Bump version

CHANGELOG.md

@@ -1,6 +1,12 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v3.9.5_7.3.0-oss
+
+### Added
+
+- Update to Wazuh version 3.9.5_7.3.0-oss
+
 ## Wazuh Docker v3.9.3_7.2.0-oss
 
 ### Added
@@ -11,13 +17,6 @@ All notable changes to this project will be documented in this file.
 ### Fixed
 - Wazuh-docker reinserts cluster settings after resuming containers ([@manuasir](https://github.com/manuasir)) [#213](https://github.com/wazuh/wazuh-docker/pull/213)
 
-
-## Wazuh Docker v3.9.3_7.1.1-opendistro
-
-### Added
-- Support for Amazon Open Distro Docker images.
-
-
 ## Wazuh Docker v3.9.2_7.1.1
 
 ### Added

README.md

@@ -57,7 +57,7 @@ In addition, a docker-compose file is provided to launch the containers mentione
 
 * `stable` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version_ElasticStack.Version` (for example 3.9.3_7.1.1-opendistro) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `Wazuh.Version_ElasticStack.Version` (for example 3.9.5_7.3.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
 
 ## Credits and Thank you
 

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.9.3_7.1.1"
-REVISION="3930"
+WAZUH-DOCKER_VERSION="3.9.5_7.3.0"
+REVISION="3950"

docker-compose.yml

@@ -1,34 +1,9 @@
-version: '3'
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+version: '2'
+
 services:
-
-
-  elasticsearch:
-    image: wazuh/wazuh-elasticsearch:3.9.3_7.1.1-opendistro
-    container_name: elasticsearch
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536 # maximum number of open files for the Elasticsearch user, set to at least 65536 on modern systems
-        hard: 65536
-    volumes:
-      - odfe-data1:/usr/share/elasticsearch/data
-      - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./node.pem:/usr/share/elasticsearch/config/node.pem
-      - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem
-      - ./admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem
-      - ./custom-elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-    ports:
-      - 9200:9200
-      - 9600:9600 # required for Performance Analyzer
-    networks:
-      - odfe-net
-
-
   wazuh:
-    image: wazuh/wazuh:3.9.3_7.1.1-opendistro
+    image: wazuh/wazuh:3.9.5_7.3.0-oss
     hostname: wazuh-manager
     restart: always
     ports:
@@ -36,11 +11,26 @@ services:
       - "1515:1515"
       - "514:514/udp"
       - "55000:55000"
-    networks:
-      - odfe-net
+
+  elasticsearch:
+    image: wazuh/wazuh-elasticsearch:3.9.5_7.3.0-oss
+    hostname: elasticsearch
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
+      - ELASTIC_CLUSTER=true
+      - CLUSTER_NODE_MASTER=true
+      - CLUSTER_MASTER_NODE_NAME=es01
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+    mem_limit: 2g
 
   kibana:
-    image: wazuh/wazuh-kibana:3.9.3_7.1.1-opendistro
+    image: wazuh/wazuh-kibana:3.9.5_7.3.0-oss
     hostname: kibana
     restart: always
     depends_on:
@@ -48,11 +38,17 @@ services:
     links:
       - elasticsearch:elasticsearch
       - wazuh:wazuh
-    networks:
-      - odfe-net
-
-volumes:
-  odfe-data1:
-
-networks:
-  odfe-net:
+  nginx:
+    image: wazuh/wazuh-nginx:3.9.5_7.3.0
+    hostname: nginx
+    restart: always
+    environment:
+      - NGINX_PORT=443
+      - NGINX_CREDENTIALS
+    ports:
+      - "80:80"
+      - "443:443"
+    depends_on:
+      - kibana
+    links:
+      - kibana:kibana

elasticsearch/Dockerfile

@@ -1,16 +1,21 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-ARG ELASTIC_VERSION=7.1.1
-FROM amazon/opendistro-for-elasticsearch:1.1.0
+ARG ELASTIC_VERSION=7.3.0
+FROM docker.elastic.co/elasticsearch/elasticsearch-oss:${ELASTIC_VERSION}
 ARG S3_PLUGIN_URL="https://artifacts.elastic.co/downloads/elasticsearch-plugins/repository-s3/repository-s3-${ELASTIC_VERSION}.zip"
 
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
 
+ENV ALERTS_SHARDS="1" \
+    ALERTS_REPLICAS="0"
+
 ENV API_USER="foo" \
     API_PASS="bar"
 
 
 ENV ENABLE_CONFIGURE_S3="false"
 
+ARG TEMPLATE_VERSION=v3.9.5
+
 # Elasticearch cluster configuration environment variables
 # If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
 # CLUSTER_INITIAL_MASTER_NODES set to own node by default.
@@ -41,5 +46,8 @@ RUN ${bin/elasticsearch-plugin install --batch S3_PLUGIN_URL}
 COPY config/configure_s3.sh ./config/configure_s3.sh
 RUN chmod 755 ./config/configure_s3.sh
 
+COPY --chown=elasticsearch:elasticsearch ./config/config_cluster.sh ./
+RUN chmod +x ./config_cluster.sh
+
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["elasticsearch"]

elasticsearch/config/config_cluster.sh

@@ -3,8 +3,6 @@
 
 elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 
-# Disable the Open distro security plugin
-
 remove_single_node_conf(){
   if grep -Fq "discovery.type" $1; then
     sed -i '/discovery.type\: /d' $1 
@@ -56,4 +54,4 @@ else
   remove_single_node_conf $elastic_config_file
   remove_cluster_config $elastic_config_file
   echo "discovery.type: single-node" >> $elastic_config_file
-fi
+fi

elasticsearch/config/entrypoint.sh

@@ -21,6 +21,8 @@ run_as_other_user_if_needed() {
 
 # Run load settings script.
 
+./config_cluster.sh
+
 ./load_settings.sh &
 
 # Execute elasticsearch

kibana/Dockerfile

@@ -1,14 +1,14 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM amazon/opendistro-for-elasticsearch-kibana:1.1.0
-ARG ELASTIC_VERSION=7.1.1
-ARG WAZUH_VERSION=3.9.3
+FROM docker.elastic.co/kibana/kibana-oss:7.3.0
+ARG ELASTIC_VERSION=7.3.0
+ARG WAZUH_VERSION=3.9.5
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 USER root
 
 ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 
-RUN /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip 
+RUN /usr/share/kibana/bin/kibana-plugin install --allow-root file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip 
 RUN rm -rf /tmp/wazuhapp-${WAZUH_APP_VERSION}.zip
 
 COPY config/entrypoint.sh ./entrypoint.sh

kibana/config/kibana_settings.sh

@@ -17,12 +17,9 @@ WAZUH_MAJOR=3
 ##############################################################################
 # Customize elasticsearch ip
 ##############################################################################
-sed -i 's|https://localhost:9200|http://elasticsearch:9200|g' /usr/share/kibana/config/kibana.yml
-
 if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then
-  sed -i '/elasticsearch.hosts/d' /usr/share/kibana/config/kibana.yml
-  echo "elasticsearch.hosts: $ELASTICSEARCH_KIBANA_IP" >> /usr/share/kibana/config/kibana.yml
-  sed -i 's|https://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
+  sed -i "s:#elasticsearch.hosts:elasticsearch.hosts:g" /usr/share/kibana/config/kibana.yml
+  sed -i 's|http://elasticsearch:9200|'$ELASTICSEARCH_KIBANA_IP'|g' /usr/share/kibana/config/kibana.yml
 fi
 
 # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.

nginx/Dockerfile

@@ -0,0 +1,19 @@
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+FROM nginx:latest
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && apt-get install -y openssl apache2-utils
+
+COPY config/entrypoint.sh /entrypoint.sh
+
+RUN chmod 755 /entrypoint.sh
+
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+VOLUME ["/etc/nginx/conf.d"]
+
+ENV NGINX_NAME="foo" \
+    NGINX_PWD="bar"
+
+ENTRYPOINT /entrypoint.sh

nginx/config/entrypoint.sh

@@ -0,0 +1,79 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+set -e
+
+# Generating certificates.
+if [ ! -d /etc/nginx/conf.d/ssl ]; then
+  echo "Generating SSL certificates"
+  mkdir -p /etc/nginx/conf.d/ssl/certs /etc/nginx/conf.d/ssl/private
+  openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/conf.d/ssl/private/kibana-access.key -out /etc/nginx/conf.d/ssl/certs/kibana-access.pem >/dev/null
+else
+  echo "SSL certificates already present"
+fi
+
+# Setting users credentials.
+# In order to set NGINX_CREDENTIALS, before "docker-compose up -d" run (a or b):
+#
+# a) export NGINX_CREDENTIALS="user1:pass1;user2:pass2;" or
+#    export NGINX_CREDENTIALS="user1:pass1;user2:pass2"
+#
+# b) Set NGINX_CREDENTIALS in docker-compose.yml:
+#    NGINX_CREDENTIALS=user1:pass1;user2:pass2; or
+#    NGINX_CREDENTIALS=user1:pass1;user2:pass2
+#
+if [ ! -f /etc/nginx/conf.d/kibana.htpasswd ]; then
+  echo "Setting users credentials"
+  if [ ! -z "$NGINX_CREDENTIALS" ]; then
+    IFS=';' read -r -a users <<< "$NGINX_CREDENTIALS"
+    for index in "${!users[@]}"
+    do
+      IFS=':' read -r -a credentials <<< "${users[index]}"
+      if [ $index -eq 0 ]; then
+        echo ${credentials[1]}|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd ${credentials[0]} >/dev/null
+      else
+        echo ${credentials[1]}|htpasswd -i /etc/nginx/conf.d/kibana.htpasswd  ${credentials[0]} >/dev/null
+      fi
+    done
+  else
+    # NGINX_PWD and NGINX_NAME are declared in nginx/Dockerfile 
+    echo $NGINX_PWD|htpasswd -i -c /etc/nginx/conf.d/kibana.htpasswd $NGINX_NAME >/dev/null
+  fi
+else
+  echo "Kibana credentials already configured"
+fi
+
+if [ "x${NGINX_PORT}" = "x" ]; then
+  NGINX_PORT=443
+fi
+
+if [ "x${KIBANA_HOST}" = "x" ]; then
+  KIBANA_HOST="kibana:5601"
+fi
+
+echo "Configuring NGINX"
+cat > /etc/nginx/conf.d/default.conf <<EOF
+server {
+    listen 80;
+    listen [::]:80;
+    return 301 https://\$host:${NGINX_PORT}\$request_uri;
+}
+
+server {
+    listen ${NGINX_PORT} default_server;
+    listen [::]:${NGINX_PORT};
+    ssl on;
+    ssl_certificate /etc/nginx/conf.d/ssl/certs/kibana-access.pem;
+    ssl_certificate_key /etc/nginx/conf.d/ssl/private/kibana-access.key;
+    location / {
+        auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
+        proxy_pass http://${KIBANA_HOST}/;
+        proxy_buffer_size          128k;
+        proxy_buffers              4 256k;
+        proxy_busy_buffers_size    256k;
+    }
+}
+EOF
+
+nginx -g 'daemon off;'

wazuh/Dockerfile

@@ -1,14 +1,14 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM phusion/baseimage:latest
 
-ARG FILEBEAT_VERSION=7.1.1
+ARG FILEBEAT_VERSION=7.3.0
 
-ARG WAZUH_VERSION=3.9.3-1
+ARG WAZUH_VERSION=3.9.5-1
 
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ARG TEMPLATE_VERSION="v3.9.3"
+ARG TEMPLATE_VERSION="v3.9.5"
 
 # Set repositories.
 RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
@@ -74,7 +74,7 @@ RUN chmod +x /etc/service/wazuh-api/run && \
 
 
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
-RUN chmod go-w /etc/filebeat/wazuh-template.json
+RUN chmod go-w /etc/filebeat/wazuh-template.json 
 
 # Run all services
 ENTRYPOINT ["/entrypoint.sh"]