Add Wazuh-Elasticsearch #106
Conversation
elasticsearch/Dockerfile
Outdated
| ENV API_USER="foo" \ | ||
| API_PASS="bar" | ||
|
|
||
| ADD https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/elasticsearch/wazuh-elastic6-template-alerts.json /usr/share/elasticsearch/config |
There was a problem hiding this comment.
Add variable for version. It should be the tag, not the branch.
elasticsearch/config/entrypoint.sh
Outdated
|
|
||
| set -m | ||
|
|
||
| # Add elasticsearch as command if needed |
There was a problem hiding this comment.
It is certainly unnecessary, it is replaced by set -e so that the script aborts when it gets output responses other than 0.
elasticsearch/config/entrypoint.sh
Outdated
| el_url="${ELASTICSEARCH_URL}" | ||
| fi | ||
|
|
||
| # Run as user "elasticsearch" if the command is "elasticsearch" |
There was a problem hiding this comment.
In this section is unnecessary, this entry belongs to the script that updates the settings.
elasticsearch/config/entrypoint.sh
Outdated
| # Run as user "elasticsearch" if the command is "elasticsearch" | ||
| if [ "$1" = 'elasticsearch' -a "$(id -u)" = '0' ]; then | ||
| set -- su-exec eulasticsearch "$@" | ||
| ES_JAVA_OPTS="-Des.network.host=$NETWORK_HOST -Des.logger.level=$LOG_LEVEL -Xms$HEAP_SIZE -Xmx$HEAP_SIZE" "$@" & |
There was a problem hiding this comment.
Where is the HEAP_SIZE variable?. Use default values if it is empty.
There was a problem hiding this comment.
This is done to run the Elasticsearch CMD. It is not the practice performed by Elasticsearch but emulates it.
We have decided to change the entrypoint so that it is in tune with the official Elasticsearch entrypoint, performing the tasks we need as they do.
|
Hello team, To perform good practices as done in other repositories, we have adapted the Elasticsearch Dockerfile to launch an Elasticsearch CMD. The entrypoint.sh contains the options to execute the command independently of the user who launches it. If it is root the command generates problems, that's why, when it is root, a different execution is contemplated specifying the user with UID=1000. This way of proceeding is obtained from the Elasticsearch repository: Best regards, Alfonso Ruiz-Bravo |
Hello team,
This PR solves #108 and creates the Wazuh-Elasticsearch module. This is done to properly separate the tasks concerning each container. The configurations of each container only depend on itself and not on another container.
To this end, we have transferred the modifications made to the Elasticsearch container from the Kibana container.
We have also added the option of configuring API credentials using environment variables so that they are not embedded in the code.
We have performed tests of various types:
All tests have been successful.
Best regards,
Alfonso Ruiz-Bravo