diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 2c952ef6..b6b0c1f6 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -10,6 +10,11 @@ jobs: - name: Check out code uses: actions/checkout@v3 + - name: Install docker-compose + run: | + curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose + - name: Build Wazuh images run: build-docker-images/build-images.sh @@ -71,6 +76,11 @@ jobs: - name: Check out code uses: actions/checkout@v3 + - name: Install docker-compose + run: | + curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose + - name: Create enviroment variables run: cat .env > $GITHUB_ENV @@ -201,6 +211,11 @@ jobs: - name: Check out code uses: actions/checkout@v3 + - name: Install docker-compose + run: | + curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + chmod +x /usr/local/bin/docker-compose + - name: Create enviroment variables run: cat .env > $GITHUB_ENV @@ -253,7 +268,7 @@ jobs: echo 'Waiting for Wazuh indexer start' free -m df -h - sleep 10 + sleep 120 done status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`" if [[ $status_green -eq 1 ]]; then diff --git a/CHANGELOG.md b/CHANGELOG.md index ac70978f..a6435b63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,11 @@ All notable changes to this project will be documented in this file. - Update Wazuh to version [4.10.0](https://github.com/wazuh/wazuh/blob/v4.10.0/CHANGELOG.md#v4100) +## Wazuh Docker v4.9.1 +### Added + +- Update Wazuh to version [4.9.1](https://github.com/wazuh/wazuh/blob/v4.9.1/CHANGELOG.md#v491) + ## Wazuh Docker v4.9.0 ### Added diff --git a/README.md b/README.md index f0024a91..1f3aa686 100644 --- a/README.md +++ b/README.md @@ -179,6 +179,7 @@ WAZUH_MONITORING_REPLICAS=0 ## |---------------|---------|--------| | v5.0.0 | | | | v4.10.0 | | | +| v4.9.1 | | | | v4.9.0 | | | | v4.8.2 | | | | v4.8.1 | | | diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index e1e1b312..a33d30bd 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -4,6 +4,7 @@ FROM amazonlinux:2023 AS builder ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION ARG WAZUH_UI_REVISION +ARG INSTALL_DIR=/usr/share/wazuh-dashboard # Update and install dependencies RUN yum install curl-minimal libcap openssl -y @@ -15,6 +16,12 @@ RUN chmod 775 /check_repository.sh && \ RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ yum clean all +# Create and set permissions to data directories +RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh +RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config +RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs +COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ + # Generate certificates COPY config/config.sh . COPY config/config.yml / diff --git a/build-docker-images/wazuh-dashboard/config/wazuh.yml b/build-docker-images/wazuh-dashboard/config/wazuh.yml new file mode 100644 index 00000000..8e5f9447 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/wazuh.yml @@ -0,0 +1,155 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2017, Wazuh Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-dashboard-plugins +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +#checks.metaFields: true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.tsc : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.gcp : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# -------------------------------- API selector -------------------------------- +# +# Defines if the user is allowed to change the selected +# API directly from the Wazuh app top menu. +# Default: true +#api.selector: true +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-* +# +# --------------------------------- wazuh-cron ---------------------------------- +# +# Customize the index prefix of predefined jobs +# This change is not retroactive, if you change it new indexes will be created +# cron.prefix: test +# +# ------------------------------ wazuh-statistics ------------------------------- +# +# Custom setting to enable/disable statistics tasks. +#cron.statistics.status: true +# +# Enter the ID of the APIs you want to save data from, leave this empty to run +# the task on all configured APIs +#cron.statistics.apis: [] +# +# Define the frequency of task execution using cron schedule expressions +#cron.statistics.interval: 0 0 * * * * +# +# Define the name of the index in which the documents are to be saved. +#cron.statistics.index.name: statistics +# +# Define the interval in which the index will be created +#cron.statistics.index.creation: w +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ---------------------------- Hide manager alerts ------------------------------ +# Hide the alerts of the manager in all dashboards and discover +#hideManagerAlerts: false +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +# -------------------------------- Enrollment DNS ------------------------------- +# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. +# Default value: '' +#enrollment.dns: '' +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# username: +# password: diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 8283adfa..29a09b73 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -72,20 +72,12 @@ mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d mkdir -p ${TARGET_DIR}/usr/lib/systemd/system mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs -# Move configuration files for wazuh-indexer -mv -f ${BASE_DIR}/etc/init.d/${NAME} ${TARGET_DIR}/etc/init.d/${NAME} -mv -f ${BASE_DIR}/etc/wazuh-indexer/* ${TARGET_DIR}${CONFIG_DIR} -mv -f ${BASE_DIR}/etc/sysconfig/${NAME} ${TARGET_DIR}/etc/default/ -mv -f ${BASE_DIR}/usr/lib/tmpfiles.d/* ${TARGET_DIR}/usr/lib/tmpfiles.d/ -mv -f ${BASE_DIR}/usr/lib/sysctl.d/* ${TARGET_DIR}/usr/lib/sysctl.d/ -mv -f ${BASE_DIR}/usr/lib/systemd/system/* ${TARGET_DIR}/usr/lib/systemd/system/ -rm -rf ${BASE_DIR}/etc -rm -rf ${BASE_DIR}/usr -# Copy installation files to final location -cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR} -# Copy the security tools -cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ -cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ +# Copy Wazuh's config files for the security plugin +cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ +cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem @@ -95,9 +87,9 @@ cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem # Delete xms and xmx parameters in jvm.options -sed '/-Xms/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options -sed '/-Xmx/d' -i ${TARGET_DIR}${CONFIG_DIR}/jvm.options -sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' ${TARGET_DIR}${CONFIG_DIR}/jvm.options +sed '/-Xms/d' -i /etc/wazuh-indexer/jvm.options +sed '/-Xmx/d' -i /etc/wazuh-indexer/jvm.options +sed -i 's/-Djava.security.policy=file:\/\/\/etc\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/-Djava.security.policy=file:\/\/\/usr\/share\/wazuh-indexer\/opensearch-performance-analyzer\/opensearch_security.policy/g' /etc/wazuh-indexer/jvm.options chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs diff --git a/build-docker-images/wazuh-manager/config/permanent_data.env b/build-docker-images/wazuh-manager/config/permanent_data.env index 5439b89b..9e0eac9d 100644 --- a/build-docker-images/wazuh-manager/config/permanent_data.env +++ b/build-docker-images/wazuh-manager/config/permanent_data.env @@ -79,7 +79,9 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_proc PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py" -PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py" +PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"