diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile index 501cd144..24e0260a 100644 --- a/wazuh/Dockerfile +++ b/wazuh/Dockerfile @@ -110,6 +110,7 @@ COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh +COPY config/85-save_wazuh_version.sh /entrypoint-scripts/85-save_wazuh_version.sh RUN chmod 755 /entrypoint.sh && \ chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \ chmod 755 /entrypoint-scripts/01-wazuh.sh && \ @@ -117,7 +118,8 @@ RUN chmod 755 /entrypoint.sh && \ chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \ chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \ chmod 755 /entrypoint-scripts/25-backups.sh && \ - chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh + chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh && \ + chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh # Workaround. # Issues: Wazuh-api diff --git a/wazuh/config/01-wazuh.sh b/wazuh/config/01-wazuh.sh index e70a0bef..74edb42c 100644 --- a/wazuh/config/01-wazuh.sh +++ b/wazuh/config/01-wazuh.sh @@ -32,6 +32,42 @@ exec_cmd_stdout() { } +############################################################################## +# Check_update +# This function considers the following cases: +# - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh +# - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5. +# - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one. +# - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version. +############################################################################## + +check_update() { + if [ -e /var/ossec/etc/ossec-init.conf ] + then + if [ -e /var/ossec/etc/VERSION ] + then + previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2) + echo "Previous version: $previous_version" + current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2) + echo "Current version: $current_version" + if [ $previous_version == $current_version ] + then + echo "Same Wazuh version in the EBS and image" + return 0 + else + echo "Different Wazuh version: Update" + return 1 + fi + else + echo "Previous version prior to 3.11.5: Update" + return 1 + fi + else + echo "First time mounting EBS" + return 0 + fi +} + ############################################################################## # Edit configuration ############################################################################## @@ -90,7 +126,7 @@ apply_exclusion_data() { remove_data_files() { for del_file in "${PERMANENT_DATA_DEL[@]}"; do - if [ -e ${del_file} ] + if [ $(ls ${del_file} 2> /dev/null | wc -l) -ne 0 ] then print "Removing ${del_file}" exec_cmd "rm ${del_file}" @@ -202,14 +238,25 @@ change_api_user_credentials() { ############################################################################## main() { + + # Check Wazuh version in the image and EBS (It returns 1 when updating the environment) + check_update + update=$? + # Mount permanent data (i.e. ossec.conf) mount_permanent_data # Restore files stored in permanent data that are not permanent (i.e. internal_options.conf) apply_exclusion_data - # Remove some files in permanent_data (i.e. .template.db) - remove_data_files + # When updating the environment, remove some files in permanent_data (i.e. .template.db) + if [ $update == 1 ] + then + echo "Removing databases" + remove_data_files + else + echo "Keeping databases" + fi # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist if [ $AUTO_ENROLLMENT_ENABLED == true ] diff --git a/wazuh/config/85-save_wazuh_version.sh b/wazuh/config/85-save_wazuh_version.sh new file mode 100644 index 00000000..2b996d6e --- /dev/null +++ b/wazuh/config/85-save_wazuh_version.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2) + +# Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod. +echo "Adding Wazuh version to /var/ossec/etc/VERSION" +cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION \ No newline at end of file diff --git a/wazuh/config/permanent_data.env b/wazuh/config/permanent_data.env index cfaff220..361a5b0e 100644 --- a/wazuh/config/permanent_data.env +++ b/wazuh/config/permanent_data.env @@ -53,9 +53,17 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial- PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz" export PERMANENT_DATA_EXCP -# Files mounted in a volume that should be deleted +# Files mounted in a volume that should be deleted when updating i=0 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db" +PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/global.db*" +PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.profile.db*" +PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.template.db*" +PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*" +PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db" +PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db" export PERMANENT_DATA_DEL \ No newline at end of file