Static versions for wazuh-manager and wazuh-api

Merge pull request #42 from coveord/feature-wazuh-config-mount-point
Add a mount point for custom Wazuh configuration files
2025-11-01 12:33:44 +00:00 · 2018-03-21 14:08:31 -05:00 · 2018-03-13 17:25:31 -05:00 · 2018-03-09 16:56:50 -05:00 · 2018-03-01 10:55:34 +01:00 · 2018-02-27 16:37:03 +01:00
7 changed files with 83 additions and 27 deletions
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ In addition, a docker-compose file is provided to launch the containers mentione

 ## Current release

-Containers are currently tested on Wazuh version 3.1.0 and Elastic Stack version 6.1.0. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.
+Containers are currently tested on Wazuh version 3.2.0 and Elastic Stack version 6.2.1. We will do our best to keep this repository updated to latest versions of both Wazuh and Elastic Stack.

 ## Installation notes

@@ -27,6 +27,33 @@ To run all docker instances you can just run ``docker-compose up``, from the dir

 Once installed you can browse through the interface at: http://127.0.0.1:5601

+## Mount custom Wazuh configuration files
+
+To mount custom Wazuh configuration files in the Wazuh manager container, mount them in the `/wazuh-config-mount` folder. For example, to mount a custom `ossec.conf` file, mount it in `/wazuh-config-mount/etc/ossec.conf` and the [run.sh](wazuh/config/run.sh) script will copy the file at the right place on boot while respecting the destination file permissions.
+
+Here is an example of a `/wazuh-config-mount` folder used to mount some common custom configuration files:
+```
+root@wazuh-manager:/# tree /wazuh-config-mount/
+/wazuh-config-mount/
+└── etc
+    ├── ossec.conf
+    ├── rules
+    │   └── local_rules.xml
+    └── shared
+        └── default
+            └── agent.conf
+
+4 directories, 3 files
+```
+
+In that case, you will see this in the Wazuh manager logs on boot:
+```
+Identified Wazuh configuration files to mount...
+'/wazuh-config-mount/etc/ossec.conf' -> '/var/ossec/data/etc/ossec.conf'
+'/wazuh-config-mount/etc/rules/local_rules.xml' -> '/var/ossec/data/etc/rules/local_rules.xml'
+'/wazuh-config-mount/etc/shared/default/agent.conf' -> '/var/ossec/data/etc/shared/default/agent.conf'
+```
+
 ## More documentation

 * [Wazuh full documentation](http://documentation.wazuh.com)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,6 +15,8 @@ services:
 #    volumes:
 #      - my-path:/var/ossec/data:Z
 #      - my-path:/etc/postfix:Z
+#      - my-path:/etc/filebeat
+#      - my-custom-config-path/ossec.conf:/wazuh-config-mount/etc/ossec.conf
    depends_on:
      - elasticsearch
  logstash:
@@ -37,7 +39,7 @@ services:
      - LS_HEAP_SIZE=2048m
      - XPACK_MONITORING_ENABLED=false
  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:6.1.2
+    image: docker.elastic.co/elasticsearch/elasticsearch:6.2.1
    hostname: elasticsearch
    restart: always
    ports:
@@ -69,18 +71,16 @@ services:
    restart: always
 #    ports:
 #      - "5601:5601"
+    environment:
+      - "NODE_OPTIONS=--max-old-space-size=3072"
    networks:
-        - docker_elk
+      - docker_elk
    depends_on:
      - elasticsearch
    links:
      - elasticsearch:elasticsearch
      - wazuh
    entrypoint: /wait-for-it.sh elasticsearch
-#    environment:
-#      - http_proxy=yourproxy
-#      - https_proxy=yourproxy
-#      - "WAZUH_KIBANA_PLUGIN_URL=http://your.repo/wazuhapp-3.1.0-6.1.2.zip"
  nginx:
    image: wazuh/wazuh-nginx
    hostname: nginx
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.elastic.co/kibana/kibana:6.1.2
+FROM docker.elastic.co/kibana/kibana:6.2.1

 USER root

@@ -6,4 +6,16 @@ COPY ./config/kibana.yml /usr/share/kibana/config/kibana.yml

 COPY config/wait-for-it.sh /wait-for-it.sh

+ADD https://packages.wazuh.com/wazuhapp/wazuhapp-3.2.0_6.2.1.zip /tmp
+
+ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/kibana/config
+
+ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/wazuh-elastic6-template-monitoring.json /usr/share/kibana/config
+
+ADD https://raw.githubusercontent.com/wazuh/wazuh/3.2/extensions/elasticsearch/alert_sample.json /usr/share/kibana/config
+
+RUN /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-3.2.0_6.2.1.zip
+
+RUN rm -rf /tmp/*
+
 RUN chmod 755 /wait-for-it.sh
--- a/kibana/config/wait-for-it.sh
+++ b/kibana/config/wait-for-it.sh
@@ -5,7 +5,6 @@ set -e
 host="$1"
 shift
 cmd="kibana"
-WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-3.1.0_6.1.2.zip}

 until curl -XGET $host:9200; do
  >&2 echo "Elastic is unavailable - sleeping"
@@ -16,26 +15,18 @@ done

 sleep 5
 #Insert default templates
-curl https://raw.githubusercontent.com/wazuh/wazuh/3.1/extensions/elasticsearch/wazuh-elastic6-template-alerts.json | curl -XPUT 'http://elasticsearch:9200/_template/wazuh' -H 'Content-Type: application/json' -d @-
+cat /usr/share/kibana/config/wazuh-elastic6-template-alerts.json | curl -XPUT 'http://elasticsearch:9200/_template/wazuh' -H 'Content-Type: application/json' -d @-

 sleep 5
 #Insert default templates
-curl https://raw.githubusercontent.com/wazuh/wazuh/3.1/extensions/elasticsearch/wazuh-elastic6-template-monitoring.json | curl -XPUT 'http://elasticsearch:9200/_template/wazuh-agent' -H 'Content-Type: application/json' -d @-
+cat /usr/share/kibana/config/wazuh-elastic6-template-monitoring.json | curl -XPUT 'http://elasticsearch:9200/_template/wazuh-agent' -H 'Content-Type: application/json' -d @-

 #Insert sample alert:
 sleep 5
-curl https://raw.githubusercontent.com/wazuh/wazuh/3.1/extensions/elasticsearch/alert_sample.json | curl -XPUT "http://elasticsearch:9200/wazuh-alerts-3.x-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-
-
-if /usr/share/kibana/bin/kibana-plugin list | grep wazuh; then
-  echo "Wazuh APP already installed"
-else
-  /usr/share/kibana/bin/kibana-plugin install ${WAZUH_KIBANA_PLUGIN_URL}
-fi
-
-sleep 30
+cat /usr/share/kibana/config/alert_sample.json | curl -XPUT "http://elasticsearch:9200/wazuh-alerts-3.x-"`date +%Y.%m.%d`"/wazuh/sample" -H 'Content-Type: application/json' -d @-

+sleep 5
 echo "Setting API credentials into Wazuh APP"
-
 CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET http://$host:9200/.wazuh/wazuh-configuration/1513629884013)
 if [ "x$CONFIG_CODE" = "x404" ]; then
  curl -s -XPOST http://$host:9200/.wazuh/wazuh-configuration/1513629884013 -H 'Content-Type: application/json' -d'
--- a/logstash/Dockerfile
+++ b/logstash/Dockerfile
@@ -1,3 +1,3 @@
-FROM docker.elastic.co/logstash/logstash:6.1.2
+FROM docker.elastic.co/logstash/logstash:6.2.1

 COPY config/logstash.conf /etc/logstash/conf.d/logstash.conf
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -1,5 +1,5 @@
 FROM phusion/baseimage:latest
-ARG FILEBEAT_VERSION=6.1.2
+ARG FILEBEAT_VERSION=6.2.1

 RUN apt-get update; apt-get -y dist-upgrade
 RUN apt-get -y install openssl postfix bsd-mailx curl apt-transport-https lsb-release
@@ -9,7 +9,7 @@ RUN curl --silent --location https://deb.nodesource.com/setup_6.x | bash - &&\
    apt-get install -y nodejs
 RUN curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
 RUN echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
-RUN apt-get update && apt-get -y install wazuh-manager wazuh-api expect
+RUN apt-get update && apt-get -y install wazuh-manager=3.2.0-1 wazuh-api=3.2.0-1 expect

 ADD config/data_dirs.env /data_dirs.env
 ADD config/init.bash /init.bash
@@ -28,6 +28,7 @@ ADD config/run.sh /tmp/run.sh
 RUN chmod 755 /tmp/run.sh

 VOLUME ["/var/ossec/data"]
+VOLUME ["/etc/filebeat"]

 EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp

--- a/wazuh/config/run.sh
+++ b/wazuh/config/run.sh
@@ -12,8 +12,13 @@
 #

 source /data_dirs.env
+
 FIRST_TIME_INSTALLATION=false
-DATA_PATH=/var/ossec/data
+
+WAZUH_INSTALL_PATH=/var/ossec
+DATA_PATH=${WAZUH_INSTALL_PATH}/data
+
+WAZUH_CONFIG_MOUNT=/wazuh-config-mount

 print() {
    echo -e $1
@@ -29,6 +34,9 @@ exec_cmd() {
    eval $1 > /dev/null 2>&1 || error_and_exit "$1"
 }

+exec_cmd_stdout() {
+    eval $1 2>&1 || error_and_exit "$1"
+}

 edit_configuration() { # $1 -> setting,  $2 -> value
    sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)"
@@ -75,11 +83,28 @@ then
  fi
 fi

-#Enabling ossec-authd.
+##############################################################################
+# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect
+# destination files permissions
+#
+# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
+# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
+# replace the ossec.conf file in /var/ossec/data/etc with yours.
+##############################################################################
+if [ -e "$WAZUH_CONFIG_MOUNT" ]
+then
+  print "Identified Wazuh configuration files to mount..."
+
+  exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH"
+else
+  print "No Wazuh configuration files to mount..."
+fi
+
+# Enabling ossec-authd.
 exec_cmd "/var/ossec/bin/ossec-control enable auth"

 function ossec_shutdown(){
-  ${DATA_PATH}/bin/ossec-control stop;
+  ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
 }

 # Trap exit signals and do a proper shutdown
Author	SHA1	Message	Date
Miguelangel Freitas	9a4c409a0a	Static versions for wazuh-manager and wazuh-api	2018-03-21 14:08:31 -05:00
Miguelangel Freitas	57490a50bd	Merge pull request #42 from coveord/feature-wazuh-config-mount-point Add a mount point for custom Wazuh configuration files	2018-03-13 17:25:31 -05:00
Jean-Philippe Lachance	62741c639f	! Fix the "currently supported versions" in the README ! Fix the ossec_shutdown function (/var/ossec/data/bin is not valid) + Add a mount point for custom Wazuh configuration files + Add documentation for that mount point	2018-03-09 16:56:50 -05:00
José Luis Ruiz	043f8f18de	Merge pull request #41 from wazuh/issue-40.1 Issue 40.1	2018-03-01 10:55:34 +01:00
AlfonsoRBJ	ee74f01cba	fix 2 fix VOLUME ["/etc/filebeat"]	2018-02-27 16:37:03 +01:00
AlfonsoRBJ	e685128b51	fix fix "# -my-path:/etc/filebeat	2018-02-27 16:27:27 +01:00
José Luis Ruiz Ruiz	8f40340dda	Update docker to Wazug 3.2.1 Elastic 6.2.1	2018-02-21 00:13:47 +01:00
Miguelangel Freitas	76945a2698	Increase the default Node.js heap memory.	2018-02-09 14:46:30 -05:00
José Luis Ruiz Ruiz	98007ea2f4	Update to Elastic 6.1.3	2018-02-08 16:14:04 +01:00
José Luis Ruiz	b081ff3bc7	Merge pull request #36 from FloThinksPi/master Improved Kibana Image to include all Dependencies	2018-02-08 13:33:04 +01:00
Florian Braun	716667be46	Adoptions and Cleanup for new Dockerfile So i cleaned this up so that the plugin install is gone now as it is done on container image build. Also the image includes the Templates and Sample alerts so i adopted the script to deliver the files via the local files that are included in the container.	2018-02-08 11:22:38 +01:00
Florian Braun	2b3f71aa10	Buildin all dependencies into the Container We Download and install all external dependencys in our container. So no network intreraction will be required by Kibana on launch of the container. This also saves time on launch as the plugin only has to be installed on container build. So with this dockerfile all stuff is in the image and does not need downloads on deploy.	2018-02-08 11:20:48 +01:00
Florian Braun	74dd541bd8	Cleanup Kibana Kibana also does not need the environment for downloading the plugin as it is already installed in the image	2018-02-08 11:18:32 +01:00
Florian Braun	8a051b67b0	Removed Proxy in docker-compose.yml The new Kibana container will be designed to run completely local. no need for proxy anymore	2018-02-08 10:57:35 +01:00