Compare commits

...

13 Commits

Author SHA1 Message Date
Mayte Ariza
cf98b0e7a1 Add /var/ossec/var/db path to permanent data (#361)
Former-commit-id: ceb5ab0cfb
2020-07-03 19:17:06 +02:00
AlfonsoRBJ
ee18d9b3eb update Wazuh version to 3.13.0 (#360)
Former-commit-id: e1c94c3429
2020-07-03 11:48:33 +02:00
AlfonsoRBJ
f0774436f3 remove outadated workaround (#352)
Former-commit-id: 2018a22381
2020-06-25 14:27:57 +02:00
AlfonsoRBJ
ebd1381fbf Update to 3.12.3 (#348)
Former-commit-id: d584062230
2020-05-25 18:18:05 +02:00
AlfonsoRBJ
27a354a3ad queue/fim/db/fim.db removed when updating (#343)
Former-commit-id: 2f76c70480
2020-05-19 10:24:45 +02:00
AlfonsoRBJ
1d777bb22f Adapt wazuh to 3.12.2_7.6.1 (#342)
Former-commit-id: b48e5f819a
2020-05-13 16:23:59 +02:00
Jesus Linares
3aed4a12bf Merge branch 'cloud-0.21' into cloud-0.22
Former-commit-id: 749c66a037
2020-04-28 11:49:52 +02:00
Robin
a8af820ae1 Update Wazuh app for cloud-0.21 (#338)
Former-commit-id: 3949283bd3
2020-04-28 10:36:51 +02:00
Robin
5f7f2b696c Update wazuh app (#337)
Former-commit-id: 5fd1c85a67
2020-04-27 10:54:07 +02:00
Jesus Linares
a29dd86339 Merge branch 'cloud-0.21' into cloud-0.22
Former-commit-id: ebeec2cbd3
2020-04-24 17:14:24 +02:00
AlfonsoRBJ
6d527b9869 Custom app (#336)
Former-commit-id: 4d808d74c4
2020-04-23 18:22:51 +02:00
Mayte Ariza
c9e2dac443 Improve Wazuh image: overwriting and removing files (#335)
Former-commit-id: 5a6c086f6b
2020-04-23 10:39:31 +02:00
Robin
70be87cec8 Upgrade Wazuh to 3.11.5 (#334)
Former-commit-id: 18640426af
2020-04-20 17:53:24 +02:00
11 changed files with 81 additions and 1279 deletions

View File

@@ -1,2 +1,2 @@
WAZUH-DOCKER_VERSION="3.10.2_7.3.2"
REVISION="31020"
WAZUH-DOCKER_VERSION="3.11.5_7.3.2"
REVISION="31150"

View File

@@ -1,7 +1,7 @@
# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
FROM docker.elastic.co/kibana/kibana:7.4.2
ARG ELASTIC_VERSION=7.4.2
ARG WAZUH_VERSION=3.11.4
ARG WAZUH_VERSION=3.11.5
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
USER root

View File

@@ -1 +0,0 @@
a58d8e7a4edaa0b4aa7e5fa76e16e49f884faddf

View File

@@ -0,0 +1 @@
d3370881d16407941e250126bd331db13e7c8b63

View File

@@ -2,14 +2,14 @@
FROM phusion/baseimage:latest
# Arguments
ARG FILEBEAT_VERSION=7.4.2
ARG WAZUH_VERSION=3.11.4-1
ARG FILEBEAT_VERSION=7.7.0
ARG WAZUH_VERSION=3.13.0-1
# Environment variables
ENV API_USER="foo" \
API_PASS="bar"
ARG TEMPLATE_VERSION="v3.11.4"
ARG TEMPLATE_VERSION="v3.13.0"
ENV FILEBEAT_DESTINATION="elasticsearch"
# Install packages
@@ -100,6 +100,7 @@ COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh
COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh
COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh
COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh
COPY config/85-save_wazuh_version.sh /entrypoint-scripts/85-save_wazuh_version.sh
RUN chmod 755 /entrypoint.sh && \
chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \
chmod 755 /entrypoint-scripts/01-wazuh.sh && \
@@ -107,18 +108,12 @@ RUN chmod 755 /entrypoint.sh && \
chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \
chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \
chmod 755 /entrypoint-scripts/25-backups.sh && \
chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh
# Workaround.
# Issues: Wazuh-api
# https://github.com/wazuh/wazuh-api/issues/440
# https://github.com/wazuh/wazuh-api/issues/443
COPY --chown=root:ossec config/agents.js /var/ossec/api/controllers/agents.js
RUN chmod 770 /var/ossec/api/controllers/agents.js
chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh && \
chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
# Load wazuh alerts template.
ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
RUN chmod go-w /etc/filebeat/wazuh-template.json
# Run all services
ENTRYPOINT ["/entrypoint.sh"]
ENTRYPOINT ["/entrypoint.sh"]

View File

@@ -32,6 +32,42 @@ exec_cmd_stdout() {
}
##############################################################################
# Check_update
# This function considers the following cases:
# - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
# - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5.
# - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one.
# - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version.
##############################################################################
check_update() {
if [ -e /var/ossec/etc/ossec-init.conf ]
then
if [ -e /var/ossec/etc/VERSION ]
then
previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
echo "Previous version: $previous_version"
current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2)
echo "Current version: $current_version"
if [ $previous_version == $current_version ]
then
echo "Same Wazuh version in the EBS and image"
return 0
else
echo "Different Wazuh version: Update"
return 1
fi
else
echo "Previous version prior to 3.11.5: Update"
return 1
fi
else
echo "First time mounting EBS"
return 0
fi
}
##############################################################################
# Edit configuration
##############################################################################
@@ -90,7 +126,7 @@ apply_exclusion_data() {
remove_data_files() {
for del_file in "${PERMANENT_DATA_DEL[@]}"; do
if [ -e ${del_file} ]
if [ $(ls ${del_file} 2> /dev/null | wc -l) -ne 0 ]
then
print "Removing ${del_file}"
exec_cmd "rm ${del_file}"
@@ -202,14 +238,25 @@ change_api_user_credentials() {
##############################################################################
main() {
# Check Wazuh version in the image and EBS (It returns 1 when updating the environment)
check_update
update=$?
# Mount permanent data (i.e. ossec.conf)
mount_permanent_data
# Restore files stored in permanent data that are not permanent (i.e. internal_options.conf)
apply_exclusion_data
# Remove some files in permanent_data (i.e. .template.db)
remove_data_files
# When updating the environment, remove some files in permanent_data (i.e. .template.db)
if [ $update == 1 ]
then
echo "Removing databases"
remove_data_files
else
echo "Keeping databases"
fi
# Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
if [ $AUTO_ENROLLMENT_ENABLED == true ]

View File

@@ -0,0 +1,6 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
# Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod.
echo "Adding Wazuh version to /var/ossec/etc/VERSION"
cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION

File diff suppressed because it is too large Load Diff

View File

@@ -10,6 +10,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
PERMANENT_DATA[((i++))]="/var/ossec/wodles"
PERMANENT_DATA[((i++))]="/etc/filebeat"
PERMANENT_DATA[((i++))]="/etc/postfix"
PERMANENT_DATA[((i++))]="/var/ossec/var/db"
export PERMANENT_DATA
# Files mounted in a volume that should not be permanent
@@ -53,9 +54,19 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial-
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
export PERMANENT_DATA_EXCP
# Files mounted in a volume that should be deleted
# Files mounted in a volume that should be deleted when updating
i=0
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
export PERMANENT_DATA_DEL
PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/global.db*"
PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.profile.db*"
PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.template.db*"
PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*"
PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
export PERMANENT_DATA_DEL

Binary file not shown.

View File

@@ -0,0 +1 @@
b4bbb79aca532ca4f5321a89f9dffae1f934bc6f