paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-01 20:43:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes in Dockerfiles and entrypoints

Browse Source
This commit is contained in:
vcerenu
2022-01-21 15:28:56 -03:00
parent 4435658edf
commit b7b87cb06e
11 changed files with 41 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docker-compose.yml
View File

@@ -41,7 +41,6 @@ services:
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- JAVA_HOME=/usr/share/wazuh-indexer/jdk/bin
ulimits:
memlock:
soft: -1
@@ -55,13 +54,12 @@ services:
hostname: kibana
restart: always
ports:
- 443:5601
- 5601:5601
- 443:443
environment:
- ELASTICSEARCH_USERNAME=admin
- ELASTICSEARCH_PASSWORD=admin
- SERVER_SSL_ENABLED=true
- SERVER_SSL_CERTIFICATE=/etc/wazuh-dashboard/config/opendistroforelasticsearch.example.org.cert
- SERVER_SSL_KEY=/etc/wazuh-dashboard/config/opendistroforelasticsearch.example.org.key
- SERVER_SSL_ENABLED=false
depends_on:
- elasticsearch

36
production-cluster.yml
View File

@@ -82,14 +82,14 @@ services:
soft: 65536
hard: 65536
volumes:
- elastic-data-1:/usr/share/elasticsearch/data
- ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
- ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
- ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
- ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
- ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
- ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
- elastic-data-1:/var/lib/wazuh-indexer
- ./production_cluster/ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
- ./production_cluster/ssl_certs/node1.key:/etc/wazuh-indexer/certs/node1.key
- ./production_cluster/ssl_certs/node1.pem:/etc/wazuh-indexer/certs/node1.pem
- ./production_cluster/ssl_certs/admin.pem:/etc/wazuh-indexer/certs/admin.pem
- ./production_cluster/ssl_certs/admin.key:/etc/wazuh-indexer/certs/admin.key
- ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/etc/wazuh-indexer/opensearch.yml
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
elasticsearch-2:
image: amazon/opendistro-for-elasticsearch:1.13.2
@@ -105,11 +105,11 @@ services:
soft: 65536
hard: 65536
volumes:
- elastic-data-2:/usr/share/elasticsearch/data
- ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
- ./production_cluster/ssl_certs/node2.key:/usr/share/elasticsearch/config/node2.key
- ./production_cluster/ssl_certs/node2.pem:/usr/share/elasticsearch/config/node2.pem
- ./production_cluster/elastic_opendistro/elasticsearch-node2.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- elastic-data-2:/var/lib/wazuh-indexer
- ./production_cluster/ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
- ./production_cluster/ssl_certs/node2.key:/etc/wazuh-indexer/certs/node2.key
- ./production_cluster/ssl_certs/node2.pem:/etc/wazuh-indexer/certs/node2.pem
- ./production_cluster/elastic_opendistro/elasticsearch-node2.yml:/etc/wazuh-indexer/elasticsearch.yml
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
elasticsearch-3:
@@ -126,11 +126,11 @@ services:
soft: 65536
hard: 65536
volumes:
- elastic-data-3:/usr/share/elasticsearch/data
- ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
- ./production_cluster/ssl_certs/node3.key:/usr/share/elasticsearch/config/node3.key
- ./production_cluster/ssl_certs/node3.pem:/usr/share/elasticsearch/config/node3.pem
- ./production_cluster/elastic_opendistro/elasticsearch-node3.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- elastic-data-3:/var/lib/wazuh-indexer
- ./production_cluster/ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem
- ./production_cluster/ssl_certs/node3.key:/etc/wazuh-indexer/certs/node3.key
- ./production_cluster/ssl_certs/node3.pem:/etc/wazuh-indexer/certs/node3.pem
- ./production_cluster/elastic_opendistro/elasticsearch-node3.yml:/etc/wazuh-indexer/elasticsearch.yml
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
kibana:

14
wazuh-dashboard/Dockerfile
View File

@@ -2,24 +2,18 @@
FROM ubuntu:20.04
ARG WAZUH_VERSION=4.3.0-1
ARG TEMPLATE_VERSION="master"
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
# Update and install dependencies
RUN apt-get update && apt install curl libcap2-bin -y
#Download and install Wazuh Dashboard
RUN curl https://s3.amazonaws.com/warehouse.wazuh.com/stack/dashboard/stable/wazuh-dashboard_${WAZUH_VERSION}_amd64.deb --output wazuh-dashboard_${WAZUH_VERSION}_amd64.deb && \
dpkg -i wazuh-dashboard_${WAZUH_VERSION}_amd64.deb
# Prepare permanent data
# Sync calls are due to https://github.com/docker/docker/issues/9547
dpkg -i wazuh-dashboard_${WAZUH_VERSION}_amd64.deb && \
apt-get clean -y && rm -rf wazuh-dashboard_${WAZUH_VERSION}_amd64.deb
COPY config/entrypoint.sh /
COPY config/wazuh_app_config.sh /
RUN chmod 700 /entrypoint.sh
RUN chmod 700 /wazuh_app_config.sh
# Services ports
EXPOSE 5601

11
wazuh-dashboard/config/entrypoint.sh
View File

@@ -1,11 +1,14 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
set -e
##############################################################################
# Start Wazuh dashboard
##############################################################################
#sed -i 's/localhost:9700/elasticsearch:9200/' /etc/wazuh-dashboard/wazuh-dashboard.yml
sed -i 's/localhost:9700/elasticsearch:9700/' /etc/wazuh-dashboard/wazuh-dashboard.yml
service wazuh-dashboard start
while true; do sleep 1000; done
sleep 20
tail -f /var/log/wazuh-dashboard/wazuh-dashboard.log

59
wazuh-dashboard/config/entrypoint_prueba.sh
View File

@@ -1,59 +0,0 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
set -e
##############################################################################
# Waiting for indexer
##############################################################################
if [ "x${ELASTICSEARCH_URL}" == "x" ]; then
if [[ ${ENABLED_SECURITY} == "false" ]]; then
export el_url="http://elasticsearch:9200"
else
export el_url="https://elasticsearch:9200"
fi
else
export el_url="${ELASTICSEARCH_URL}"
fi
if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" == "x" || "x${ELASTICSEARCH_PASSWORD}" == "x" ]]; then
auth=""
# remove security plugin from kibana if elasticsearch is not using it either
/usr/share/kibana/bin/kibana-plugin remove opendistro_security
else
export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k"
fi
until curl -XGET $el_url ${auth}; do
>&2 echo "Elastic is unavailable - sleeping"
sleep 5
done
sleep 2
>&2 echo "Elasticsearch is up."
##############################################################################
# Waiting for wazuh alerts template
##############################################################################
strlen=0
while [[ $strlen -eq 0 ]]
do
template=$(curl ${auth} $el_url/_cat/templates/wazuh -s)
strlen=${#template}
>&2 echo "Wazuh alerts template not loaded - sleeping."
sleep 2
done
chown wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs/*
sleep 5
./wazuh_app_config.sh
while true; do sleep 1000; done

14
wazuh-dashboard/config/wazuh-dashboard.yml
View File

@@ -1,14 +0,0 @@
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://localhost:9700
opensearch.ssl.verificationMode: certificate
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log"

64
wazuh-dashboard/config/wazuh_app_config.sh
View File

@@ -1,64 +0,0 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
wazuh_url="${WAZUH_API_URL:-https://wazuh}"
wazuh_port="${API_PORT:-55000}"
api_username="${API_USERNAME:-wazuh-wui}"
api_password="${API_PASSWORD:-wazuh-wui}"
kibana_config_file="/etc/wazuh-dashboard/wazuh-dashboard.yml"
sed 's/9700/9200/' /etc/wazuh-dashboard/wazuh-dashboard.yml
declare -A CONFIG_MAP=(
[pattern]=$PATTERN
[checks.pattern]=$CHECKS_PATTERN
[checks.template]=$CHECKS_TEMPLATE
[checks.api]=$CHECKS_API
[checks.setup]=$CHECKS_SETUP
[extensions.pci]=$EXTENSIONS_PCI
[extensions.gdpr]=$EXTENSIONS_GDPR
[extensions.hipaa]=$EXTENSIONS_HIPAA
[extensions.nist]=$EXTENSIONS_NIST
[extensions.tsc]=$EXTENSIONS_TSC
[extensions.audit]=$EXTENSIONS_AUDIT
[extensions.oscap]=$EXTENSIONS_OSCAP
[extensions.ciscat]=$EXTENSIONS_CISCAT
[extensions.aws]=$EXTENSIONS_AWS
[extensions.gcp]=$EXTENSIONS_GCP
[extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
[extensions.osquery]=$EXTENSIONS_OSQUERY
[extensions.docker]=$EXTENSIONS_DOCKER
[timeout]=$APP_TIMEOUT
[api.selector]=$API_SELECTOR
[ip.selector]=$IP_SELECTOR
[ip.ignore]=$IP_IGNORE
[wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
[wazuh.monitoring.creation]=$WAZUH_MONITORING_CREATION
[wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
[wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
[wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
[admin]=$ADMIN_PRIVILEGES
)
for i in "${!CONFIG_MAP[@]}"
do
if [ "${CONFIG_MAP[$i]}" != "" ]; then
sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
fi
done
CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
if [[ "x$CONFIG_CODE" != "x200" ]] && ! grep -q 1513629884013 $kibana_config_file ; then
cat << EOF >> $kibana_config_file
hosts:
- 1513629884013:
url: $wazuh_url
port: $wazuh_port
username: $api_username
password: $api_password
EOF
else
echo "Wazuh APP already configured"
fi

10
wazuh-indexer/Dockerfile_centos
View File

@@ -1,19 +1,17 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM centos:8
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_VERSION=4.3.0-1
ARG TEMPLATE_VERSION="master"
ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
USER root
# Update and install dependecies
RUN yum install initscripts -y
# Set repositories.
#Download and install Wazuh indexer
RUN curl https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/wazuh-indexer-${WAZUH_VERSION}.x86_64.rpm --output wazuh-indexer-${WAZUH_VERSION}.x86_64.rpm && \
rpm -i wazuh-indexer-${WAZUH_VERSION}.x86_64.rpm
rpm -i wazuh-indexer-${WAZUH_VERSION}.x86_64.rpm && \
yum clean all && rm -rf /var/cache/yum && rm -rf wazuh-indexer-${WAZUH_VERSION}.x86_64.rpm
COPY config/entrypoint.sh /

7
wazuh-indexer/Dockerfile_ubuntu
View File

@@ -2,19 +2,12 @@
FROM ubuntu:20.04
ARG WAZUH_VERSION=4.3.0-1
ARG TEMPLATE_VERSION="master"
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
RUN apt-get update && apt install curl -y
RUN curl https://s3.amazonaws.com/warehouse.wazuh.com/stack/indexer/stable/wazuh-indexer_${WAZUH_VERSION}_amd64.deb --output wazuh-indexer_${WAZUH_VERSION}_amd64.deb && \
dpkg -i wazuh-indexer_${WAZUH_VERSION}_amd64.deb
# Prepare permanent data
# Sync calls are due to https://github.com/docker/docker/issues/9547
COPY config/entrypoint.sh /
RUN chmod 700 /entrypoint.sh

10
wazuh-indexer/config/entrypoint.sh
View File

@@ -5,10 +5,10 @@
# Start Wazuh indexer
##############################################################################
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/bin
#/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem
service wazuh-indexer start
while true; do sleep 1000; done
sleep 20
export JAVA_HOME=/usr/share/wazuh-indexer/jdk/ && bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem -p 9800 -icl
tail -f /var/log/wazuh-indexer/wazuh-cluster.log

103
wazuh-indexer/config/entrypoint_odfe.sh
View File

@@ -1,103 +0,0 @@
#!/bin/bash
set -e
# Files created by OpenDistroForElasticsearch should always be group writable too
umask 0002
run_as_other_user_if_needed() {
if [[ "$(id -u)" == "0" ]]; then
# If running as root, drop to specified UID and run command
exec chroot --userspec=1000 / "${@}"
else
# Either we are running in Openshift with random uid and are a member of the root group
# or with a custom --user
exec "${@}"
fi
}
# Allow user specify custom CMD, maybe bin/elasticsearch itself
# for example to directly specify `-E` style parameters for elasticsearch on k8s
# or simply to run /bin/bash to check the image
if [[ "$1" != "eswrapper" ]]; then
if [[ "$(id -u)" == "0" && $(basename "$1") == "elasticsearch" ]]; then
# centos:7 chroot doesn't have the `--skip-chdir` option and
# changes our CWD.
# Rewrite CMD args to replace $1 with `elasticsearch` explicitly,
# so that we are backwards compatible with the docs
# from the previous Elasticsearch versions<6
# and configuration option D:
# https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html#_d_override_the_image_8217_s_default_ulink_url_https_docs_docker_com_engine_reference_run_cmd_default_command_or_options_cmd_ulink
# Without this, user could specify `elasticsearch -E x.y=z` but
# `bin/elasticsearch -E x.y=z` would not work.
set -- "elasticsearch" "${@:2}"
# Use chroot to switch to UID 1000
exec chroot --userspec=1000 / "$@"
else
# User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
exec "$@"
fi
fi
# Parse Docker env vars to customize Elasticsearch
#
# e.g. Setting the env var cluster.name=testcluster
#
# will cause Elasticsearch to be invoked with -Ecluster.name=testcluster
#
# see https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html#_setting_default_settings
declare -a es_opts
while IFS='=' read -r envvar_key envvar_value
do
# Elasticsearch settings need to have at least two dot separated lowercase
# words, e.g. `cluster.name`, except for `processors` which we handle
# specially
if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
if [[ ! -z $envvar_value ]]; then
es_opt="-E${envvar_key}=${envvar_value}"
es_opts+=("${es_opt}")
fi
fi
done < <(env)
# The virtual file /proc/self/cgroup should list the current cgroup
# membership. For each hierarchy, you can follow the cgroup path from
# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
# introspect the statistics for the cgroup for the given
# hierarchy. Alas, Docker breaks this by mounting the container
# statistics at the root while leaving the cgroup paths as the actual
# paths. Therefore, Elasticsearch provides a mechanism to override
# reading the cgroup path from /proc/self/cgroup and instead uses the
# cgroup path defined the JVM system property
# es.cgroups.hierarchy.override. Therefore, we set this value here so
# that cgroup statistics are available for the container this process
# will run in.
export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS"
if [[ "$(id -u)" == "0" ]]; then
# If requested and running as root, mutate the ownership of bind-mounts
if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
chown -R 1000:0 /usr/share/elasticsearch/{data,logs}
fi
fi
if [[ -d "/usr/share/elasticsearch/plugins/opendistro_security" && "$DISABLE_INSTALL_DEMO_CONFIG" != "true" ]]; then
# Install Demo certifactes for Security Plugin and update the elasticsearch.yml
# file to use those certificates.
/usr/share/elasticsearch/plugins/opendistro_security/tools/install_demo_configuration.sh -y -i -s
fi
if [[ -d "/usr/share/elasticsearch/plugins/opendistro-performance-analyzer" ]]; then
CLK_TCK=`/usr/bin/getconf CLK_TCK`
ES_JAVA_OPTS="-Dclk.tck=$CLK_TCK -Djdk.attach.allowAttachSelf=true $ES_JAVA_OPTS"
if [[ -d "/usr/share/elasticsearch/performance-analyzer-rca" ]]; then
ES_JAVA_OPTS="-Djava.security.policy=file:///usr/share/elasticsearch/performance-analyzer-rca/pa_config/es_security.policy $ES_JAVA_OPTS"
/usr/bin/supervisord -c /usr/share/elasticsearch/performance-analyzer-rca/pa_config/supervisord.conf
else
ES_JAVA_OPTS="-Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro-performance-analyzer/pa_config/es_security.policy $ES_JAVA_OPTS"
/usr/bin/supervisord -c /usr/share/elasticsearch/plugins/opendistro-performance-analyzer/pa_config/supervisord.conf
fi
fi
run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch "${es_opts[@]}"