Add wazuh-dashboard Dockerfile

2025-11-03 21:43:17 +00:00 · 2022-01-20 18:45:15 -03:00
parent 3de9c0b173
commit 3170ac81c0
12 changed files with 173 additions and 108 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'

 services:
  wazuh:
-    image: wazuh/wazuh-odfe:4.3.0
+    image: wazuh/wazuh-odfe:4.2.5
    hostname: wazuh-manager
    restart: always
    ports:
@@ -12,7 +12,7 @@ services:
      - "514:514/udp"
      - "55000:55000"
    environment:
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
+      - ELASTICSEARCH_URL=https://elasticsearch:9700
      - ELASTIC_USERNAME=admin
      - ELASTIC_PASSWORD=admin
      - FILEBEAT_SSL_VERIFICATION_MODE=none
@@ -30,17 +30,18 @@ services:
      - filebeat_var:/var/lib/filebeat

  elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
+    image: wazuh/wazuh-indexer:4.3.0
    hostname: elasticsearch
    restart: always
    ports:
-      - "9200:9200"
+      - "9700:9700"
    environment:
      - discovery.type=single-node
      - cluster.name=wazuh-cluster
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - bootstrap.memory_lock=true
+      - JAVA_HOME=/usr/share/wazuh-indexer/jdk/bin
    ulimits:
      memlock:
        soft: -1
@@ -50,7 +51,7 @@ services:
        hard: 65536

  kibana:
-    image: wazuh/wazuh-kibana-odfe:4.3.0
+    image: wazuh/wazuh-dashboard:4.3.0
    hostname: kibana
    restart: always
    ports:
@@ -59,8 +60,8 @@ services:
      - ELASTICSEARCH_USERNAME=admin
      - ELASTICSEARCH_PASSWORD=admin
      - SERVER_SSL_ENABLED=true
-      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
-      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
+      - SERVER_SSL_CERTIFICATE=/etc/wazuh-dashboard/config/opendistroforelasticsearch.example.org.cert
+      - SERVER_SSL_KEY=/etc/wazuh-dashboard/config/opendistroforelasticsearch.example.org.key

    depends_on:
      - elasticsearch
--- a/production-cluster.yml
+++ b/production-cluster.yml
@@ -134,7 +134,7 @@ services:
      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
  kibana:
-    image: wazuh/wazuh-dashboard
+    image: wazuh/wazuh-kibana-odfe:4.3.0
    hostname: kibana
    restart: always
    ports:
--- a/production_cluster/ssl_certs/certs.yml
+++ b/production_cluster/ssl_certs/certs.yml
@@ -1,35 +0,0 @@
-ca:
-   root:
-      dn: CN=root-ca,OU=CA,O=Example\, Inc.,DC=example,DC=com
-      pkPassword: none
-      keysize: 2048
-      file: root-ca.pem 
-   intermediate:
-      dn: CN=intermediate,OU=CA,O=Example\, Inc.,DC=example,DC=com
-      keysize: 2048
-      validityDays: 3650  
-      pkPassword: intermediate-ca-password
-      file: intermediate-ca.pem
-
-nodes:
-  - name: node1
-    dn: CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - elasticsearch
-  - name: node2
-    dn: CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - elasticsearch-2
-  - name: node3
-    dn: CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - elasticsearch-3
-  - name: filebeat
-    dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - wazuh
-
-clients:
-  - name: admin
-    dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    admin: true
--- a/wazuh-dashboard/Dockerfile
+++ b/wazuh-dashboard/Dockerfile
@@ -1,7 +1,7 @@
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
 FROM ubuntu:20.04

-ARG WAZUH_VERSION=4.3.0-1_amd64
+ARG WAZUH_VERSION=4.3.0-1
 ARG TEMPLATE_VERSION="master"
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
@@ -9,17 +9,19 @@ ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"

 RUN apt-get update && apt install curl libcap2-bin -y

-RUN curl https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboard_${WAZUH_VERSION}.deb --output wazuh-dashboard_${WAZUH_VERSION}.deb && \
-    dpkg -i wazuh-dashboard_${WAZUH_VERSION}.deb
+RUN curl https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboard_${WAZUH_VERSION}_amd64.deb --output wazuh-dashboard_${WAZUH_VERSION}_amd64.deb && \
+    dpkg -i wazuh-dashboard_${WAZUH_VERSION}_amd64.deb

 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547

 COPY config/entrypoint.sh /
+COPY config/wazuh_app_config.sh /

 RUN chmod 700 /entrypoint.sh
+RUN chmod 700 /wazuh_app_config.sh

 # Services ports
-EXPOSE 5601 443
+EXPOSE 5601

 ENTRYPOINT [ "/entrypoint.sh" ]
--- a/wazuh-dashboard/config/entrypoint.sh
+++ b/wazuh-dashboard/config/entrypoint.sh
@@ -1,8 +1,11 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)

-##############################################################################
-# Start Wazuh dashboard
-##############################################################################
+set -e
+
+
+#sed -i 's/localhost:9700/elasticsearch:9200/' /etc/wazuh-dashboard/wazuh-dashboard.yml

 service wazuh-dashboard start
+
+while true; do sleep 1000; done
--- a/wazuh-dashboard/config/entrypoint_prueba.sh
+++ b/wazuh-dashboard/config/entrypoint_prueba.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+
+set -e
+
+##############################################################################
+# Waiting for indexer
+##############################################################################
+
+if [ "x${ELASTICSEARCH_URL}" == "x" ]; then
+  if [[ ${ENABLED_SECURITY} == "false" ]]; then
+    export el_url="http://elasticsearch:9200"
+  else
+    export el_url="https://elasticsearch:9200"
+  fi
+else
+  export el_url="${ELASTICSEARCH_URL}"
+fi
+
+if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" == "x" || "x${ELASTICSEARCH_PASSWORD}" == "x" ]]; then
+  auth=""
+  # remove security plugin from kibana if elasticsearch is not using it either
+  /usr/share/kibana/bin/kibana-plugin remove opendistro_security
+else
+  export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k"
+fi
+
+until curl -XGET $el_url ${auth}; do
+  >&2 echo "Elastic is unavailable - sleeping"
+  sleep 5
+done
+
+sleep 2
+
+>&2 echo "Elasticsearch is up."
+
+
+##############################################################################
+# Waiting for wazuh alerts template
+##############################################################################
+
+strlen=0
+
+while [[ $strlen -eq 0 ]]
+do
+  template=$(curl ${auth} $el_url/_cat/templates/wazuh -s)
+  strlen=${#template}
+  >&2 echo "Wazuh alerts template not loaded - sleeping."
+  sleep 2
+done
+
+chown wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs/*
+
+sleep 5
+
+./wazuh_app_config.sh
+
+
+while true; do sleep 1000; done
--- a/wazuh-dashboard/config/wazuh-dashboard.yml
+++ b/wazuh-dashboard/config/wazuh-dashboard.yml
@@ -0,0 +1,14 @@
+server.host: 0.0.0.0
+server.port: 443
+opensearch.hosts: https://localhost:9700
+opensearch.ssl.verificationMode: certificate
+opensearch.username: kibanaserver
+opensearch.password: kibanaserver
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log"
--- a/wazuh-dashboard/config/wazuh_app_config.sh
+++ b/wazuh-dashboard/config/wazuh_app_config.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+
+wazuh_url="${WAZUH_API_URL:-https://wazuh}"
+wazuh_port="${API_PORT:-55000}"
+api_username="${API_USERNAME:-wazuh-wui}"
+api_password="${API_PASSWORD:-wazuh-wui}"
+
+kibana_config_file="/etc/wazuh-dashboard/wazuh-dashboard.yml"
+
+sed 's/9700/9200/' /etc/wazuh-dashboard/wazuh-dashboard.yml
+
+declare -A CONFIG_MAP=(
+  [pattern]=$PATTERN
+  [checks.pattern]=$CHECKS_PATTERN
+  [checks.template]=$CHECKS_TEMPLATE
+  [checks.api]=$CHECKS_API
+  [checks.setup]=$CHECKS_SETUP
+  [extensions.pci]=$EXTENSIONS_PCI
+  [extensions.gdpr]=$EXTENSIONS_GDPR
+  [extensions.hipaa]=$EXTENSIONS_HIPAA
+  [extensions.nist]=$EXTENSIONS_NIST
+  [extensions.tsc]=$EXTENSIONS_TSC
+  [extensions.audit]=$EXTENSIONS_AUDIT
+  [extensions.oscap]=$EXTENSIONS_OSCAP
+  [extensions.ciscat]=$EXTENSIONS_CISCAT
+  [extensions.aws]=$EXTENSIONS_AWS
+  [extensions.gcp]=$EXTENSIONS_GCP
+  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
+  [extensions.osquery]=$EXTENSIONS_OSQUERY
+  [extensions.docker]=$EXTENSIONS_DOCKER
+  [timeout]=$APP_TIMEOUT
+  [api.selector]=$API_SELECTOR
+  [ip.selector]=$IP_SELECTOR
+  [ip.ignore]=$IP_IGNORE
+  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
+  [wazuh.monitoring.creation]=$WAZUH_MONITORING_CREATION
+  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
+  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
+  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
+  [admin]=$ADMIN_PRIVILEGES
+)
+
+for i in "${!CONFIG_MAP[@]}"
+do
+    if [ "${CONFIG_MAP[$i]}" != "" ]; then
+        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
+    fi
+done
+
+CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
+
+if [[ "x$CONFIG_CODE" != "x200" ]] && ! grep -q 1513629884013 $kibana_config_file ; then
+cat << EOF >> $kibana_config_file
+hosts:
+  - 1513629884013:
+      url: $wazuh_url
+      port: $wazuh_port
+      username: $api_username
+      password: $api_password
+EOF
+else
+  echo "Wazuh APP already configured"
+fi
--- a/wazuh-indexer/Dockerfile_centos
+++ b/wazuh-indexer/Dockerfile_centos
@@ -1,30 +0,0 @@
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-FROM centos:7
-
-ARG FILEBEAT_CHANNEL=filebeat-oss
-ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.3.0-1
-ARG TEMPLATE_VERSION="master"
-ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
-
-USER root
-
-# Set repositories.
-RUN rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
-
-COPY config/wazuh.repo /etc/yum.repos.d/wazuh.repo
-
-RUN yum --enablerepo=updates clean metadata && \
-  yum upgrade -y && \
-  yum -y install wazuh-indexer -y && \
-  sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \
-  yum clean all && rm -rf /var/cache/yum
-
-COPY config/entrypoint.sh /
-
-RUN chmod 700 /entrypoint.sh
-
-# Services ports
-EXPOSE 9700
-
-ENTRYPOINT [ "/entrypoint.sh" ]
--- a/wazuh-indexer/Dockerfile_ubuntu
+++ b/wazuh-indexer/Dockerfile_ubuntu
@@ -1,18 +1,16 @@
 # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
 FROM ubuntu:20.04

-ARG WAZUH_VERSION=4.3.0
+ARG WAZUH_VERSION=4.3.0-1
 ARG TEMPLATE_VERSION="master"
 ARG FILEBEAT_CHANNEL=filebeat-oss
 ARG FILEBEAT_VERSION=7.10.2
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"

-RUN apt-get update && apt install curl gnupg -y
+RUN apt-get update && apt install curl -y

-RUN curl -s https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
-    echo "deb https://packages-dev.wazuh.com/trash/apt/ unstable main" | tee -a /etc/apt/sources.list.d/wazuh.list && \
-    apt-get update && \
-    apt-get install wazuh-indexer
+RUN curl https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/wazuh-indexer_${WAZUH_VERSION}_amd64.deb --output wazuh-indexer_${WAZUH_VERSION}_amd64.deb && \
+    dpkg -i wazuh-indexer_${WAZUH_VERSION}_amd64.deb

 # Prepare permanent data
 # Sync calls are due to https://github.com/docker/docker/issues/9547
--- a/wazuh-indexer/config/entrypoint.sh
+++ b/wazuh-indexer/config/entrypoint.sh
@@ -1,13 +1,14 @@
-#!/bin/execlineb -S0
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)

-##
-## load default PATH (the same that Docker includes if not provided) if it doesn't exist,
-## then go ahead with stage1.
-## this was motivated due to this issue:
-## - https://github.com/just-containers/s6-overlay/issues/108
-##
+##############################################################################
+# Start Wazuh indexer
+##############################################################################

+export JAVA_HOME=/usr/share/wazuh-indexer/jdk/bin

-/bin/importas -D /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PATH PATH
-export PATH ${PATH}
-/etc/s6/init/init-stage1 $@
+#/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem
+
+service wazuh-indexer start
+
+while true; do sleep 1000; done
--- a/wazuh-indexer/config/entrypoint_prueba.sh
+++ b/wazuh-indexer/config/entrypoint_prueba.sh
@@ -1,12 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-##############################################################################
-# Start Wazuh indexer
-##############################################################################
-
-JAVA_HOME=/usr/share/wazuh-indexer/jdk/bin
-
-/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem
-
-service wazuh-indexer start