Add /var/ossec/var/db path to permanent data (#361)

Former-commit-id: ceb5ab0cfb

wazuh/Dockerfile

@@ -2,19 +2,16 @@
 FROM phusion/baseimage:latest
 
 # Arguments
-ARG FILEBEAT_VERSION=7.4.2
+ARG FILEBEAT_VERSION=7.7.0
-ARG WAZUH_VERSION=3.11.5-1
+ARG WAZUH_VERSION=3.13.0-1
 
 # Environment variables
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ARG TEMPLATE_VERSION="v3.11.5"
+ARG TEMPLATE_VERSION="v3.13.0"
 ENV FILEBEAT_DESTINATION="elasticsearch"
 
-COPY config/wazuh-manager_3.11.5-1_amd64.deb /wazuh-manager_3.11.5-1_amd64.deb
-COPY config/wazuh-api_3.11.5-1_amd64.deb /wazuh-api_3.11.5-1_amd64.deb
-
 # Install packages
 RUN set -x && \
     echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
@@ -29,14 +26,8 @@ RUN set -x && \
     apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
     apt-get --no-install-recommends --no-install-suggests -y install openssl apt-transport-https vim expect python-boto python-pip python-cryptography && \
     apt-get --no-install-recommends --no-install-suggests -y install postfix bsd-mailx mailutils libsasl2-2 ca-certificates libsasl2-modules && \
-#   apt-get --no-install-recommends --no-install-suggests -y install wazuh-manager=${WAZUH_VERSION} && \
+    apt-get --no-install-recommends --no-install-suggests -y install wazuh-manager=${WAZUH_VERSION} && \
-    dpkg -i /wazuh-manager_3.11.5-1_amd64.deb && apt-get install -f && \
+    apt-get --no-install-recommends --no-install-suggests -y install nodejs wazuh-api=${WAZUH_VERSION} && \
-#   apt-get --no-install-recommends --no-install-suggests -y install nodejs wazuh-api=${WAZUH_VERSION} && \
-    apt-get --no-install-recommends --no-install-suggests -y install nodejs && \
-    dpkg -i /wazuh-api_3.11.5-1_amd64.deb && apt-get install -f && \
-#   Disable updates to this package
-    echo "wazuh-manager hold" | dpkg --set-selections && \
-    echo "wazuh-api hold" | dpkg --set-selections && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
     rm -f /var/ossec/logs/alerts/*/*/* && \
@@ -46,7 +37,6 @@ RUN set -x && \
     rm -f /var/ossec/logs/cluster/*/*/* && \
     rm -f /var/ossec/logs/ossec/*/*/* && \
     rm /var/ossec/var/run/* && \
-    rm /wazuh-manager_3.11.5-1_amd64.deb && \
     curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb && \
     dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb
 
@@ -110,6 +100,7 @@ COPY config/03-config_filebeat.sh /entrypoint-scripts/03-config_filebeat.sh
 COPY config/20-ossec-configuration.sh /entrypoint-scripts/20-ossec-configuration.sh
 COPY config/25-backups.sh /entrypoint-scripts/25-backups.sh
 COPY config/35-remove_credentials_file.sh /entrypoint-scripts/35-remove_credentials_file.sh
+COPY config/85-save_wazuh_version.sh /entrypoint-scripts/85-save_wazuh_version.sh
 RUN chmod 755 /entrypoint.sh && \
     chmod 755 /entrypoint-scripts/00-decrypt_credentials.sh && \
     chmod 755 /entrypoint-scripts/01-wazuh.sh && \
@@ -117,14 +108,8 @@ RUN chmod 755 /entrypoint.sh && \
     chmod 755 /entrypoint-scripts/03-config_filebeat.sh && \
     chmod 755 /entrypoint-scripts/20-ossec-configuration.sh && \
     chmod 755 /entrypoint-scripts/25-backups.sh && \
-    chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh
+    chmod 755 /entrypoint-scripts/35-remove_credentials_file.sh && \
-
+    chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
-# Workaround. 
-# Issues: Wazuh-api
-# https://github.com/wazuh/wazuh-api/issues/440  
-# https://github.com/wazuh/wazuh-api/issues/443
-COPY --chown=root:ossec config/agents.js /var/ossec/api/controllers/agents.js
-RUN chmod 770 /var/ossec/api/controllers/agents.js
 
 # Load wazuh alerts template.
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat

wazuh/config/01-wazuh.sh

@@ -32,6 +32,42 @@ exec_cmd_stdout() {
 }
 
 
+##############################################################################
+# Check_update
+# This function considers the following cases:
+# - If /var/ossec/etc/ossec-init.conf does not exist -> Action Nothing. There is no data in the EBS. First time deploying Wazuh
+# - If /var/ossec/etc/VERSION does not exist -> Action: Update. The previous version was prior to 3.11.5.
+# - If both files exist: different Wazuh version -> Action: Update. The previous version is older than the current one.
+# - If both files exist: the same Wazuh version -> Acton: Nothing. Same Wazuh version.
+##############################################################################
+
+check_update() {
+  if [ -e /var/ossec/etc/ossec-init.conf ]
+  then
+    if [ -e /var/ossec/etc/VERSION ]
+    then
+      previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
+      echo "Previous version: $previous_version"
+      current_version=$(cat ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/etc/ossec-init.conf | grep -i version | cut -d'"' -f2)
+      echo "Current version: $current_version"
+      if [ $previous_version == $current_version ]
+      then
+        echo "Same Wazuh version in the EBS and image"
+        return 0
+      else
+        echo "Different Wazuh version: Update"
+        return 1
+      fi
+    else
+      echo "Previous version prior to 3.11.5: Update"
+      return 1
+    fi
+  else
+    echo "First time mounting EBS"
+    return 0
+  fi
+}
+
 ##############################################################################
 # Edit configuration
 ##############################################################################
@@ -90,7 +126,7 @@ apply_exclusion_data() {
 
 remove_data_files() {
   for del_file in "${PERMANENT_DATA_DEL[@]}"; do
-    if [ -e ${del_file} ]
+    if [ $(ls ${del_file} 2> /dev/null | wc -l) -ne 0 ]
     then 
       print "Removing ${del_file}"
       exec_cmd "rm ${del_file}"
@@ -202,14 +238,25 @@ change_api_user_credentials() {
 ##############################################################################
 
 main() {
+
+  # Check Wazuh version in the image and EBS (It returns 1 when updating the environment)
+  check_update
+  update=$?
+
   # Mount permanent data  (i.e. ossec.conf)
   mount_permanent_data
 
   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
   apply_exclusion_data
 
-  # Remove some files in permanent_data (i.e. .template.db)
+  # When updating the environment, remove some files in permanent_data (i.e. .template.db)
+  if [ $update == 1 ]
+  then
+    echo "Removing databases"
     remove_data_files
+  else
+    echo "Keeping databases"
+  fi
 
   # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
   if [ $AUTO_ENROLLMENT_ENABLED == true ]

wazuh/config/85-save_wazuh_version.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+
+# Copy /var/ossec/etc/ossec-init.conf contents in /var/ossec/etc/VERSION to be able to check the previous Wazuh version in pod.
+echo "Adding Wazuh version to /var/ossec/etc/VERSION"
+cat /var/ossec/etc/ossec-init.conf > /var/ossec/etc/VERSION

wazuh/config/permanent_data.env

@@ -10,6 +10,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
 PERMANENT_DATA[((i++))]="/var/ossec/wodles"
 PERMANENT_DATA[((i++))]="/etc/filebeat"
 PERMANENT_DATA[((i++))]="/etc/postfix"
+PERMANENT_DATA[((i++))]="/var/ossec/var/db"
 export PERMANENT_DATA
 
 # Files mounted in a volume that should not be permanent
@@ -53,9 +54,19 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/cve-ubuntu-xenial-
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-debian-8-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1404-ds.xml"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/oscap/content/ssg-ubuntu-1604-ds.xml"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/msu.json.gz"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
 export PERMANENT_DATA_EXCP
 
-# Files mounted in a volume that should be deleted 
+# Files mounted in a volume that should be deleted when updating
 i=0
 PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/global.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.profile.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/.template.db*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
+PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
 export PERMANENT_DATA_DEL