diff --git a/elasticsearch/Dockerfile b/elasticsearch/Dockerfile index 70f1faed..4043d11c 100644 --- a/elasticsearch/Dockerfile +++ b/elasticsearch/Dockerfile @@ -61,7 +61,7 @@ COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./ RUN chmod +x ./load_settings.sh -RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-6.8.1.zip +RUN bin/elasticsearch-plugin install --batch https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-6.8.2.zip COPY config/configure_s3.sh ./config/configure_s3.sh RUN chmod 755 ./config/configure_s3.sh diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile index d71f06b4..a595598d 100644 --- a/wazuh/Dockerfile +++ b/wazuh/Dockerfile @@ -3,7 +3,7 @@ FROM phusion/baseimage:latest # Arguments ARG FILEBEAT_VERSION=6.8.1 -ARG WAZUH_VERSION=3.9.3-1 +ARG WAZUH_VERSION=3.9.4-1 # Environment variables ENV API_USER="foo" \ @@ -80,6 +80,7 @@ VOLUME ["/var/ossec/queue"] VOLUME ["/var/ossec/var/multigroups"] VOLUME ["/var/ossec/integrations"] VOLUME ["/var/ossec/active-response/bin"] +VOLUME ["/var/ossec/wodles"] VOLUME ["/etc/filebeat"] VOLUME ["/etc/postfix"] VOLUME ["/var/lib/filebeat"] @@ -102,4 +103,4 @@ COPY --chown=root:ossec config/agents.js /var/ossec/api/controllers/agents.js RUN chmod 770 /var/ossec/api/controllers/agents.js # Run all services -ENTRYPOINT ["/entrypoint.sh"] +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/wazuh/config/01-wazuh.sh b/wazuh/config/01-wazuh.sh index e0f005b0..17ba4b9a 100644 --- a/wazuh/config/01-wazuh.sh +++ b/wazuh/config/01-wazuh.sh @@ -255,13 +255,6 @@ main() { # Delete temporary data folder rm -rf ${WAZUH_INSTALL_PATH}/data_tmp - # Grant proper permissions - # When modifiying some files using the Wazuh API (i.e. /var/ossec/etc/ossec.conf), group rw permissions are needed for changes to take place. - # https://github.com/wazuh/wazuh/issues/3647 - chmod -R g+rw ${WAZUH_INSTALL_PATH} - - # Files inside /var/ossec/integrations should not have write permissions for group and other. - chmod -R 750 "/var/ossec/integrations/" } main diff --git a/wazuh/config/permanent_data.env b/wazuh/config/permanent_data.env index 2ae1126c..fbff407e 100644 --- a/wazuh/config/permanent_data.env +++ b/wazuh/config/permanent_data.env @@ -36,6 +36,22 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/oscap" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/oscap.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/template_oval.xsl" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/template_xccdf.xsl" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-debian-8-oval.xml" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-debian-9-oval.xml" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial-oval.xml" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml" export PERMANENT_DATA_EXCP # Files mounted in a volume that should be deleted