paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-03 21:43:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.8.1' into merge-4.8.1-into-4.8.2

Browse Source
This commit is contained in:
David Correa Rodríguez
2024-04-01 10:48:42 +02:00
parent 04c64e78bc 1fea52d4d0
commit 4b98b24999
12 changed files with 54 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
.github/workflows/push.yml vendored
View File

@@ -128,7 +128,7 @@ jobs:
run: | run: |
sleep 120 sleep 120
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 100 ]]; then if [[ $docs -gt 0 ]]; then
echo "wazuh-alerts index documents: ${docs}" echo "wazuh-alerts index documents: ${docs}"
else else
echo "wazuh-alerts index documents: ${docs}" echo "wazuh-alerts index documents: ${docs}"
@@ -139,7 +139,7 @@ jobs:
run: | run: |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`" qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`" templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
if [[ $qty_templates -eq 3 ]]; then if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:" echo "wazuh templates:"
echo "${templates}" echo "${templates}"
else else
@@ -162,10 +162,6 @@ jobs:
env: env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
- name: Check errors in ossec.log
run: ./.github/single-node-log-check.sh
- name: Check filebeat output - name: Check filebeat output
run: ./.github/single-node-filebeat-check.sh run: ./.github/single-node-filebeat-check.sh
@@ -179,8 +175,8 @@ jobs:
exit 1 exit 1
fi fi
- name: Stop single node stack - name: Check errors in ossec.log
run: docker-compose -f single-node/docker-compose.yml down run: ./.github/single-node-log-check.sh
check-multi-node: check-multi-node:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -193,6 +189,14 @@ jobs:
- name: Create enviroment variables - name: Create enviroment variables
run: cat .env > $GITHUB_ENV run: cat .env > $GITHUB_ENV
- name: free disk space
run: |
sudo swapoff -a
sudo rm -f /swapfile
sudo apt clean
docker rmi $(docker image ls -aq)
df -h
- name: Retrieve saved Wazuh dashboard Docker image - name: Retrieve saved Wazuh dashboard Docker image
uses: actions/download-artifact@v3 uses: actions/download-artifact@v3
with: with:
@@ -213,6 +217,7 @@ jobs:
docker load --input ./wazuh-manager.tar docker load --input ./wazuh-manager.tar
docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-indexer.tar
docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-dashboard.tar
rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
- name: Create multi node certficates - name: Create multi node certficates
run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
@@ -222,7 +227,13 @@ jobs:
- name: Check Wazuh indexer start - name: Check Wazuh indexer start
run: | run: |
sleep 120 until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l` -eq 1 ]]
do
echo 'Waiting for Wazuh indexer start'
free -m
df -h
sleep 10
done
status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
if [[ $status_green -eq 1 ]]; then if [[ $status_green -eq 1 ]]; then
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
@@ -251,9 +262,15 @@ jobs:
- name: Check documents into wazuh-alerts index - name: Check documents into wazuh-alerts index
run: | run: |
sleep 120 until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``) -gt 0 ]]
do
echo 'Waiting for Wazuh indexer events'
free -m
df -h
sleep 10
done
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`" docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 100 ]]; then if [[ $docs -gt 1 ]]; then
echo "wazuh-alerts index documents: ${docs}" echo "wazuh-alerts index documents: ${docs}"
else else
echo "wazuh-alerts index documents: ${docs}" echo "wazuh-alerts index documents: ${docs}"
@@ -264,7 +281,7 @@ jobs:
run: | run: |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`" qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`" templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
if [[ $qty_templates -eq 3 ]]; then if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:" echo "wazuh templates:"
echo "${templates}" echo "${templates}"
else else
@@ -294,10 +311,6 @@ jobs:
env: env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true") TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
- name: Check errors in ossec.log
run: ./.github/multi-node-log-check.sh
- name: Check filebeat output - name: Check filebeat output
run: ./.github/multi-node-filebeat-check.sh run: ./.github/multi-node-filebeat-check.sh
@@ -310,3 +323,6 @@ jobs:
echo "Wazuh dashboard status: ${status}" echo "Wazuh dashboard status: ${status}"
exit 1 exit 1
fi fi
- name: Check errors in ossec.log
run: ./.github/multi-node-log-check.sh

2
build-docker-images/build-images.sh
View File

@@ -1,7 +1,7 @@
WAZUH_IMAGE_VERSION=4.8.2 WAZUH_IMAGE_VERSION=4.8.2
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
WAZUH_TAG_REVISION=1 WAZUH_TAG_REVISION=1
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
IMAGE_VERSION=${WAZUH_IMAGE_VERSION} IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
# Wazuh package generator # Wazuh package generator

12
build-docker-images/wazuh-dashboard/Dockerfile
View File

@@ -1,5 +1,5 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM amazonlinux:2023.3.20240219.0 AS builder FROM amazonlinux:2023.3.20240304.0 AS builder
ARG WAZUH_VERSION ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION ARG WAZUH_TAG_REVISION
@@ -28,12 +28,12 @@ RUN bash /install_wazuh_app.sh
# Copy and set permissions to config files # Copy and set permissions to config files
COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/ COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
# Create and set permissions to data directories # Create and set permissions to data directories
RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
################################################################################ ################################################################################
# Build stage 1 (the current Wazuh dashboard image): # Build stage 1 (the current Wazuh dashboard image):
@@ -42,7 +42,7 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/
# Add entrypoint # Add entrypoint
# Add wazuh_app_config # Add wazuh_app_config
################################################################################ ################################################################################
FROM amazonlinux:2023.3.20240219.0 FROM amazonlinux:2023.3.20240304.0
# Set environment variables # Set environment variables
ENV USER="wazuh-dashboard" \ ENV USER="wazuh-dashboard" \

4
build-docker-images/wazuh-indexer/Dockerfile
View File

@@ -1,5 +1,5 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM amazonlinux:2023.3.20240219.0 AS builder FROM amazonlinux:2023.3.20240304.0 AS builder
ARG WAZUH_VERSION ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION ARG WAZUH_TAG_REVISION
@@ -29,7 +29,7 @@ RUN bash config.sh
# Add entrypoint # Add entrypoint
################################################################################ ################################################################################
FROM amazonlinux:2023.3.20240219.0 FROM amazonlinux:2023.3.20240304.0
ENV USER="wazuh-indexer" \ ENV USER="wazuh-indexer" \
GROUP="wazuh-indexer" \ GROUP="wazuh-indexer" \

2
build-docker-images/wazuh-manager/Dockerfile
View File

@@ -1,5 +1,5 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM amazonlinux:2023.3.20240219.0 FROM amazonlinux:2023.3.20240304.0
RUN rm /bin/sh && ln -s /bin/bash /bin/sh RUN rm /bin/sh && ln -s /bin/bash /bin/sh

2
build-docker-images/wazuh-manager/config/check_repository.sh
View File

@@ -2,7 +2,7 @@
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1" REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-) WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1) MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2) MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3) MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)

2
build-docker-images/wazuh-manager/config/permanent_data.env
View File

@@ -79,12 +79,14 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_proc
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
export PERMANENT_DATA_EXCP export PERMANENT_DATA_EXCP
# Files mounted in a volume that should be deleted # Files mounted in a volume that should be deleted

11
indexer-certs-creator/config/entrypoint.sh
View File

@@ -38,7 +38,7 @@ chmod 700 /$CERT_TOOL
## Execute cert tool and parsin cert.yml to set UID permissions ## Execute cert tool and parsin cert.yml to set UID permissions
source /$CERT_TOOL -A source /$CERT_TOOL -A
nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' ) nodes_server=$( cert_parseYaml /config.yml | grep -E "nodes[_]+server[_]+[0-9]+=" | sed -e 's/nodes__server__[0-9]=//' | sed 's/"//g' )
node_names=($nodes_server) node_names=($nodes_server)
echo "Moving created certificates to the destination directory" echo "Moving created certificates to the destination directory"
@@ -51,11 +51,12 @@ chown 1000:1000 /certificates/*
echo "Setting UID for wazuh manager and worker" echo "Setting UID for wazuh manager and worker"
cp /certificates/root-ca.pem /certificates/root-ca-manager.pem cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
cp /certificates/root-ca.key /certificates/root-ca-manager.key cp /certificates/root-ca.key /certificates/root-ca-manager.key
chown 101:101 /certificates/root-ca-manager.pem chown 999:999 /certificates/root-ca-manager.pem
chown 101:101 /certificates/root-ca-manager.key chown 999:999 /certificates/root-ca-manager.key
for i in ${node_names[@]}; for i in ${node_names[@]};
do do
chown 101:101 "/certificates/${i}.pem" chown 999:999 "/certificates/${i}.pem"
chown 101:101 "/certificates/${i}-key.pem" chown 999:999 "/certificates/${i}-key.pem"
done done

5
multi-node/config/wazuh_cluster/wazuh_manager.conf
View File

@@ -307,9 +307,4 @@
<location>/var/ossec/logs/active-responses.log</location> <location>/var/ossec/logs/active-responses.log</location>
</localfile> </localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</ossec_config> </ossec_config>

5
multi-node/config/wazuh_cluster/wazuh_worker.conf
View File

@@ -307,9 +307,4 @@
<location>/var/ossec/logs/active-responses.log</location> <location>/var/ossec/logs/active-responses.log</location>
</localfile> </localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</ossec_config> </ossec_config>

2
multi-node/generate-indexer-certs.yml
View File

@@ -3,7 +3,7 @@ version: '3'
services: services:
generator: generator:
image: wazuh/wazuh-certs-generator:0.0.1 image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator hostname: wazuh-certs-generator
volumes: volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/wazuh_indexer_ssl_certs/:/certificates/

2
single-node/generate-indexer-certs.yml
View File

@@ -3,7 +3,7 @@ version: '3'
services: services:
generator: generator:
image: wazuh/wazuh-certs-generator:0.0.1 image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator hostname: wazuh-certs-generator
volumes: volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/wazuh_indexer_ssl_certs/:/certificates/