Merge branch '3.8.2_6.5.4' into 3.8.2_6.5.4-s3_repository

CHANGELOG.md

@@ -10,6 +10,9 @@ All notable changes to this project will be documented in this file.
 - Adding the option to disable some xpack features. ([#111](https://github.com/wazuh/wazuh-docker/pull/111))
 - Wazuh-Kibana customizable at plugin level. ([#117](https://github.com/wazuh/wazuh-docker/pull/117))
 - Adding env variables for alerts data flow. ([#118](https://github.com/wazuh/wazuh-docker/pull/118))
+- New Logstash entrypoint added. ([#135](https://github.com/wazuh/wazuh-docker/pull/135/files))
+- Welcome screen management. ([#133](https://github.com/wazuh/wazuh-docker/pull/133))
+
 
 ### Changed
 

LICENSE

@@ -1,5 +1,5 @@
 
- Portions Copyright (C) 2018 Wazuh, Inc.
+ Portions Copyright (C) 2019 Wazuh, Inc.
  Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.
 
  This program is a free software; you can redistribute it and/or modify

README.md

@@ -73,7 +73,7 @@ We thank you them and everyone else who has contributed to this project.
 
 ## License and copyright
 
-Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
 ## Web references
 

docker-compose.yml

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 version: '2'
 
 services:

kibana/Dockerfile

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM docker.elastic.co/kibana/kibana:6.5.4
 ARG WAZUH_APP_VERSION=3.8.2_6.5.4
 USER root
@@ -49,6 +49,7 @@ ARG XPACK_DEVTOOLS="true"
 ARG XPACK_MONITORING="true"
 ARG XPACK_APM="true"
 
+ARG CHANGE_WELCOME="false"
 
 COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
 
@@ -64,6 +65,12 @@ RUN chmod +x ./xpack_config.sh
 
 RUN ./xpack_config.sh
 
+COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
+
+RUN chmod +x ./welcome_wazuh.sh
+
+RUN ./welcome_wazuh.sh
+
 RUN /usr/local/bin/kibana-docker --optimize
 
 ENTRYPOINT /entrypoint.sh

kibana/config/entrypoint.sh

@@ -1,8 +1,12 @@
 #!/bin/bash
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
 set -e
 
+##############################################################################
+# Waiting for elasticsearch
+##############################################################################
+
 if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
   el_url="http://elasticsearch:9200"
 else
@@ -10,11 +14,32 @@ else
 fi
 
 until curl -XGET $el_url; do
-  >&2 echo "Elastic is unavailable - sleeping"
+  >&2 echo "Elastic is unavailable - sleeping."
   sleep 5
 done
 
->&2 echo "Elastic is up - executing command"
+sleep 2
+
+>&2 echo "Elasticsearch is up."
+
+
+##############################################################################
+# Waiting for wazuh alerts template
+##############################################################################
+
+strlen=0
+
+while [[ $strlen -eq 0 ]]
+do
+  template=$(curl $el_url/_cat/templates/wazuh -s)
+  strlen=${#template}
+  >&2 echo "Wazuh alerts template not loaded - sleeping."
+  sleep 2
+done
+
+sleep 2
+
+>&2 echo "Wazuh alerts template is loaded."
 
 
 ./wazuh_app_config.sh

kibana/config/kibana.yml

@@ -1,92 +0,0 @@
-# Kibana is served by a back end server. This setting specifies the port to use.
-server.port: 5601
-
-# This setting specifies the IP address of the back end server.
-server.host: "0.0.0.0"
-
-# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
-# cannot end in a slash.
-# server.basePath: ""
-
-# The maximum payload size in bytes for incoming server requests.
-# server.maxPayloadBytes: 1048576
-
-# The Kibana server's name.  This is used for display purposes.
-# server.name: "your-hostname"
-
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://elasticsearch:9200"
-
-# When this setting’s value is true Kibana uses the hostname specified in the server.host
-# setting. When the value of this setting is false, Kibana uses the hostname of the host
-# that connects to this Kibana instance.
-# elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
-# dashboards. Kibana creates a new index if the index doesn’t already exist.
-# kibana.index: ".kibana"
-
-# The default application to load.
-# kibana.defaultAppId: "discover"
-
-# If your Elasticsearch is protected with basic authentication, these settings provide
-# the username and password that the Kibana server uses to perform maintenance on the Kibana
-# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
-# is proxied through the Kibana server.
-# elasticsearch.username: "user"
-# elasticsearch.password: "pass"
-
-# Paths to the PEM-format SSL certificate and SSL key files, respectively. These
-# files enable SSL for outgoing requests from the Kibana server to the browser.
-# server.ssl.cert: /path/to/your/server.crt
-# server.ssl.key: /path/to/your/server.key
-
-# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
-# These files validate that your Elasticsearch backend uses the same key files.
-# elasticsearch.ssl.cert: /path/to/your/client.crt
-# elasticsearch.ssl.key: /path/to/your/client.key
-
-# Optional setting that enables you to specify a path to the PEM file for the certificate
-# authority for your Elasticsearch instance.
-# elasticsearch.ssl.ca: /path/to/your/CA.pem
-
-# To disregard the validity of SSL certificates, change this setting’s value to false.
-# elasticsearch.ssl.verify: true
-
-# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
-# the elasticsearch.requestTimeout setting.
-# elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
-# must be a positive integer.
-# elasticsearch.requestTimeout: 30000
-
-# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
-# headers, set this value to [] (an empty list).
-# elasticsearch.requestHeadersWhitelist: [ authorization ]
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
-# elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
-# elasticsearch.startupTimeout: 5000
-
-# Specifies the path where Kibana creates the process ID file.
-# pid.file: /var/run/kibana.pid
-
-# Enables you specify a file where Kibana stores log output.
-# logging.dest: stdout
-
-# Set the value of this setting to true to suppress all logging output.
-# logging.silent: false
-
-# Set the value of this setting to true to suppress all logging output other than error messages.
-logging.quiet: true
-
-# Set the value of this setting to true to log all events, including system usage information
-# and all requests.
-# logging.verbose: false
-
-# Set the interval in milliseconds to sample system and process performance
-# metrics. Minimum is 100ms. Defaults to 10000.
-# ops.interval: 10000

kibana/config/wazuh_app_config.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
 kibana_config_file="/usr/share/kibana/plugins/wazuh/config.yml"
 

kibana/config/welcome_wazuh.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [[ $CHANGE_WELCOME == "true" ]]
+then
+
+    rm -rf ./optimize/bundles
+
+    kibana_path="/usr/share/kibana"
+    # Set Wazuh app as the default landing page
+    echo "Set Wazuh app as the default landing page"
+    echo "server.defaultRoute: /app/wazuh" >> /usr/share/kibana/config/kibana.yml
+
+    # Redirect Kibana welcome screen to Discover
+    echo "Redirect Kibana welcome screen to Discover"
+    sed -i "s:'/app/kibana#/home':'/app/wazuh':g" $kibana_path/src/ui/public/chrome/directives/global_nav/global_nav.html
+    sed -i "s:'/app/kibana#/home':'/app/wazuh':g" $kibana_path/src/ui/public/chrome/directives/header_global_nav/header_global_nav.js
+
+    # Redirect Kibana welcome screen to Discover
+    echo "Hide undesired links"
+    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/rollup/public/crud_app/index.js
+    sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/license_management/public/management_section.js
+fi
+

logstash/Dockerfile

@@ -1,12 +1,12 @@
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM docker.elastic.co/logstash/logstash:6.5.4
 
+COPY --chown=logstash:logstash config/entrypoint.sh /entrypoint.sh
+
+RUN chmod 755 /entrypoint.sh
+
 RUN rm -f /usr/share/logstash/pipeline/logstash.conf
 
 COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf
 
-USER root
-COPY config/run.sh /run.sh
-RUN chmod +x /run.sh
-
-ENTRYPOINT ["/run.sh"]
+ENTRYPOINT /entrypoint.sh

logstash/config/01-wazuh.conf

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 # Wazuh - Logstash configuration file
 ## Remote Wazuh Manager - Filebeat input
 input {

logstash/config/entrypoint.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+#
+# OSSEC container bootstrap. See the README for information of the environment
+# variables expected by this script.
+#
+
+set -e
+
+##############################################################################
+# Waiting for elasticsearch
+##############################################################################
+
+if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
+  el_url="http://elasticsearch:9200"
+else
+  el_url="${ELASTICSEARCH_URL}"
+fi
+
+until curl -XGET $el_url; do
+  >&2 echo "Elastic is unavailable - sleeping."
+  sleep 5
+done
+
+sleep 2
+
+>&2 echo "Elasticsearch is up."
+
+##############################################################################
+# Waiting for wazuh alerts template
+##############################################################################
+
+strlen=0
+
+while [[ $strlen -eq 0 ]]
+do
+  template=$(curl $el_url/_cat/templates/wazuh -s)
+  strlen=${#template}
+  >&2 echo "Wazuh alerts template not loaded - sleeping."
+  sleep 2
+done
+
+sleep 2
+
+>&2 echo "Wazuh alerts template is loaded."
+
+##############################################################################
+# Customize logstash output ip
+##############################################################################
+
+if [ "$LOGSTASH_OUTPUT" != "" ]; then
+  >&2 echo "Customize Logstash ouput ip."
+  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/pipeline/01-wazuh.conf
+  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/config/logstash.yml 
+fi
+
+##############################################################################
+# Map environment variables to entries in logstash.yml.
+# Note that this will mutate logstash.yml in place if any such settings are found.
+# This may be undesirable, especially if logstash.yml is bind-mounted from the
+# host system.
+##############################################################################
+
+env2yaml /usr/share/logstash/config/logstash.yml
+
+export LS_JAVA_OPTS="-Dls.cgroup.cpuacct.path.override=/ -Dls.cgroup.cpu.path.override=/ $LS_JAVA_OPTS"
+
+if [[ -z $1 ]] || [[ ${1:0:1} == '-' ]] ; then
+  exec logstash "$@"
+else
+  exec "$@"
+fi

logstash/config/run.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
-#
-# OSSEC container bootstrap. See the README for information of the environment
-# variables expected by this script.
-#
-
-##############################################################################
-# Customize logstash output ip
-##############################################################################
-if [ "$LOGSTASH_OUTPUT" != "" ]; then
-  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/pipeline/01-wazuh.conf
-  sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/config/logstash.yml 
-fi
-
-/usr/local/bin/docker-entrypoint

nginx/Dockerfile

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM nginx:latest
 
 ENV DEBIAN_FRONTEND noninteractive

nginx/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
 set -e
 

wazuh/Dockerfile

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 FROM phusion/baseimage:latest
 ARG FILEBEAT_VERSION=6.5.4
 ARG WAZUH_VERSION=3.8.2-1
@@ -6,50 +6,34 @@ ARG WAZUH_VERSION=3.8.2-1
 ENV API_USER="foo" \
     API_PASS="bar"
 
-# Updating image
-RUN apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold"
+# Set repositories.
+RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
+   curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
+   curl --silent --location https://deb.nodesource.com/setup_8.x | bash - && \
+   echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections && \
+   echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \
+   groupadd -g 1000 ossec && useradd -u 1000 -g 1000 -d /var/ossec ossec
 
-# Set Wazuh repository.
-RUN echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
-RUN curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
+RUN add-apt-repository universe && apt-get update && apt-get upgrade -y -o Dpkg::Options::="--force-confold" && \
+   apt-get --no-install-recommends --no-install-suggests -y install openssl postfix bsd-mailx python-boto python-pip  \
+   apt-transport-https vim expect nodejs python-cryptography mailutils libsasl2-modules wazuh-manager=${WAZUH_VERSION} \
+   wazuh-api=${WAZUH_VERSION} && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-# Set nodejs repository.
-RUN curl --silent --location https://deb.nodesource.com/setup_8.x | bash -
-
-# Creating ossec user as uid:gid 1000:1000
-RUN groupadd -g 1000 ossec
-RUN useradd -u 1000 -g 1000 -d /var/ossec ossec
-
-# Configure postfix
-RUN echo "postfix postfix/mailname string wazuh-manager" | debconf-set-selections
-RUN echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections
-
-# Add universe repository
-RUN add-apt-repository universe
-
-# Install packages
-RUN apt-get update && apt-get -y install openssl postfix bsd-mailx python-boto python-pip  \
-    apt-transport-https vim expect nodejs python-cryptography wazuh-manager=${WAZUH_VERSION} \
-    wazuh-api=${WAZUH_VERSION} mailutils libsasl2-modules
-
-# Adding first run script.
-ADD config/data_dirs.env /data_dirs.env
-ADD config/init.bash /init.bash
+# Adding first run script and entrypoint
+COPY config/data_dirs.env /data_dirs.env
+COPY config/init.bash /init.bash
+COPY config/entrypoint.sh /entrypoint.sh
 
 # Sync calls are due to https://github.com/docker/docker/issues/9547
-RUN chmod 755 /init.bash &&\
-    sync && /init.bash &&\
-    sync && rm /init.bash
+RUN chmod 755 /init.bash && \
+    sync && /init.bash && \
+    sync && rm /init.bash && \
+    curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
+    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \
+    chmod 755 /entrypoint.sh
 
-# Installing and configuring fiebeat
-RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\
-    dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb
 COPY config/filebeat.yml /etc/filebeat/
-RUN chmod go-w /etc/filebeat/filebeat.yml
-
-# Adding entrypoint
-ADD config/entrypoint.sh /entrypoint.sh
-RUN chmod 755 /entrypoint.sh
+RUN chmod go-w /etc/filebeat/filebeat.yml 
 
 # Setting volumes
 VOLUME ["/var/ossec/data"]
@@ -60,25 +44,22 @@ VOLUME ["/var/lib/filebeat"]
 # Services ports
 EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp 1516/tcp
 
-# Clean up
-RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
 # Adding services
-RUN mkdir /etc/service/wazuh
+RUN mkdir /etc/service/wazuh && \
+    mkdir /etc/service/wazuh-api && \
+    mkdir /etc/service/postfix && \
+    mkdir /etc/service/filebeat
+
 COPY config/wazuh.runit.service /etc/service/wazuh/run
-RUN chmod +x /etc/service/wazuh/run
-
-RUN mkdir /etc/service/wazuh-api
 COPY config/wazuh-api.runit.service /etc/service/wazuh-api/run
-RUN chmod +x /etc/service/wazuh-api/run
-
-RUN mkdir /etc/service/postfix
 COPY config/postfix.runit.service /etc/service/postfix/run
-RUN chmod +x /etc/service/postfix/run
-
-RUN mkdir /etc/service/filebeat
 COPY config/filebeat.runit.service /etc/service/filebeat/run
-RUN chmod +x /etc/service/filebeat/run
+
+RUN chmod +x /etc/service/wazuh-api/run && \
+    chmod +x /etc/service/wazuh/run && \
+    chmod +x /etc/service/postfix/run && \
+    chmod +x /etc/service/filebeat/run 
 
 # Run all services
 ENTRYPOINT ["/entrypoint.sh"]
+

wazuh/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
 #
 # OSSEC container bootstrap. See the README for information of the environment

wazuh/config/filebeat.yml

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 filebeat:
  prospectors:
   - type: log

wazuh/config/init.bash

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 
 #
 # Initialize the custom data directory layout