Dockerfile for wazuh-indexer image

wazuh-indexer/Dockerfile

@@ -0,0 +1,30 @@
+# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+FROM centos:7
+
+ARG FILEBEAT_CHANNEL=filebeat-oss
+ARG FILEBEAT_VERSION=7.10.2
+ARG WAZUH_VERSION=4.3.0-1
+ARG TEMPLATE_VERSION="master"
+ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
+
+USER root
+
+# Set repositories.
+RUN rpm --import https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+
+COPY config/wazuh.repo /etc/yum.repos.d/wazuh.repo
+
+RUN yum --enablerepo=updates clean metadata && \
+  yum upgrade -y && \
+  yum -y install wazuh-indexer -y && \
+  sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \
+  yum clean all && rm -rf /var/cache/yum
+
+COPY config/entrypoint.sh /
+
+RUN chmod 700 /entrypoint.sh
+
+# Services ports
+EXPOSE 9700
+
+ENTRYPOINT [ "/entrypoint.sh" ]

wazuh-indexer/Dockerfile_ubuntu

@@ -0,0 +1,27 @@
+# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+FROM ubuntu:focal
+
+ARG WAZUH_VERSION=4.3.0
+ARG TEMPLATE_VERSION="master"
+ARG FILEBEAT_CHANNEL=filebeat-oss
+ARG FILEBEAT_VERSION=7.10.2
+ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
+
+RUN apt-get update && apt install curl gnupg -y
+
+RUN curl -s https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
+    echo "deb https://packages-dev.wazuh.com/trash/apt/ unstable main" | tee -a /etc/apt/sources.list.d/wazuh.list && \
+    apt-get update && \
+    apt-get install wazuh-indexer
+
+# Prepare permanent data
+# Sync calls are due to https://github.com/docker/docker/issues/9547
+
+RUN chmod 755 /permanent_data.sh && \
+    sync && /permanent_data.sh && \
+    sync && rm /permanent_data.sh
+
+# Services ports
+EXPOSE 9700
+
+ENTRYPOINT [ "/init" ]

wazuh-indexer/config/entrypoint.sh

@@ -0,0 +1,13 @@
+#!/bin/execlineb -S0
+
+##
+## load default PATH (the same that Docker includes if not provided) if it doesn't exist,
+## then go ahead with stage1.
+## this was motivated due to this issue:
+## - https://github.com/just-containers/s6-overlay/issues/108
+##
+
+
+/bin/importas -D /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PATH PATH
+export PATH ${PATH}
+/etc/s6/init/init-stage1 $@

wazuh-indexer/config/entrypoint_odfe.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+set -e
+
+# Files created by OpenDistroForElasticsearch should always be group writable too
+umask 0002
+
+run_as_other_user_if_needed() {
+    if [[ "$(id -u)" == "0" ]]; then
+        # If running as root, drop to specified UID and run command
+        exec chroot --userspec=1000 / "${@}"
+    else
+        # Either we are running in Openshift with random uid and are a member of the root group
+        # or with a custom --user
+        exec "${@}"
+    fi
+}
+
+# Allow user specify custom CMD, maybe bin/elasticsearch itself
+# for example to directly specify `-E` style parameters for elasticsearch on k8s
+# or simply to run /bin/bash to check the image
+if [[ "$1" != "eswrapper" ]]; then
+    if [[ "$(id -u)" == "0" && $(basename "$1") == "elasticsearch" ]]; then
+        # centos:7 chroot doesn't have the `--skip-chdir` option and
+        # changes our CWD.
+        # Rewrite CMD args to replace $1 with `elasticsearch` explicitly,
+        # so that we are backwards compatible with the docs
+        # from the previous Elasticsearch versions<6
+        # and configuration option D:
+        # https://www.elastic.co/guide/en/elasticsearch/reference/5.6/docker.html#_d_override_the_image_8217_s_default_ulink_url_https_docs_docker_com_engine_reference_run_cmd_default_command_or_options_cmd_ulink
+        # Without this, user could specify `elasticsearch -E x.y=z` but
+        # `bin/elasticsearch -E x.y=z` would not work.
+        set -- "elasticsearch" "${@:2}"
+        # Use chroot to switch to UID 1000
+        exec chroot --userspec=1000 / "$@"
+    else
+        # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
+        exec "$@"
+    fi
+fi
+
+# Parse Docker env vars to customize Elasticsearch
+#
+# e.g. Setting the env var cluster.name=testcluster
+#
+# will cause Elasticsearch to be invoked with -Ecluster.name=testcluster
+#
+# see https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html#_setting_default_settings
+
+declare -a es_opts
+
+while IFS='=' read -r envvar_key envvar_value
+do
+    # Elasticsearch settings need to have at least two dot separated lowercase
+    # words, e.g. `cluster.name`, except for `processors` which we handle
+    # specially
+    if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
+        if [[ ! -z $envvar_value ]]; then
+          es_opt="-E${envvar_key}=${envvar_value}"
+          es_opts+=("${es_opt}")
+        fi
+    fi
+done < <(env)
+
+# The virtual file /proc/self/cgroup should list the current cgroup
+# membership. For each hierarchy, you can follow the cgroup path from
+# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
+# introspect the statistics for the cgroup for the given
+# hierarchy. Alas, Docker breaks this by mounting the container
+# statistics at the root while leaving the cgroup paths as the actual
+# paths. Therefore, Elasticsearch provides a mechanism to override
+# reading the cgroup path from /proc/self/cgroup and instead uses the
+# cgroup path defined the JVM system property
+# es.cgroups.hierarchy.override. Therefore, we set this value here so
+# that cgroup statistics are available for the container this process
+# will run in.
+export ES_JAVA_OPTS="-Des.cgroups.hierarchy.override=/ $ES_JAVA_OPTS"
+
+if [[ "$(id -u)" == "0" ]]; then
+    # If requested and running as root, mutate the ownership of bind-mounts
+    if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
+        chown -R 1000:0 /usr/share/elasticsearch/{data,logs}
+    fi
+fi
+
+if [[ -d "/usr/share/elasticsearch/plugins/opendistro_security" && "$DISABLE_INSTALL_DEMO_CONFIG" != "true" ]]; then
+    # Install Demo certifactes for Security Plugin and update the elasticsearch.yml
+    # file to use those certificates.
+    /usr/share/elasticsearch/plugins/opendistro_security/tools/install_demo_configuration.sh -y -i -s
+fi
+
+if [[ -d "/usr/share/elasticsearch/plugins/opendistro-performance-analyzer" ]]; then
+    CLK_TCK=`/usr/bin/getconf CLK_TCK`
+    ES_JAVA_OPTS="-Dclk.tck=$CLK_TCK -Djdk.attach.allowAttachSelf=true $ES_JAVA_OPTS"
+    if [[ -d "/usr/share/elasticsearch/performance-analyzer-rca" ]]; then
+        ES_JAVA_OPTS="-Djava.security.policy=file:///usr/share/elasticsearch/performance-analyzer-rca/pa_config/es_security.policy $ES_JAVA_OPTS"
+        /usr/bin/supervisord -c /usr/share/elasticsearch/performance-analyzer-rca/pa_config/supervisord.conf
+    else
+        ES_JAVA_OPTS="-Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro-performance-analyzer/pa_config/es_security.policy $ES_JAVA_OPTS"
+        /usr/bin/supervisord -c /usr/share/elasticsearch/plugins/opendistro-performance-analyzer/pa_config/supervisord.conf
+    fi
+fi
+
+run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch "${es_opts[@]}"

wazuh-indexer/config/entrypoint_prueba.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+
+##############################################################################
+# Start Wazuh indexer
+##############################################################################
+
+JAVA_HOME=/usr/share/wazuh-indexer/jdk/bin
+
+/usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /etc/wazuh-indexer/certs/root-ca.pem -cert /etc/wazuh-indexer/certs/admin.pem -key /etc/wazuh-indexer/certs/admin-key.pem
+
+service wazuh-indexer start

wazuh-indexer/config/wazuh.repo

@@ -0,0 +1,7 @@
+[wazuh_repo]
+gpgcheck=1
+gpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
+enabled=1
+name=Wazuh repository
+baseurl=https://packages-dev.wazuh.com/trash/yum/
+protect=1