paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-10-28 18:43:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding env variables for alerts data flow

Browse Source
This commit is contained in:
havidarou
2019-02-08 15:32:36 +00:00
parent 4687360677
commit 15f35ca6a8
5 changed files with 46 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
elasticsearch/config/load_settings.sh
View File

@@ -9,6 +9,13 @@ else
el_url="${ELASTICSEARCH_URL}" el_url="${ELASTICSEARCH_URL}"
fi fi
if [ "x${WAZUH_API_URL}" = "x" ]; then
wazuh_url="https://wazuh"
else
wazuh_url="${WAZUH_API_URL}"
fi
until curl -XGET $el_url; do until curl -XGET $el_url; do
>&2 echo "Elastic is unavailable - sleeping" >&2 echo "Elastic is unavailable - sleeping"
sleep 5 sleep 5
@@ -35,7 +42,7 @@ if [ "x$CONFIG_CODE" = "x404" ]; then
{ {
"api_user": "'"$API_USER_Q"'", "api_user": "'"$API_USER_Q"'",
"api_password": "'"$API_PASSWORD"'", "api_password": "'"$API_PASSWORD"'",
"url": "https://wazuh", "url": "'"$wazuh_url"'",
"api_port": "55000", "api_port": "55000",
"insecure": "true", "insecure": "true",
"component": "API", "component": "API",

21
kibana/config/kibana_settings.sh
View File

@@ -15,7 +15,20 @@ WAZUH_MAJOR=3
# Do not ask user to help providing usage statistics to Elastic. # Do not ask user to help providing usage statistics to Elastic.
############################################################################## ##############################################################################
while [[ "$(curl -XGET -I -s -o /dev/null -w ''%{http_code}'' kibana:5601/status)" != "200" ]]; do ##############################################################################
# Customize elasticsearch ip
##############################################################################
if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
sed -i "s/elasticsearch:9200/$ELASTICSEARCH_KIBANA_IP:9200/" /usr/share/kibana/config/kibana.yml
fi
if [ "$KIBANA_IP" != "" ]; then
kibana_ip="$KIBANA_IP"
else
kibana_ip="kibana"
fi
while [[ "$(curl -XGET -I -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
echo "Waiting for Kibana API. Sleeping 5 seconds" echo "Waiting for Kibana API. Sleeping 5 seconds"
sleep 5 sleep 5
done done
@@ -35,16 +48,16 @@ EOF
sleep 5 sleep 5
# Add the wazuh alerts index as default. # Add the wazuh alerts index as default.
curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index} curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
rm -f ${default_index} rm -f ${default_index}
sleep 5 sleep 5
# Configuring Kibana TimePicker. # Configuring Kibana TimePicker.
curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}' '{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}'
sleep 5 sleep 5
# Do not ask user to help providing usage statistics to Elastic # Do not ask user to help providing usage statistics to Elastic
curl -POST "http://kibana:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}' curl -POST "http://$kibana_ip:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
echo "End settings" echo "End settings"

6
logstash/Dockerfile
View File

@@ -4,3 +4,9 @@ FROM docker.elastic.co/logstash/logstash:6.5.4
RUN rm -f /usr/share/logstash/pipeline/logstash.conf RUN rm -f /usr/share/logstash/pipeline/logstash.conf
COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf
USER root
COPY config/run.sh /run.sh
RUN chmod +x /run.sh
ENTRYPOINT ["/run.sh"]

29
logstash/config/run.sh
View File

@@ -5,27 +5,12 @@
# variables expected by this script. # variables expected by this script.
# #
# ##############################################################################
# Customize logstash output ip
# ##############################################################################
# Apply Templates if [ "$LOGSTASH_OUTPUT" != "" ]; then
# sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/pipeline/01-wazuh.conf
sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/config/logstash.yml
set -e
host="elasticsearch"
until curl -XGET $host:9200; do
>&2 echo "Elastic is unavailable - sleeping"
sleep 1
done
# Add logstash as command if needed
if [ "${1:0:1}" = '-' ]; then
set -- logstash "$@"
fi fi
# Run as user "logstash" if the command is "logstash" /usr/local/bin/docker-entrypoint
if [ "$1" = 'logstash' ]; then
set -- gosu logstash "$@"
fi
exec "$@"

8
wazuh/config/entrypoint.sh
View File

@@ -141,6 +141,14 @@ eval $change_user
popd popd
##############################################################################
# Customize filebeat output ip
##############################################################################
if [ "$FILEBEAT_OUTPUT" != "" ]; then
sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml
fi
############################################################################## ##############################################################################
# Start Wazuh Server. # Start Wazuh Server.
############################################################################## ##############################################################################