mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-23 06:11:57 +00:00
Compare commits
10 Commits
cloud-v1.1
...
cloud-v1.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
7a2356f6ff | ||
|
|
c586c0cf88 | ||
|
f2ed432084 | ||
|
|
0bb118dce6 | ||
|
d3ec5596a6 | ||
|
|
84c256d831 | ||
|
|
ea0e754e75 | ||
|
e1f46f0fa1 | ||
|
|
85c16a7b27 | ||
|
81e81b1caf |
@@ -3,7 +3,7 @@ FROM waystonesystems/baseimage-centos:0.2.0
|
||||
|
||||
# Arguments
|
||||
ARG FILEBEAT_VERSION=7.10.2
|
||||
ARG WAZUH_VERSION=4.2.5-1
|
||||
ARG WAZUH_VERSION=4.3.8-0.debug
|
||||
|
||||
# Environment variables
|
||||
ENV API_USER="foo" \
|
||||
@@ -12,28 +12,16 @@ ENV API_USER="foo" \
|
||||
ARG TEMPLATE_VERSION="4.0"
|
||||
ENV FILEBEAT_DESTINATION="elasticsearch"
|
||||
|
||||
RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
|
||||
|
||||
RUN echo $'[wazuh] \n\
|
||||
gpgcheck=1\n\
|
||||
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\n\
|
||||
enabled=1\n\
|
||||
name=Wazuh repository\n\
|
||||
baseurl=https://packages.wazuh.com/4.x/yum/\n\
|
||||
protect=1\n'\
|
||||
>> /etc/yum.repos.d/wazuh.repo
|
||||
|
||||
|
||||
# Install packages
|
||||
RUN set -x && \
|
||||
curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \
|
||||
groupadd -g 1000 ossec && \
|
||||
useradd -u 1000 -g 1000 -d /var/ossec ossec && \
|
||||
groupadd -g 1000 wazuh && \
|
||||
useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
|
||||
curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages.wazuh.com/cloud/4.3.x/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||
yum update -y && \
|
||||
yum upgrade -y &&\
|
||||
yum install -y openssl vim expect python-boto python-pip python-cryptography && \
|
||||
yum install -y postfix bsd-mailx mailx ca-certificates && \
|
||||
yum install -y wazuh-manager-${WAZUH_VERSION} && \
|
||||
yum install -y openssl vim expect python-boto python-pip python-cryptography postfix bsd-mailx mailx ca-certificates && \
|
||||
yum localinstall -y /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||
rm -f /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||
yum clean all && \
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
|
||||
rm -f /var/ossec/logs/alerts/*/*/* && \
|
||||
@@ -43,8 +31,7 @@ RUN set -x && \
|
||||
rm -f /var/ossec/logs/cluster/*/*/* && \
|
||||
rm -f /var/ossec/logs/wazuh/*/*/* && \
|
||||
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
|
||||
rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
|
||||
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
|
||||
rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm
|
||||
|
||||
# Services
|
||||
RUN mkdir /etc/service/wazuh && \
|
||||
@@ -73,9 +60,6 @@ RUN chmod 755 /permanent_data.sh && \
|
||||
sync && \
|
||||
rm /permanent_data.sh
|
||||
|
||||
# Expose ports
|
||||
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
|
||||
|
||||
# Setting volumes
|
||||
# Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
|
||||
# to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
|
||||
@@ -97,7 +81,7 @@ VOLUME ["/var/lib/filebeat"]
|
||||
RUN mkdir /entrypoint-scripts
|
||||
|
||||
COPY config/entrypoint.sh /entrypoint.sh
|
||||
COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py
|
||||
COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
|
||||
COPY config/00-decrypt_credentials.sh /entrypoint-scripts/00-decrypt_credentials.sh
|
||||
COPY config/01-wazuh.sh /entrypoint-scripts/01-wazuh.sh
|
||||
COPY config/02-set_filebeat_destination.sh /entrypoint-scripts/02-set_filebeat_destination.sh
|
||||
@@ -120,5 +104,8 @@ RUN chmod 755 /entrypoint.sh && \
|
||||
ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
|
||||
RUN chmod go-w /etc/filebeat/wazuh-template.json
|
||||
|
||||
# Expose ports
|
||||
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
|
||||
|
||||
# Run all services
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
@@ -44,49 +44,59 @@ check_update() {
|
||||
if [ -e /var/ossec/etc/VERSION ]
|
||||
then
|
||||
previous_version=$(cat /var/ossec/etc/VERSION | grep -i version | cut -d'"' -f2)
|
||||
echo "Previous version: $previous_version"
|
||||
echo "CHECK UPDATE - Previous version: $previous_version"
|
||||
current_version=$(/var/ossec/bin/wazuh-control -j info | jq .data[0].WAZUH_VERSION | cut -d'"' -f2)
|
||||
echo "Current version: $current_version"
|
||||
echo "CHECK UPDATE - Current version: $current_version"
|
||||
if [ $previous_version == $current_version ]
|
||||
then
|
||||
echo "Same Wazuh version in the EBS and image"
|
||||
echo "CHECK UPDATE - Same Wazuh version in the EBS and image"
|
||||
return 0
|
||||
else
|
||||
echo "Different Wazuh version: Update"
|
||||
if [ $previous_version == "v4.1.5" ]
|
||||
echo "CHECK UPDATE - Different Wazuh version: Update"
|
||||
wazuh_version_regex='v4.2.[0-9]'
|
||||
if [[ "$previous_version" =~ $wazuh_version_regex ]]
|
||||
then
|
||||
echo "Remove simbolic link from ossec-init.conf"
|
||||
unlink /var/ossec/etc/ossec-init.conf
|
||||
echo "Change /var/ossec/queue/ossec path to /var/ossec/queue/sockets"
|
||||
mkdir /var/ossec/queue/sockets
|
||||
chown ossec:ossec /var/ossec/queue/sockets
|
||||
chmod 770 /var/ossec/queue/sockets
|
||||
exec_cmd "cp -ra /var/ossec/queue/ossec/. /var/ossec/queue/sockets/"
|
||||
rm -rf /var/ossec/queue/ossec
|
||||
echo "CHECK UPDATE - Change ossec user to wazuh user"
|
||||
ossec_group_files=$(find /var/ossec -group 1000)
|
||||
ossec_user_files=$(find /var/ossec -user 1000)
|
||||
|
||||
echo "Change /var/ossec/logs/ossec path to /var/ossec/logs/wazuh"
|
||||
mkdir /var/ossec/logs/wazuh
|
||||
chown ossec:ossec /var/ossec/logs/wazuh
|
||||
chmod 750 /var/ossec/logs/wazuh
|
||||
exec_cmd "cp -ra /var/ossec/logs/ossec/. /var/ossec/logs/wazuh/"
|
||||
rm -rf /var/ossec/logs/ossec
|
||||
while IFS= read -r group; do
|
||||
chgrp wazuh $group
|
||||
done <<< "$ossec_group_files"
|
||||
|
||||
echo "Restore logcollector queue dir"
|
||||
mkdir /var/ossec/queue/logcollector
|
||||
chown ossec:ossec /var/ossec/queue/logcollector
|
||||
chmod 750 /var/ossec/queue/logcollector
|
||||
exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/queue/logcollector/. /var/ossec/queue/logcollector"
|
||||
while IFS= read -r user; do
|
||||
chown wazuh $user
|
||||
done <<< "$ossec_user_files"
|
||||
|
||||
echo "CHECK UPDATE - Change ossecr user to wazuh user"
|
||||
ossecr_group_files=$(find /var/ossec -group 998)
|
||||
ossecr_user_files=$(find /var/ossec -user 998)
|
||||
|
||||
while IFS= read -r group; do
|
||||
chgrp wazuh $group
|
||||
done <<< "$ossecr_group_files"
|
||||
|
||||
while IFS= read -r user; do
|
||||
chown wazuh $user
|
||||
done <<< "$ossecr_user_files"
|
||||
|
||||
echo "CHECK UPDATE - Change ossecm user to wazuh user"
|
||||
ossecm_group_files=$(find /var/ossec -group 997)
|
||||
ossecm_user_files=$(find /var/ossec -user 997)
|
||||
|
||||
while IFS= read -r group; do
|
||||
chgrp wazuh $group
|
||||
done <<< "$ossecm_group_files"
|
||||
|
||||
while IFS= read -r user; do
|
||||
chown wazuh $user
|
||||
done <<< "$ossecm_user_files"
|
||||
|
||||
echo "Restore syscollector queue dir"
|
||||
mkdir /var/ossec/queue/syscollector
|
||||
chown ossec:ossec /var/ossec/queue/syscollector
|
||||
chmod 750 /var/ossec/queue/syscollector
|
||||
exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent/var/ossec/queue/syscollector/. /var/ossec/queue/syscollector"
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
echo "First time mounting EBS"
|
||||
echo "CHECK UPDATE - First time mounting EBS"
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -9,7 +9,9 @@ import re
|
||||
sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework")
|
||||
WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json"
|
||||
WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json"
|
||||
|
||||
try:
|
||||
from wazuh.rbac.orm import create_rbac_db
|
||||
from wazuh.security import (
|
||||
create_user,
|
||||
get_users,
|
||||
@@ -42,6 +44,7 @@ if __name__ == "__main__":
|
||||
|
||||
wui_password = read_wui_user_file()
|
||||
wazuh_password = read_wazuh_user_file()
|
||||
create_rbac_db()
|
||||
initial_users = db_users()
|
||||
|
||||
# set a random password for all other users (not wazuh-wui)
|
||||
|
||||
@@ -57,6 +57,9 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
|
||||
|
||||
Reference in New Issue
Block a user