mirror of
				https://github.com/wazuh/wazuh-docker.git
				synced 2025-10-24 16:43:45 +00:00 
			
		
		
		
	Compare commits
	
		
			5 Commits
		
	
	
		
			cloud-v0.1
			...
			cloud-v0.2
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | d8a90dc6b7 | ||
|  | 99d54f1776 | ||
|  | 33e451f755 | ||
|  | d05ec226d8 | ||
|  | 3f206679da | 
| @@ -1,7 +1,7 @@ | ||||
| # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2) | ||||
| ARG ELASTIC_VERSION=7.3.2 | ||||
| ARG ELASTIC_VERSION=7.4.2 | ||||
| FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION} | ||||
| ARG TEMPLATE_VERSION=v3.10.2 | ||||
| ARG TEMPLATE_VERSION=v3.11.4 | ||||
|  | ||||
| ENV ELASTICSEARCH_URL="http://elasticsearch:9200" | ||||
|  | ||||
|   | ||||
| @@ -28,13 +28,9 @@ echo "LOAD SETTINGS - Elasticsearch url: $el_url" | ||||
| ############################################################################## | ||||
|  | ||||
| ELASTIC_PASS="" | ||||
| WAZH_API_USER="" | ||||
| WAZH_API_PASS="" | ||||
|  | ||||
| if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then | ||||
|   ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD} | ||||
|   WAZH_API_USER=${API_USER} | ||||
|   WAZH_API_PASS=${API_PASS} | ||||
| else | ||||
|   input=${SECURITY_CREDENTIALS_FILE} | ||||
|   while IFS= read -r line | ||||
| @@ -42,12 +38,6 @@ else | ||||
|     if [[ $line == *"ELASTIC_PASSWORD"* ]]; then | ||||
|       arrIN=(${line//:/ }) | ||||
|       ELASTIC_PASS=${arrIN[1]} | ||||
|     elif [[ $line == *"WAZUH_API_USER"* ]]; then | ||||
|       arrIN=(${line//:/ }) | ||||
|       WAZH_API_USER=${arrIN[1]} | ||||
|     elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then | ||||
|       arrIN=(${line//:/ }) | ||||
|       WAZH_API_PASS=${arrIN[1]} | ||||
|     fi | ||||
|   done < "$input" | ||||
|   | ||||
| @@ -154,93 +144,9 @@ fi | ||||
|  | ||||
|  | ||||
| ############################################################################## | ||||
| # Prepare Wazuh API credentials | ||||
| # Enable xpack.monitoring.collection | ||||
| ############################################################################## | ||||
|  | ||||
| API_PASS_Q=`echo "$WAZH_API_PASS" | tr -d '"'` | ||||
| API_USER_Q=`echo "$WAZH_API_USER" | tr -d '"'` | ||||
| API_PASSWORD=`echo -n $API_PASS_Q | base64` | ||||
|  | ||||
| echo "LOAD SETTINGS - Setting API credentials into Wazuh APP" | ||||
| CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth}) | ||||
|  | ||||
| if [ "x$CONFIG_CODE" != "x200" ]; then | ||||
|   curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d' | ||||
|   { | ||||
|     "api_user": "'"$API_USER_Q"'", | ||||
|     "api_password": "'"$API_PASSWORD"'", | ||||
|     "url": "'"$wazuh_url"'", | ||||
|     "api_port": "55000", | ||||
|     "insecure": "true", | ||||
|     "component": "API", | ||||
|     "cluster_info": { | ||||
|       "manager": "wazuh-manager", | ||||
|       "cluster": "Disabled", | ||||
|       "status": "disabled" | ||||
|     }, | ||||
|     "extensions": { | ||||
|       "oscap": true, | ||||
|       "audit": true, | ||||
|       "pci": true, | ||||
|       "aws": true, | ||||
|       "virustotal": true, | ||||
|       "gdpr": true, | ||||
|       "ciscat": true | ||||
|     } | ||||
|   } | ||||
|   ' > /dev/null | ||||
| else | ||||
|   echo "LOAD SETTINGS - Wazuh APP already configured" | ||||
|   echo "LOAD SETTINGS - Check if it is an upgrade from Elasticsearch 6.x to 7.x" | ||||
|   wazuh_search_request=`curl -s ${auth} "$el_url/.wazuh/_search?pretty"` | ||||
|   full_type=`echo $wazuh_search_request | jq .hits.hits | jq .[] | jq ._type` | ||||
|   elasticsearch_request=`curl -s $auth "$el_url"` | ||||
|   full_elasticsearch_version=`echo $elasticsearch_request | jq .version.number` | ||||
|   type=`echo "$full_type" | tr -d '"'` | ||||
|   elasticsearch_version=`echo "$full_elasticsearch_version" | tr -d '"'` | ||||
|   elasticsearch_major="${elasticsearch_version:0:1}" | ||||
|  | ||||
|   if [[ $type == "wazuh-configuration" ]] && [[ $elasticsearch_major == "7" ]]; then | ||||
|     echo "LOAD SETTINGS - Elasticsearch major = $elasticsearch_major." | ||||
|     echo "LOAD SETTINGS - Reindex .wazuh in .wazuh-backup." | ||||
|      | ||||
|     curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d' | ||||
|     { | ||||
|       "source": { | ||||
|         "index": ".wazuh" | ||||
|       }, | ||||
|       "dest": { | ||||
|         "index": ".wazuh-backup" | ||||
|       } | ||||
|     } | ||||
|     ' | ||||
|     echo "LOAD SETTINGS - Remove .wazuh index." | ||||
|     curl -s  ${auth} -XDELETE "$el_url/.wazuh" | ||||
|  | ||||
|     echo "LOAD SETTINGS - Reindex .wazuh-backup in .wazuh." | ||||
|     curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d' | ||||
|     { | ||||
|       "source": { | ||||
|         "index": ".wazuh-backup" | ||||
|       }, | ||||
|       "dest": { | ||||
|         "index": ".wazuh" | ||||
|       } | ||||
|     } | ||||
|     ' | ||||
|     curl -s ${auth} -XPUT "https://elasticsearch:9200/.wazuh-backup/_settings?pretty" -H 'Content-Type: application/json' -d' | ||||
|     { | ||||
|         "index" : { | ||||
|             "number_of_replicas" : 0 | ||||
|         } | ||||
|     } | ||||
|     ' | ||||
|  | ||||
|   fi | ||||
|  | ||||
| fi | ||||
| sleep 5 | ||||
|  | ||||
| curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d' | ||||
| { | ||||
|   "persistent": { | ||||
| @@ -249,6 +155,7 @@ curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/jso | ||||
| } | ||||
| ' | ||||
|  | ||||
|  | ||||
| ############################################################################## | ||||
| # Set cluster delayed timeout when node falls | ||||
| ############################################################################## | ||||
| @@ -262,4 +169,4 @@ curl -X PUT "$el_url/_all/_settings" ${auth} -H 'Content-Type: application/json' | ||||
| ' | ||||
| echo "LOAD SETTINGS - cluster delayed timeout changed." | ||||
|  | ||||
| echo "LOAD SETTINGS - Elasticsearch is ready." | ||||
| echo "LOAD SETTINGS - Elasticsearch is ready." | ||||
|   | ||||
| @@ -1,15 +1,14 @@ | ||||
| # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2) | ||||
| FROM docker.elastic.co/kibana/kibana:7.3.2 | ||||
| ARG ELASTIC_VERSION=7.3.2 | ||||
| ARG WAZUH_VERSION=3.10.2 | ||||
| FROM docker.elastic.co/kibana/kibana:7.4.2 | ||||
| ARG ELASTIC_VERSION=7.4.2 | ||||
| ARG WAZUH_VERSION=3.11.4 | ||||
| ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}" | ||||
|  | ||||
| USER root | ||||
|  | ||||
| # App: 3.10.2 - 7.3.2 with this fix: https://github.com/wazuh/wazuh-kibana-app/issues/1815 | ||||
| #ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp | ||||
| COPY config/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp | ||||
| USER kibana | ||||
| #RUN /usr/share/kibana/bin/kibana-plugin install  --allow-root https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip | ||||
| RUN /usr/share/kibana/bin/kibana-plugin install  --allow-root file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip  | ||||
| USER root | ||||
| RUN rm -rf /tmp/wazuhapp-${WAZUH_APP_VERSION}.zip | ||||
| @@ -47,7 +46,8 @@ ENV PATTERN="" \ | ||||
|     WAZUH_MONITORING_FREQUENCY="" \ | ||||
|     WAZUH_MONITORING_SHARDS="" \ | ||||
|     WAZUH_MONITORING_REPLICAS="" \ | ||||
|     ADMIN_PRIVILEGES="" | ||||
|     ADMIN_PRIVILEGES="" \ | ||||
|     API_SELECTOR="" | ||||
|  | ||||
| ARG XPACK_CANVAS="false" | ||||
| ARG XPACK_LOGS="false" | ||||
| @@ -62,15 +62,15 @@ ARG XPACK_SIEM="false" | ||||
|  | ||||
| ARG CHANGE_WELCOME="true" | ||||
|  | ||||
| COPY --chown=kibana:kibana ./config/05-decrypt_credentials.sh /entrypoint-scripts/05-decrypt_credentials.sh | ||||
| COPY --chown=kibana:kibana ./config/10-wazuh_app_config.sh /entrypoint-scripts/10-wazuh_app_config.sh | ||||
| COPY --chown=kibana:kibana ./config/12-custom_logos.sh /entrypoint-scripts/12-custom_logos.sh | ||||
| COPY --chown=kibana:kibana ./config/15-decrypt_credentials.sh /entrypoint-scripts/15-decrypt_credentials.sh | ||||
| COPY --chown=kibana:kibana ./config/20-entrypoint.sh /entrypoint-scripts/20-entrypoint.sh | ||||
| COPY --chown=kibana:kibana ./config/20-entrypoint_kibana_settings.sh ./ | ||||
| COPY --chown=kibana:kibana ./config/20-entrypoint_certs_management.sh ./ | ||||
| RUN chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \ | ||||
| RUN chmod +x /entrypoint-scripts/05-decrypt_credentials.sh  && \ | ||||
|     chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \ | ||||
|     chmod +x /entrypoint-scripts/12-custom_logos.sh && \ | ||||
|     chmod +x /entrypoint-scripts/15-decrypt_credentials.sh && \ | ||||
|     chmod +x /entrypoint-scripts/20-entrypoint.sh && \ | ||||
|     chmod +x ./20-entrypoint_kibana_settings.sh && \ | ||||
|     chmod +x ./20-entrypoint_certs_management.sh | ||||
| @@ -91,9 +91,9 @@ RUN /usr/local/bin/kibana-docker --optimize | ||||
|  | ||||
| USER root | ||||
|  | ||||
| RUN chmod 660 /usr/share/kibana/plugins/wazuh/config.yml && \ | ||||
| RUN chmod 660 /usr/share/kibana/plugins/wazuh/wazuh.yml && \ | ||||
|     chmod 775 /usr/share/kibana/plugins/wazuh && \ | ||||
|     chown root:kibana /usr/share/kibana/plugins/wazuh/config.yml && \ | ||||
|     chown root:kibana /usr/share/kibana/plugins/wazuh/wazuh.yml && \ | ||||
|     chown root:kibana /usr/share/kibana/plugins/wazuh | ||||
|  | ||||
| USER kibana | ||||
|   | ||||
| @@ -1,7 +1,60 @@ | ||||
| #!/bin/bash | ||||
| # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2) | ||||
| # Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| kibana_config_file="/usr/share/kibana/plugins/wazuh/config.yml" | ||||
| ############################################################################## | ||||
| # If Elasticsearch security is enabled get the kibana user, the Kibana  | ||||
| # password and WAZUH API credentials. | ||||
| ############################################################################## | ||||
|  | ||||
| KIBANA_USER="" | ||||
| KIBANA_PASS="" | ||||
| WAZH_API_USER="" | ||||
| WAZH_API_PASS="" | ||||
|  | ||||
| if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then | ||||
|   KIBANA_USER=${SECURITY_KIBANA_USER} | ||||
|   KIBANA_PASS=${SECURITY_KIBANA_PASS} | ||||
|   WAZH_API_USER=${API_USER} | ||||
|   WAZH_API_PASS=${API_PASS} | ||||
|   echo "USERS - Credentials obtained from environment variables." | ||||
| else | ||||
|   input=${SECURITY_CREDENTIALS_FILE} | ||||
|   while IFS= read -r line | ||||
|   do | ||||
|     if [[ $line == *"KIBANA_USER"* ]]; then | ||||
|       arrIN=(${line//:/ }) | ||||
|       KIBANA_USER=${arrIN[1]} | ||||
|     elif [[ $line == *"KIBANA_PASSWORD"* ]]; then | ||||
|       arrIN=(${line//:/ }) | ||||
|       KIBANA_PASS=${arrIN[1]} | ||||
|     elif [[ $line == *"WAZUH_API_USER"* ]]; then | ||||
|       arrIN=(${line//:/ }) | ||||
|       WAZH_API_USER=${arrIN[1]} | ||||
|     elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then | ||||
|       arrIN=(${line//:/ }) | ||||
|       WAZH_API_PASS=${arrIN[1]} | ||||
|     fi | ||||
|   done < "$input" | ||||
|   echo "USERS - Credentials obtained from file." | ||||
| fi | ||||
|  | ||||
| ############################################################################## | ||||
| # Establish the way to run the curl command, with or without authentication.  | ||||
| ############################################################################## | ||||
|  | ||||
| if [ ${SECURITY_ENABLED} != "no" ]; then | ||||
|   auth="-u ${KIBANA_USER}:${KIBANA_PASS} -k" | ||||
| elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then | ||||
|   auth="" | ||||
| else | ||||
|   auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}" | ||||
| fi | ||||
|  | ||||
| ############################################################################## | ||||
| # Set custom wazuh.yml config | ||||
| ############################################################################## | ||||
|  | ||||
| kibana_config_file="/usr/share/kibana/plugins/wazuh/wazuh.yml" | ||||
|  | ||||
| declare -A CONFIG_MAP=( | ||||
|   [pattern]=$PATTERN | ||||
| @@ -30,6 +83,7 @@ declare -A CONFIG_MAP=( | ||||
|   [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS | ||||
|   [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS | ||||
|   [admin]=$ADMIN_PRIVILEGES | ||||
|   [api.selector]=$API_SELECTOR | ||||
| ) | ||||
|  | ||||
| for i in "${!CONFIG_MAP[@]}" | ||||
| @@ -38,3 +92,24 @@ do | ||||
|         sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file | ||||
|     fi | ||||
| done | ||||
|  | ||||
| # remove default API entry (new in 3.11.0_7.5.1) | ||||
| sed -ie '/- default:/,+4d' $kibana_config_file | ||||
|  | ||||
| # If this is an update to 3.11 | ||||
| CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $ELASTICSEARCH_URL/.wazuh/_doc/1513629884013 ${auth}) | ||||
|  | ||||
| grep -q 1513629884013 $kibana_config_file | ||||
| _config_exists=$? | ||||
|  | ||||
| if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then | ||||
| cat << EOF >> $kibana_config_file  | ||||
|   - 1: | ||||
|       url: https://wazuh | ||||
|       port: 55000 | ||||
|       user: $WAZH_API_USER | ||||
|       password: $WAZH_API_PASS | ||||
| EOF | ||||
| else | ||||
|   echo "Wazuh APP already configured" | ||||
| fi | ||||
|   | ||||
| @@ -1 +0,0 @@ | ||||
| 1bda3f0db629fab2a64f859fe0769afc8a359fc7 | ||||
							
								
								
									
										1
									
								
								kibana/config/wazuhapp-3.11.4_7.4.2.zip.REMOVED.git-id
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								kibana/config/wazuhapp-3.11.4_7.4.2.zip.REMOVED.git-id
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1 @@ | ||||
| a58d8e7a4edaa0b4aa7e5fa76e16e49f884faddf | ||||
| @@ -1,6 +1,6 @@ | ||||
| # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| ARG LOGSTASH_VERSION=7.3.2 | ||||
| ARG LOGSTASH_VERSION=7.4.2 | ||||
| FROM docker.elastic.co/logstash/logstash:${LOGSTASH_VERSION} | ||||
|  | ||||
| COPY --chown=logstash:logstash config/entrypoint.sh /entrypoint.sh | ||||
|   | ||||
| @@ -2,14 +2,14 @@ | ||||
| FROM phusion/baseimage:latest | ||||
|  | ||||
| # Arguments | ||||
| ARG FILEBEAT_VERSION=7.3.2 | ||||
| ARG WAZUH_VERSION=3.10.2-1 | ||||
| ARG FILEBEAT_VERSION=7.4.2 | ||||
| ARG WAZUH_VERSION=3.11.4-1 | ||||
|  | ||||
| # Environment variables | ||||
| ENV API_USER="foo" \ | ||||
|    API_PASS="bar" | ||||
|  | ||||
| ARG TEMPLATE_VERSION="v3.10.2" | ||||
| ARG TEMPLATE_VERSION="v3.11.4" | ||||
| ENV FILEBEAT_DESTINATION="elasticsearch" | ||||
|  | ||||
| # Install packages | ||||
| @@ -97,17 +97,17 @@ COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials | ||||
| COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh | ||||
| COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh | ||||
| COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh | ||||
| COPY config/05-remove_credentials_file.sh /entrypoint-scripts/05-remove_credentials_file.sh | ||||
| COPY config/10-backups.sh /entrypoint-scripts/10-backups.sh | ||||
| COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh | ||||
| COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh | ||||
| COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh | ||||
| RUN chmod 755 /entrypoint.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/01-wazuh.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/02-set_filebeat_destination.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/05-remove_credentials_file.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/10-backups.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/20-ossec-configuration.sh | ||||
|     chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/25-backups.sh && \ | ||||
|     chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh | ||||
|  | ||||
| # Workaround.  | ||||
| # Issues: Wazuh-api | ||||
|   | ||||
| @@ -1,6 +1,8 @@ | ||||
| #!/bin/bash | ||||
| # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| # Trap to kill container if it is necessary. | ||||
| trap "exit" SIGINT SIGTERM | ||||
| # It will run every .sh script located in entrypoint-scripts folder in lexicographical order | ||||
| for script in `ls /entrypoint-scripts/*.sh | sort -n`; do | ||||
|   bash "$script" | ||||
|   | ||||
		Reference in New Issue
	
	Block a user