Switch to OSS images and delete XPACK

docker-compose.yml

@@ -3,7 +3,7 @@ version: '2'
 
 services:
   wazuh:
-    image: wazuh/wazuh:3.11.2_7.5.1
+    image: wazuh/wazuh:3.11.2_7.5.1-oss
     hostname: wazuh-manager
     restart: always
     ports:
@@ -13,7 +13,7 @@ services:
       - "55000:55000"
 
   elasticsearch:
-    image: wazuh/wazuh-elasticsearch:3.11.2_7.5.1
+    image: wazuh/wazuh-elasticsearch:3.11.2_7.5.1-oss
     hostname: elasticsearch
     restart: always
     ports:
@@ -30,7 +30,7 @@ services:
     mem_limit: 2g
 
   kibana:
-    image: wazuh/wazuh-kibana:3.11.2_7.5.1
+    image: wazuh/wazuh-kibana:3.11.2_7.5.1-oss
     hostname: kibana
     restart: always
     depends_on:

elasticsearch/Dockerfile

@@ -1,6 +1,6 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 ARG ELASTIC_VERSION=7.5.1
-FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
+FROM docker.elastic.co/elasticsearch/elasticsearch-oss:${ELASTIC_VERSION}
 ARG ELASTIC_VERSION
 ARG S3_PLUGIN_URL="https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-${ELASTIC_VERSION}.zip"
 
@@ -12,8 +12,6 @@ ENV ALERTS_SHARDS="1" \
 ENV API_USER="foo" \
     API_PASS="bar"
 
-ENV XPACK_ML="true" 
-
 ENV ENABLE_CONFIGURE_S3="false"
 
 ARG TEMPLATE_VERSION=v3.11.2

elasticsearch/config/entrypoint.sh

@@ -20,27 +20,6 @@ run_as_other_user_if_needed() {
 }
 
 
-#Disabling xpack features
-
-elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
-if grep -Fq  "#xpack features" "$elasticsearch_config_file";
-then 
-  declare -A CONFIG_MAP=(
-  [xpack.ml.enabled]=$XPACK_ML
-  )
-  for i in "${!CONFIG_MAP[@]}"
-  do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $elasticsearch_config_file
-    fi
-  done
-else
-  echo "
-#xpack features
-xpack.ml.enabled: $XPACK_ML
- " >> $elasticsearch_config_file
-fi
-
 # Run load settings script.
 
 ./config_cluster.sh

elasticsearch/config/load_settings.sh

@@ -6,13 +6,7 @@ set -e
 el_url=${ELASTICSEARCH_URL}
 
 
-if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+until curl -XGET $el_url; do
-  auth=""
-else
-  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
-fi
-
-until curl ${auth} -XGET $el_url; do
   >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done
@@ -39,14 +33,6 @@ if [ $ENABLE_CONFIGURE_S3 ]; then
 fi
 
 
-curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
-{
-  "persistent": {
-    "xpack.monitoring.collection.enabled": true
-  }
-}
-'
-
 # Set cluster delayed timeout when node falls
 curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
 {
@@ -56,5 +42,4 @@ curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'
 }
 '
 
-
 echo "Elasticsearch is ready."

kibana/Dockerfile

@@ -1,5 +1,5 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:7.5.1
+FROM docker.elastic.co/kibana/kibana-oss:7.5.1
 USER kibana
 ARG ELASTIC_VERSION=7.5.1
 ARG WAZUH_VERSION=3.11.2
@@ -34,21 +34,12 @@ ENV PATTERN="" \
     WAZUH_VERSION_REPLICAS="" \
     IP_SELECTOR="" \
     IP_IGNORE="" \
-    XPACK_RBAC_ENABLED="" \
     WAZUH_MONITORING_ENABLED="" \
     WAZUH_MONITORING_FREQUENCY="" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS="" \
     ADMIN_PRIVILEGES=""
 
-ARG XPACK_CANVAS="true"
-ARG XPACK_LOGS="true"
-ARG XPACK_INFRA="true"
-ARG XPACK_ML="true"
-ARG XPACK_DEVTOOLS="true"
-ARG XPACK_MONITORING="true"
-ARG XPACK_APM="true"
-
 ARG CHANGE_WELCOME="false"
 
 COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
@@ -59,12 +50,6 @@ COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
 
 RUN chmod +x ./kibana_settings.sh
 
-COPY --chown=kibana:kibana ./config/xpack_config.sh ./
-
-RUN chmod +x ./xpack_config.sh
-
-RUN ./xpack_config.sh
-
 COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
 
 RUN chmod +x ./welcome_wazuh.sh

kibana/config/entrypoint.sh

@@ -13,13 +13,7 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
-if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+until curl -XGET $el_url; do
-  auth=""
-else
-  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
-fi
-
-until curl -XGET $el_url ${auth}; do
   >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done

kibana/config/kibana_settings.sh

@@ -30,14 +30,6 @@ if [ "$KIBANA_INDEX" != "" ]; then
     echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
 fi
 
-# If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false.
-if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
-  if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
-    sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
-  fi
-    echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
-fi
-
 if [ "$KIBANA_IP" != "" ]; then
   kibana_ip="$KIBANA_IP"
 else

kibana/config/wazuh_app_config.sh

@@ -29,7 +29,6 @@ declare -A CONFIG_MAP=(
   [wazuh-version.replicas]=$WAZUH_VERSION_REPLICAS
   [ip.selector]=$IP_SELECTOR
   [ip.ignore]=$IP_IGNORE
-  [xpack.rbac.enabled]=$XPACK_RBAC_ENABLED
   [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
   [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
   [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
@@ -47,7 +46,7 @@ done
 # remove default API entry (new in 3.11.0_7.5.1)
 sed -ie '/- default:/,+4d' $kibana_config_file
 
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
+CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
 
 grep -q 1513629884013 $kibana_config_file
 _config_exists=$?

kibana/config/xpack_config.sh

@@ -1,35 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-
-kibana_config_file="/usr/share/kibana/config/kibana.yml"
-if grep -Fq  "#xpack features" "$kibana_config_file";
-then 
-  declare -A CONFIG_MAP=(
-    [xpack.apm.ui.enabled]=$XPACK_APM
-    [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
-    [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
-    [xpack.ml.enabled]=$XPACK_ML
-    [xpack.canvas.enabled]=$XPACK_CANVAS
-    [xpack.infra.enabled]=$XPACK_INFRA
-    [xpack.monitoring.enabled]=$XPACK_MONITORING
-    [console.enabled]=$XPACK_DEVTOOLS
-  )
-  for i in "${!CONFIG_MAP[@]}"
-  do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
-    fi
-  done
-else
-  echo "
-#xpack features
-xpack.apm.ui.enabled: $XPACK_APM 
-xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
-xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
-xpack.ml.enabled: $XPACK_ML
-xpack.canvas.enabled: $XPACK_CANVAS
-xpack.infra.enabled: $XPACK_INFRA
-xpack.monitoring.enabled: $XPACK_MONITORING
-console.enabled: $XPACK_DEVTOOLS
-" >> $kibana_config_file
-fi

wazuh/Dockerfile

@@ -38,8 +38,8 @@ COPY config/01-config_filebeat.sh /entrypoint-scripts/01-config_filebeat.sh
 RUN chmod 755 /init.bash && \
    sync && /init.bash && \
    sync && rm /init.bash && \
-   curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
+   curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-${FILEBEAT_VERSION}-amd64.deb &&\
-   dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
+   dpkg -i filebeat-oss-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-oss-${FILEBEAT_VERSION}-amd64.deb && \
    chmod 755 /entrypoint.sh && \
    chmod 755 /entrypoint-scripts/00-wazuh.sh && \
    chmod 755 /entrypoint-scripts/01-config_filebeat.sh