mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-23 04:51:57 +00:00
265 lines
8.6 KiB
Bash
265 lines
8.6 KiB
Bash
#!/bin/bash
|
|
# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
|
|
|
|
# Variables
|
|
source /permanent_data.env
|
|
|
|
WAZUH_INSTALL_PATH=/var/ossec
|
|
WAZUH_CONFIG_MOUNT=/wazuh-config-mount
|
|
AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
|
|
API_GENERATE_CERTS=${API_GENERATE_CERTS:-true}
|
|
|
|
|
|
##############################################################################
|
|
# Aux functions
|
|
##############################################################################
|
|
print() {
|
|
echo -e $1
|
|
}
|
|
|
|
error_and_exit() {
|
|
echo "Error executing command: '$1'."
|
|
echo 'Exiting.'
|
|
exit 1
|
|
}
|
|
|
|
exec_cmd() {
|
|
eval $1 > /dev/null 2>&1 || error_and_exit "$1"
|
|
}
|
|
|
|
exec_cmd_stdout() {
|
|
eval $1 2>&1 || error_and_exit "$1"
|
|
}
|
|
|
|
|
|
##############################################################################
|
|
# Edit configuration
|
|
##############################################################################
|
|
|
|
edit_configuration() { # $1 -> setting, $2 -> value
|
|
sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${WAZUH_INSTALL_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
|
|
}
|
|
|
|
##############################################################################
|
|
# This function will attempt to mount every directory in PERMANENT_DATA
|
|
# into the respective path.
|
|
# If the path is empty means permanent data volume is also empty, so a backup
|
|
# will be copied into it. Otherwise it will not be copied because there is
|
|
# already data inside the volume for the specified path.
|
|
##############################################################################
|
|
|
|
mount_permanent_data() {
|
|
for permanent_dir in "${PERMANENT_DATA[@]}"; do
|
|
# Check if the path is not empty
|
|
if find ${permanent_dir} -mindepth 1 | read; then
|
|
print "The path ${permanent_dir} is already mounted"
|
|
else
|
|
print "Installing ${permanent_dir}"
|
|
exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/. ${permanent_dir}"
|
|
fi
|
|
done
|
|
}
|
|
|
|
##############################################################################
|
|
# This function will replace from the permanent data volume every file
|
|
# contained in PERMANENT_DATA_EXCP
|
|
# Some files as 'internal_options.conf' are saved as permanent data, but
|
|
# they must be updated to work properly if wazuh version is changed.
|
|
##############################################################################
|
|
|
|
apply_exclusion_data() {
|
|
for exclusion_file in "${PERMANENT_DATA_EXCP[@]}"; do
|
|
if [ -e ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ]
|
|
then
|
|
print "Updating ${exclusion_file}"
|
|
exec_cmd "cp -p ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
|
|
fi
|
|
done
|
|
}
|
|
|
|
##############################################################################
|
|
# This function will delete from the permanent data volume every file
|
|
# contained in PERMANENT_DATA_DEL
|
|
##############################################################################
|
|
|
|
remove_data_files() {
|
|
for del_file in "${PERMANENT_DATA_DEL[@]}"; do
|
|
if [ -e ${del_file} ]
|
|
then
|
|
print "Removing ${del_file}"
|
|
exec_cmd "rm ${del_file}"
|
|
fi
|
|
done
|
|
}
|
|
|
|
##############################################################################
|
|
# Create certificates: Manager
|
|
##############################################################################
|
|
|
|
create_ossec_key_cert() {
|
|
print "Creating ossec-authd key and cert"
|
|
exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
|
|
exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
|
|
}
|
|
|
|
##############################################################################
|
|
# Create certificates: API
|
|
##############################################################################
|
|
|
|
create_api_key_cert() {
|
|
print "Enabling Wazuh API HTTPS"
|
|
edit_configuration "https" "yes"
|
|
print "Create Wazuh API key and cert"
|
|
exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key 4096"
|
|
exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key -out ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/"
|
|
|
|
# Granting proper permissions
|
|
chmod 400 ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.key
|
|
chmod 400 ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt
|
|
}
|
|
|
|
##############################################################################
|
|
# Copy all files from $WAZUH_CONFIG_MOUNT to $WAZUH_INSTALL_PATH and respect
|
|
# destination files permissions
|
|
#
|
|
# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
|
|
# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
|
|
# replace the ossec.conf file in /var/ossec/data/etc with yours.
|
|
##############################################################################
|
|
|
|
mount_files() {
|
|
if [ -e "$WAZUH_CONFIG_MOUNT" ]
|
|
then
|
|
print "Identified Wazuh configuration files to mount..."
|
|
exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $WAZUH_INSTALL_PATH"
|
|
else
|
|
print "No Wazuh configuration files to mount..."
|
|
fi
|
|
}
|
|
|
|
##############################################################################
|
|
# Stop OSSEC
|
|
##############################################################################
|
|
|
|
function ossec_shutdown(){
|
|
${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
|
|
}
|
|
|
|
##############################################################################
|
|
# Interpret any passed arguments (via docker command to this entrypoint) as
|
|
# paths or commands, and execute them.
|
|
#
|
|
# This can be useful for actions that need to be run before the services are
|
|
# started, such as "/var/ossec/bin/ossec-control enable agentless".
|
|
##############################################################################
|
|
|
|
docker_custom_args() {
|
|
for CUSTOM_COMMAND in "$@"
|
|
do
|
|
echo "Executing command \`${CUSTOM_COMMAND}\`"
|
|
exec_cmd_stdout "${CUSTOM_COMMAND}"
|
|
done
|
|
}
|
|
|
|
##############################################################################
|
|
# Change Wazuh API user credentials.
|
|
##############################################################################
|
|
|
|
change_api_user_credentials() {
|
|
pushd /var/ossec/api/configuration/auth/
|
|
if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
|
|
WAZUH_API_USER=${API_USER}
|
|
WAZUH_API_PASS=${API_PASS}
|
|
else
|
|
input=${SECURITY_CREDENTIALS_FILE}
|
|
while IFS= read -r line
|
|
do
|
|
if [[ $line == *"WAZUH_API_USER"* ]]; then
|
|
arrIN=(${line//:/ })
|
|
WAZUH_API_USER=${arrIN[1]}
|
|
elif [[ $line == *"WAZUH_API_PASS"* ]]; then
|
|
arrIN=(${line//:/ })
|
|
WAZUH_API_PASS=${arrIN[1]}
|
|
fi
|
|
done < "$input"
|
|
fi
|
|
|
|
echo "Change Wazuh API user credentials"
|
|
change_user="node htpasswd -b -c user $WAZUH_API_USER $WAZUH_API_PASS"
|
|
eval $change_user
|
|
popd
|
|
}
|
|
|
|
|
|
|
|
|
|
##############################################################################
|
|
# Customize filebeat output ip
|
|
##############################################################################
|
|
|
|
|
|
custom_filebeat_output_ip() {
|
|
if [ "$FILEBEAT_OUTPUT" != "" ]; then
|
|
sed 's|http://elasticsearch:9200|$FILEBEAT_OUTPUT|g' filebeat.yml
|
|
fi
|
|
}
|
|
|
|
|
|
##############################################################################
|
|
# Main function
|
|
##############################################################################
|
|
|
|
main() {
|
|
# Mount permanent data (i.e. ossec.conf)
|
|
mount_permanent_data
|
|
|
|
# Restore files stored in permanent data that are not permanent (i.e. internal_options.conf)
|
|
apply_exclusion_data
|
|
|
|
# Remove some files in permanent_data (i.e. .template.db)
|
|
remove_data_files
|
|
|
|
# Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
|
|
if [ $AUTO_ENROLLMENT_ENABLED == true ]
|
|
then
|
|
if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
|
|
then
|
|
create_ossec_key_cert
|
|
fi
|
|
fi
|
|
|
|
# Generate API certs if API_GENERATE_CERTS is true and does not exist
|
|
if [ $API_GENERATE_CERTS == true ]
|
|
then
|
|
if [ ! -e ${WAZUH_INSTALL_PATH}/api/configuration/ssl/server.crt ]
|
|
then
|
|
create_api_key_cert
|
|
fi
|
|
fi
|
|
|
|
# Mount selected files (WAZUH_CONFIG_MOUNT) to container
|
|
mount_files
|
|
|
|
# Trap exit signals and do a proper shutdown
|
|
trap "ossec_shutdown; exit" SIGINT SIGTERM
|
|
|
|
# Execute custom args
|
|
docker_custom_args
|
|
|
|
# Change API user credentials
|
|
change_api_user_credentials
|
|
|
|
# Update filebeat configuration
|
|
custom_filebeat_output_ip
|
|
|
|
# Delete temporary data folder
|
|
rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
|
|
|
|
# Grant proper permissions
|
|
# When modifiying some files using the Wazuh API (i.e. /var/ossec/etc/ossec.conf), group rw permissions are needed for changes to take place.
|
|
# https://github.com/wazuh/wazuh/issues/3647
|
|
chmod -R g+rw ${WAZUH_INSTALL_PATH}
|
|
}
|
|
|
|
main
|