Merge pull request #722 from wazuh/bump-3-13-6

Bump 3.13 to 3.13.6

CHANGELOG.md

@@ -1,23 +1,171 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## Wazuh Docker v3.9.3_7.2.0-oss
+## Wazuh Docker v3.13.6_7.9.2
 
 ### Added
-- Support for OSS Elastic Docker images.
+
+- Update to Wazuh version 3.13.6_7.9.2
+
+## Wazuh Docker v3.13.5_7.9.2
+
+### Added
+
+- Update to Wazuh version 3.13.5_7.9.2
+
+## Wazuh Docker v3.13.4_7.9.2
+
+### Added
+
+- Update to Wazuh version 3.13.4_7.9.2
+
+## Wazuh Docker v3.13.3_7.9.2
+
+### Added
+
+- Update to Wazuh version 3.13.3_7.9.2
+
+## Wazuh Docker v3.13.2_7.9.1
+
+### Added
+
+- Update to Wazuh version 3.13.2_7.9.1
+- Add CLUSTER_NETWORK_HOST environment variable ([@jfut](https://github.com/jfut)) [#372](https://github.com/wazuh/wazuh-docker/pull/372)
+
+### Fixed
+
+- Too many redirects when running on port 80 ([@chowmean](https://github.com/chowmean)) [#377](https://github.com/wazuh/wazuh-docker/pull/377)
+- Move Filebeat installation to build stage ([@xr09](https://github.com/xr09)) [#378](https://github.com/wazuh/wazuh-docker/pull/378)
+
+
+## Wazuh Docker v3.13.1_7.8.0
+
+### Added
+
+- Update to Wazuh version 3.13.1_7.8.0
+
+
+## Wazuh Docker v3.13.0_7.7.1
+
+### Added
+
+- Update to Wazuh version 3.13.3_7.7.1
+
+### Fixed
+
+- Save agentless state ([@xr09](https://github.com/xr09)) [#350](https://github.com/wazuh/wazuh-docker/pull/350)
+- Use HTTP credentials for service check when required ([@xr09](https://github.com/xr09)) [#356](https://github.com/wazuh/wazuh-docker/pull/356)
+
+## Wazuh Docker v3.12.3_7.6.2
+
+### Added
+
+- Update to Wazuh version 3.12.3_7.6.2
+
+
+## Wazuh Docker v3.12.2_7.6.2
+
+### Added
+
+- Update to Wazuh version 3.12.2_7.6.2
+
+## Wazuh Docker v3.12.1_7.6.2
+
+### Added
+
+- Update to Wazuh version 3.12.1_7.6.2
+
+### Fixed
+
+- Agent timestamp not being properly saved ([@xr09](https://github.com/xr09)) [#323](https://github.com/wazuh/wazuh-docker/pull/323)
+
+
+## Wazuh Docker v3.12.0_7.6.1
+
+### Added
+
+- Update to Wazuh version 3.12.0_7.6.1
+
+
+## Wazuh Docker v3.11.4_7.6.1
+
+### Added
+
+- Update to Wazuh version 3.11.4_7.6.1
+
+- Enable HTTP v2 on nginx ([@xr09](https://github.com/xr09)) [#308](https://github.com/wazuh/wazuh-docker/pull/308)
+
+### Fixed
+
+- Updated NGINX config syntax ([@xr09](https://github.com/xr09)) [#303](https://github.com/wazuh/wazuh-docker/pull/303)
+
+
+## Wazuh Docker v3.11.3_7.5.2
+
+### Added
+
+- Update to Wazuh version 3.11.3_7.5.2
+
+## Wazuh Docker v3.11.2_7.5.1
+
+### Added
+
+- Bumped Node.js to version 10 ([@xr09](https://github.com/xr09)) [#8615cd4](https://github.com/wazuh/wazuh-docker/commit/8615cd4d2152601e55becc7c3675360938e74b6a)
+
+### Fixed
+
+- Fix S3 Plugin ([@AnthonySendra](https://github.com/AnthonySendra)) [#293](https://github.com/wazuh/wazuh-docker/pull/293)
+
+## Wazuh Docker v3.11.1_7.5.1
+
+### Added
+
+- Update to Wazuh version 3.11.1_7.5.1
+- Filebeat configuration file updated to latest version ([@manuasir](https://github.com/manuasir)) [#271](https://github.com/wazuh/wazuh-docker/pull/271)
+- Allow using the hostname as node_name for managers ([@JPLachance](https://github.com/JPLachance)) [#261](https://github.com/wazuh/wazuh-docker/pull/261)
+
+## Wazuh Docker v3.11.0_7.5.1
+
+### Added
+
+- Update to Wazuh version 3.11.0_7.5.1
+
+## Wazuh Docker v3.10.2_7.5.0
+
+### Added
+
+- Update to Wazuh version 3.10.2_7.5.0
+
+## Wazuh Docker v3.10.2_7.3.2
+
+### Added
+
+- Update to Wazuh version 3.10.2_7.3.2
+
+## Wazuh Docker v3.10.0_7.3.2
+
+### Added
+
+- Update to Wazuh version 3.10.0_7.3.2
+
+## Wazuh Docker v3.9.5_7.2.1
+
+### Added
+
+- Update to Wazuh version 3.9.5_7.2.1
+
+## Wazuh Docker v3.9.4_7.2.0
+
+### Added
+
+- Update to Wazuh version 3.9.4_7.2.0
+- Implemented Wazuh Filebeat Module ([jm404](https://www.github.com/jm404)) [#2a77c6a](https://github.com/wazuh/wazuh-docker/commit/2a77c6a6e6bf78f2492adeedbade7a507d9974b2)
 
 ## Wazuh Docker v3.9.3_7.2.0
 
 ### Fixed
 - Wazuh-docker reinserts cluster settings after resuming containers ([@manuasir](https://github.com/manuasir)) [#213](https://github.com/wazuh/wazuh-docker/pull/213)
 
-
-## Wazuh Docker v3.9.3_7.1.1-opendistro
-
-### Added
-- Support for Amazon Open Distro Docker images.
-
-
 ## Wazuh Docker v3.9.2_7.1.1
 
 ### Added
@@ -139,7 +287,7 @@ All notable changes to this project will be documented in this file.
 - Add env credentials for nginx. ([#86](https://github.com/wazuh/wazuh-docker/pull/86))
 - Improve filebeat configuration ([#88](https://github.com/wazuh/wazuh-docker/pull/88))
 
-### Fixed 
+### Fixed
 
 - Temporary fix for Wazuh cluster master node in Kubernetes. ([#84](https://github.com/wazuh/wazuh-docker/pull/84))
 

LICENSE

@@ -1,5 +1,5 @@
 
- Portions Copyright (C) 2019 Wazuh, Inc.
+ Portions Copyright (C) 2020 Wazuh, Inc.
  Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.
 
  This program is a free software; you can redistribute it and/or modify

README.md

@@ -10,9 +10,9 @@ In this repository you will find the containers to run:
 * wazuh: It runs the Wazuh manager, Wazuh API and Filebeat (for integration with Elastic Stack)
 * wazuh-kibana: Provides a web user interface to browse through alerts data. It includes Wazuh plugin for Kibana, that allows you to visualize agents configuration and status.
 * wazuh-nginx: Proxies the Kibana container, adding HTTPS (via self-signed SSL certificate) and [Basic authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme).
-* wazuh-elasticsearch: An Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).** 
+* wazuh-elasticsearch: An Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).**
 
-In addition, a docker-compose file is provided to launch the containers mentioned above. 
+In addition, a docker-compose file is provided to launch the containers mentioned above.
 
 * Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
 
@@ -57,7 +57,7 @@ In addition, a docker-compose file is provided to launch the containers mentione
 
 * `stable` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version_ElasticStack.Version` (for example 3.9.3_7.1.1-opendistro) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `Wazuh.Version_ElasticStack.Version` (for example 3.13.1_7.8.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
 
 ## Credits and Thank you
 
@@ -70,7 +70,7 @@ We thank you them and everyone else who has contributed to this project.
 
 ## License and copyright
 
-Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 ## Web references
 

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.9.3_7.1.1"
-REVISION="3930"
+WAZUH-DOCKER_VERSION="3.13.6_7.9.2"
+REVISION="31314"

admin-key.pem

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDGREC7Nwg9esab
-VrKmRL8nlVjrDL38YOfUt+G1sZ+ebmHmLynUMqQ3PHYDUqJoZQW5Jpmlh+V7GSfW
-erKC1C75J1991U/3DsM6aZ+QZXoTwM4XwwRUOU3K/kaanCr8sOEY+NQILxNmeCdc
-XOOCD9nsItkzgK01cTuWpObABVRSwu3hKEIwuGyCkPnfCDM3f/gDSvQtP9+Z6Kf0
-OEF3Le1vO47RrISSOKB3163j3zVFWC0XAmlpEBFfPB8UIi733hPOr+kRl4M/mE2k
-CL1MkJYjj258sjZhuvkCAupImtuWGMuo5ieNkuUFHWACg4gImoaRy4JOP8ye2VDZ
-KKxbTevzAgMBAAECggEBAIV0EaIyk8BWMPMEc3HJWmW5eEWWqRcE32dmcm4LZmaM
-5Ca9Xklv4OsxLjpkV98vCKAs5ETwaT3nm9IZeqjnS8r3fqZDe/TPIgfiar4WIArF
-v7Ns2DAc9kkJyNpu/dxi7tERRB9SGJvjipL4D0dPhh8VAeBR38TWOAbZblyX+b9O
-OOdMNCoCUyBqQ3PTlmK43Np2AeegSkVIUzQmiJfqBGGlchnZbfqJ7ZgkKPtTBGbA
-2RMMLON6OtNQ8pFuOn6qVROTsZgai0a4JfZrzVCFjdAO1ywPk2x4HUuRFKxFF4xv
-zZ7xqLRfVCV/rgpJBPKZr86GUODnUmCjrQNAwL9sB5ECgYEA4ckbqjemdYpEss8k
-3YupgXcZkwgp7WXT3BOmiDyzfhgQ0sBysQhkudHnvWTwXjcd0lDAmdeZ8k553WxJ
-imTsLnTkp8MBWj9YziJQhWAVSSsiqp0DtbcxHbwhtkcfG6enoNs03dhmWkZ5GHRA
-Tx/2n5ljxiiKGDeMkJWomalK1ukCgYEA4MxonRElJ8bo6KjcuTaL11gsUR/HyEh1
-eec1r18ypwfcPyxY6lzkvEonb3r4Jm2n1ZzvsGInA94+GtpNF4UoRixVGXCL6kiN
-7mR3dhG13weRUBZbFV59PdfvNfuQvz5Z5U4NuX2CPeSUKSKYEhfD1dZ7/eoh1eZ3
-e4qq0G09GnsCgYEAsdQ0Xtdf2pmhS/fMQFW8loRYdy5p31lhCKfNdOXiNQD9VxBO
-BNLoilYhoFC85GeirD//wetGi8p1PwkHzuF4B4r3gI4dJZhY+Fmcc7/eY/d+YUQz
-ZM6494NyRd80SBK++vlLZSMIUjfJLpJ5CBjTpJYqOCs7wKEXq9TDqurkT+kCgYEA
-n2u3IPSAwhXJJP5kEiGByMUqIJoGJ55jWYFDzEwZ8uSbKF397K7WNEXuc5vkkfQg
-G1iBjzf8bTzWFFsOYwi2yBU2gKUVRKARr6emJKBot3N5dS91htEMxqf1Z/Yw7797
-JyhUiWBd1iDdhdKXv/UEmAjUw/yf5D7eK0nq24cs1zMCgYEA3GCRpCIyZaG1CXPn
-F9hrYctTQKXm4GUVFSQuyq+cWbM1yyR3Q3dFmekT3HcSzBpLZpye7YNDCTzSLv+y
-refufQFAWK0JaHVRbE8D5/ggCDlo1f4xnJf6C4dM/FZkVyAzYcBfHQe4zYSMzB9D
-Mq1NaY1E8hefYIqKZnNhjI6iWDE=
------END PRIVATE KEY-----

admin.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDETCCAfkCFA5ijfMasAZU95n3dLpkNLnqVfVMMA0GCSqGSIb3DQEBCwUAMEUx
-CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
-cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTkwODA2MTQxMzEzWhcNMTkwOTA1MTQx
-MzEzWjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
-CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAxkRAuzcIPXrGm1aypkS/J5VY6wy9/GDn1LfhtbGfnm5h5i8p
-1DKkNzx2A1KiaGUFuSaZpYflexkn1nqygtQu+SdffdVP9w7DOmmfkGV6E8DOF8ME
-VDlNyv5Gmpwq/LDhGPjUCC8TZngnXFzjgg/Z7CLZM4CtNXE7lqTmwAVUUsLt4ShC
-MLhsgpD53wgzN3/4A0r0LT/fmein9DhBdy3tbzuO0ayEkjigd9et4981RVgtFwJp
-aRARXzwfFCIu994Tzq/pEZeDP5hNpAi9TJCWI49ufLI2Ybr5AgLqSJrblhjLqOYn
-jZLlBR1gAoOICJqGkcuCTj/MntlQ2SisW03r8wIDAQABMA0GCSqGSIb3DQEBCwUA
-A4IBAQCOEDExFNDWXU3uLUuAFEy1GBA93KCl4pqPg16DA7mWN6++ovpwfH0eQSRB
-yQAPwjWApJc0KvvZv3m4FJlPGS7JAmL9TnTaPNRALa6i+t60mdM9myetKHrwfyj2
-HFRNoOE5xAAiBlKD4FE8Vu0WVbaThCquGIVp5ecysNhi5pbMwt7WgXDwr9hvwj9b
-f0FxZVKvTsh31Vu6E/H7MTkKPFxDi2W8FXjk9XipE2FE5fhbq6hjzI501gYytTA6
-JNYbG/XwnKxNMtokJEQDCaUQ1Lsixug+iKKQLJ5w1pHXvyV8qjSG1PUMxGIX68of
-bIlC8XXPq48Fp4RKHapLNoSE6gNN
------END CERTIFICATE-----

custom-elasticsearch.yml

@@ -1,23 +0,0 @@
-network.host: 0.0.0.0
-opendistro_security.ssl.transport.pemcert_filepath: node.pem
-opendistro_security.ssl.transport.pemkey_filepath: node-key.pem
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: true
-opendistro_security.ssl.http.pemcert_filepath: node.pem
-opendistro_security.ssl.http.pemkey_filepath: node-key.pem
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.authcz.admin_dn:
-  - CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA
-opendistro_security.nodes_dn:
-  - 'CN=N,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-node.max_local_storage_nodes: 3
-opendistro_security.audit.config.disabled_rest_categories: NONE
-opendistro_security.audit.config.disabled_transport_categories: NONE
-discovery.type: single-node

docker-compose.yml

@@ -1,34 +1,9 @@
-version: '3'
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+version: '2'
+
 services:
-
-
-  elasticsearch:
-    build: elasticsearch
-    container_name: elasticsearch
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems
-        hard: 65536
-    volumes:
-      - odfe-data1:/usr/share/elasticsearch/data
-      - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./node.pem:/usr/share/elasticsearch/config/node.pem
-      - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem
-      - ./admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem
-      - ./custom-elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-    ports:
-      - 9200:9200
-      - 9600:9600 # required for Performance Analyzer
-    networks:
-      - odfe-net
-
-
   wazuh:
-    image: wazuh/wazuh:3.9.3_7.1.1-opendistro
+    image: wazuh/wazuh:3.13.6_7.9.2
     hostname: wazuh-manager
     restart: always
     ports:
@@ -36,11 +11,26 @@ services:
       - "1515:1515"
       - "514:514/udp"
       - "55000:55000"
-    networks:
-      - odfe-net
+
+  elasticsearch:
+    image: wazuh/wazuh-elasticsearch:3.13.6_7.9.2
+    hostname: elasticsearch
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+      - ELASTIC_CLUSTER=true
+      - CLUSTER_NODE_MASTER=true
+      - CLUSTER_MASTER_NODE_NAME=es01
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    mem_limit: 2g
 
   kibana:
-    build: kibana
+    image: wazuh/wazuh-kibana:3.13.6_7.9.2
     hostname: kibana
     restart: always
     depends_on:
@@ -48,11 +38,18 @@ services:
     links:
       - elasticsearch:elasticsearch
       - wazuh:wazuh
-    networks:
-      - odfe-net
 
-volumes:
-  odfe-data1:
-
-networks:
-  odfe-net:
+  nginx:
+    image: wazuh/wazuh-nginx:3.13.6_7.9.2
+    hostname: nginx
+    restart: always
+    environment:
+      - NGINX_PORT=443
+      - NGINX_CREDENTIALS
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - kibana
+    links:
+      - kibana:kibana

elasticsearch/Dockerfile

@@ -1,21 +1,29 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-ARG ELASTIC_VERSION=7.1.1
-FROM amazon/opendistro-for-elasticsearch:1.1.0
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+ARG ELASTIC_VERSION=7.9.2
+FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
+ARG ELASTIC_VERSION
 ARG S3_PLUGIN_URL="https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-${ELASTIC_VERSION}.zip"
 
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 
+ENV ALERTS_SHARDS="1" \
+    ALERTS_REPLICAS="0"
+
 ENV API_USER="foo" \
     API_PASS="bar"
 
+ENV XPACK_ML="true"
 
 ENV ENABLE_CONFIGURE_S3="false"
 
+ARG TEMPLATE_VERSION=v3.13.6
+
 # Elasticearch cluster configuration environment variables
 # If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
 # CLUSTER_INITIAL_MASTER_NODES set to own node by default.
 ENV ELASTIC_CLUSTER="false" \
     CLUSTER_NAME="wazuh" \
+    CLUSTER_NETWORK_HOST="0.0.0.0" \
     CLUSTER_NODE_MASTER="false" \
     CLUSTER_NODE_DATA="true" \
     CLUSTER_NODE_INGEST="true" \
@@ -28,7 +36,7 @@ ENV ELASTIC_CLUSTER="false" \
     CLUSTER_DELAYED_TIMEOUT="1m" \
     CLUSTER_INITIAL_MASTER_NODES="wazuh-elasticsearch"
 
-COPY config/entrypoint.sh /entrypoint.sh 
+COPY config/entrypoint.sh /entrypoint.sh
 
 RUN chmod 755 /entrypoint.sh
 
@@ -36,10 +44,13 @@ COPY --chown=elasticsearch:elasticsearch ./config/load_settings.sh ./
 
 RUN chmod +x ./load_settings.sh
 
-RUN ${bin/elasticsearch-plugin install --batch S3_PLUGIN_URL}
+RUN bin/elasticsearch-plugin install --batch $S3_PLUGIN_URL
 
 COPY config/configure_s3.sh ./config/configure_s3.sh
 RUN chmod 755 ./config/configure_s3.sh
 
+COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./
+RUN chmod +x ./config_cluster.sh
+
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["elasticsearch"]

elasticsearch/config/config_cluster.sh

@@ -1,13 +1,11 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 
-# Disable the Open distro security plugin
-
 remove_single_node_conf(){
   if grep -Fq "discovery.type" $1; then
-    sed -i '/discovery.type\: /d' $1 
+    sed -i '/discovery.type\: /d' $1
   fi
 }
 
@@ -26,12 +24,12 @@ if [[ $CLUSTER_NODE_MASTER == "true" ]]; then
 # cluster.initial_master_nodes for bootstrap the cluster
 cat > $elastic_config_file << EOF
 # cluster node
-network.host: 0.0.0.0
+network.host: $CLUSTER_NETWORK_HOST
 node.name: $CLUSTER_MASTER_NODE_NAME
 node.master: $CLUSTER_NODE_MASTER
-cluster.initial_master_nodes: 
+cluster.initial_master_nodes:
   - $CLUSTER_MASTER_NODE_NAME
-# end cluster config" 
+# end cluster config"
 EOF
 
 elif [[ $CLUSTER_NODE_NAME != "" ]];then
@@ -41,13 +39,13 @@ remove_cluster_config $elastic_config_file
 
 cat > $elastic_config_file << EOF
 # cluster node
-network.host: 0.0.0.0
+network.host: $CLUSTER_NETWORK_HOST
 node.name: $CLUSTER_NODE_NAME
 node.master: false
-discovery.seed_hosts: 
+discovery.seed_hosts:
   - $CLUSTER_MASTER_NODE_NAME
   - $CLUSTER_NODE_NAME
-# end cluster config" 
+# end cluster config"
 EOF
 fi
 # If the cluster is disabled, then set a single-node configuration
@@ -56,4 +54,4 @@ else
   remove_single_node_conf $elastic_config_file
   remove_cluster_config $elastic_config_file
   echo "discovery.type: single-node" >> $elastic_config_file
-fi
+fi

elasticsearch/config/configure_s3.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -10,7 +10,7 @@ function CheckArgs()
 {
     if [ $1 != 4 ] && [ $1 != 5 ];then
         echo "Use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> (By default <current_elasticsearch_major_version> is added to the path and the repository name)"
-        echo "or use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> <Elasticsearch major version>" 
+        echo "or use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> <Elasticsearch major version>"
         exit 1
 
     fi

elasticsearch/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.0/build/elasticsearch/bin/docker-entrypoint.sh
 
@@ -19,10 +19,34 @@ run_as_other_user_if_needed() {
   fi
 }
 
+
+#Disabling xpack features
+
+elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
+if grep -Fq  "#xpack features" "$elasticsearch_config_file";
+then
+  declare -A CONFIG_MAP=(
+  [xpack.ml.enabled]=$XPACK_ML
+  )
+  for i in "${!CONFIG_MAP[@]}"
+  do
+    if [ "${CONFIG_MAP[$i]}" != "" ]; then
+      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $elasticsearch_config_file
+    fi
+  done
+else
+  echo "
+#xpack features
+xpack.ml.enabled: $XPACK_ML
+ " >> $elasticsearch_config_file
+fi
+
 # Run load settings script.
 
+./config_cluster.sh
+
 ./load_settings.sh &
 
 # Execute elasticsearch
 
-run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch 
+run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch

elasticsearch/config/load_settings.sh

@@ -1,18 +1,18 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
 el_url=${ELASTICSEARCH_URL}
 
-if [ "x${WAZUH_API_URL}" = "x" ]; then
-  wazuh_url="https://wazuh"
+
+if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+  auth=""
 else
-  wazuh_url="${WAZUH_API_URL}"
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 
-
-until curl -XGET $el_url; do
+until curl ${auth} -XGET $el_url; do
   >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done
@@ -24,13 +24,13 @@ if [ $ENABLE_CONFIGURE_S3 ]; then
   sleep 10
   IP_PORT="${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 
-  if [ "x$S3_PATH" != "x" ]; then 
+  if [ "x$S3_PATH" != "x" ]; then
 
-    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then 
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR 
+    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then
+      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR
 
     else
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME 
+      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME
 
     fi
 
@@ -38,44 +38,15 @@ if [ $ENABLE_CONFIGURE_S3 ]; then
 
 fi
 
-#Insert default templates
-
-API_PASS_Q=`echo "$API_PASS" | tr -d '"'`
-API_USER_Q=`echo "$API_USER" | tr -d '"'`
-API_PASSWORD=`echo -n $API_PASS_Q | base64`
-
-echo "Setting API credentials into Wazuh APP"
-CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
-
-if [ "x$CONFIG_CODE" != "x200" ]; then
-  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 -H 'Content-Type: application/json' -d'
-  {
-    "api_user": "'"$API_USER_Q"'",
-    "api_password": "'"$API_PASSWORD"'",
-    "url": "'"$wazuh_url"'",
-    "api_port": "55000",
-    "insecure": "true",
-    "component": "API",
-    "cluster_info": {
-      "manager": "wazuh-manager",
-      "cluster": "Disabled",
-      "status": "disabled"
-    },
-    "extensions": {
-      "oscap": true,
-      "audit": true,
-      "pci": true,
-      "aws": true,
-      "virustotal": true,
-      "gdpr": true,
-      "ciscat": true
-    }
+if [ ${ENABLED_XPACK} = "true" ]; then
+curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
+{
+  "persistent": {
+    "xpack.monitoring.collection.enabled": true
   }
-  ' > /dev/null
-else
-  echo "Wazuh APP already configured"
+}
+'
 fi
-sleep 5
 
 # Set cluster delayed timeout when node falls
 curl -X PUT "$el_url/_all/_settings" -H 'Content-Type: application/json' -d'

kibana/Dockerfile

@@ -1,21 +1,18 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM amazon/opendistro-for-elasticsearch-kibana:1.1.0
-ARG ELASTIC_VERSION=7.1.1
-ARG WAZUH_VERSION=3.9.3
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+FROM docker.elastic.co/kibana/kibana:7.9.2
+USER kibana
+ARG ELASTIC_VERSION=7.9.2
+ARG WAZUH_VERSION=3.13.6
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
+WORKDIR /usr/share/kibana
+RUN ./bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip
+
+WORKDIR /
 USER root
-
-ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
-
-RUN /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip 
-RUN rm -rf /tmp/wazuhapp-${WAZUH_APP_VERSION}.zip
-
 COPY config/entrypoint.sh ./entrypoint.sh
 RUN chmod 755 ./entrypoint.sh
 
-USER kibana
-
 ENV PATTERN="" \
     CHECKS_PATTERN="" \
     CHECKS_TEMPLATE="" \
@@ -36,12 +33,21 @@ ENV PATTERN="" \
     WAZUH_VERSION_REPLICAS="" \
     IP_SELECTOR="" \
     IP_IGNORE="" \
+    XPACK_RBAC_ENABLED="" \
     WAZUH_MONITORING_ENABLED="" \
     WAZUH_MONITORING_FREQUENCY="" \
     WAZUH_MONITORING_SHARDS="" \
     WAZUH_MONITORING_REPLICAS="" \
     ADMIN_PRIVILEGES=""
 
+ARG XPACK_CANVAS="true"
+ARG XPACK_LOGS="true"
+ARG XPACK_INFRA="true"
+ARG XPACK_ML="true"
+ARG XPACK_DEVTOOLS="true"
+ARG XPACK_MONITORING="true"
+ARG XPACK_APM="true"
+
 ARG CHANGE_WELCOME="false"
 
 COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
@@ -52,12 +58,18 @@ COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
 
 RUN chmod +x ./kibana_settings.sh
 
+COPY --chown=kibana:kibana ./config/xpack_config.sh ./
+
+RUN chmod +x ./xpack_config.sh
+
+RUN ./xpack_config.sh
+
 COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
 
 RUN chmod +x ./welcome_wazuh.sh
 
 RUN ./welcome_wazuh.sh
-
-RUN /usr/local/bin/kibana-docker --optimize
+USER kibana
+RUN NODE_OPTIONS="--max-old-space-size=2048" /usr/local/bin/kibana-docker --optimize
 
 ENTRYPOINT ./entrypoint.sh

kibana/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -13,7 +13,13 @@ else
   el_url="${ELASTICSEARCH_URL}"
 fi
 
-until curl -XGET $el_url; do
+if [[ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
+  auth=""
+else
+  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
+fi
+
+until curl -XGET $el_url ${auth}; do
   >&2 echo "Elastic is unavailable - sleeping"
   sleep 5
 done

kibana/config/kibana_settings.sh

@@ -1,12 +1,12 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 WAZUH_MAJOR=3
 
 ##############################################################################
 # Wait for the Kibana API to start. It is necessary to do it in this container
-# because the others are running Elastic Stack and we can not interrupt them. 
-# 
+# because the others are running Elastic Stack and we can not interrupt them.
+#
 # The following actions are performed:
 #
 # Add the wazuh alerts index as default.
@@ -17,12 +17,9 @@ WAZUH_MAJOR=3
 ##############################################################################
 # Customize elasticsearch ip
 ##############################################################################
-sed -i 's|https://localhost:9200|http://elasticsearch:9200|g' /usr/share/kibana/config/kibana.yml
-
 if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
-  sed -i '/elasticsearch.hosts/d' /usr/share/kibana/config/kibana.yml
-  echo "elasticsearch.hosts: $ELASTICSEARCH_KIBANA_IP" >> /usr/share/kibana/config/kibana.yml
-  sed -i 's|https://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
+  sed -i "s:#elasticsearch.hosts:elasticsearch.hosts:g" /usr/share/kibana/config/kibana.yml
+  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
 fi
 
 # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
@@ -33,18 +30,31 @@ if [ "$KIBANA_INDEX" != "" ]; then
     echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
 fi
 
+# If XPACK_SECURITY_ENABLED was set, then change the xpack.security.enabled option from true (default) to false.
+if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
+  if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
+    sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
+  fi
+    echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
+fi
+
 if [ "$KIBANA_IP" != "" ]; then
   kibana_ip="$KIBANA_IP"
 else
   kibana_ip="kibana"
 fi
 
-while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
+# Add auth headers if required
+if [ "$ELASTICSEARCH_USERNAME" != "" ] && [ "$ELASTICSEARCH_PASSWORD" != "" ]; then
+    curl_auth="-u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD"
+fi
+
+while [[ "$(curl $curl_auth -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do
   echo "Waiting for Kibana API. Sleeping 5 seconds"
   sleep 5
 done
 
-# Prepare index selection. 
+# Prepare index selection.
 echo "Kibana API is running"
 
 default_index="/tmp/default_index.json"

kibana/config/wazuh_app_config.sh

@@ -1,7 +1,14 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
-kibana_config_file="/usr/share/kibana/plugins/wazuh/config.yml"
+wazuh_url="${WAZUH_API_URL:-https://wazuh}"
+wazuh_port="${API_PORT:-55000}"
+api_user="${API_USER:-foo}"
+api_password="${API_PASS:-bar}"
+
+kibana_config_file="/usr/share/kibana/optimize/wazuh/config/wazuh.yml"
+mkdir -p /usr/share/kibana/optimize/wazuh/config/
+touch $kibana_config_file
 
 declare -A CONFIG_MAP=(
   [pattern]=$PATTERN
@@ -24,6 +31,7 @@ declare -A CONFIG_MAP=(
   [wazuh-version.replicas]=$WAZUH_VERSION_REPLICAS
   [ip.selector]=$IP_SELECTOR
   [ip.ignore]=$IP_IGNORE
+  [xpack.rbac.enabled]=$XPACK_RBAC_ENABLED
   [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
   [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
   [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
@@ -37,3 +45,24 @@ do
         sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
     fi
 done
+
+# remove default API entry (new in 3.11.0_7.5.1)
+sed -ie '/- default:/,+4d' $kibana_config_file
+
+CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
+
+grep -q 1513629884013 $kibana_config_file
+_config_exists=$?
+
+if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
+cat << EOF > $kibana_config_file
+hosts:
+  - 1513629884013:
+      url: $wazuh_url
+      port: $wazuh_port
+      user: $api_user
+      password: $api_password
+EOF
+else
+  echo "Wazuh APP already configured"
+fi

kibana/config/welcome_wazuh.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 if [[ $CHANGE_WELCOME == "true" ]]
 then
@@ -21,4 +21,3 @@ then
     sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/rollup/public/crud_app/index.js
     sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/license_management/public/management_section.js
 fi
-

kibana/config/xpack_config.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+
+kibana_config_file="/usr/share/kibana/config/kibana.yml"
+if grep -Fq  "#xpack features" "$kibana_config_file";
+then
+  declare -A CONFIG_MAP=(
+    [xpack.apm.ui.enabled]=$XPACK_APM
+    [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
+    [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
+    [xpack.ml.enabled]=$XPACK_ML
+    [xpack.canvas.enabled]=$XPACK_CANVAS
+    [xpack.infra.enabled]=$XPACK_INFRA
+    [monitoring.enabled]=$XPACK_MONITORING
+    [console.enabled]=$XPACK_DEVTOOLS
+  )
+  for i in "${!CONFIG_MAP[@]}"
+  do
+    if [ "${CONFIG_MAP[$i]}" != "" ]; then
+      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
+    fi
+  done
+else
+  echo "
+#xpack features
+xpack.apm.ui.enabled: $XPACK_APM
+xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
+xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
+xpack.ml.enabled: $XPACK_ML
+xpack.canvas.enabled: $XPACK_CANVAS
+xpack.infra.enabled: $XPACK_INFRA
+xpack.monitoring.enabled: $XPACK_MONITORING
+console.enabled: $XPACK_DEVTOOLS
+" >> $kibana_config_file
+fi

nginx/Dockerfile

@@ -0,0 +1,19 @@
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+FROM nginx:latest
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && apt-get install -y openssl apache2-utils
+
+COPY config/entrypoint.sh /entrypoint.sh
+
+RUN chmod 755 /entrypoint.sh
+
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+VOLUME ["/etc/nginx/conf.d"]
+
+ENV NGINX_NAME="foo" \
+    NGINX_PWD="bar"
+
+ENTRYPOINT [ "/entrypoint.sh" ]

nginx/config/entrypoint.sh

@@ -0,0 +1,97 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+
+set -e
+
+# Generating certificates.
+if [ ! -d /etc/nginx/conf.d/ssl ]; then
+  echo "Generating SSL certificates"
+  mkdir -p /etc/nginx/conf.d/ssl/certs /etc/nginx/conf.d/ssl/private
+  openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/conf.d/ssl/private/kibana-access.key -out /etc/nginx/conf.d/ssl/certs/kibana-access.pem >/dev/null
+else
+  echo "SSL certificates already present"
+fi
+
+# Setting users credentials.
+# In order to set NGINX_CREDENTIALS, before "docker-compose up -d" run (a or b):
+#
+# a) export NGINX_CREDENTIALS="user1:pass1;user2:pass2;" or
+#    export NGINX_CREDENTIALS="user1:pass1;user2:pass2"
+#
+# b) Set NGINX_CREDENTIALS in docker-compose.yml:
+#    NGINX_CREDENTIALS=user1:pass1;user2:pass2; or
+#    NGINX_CREDENTIALS=user1:pass1;user2:pass2
+#
+if [ ! -f /etc/nginx/conf.d/kibana.htpasswd ]; then
+  echo "Setting users credentials"
+  if [ ! -z "$NGINX_CREDENTIALS" ]; then
+    IFS=';' read -r -a users <<< "$NGINX_CREDENTIALS"
+    for index in "${!users[@]}"
+    do
+      IFS=':' read -r -a credentials <<< "${users[index]}"
+      if [ $index -eq 0 ]; then
+        htpasswd -b -c /etc/nginx/conf.d/kibana.htpasswd ${credentials[0]} ${credentials[1]} >/dev/null
+      else
+        htpasswd -b /etc/nginx/conf.d/kibana.htpasswd  ${credentials[0]} ${credentials[1]} >/dev/null
+      fi
+    done
+  else
+    # NGINX_PWD and NGINX_NAME are declared in nginx/Dockerfile
+    htpasswd -b -c /etc/nginx/conf.d/kibana.htpasswd $NGINX_NAME $NGINX_PWD >/dev/null
+  fi
+else
+  echo "Kibana credentials already configured"
+fi
+
+if [ "x${NGINX_PORT}" = "x" ]; then
+  NGINX_PORT=443
+fi
+
+if [ "x${KIBANA_HOST}" = "x" ]; then
+  KIBANA_HOST="kibana:5601"
+fi
+
+echo "Configuring NGINX"
+
+
+if [ "${NGINX_PORT}" = "443" ]; then
+cat > /etc/nginx/conf.d/default.conf <<EOF
+server {
+    listen 80;
+    listen [::]:80;
+    return 301 https://\$host\$request_uri;
+}
+
+server {
+    listen ${NGINX_PORT} default_server ssl http2;
+    listen [::]:${NGINX_PORT} ssl http2;
+    ssl_certificate /etc/nginx/conf.d/ssl/certs/kibana-access.pem;
+    ssl_certificate_key /etc/nginx/conf.d/ssl/private/kibana-access.key;
+    location / {
+        auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
+        proxy_pass http://${KIBANA_HOST}/;
+        proxy_buffer_size          128k;
+        proxy_buffers              4 256k;
+        proxy_busy_buffers_size    256k;
+    }
+}
+EOF
+else
+cat > /etc/nginx/conf.d/default.conf <<EOF
+server {
+    listen ${NGINX_PORT};
+    listen [::]:${NGINX_PORT};
+    location / {
+        auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
+        proxy_pass http://${KIBANA_HOST}/;
+        proxy_buffer_size          128k;
+        proxy_buffers              4 256k;
+        proxy_busy_buffers_size    256k;
+    }
+}
+EOF
+fi
+
+exec nginx -g 'daemon off;'

node-key.pem

@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDex0W7QYjrJzc+
-lYGO3ypsAngCFHgCjfnEhh+yNw8DdxayTyBqlvPlBk09JeVU8xF6EjqHy4broAYW
-vZ15YRdeE7aDXJ05IiqCC7XFVz/pdpxZKeovEjlZi4gXtbB+lrcmChL4tQ5I5E1f
-27KsC98fJZ6gRJz+Eede83eDi14Wt4uQJgG6JUosMGM0lBzzY/l37vRSFxeTP8cK
-ex4vwWmgsFmR6AUf/corGm+OGK6ony9SGraZU3EoVUF7zWDhSxsS/pVheFizjpiT
-2NLgbXCWVHozp4AjD3Ghzi3D5DV3Mw85ZTHTbgsxWx6fxygWH40OBOWj6o5454Ef
-GKazJjz7AgMBAAECggEAQt+8vfZxPG28Nqw4hQPWvy+KiM1OLS4jUOwWLbA7cIXa
-KVJ5X6XKtvBKVVW/3t1MXMGGEmd1K9wQl9j5oYsUsafnPM2bYKAx9HHBcei8BcAW
-NOnRI6orzwaEpuFihs2FUwTpJwFqtVTbKTBRFTZHFxl64Y9XNSl4s9cQBEvcxaJp
-/vPBhlYpkupKLSYFmey3fyuX190xYmD5hEbf+fYRCmEv9faLgyAmJCWlo6EjfZGZ
-nQd/WtnzOhshFltkzFAj2EWu+8pIwL+qGdRyc5U5vr0BTvsTOyhlidnaZuNELaPv
-DuVDH0GMGm6/5NyNQs+rWTTERJ3lC0aWsyyfA31l4QKBgQDxkNDMmtOVxqeg+n4h
-nXYAhXdLlgxu7Hg7cxO1juwJS3e/5nAvgQm8Q00PcNrAQwMlY/jcdvf1wSosbbM0
-I1Z2aQ5rriDuyYAxpdUn0PMKFwNEA7F7My2kGl/7HlIFH2twkb3nf9umnb/81VpY
-OigNwv4uLylwcE7S9YHrx/orawKBgQDsFxJDgA9hOydHaCKsJ1pPqmbOsydInCFf
-q4rneo/6rzbgzv/Wbpbd0cmUGLq41xe1rWsYjUd6/GGGbc4I/JzlaPIPNqL/bjIF
-Gz1S9rS+zWj47Ggjb5gW6vJqzNkOMtkc4YEIWFNoDR78bFLw5NenJxwJ0mRd5eIV
-6pBWpBCosQKBgDryE4FZ5neN2im19kFNoxXNe6a+HpqSqWQYWJ7dGUvLVpVFLerp
-me6Onac+6qIvt/zPwFJL1YXqdNgSjMAUP2z1hcdQ3khmcxmqVbE5k5TKuMlH/W8K
-tgBtTy5/35PQbu8xIR30XSzzIX4YscsFpfB1vICYkYwWW6Wust1OFwWxAoGBAIcA
-2mzG+gR7swZeQhV3m2ka5Bcm0zvuLBdtHM0phNOxBgyf0iRosNS/dim9ymiQdvpo
-5GjxwQJO9+XLPJpe+cklreWNNMAj326UGQksEkdZZsGRTiuVUL8qMt1nrmc0JHsj
-aInBGFDTz/hAaV1fPwJSlvH24XXgUtx9eXRR9UTBAoGBAJoCY11pJ9C1NLSflWY5
-0ig/aOCUx4vz0NX203KwmN2P7YXX4iq+qPIpnlsKRMR57hgajRm8Hs7OxvlNIUCt
-6VYr2gRGH3rN7wL60dE8fGmHF0/BjWfFvRfkFmujO+ytmlf/SwjcJKmYDIMW7ZsF
-Xvk6V/ziLkKUNL5P0xR0X6I8
------END PRIVATE KEY-----

node.pem

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDETCCAfkCFA5ijfMasAZU95n3dLpkNLnqVfVNMA0GCSqGSIb3DQEBCwUAMEUx
-CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
-cm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcNMTkwODA2MTQxMzI4WhcNMTkwOTA1MTQx
-MzI4WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UE
-CgwYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA3sdFu0GI6yc3PpWBjt8qbAJ4AhR4Ao35xIYfsjcPA3cWsk8g
-apbz5QZNPSXlVPMRehI6h8uG66AGFr2deWEXXhO2g1ydOSIqggu1xVc/6XacWSnq
-LxI5WYuIF7Wwfpa3JgoS+LUOSORNX9uyrAvfHyWeoESc/hHnXvN3g4teFreLkCYB
-uiVKLDBjNJQc82P5d+70UhcXkz/HCnseL8FpoLBZkegFH/3KKxpvjhiuqJ8vUhq2
-mVNxKFVBe81g4UsbEv6VYXhYs46Yk9jS4G1wllR6M6eAIw9xoc4tw+Q1dzMPOWUx
-024LMVsen8coFh+NDgTlo+qOeOeBHximsyY8+wIDAQABMA0GCSqGSIb3DQEBCwUA
-A4IBAQCm7P73s4azGocdSG3qHYDqEpUUxRyzkz9NuGoqYkXBbnKe2z4dCIZx1URm
-muY2EKK+IHG9QCMgOIPCu8cMnwYqAcxT/Ob2EYOzOglvUhz6GR7MerfxU69hdGL7
-gVSQSsVnRnMKzgO+8n6Nawx26GNxDO/6CNu5GS+jDPhR5ABV8su4+OmKa070wfB+
-rFVfGWzYkxpgIteUKF/F59eH//DHllerHnoNvX03rpuIt6ofZoTzMJoBxAJIRiaP
-Q3+0B0v/t+kxzSpkLNHs1X4xcDulpDU64oeSGYkB2ebK/rGOCBd4C+pNMY1zNaHQ
-/7Xn7ZabuVcPtbqEcpszTfL5a/t9
------END CERTIFICATE-----

root-ca-key.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA1vp+v6lcQ+UCMfCfvoSvffZA72Az+i0l7rmk46iZfmqhiXaV
-x9Q44C2G6V5Jey2EWUAERaNoj+IvXlOE39fzrSKRVZP3CJ3FcbXTmrhxIcNq6c64
-BG0oMExMlYzfSZbobeTkm+f4B6SNRpswz1MSnGwh5fwN6mwHq5sYJs7PcGHL1u81
-tzHjIwvOxXXufAPaw9RI6IG96bKT8/hs/5IAtH8uN8im62+7Jzd1HdM/TNgrajpn
-P7AgDwrEOo6EAZ4GxuOPsZYi33MZ+/GmhjRp3oheCx2MTyX2PWXAFDBJYdov2g/j
-rmJgQKqXBtFozOc/wGuXgcN1NrGabhfsq6bv3QIDAQABAoIBADCQdBOuGcbItD89
-4YhzhwWInNC2xectTdVpIMPBMbOqOQXJwTpcSeDyx/huMWFfPfe/i3eD27otWZAQ
-hALhUQ36siRIAdVzdsgiUEQyiHQdJkjdRxrQ4fRPODnMkiCYs7cnrzE9LP3lAXlC
-07ryRFEL6HiBAU/EydLNfZ4+uAPl2cHnJ5sddimQy/smg4wGSyz/xsbglF5wFMMy
-IT2h9xtYqRDfz8SKjBx4CCXzM6bPwjlp04fkc2s6n1slDp6FfyCGFMlxs8IbJRK2
-6nDXg9q4+t3BZkVDVsA0GMRWDO1bv/yP3Xh4c2FN8hT4/vGvDnFeIxHVUkQapFa/
-plL53cECgYEA9Wk4aqWzbAB7KCa8Ygac8X2cp5XV938acHNaOlEqeskhKf427GBR
-Jv0PnyvcSZ6HvkqfsX6/zcaDBjl6d93vqTt7Caa6+AlyLXh5wBYWfHfoWw6Cd9a9
-EHz6l8RXtjO1BDrEmp0eeaVwIi9J0gC9klIQeAyIGEckpK5rCIFrVo0CgYEA4EEe
-8rry+Gw6M5BHIub5m8TX7QN8vPC7zre13MgLRxgasZjY6BDULf063On4ULhe5gol
-D1QJmJz7IqCRSyOyR4PQUZ93vOrgRkajIEg1gDfw5BL+XfcB24F2iSdjHAj5Yel6
-HDC4QfGuE+Pf2JjXfS46rTJOpCtPvZRO/1YZEpECgYBwffffYu84zYumnwLxSCi+
-xZ5+bz9yQLAE5ctxOe1n9TQfhKj2dzwbzBpSEw/aKzH790b2XKxdDebXfpd1xKTs
-BRjkFqpTsjjFQRlGBJnwGiLHQoJpnmRx32gbE2RFX7RVKP8gBG+IwV4CPXzwJ2i+
-XqGv9caYolvYpR7o+jISrQKBgFYkzdWiOOly8ZyTJLBkl6fdorB6MXWG6C4NZf/s
-nGBwAvkL5O6oYElWSEFKY0fmuxWU+g18U79bNiFkGswJZ1ePa/uezWk1tHdqdQlW
-k66wTonePfYsh3shrT4ccjb3v4x8Gpsvn+g9BYjAdWGHvOdqVcHoXEs2FAiYKwxs
-r27xAoGBAOCRicRMDmzZEn6+H2TPLcF8I1z5Zmbfe2wxpbJTyRrlsPYRDWVD5AQq
-ot1997UYoOU3/dVh1Hboilw/FhWgWefElqZ0ZbR/c0SQ9mVIk1pdjBiIVb9wIMPb
-JUFzTOZpJLFm+3XprcolynJ5eEwNVo4qznQ6/wKIiHl3218oMlLO
------END RSA PRIVATE KEY-----

root-ca.pem

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDazCCAlOgAwIBAgIUKv3kyQj4hZXfq9c8n2eaVyfbxgIwDQYJKoZIhvcNAQEL
-BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xOTA4MDYxNDEzMDBaFw0xOTA5
-MDUxNDEzMDBaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDW+n6/qVxD5QIx8J++hK999kDvYDP6LSXuuaTjqJl+
-aqGJdpXH1DjgLYbpXkl7LYRZQARFo2iP4i9eU4Tf1/OtIpFVk/cIncVxtdOauHEh
-w2rpzrgEbSgwTEyVjN9Jluht5OSb5/gHpI1GmzDPUxKcbCHl/A3qbAermxgmzs9w
-YcvW7zW3MeMjC87Fde58A9rD1Ejogb3pspPz+Gz/kgC0fy43yKbrb7snN3Ud0z9M
-2CtqOmc/sCAPCsQ6joQBngbG44+xliLfcxn78aaGNGneiF4LHYxPJfY9ZcAUMElh
-2i/aD+OuYmBAqpcG0WjM5z/Aa5eBw3U2sZpuF+yrpu/dAgMBAAGjUzBRMB0GA1Ud
-DgQWBBSB8K9j6PWB7xsXY6FhQ5yiwyuBADAfBgNVHSMEGDAWgBSB8K9j6PWB7xsX
-Y6FhQ5yiwyuBADAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBT
-19LIJpNg/03mvmGlnI7pfKIKpJSA1GZDZ+QJ/K8uOlo6aX0r511Sc7CWHTNDwdH/
-K8lvnMTGDXNHY2iblGjJU067Z1ahwqVewix0cy36dy/k2g5BnxaH4yuHRvn5DeWx
-1GQLP6sVDpw5aTVq8KtuSvzv6Qc9I8Ra2708SxZY2KnQPKHlgVhs5tbYaFRic4xl
-Ir9unaTWyHlZ0UAE0HlJSL6Fe1OTwyyjZi9msriuIQozKuaiobzOU2P1I+2rgHic
-yzS1R9zI3YxPZsUaJiuiC6NWZ7gnrnf0qp1MGJ+qDKMeVISJFILa8PpSAuDxyr5r
-XW5PH/MBrI0VpiUi4Pi7
------END CERTIFICATE-----

root-ca.srl

@@ -1 +0,0 @@
-0E628DF31AB00654F799F774BA6434B9EA55F54D

wazuh/Dockerfile

@@ -1,19 +1,19 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM phusion/baseimage:latest
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+FROM phusion/baseimage:0.10.2
 
-ARG FILEBEAT_VERSION=7.1.1
+ARG FILEBEAT_VERSION=7.9.2
 
-ARG WAZUH_VERSION=3.9.3-1
+ARG WAZUH_VERSION=3.13.6-1
 
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ARG TEMPLATE_VERSION="v3.9.3"
+ARG TEMPLATE_VERSION="v3.13.6"
 
 # Set repositories.
 RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
    curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
-   curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
+   curl --silent --location https://deb.nodesource.com/setup_10.x | bash - && \
    echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
    echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
    groupadd -g 1000 ossec && useradd -u 1000 -g 1000 -d /var/ossec ossec
@@ -38,8 +38,8 @@ COPY config/01-config_filebeat.sh /entrypoint-scripts/01-config_filebeat.sh
 RUN chmod 755 /init.bash && \
    sync && /init.bash && \
    sync && rm /init.bash && \
-   curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-${FILEBEAT_VERSION}-amd64.deb &&\
-   dpkg -i filebeat-oss-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-oss-${FILEBEAT_VERSION}-amd64.deb && \
+   curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
+   dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
    chmod 755 /entrypoint.sh && \
    chmod 755 /entrypoint-scripts/00-wazuh.sh && \
    chmod 755 /entrypoint-scripts/01-config_filebeat.sh
@@ -70,11 +70,14 @@ COPY config/filebeat.runit.service /etc/service/filebeat/run
 RUN chmod +x /etc/service/wazuh-api/run && \
    chmod +x /etc/service/wazuh/run && \
    chmod +x /etc/service/postfix/run && \
-   chmod +x /etc/service/filebeat/run 
+   chmod +x /etc/service/filebeat/run
 
 
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json
 
+ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
+RUN curl -s https://packages.wazuh.com/3.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
+
 # Run all services
-ENTRYPOINT ["/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]

wazuh/config/00-wazuh.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # Wazuh container bootstrap. See the README for information of the environment
 # variables expected by this script.
@@ -50,7 +50,15 @@ if [  -e ${WAZUH_INSTALL_PATH}/etc-template  ]
 then
     cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf
 fi
-rm /var/ossec/queue/db/.template.db
+
+# copy missing files from queue-template (in case this is an upgrade from previous versions)
+for filename in /var/ossec/queue-template/*; do
+  fname=$(basename $filename)
+  echo $fname
+  if test ! -e "/var/ossec/data/queue/$fname"; then
+    cp -rp "/var/ossec/queue-template/$fname" /var/ossec/data/queue/
+  fi
+done
 
 touch ${DATA_PATH}/process_list
 chgrp ossec ${DATA_PATH}/process_list
@@ -104,10 +112,22 @@ function ossec_shutdown(){
   ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
 }
 
+##############################################################################
+# Allow users to set the container hostname as <node_name> dynamically on
+# container start.
+#
+# To use this:
+# 1. Create your own ossec.conf file
+# 2. In your ossec.conf file, set to_be_replaced_by_hostname as your node_name
+# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
+##############################################################################
+sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
+
 # Trap exit signals and do a proper shutdown
 trap "ossec_shutdown; exit" SIGINT SIGTERM
 
 chmod -R g+rw ${DATA_PATH}
+chmod 750 /var/ossec/agentless/*
 
 ##############################################################################
 # Interpret any passed arguments (via docker command to this entrypoint) as
@@ -132,4 +152,4 @@ echo "Change Wazuh API user credentials"
 change_user="node htpasswd -b -c user $API_USER $API_PASS"
 eval $change_user
 
-popd
+popd

wazuh/config/01-config_filebeat.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -7,4 +7,4 @@ set -e
 if [ "$ELASTICSEARCH_URL" != "" ]; then
   >&2 echo "Customize Elasticsearch ouput IP."
   sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_URL'|g' /etc/filebeat/filebeat.yml
-fi
+fi

wazuh/config/data_dirs.env

@@ -2,14 +2,7 @@ i=0
 DATA_DIRS[((i++))]="api/configuration"
 DATA_DIRS[((i++))]="etc"
 DATA_DIRS[((i++))]="logs"
-DATA_DIRS[((i++))]="queue/db"
-DATA_DIRS[((i++))]="queue/rootcheck"
-DATA_DIRS[((i++))]="queue/agent-groups"
-DATA_DIRS[((i++))]="queue/agent-info"
-DATA_DIRS[((i++))]="queue/agents-timestamp"
-DATA_DIRS[((i++))]="queue/agentless"
-DATA_DIRS[((i++))]="queue/cluster"
-DATA_DIRS[((i++))]="queue/rids"
-DATA_DIRS[((i++))]="queue/fts"
+DATA_DIRS[((i++))]="queue"
+DATA_DIRS[((i++))]="agentless"
 DATA_DIRS[((i++))]="var/multigroups"
 export DATA_DIRS

wazuh/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
@@ -11,4 +11,4 @@ done
 # Start Wazuh Server.
 ##############################################################################
 
-/sbin/my_init 
+/sbin/my_init

wazuh/config/filebeat.runit.service

@@ -1,4 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service filebeat start
 tail -f /var/log/filebeat/filebeat

wazuh/config/filebeat.yml

@@ -1,53 +1,15 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-filebeat.inputs:
-  - type: log
-    paths:
-      - '/var/ossec/logs/alerts/alerts.json'
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+  - module: wazuh
+    alerts:
+      enabled: true
+    archives:
+      enabled: false
 
 setup.template.json.enabled: true
-setup.template.json.path: "/etc/filebeat/wazuh-template.json"
-setup.template.json.name: "wazuh"
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
 setup.template.overwrite: true
+setup.ilm.enabled: false
 
-processors:
-  - decode_json_fields:
-      fields: ['message']
-      process_array: true
-      max_depth: 200
-      target: ''
-      overwrite_keys: true
-  - drop_fields:
-      fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
-  - rename:
-      fields:
-        - from: "data.aws.sourceIPAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.srcip"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.win.eventdata.ipAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-
-output.elasticsearch:
-  hosts: ['http://elasticsearch:9200']
-  #pipeline: geoip
-  indices:
-    - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
+output.elasticsearch.hosts: ['http://elasticsearch:9200']

wazuh/config/init.bash

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # Initialize the custom data directory layout
 source /data_dirs.env

wazuh/config/postfix.runit.service

@@ -1,4 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service postfix start
 tail -f /var/log/mail.log

wazuh/config/wazuh-api.runit.service

@@ -1,5 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service wazuh-api start
 tail -f /var/ossec/data/logs/api.log
-

wazuh/config/wazuh.runit.service

@@ -1,5 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service wazuh-manager start
 tail -f /var/ossec/data/logs/ossec.log
-