name: Wazuh Docker pipeline on: [pull_request] jobs: build-docker-images: runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v3 - name: Build Wazuh images run: build-docker-images/build-images.sh - name: Create enviroment variables run: cat .env > $GITHUB_ENV - name: Create backup Docker images run: | mkdir -p /home/runner/work/wazuh-docker/wazuh-docker/docker-images/ docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar docker rmi $(docker images -q) docker load --input /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar docker load --input /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar docker load --input /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar - name: Temporarily save Wazuh manager Docker image uses: actions/upload-artifact@v3 with: name: docker-artifact-manager path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar retention-days: 1 - name: Temporarily save Wazuh indexer Docker image uses: actions/upload-artifact@v3 with: name: docker-artifact-indexer path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar retention-days: 1 - name: Temporarily save Wazuh dashboard Docker image uses: actions/upload-artifact@v3 with: name: docker-artifact-dashboard path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar retention-days: 1 - name: Install Goss uses: e1himself/goss-installation-action@v1.0.3 with: version: v0.3.16 - name: Execute Goss tests (wazuh-manager) run: dgoss run wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} env: GOSS_SLEEP: 30 GOSS_FILE: .github/.goss.yaml check-single-node: runs-on: ubuntu-latest needs: build-docker-images steps: - name: Check out code uses: actions/checkout@v3 - name: Create enviroment variables run: cat .env > $GITHUB_ENV - name: Retrieve saved Wazuh indexer Docker image uses: actions/download-artifact@v3 with: name: docker-artifact-indexer - name: Retrieve saved Wazuh manager Docker image uses: actions/download-artifact@v3 with: name: docker-artifact-manager - name: Retrieve saved Wazuh dashboard Docker image uses: actions/download-artifact@v3 with: name: docker-artifact-dashboard - name: Docker load run: | docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar - name: Create single node certficates run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator - name: Start single node stack run: docker-compose -f single-node/docker-compose.yml up -d - name: Check Wazuh indexer start run: | sleep 60 status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" if [[ $status_green -eq 1 ]]; then curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s else curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s exit 1 fi status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep "green" | wc -l`" if [[ $status_index_green -eq $status_index ]]; then curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s else curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s exit 1 fi - name: Check Wazuh indexer nodes run: | nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" if [[ $nodes -eq 1 ]]; then echo "Wazuh indexer nodes: ${nodes}" else echo "Wazuh indexer nodes: ${nodes}" exit 1 fi - name: Check documents into wazuh-alerts index run: | docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`" if [[ $docs -gt 100 ]]; then echo "wazuh-alerts index documents: ${docs}" else echo "wazuh-alerts index documents: ${docs}" exit 1 fi - name: Check Wazuh templates run: | qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" if [[ $qty_templates -eq 3 ]]; then echo "wazuh templates:" echo "${templates}" else echo "wazuh templates:" echo "${templates}" exit 1 fi - name: Check Wazuh manager start run: | services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" if [[ $services -gt 9 ]]; then echo "Wazuh Manager Services: ${services}" echo "OK" else echo "Wazuh indexer nodes: ${nodes}" curl -k -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items exit 1 fi env: TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") - name: Check errors in ossec.log run: ./.github/single-node-log-check.sh - name: Check filebeat output run: ./.github/single-node-filebeat-check.sh - name: Check Wazuh dashboard service URL run: | status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s | grep -E "^HTTP" | awk '{print $2}') if [[ $status -eq 200 ]]; then echo "Wazuh dashboard status: ${status}" else echo "Wazuh dashboard status: ${status}" exit 1 fi - name: Stop single node stack run: docker-compose -f single-node/docker-compose.yml down check-multi-node: runs-on: ubuntu-latest needs: build-docker-images steps: - name: Check out code uses: actions/checkout@v3 - name: Create enviroment variables run: cat .env > $GITHUB_ENV - name: Retrieve saved Wazuh dashboard Docker image uses: actions/download-artifact@v3 with: name: docker-artifact-dashboard - name: Retrieve saved Wazuh manager Docker image uses: actions/download-artifact@v3 with: name: docker-artifact-manager - name: Retrieve saved Wazuh indexer Docker image uses: actions/download-artifact@v3 with: name: docker-artifact-indexer - name: Docker load run: | docker load --input ./wazuh-manager.tar docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar - name: Create multi node certficates run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator - name: Start multi node stack run: docker-compose -f multi-node/docker-compose.yml up -d - name: Check Wazuh indexer start run: | sleep 120 status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" if [[ $status_green -eq 1 ]]; then curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s else curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s exit 1 fi status_index="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | wc -l`" status_index_green="`curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s | grep -E "green" | wc -l`" if [[ $status_index_green -eq $status_index ]]; then curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s else curl -XGET "https://0.0.0.0:9200/_cat/indices" -u admin:SecretPassword -k -s exit 1 fi - name: Check Wazuh indexer nodes run: | nodes="`curl -XGET "https://0.0.0.0:9200/_cat/nodes" -u admin:SecretPassword -k -s | grep -E "indexer" | wc -l`" if [[ $nodes -eq 3 ]]; then echo "Wazuh indexer nodes: ${nodes}" else echo "Wazuh indexer nodes: ${nodes}" exit 1 fi - name: Check documents into wazuh-alerts index run: | docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_doc/_search" -u admin:SecretPassword -k -s | jq -r ".hits.total.value"`" if [[ $docs -gt 200 ]]; then echo "wazuh-alerts index documents: ${docs}" else echo "wazuh-alerts index documents: ${docs}" exit 1 fi - name: Check Wazuh templates run: | qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`" templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`" if [[ $qty_templates -eq 3 ]]; then echo "wazuh templates:" echo "${templates}" else echo "wazuh templates:" echo "${templates}" exit 1 fi - name: Check Wazuh manager start run: | services="`curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items | grep running | wc -l`" if [[ $services -gt 10 ]]; then echo "Wazuh Manager Services: ${services}" echo "OK" else echo "Wazuh indexer nodes: ${nodes}" curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r .data.affected_items exit 1 fi nodes=$(curl -k -s -X GET "https://0.0.0.0:55000/cluster/nodes" -H "Authorization: Bearer ${{env.TOKEN}}" | jq -r ".data.affected_items[].name" | wc -l) if [[ $nodes -eq 2 ]]; then echo "Wazuh manager nodes: ${nodes}" else echo "Wazuh manager nodes: ${nodes}" exit 1 fi env: TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") - name: Check errors in ossec.log run: ./.github/multi-node-log-check.sh - name: Check filebeat output run: ./.github/multi-node-filebeat-check.sh - name: Check Wazuh dashboard service URL run: | status=$(curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I | grep -E "^HTTP" | awk '{print $2}') if [[ $status -eq 200 ]]; then echo "Wazuh dashboard status: ${status}" else echo "Wazuh dashboard status: ${status}" exit 1 fi