Improvements to Kibana settings added (#91)

wazuh · Feb 1, 2019 · ffe3dde · ffe3dde
1 parent f3cc91f
commit ffe3dde
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -26,6 +26,7 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
+- Improvements to Kibana settings added. ([#91](https://github.com/wazuh/wazuh-docker/pull/91))
 - Add Kibana environmental variables for Wazuh APP config.yml. ([#89](https://github.com/wazuh/wazuh-docker/pull/89))
 
 ### Changed

diff --git a/kibana/Dockerfile b/kibana/Dockerfile
@@ -46,5 +46,9 @@ COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
 
 RUN chmod +x ./wazuh_app_config.sh
 
+COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
+
+RUN chmod +x ./kibana_settings.sh
+
 ENTRYPOINT /entrypoint.sh
 
diff --git a/kibana/config/entrypoint.sh b/kibana/config/entrypoint.sh
@@ -21,4 +21,6 @@ done
 
 sleep 5
 
+./kibana_settings.sh &
+
 /usr/local/bin/kibana-docker
diff --git a/kibana/config/kibana_settings.sh b/kibana/config/kibana_settings.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+
+WAZUH_MAJOR=3
+
+##############################################################################
+# Wait for the Kibana API to start. It is necessary to do it in this container
+# because the others are running Elastic Stack and we can not interrupt them. 
+# 
+# The following actions are performed:
+#
+# Add the wazuh alerts index as default.
+# Set the Discover time interval to 24 hours instead of 15 minutes.
+# Do not ask user to help providing usage statistics to Elastic.
+##############################################################################
+
+while [[ "$(curl -XGET -I  -s -o /dev/null -w ''%{http_code}'' kibana:5601/status)" != "200" ]]; do
+  echo "Waiting for Kibana API. Sleeping 5 seconds"
+  sleep 5
+done
+
+# Prepare index selection. 
+echo "Kibana API is running"
+
+default_index="/tmp/default_index.json"
+
+cat > ${default_index} << EOF
+{
+  "changes": {
+    "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
+  }
+}
+EOF
+
+sleep 5
+# Add the wazuh alerts index as default.
+curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
+rm -f ${default_index}
+
+sleep 5
+# Configuring Kibana TimePicker.
+curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
+'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-24h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}'
+
+sleep 5
+# Do not ask user to help providing usage statistics to Elastic
+curl -POST "http://kibana:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
+
+echo "End settings"
diff --git a/wazuh/config/entrypoint.sh b/wazuh/config/entrypoint.sh
@@ -129,12 +129,10 @@ do
   exec_cmd_stdout "${CUSTOM_COMMAND}"
 done
 
-
 ##############################################################################
 # Change Wazuh API user credentials.
 ##############################################################################
 
-
 pushd /var/ossec/api/configuration/auth/
 
 echo "Change Wazuh API user credentials"
@@ -143,5 +141,8 @@ eval $change_user
 
 popd
 
+##############################################################################
+# Start Wazuh Server.
+##############################################################################
 
 /sbin/my_init
Original file line number	Diff line number	Diff line change
Expand Up		@@ -21,4 +21,6 @@ done

		sleep 5

		./kibana_settings.sh &

		/usr/local/bin/kibana-docker