZUH-DOCKER_VERSION="3.9.1_6.8.0"
+REVISION="3901"

docker-compose.yml

@@ -3,7 +3,7 @@ version: '2'
 
 services:
   wazuh:
-    image: wazuh/wazuh:3.8.2_6.6.1
+    image: wazuh/wazuh:3.9.1_6.8.0
     hostname: wazuh-manager
     restart: always
     ports:
@@ -14,7 +14,7 @@ services:
     depends_on:
       - logstash
   logstash:
-    image: wazuh/wazuh-logstash:3.8.2_6.6.1
+    image: wazuh/wazuh-logstash:3.9.1_6.8.0
     hostname: logstash
     restart: always
     links:
@@ -26,7 +26,7 @@ services:
     environment:
       - LS_HEAP_SIZE=2048m
   elasticsearch:
-    image: wazuh/wazuh-elasticsearch:3.8.2_6.6.1
+    image: wazuh/wazuh-elasticsearch:3.9.1_6.8.0
     hostname: elasticsearch
     restart: always
     ports:
@@ -43,7 +43,7 @@ services:
         hard: -1
     mem_limit: 2g
   kibana:
-    image: wazuh/wazuh-kibana:3.8.2_6.6.1
+    image: wazuh/wazuh-kibana:3.9.1_6.8.0
     hostname: kibana
     restart: always
     depends_on:
@@ -52,7 +52,7 @@ services:
       - elasticsearch:elasticsearch
       - wazuh:wazuh
   nginx:
-    image: wazuh/wazuh-nginx:3.8.2_6.6.1
+    image: wazuh/wazuh-nginx:3.9.1_6.8.0
     hostname: nginx
     restart: always
     environment:

elasticsearch/Dockerfile

@@ -1,5 +1,7 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/elasticsearch/elasticsearch:6.6.1
+FROM docker.elastic.co/elasticsearch/elasticsearch:6.8.0
+
+ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 
 ENV ALERTS_SHARDS="1" \
     ALERTS_REPLICAS="0"
@@ -11,9 +13,23 @@ ENV XPACK_ML="true"
 
 ENV ENABLE_CONFIGURE_S3="false"
 
-ENV TEMPLATE_VERSION=v3.8.2
+ENV TEMPLATE_VERSION=v3.9.1
 
-ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/elasticsearch/config
+# Elasticearch cluster configuration environment variables
+# If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
+ENV ELASTIC_CLUSTER="false" \
+    CLUSTER_NAME="wazuh" \
+    CLUSTER_NODE_MASTER="true" \
+    CLUSTER_NODE_DATA="true" \
+    CLUSTER_NODE_INGEST="true" \
+    CLUSTER_NODE_NAME="wazuh-elasticsearch" \
+    CLUSTER_MEMORY_LOCK="true" \
+    CLUSTER_DISCOVERY_SERVICE="wazuh-elasticsearch" \
+    CLUSTER_NUMBER_OF_MASTERS="2" \
+    CLUSTER_MAX_NODES="1" \
+    CLUSTER_DELAYED_TIMEOUT="1m"
+
+ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/6.x/wazuh-template.json /usr/share/elasticsearch/config
 
 COPY config/entrypoint.sh /entrypoint.sh
 
@@ -23,10 +39,13 @@ COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
 
 RUN chmod +x ./load_settings.sh
 
-RUN elasticsearch-plugin install --batch repository-s3
+RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-6.8.0.zip
 
 COPY config/configure_s3.sh ./config/configure_s3.sh
 RUN chmod 755 ./config/configure_s3.sh
 
+COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./
+RUN chmod +x ./config_cluster.sh
+
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["elasticsearch"]

elasticsearch/config/config_cluster.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
+
+
+# If Elasticsearch cluster is enable
+if [[ $ELASTIC_CLUSTER == "true" ]]
+then
+  
+  # Set the cluster.name and discovery.zen.minimun_master_nodes variables
+  sed -i 's:cluster.name\: "docker-cluster":cluster.name\: "'$CLUSTER_NAME'":g' $elastic_config_file
+  sed -i 's:discovery.zen.minimum_master_nodes\: 1:discovery.zen.minimum_master_nodes\: '$CLUSTER_NUMBER_OF_MASTERS':g' $elastic_config_file
+
+  # Add the cluster configuration
+  echo "
+#cluster node
+node:
+  master: ${CLUSTER_NODE_MASTER}
+  data: ${CLUSTER_NODE_DATA}
+  ingest: ${CLUSTER_NODE_INGEST}
+  name: ${CLUSTER_NODE_NAME}
+  max_local_storage_nodes: ${CLUSTER_MAX_NODES}
+
+bootstrap:
+  memory_lock: ${CLUSTER_MEMORY_LOCK}
+
+discovery:
+  zen:
+    ping.unicast.hosts: ${CLUSTER_DISCOVERY_SERVICE}
+  
+" >> $elastic_config_file
+fi

elasticsearch/config/entrypoint.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
-# For more information https://github.com/elastic/elasticsearch-docker/blob/6.5.4/build/elasticsearch/bin/docker-entrypoint.sh
+# For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.0/build/elasticsearch/bin/docker-entrypoint.sh
 
 set -e
 
@@ -43,6 +43,8 @@ fi
 
 # Run load settings script.
 
+./config_cluster.sh
+
 ./load_settings.sh &
 
 # Execute elasticsearch

elasticsearch/config/load_settings.sh

@@ -3,11 +3,7 @@
 
 set -e
 
-if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
-  el_url="http://elasticsearch:9200"
-else
-  el_url="${ELASTICSEARCH_URL}"
-fi
+el_url=${ELASTICSEARCH_URL}
 
 if [ "x${WAZUH_API_URL}" = "x" ]; then
   wazuh_url="https://wazuh"
@@ -15,8 +11,13 @@ else
   wazuh_url="${WAZUH_API_URL}"
 fi
 
+if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+  auth=""
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+fi
 
-until curl -XGET $el_url; do
+until curl ${auth} -XGET $el_url; do
   >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done
@@ -44,9 +45,9 @@ fi
 
 #Insert default templates
 
-sed -i 's|    "index.refresh_interval": "5s"|    "index.refresh_interval": "5s",    "number_of_shards" :   '"${ALERTS_SHARDS}"',    "number_of_replicas" : '"${ALERTS_REPLICAS}"'|' /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json
+sed -i 's|    "index.refresh_interval": "5s"|    "index.refresh_interval": "5s",    "number_of_shards" :   '"${ALERTS_SHARDS}"',    "number_of_replicas" : '"${ALERTS_REPLICAS}"'|' /usr/share/elasticsearch/config/wazuh-template.json
 
-cat /usr/share/elasticsearch/config/wazuh-elastic6-template-alerts.json | curl -XPUT "$el_url/_template/wazuh" -H 'Content-Type: application/json' -d @-
+cat /usr/share/elasticsearch/config/wazuh-template.json | curl -XPUT "$el_url/_template/wazuh" ${auth} -H 'Content-Type: application/json' -d @-
 sleep 5
 
 
@@ -55,9 +56,9 @@ API_USER_Q=`echo "$API_USER" | tr -d '"'`
 API_PASSWORD=`echo -n $API_PASS_Q | base64`
 
 echo "Setting API credentials into Wazuh APP"
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013)
+CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/wazuh-configuration/1513629884013 ${auth})
 if [ "x$CONFIG_CODE" = "x404" ]; then
-  curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
+  curl -s -XPOST $el_url/.wazuh/wazuh-configuration/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
   {
     "api_user": "'"$API_USER_Q"'",
     "api_password": "'"$API_PASSWORD"'",
@@ -86,7 +87,7 @@ else
 fi
 sleep 5
 
-curl -XPUT "$el_url/_cluster/settings" -H 'Content-Type: application/json' -d'
+curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
 {
   "persistent": {
     "xpack.monitoring.collection.enabled": true
@@ -94,5 +95,14 @@ curl -XPUT "$el_url/_cluster/settings" -H 'Content-Type: application/json' -d'
 }
 '
 
+# Set cluster delayed timeout when node falls
+curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
+{
+  "settings": {
+    "index.unassigned.node_left.delayed_timeout": "'"$CLUSTER_DELAYED_TIMEOUT"'"
+  }
+}
+'
+
 
 echo "Elasticsearch is ready."

kibana/Dockerfile

@@ -1,16 +1,16 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:6.6.1
-ARG WAZUH_APP_VERSION=3.8.2_6.6.1
+FROM docker.elastic.co/kibana/kibana:6.8.0
+ARG WAZUH_APP_VERSION=3.9.1_6.8.0
 USER root
 
-ADD https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
+ADD https://packages-dev.wazuh.com/pre-release/app/kibana/wazuhapp-3.9.1_6.8.0.zip /tmp
 
-RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip &&\
+RUN NODE_OPTIONS="--max-old-space-size=3072" /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-3.9.1_6.8.0.zip &&\
     chown -R kibana:kibana /usr/share/kibana &&\
     rm -rf /tmp/*
 
-COPY config/entrypoint.sh /entrypoint.sh
-RUN chmod 755 /entrypoint.sh
+COPY config/entrypoint.sh ./entrypoint.sh
+RUN chmod 755 ./entrypoint.sh
 
 USER kibana
 
@@ -73,4 +73,4 @@ RUN ./welcome_wazuh.sh
 
 RUN /usr/local/bin/kibana-docker --optimize
 
-ENTRYPOINT /entrypoint.sh
+ENTRYPOINT ./entrypoint.sh

kibana/config/entrypoint.sh

@@ -13,8 +13,14 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
-until curl -XGET $el_url; do
-  >&2 echo "Elastic is unavailable - sleeping."
+if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+  auth=""
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+fi
+
+until curl -XGET $el_url ${auth}; do
+  >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done
 

kibana/config/kibana_settings.sh

@@ -19,7 +19,8 @@ WAZUH_MAJOR=3
 # Customize elasticsearch ip
 ##############################################################################
 if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
-  sed -i "s/elasticsearch:9200/$ELASTICSEARCH_KIBANA_IP:9200/" /usr/share/kibana/config/kibana.yml
+  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
+
 fi
 
 if [ "$KIBANA_IP" != "" ]; then

logstash/Dockerfile

@@ -1,5 +1,5 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/logstash/logstash:6.6.1
+FROM docker.elastic.co/logstash/logstash:6.8.0
 
 COPY --chown=logstash:logstash config/entrypoint.sh /entrypoint.sh
 

logstash/config/entrypoint.sh

@@ -17,6 +17,16 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
+##############################################################################
+# Customize logstash output ip
+##############################################################################
+
+if [ "$LOGSTASH_OUTPUT" != "" ]; then
+  >&2 echo "Customize Logstash ouput ip."
+  sed -i 's|elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/pipeline/01-wazuh.conf
+  sed -i 's|http://elasticsearch:9200|'$LOGSTASH_OUTPUT'|g' /usr/share/logstash/config/logstash.yml 
+fi
+
 until curl -XGET $el_url; do
   >&2 echo "Elastic is unavailable - sleeping."
   sleep 5
@@ -44,16 +54,6 @@ sleep 2
 
 >&2 echo "Wazuh alerts template is loaded."
 
-##############################################################################
-# Customize logstash output ip
-##############################################################################
-
-if [ "$LOGSTASH_OUTPUT" != "" ]; then
-  >&2 echo "Customize Logstash ouput ip."
-  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/pipeline/01-wazuh.conf
-  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/config/logstash.yml 
-fi
-
 ##############################################################################
 # Map environment variables to entries in logstash.yml.
 # Note that this will mutate logstash.yml in place if any such settings are found.

wazuh/Dockerfile

@@ -1,7 +1,7 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM phusion/baseimage:latest
-ARG FILEBEAT_VERSION=6.6.1
-ARG WAZUH_VERSION=3.8.2-1
+ARG FILEBEAT_VERSION=6.8.0
+ARG WAZUH_VERSION=3.9.1-1
 
 ENV API_USER="foo" \
     API_PASS="bar"
@@ -18,12 +18,16 @@ RUN add-apt-repository universe && apt-get update && apt-get upgrade -y -o Dpkg:
    apt-get --no-install-recommends --no-install-suggests -y install openssl postfix bsd-mailx python-boto python-pip  \
    apt-transport-https vim expect nodejs python-cryptography mailutils libsasl2-modules wazuh-manager=${WAZUH_VERSION} \
    wazuh-api=${WAZUH_VERSION} && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && rm -f \
-   /var/ossec/logs/alerts/*/*/*.log && rm -f /var/ossec/logs/alerts/*/*/*.json
+   /var/ossec/logs/alerts/*/*/*.log && rm -f /var/ossec/logs/alerts/*/*/*.json && rm -f \
+   /var/ossec/logs/archives/*/*/*.log && rm -f /var/ossec/logs/archives/*/*/*.json && rm -f \
+   /var/ossec/logs/firewall/*/*/*.log && rm -f /var/ossec/logs/firewall/*/*/*.json
 
 # Adding first run script and entrypoint
 COPY config/data_dirs.env /data_dirs.env
 COPY config/init.bash /init.bash
+RUN mkdir /entrypoint-scripts
 COPY config/entrypoint.sh /entrypoint.sh
+COPY config/00-wazuh.sh /entrypoint-scripts/00-wazuh.sh
 
 # Sync calls are due to https://github.com/docker/docker/issues/9547
 RUN chmod 755 /init.bash && \
@@ -31,7 +35,8 @@ RUN chmod 755 /init.bash && \
     sync && rm /init.bash && \
     curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
     dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
-    chmod 755 /entrypoint.sh
+    chmod 755 /entrypoint.sh && \
+    chmod 755 /entrypoint-scripts/00-wazuh.sh 
 
 COPY config/filebeat.yml /etc/filebeat/
 RUN chmod go-w /etc/filebeat/filebeat.yml 

wazuh/config/00-wazuh.sh

@@ -0,0 +1,151 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+#
+# OSSEC container bootstrap. See the README for information of the environment
+# variables expected by this script.
+#
+
+#
+
+#
+# Startup the services
+#
+
+source /data_dirs.env
+
+FIRST_TIME_INSTALLATION=false
+
+WAZUH_INSTALL_PATH=/var/ossec
+DATA_PATH=${WAZUH_INSTALL_PATH}/data
+
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount
+
+print() {
+    echo -e $1
+}
+
+error_and_exit() {
+    echo "Error executing command: '$1'."
+    echo 'Exiting.'
+    exit 1
+}
+
+exec_cmd() {
+    eval $1 > /dev/null 2>&1 || error_and_exit "$1"
+}
+
+exec_cmd_stdout() {
+    eval $1 2>&1 || error_and_exit "$1"
+}
+
+edit_configuration() { # $1 -> setting,  $2 -> value
+    sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
+}
+
+for ossecdir in "${DATA_DIRS[@]}"; do
+  if [ ! -e "${DATA_PATH}/${ossecdir}" ]
+  then
+    print "Installing ${ossecdir}"
+    exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})"
+    exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}"
+    FIRST_TIME_INSTALLATION=true
+  fi
+done
+
+if [  -e ${WAZUH_INSTALL_PATH}/etc-template  ]
+then
+    cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf
+fi
+rm /var/ossec/queue/db/.template.db
+
+touch ${DATA_PATH}/process_list
+chgrp ossec ${DATA_PATH}/process_list
+chmod g+rw ${DATA_PATH}/process_list
+
+AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
+API_GENERATE_CERTS=${API_GENERATE_CERTS:-true}
+
+if [ $FIRST_TIME_INSTALLATION == true ]
+then
+  if [ $AUTO_ENROLLMENT_ENABLED == true ]
+  then
+    if [ ! -e ${DATA_PATH}/etc/sslmanager.key ]
+    then
+      print "Creating ossec-authd key and cert"
+      exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096"
+      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
+    fi
+  fi
+  if [ $API_GENERATE_CERTS == true ]
+  then
+    if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ]
+    then
+      print "Enabling Wazuh API HTTPS"
+      edit_configuration "https" "yes"
+      print "Create Wazuh API key and cert"
+      exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096"
+      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/"
+    fi
+  fi
+fi
+
+##############################################################################
+# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect
+# destination files permissions
+#
+# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
+# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
+# replace the ossec.conf file in /var/ossec/data/etc with yours.
+##############################################################################
+if [ -e "$WAZUH_CONFIG_MOUNT" ]
+then
+  print "Identified Wazuh configuration files to mount..."
+
+  exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH"
+else
+  print "No Wazuh configuration files to mount..."
+fi
+
+function ossec_shutdown(){
+  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
+}
+
+# Trap exit signals and do a proper shutdown
+trap "ossec_shutdown; exit" SIGINT SIGTERM
+
+chmod -R g+rw ${DATA_PATH}
+
+##############################################################################
+# Interpret any passed arguments (via docker command to this entrypoint) as
+# paths or commands, and execute them.
+#
+# This can be useful for actions that need to be run before the services are
+# started, such as "/var/ossec/bin/ossec-control enable agentless".
+##############################################################################
+for CUSTOM_COMMAND in "$@"
+do
+  echo "Executing command \`${CUSTOM_COMMAND}\`"
+  exec_cmd_stdout "${CUSTOM_COMMAND}"
+done
+
+##############################################################################
+# Change Wazuh API user credentials.
+##############################################################################
+
+pushd /var/ossec/api/configuration/auth/
+
+echo "Change Wazuh API user credentials"
+change_user="node htpasswd -b -c user $API_USER $API_PASS"
+eval $change_user
+
+popd
+
+
+##############################################################################
+# Customize filebeat output ip
+##############################################################################
+if [ "$FILEBEAT_OUTPUT" != "" ]; then
+  sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml
+fi
+

wazuh/config/entrypoint.sh

@@ -1,154 +1,12 @@
 #!/bin/bash
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
-#
-# OSSEC container bootstrap. See the README for information of the environment
-# variables expected by this script.
-#
+# It will run every .sh script located in entrypoint-scripts folder in lexicographical order
+for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
+  bash "$script"
 
-#
-
-#
-# Startup the services
-#
-
-source /data_dirs.env
-
-FIRST_TIME_INSTALLATION=false
-
-WAZUH_INSTALL_PATH=/var/ossec
-DATA_PATH=${WAZUH_INSTALL_PATH}/data
-
-WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-
-print() {
-    echo -e $1
-}
-
-error_and_exit() {
-    echo "Error executing command: '$1'."
-    echo 'Exiting.'
-    exit 1
-}
-
-exec_cmd() {
-    eval $1 > /dev/null 2>&1 || error_and_exit "$1"
-}
-
-exec_cmd_stdout() {
-    eval $1 2>&1 || error_and_exit "$1"
-}
-
-edit_configuration() { # $1 -> setting,  $2 -> value
-    sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
-}
-
-for ossecdir in "${DATA_DIRS[@]}"; do
-  if [ ! -e "${DATA_PATH}/${ossecdir}" ]
-  then
-    print "Installing ${ossecdir}"
-    exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})"
-    exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}"
-    FIRST_TIME_INSTALLATION=true
-  fi
 done
 
-if [  -e ${WAZUH_INSTALL_PATH}/etc-template  ]
-then
-    cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf
-fi
-rm /var/ossec/queue/db/.template.db
-
-touch ${DATA_PATH}/process_list
-chgrp ossec ${DATA_PATH}/process_list
-chmod g+rw ${DATA_PATH}/process_list
-
-AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
-API_GENERATE_CERTS=${API_GENERATE_CERTS:-true}
-
-if [ $FIRST_TIME_INSTALLATION == true ]
-then
-  if [ $AUTO_ENROLLMENT_ENABLED == true ]
-  then
-    if [ ! -e ${DATA_PATH}/etc/sslmanager.key ]
-    then
-      print "Creating ossec-authd key and cert"
-      exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096"
-      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
-    fi
-  fi
-  if [ $API_GENERATE_CERTS == true ]
-  then
-    if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ]
-    then
-      print "Enabling Wazuh API HTTPS"
-      edit_configuration "https" "yes"
-      print "Create Wazuh API key and cert"
-      exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096"
-      exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/"
-    fi
-  fi
-fi
-
-##############################################################################
-# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect
-# destination files permissions
-#
-# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
-# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
-# replace the ossec.conf file in /var/ossec/data/etc with yours.
-##############################################################################
-if [ -e "$WAZUH_CONFIG_MOUNT" ]
-then
-  print "Identified Wazuh configuration files to mount..."
-
-  exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH"
-else
-  print "No Wazuh configuration files to mount..."
-fi
-
-function ossec_shutdown(){
-  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
-}
-
-# Trap exit signals and do a proper shutdown
-trap "ossec_shutdown; exit" SIGINT SIGTERM
-
-chmod -R g+rw ${DATA_PATH}
-
-##############################################################################
-# Interpret any passed arguments (via docker command to this entrypoint) as
-# paths or commands, and execute them.
-#
-# This can be useful for actions that need to be run before the services are
-# started, such as "/var/ossec/bin/ossec-control enable agentless".
-##############################################################################
-for CUSTOM_COMMAND in "$@"
-do
-  echo "Executing command \`${CUSTOM_COMMAND}\`"
-  exec_cmd_stdout "${CUSTOM_COMMAND}"
-done
-
-##############################################################################
-# Change Wazuh API user credentials.
-##############################################################################
-
-pushd /var/ossec/api/configuration/auth/
-
-echo "Change Wazuh API user credentials"
-change_user="node htpasswd -b -c user $API_USER $API_PASS"
-eval $change_user
-
-popd
-
-
-##############################################################################
-# Customize filebeat output ip
-##############################################################################
-if [ "$FILEBEAT_OUTPUT" != "" ]; then
-  sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml
-fi
-
 ##############################################################################
 # Start Wazuh Server.
 ##############################################################################