paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-10-23 06:11:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

delete conf files and configurate entrypoint

Browse Source
This commit is contained in:
vcerenu
2024-04-15 10:11:37 -03:00
parent b62a1d5c94
commit ff6b7fd5eb
8 changed files with 222 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
build-docker-images/wazuh-dashboard/Dockerfile
View File

@@ -26,9 +26,9 @@ RUN chmod 775 /install_wazuh_app.sh
RUN bash /install_wazuh_app.sh RUN bash /install_wazuh_app.sh
# Copy and set permissions to config files # Copy and set permissions to config files
COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/ # RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml
COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml # RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
# Create and set permissions to data directories # Create and set permissions to data directories
RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
@@ -108,6 +108,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
# Set $JAVA_HOME
RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
ENV JAVA_HOME=$INSTALL_DIR/jdk
ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
# Add k-NN lib directory to library loading path variable
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
# Set workdir and user # Set workdir and user
WORKDIR $INSTALL_DIR WORKDIR $INSTALL_DIR
USER wazuh-dashboard USER wazuh-dashboard
@@ -116,3 +125,7 @@ USER wazuh-dashboard
EXPOSE 443 EXPOSE 443
ENTRYPOINT [ "/entrypoint.sh" ] ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["opensearch-dashboards"]

4
build-docker-images/wazuh-dashboard/config/config.sh
View File

@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
mkdir -p ${CONFIG_DIR}/certs mkdir -p ${CONFIG_DIR}/certs
# Copy Wazuh dashboard certs to install config dir # Copy Wazuh dashboard certs to install config dir
cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
chmod -R 500 ${CONFIG_DIR}/certs chmod -R 500 ${CONFIG_DIR}/certs

4
build-docker-images/wazuh-dashboard/config/config.yml
View File

@@ -1,5 +1,5 @@
nodes: nodes:
# Wazuh dashboard server nodes # Wazuh dashboard server nodes
dashboard: dashboard:
- name: demo.dashboard - name: dashboard
ip: demo.dashboard ip: wazuh.dashboard

182
build-docker-images/wazuh-dashboard/config/entrypoint.sh
View File

@@ -17,4 +17,184 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
/wazuh_app_config.sh $WAZUH_UI_REVISION /wazuh_app_config.sh $WAZUH_UI_REVISION
/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
opensearch_dashboards_vars=(
console.enabled
console.proxyConfig
console.proxyFilter
ops.cGroupOverrides.cpuPath
ops.cGroupOverrides.cpuAcctPath
cpu.cgroup.path.override
cpuacct.cgroup.path.override
server.basePath
server.customResponseHeaders
server.compression.enabled
server.compression.referrerWhitelist
server.cors
server.cors.origin
server.defaultRoute
server.host
server.keepAliveTimeout
server.maxPayloadBytes
server.name
server.port
csp.rules
csp.strict
csp.warnLegacyBrowsers
data.search.usageTelemetry.enabled
opensearch.customHeaders
opensearch.hosts
opensearch.logQueries
opensearch.memoryCircuitBreaker.enabled
opensearch.memoryCircuitBreaker.maxPercentage
opensearch.password
opensearch.pingTimeout
opensearch.requestHeadersWhitelist
opensearch.requestHeadersAllowlist
opensearch_security.multitenancy.enabled
opensearch_security.readonly_mode.roles
opensearch.requestTimeout
opensearch.shardTimeout
opensearch.sniffInterval
opensearch.sniffOnConnectionFault
opensearch.sniffOnStart
opensearch.ssl.alwaysPresentCertificate
opensearch.ssl.certificate
opensearch.ssl.certificateAuthorities
opensearch.ssl.key
opensearch.ssl.keyPassphrase
opensearch.ssl.keystore.path
opensearch.ssl.keystore.password
opensearch.ssl.truststore.path
opensearch.ssl.truststore.password
opensearch.ssl.verificationMode
opensearch.username
i18n.locale
interpreter.enableInVisualize
opensearchDashboards.autocompleteTerminateAfter
opensearchDashboards.autocompleteTimeout
opensearchDashboards.defaultAppId
opensearchDashboards.index
logging.dest
logging.json
logging.quiet
logging.rotate.enabled
logging.rotate.everyBytes
logging.rotate.keepFiles
logging.rotate.pollingInterval
logging.rotate.usePolling
logging.silent
logging.useUTC
logging.verbose
map.includeOpenSearchMapsService
map.proxyOpenSearchMapsServiceInMaps
map.regionmap
map.tilemap.options.attribution
map.tilemap.options.maxZoom
map.tilemap.options.minZoom
map.tilemap.options.subdomains
map.tilemap.url
monitoring.cluster_alerts.email_notifications.email_address
monitoring.enabled
monitoring.opensearchDashboards.collection.enabled
monitoring.opensearchDashboards.collection.interval
monitoring.ui.container.opensearch.enabled
monitoring.ui.container.logstash.enabled
monitoring.ui.opensearch.password
monitoring.ui.opensearch.pingTimeout
monitoring.ui.opensearch.hosts
monitoring.ui.opensearch.username
monitoring.ui.opensearch.logFetchCount
monitoring.ui.opensearch.ssl.certificateAuthorities
monitoring.ui.opensearch.ssl.verificationMode
monitoring.ui.enabled
monitoring.ui.max_bucket_size
monitoring.ui.min_interval_seconds
newsfeed.enabled
ops.interval
path.data
pid.file
regionmap
security.showInsecureClusterWarning
server.rewriteBasePath
server.socketTimeout
server.customResponseHeaders
server.ssl.enabled
server.ssl.key
server.ssl.keyPassphrase
server.ssl.keystore.path
server.ssl.keystore.password
server.ssl.truststore.path
server.ssl.truststore.password
server.ssl.cert
server.ssl.certificate
server.ssl.certificateAuthorities
server.ssl.cipherSuites
server.ssl.clientAuthentication
server.ssl.redirectHttpFromPort
server.ssl.supportedProtocols
server.xsrf.disableProtection
server.xsrf.whitelist
status.allowAnonymous
status.v6ApiFormat
tilemap.options.attribution
tilemap.options.maxZoom
tilemap.options.minZoom
tilemap.options.subdomains
tilemap.url
timeline.enabled
vega.enableExternalUrls
apm_oss.apmAgentConfigurationIndex
apm_oss.indexPattern
apm_oss.errorIndices
apm_oss.onboardingIndices
apm_oss.spanIndices
apm_oss.sourcemapIndices
apm_oss.transactionIndices
apm_oss.metricsIndices
telemetry.allowChangingOptInStatus
telemetry.enabled
telemetry.optIn
telemetry.optInStatusUrl
telemetry.sendUsageFrom
vis_builder.enabled
data_source.enabled
data_source.encryption.wrappingKeyName
data_source.encryption.wrappingKeyNamespace
data_source.encryption.wrappingKey
data_source.audit.enabled
data_source.audit.appender.kind
data_source.audit.appender.path
data_source.audit.appender.layout.kind
data_source.audit.appender.layout.highlight
data_source.audit.appender.layout.pattern
ml_commons_dashboards.enabled
assistant.chat.enabled
observability.query_assist.enabled
uiSettings.overrides.defaultRoute
)
function runOpensearchDashboards {
longopts=()
if [ ! -f $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml ]; then
touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
# 'opensearch.hosts' -> 'OPENSEARCH_URL'
env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
# Indirectly lookup env var values via the name of the var.
# REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
value=${!env_var}
if [[ -n $value ]]; then
longopt="--${opensearch_dashboards_var}=${value}"
longopts+=("${longopt}")
echo $longopt | sed 's/--//' >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
cat $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
fi
done
fi
/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml "${longopts[@]}"
}
runOpensearchDashboards

13
build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml
View File

@@ -1,13 +0,0 @@
server.host: 0.0.0.0
server.port: 5601
opensearch.hosts: https://wazuh.indexer:9200
opensearch.ssl.verificationMode: none
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home

20
build-docker-images/wazuh-indexer/Dockerfile
View File

@@ -6,20 +6,10 @@ ARG WAZUH_TAG_REVISION
RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
COPY config/opensearch.yml /
COPY config/config.sh . COPY config/config.sh .
COPY config/config.yml / COPY config/config.yml /
COPY config/action_groups.yml /
COPY config/internal_users.yml /
COPY config/roles_mapping.yml /
COPY config/roles.yml /
RUN bash config.sh RUN bash config.sh
################################################################################ ################################################################################
@@ -36,6 +26,16 @@ ENV USER="wazuh-indexer" \
NAME="wazuh-indexer" \ NAME="wazuh-indexer" \
INSTALL_DIR="/usr/share/wazuh-indexer" INSTALL_DIR="/usr/share/wazuh-indexer"
# Set $JAVA_HOME
RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
ENV JAVA_HOME="$INSTALL_DIR/jdk"
ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
# Add k-NN lib directory to library loading path variable
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
RUN yum install curl-minimal shadow-utils findutils hostname -y RUN yum install curl-minimal shadow-utils findutils hostname -y
RUN getent group $GROUP || groupadd -r -g 1000 $GROUP RUN getent group $GROUP || groupadd -r -g 1000 $GROUP

6
build-docker-images/wazuh-indexer/config/config.sh
View File

@@ -117,12 +117,6 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR}
# Copy the security tools # Copy the security tools
cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/
# Copy Wazuh's config files for the security plugin
cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
# Copy Wazuh indexer's certificates # Copy Wazuh indexer's certificates
cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem
cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem

12
single-node/docker-compose.yml
View File

@@ -84,6 +84,18 @@ services:
- DASHBOARD_PASSWORD=kibanaserver - DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui - API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*- - API_PASSWORD=MyS3cr37P450r.*-
- SERVER_HOST=0.0.0.0
- SERVER_PORT=5601
- OPENSEARCH_HOSTS=https://wazuh.indexer:9200
- OPENSEARCH_SSL_VERIFICATIONMODE=certificate
- OPENSEARCH_REQUESTHEADERSWHITELIST=["securitytenant","Authorization"]
- OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false
- SERVER_SSL_ENABLED=true
- OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"]
- SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
- SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
- SERVER_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
- UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home
volumes: volumes:
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem