Update Wazuh app for cloud-0.21 (#338 )

Former-commit-id: 3949283bd3
Upgrade Wazuh to 3.11.5 (#334 )
2025-11-04 05:53:19 +00:00 · 2020-04-28 10:36:51 +02:00 · 2020-04-20 17:53:24 +02:00 · 2020-03-26 15:58:33 +01:00 · 2020-03-25 18:45:58 +01:00 · 2020-03-24 12:14:19 +01:00
15 changed files with 120 additions and 125 deletions
--- a/4
+++ b/4
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.10.2_7.3.2"
+WAZUH-DOCKER_VERSION="3.11.5_7.3.2"
-REVISION="31020"
+REVISION="31150"
--- a/elasticsearch/Dockerfile
+++ b/elasticsearch/Dockerfile
@@ -1,7 +1,7 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-ARG ELASTIC_VERSION=7.3.2
+ARG ELASTIC_VERSION=7.4.2
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
-ARG TEMPLATE_VERSION=v3.10.2
+ARG TEMPLATE_VERSION=v3.11.4
 ENV ELASTICSEARCH_URL="http://elasticsearch:9200"
--- a/elasticsearch/config/35-entrypoint_load_settings.sh
+++ b/elasticsearch/config/35-entrypoint_load_settings.sh
@@ -28,13 +28,9 @@ echo "LOAD SETTINGS - Elasticsearch url: $el_url"
 ##############################################################################
 ELASTIC_PASS=""
 WAZH_API_USER=""
 WAZH_API_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  ELASTIC_PASS=${SECURITY_ELASTIC_PASSWORD}
  WAZH_API_USER=${API_USER}
  WAZH_API_PASS=${API_PASS}
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
@@ -42,12 +38,6 @@ else
    if [[ $line == *"ELASTIC_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      ELASTIC_PASS=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_USER"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_USER=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_PASS=${arrIN[1]}
    fi
  done < "$input"
@@ -154,93 +144,9 @@ fi
 ##############################################################################
-# Prepare Wazuh API credentials
+# Enable xpack.monitoring.collection
 ##############################################################################
 API_PASS_Q=`echo "$WAZH_API_PASS" | tr -d '"'`
 API_USER_Q=`echo "$WAZH_API_USER" | tr -d '"'`
 API_PASSWORD=`echo -n $API_PASS_Q | base64`
 echo "LOAD SETTINGS - Setting API credentials into Wazuh APP"
 CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013 ${auth})
 if [ "x$CONFIG_CODE" != "x200" ]; then
  curl -s -XPOST $el_url/.wazuh/_doc/1513629884013 ${auth} -H 'Content-Type: application/json' -d'
  {
    "api_user": "'"$API_USER_Q"'",
    "api_password": "'"$API_PASSWORD"'",
    "url": "'"$wazuh_url"'",
    "api_port": "55000",
    "insecure": "true",
    "component": "API",
    "cluster_info": {
      "manager": "wazuh-manager",
      "cluster": "Disabled",
      "status": "disabled"
    },
    "extensions": {
      "oscap": true,
      "audit": true,
      "pci": true,
      "aws": true,
      "virustotal": true,
      "gdpr": true,
      "ciscat": true
    }
  }
  ' > /dev/null
 else
  echo "LOAD SETTINGS - Wazuh APP already configured"
  echo "LOAD SETTINGS - Check if it is an upgrade from Elasticsearch 6.x to 7.x"
  wazuh_search_request=`curl -s ${auth} "$el_url/.wazuh/_search?pretty"`
  full_type=`echo $wazuh_search_request | jq .hits.hits | jq .[] | jq ._type`
  elasticsearch_request=`curl -s $auth "$el_url"`
  full_elasticsearch_version=`echo $elasticsearch_request | jq .version.number`
  type=`echo "$full_type" | tr -d '"'`
  elasticsearch_version=`echo "$full_elasticsearch_version" | tr -d '"'`
  elasticsearch_major="${elasticsearch_version:0:1}"
  if [[ $type == "wazuh-configuration" ]] && [[ $elasticsearch_major == "7" ]]; then
    echo "LOAD SETTINGS - Elasticsearch major = $elasticsearch_major."
    echo "LOAD SETTINGS - Reindex .wazuh in .wazuh-backup."
    curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d'
    {
      "source": {
        "index": ".wazuh"
      },
      "dest": {
        "index": ".wazuh-backup"
      }
    }
    '
    echo "LOAD SETTINGS - Remove .wazuh index."
    curl -s  ${auth} -XDELETE "$el_url/.wazuh"
    echo "LOAD SETTINGS - Reindex .wazuh-backup in .wazuh."
    curl -s ${auth} -XPOST "$el_url/_reindex" -H 'Content-Type: application/json' -d'
    {
      "source": {
        "index": ".wazuh-backup"
      },
      "dest": {
        "index": ".wazuh"
      }
    }
    '
    curl -s ${auth} -XPUT "https://elasticsearch:9200/.wazuh-backup/_settings?pretty" -H 'Content-Type: application/json' -d'
    {
        "index" : {
            "number_of_replicas" : 0
        }
    }
    '
  fi
 fi
 sleep 5
 curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/json' -d'
 {
  "persistent": {
@@ -249,6 +155,7 @@ curl -XPUT "$el_url/_cluster/settings" ${auth} -H 'Content-Type: application/jso
 }
 '
 ##############################################################################
 # Set cluster delayed timeout when node falls
 ##############################################################################
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -1,15 +1,14 @@
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:7.3.2
+FROM docker.elastic.co/kibana/kibana:7.4.2
-ARG ELASTIC_VERSION=7.3.2
+ARG ELASTIC_VERSION=7.4.2
-ARG WAZUH_VERSION=3.10.2
+ARG WAZUH_VERSION=3.11.5
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 USER root
 # App: 3.10.2 - 7.3.2 with this fix: https://github.com/wazuh/wazuh-kibana-app/issues/1815
 #ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 COPY config/wazuhapp-${WAZUH_APP_VERSION}.zip /tmp
 USER kibana
 #RUN /usr/share/kibana/bin/kibana-plugin install  --allow-root https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip
 RUN /usr/share/kibana/bin/kibana-plugin install  --allow-root file:///tmp/wazuhapp-${WAZUH_APP_VERSION}.zip 
 USER root
 RUN rm -rf /tmp/wazuhapp-${WAZUH_APP_VERSION}.zip
@@ -47,7 +46,8 @@ ENV PATTERN="" \
    WAZUH_MONITORING_FREQUENCY="" \
    WAZUH_MONITORING_SHARDS="" \
    WAZUH_MONITORING_REPLICAS="" \
-    ADMIN_PRIVILEGES=""
+    ADMIN_PRIVILEGES="" \
    API_SELECTOR=""
 ARG XPACK_CANVAS="false"
 ARG XPACK_LOGS="false"
@@ -62,15 +62,15 @@ ARG XPACK_SIEM="false"
 ARG CHANGE_WELCOME="true"
 COPY --chown=kibana:kibana ./config/05-decrypt_credentials.sh /entrypoint-scripts/05-decrypt_credentials.sh
 COPY --chown=kibana:kibana ./config/10-wazuh_app_config.sh /entrypoint-scripts/10-wazuh_app_config.sh
 COPY --chown=kibana:kibana ./config/12-custom_logos.sh /entrypoint-scripts/12-custom_logos.sh
 COPY --chown=kibana:kibana ./config/15-decrypt_credentials.sh /entrypoint-scripts/15-decrypt_credentials.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint.sh /entrypoint-scripts/20-entrypoint.sh
 COPY --chown=kibana:kibana ./config/20-entrypoint_kibana_settings.sh ./
 COPY --chown=kibana:kibana ./config/20-entrypoint_certs_management.sh ./
-RUN chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \
+RUN chmod +x /entrypoint-scripts/05-decrypt_credentials.sh  && \
    chmod +x /entrypoint-scripts/10-wazuh_app_config.sh && \
    chmod +x /entrypoint-scripts/12-custom_logos.sh && \
    chmod +x /entrypoint-scripts/15-decrypt_credentials.sh && \
    chmod +x /entrypoint-scripts/20-entrypoint.sh && \
    chmod +x ./20-entrypoint_kibana_settings.sh && \
    chmod +x ./20-entrypoint_certs_management.sh
@@ -91,9 +91,9 @@ RUN /usr/local/bin/kibana-docker --optimize
 USER root
-RUN chmod 660 /usr/share/kibana/plugins/wazuh/config.yml && \
+RUN chmod 660 /usr/share/kibana/plugins/wazuh/wazuh.yml && \
    chmod 775 /usr/share/kibana/plugins/wazuh && \
-    chown root:kibana /usr/share/kibana/plugins/wazuh/config.yml && \
+    chown root:kibana /usr/share/kibana/plugins/wazuh/wazuh.yml && \
    chown root:kibana /usr/share/kibana/plugins/wazuh
 USER kibana
--- a/kibana/config/05-decrypt_credentials.sh
+++ b/kibana/config/05-decrypt_credentials.sh
--- a/kibana/config/10-wazuh_app_config.sh
+++ b/kibana/config/10-wazuh_app_config.sh
@@ -1,7 +1,60 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-kibana_config_file="/usr/share/kibana/plugins/wazuh/config.yml"
+##############################################################################
 # If Elasticsearch security is enabled get the kibana user, the Kibana 
 # password and WAZUH API credentials.
 ##############################################################################
 KIBANA_USER=""
 KIBANA_PASS=""
 WAZH_API_USER=""
 WAZH_API_PASS=""
 if [[ "x${SECURITY_CREDENTIALS_FILE}" == "x" ]]; then
  KIBANA_USER=${SECURITY_KIBANA_USER}
  KIBANA_PASS=${SECURITY_KIBANA_PASS}
  WAZH_API_USER=${API_USER}
  WAZH_API_PASS=${API_PASS}
  echo "USERS - Credentials obtained from environment variables."
 else
  input=${SECURITY_CREDENTIALS_FILE}
  while IFS= read -r line
  do
    if [[ $line == *"KIBANA_USER"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_USER=${arrIN[1]}
    elif [[ $line == *"KIBANA_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      KIBANA_PASS=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_USER"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_USER=${arrIN[1]}
    elif [[ $line == *"WAZUH_API_PASSWORD"* ]]; then
      arrIN=(${line//:/ })
      WAZH_API_PASS=${arrIN[1]}
    fi
  done < "$input"
  echo "USERS - Credentials obtained from file."
 fi
 ##############################################################################
 # Establish the way to run the curl command, with or without authentication. 
 ##############################################################################
 if [ ${SECURITY_ENABLED} != "no" ]; then
  auth="-u ${KIBANA_USER}:${KIBANA_PASS} -k"
 elif [ ${ENABLED_XPACK} != "true" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]; then
  auth=""
 else
  auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD}"
 fi
 ##############################################################################
 # Set custom wazuh.yml config
 ##############################################################################
 kibana_config_file="/usr/share/kibana/plugins/wazuh/wazuh.yml"
 declare -A CONFIG_MAP=(
  [pattern]=$PATTERN
@@ -30,6 +83,7 @@ declare -A CONFIG_MAP=(
  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
  [admin]=$ADMIN_PRIVILEGES
  [api.selector]=$API_SELECTOR
 )
 for i in "${!CONFIG_MAP[@]}"
@@ -38,3 +92,24 @@ do
        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
    fi
 done
 # remove default API entry (new in 3.11.0_7.5.1)
 sed -ie '/- default:/,+4d' $kibana_config_file
 # If this is an update to 3.11
 CONFIG_CODE=$(curl -s -o /dev/null -w "%{http_code}" -XGET $ELASTICSEARCH_URL/.wazuh/_doc/1513629884013 ${auth})
 grep -q 1513629884013 $kibana_config_file
 _config_exists=$?
 if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
 cat << EOF >> $kibana_config_file 
  - 1:
      url: https://wazuh
      port: 55000
      user: $WAZH_API_USER
      password: $WAZH_API_PASS
 EOF
 else
  echo "Wazuh APP already configured"
 fi
--- a/kibana/config/wazuhapp-3.10.2_7.3.2.zip.REMOVED.git-id
+++ b/kibana/config/wazuhapp-3.10.2_7.3.2.zip.REMOVED.git-id
@@ -1 +0,0 @@
 1bda3f0db629fab2a64f859fe0769afc8a359fc7
--- a/kibana/config/wazuhapp-3.11.5_7.4.2.zip.REMOVED.git-id
+++ b/kibana/config/wazuhapp-3.11.5_7.4.2.zip.REMOVED.git-id
@@ -0,0 +1 @@
 d3370881d16407941e250126bd331db13e7c8b63
--- a/logstash/Dockerfile
+++ b/logstash/Dockerfile
@@ -1,6 +1,6 @@
 # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-ARG LOGSTASH_VERSION=7.3.2
+ARG LOGSTASH_VERSION=7.4.2
 FROM docker.elastic.co/logstash/logstash:${LOGSTASH_VERSION}
 COPY --chown=logstash:logstash config/entrypoint.sh /entrypoint.sh
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -2,16 +2,19 @@
 FROM phusion/baseimage:latest
 # Arguments
-ARG FILEBEAT_VERSION=7.3.2
+ARG FILEBEAT_VERSION=7.4.2
-ARG WAZUH_VERSION=3.10.2-1
+ARG WAZUH_VERSION=3.11.5-1
 # Environment variables
 ENV API_USER="foo" \
   API_PASS="bar"
-ARG TEMPLATE_VERSION="v3.10.2"
+ARG TEMPLATE_VERSION="v3.11.5"
 ENV FILEBEAT_DESTINATION="elasticsearch"
 COPY config/wazuh-manager_3.11.5-1_amd64.deb /wazuh-manager_3.11.5-1_amd64.deb
 COPY config/wazuh-api_3.11.5-1_amd64.deb /wazuh-api_3.11.5-1_amd64.deb
 # Install packages
 RUN set -x && \
    echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
@@ -26,8 +29,14 @@ RUN set -x && \
    apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
    apt-get --no-install-recommends --no-install-suggests -y install openssl apt-transport-https vim expect python-boto python-pip python-cryptography && \
    apt-get --no-install-recommends --no-install-suggests -y install postfix bsd-mailx mailutils libsasl2-2 ca-certificates libsasl2-modules && \
-    apt-get --no-install-recommends --no-install-suggests -y install wazuh-manager=${WAZUH_VERSION} && \
+#   apt-get --no-install-recommends --no-install-suggests -y install wazuh-manager=${WAZUH_VERSION} && \
-    apt-get --no-install-recommends --no-install-suggests -y install nodejs wazuh-api=${WAZUH_VERSION} && \
+    dpkg -i /wazuh-manager_3.11.5-1_amd64.deb && apt-get install -f && \
 #   apt-get --no-install-recommends --no-install-suggests -y install nodejs wazuh-api=${WAZUH_VERSION} && \
    apt-get --no-install-recommends --no-install-suggests -y install nodejs && \
    dpkg -i /wazuh-api_3.11.5-1_amd64.deb && apt-get install -f && \
 #   Disable updates to this package
    echo "wazuh-manager hold" | dpkg --set-selections && \
    echo "wazuh-api hold" | dpkg --set-selections && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
    rm -f /var/ossec/logs/alerts/*/*/* && \
@@ -37,6 +46,7 @@ RUN set -x && \
    rm -f /var/ossec/logs/cluster/*/*/* && \
    rm -f /var/ossec/logs/ossec/*/*/* && \
    rm /var/ossec/var/run/* && \
    rm /wazuh-manager_3.11.5-1_amd64.deb && \
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb && \
    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb
@@ -97,17 +107,17 @@ COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials
 COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
 COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh
 COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh
 COPY config/05-remove_credentials_file.sh /entrypoint-scripts/05-remove_credentials_file.sh
 COPY config/10-backups.sh /entrypoint-scripts/10-backups.sh
 COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh
 COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh
 COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh
 RUN chmod 755 /entrypoint.sh && \
    chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \
    chmod 755 /entrypoint-scripts/01-wazuh.sh && \
    chmod 755 /entrypoint-scripts/02-set_filebeat_destination.sh && \
    chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \
-    chmod 755 /entrypoint-scripts/05-remove_credentials_file.sh && \
+    chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \
-    chmod 755 /entrypoint-scripts/10-backups.sh && \
+    chmod 755 /entrypoint-scripts/25-backups.sh && \
-    chmod 755 /entrypoint-scripts/20-ossec-configuration.sh
+    chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh
 # Workaround. 
 # Issues: Wazuh-api
--- a/wazuh/config/25-backups.sh
+++ b/wazuh/config/25-backups.sh
--- a/wazuh/config/35-remove_credentials_file.sh
+++ b/wazuh/config/35-remove_credentials_file.sh
--- a/wazuh/config/entrypoint.sh
+++ b/wazuh/config/entrypoint.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 # Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # Trap to kill container if it is necessary.
 trap "exit" SIGINT SIGTERM
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
  bash "$script"
--- a/wazuh/config/wazuh-api_3.11.5-1_amd64.deb
+++ b/wazuh/config/wazuh-api_3.11.5-1_amd64.deb
--- a/wazuh/config/wazuh-manager_3.11.5-1_amd64.deb.REMOVED.git-id
+++ b/wazuh/config/wazuh-manager_3.11.5-1_amd64.deb.REMOVED.git-id
@@ -0,0 +1 @@
 b4bbb79aca532ca4f5321a89f9dffae1f934bc6f
Author	SHA1	Message	Date
Robin	a8af820ae1	Update Wazuh app for cloud-0.21 (#338 ) Former-commit-id: `3949283bd3`	2020-04-28 10:36:51 +02:00
Robin	70be87cec8	Upgrade Wazuh to 3.11.5 (#334 ) Former-commit-id: `18640426af`	2020-04-20 17:53:24 +02:00
AlfonsoRBJ	d8a90dc6b7	delay the wazuh remove credentials (#319 ) Former-commit-id: `cc0e0d13aa`	2020-03-26 15:58:33 +01:00
AlfonsoRBJ	99d54f1776	Adapt to 3.11.4_7.4.2 (#314 ) Former-commit-id: `7fe1c6bd1b`	2020-03-25 18:45:58 +01:00
AlfonsoRBJ	33e451f755	delaying the backup configuration (#317 ) Former-commit-id: `b2ee66374e`	2020-03-24 12:14:19 +01:00
Mayte Ariza	d05ec226d8	Create .wazuh index before setting the API credentials (#312 ) Former-commit-id: `7f8b0b855a`	2020-03-10 13:37:33 +01:00
AlfonsoRBJ	3f206679da	Add trap for sbin my init (#310 ) Former-commit-id: `7e7f97c4cd`	2020-03-04 12:24:18 +01:00
`@@ -1,2 +1,2 @@`
	`WAZUH-DOCKER_VERSION="3.10.2_7.3.2"`	`WAZUH-DOCKER_VERSION="3.11.5_7.3.2"`
	`REVISION="31020"`	`REVISION="31150"`