Updating to Wazuh v3.12. Also license year update.

CHANGELOG.md

@@ -1,6 +1,14 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+
+## Wazuh Docker v3.11.4_7.6.1
+
+### Added
+
+- Update to Wazuh version 3.12.0_7.6.1
+
+
 ## Wazuh Docker v3.11.4_7.6.1
 
 ### Added
@@ -201,7 +209,7 @@ All notable changes to this project will be documented in this file.
 - Add env credentials for nginx. ([#86](https://github.com/wazuh/wazuh-docker/pull/86))
 - Improve filebeat configuration ([#88](https://github.com/wazuh/wazuh-docker/pull/88))
 
-### Fixed 
+### Fixed
 
 - Temporary fix for Wazuh cluster master node in Kubernetes. ([#84](https://github.com/wazuh/wazuh-docker/pull/84))
 

LICENSE

@@ -1,5 +1,5 @@
 
- Portions Copyright (C) 2019 Wazuh, Inc.
+ Portions Copyright (C) 2020 Wazuh, Inc.
  Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.
 
  This program is a free software; you can redistribute it and/or modify

README.md

@@ -10,9 +10,9 @@ In this repository you will find the containers to run:
 * wazuh: It runs the Wazuh manager, Wazuh API and Filebeat (for integration with Elastic Stack)
 * wazuh-kibana: Provides a web user interface to browse through alerts data. It includes Wazuh plugin for Kibana, that allows you to visualize agents configuration and status.
 * wazuh-nginx: Proxies the Kibana container, adding HTTPS (via self-signed SSL certificate) and [Basic authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Basic_authentication_scheme).
-* wazuh-elasticsearch: An Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).** 
+* wazuh-elasticsearch: An Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).**
 
-In addition, a docker-compose file is provided to launch the containers mentioned above. 
+In addition, a docker-compose file is provided to launch the containers mentioned above.
 
 * Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
 
@@ -70,7 +70,7 @@ We thank you them and everyone else who has contributed to this project.
 
 ## License and copyright
 
-Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 ## Web references
 

docker-compose.yml

@@ -1,9 +1,9 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 version: '2'
 
 services:
   wazuh:
-    image: wazuh/wazuh:3.11.4_7.6.1
+    image: wazuh/wazuh:3.12.4_7.6.1
     hostname: wazuh-manager
     restart: always
     ports:
@@ -13,7 +13,7 @@ services:
       - "55000:55000"
 
   elasticsearch:
-    image: wazuh/wazuh-elasticsearch:3.11.4_7.6.1
+    image: wazuh/wazuh-elasticsearch:3.12.4_7.6.1
     hostname: elasticsearch
     restart: always
     ports:
@@ -30,7 +30,7 @@ services:
     mem_limit: 2g
 
   kibana:
-    image: wazuh/wazuh-kibana:3.11.4_7.6.1
+    image: wazuh/wazuh-kibana:3.12.4_7.6.1
     hostname: kibana
     restart: always
     depends_on:
@@ -40,7 +40,7 @@ services:
       - wazuh:wazuh
 
   nginx:
-    image: wazuh/wazuh-nginx:3.11.4_7.6.1
+    image: wazuh/wazuh-nginx:3.12.4_7.6.1
     hostname: nginx
     restart: always
     environment:

elasticsearch/Dockerfile

@@ -1,4 +1,4 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 ARG ELASTIC_VERSION=7.6.1
 FROM docker.elastic.co/elasticsearch/elasticsearch:${ELASTIC_VERSION}
 ARG ELASTIC_VERSION
@@ -12,11 +12,11 @@ ENV ALERTS_SHARDS="1" \
 ENV API_USER="foo" \
     API_PASS="bar"
 
-ENV XPACK_ML="true" 
+ENV XPACK_ML="true"
 
 ENV ENABLE_CONFIGURE_S3="false"
 
-ARG TEMPLATE_VERSION=v3.11.4
+ARG TEMPLATE_VERSION=v3.12.0
 
 # Elasticearch cluster configuration environment variables
 # If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration
@@ -35,7 +35,7 @@ ENV ELASTIC_CLUSTER="false" \
     CLUSTER_DELAYED_TIMEOUT="1m" \
     CLUSTER_INITIAL_MASTER_NODES="wazuh-elasticsearch"
 
-COPY config/entrypoint.sh /entrypoint.sh 
+COPY config/entrypoint.sh /entrypoint.sh
 
 RUN chmod 755 /entrypoint.sh
 

elasticsearch/config/config_cluster.sh

@@ -1,11 +1,11 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 elastic_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 
 remove_single_node_conf(){
   if grep -Fq "discovery.type" $1; then
-    sed -i '/discovery.type\: /d' $1 
+    sed -i '/discovery.type\: /d' $1
   fi
 }
 
@@ -27,9 +27,9 @@ cat > $elastic_config_file << EOF
 network.host: 0.0.0.0
 node.name: $CLUSTER_MASTER_NODE_NAME
 node.master: $CLUSTER_NODE_MASTER
-cluster.initial_master_nodes: 
+cluster.initial_master_nodes:
   - $CLUSTER_MASTER_NODE_NAME
-# end cluster config" 
+# end cluster config"
 EOF
 
 elif [[ $CLUSTER_NODE_NAME != "" ]];then
@@ -42,10 +42,10 @@ cat > $elastic_config_file << EOF
 network.host: 0.0.0.0
 node.name: $CLUSTER_NODE_NAME
 node.master: false
-discovery.seed_hosts: 
+discovery.seed_hosts:
   - $CLUSTER_MASTER_NODE_NAME
   - $CLUSTER_NODE_NAME
-# end cluster config" 
+# end cluster config"
 EOF
 fi
 # If the cluster is disabled, then set a single-node configuration

elasticsearch/config/configure_s3.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -10,7 +10,7 @@ function CheckArgs()
 {
     if [ $1 != 4 ] && [ $1 != 5 ];then
         echo "Use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> (By default <current_elasticsearch_major_version> is added to the path and the repository name)"
-        echo "or use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> <Elasticsearch major version>" 
+        echo "or use: configure_s3.sh <Elastic_Server_IP:Port> <Bucket> <Path> <RepositoryName> <Elasticsearch major version>"
         exit 1
 
     fi

elasticsearch/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # For more information https://github.com/elastic/elasticsearch-docker/blob/6.8.0/build/elasticsearch/bin/docker-entrypoint.sh
 
@@ -24,7 +24,7 @@ run_as_other_user_if_needed() {
 
 elasticsearch_config_file="/usr/share/elasticsearch/config/elasticsearch.yml"
 if grep -Fq  "#xpack features" "$elasticsearch_config_file";
-then 
+then
   declare -A CONFIG_MAP=(
   [xpack.ml.enabled]=$XPACK_ML
   )
@@ -49,4 +49,4 @@ fi
 
 # Execute elasticsearch
 
-run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch 
+run_as_other_user_if_needed /usr/share/elasticsearch/bin/elasticsearch

elasticsearch/config/load_settings.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -24,13 +24,13 @@ if [ $ENABLE_CONFIGURE_S3 ]; then
   sleep 10
   IP_PORT="${ELASTICSEARCH_IP}:${ELASTICSEARCH_PORT}"
 
-  if [ "x$S3_PATH" != "x" ]; then 
+  if [ "x$S3_PATH" != "x" ]; then
 
-    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then 
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR 
+    if [ "x$S3_ELASTIC_MAJOR" != "x" ]; then
+      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME $S3_ELASTIC_MAJOR
 
     else
-      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME 
+      ./config/configure_s3.sh $IP_PORT $S3_BUCKET_NAME $S3_PATH $S3_REPOSITORY_NAME
 
     fi
 

kibana/Dockerfile

@@ -1,4 +1,4 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 FROM docker.elastic.co/kibana/kibana:7.6.1
 USER kibana
 ARG ELASTIC_VERSION=7.6.1

kibana/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 

kibana/config/kibana_settings.sh

@@ -1,12 +1,12 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 WAZUH_MAJOR=3
 
 ##############################################################################
 # Wait for the Kibana API to start. It is necessary to do it in this container
-# because the others are running Elastic Stack and we can not interrupt them. 
-# 
+# because the others are running Elastic Stack and we can not interrupt them.
+#
 # The following actions are performed:
 #
 # Add the wazuh alerts index as default.
@@ -49,7 +49,7 @@ while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/s
   sleep 5
 done
 
-# Prepare index selection. 
+# Prepare index selection.
 echo "Kibana API is running"
 
 default_index="/tmp/default_index.json"

kibana/config/wazuh_app_config.sh

@@ -1,12 +1,12 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 wazuh_url="${WAZUH_API_URL:-https://wazuh}"
 wazuh_port="${API_PORT:-55000}"
 api_user="${API_USER:-foo}"
 api_password="${API_PASS:-bar}"
 
-kibana_config_file="/usr/share/kibana/plugins/wazuh/wazuh.yml"
+kibana_config_file="/usr/share/kibana/optimize/wazuh/config/wazuh.yml"
 
 declare -A CONFIG_MAP=(
   [pattern]=$PATTERN
@@ -53,7 +53,7 @@ grep -q 1513629884013 $kibana_config_file
 _config_exists=$?
 
 if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
-cat << EOF >> $kibana_config_file 
+cat << EOF >> $kibana_config_file
   - 1513629884013:
       url: $wazuh_url
       port: $wazuh_port

kibana/config/welcome_wazuh.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 if [[ $CHANGE_WELCOME == "true" ]]
 then
@@ -21,4 +21,3 @@ then
     sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/rollup/public/crud_app/index.js
     sed -i 's#visible: true#visible: false#g' $kibana_path/node_modules/x-pack/plugins/license_management/public/management_section.js
 fi
-

kibana/config/xpack_config.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 kibana_config_file="/usr/share/kibana/config/kibana.yml"
 if grep -Fq  "#xpack features" "$kibana_config_file";
-then 
+then
   declare -A CONFIG_MAP=(
     [xpack.apm.ui.enabled]=$XPACK_APM
     [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
@@ -23,7 +23,7 @@ then
 else
   echo "
 #xpack features
-xpack.apm.ui.enabled: $XPACK_APM 
+xpack.apm.ui.enabled: $XPACK_APM
 xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
 xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
 xpack.ml.enabled: $XPACK_ML

nginx/Dockerfile

@@ -1,4 +1,4 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 FROM nginx:latest
 
 ENV DEBIAN_FRONTEND noninteractive

nginx/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -36,7 +36,7 @@ if [ ! -f /etc/nginx/conf.d/kibana.htpasswd ]; then
       fi
     done
   else
-    # NGINX_PWD and NGINX_NAME are declared in nginx/Dockerfile 
+    # NGINX_PWD and NGINX_NAME are declared in nginx/Dockerfile
     htpasswd -b -c /etc/nginx/conf.d/kibana.htpasswd $NGINX_NAME $NGINX_PWD >/dev/null
   fi
 else

wazuh/Dockerfile

@@ -1,14 +1,14 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 FROM phusion/baseimage:latest
 
 ARG FILEBEAT_VERSION=7.6.1
 
-ARG WAZUH_VERSION=3.11.4-1
+ARG WAZUH_VERSION=3.12.0-1
 
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ARG TEMPLATE_VERSION="v3.11.4"
+ARG TEMPLATE_VERSION="v3.12.0"
 
 # Set repositories.
 RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
@@ -70,11 +70,11 @@ COPY config/filebeat.runit.service /etc/service/filebeat/run
 RUN chmod +x /etc/service/wazuh-api/run && \
    chmod +x /etc/service/wazuh/run && \
    chmod +x /etc/service/postfix/run && \
-   chmod +x /etc/service/filebeat/run 
+   chmod +x /etc/service/filebeat/run
 
 
 ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
-RUN chmod go-w /etc/filebeat/wazuh-template.json 
+RUN chmod go-w /etc/filebeat/wazuh-template.json
 
 # Run all services
 ENTRYPOINT ["/entrypoint.sh"]

wazuh/config/00-wazuh.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # Wazuh container bootstrap. See the README for information of the environment
 # variables expected by this script.

wazuh/config/01-config_filebeat.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 set -e
 
@@ -16,4 +16,3 @@ fi
 curl -s "https://packages.wazuh.com/3.x/filebeat/${WAZUH_FILEBEAT_MODULE}" | tar -xvz -C /usr/share/filebeat/module
 mkdir -p /usr/share/filebeat/module/wazuh
 chmod 755 -R /usr/share/filebeat/module/wazuh
-

wazuh/config/entrypoint.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
 for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
@@ -11,4 +11,4 @@ done
 # Start Wazuh Server.
 ##############################################################################
 
-/sbin/my_init 
+/sbin/my_init

wazuh/config/filebeat.runit.service

@@ -1,4 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service filebeat start
 tail -f /var/log/filebeat/filebeat

wazuh/config/init.bash

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # Initialize the custom data directory layout
 source /data_dirs.env

wazuh/config/postfix.runit.service

@@ -1,4 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service postfix start
 tail -f /var/log/mail.log

wazuh/config/wazuh-api.runit.service

@@ -1,5 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service wazuh-api start
 tail -f /var/ossec/data/logs/api.log
-

wazuh/config/wazuh.runit.service

@@ -1,5 +1,4 @@
 #!/bin/sh
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 service wazuh-manager start
 tail -f /var/ossec/data/logs/ossec.log
-