diff --git a/.env b/.env index 188fd0bf..d51cc0c4 100755 --- a/.env +++ b/.env @@ -1,3 +1,3 @@ -WAZUH_VERSION=4.5.4 -WAZUH_IMAGE_VERSION=4.5.4 +WAZUH_VERSION=4.6.0 +WAZUH_IMAGE_VERSION=4.6.0 WAZUH_TAG_REVISION=1 diff --git a/.github/.goss.yaml b/.github/.goss.yaml index 21dc7bdd..c4244c3e 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 4.5.3-1 + - 4.6.0-1 port: tcp:1514: listening: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 25a5c842..01ff107b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Docker v4.6.0 +### Added + +- Update Wazuh to version [4.6.0](https://github.com/wazuh/wazuh/blob/v4.6.0/CHANGELOG.md#v460) + ## Wazuh Docker v4.5.4 ### Added diff --git a/README.md b/README.md index 1dbe1998..4b37474b 100644 --- a/README.md +++ b/README.md @@ -195,6 +195,7 @@ WAZUH_MONITORING_REPLICAS=0 ## | Wazuh version | ODFE | XPACK | |---------------|---------|--------| +| v4.6.0 | | | | v4.5.4 | | | | v4.5.3 | | | | v4.5.2 | | | diff --git a/VERSION b/VERSION index 43be6b29..d6b11e18 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-DOCKER_VERSION="4.5.4" -REVISION="40509" +WAZUH-DOCKER_VERSION="4.6.0" +REVISION="40602" diff --git a/build-docker-images/README.md b/build-docker-images/README.md index 13f1c9bf..a62978ac 100644 --- a/build-docker-images/README.md +++ b/build-docker-images/README.md @@ -9,3 +9,24 @@ $ build-docker-images/build-images.sh ``` This script initializes the environment variables needed to build each of the images. + +The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: + +``` +$ build-docker-images/build-images.sh -v 4.5.2 +``` + +To get all the available script options use the -h or --help option: + +``` +$ build-docker-images/build-images.sh -h + +Usage: build-docker-images/build-images.sh [OPTIONS] + + -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. + -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.2. + -r, --revision [Optional] Package revision. By default 1 + -v, --version [Optional] Set the Wazuh version should be builded. By default, 4.6.0. + -h, --help Show this help. + +``` \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 3a821a4a..f147497a 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,11 +1,140 @@ -WAZUH_IMAGE_VERSION=4.5.4 -WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') -WAZUH_TAG_REVISION=1 -WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') -IMAGE_VERSION=${WAZUH_IMAGE_VERSION} +#!/bin/bash -echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env -echo WAZUH_IMAGE_VERSION=$IMAGE_VERSION >> .env -echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env +# Wazuh package generator +# Copyright (C) 2023, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. -docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache \ No newline at end of file +WAZUH_IMAGE_VERSION="4.6.0" +WAZUH_TAG_REVISION="1" +WAZUH_DEV_STAGE="" +FILEBEAT_MODULE_VERSION="0.2" + +# ----------------------------------------------------------------------------- + +trap ctrl_c INT + +clean() { + exit_code=$1 + + exit ${exit_code} +} + +ctrl_c() { + clean 1 +} + +# ----------------------------------------------------------------------------- + + +build() { + + WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')" + FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}" + WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz" + WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}" + + if [ "${WAZUH_DEV_STAGE}" ];then + FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}" + if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then + echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" + clean 1 + fi + else + if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then + FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}" + elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then + FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}" + else + WAZUH_MASTER_VERSION="$(curl -s https://raw.githubusercontent.com/wazuh/wazuh/master/src/VERSION | sed -e 's/v//g')" + if [ "${FILEBEAT_TEMPLATE_BRANCH}" == "${WAZUH_MASTER_VERSION}" ]; then + FILEBEAT_TEMPLATE_BRANCH="master" + else + echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" + clean 1 + fi + fi + fi + + echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env + echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env + echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env + echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env + echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env + echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env + + docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache + + return 0 +} + +# ----------------------------------------------------------------------------- + +help() { + echo + echo "Usage: $0 [OPTIONS]" + echo + echo " -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default." + echo " -f, --filebeat-module [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}." + echo " -r, --revision [Optional] Package revision. By default ${WAZUH_TAG_REVISION}" + echo " -v, --version [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}." + echo " -h, --help Show this help." + echo + exit $1 +} + +# ----------------------------------------------------------------------------- + +main() { + while [ -n "${1}" ] + do + case "${1}" in + "-h"|"--help") + help 0 + ;; + "-d"|"--dev") + if [ -n "${2}" ]; then + WAZUH_DEV_STAGE="${2}" + shift 2 + else + help 1 + fi + ;; + "-f"|"--filebeat-module") + if [ -n "${2}" ]; then + FILEBEAT_MODULE_VERSION="${2}" + shift 2 + else + help 1 + fi + ;; + "-r"|"--revision") + if [ -n "${2}" ]; then + WAZUH_TAG_REVISION="${2}" + shift 2 + else + help 1 + fi + ;; + "-v"|"--version") + if [ -n "$2" ]; then + WAZUH_IMAGE_VERSION="$2" + shift 2 + else + help 1 + fi + ;; + *) + help 1 + esac + done + + build || clean 1 + + clean 0 +} + +main "$@" diff --git a/build-docker-images/build-images.yml b/build-docker-images/build-images.yml index 52984bf9..90fbb897 100644 --- a/build-docker-images/build-images.yml +++ b/build-docker-images/build-images.yml @@ -8,6 +8,8 @@ services: args: WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} + FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH} + WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE} image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION} hostname: wazuh.manager restart: always @@ -61,6 +63,7 @@ services: args: WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} + WAZUH_UI_REVISION: ${WAZUH_UI_REVISION} image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION} hostname: wazuh.dashboard restart: always diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index 27ca9865..44430b10 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -4,7 +4,7 @@ FROM ubuntu:focal AS builder ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION ARG INSTALL_DIR=/usr/share/wazuh-dashboard -ARG WAZUH_UI_REVISION=1 +ARG WAZUH_UI_REVISION # Update and install dependencies RUN apt-get update && apt install curl libcap2-bin xz-utils -y @@ -66,6 +66,8 @@ ENV PATTERN="" \ EXTENSIONS_CISCAT="" \ EXTENSIONS_AWS="" \ EXTENSIONS_GCP="" \ + EXTENSIONS_GITHUB=""\ + EXTENSIONS_OFFICE=""\ EXTENSIONS_VIRUSTOTAL="" \ EXTENSIONS_OSQUERY="" \ EXTENSIONS_DOCKER="" \ diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 40e6ac67..94719b93 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.5/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.5/ +PACKAGES_URL=https://packages.wazuh.com/4.6/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.6/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh index 2457315a..4773d45d 100644 --- a/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh +++ b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh @@ -25,6 +25,8 @@ declare -A CONFIG_MAP=( [extensions.ciscat]=$EXTENSIONS_CISCAT [extensions.aws]=$EXTENSIONS_AWS [extensions.gcp]=$EXTENSIONS_GCP + [extensions.github]=$EXTENSIONS_GITHUB + [extensions.office]=$EXTENSIONS_OFFICE [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL [extensions.osquery]=$EXTENSIONS_OSQUERY [extensions.docker]=$EXTENSIONS_DOCKER diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 82a7c50d..30f5d1f2 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE} ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.5/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.5/ +PACKAGES_URL=https://packages.wazuh.com/4.6/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.6/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') @@ -133,6 +133,14 @@ cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin- # Delete xms and xmx parameters in jvm.options sed '/-Xms/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options sed '/-Xmx/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options +sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' ${TARGET_DIR}${CONFIG_DIR}/jvm.options + chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs -chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/* \ No newline at end of file +chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/* + +find ${TARGET_DIR} -type d -exec chmod 750 {} \; +find ${TARGET_DIR} -type f -perm 644 -exec chmod 640 {} \; +find ${TARGET_DIR} -type f -perm 664 -exec chmod 660 {} \; +find ${TARGET_DIR} -type f -perm 755 -exec chmod 750 {} \; +find ${TARGET_DIR} -type f -perm 744 -exec chmod 740 {} \; diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile index d0e59189..878a07a2 100644 --- a/build-docker-images/wazuh-manager/Dockerfile +++ b/build-docker-images/wazuh-manager/Dockerfile @@ -5,10 +5,10 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION -ARG TEMPLATE_VERSION=4.5 +ARG FILEBEAT_TEMPLATE_BRANCH ARG FILEBEAT_CHANNEL=filebeat-oss ARG FILEBEAT_VERSION=7.10.2 -ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.2.tar.gz" +ARG WAZUH_FILEBEAT_MODULE RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y @@ -38,7 +38,7 @@ COPY config/filebeat.yml /etc/filebeat/ RUN chmod go-w /etc/filebeat/filebeat.yml -ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat +ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat RUN chmod go-w /etc/filebeat/wazuh-template.json # Prepare permanent data @@ -52,4 +52,4 @@ RUN chmod 755 /permanent_data.sh && \ # Services ports EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp -ENTRYPOINT [ "/init" ] \ No newline at end of file +ENTRYPOINT [ "/init" ] diff --git a/build-docker-images/wazuh-manager/config/create_user.py b/build-docker-images/wazuh-manager/config/create_user.py index e2a89325..3bb6bb6c 100644 --- a/build-docker-images/wazuh-manager/config/create_user.py +++ b/build-docker-images/wazuh-manager/config/create_user.py @@ -13,7 +13,7 @@ SPECIAL_CHARS = "@$!%*?&-_" try: - from wazuh.rbac.orm import create_rbac_db + from wazuh.rbac.orm import check_database_integrity from wazuh.security import ( create_user, get_users, @@ -69,7 +69,7 @@ if __name__ == "__main__": username, password = read_user_file() # create RBAC database - create_rbac_db() + check_database_integrity() initial_users = db_users() if username not in initial_users: diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh index 32414bde..8841d2c5 100644 --- a/indexer-certs-creator/config/entrypoint.sh +++ b/indexer-certs-creator/config/entrypoint.sh @@ -8,8 +8,8 @@ ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.5/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.5/ +PACKAGES_URL=https://packages.wazuh.com/4.6/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.6/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/multi-node/config/wazuh_cluster/wazuh_manager.conf b/multi-node/config/wazuh_cluster/wazuh_manager.conf index 75571705..7286218c 100644 --- a/multi-node/config/wazuh_cluster/wazuh_manager.conf +++ b/multi-node/config/wazuh_cluster/wazuh_manager.conf @@ -117,6 +117,7 @@ no buster bullseye + bookworm 1h @@ -163,6 +164,14 @@ 1h + + + no + 8 + 9 + 1h + + yes @@ -366,4 +375,4 @@ /var/log/dpkg.log - \ No newline at end of file + diff --git a/multi-node/config/wazuh_cluster/wazuh_worker.conf b/multi-node/config/wazuh_cluster/wazuh_worker.conf index fc67f55d..8f462263 100644 --- a/multi-node/config/wazuh_cluster/wazuh_worker.conf +++ b/multi-node/config/wazuh_cluster/wazuh_worker.conf @@ -117,6 +117,7 @@ no buster bullseye + bookworm 1h @@ -157,6 +158,14 @@ 1h + + + no + 8 + 9 + 1h + + yes @@ -366,4 +375,4 @@ /var/log/dpkg.log - \ No newline at end of file + diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 8198d7ad..8823fbf8 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:4.5.4 + image: wazuh/wazuh-manager:4.6.0 hostname: wazuh.master restart: always ulimits: @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.5.4 + image: wazuh/wazuh-manager:4.6.0 hostname: wazuh.worker restart: always ulimits: @@ -81,7 +81,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.5.4 + image: wazuh/wazuh-indexer:4.6.0 hostname: wazuh1.indexer restart: always ports: @@ -107,7 +107,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.5.4 + image: wazuh/wazuh-indexer:4.6.0 hostname: wazuh2.indexer restart: always environment: @@ -129,7 +129,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.5.4 + image: wazuh/wazuh-indexer:4.6.0 hostname: wazuh3.indexer restart: always environment: @@ -151,7 +151,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.5.4 + image: wazuh/wazuh-dashboard:4.6.0 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/config/wazuh_cluster/wazuh_manager.conf b/single-node/config/wazuh_cluster/wazuh_manager.conf index bbb35cbb..96dbb367 100644 --- a/single-node/config/wazuh_cluster/wazuh_manager.conf +++ b/single-node/config/wazuh_cluster/wazuh_manager.conf @@ -117,6 +117,7 @@ no buster bullseye + bookworm 1h @@ -157,6 +158,14 @@ 1h + + + no + 8 + 9 + 1h + + yes diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 2e120b58..d55b2868 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:4.5.4 + image: wazuh/wazuh-manager:4.6.0 hostname: wazuh.manager restart: always ulimits: @@ -46,7 +46,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.5.4 + image: wazuh/wazuh-indexer:4.6.0 hostname: wazuh.indexer restart: always ports: @@ -71,7 +71,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.5.4 + image: wazuh/wazuh-dashboard:4.6.0 hostname: wazuh.dashboard restart: always ports: