Merge pull request #407 from wazuh/release-wazuh_4.0.2

Release wazuh 4.0.2

.github/workflows/push.yml

@@ -9,6 +9,6 @@ jobs:
     - name: Check out code
       uses: actions/checkout@v2
     - name: Build the docker-compose stack
-      run: docker-compose up -d --build
+      run: docker-compose -f build-from-sources.yml up -d --build
     - name: Check running containers
       run: docker ps -a

CHANGELOG.md

@@ -1,6 +1,20 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.0.2_1.11.0
+
+### Added
+
+- Update to Wazuh version 4.0.2
+
+## Wazuh Docker v4.0.1_1.11.0
+
+### Added
+
+- Update to Wazuh version 4.0.1
+- Opendistro 1.11.0 compatiblity
+- Re-enabled dumping ossec.log to stdout
+
 ## Wazuh Docker v4.0.0_1.10.1
 
 ### Added

README.md

@@ -89,8 +89,6 @@ ADMIN_PRIVILEGES=true               # App privileges
 
     ├── CHANGELOG.md
     ├── docker-compose.yml
-    ├── elastic_conf
-    │   └── elasticsearch.yml
     ├── generate-opendistro-certs.yml
     ├── kibana-odfe
     │   ├── config
@@ -150,16 +148,19 @@ ADMIN_PRIVILEGES=true               # App privileges
 
 * `4.0` branch on correspond to the latest Wazuh-Docker stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `Wazuh.Version_ElasticStack.Version` (for example 3.10.2_7.5.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
+* `Wazuh.Version_ElasticStack.Version` (for example 3.13.1_7.8.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
 
 
 ## Compatibility Matrix
 
 | Wazuh version | ODFE    |
 |---------------|---------|
+| v4.0.2        | 1.11.0  |
+|---------------|---------|
+| v4.0.1        | 1.11.0  |
+|---------------|---------|
 | v4.0.0        | 1.10.1  |
 
-
 ## Credits and Thank you
 
 These Docker containers are based on:

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.0.0_1.10.1"
+WAZUH-DOCKER_VERSION="4.0.2_1.11.0"
-REVISION="40000"
+REVISION="40200"

build-from-sources.yml

@@ -0,0 +1,84 @@
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+version: '3.7'
+
+services:
+  wazuh:
+    build:  wazuh-odfe/
+    image: wazuh/wazuh-odfe:dev-version
+    hostname: wazuh-manager
+    restart: always
+    ports:
+      - "1514:1514"
+      - "1515:1515"
+      - "514:514/udp"
+      - "55000:55000"
+    environment:
+      - ELASTICSEARCH_URL=https://elasticsearch:9200
+      - ELASTIC_USERNAME=admin
+      - ELASTIC_PASSWORD=admin
+      - FILEBEAT_SSL_VERIFICATION_MODE=none
+    volumes:
+      - ossec_api_configuration:/var/ossec/api/configuration
+      - ossec_etc:/var/ossec/etc
+      - ossec_logs:/var/ossec/logs
+      - ossec_queue:/var/ossec/queue
+      - ossec_var_multigroups:/var/ossec/var/multigroups
+      - ossec_integrations:/var/ossec/integrations
+      - ossec_active_response:/var/ossec/active-response/bin
+      - ossec_agentless:/var/ossec/agentless
+      - ossec_wodles:/var/ossec/wodles
+      - filebeat_etc:/etc/filebeat
+      - filebeat_var:/var/lib/filebeat
+
+  elasticsearch:
+    image: amazon/opendistro-for-elasticsearch:1.11.0
+    hostname: elasticsearch
+    restart: always
+    ports:
+      - "9200:9200"
+    environment:
+      - discovery.type=single-node
+      - cluster.name=wazuh-cluster
+      - network.host=0.0.0.0
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - bootstrap.memory_lock=true
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+
+  kibana:
+    build: kibana-odfe/
+    image: wazuh/wazuh-kibana-odfe:dev-version
+    hostname: kibana
+    restart: always
+    ports:
+      - 443:5601
+    environment:
+      - ELASTICSEARCH_USERNAME=admin
+      - ELASTICSEARCH_PASSWORD=admin
+      - SERVER_SSL_ENABLED=true
+      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
+      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
+
+    depends_on:
+      - elasticsearch
+    links:
+      - elasticsearch:elasticsearch
+      - wazuh:wazuh
+
+volumes:
+  ossec_api_configuration:
+  ossec_etc:
+  ossec_logs:
+  ossec_queue:
+  ossec_var_multigroups:
+  ossec_integrations:
+  ossec_active_response:
+  ossec_agentless:
+  ossec_wodles:
+  filebeat_etc:
+  filebeat_var:

docker-compose.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-odfe:4.0.2_1.11.0
     hostname: wazuh-manager
     restart: always
     ports:
@@ -30,7 +30,7 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch
     restart: always
     ports:
@@ -50,7 +50,7 @@ services:
         hard: 65536
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-kibana-odfe:4.0.2_1.11.0
     hostname: kibana
     restart: always
     ports:

elastic_conf/elasticsearch.yml

@@ -1,3 +0,0 @@
-cluster.name: wazuh-elastic
-network.host: 0.0.0.0
-

kibana-odfe/Dockerfile

@@ -1,8 +1,8 @@
 # Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-FROM amazon/opendistro-for-elasticsearch-kibana:1.10.1
+FROM amazon/opendistro-for-elasticsearch-kibana:1.11.0
 USER kibana
 ARG ELASTIC_VERSION=7.9.1
-ARG WAZUH_VERSION=4.0.0
+ARG WAZUH_VERSION=4.0.2
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

kibana-odfe/config/wazuh_app_config.sh

@@ -3,8 +3,8 @@
 
 wazuh_url="${WAZUH_API_URL:-https://wazuh}"
 wazuh_port="${API_PORT:-55000}"
-api_username="${API_USERNAME:-wazuh}"
+api_username="${API_USERNAME:-wazuh-wui}"
-api_password="${API_PASSWORD:-wazuh}"
+api_password="${API_PASSWORD:-wazuh-wui}"
 
 kibana_config_file="/usr/share/kibana/optimize/wazuh/config/wazuh.yml"
 

production-cluster.yml

@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh-master:
-    image: wazuh/wazuh-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-odfe:4.0.2_1.11.0
     hostname: wazuh-master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh-worker:
-    image: wazuh/wazuh-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-odfe:4.0.2_1.11.0
     hostname: wazuh-worker
     restart: always
     environment:
@@ -67,7 +67,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
 
   elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch
     restart: always
     ports:
@@ -90,7 +90,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-2:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch-2
     restart: always
     environment:
@@ -111,7 +111,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   elasticsearch-3:
-    image: amazon/opendistro-for-elasticsearch:1.10.1
+    image: amazon/opendistro-for-elasticsearch:1.11.0
     hostname: elasticsearch-3
     restart: always
     environment:
@@ -132,7 +132,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.0.0_1.10.1
+    image: wazuh/wazuh-kibana-odfe:4.0.2_1.11.0
     hostname: kibana
     restart: always
     ports:

wazuh-odfe/Dockerfile

@@ -2,7 +2,7 @@
 FROM centos:7
 
 ARG FILEBEAT_VERSION=7.9.1
-ARG WAZUH_VERSION=4.0.0-1
+ARG WAZUH_VERSION=4.0.2-1
 ARG TEMPLATE_VERSION="master"
 ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
 

wazuh-odfe/config/create_user.py

@@ -9,6 +9,7 @@ import os
 sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework")
 
 USER_FILE_PATH = "/var/ossec/api/configuration/admin.json"
+SPECIAL_CHARS = "@$!%*?&-_"
 
 
 try:
@@ -39,6 +40,26 @@ def db_roles():
     roles_result = get_roles()
     return {role["name"]: role["id"] for role in roles_result.affected_items}
 
+def disable_user(uid):
+    random_pass = "".join(
+                random.choices(
+                    string.ascii_uppercase
+                    + string.ascii_lowercase
+                    + string.digits
+                    + SPECIAL_CHARS,
+                    k=8,
+                )
+            )
+    # assure there must be at least one character from each group
+    random_pass = random_pass + ''.join([random.choice(chars) for chars in [string.ascii_lowercase, string.digits, string.ascii_uppercase, SPECIAL_CHARS]])
+    random_pass = ''.join(random.sample(random_pass,len(random_pass)))
+    update_user(
+        user_id=[
+            str(uid),
+        ],
+        password=random_pass,
+    )
+
 
 if __name__ == "__main__":
     if not os.path.exists(USER_FILE_PATH):
@@ -70,21 +91,7 @@ if __name__ == "__main__":
             ],
             password=password,
         )
-    # set a random password for all other users
+    # disable unused default users
-    for name, id in initial_users.items():
+    for def_user in ['wazuh', 'wazuh-wui']:
-        if name != username:
+        if def_user != username:
-            random_pass = "".join(
+            disable_user(initial_users[def_user])
-                random.choices(
-                    string.ascii_uppercase
-                    + string.ascii_lowercase
-                    + string.digits
-                    + "@$!%*?&-_",
-                    k=16,
-                )
-            )
-            update_user(
-                user_id=[
-                    str(id),
-                ],
-                password=random_pass,
-            )

wazuh-odfe/config/etc/services.d/ossec-logs/run

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv sh
+
+# dumping ossec.log to standard output
+exec tail -f /var/ossec/logs/ossec.log