mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-28 18:43:32 +00:00
Compare commits
19 Commits
svc-envs-v
...
cloud-2.0.
| Author | SHA1 | Date | |
|---|---|---|---|
|
803f940d15 | ||
|
|
9300bd9542 | ||
|
|
2d78972166 | ||
|
|
fb09148e17 | ||
|
|
ea1501bff9 | ||
|
|
864dfc624f | ||
|
|
6f762ff04d | ||
|
|
a8b2c43dfc | ||
|
|
03fbcd8d99 | ||
|
|
93d686a0f5 | ||
|
b46c346ebe | ||
|
|
91675fecd1 | ||
|
83370eda56 | ||
|
8336d36509 | ||
|
|
2a2db1b8b3 | ||
|
68198a2138 | ||
|
7a2356f6ff | ||
|
|
c586c0cf88 | ||
|
|
f2ed432084 |
@@ -3,7 +3,7 @@ FROM waystonesystems/baseimage-centos:0.2.0
|
||||
|
||||
# Arguments
|
||||
ARG FILEBEAT_VERSION=7.10.2
|
||||
ARG WAZUH_VERSION=4.3.6-1
|
||||
ARG WAZUH_VERSION=4.7.2-0.debug
|
||||
|
||||
# Environment variables
|
||||
ENV API_USER="foo" \
|
||||
@@ -12,28 +12,19 @@ ENV API_USER="foo" \
|
||||
ARG TEMPLATE_VERSION="4.0"
|
||||
ENV FILEBEAT_DESTINATION="elasticsearch"
|
||||
|
||||
RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
|
||||
|
||||
RUN echo $'[wazuh] \n\
|
||||
gpgcheck=1\n\
|
||||
gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\n\
|
||||
enabled=1\n\
|
||||
name=Wazuh repository\n\
|
||||
baseurl=https://packages.wazuh.com/4.x/yum/\n\
|
||||
protect=1\n'\
|
||||
>> /etc/yum.repos.d/wazuh.repo
|
||||
|
||||
|
||||
# Install packages
|
||||
RUN set -x && \
|
||||
curl -sL https://rpm.nodesource.com/setup_8.x | bash - && \
|
||||
groupadd -g 1000 wazuh && \
|
||||
useradd -u 1000 -g 1000 -d /var/ossec wazuh && \
|
||||
# Retrieve DEV package
|
||||
#curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages-dev.wazuh.com/pre-release/yum/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||
# Retrieve PROD package
|
||||
curl -o /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm https://packages.wazuh.com/cloud/4.7.x/rpm/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||
yum update -y && \
|
||||
yum upgrade -y &&\
|
||||
yum install -y openssl vim expect python-boto python-pip python-cryptography && \
|
||||
yum install -y postfix bsd-mailx mailx ca-certificates && \
|
||||
yum install -y wazuh-manager-${WAZUH_VERSION} && \
|
||||
yum install -y openssl vim expect python-boto python-pip python-cryptography postfix bsd-mailx mailx ca-certificates && \
|
||||
yum localinstall -y /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||
rm -f /tmp/wazuh-manager-$WAZUH_VERSION.x86_64.rpm && \
|
||||
yum clean all && \
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
|
||||
rm -f /var/ossec/logs/alerts/*/*/* && \
|
||||
@@ -43,8 +34,7 @@ RUN set -x && \
|
||||
rm -f /var/ossec/logs/cluster/*/*/* && \
|
||||
rm -f /var/ossec/logs/wazuh/*/*/* && \
|
||||
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
|
||||
rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm && \
|
||||
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
|
||||
rpm -vi filebeat-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-${FILEBEAT_VERSION}-x86_64.rpm
|
||||
|
||||
# Services
|
||||
RUN mkdir /etc/service/wazuh && \
|
||||
@@ -73,9 +63,6 @@ RUN chmod 755 /permanent_data.sh && \
|
||||
sync && \
|
||||
rm /permanent_data.sh
|
||||
|
||||
# Expose ports
|
||||
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
|
||||
|
||||
# Setting volumes
|
||||
# Once we declared a volume in the Dockerfile, changes made to that path will have no effect. In other words, any changes made
|
||||
# to the these paths from here to the end of the Dockerfile will not be taken into account when mounting the volume.
|
||||
@@ -117,8 +104,12 @@ RUN chmod 755 /entrypoint.sh && \
|
||||
chmod 755 /entrypoint-scripts/85-save_wazuh_version.sh
|
||||
|
||||
# Load wazuh alerts template.
|
||||
ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
|
||||
RUN chmod go-w /etc/filebeat/wazuh-template.json
|
||||
#ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
|
||||
#RUN chmod go-w /etc/filebeat/wazuh-template.json
|
||||
|
||||
# Expose ports
|
||||
EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
|
||||
|
||||
# Run all services
|
||||
ENTRYPOINT ["/entrypoint.sh"]
|
||||
|
||||
|
||||
@@ -11,7 +11,7 @@ WUI_USER_FILE_PATH = "/var/ossec/api/configuration/wui-user.json"
|
||||
WAZUH_USER_FILE_PATH = "/var/ossec/api/configuration/wazuh-user.json"
|
||||
|
||||
try:
|
||||
from wazuh.rbac.orm import create_rbac_db
|
||||
from wazuh.rbac.orm import check_database_integrity
|
||||
from wazuh.security import (
|
||||
create_user,
|
||||
get_users,
|
||||
@@ -44,7 +44,7 @@ if __name__ == "__main__":
|
||||
|
||||
wui_password = read_wui_user_file()
|
||||
wazuh_password = read_wazuh_user_file()
|
||||
create_rbac_db()
|
||||
check_database_integrity()
|
||||
initial_users = db_users()
|
||||
|
||||
# set a random password for all other users (not wazuh-wui)
|
||||
@@ -60,4 +60,4 @@ if __name__ == "__main__":
|
||||
str(id),
|
||||
],
|
||||
password=custom_pass,
|
||||
)
|
||||
)
|
||||
|
||||
@@ -22,6 +22,8 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
|
||||
@@ -53,12 +55,17 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/queue/vulnerabilities/dictionaries/cpe_helper.json"
|
||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/var/db/mitre.db"
|
||||
@@ -73,4 +80,4 @@ PERMANENT_DATA_DEL[((i++))]="/var/ossec/var/db/agents/*"
|
||||
PERMANENT_DATA_DEL[((i++))]="/var/ossec/wodles/cve.db"
|
||||
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/vulnerabilities/cve.db"
|
||||
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/fim/db/fim.db"
|
||||
export PERMANENT_DATA_DEL
|
||||
export PERMANENT_DATA_DEL
|
||||
Reference in New Issue
Block a user