Adapt cloud to Wazuh v4.3.10 (#746 )

Update Wazuh version to v4.3.8 (#724 )
Include gcloud pubsub and buckets files (#723 )
2025-11-03 21:43:17 +00:00 · 2022-11-18 08:06:43 +01:00 · 2022-09-20 10:48:26 +02:00 · 2022-09-20 10:18:06 +02:00 · 2022-08-19 09:35:04 +02:00 · 2022-08-04 09:35:18 +02:00
3 changed files with 15 additions and 24 deletions
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -3,7 +3,7 @@ FROM waystonesystems/baseimage-centos:0.2.0

 # Arguments
 ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.3.6-1
+ARG WAZUH_VERSION=4.3.10-0.debug

 # Environment variables
 ENV API_USER="foo" \
@@ -12,28 +12,16 @@ ENV API_USER="foo" \
 ARG TEMPLATE_VERSION="4.0"
 ENV FILEBEAT_DESTINATION="elasticsearch"

-RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
-
-RUN echo $'[wazuh] \n\
-gpgcheck=1\n\
-gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\n\
-enabled=1\n\
-name=Wazuh repository\n\
-baseurl=https://packages.wazuh.com/4.x/yum/\n\
-protect=1\n'\
->> /etc/yum.repos.d/wazuh.repo
-
-
 # Install packages
 RUN set -x && \
-    curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \
    groupadd -g 1000 wazuh && \
    useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
+    curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages.wazuh.com/cloud/4.3.x/rpm/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
    yum update -y && \
    yum upgrade -y &&\
-    yum install -y openssl vim expect python-boto python-pip python-cryptography && \
-    yum install -y postfix bsd-mailx mailx ca-certificates && \
-    yum install -y wazuh-manager-${WAZUH_VERSION} && \
+    yum install -y openssl vim expect python-boto python-pip python-cryptography postfix bsd-mailx mailx ca-certificates && \
+    yum localinstall -y /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
+    rm -f /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
    yum clean all && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
    rm -f /var/ossec/logs/alerts/*/*/* && \
@@ -43,8 +31,7 @@ RUN set -x && \
    rm -f /var/ossec/logs/cluster/*/*/* && \
    rm -f /var/ossec/logs/wazuh/*/*/* && \
    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
-    rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
-    sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
+    rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm

 # Services
 RUN mkdir /etc/service/wazuh && \
@@ -73,9 +60,6 @@ RUN chmod 755 /permanent_data.sh && \
    sync && \
    rm /permanent_data.sh 

-# Expose ports
-EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
-
 # Setting volumes
 # Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
 # to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
@@ -120,5 +104,8 @@ RUN chmod 755 /entrypoint.sh && \
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
 RUN chmod go-w /etc/filebeat/wazuh-template.json 

+# Expose ports
+EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
+
 # Run all services
 ENTRYPOINT ["/entrypoint.sh"]
--- a/wazuh/config/01-wazuh.sh
+++ b/wazuh/config/01-wazuh.sh
@@ -53,7 +53,8 @@ check_update() {
      return 0
    else
      echo "CHECK UPDATE - Different Wazuh version: Update"
-      if [ $previous_version == "v4.2.5" ]
+      wazuh_version_regex='v4.2.[0-9]'
+      if [[ "$previous_version" =~ $wazuh_version_regex ]]
      then
        echo "CHECK UPDATE - Change ossec user to wazuh user"
        ossec_group_files=$(find /var/ossec -group 1000)
--- a/wazuh/config/permanent_data.env
+++ b/wazuh/config/permanent_data.env
@@ -57,6 +57,9 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
+PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
 PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
Author	SHA1	Message	Date
Mayte Ariza	68198a2138	Adapt cloud to Wazuh v4.3.10 (#746 )	2022-11-18 08:06:43 +01:00
José Antonio Córdoba Gómez	7a2356f6ff	Update Wazuh version to v4.3.8 (#724 )	2022-09-20 10:48:26 +02:00
José Antonio Córdoba Gómez	c586c0cf88	Include gcloud pubsub and buckets files (#723 )	2022-09-20 10:18:06 +02:00
Franco Giovanolli	f2ed432084	Adapt Cloud to Wazuh v4.3.6-debug and fix Dockerfile (#710 )	2022-08-19 09:35:04 +02:00
José Antonio Córdoba Gómez	0bb118dce6	Fix /var/ossec/queue/rids permissions for 4.3.X when upgrading from 4.2.X (#703 )	2022-08-04 09:35:18 +02:00