From babaea694e2828a5f71477b6718c5ed7a5a5bfdd Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Thu, 30 Oct 2025 22:11:30 +0700 Subject: [PATCH] Change install option --- .env | 8 +-- .gitignore | 4 +- build-docker-images/build-images.sh | 46 +++-------------- build-docker-images/build-images.yml | 16 +++--- build-docker-images/wazuh-agent/Dockerfile | 20 +++----- .../wazuh-agent/config/check_repository.sh | 15 ------ .../wazuh-dashboard/Dockerfile | 22 ++++---- .../config/check_repository.sh | 15 ------ build-docker-images/wazuh-indexer/Dockerfile | 29 +++-------- .../wazuh-indexer/config/check_repository.sh | 15 ------ build-docker-images/wazuh-manager/Dockerfile | 38 ++++---------- .../wazuh-manager/config/check_repository.sh | 15 ------ .../config/etc/cont-init.d/1-config-filebeat | 51 ------------------- .../etc/cont-init.d/{2-manager => 1-manager} | 0 .../config/etc/services.d/filebeat/finish | 6 --- .../config/etc/services.d/filebeat/run | 4 -- .../wazuh-manager/config/filebeat_module.sh | 11 ---- .../wazuh-manager/config/permanent_data.env | 6 --- docs/dev/build-image.md | 1 - 19 files changed, 56 insertions(+), 266 deletions(-) delete mode 100644 build-docker-images/wazuh-agent/config/check_repository.sh delete mode 100644 build-docker-images/wazuh-dashboard/config/check_repository.sh delete mode 100644 build-docker-images/wazuh-indexer/config/check_repository.sh delete mode 100644 build-docker-images/wazuh-manager/config/check_repository.sh delete mode 100644 build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat rename build-docker-images/wazuh-manager/config/etc/cont-init.d/{2-manager => 1-manager} (100%) delete mode 100644 build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish delete mode 100644 build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run delete mode 100644 build-docker-images/wazuh-manager/config/filebeat_module.sh diff --git a/.env b/.env index c2d4e554..a8180776 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=5.0.0 -WAZUH_IMAGE_VERSION=5.0.0 +WAZUH_VERSION=main +WAZUH_IMAGE_VERSION=main WAZUH_TAG_REVISION=1 -FILEBEAT_TEMPLATE_BRANCH=5.0.0 -WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_UI_REVISION=1 +WAZUH_REGISTRY=docker.io +IMAGE_TAG=main diff --git a/.gitignore b/.gitignore index 31bc423a..0ead0852 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,6 @@ single-node/config/wazuh_indexer_ssl_certs/*.pem single-node/config/wazuh_indexer_ssl_certs/*.key multi-node/config/wazuh_indexer_ssl_certs/*.pem multi-node/config/wazuh_indexer_ssl_certs/*.key -*.log \ No newline at end of file +*.log +build-docker-images/packages_env.txt +build-docker-images/packages-url.txt \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index ceb4667d..402b160f 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,8 +1,10 @@ -WAZUH_IMAGE_VERSION=5.0.0 +WAZUH_IMAGE_VERSION=main +IMAGE_TAG=main WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') IMAGE_VERSION=${WAZUH_IMAGE_VERSION} +WAZUH_REGISTRY=docker.io # Wazuh package generator # Copyright (C) 2023, Wazuh Inc. @@ -12,11 +14,10 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="5.0.0" +WAZUH_IMAGE_VERSION="main" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" WAZUH_TAG_REFERENCE="" -FILEBEAT_MODULE_VERSION="0.4" # ----------------------------------------------------------------------------- @@ -38,31 +39,11 @@ ctrl_c() { build() { WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')" - FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}" WAZUH_MINOR_VERSION="${WAZUH_IMAGE_VERSION%.*}" - WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz" WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}" - if [ -z "${WAZUH_TAG_REFERENCE}" ]; then - if [ "${WAZUH_DEV_STAGE}" ];then - FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}" - if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then - echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" - clean 1 - fi - else - if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then - FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}" - elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then - FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}" - else - echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" - clean 1 - fi - fi - fi # Variables - FILE="packages_url.txt" + FILE="packages-url.txt" if [[ -f "$FILE" ]]; then echo "$FILE exists. Using existing file." @@ -77,20 +58,18 @@ build() { curl -fsSL -o "$FILE" "https://packages-dev.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt" fi fi - sed -Ei 's/^([^:]+):[[:space:]]+(https?:\/\/.*)$/\1=\2/' $FILE - sed 's/[-.]/_/g' $FILE > packages_env.txt + awk -F':' '{name=$1; val=substr($0,length(name)+3); gsub(/[-.]/,"_",name); print name "=" val}' $FILE > packages_env.txt echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > ../.env echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> ../.env echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> ../.env - echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> ../.env - echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> ../.env echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> ../.env echo WAZUH_REGISTRY=$WAZUH_REGISTRY >> ../.env + echo IMAGE_TAG=$IMAGE_TAG >> ../.env set -a source ../.env - source packages_env.txt + source ./packages_env.txt set +a if [ "${MULTIARCH}" ];then @@ -108,7 +87,6 @@ help() { echo "Usage: $0 [OPTIONS]" echo echo " -d, --dev [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default." - echo " -f, --filebeat-module [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}." echo " -r, --revision [Optional] Package revision. By default ${WAZUH_TAG_REVISION}" echo " -ref, --reference [Optional] Set the Wazuh reference to build development images. By default, the latest stable release." echo " -rg, --registry [Optional] Set the Docker registry to push the images." @@ -136,14 +114,6 @@ main() { help 1 fi ;; - "-f"|"--filebeat-module") - if [ -n "${2}" ]; then - FILEBEAT_MODULE_VERSION="${2}" - shift 2 - else - help 1 - fi - ;; "-m"|"--multiarch") MULTIARCH="true" shift diff --git a/build-docker-images/build-images.yml b/build-docker-images/build-images.yml index 8f077440..9ed60754 100644 --- a/build-docker-images/build-images.yml +++ b/build-docker-images/build-images.yml @@ -6,8 +6,8 @@ services: args: WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} - FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH} - WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE} + wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm} + wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm} image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG} hostname: wazuh.manager restart: always @@ -20,7 +20,6 @@ services: - INDEXER_URL=https://wazuh.indexer:9200 - INDEXER_USERNAME=admin - INDEXER_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=none volumes: - wazuh_api_configuration:/var/ossec/api/configuration - wazuh_etc:/var/ossec/etc @@ -29,8 +28,6 @@ services: - wazuh_var_multigroups:/var/ossec/var/multigroups - wazuh_active_response:/var/ossec/active-response/bin - wazuh_wodles:/var/ossec/wodles - - filebeat_etc:/etc/filebeat - - filebeat_var:/var/lib/filebeat wazuh.agent: build: @@ -38,6 +35,8 @@ services: args: WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} + wazuh_agent_url_amd64_rpm: ${wazuh_agent_url_x86_64_rpm} + wazuh_agent_url_arm64_rpm: ${wazuh_agent_url_aarch64_rpm} image: ${WAZUH_REGISTRY}/wazuh/wazuh-agent:${IMAGE_TAG} hostname: wazuh.agent restart: always @@ -48,6 +47,8 @@ services: args: WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} + wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm} + wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm} image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG} hostname: wazuh.indexer restart: always @@ -70,6 +71,8 @@ services: WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} WAZUH_UI_REVISION: ${WAZUH_UI_REVISION} + wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm} + wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm} image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG} hostname: wazuh.dashboard restart: always @@ -94,5 +97,4 @@ volumes: wazuh_var_multigroups: wazuh_active_response: wazuh_wodles: - filebeat_etc: - filebeat_var: + diff --git a/build-docker-images/wazuh-agent/Dockerfile b/build-docker-images/wazuh-agent/Dockerfile index 8a237787..fc24dbbd 100644 --- a/build-docker-images/wazuh-agent/Dockerfile +++ b/build-docker-images/wazuh-agent/Dockerfile @@ -10,18 +10,14 @@ ARG WAZUH_MANAGER='CHANGE_MANAGER_IP' ARG WAZUH_MANAGER_PORT='CHANGE_MANAGER_PORT' ARG WAZUH_REGISTRATION_SERVER='CHANGE_ENROLL_IP' ARG WAZUH_REGISTRATION_PORT='CHANGE_ENROLL_PORT' -ARG WAZUH_AGENT_NAME='CHANGEE_AGENT_NAME' +ARG WAZUH_AGENT_NAME='CHANGE_AGENT_NAME' +ARG wazuh_agent_url_amd64_rpm +ARG wazuh_agent_url_arm64_rpm -COPY config/check_repository.sh / - -RUN yum install curl-minimal tar gzip procps -y &&\ - yum clean all - -RUN chmod 775 /check_repository.sh -RUN source /check_repository.sh - -RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ - yum clean all && \ +RUN dnf install curl-minimal tar gzip procps -y &&\ + curl -o wazuh-agent.rpm "${wazuh_agent_url_amd64_rpm}" && \ + dnf install /wazuh-agent.rpm -y && \ + dnf clean all && \ sed -i '//d' /var/ossec/etc/ossec.conf && \ curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ -o /tmp/s6-overlay-amd64.tar.gz && \ @@ -31,6 +27,4 @@ RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ COPY config/etc/ /etc/ -RUN rm /etc/yum.repos.d/wazuh.repo - ENTRYPOINT [ "/init" ] diff --git a/build-docker-images/wazuh-agent/config/check_repository.sh b/build-docker-images/wazuh-agent/config/check_repository.sh deleted file mode 100644 index 26ff489c..00000000 --- a/build-docker-images/wazuh-agent/config/check_repository.sh +++ /dev/null @@ -1,15 +0,0 @@ -## variables -APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH -GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" -REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" -WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$) - -## check tag to use the correct repository -if [[ -n "${WAZUH_TAG}" ]]; then - APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH - GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1" -fi - -rpm --import "${APT_KEY}" -echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index 18f3976a..5cfae43d 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -5,16 +5,14 @@ ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION ARG WAZUH_UI_REVISION ARG INSTALL_DIR=/usr/share/wazuh-dashboard +ARG wazuh_dashboard_url_amd64_rpm +ARG wazuh_dashboard_url_arm64_rpm # Update and install dependencies -RUN yum install curl-minimal libcap openssl -y - -COPY config/check_repository.sh / -RUN chmod 775 /check_repository.sh && \ - source /check_repository.sh - -RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ - yum clean all +RUN dnf install curl-minimal libcap openssl -y && \ + curl -o wazuh-dashboard.rpm "${wazuh_dashboard_url_amd64_rpm}" && \ + dnf install /wazuh-dashboard.rpm -y && \ + dnf clean all # Create and set permissions to data directories RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh @@ -42,10 +40,8 @@ FROM amazonlinux:2023 ENV USER="wazuh-dashboard" \ GROUP="wazuh-dashboard" \ NAME="wazuh-dashboard" \ - INSTALL_DIR="/usr/share/wazuh-dashboard" - -# Set Wazuh app variables -ENV PATTERN="" \ + INSTALL_DIR="/usr/share/wazuh-dashboard" \ + PATTERN="" \ CHECKS_PATTERN="" \ CHECKS_TEMPLATE="" \ CHECKS_API="" \ @@ -60,7 +56,7 @@ ENV PATTERN="" \ WAZUH_MONITORING_REPLICAS="" # Update and install dependencies -RUN yum install shadow-utils -y +RUN dnf install shadow-utils -y && dnf clean all # Create wazuh-dashboard user and group RUN getent group $GROUP || groupadd -r -g 1000 $GROUP diff --git a/build-docker-images/wazuh-dashboard/config/check_repository.sh b/build-docker-images/wazuh-dashboard/config/check_repository.sh deleted file mode 100644 index 3defb44e..00000000 --- a/build-docker-images/wazuh-dashboard/config/check_repository.sh +++ /dev/null @@ -1,15 +0,0 @@ -## variables -APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH -GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" -REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" -WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$) - -## check tag to use the correct repository -if [[ -n "${WAZUH_TAG}" ]]; then - APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH - GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1" -fi - -rpm --import "${APT_KEY}" -echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index f63304ab..41adaef0 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -3,31 +3,16 @@ FROM amazonlinux:2023 AS builder ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION - -RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y - -COPY config/check_repository.sh / -RUN chmod 775 /check_repository.sh && \ - source /check_repository.sh - -RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ - yum clean all - -COPY config/opensearch.yml / +ARG wazuh_indexer_url_amd64_rpm +ARG wazuh_indexer_url_arm64_rpm COPY config/config.sh . -COPY config/config.yml / - -COPY config/action_groups.yml / - -COPY config/internal_users.yml / - -COPY config/roles_mapping.yml / - -COPY config/roles.yml / - -RUN bash config.sh +RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y &&\ + curl -o wazuh-indexer.rpm "${wazuh_indexer_url_amd64_rpm}" && \ + dnf install /wazuh-indexer.rpm -y && \ + dnf clean all && \ + bash config.sh ################################################################################ # Build stage 1 (the actual Wazuh indexer image): diff --git a/build-docker-images/wazuh-indexer/config/check_repository.sh b/build-docker-images/wazuh-indexer/config/check_repository.sh deleted file mode 100644 index 3defb44e..00000000 --- a/build-docker-images/wazuh-indexer/config/check_repository.sh +++ /dev/null @@ -1,15 +0,0 @@ -## variables -APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH -GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" -REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" -WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$) - -## check tag to use the correct repository -if [[ -n "${WAZUH_TAG}" ]]; then - APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH - GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1" -fi - -rpm --import "${APT_KEY}" -echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile index 7078ab88..12a9329a 100644 --- a/build-docker-images/wazuh-manager/Dockerfile +++ b/build-docker-images/wazuh-manager/Dockerfile @@ -5,28 +5,15 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh ARG WAZUH_VERSION ARG WAZUH_TAG_REVISION -ARG FILEBEAT_TEMPLATE_BRANCH -ARG FILEBEAT_CHANNEL=filebeat-oss -ARG FILEBEAT_VERSION=7.10.2 -ARG FILEBEAT_REVISION=2 -ARG WAZUH_FILEBEAT_MODULE ARG S6_VERSION="v2.2.0.3" +ARG wazuh_manager_url_amd64_rpm +ARG wazuh_manager_url_arm64_rpm -RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\ - yum clean all - -COPY config/check_repository.sh / -COPY config/filebeat_module.sh / -COPY config/permanent_data.env config/permanent_data.sh / - -RUN chmod 775 /check_repository.sh -RUN source /check_repository.sh - -RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ - yum clean all && \ - chmod 775 /filebeat_module.sh && \ - source /filebeat_module.sh && \ - rm /filebeat_module.sh && \ +RUN dnf install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\ + dnf clean all && \ + curl -o wazuh-manager.rpm "${wazuh_manager_url_amd64_rpm}" && \ + dnf install /wazuh-manager.rpm -y && \ + dnf clean all && \ curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ -o /tmp/s6-overlay-amd64.tar.gz && \ tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \ @@ -36,16 +23,11 @@ RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \ COPY config/etc/ /etc/ COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py -COPY config/filebeat.yml /etc/filebeat/ - -RUN chmod go-w /etc/filebeat/filebeat.yml - -ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat -RUN chmod go-w /etc/filebeat/wazuh-template.json - # Prepare permanent data # Sync calls are due to https://github.com/docker/docker/issues/9547 +COPY config/permanent_data.env config/permanent_data.sh / + #Make mount directories for keep permissions RUN mkdir -p /var/ossec/var/multigroups && \ @@ -58,8 +40,6 @@ RUN mkdir -p /var/ossec/var/multigroups && \ sync && /permanent_data.sh && \ sync && rm /permanent_data.sh -RUN rm /etc/yum.repos.d/wazuh.repo - # Services ports EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp diff --git a/build-docker-images/wazuh-manager/config/check_repository.sh b/build-docker-images/wazuh-manager/config/check_repository.sh deleted file mode 100644 index 3defb44e..00000000 --- a/build-docker-images/wazuh-manager/config/check_repository.sh +++ /dev/null @@ -1,15 +0,0 @@ -## variables -APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH -GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" -REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1" -WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$) - -## check tag to use the correct repository -if [[ -n "${WAZUH_TAG}" ]]; then - APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH - GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]" - REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/5.x/yum/\nprotect=1" -fi - -rpm --import "${APT_KEY}" -echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo \ No newline at end of file diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat b/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat deleted file mode 100644 index 0a3ed8ff..00000000 --- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/with-contenv bash -# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) - -set -e - -if [ "$INDEXER_URL" != "" ]; then - >&2 echo "Customize Elasticsearch output IP" - sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml -fi - -# Configure filebeat.yml security settings - -if [ "$INDEXER_USERNAME" != "" ]; then - >&2 echo "Configuring username." - sed -i "s|#username:.*|username:|g" /etc/filebeat/filebeat.yml - sed -i "s|username:.*|username: '$INDEXER_USERNAME'|g" /etc/filebeat/filebeat.yml -fi - -if [ "$INDEXER_PASSWORD" != "" ]; then - >&2 echo "Configuring password." - sed -i "s|#password:.*|password:|g" /etc/filebeat/filebeat.yml - sed -i "s|password:.*|password: '$INDEXER_PASSWORD'|g" /etc/filebeat/filebeat.yml -fi - -if [ "$FILEBEAT_SSL_VERIFICATION_MODE" != "" ]; then - >&2 echo "Configuring SSL verification mode." - sed -i "s|#ssl.verification_mode:.*|ssl.verification_mode:|g" /etc/filebeat/filebeat.yml - sed -i "s|ssl.verification_mode:.*|ssl.verification_mode: '$FILEBEAT_SSL_VERIFICATION_MODE'|g" /etc/filebeat/filebeat.yml -fi - -if [ "$SSL_CERTIFICATE_AUTHORITIES" != "" ]; then - >&2 echo "Configuring Certificate Authorities." - sed -i "s|#ssl.certificate_authorities:.*|ssl.certificate_authorities:|g" /etc/filebeat/filebeat.yml - sed -i "s|ssl.certificate_authorities:.*|ssl.certificate_authorities: ['$SSL_CERTIFICATE_AUTHORITIES']|g" /etc/filebeat/filebeat.yml -fi - -if [ "$SSL_CERTIFICATE" != "" ]; then - >&2 echo "Configuring SSL Certificate." - sed -i "s|#ssl.certificate:.*|ssl.certificate:|g" /etc/filebeat/filebeat.yml - sed -i "s|ssl.certificate:.*|ssl.certificate: '$SSL_CERTIFICATE'|g" /etc/filebeat/filebeat.yml -fi - -if [ "$SSL_KEY" != "" ]; then - >&2 echo "Configuring SSL Key." - sed -i "s|#ssl.key:.*|ssl.key:|g" /etc/filebeat/filebeat.yml - sed -i "s|ssl.key:.*|ssl.key: '$SSL_KEY'|g" /etc/filebeat/filebeat.yml -fi - - -chmod go-w /etc/filebeat/filebeat.yml || true -chown root: /etc/filebeat/filebeat.yml || true diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager b/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-manager similarity index 100% rename from build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager rename to build-docker-images/wazuh-manager/config/etc/cont-init.d/1-manager diff --git a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish deleted file mode 100644 index 8813eb67..00000000 --- a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env sh -echo >&2 "Filebeat exited. code=${1}" - -# terminate other services to exit from the container -exec s6-svscanctl -t /var/run/s6/services - diff --git a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run deleted file mode 100644 index 706ee5af..00000000 --- a/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh -echo >&2 "starting Filebeat" - -exec /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat diff --git a/build-docker-images/wazuh-manager/config/filebeat_module.sh b/build-docker-images/wazuh-manager/config/filebeat_module.sh deleted file mode 100644 index dc475a47..00000000 --- a/build-docker-images/wazuh-manager/config/filebeat_module.sh +++ /dev/null @@ -1,11 +0,0 @@ -## variables -REPOSITORY="packages-dev.wazuh.com/pre-release" -WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$) - -## check tag to use the correct repository -if [[ -n "${WAZUH_TAG}" ]]; then - REPOSITORY="packages.wazuh.com/5.x" -fi - -yum install filebeat-${FILEBEAT_VERSION}-${FILEBEAT_REVISION} -y && \ -curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module \ No newline at end of file diff --git a/build-docker-images/wazuh-manager/config/permanent_data.env b/build-docker-images/wazuh-manager/config/permanent_data.env index 26a61289..ae0527a3 100644 --- a/build-docker-images/wazuh-manager/config/permanent_data.env +++ b/build-docker-images/wazuh-manager/config/permanent_data.env @@ -7,7 +7,6 @@ PERMANENT_DATA[((i++))]="/var/ossec/queue" PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups" PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin" PERMANENT_DATA[((i++))]="/var/ossec/wodles" -PERMANENT_DATA[((i++))]="/etc/filebeat" export PERMANENT_DATA @@ -73,11 +72,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py" -PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-ip" -PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-domains" -PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malware-hashes" -PERMANENT_DATA_EXCP[((i++))]="/etc/filebeat/wazuh-template.json" -PERMANENT_DATA_EXCP[((i++))]="/etc/filebeat/filebeat.yml" export PERMANENT_DATA_EXCP # Files mounted in a volume that should be deleted diff --git a/docs/dev/build-image.md b/docs/dev/build-image.md index 563f64e2..4c2c4512 100644 --- a/docs/dev/build-image.md +++ b/docs/dev/build-image.md @@ -24,7 +24,6 @@ $ build-docker-images/build-images.sh -h Usage: build-docker-images/build-images.sh [OPTIONS] -d, --dev [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default. - -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.4. -r, --revision [Optional] Package revision. By default 1 -v, --version [Optional] Set the Wazuh version should be builded. By default, 5.0.0. -h, --help Show this help.