Merge pull request #407 from wazuh/release-wazuh_4.0.2

Release wazuh 4.0.2

.github/workflows/push.yml

@@ -9,6 +9,6 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v2
     - name: Build the docker-compose stack
-      run: docker-compose up -d --build
+      run: docker-compose -f build-from-sources.yml up -d --build
     - name: Check running containers
       run: docker ps -a

CHANGELOG.md

@@ -1,6 +1,20 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.0.2_1.11.0
+
+### Added
+
+- Update to Wazuh version 4.0.2
+
+## Wazuh Docker v4.0.1_1.11.0
+
+### Added
+
+- Update to Wazuh version 4.0.1
+- Opendistro 1.11.0 compatiblity
+- Re-enabled dumping ossec.log to stdout
+
 ## Wazuh Docker v4.0.0_1.10.1
 
 ### Added

README.md

@@ -89,8 +89,6 @@ ADMIN_PRIVILEGES=true               # App privileges
 
     ├── CHANGELOG.md
     ├── docker-compose.yml
-    ├── elastic_conf
-    │   └── elasticsearch.yml
     ├── generate-opendistro-certs.yml
     ├── kibana-odfe
     │   ├── config
@@ -157,9 +155,12 @@ ADMIN_PRIVILEGES=true               # App privileges
 
 | Wazuh version | ODFE    |
 |---------------|---------|
+| v4.0.2        | 1.11.0  |
+|---------------|---------|
+| v4.0.1        | 1.11.0  |
+|---------------|---------|
 | v4.0.0        | 1.10.1  |
 
-
 ## Credits and Thank you
 
 These Docker containers are based on:

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.0.0_1.10.1"
-REVISION="40000"
+WAZUH-DOCKER_VERSION="4.0.2_1.11.0"
+REVISION="40200"

build-from-sources.yml

@@ -0,0 +1,84 @@
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+version: '3.7'
+
+services:
+  wazuh:
+    build:  wazuh-odfe/
+    image: wazuh/wazuh-odfe:dev-version
+    hostname: wazuh-manager
+    restart: always
+    ports:
+      - "1514:1514"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - ELASTICSEARCH_URL=https://elasticsearch:9200
+      - ELASTIC_USERNAME=admin
+      - ELASTIC_PASSWORD=admin
+      - FILEBEAT_SSL_VERIFICATION_MODE=none
+    volumes:
+      - ossec_api_configuration:/var/ossec/api/configuration
+      - ossec_etc:/var/ossec/etc
+      - ossec_logs:/var/ossec/logs
+      - ossec_queue:/var/ossec/queue
+      - ossec_var_multigroups:/var/ossec/var/multigroups
+      - ossec_integrations:/var/ossec/integrations
+      - ossec_active_response:/var/ossec/active-response/bin
+      - ossec_agentless:/var/ossec/agentless
+      - ossec_wodles:/var/ossec/wodles
+      - filebeat_etc:/etc/filebeat
+      - filebeat_var:/var/lib/filebeat
+
+  elasticsearch:
+    image: amazon/opendistro-for-elasticsearch:1.11.0
+    hostname: elasticsearch
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - discovery.type=single-node
+      - cluster.name=wazuh-cluster
+      - network.host=0.0.0.0
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - bootstrap.memory_lock=true
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+
+  kibana:
+    build: kibana-odfe/
+    image: wazuh/wazuh-kibana-odfe:dev-version
+    hostname: kibana
+    restart: always
+    ports:
+      - 443:5601
+    environment:
+      - ELASTICSEARCH_USERNAME=admin
+      - ELASTICSEARCH_PASSWORD=admin
+      - SERVER_SSL_ENABLED=true
+      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
+      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
+
+    depends_on:
+      - elasticsearch
+    links:
+      - elasticsearch:elasticsearch
+      - wazuh:wazuh
+
+volumes:
+  ossec_api_configuration:
+  ossec_etc:
+  ossec_logs:
+  ossec_queue:
+  ossec_var_multigroups:
+  ossec_integrations:
+  ossec_active_response:
+  ossec_agentless:
+  ossec_wodles:
+  filebeat_etc:
+  filebeat_var:

docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-odfe:4.0.2_1.11.0
     hostname: wazuh-manager
     restart: always
     ports:
@@ -30,7 +30,7 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch
     restart: always
     ports:
@@ -50,7 +50,7 @@ services:
         hard: 65536
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-kibana-odfe:4.0.2_1.11.0
     hostname: kibana
     restart: always
     ports:

elastic_conf/elasticsearch.yml

@@ -1,3 +0,0 @@
-cluster.name: wazuh-elastic
-network.host: 0.0.0.0
-

kibana-odfe/Dockerfile

@@ -1,8 +1,8 @@
 # Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-FROM amazon/opendistro-for-elasticsearch-kibana:1.10.1
+FROM amazon/opendistro-for-elasticsearch-kibana:1.11.0
 USER kibana
 ARG ELASTIC_VERSION=7.9.1
-ARG WAZUH_VERSION=4.0.0
+ARG WAZUH_VERSION=4.0.2
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

production-cluster.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh-master:
-    image: wazuh/wazuh-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-odfe:4.0.2_1.11.0
     hostname: wazuh-master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh-worker:
-    image: wazuh/wazuh-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-odfe:4.0.2_1.11.0
     hostname: wazuh-worker
     restart: always
     environment:
@@ -67,7 +67,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch
     restart: always
     ports:
@@ -90,7 +90,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-2:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch-2
     restart: always
     environment:
@@ -111,7 +111,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-3:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch-3
     restart: always
     environment:
@@ -132,7 +132,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-kibana-odfe:4.0.2_1.11.0
     hostname: kibana
     restart: always
     ports:

wazuh-odfe/Dockerfile

@@ -2,7 +2,7 @@
 FROM centos:7
 
 ARG FILEBEAT_VERSION=7.9.1
-ARG WAZUH_VERSION=4.0.0-1
+ARG WAZUH_VERSION=4.0.2-1
 ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
 

wazuh-odfe/config/etc/services.d/ossec-logs/run

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv sh
+
+# dumping ossec.log to standard output
+exec tail -f /var/ossec/logs/ossec.log