diff --git a/wazuh/Dockerfile b/wazuh/Dockerfile index ff9a940d..91c8e4fa 100644 --- a/wazuh/Dockerfile +++ b/wazuh/Dockerfile @@ -23,7 +23,9 @@ RUN add-apt-repository universe && apt-get update && apt-get upgrade -y -o Dpkg: # Adding first run script and entrypoint COPY config/data_dirs.env /data_dirs.env COPY config/init.bash /init.bash +RUN mkdir /entrypoint-scripts COPY config/entrypoint.sh /entrypoint.sh +COPY config/00-wazuh.sh /entrypoint-scripts/00-wazuh.sh # Sync calls are due to https://github.com/docker/docker/issues/9547 RUN chmod 755 /init.bash && \ @@ -31,7 +33,8 @@ RUN chmod 755 /init.bash && \ sync && rm /init.bash && \ curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${FILEBEAT_VERSION}-amd64.deb &&\ dpkg -i filebeat-${FILEBEAT_VERSION}-amd64.deb && rm -f filebeat-${FILEBEAT_VERSION}-amd64.deb && \ - chmod 755 /entrypoint.sh + chmod 755 /entrypoint.sh && \ + chmod 755 /entrypoint-scripts/00-wazuh.sh COPY config/filebeat.yml /etc/filebeat/ RUN chmod go-w /etc/filebeat/filebeat.yml diff --git a/wazuh/config/00-wazuh.sh b/wazuh/config/00-wazuh.sh new file mode 100644 index 00000000..5935f8cb --- /dev/null +++ b/wazuh/config/00-wazuh.sh @@ -0,0 +1,151 @@ +#!/bin/bash +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) + +# +# OSSEC container bootstrap. See the README for information of the environment +# variables expected by this script. +# + +# + +# +# Startup the services +# + +source /data_dirs.env + +FIRST_TIME_INSTALLATION=false + +WAZUH_INSTALL_PATH=/var/ossec +DATA_PATH=${WAZUH_INSTALL_PATH}/data + +WAZUH_CONFIG_MOUNT=/wazuh-config-mount + +print() { + echo -e $1 +} + +error_and_exit() { + echo "Error executing command: '$1'." + echo 'Exiting.' + exit 1 +} + +exec_cmd() { + eval $1 > /dev/null 2>&1 || error_and_exit "$1" +} + +exec_cmd_stdout() { + eval $1 2>&1 || error_and_exit "$1" +} + +edit_configuration() { # $1 -> setting, $2 -> value + sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)" +} + +for ossecdir in "${DATA_DIRS[@]}"; do + if [ ! -e "${DATA_PATH}/${ossecdir}" ] + then + print "Installing ${ossecdir}" + exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})" + exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}" + FIRST_TIME_INSTALLATION=true + fi +done + +if [ -e ${WAZUH_INSTALL_PATH}/etc-template ] +then + cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf +fi +rm /var/ossec/queue/db/.template.db + +touch ${DATA_PATH}/process_list +chgrp ossec ${DATA_PATH}/process_list +chmod g+rw ${DATA_PATH}/process_list + +AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true} +API_GENERATE_CERTS=${API_GENERATE_CERTS:-true} + +if [ $FIRST_TIME_INSTALLATION == true ] +then + if [ $AUTO_ENROLLMENT_ENABLED == true ] + then + if [ ! -e ${DATA_PATH}/etc/sslmanager.key ] + then + print "Creating ossec-authd key and cert" + exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096" + exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" + fi + fi + if [ $API_GENERATE_CERTS == true ] + then + if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ] + then + print "Enabling Wazuh API HTTPS" + edit_configuration "https" "yes" + print "Create Wazuh API key and cert" + exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096" + exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/" + fi + fi +fi + +############################################################################## +# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect +# destination files permissions +# +# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at +# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will +# replace the ossec.conf file in /var/ossec/data/etc with yours. +############################################################################## +if [ -e "$WAZUH_CONFIG_MOUNT" ] +then + print "Identified Wazuh configuration files to mount..." + + exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH" +else + print "No Wazuh configuration files to mount..." +fi + +function ossec_shutdown(){ + ${WAZUH_INSTALL_PATH}/bin/ossec-control stop; +} + +# Trap exit signals and do a proper shutdown +trap "ossec_shutdown; exit" SIGINT SIGTERM + +chmod -R g+rw ${DATA_PATH} + +############################################################################## +# Interpret any passed arguments (via docker command to this entrypoint) as +# paths or commands, and execute them. +# +# This can be useful for actions that need to be run before the services are +# started, such as "/var/ossec/bin/ossec-control enable agentless". +############################################################################## +for CUSTOM_COMMAND in "$@" +do + echo "Executing command \`${CUSTOM_COMMAND}\`" + exec_cmd_stdout "${CUSTOM_COMMAND}" +done + +############################################################################## +# Change Wazuh API user credentials. +############################################################################## + +pushd /var/ossec/api/configuration/auth/ + +echo "Change Wazuh API user credentials" +change_user="node htpasswd -b -c user $API_USER $API_PASS" +eval $change_user + +popd + + +############################################################################## +# Customize filebeat output ip +############################################################################## +if [ "$FILEBEAT_OUTPUT" != "" ]; then + sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml +fi + diff --git a/wazuh/config/entrypoint.sh b/wazuh/config/entrypoint.sh index 67107f55..bc07ae4a 100644 --- a/wazuh/config/entrypoint.sh +++ b/wazuh/config/entrypoint.sh @@ -1,154 +1,12 @@ #!/bin/bash # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) -# -# OSSEC container bootstrap. See the README for information of the environment -# variables expected by this script. -# +# It will run every .sh script located in entrypoint-scripts folder in lexicographical order +for script in `ls /entrypoint-scripts/*.sh | sort -n`; do + bash "$script" -# - -# -# Startup the services -# - -source /data_dirs.env - -FIRST_TIME_INSTALLATION=false - -WAZUH_INSTALL_PATH=/var/ossec -DATA_PATH=${WAZUH_INSTALL_PATH}/data - -WAZUH_CONFIG_MOUNT=/wazuh-config-mount - -print() { - echo -e $1 -} - -error_and_exit() { - echo "Error executing command: '$1'." - echo 'Exiting.' - exit 1 -} - -exec_cmd() { - eval $1 > /dev/null 2>&1 || error_and_exit "$1" -} - -exec_cmd_stdout() { - eval $1 2>&1 || error_and_exit "$1" -} - -edit_configuration() { # $1 -> setting, $2 -> value - sed -i "s/^config.$1\s=.*/config.$1 = \"$2\";/g" "${DATA_PATH}/api/configuration/config.js" || error_and_exit "sed (editing configuration)" -} - -for ossecdir in "${DATA_DIRS[@]}"; do - if [ ! -e "${DATA_PATH}/${ossecdir}" ] - then - print "Installing ${ossecdir}" - exec_cmd "mkdir -p $(dirname ${DATA_PATH}/${ossecdir})" - exec_cmd "cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}" - FIRST_TIME_INSTALLATION=true - fi -done - -if [ -e ${WAZUH_INSTALL_PATH}/etc-template ] -then - cp -p /var/ossec/etc-template/internal_options.conf /var/ossec/etc/internal_options.conf -fi -rm /var/ossec/queue/db/.template.db - -touch ${DATA_PATH}/process_list -chgrp ossec ${DATA_PATH}/process_list -chmod g+rw ${DATA_PATH}/process_list - -AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true} -API_GENERATE_CERTS=${API_GENERATE_CERTS:-true} - -if [ $FIRST_TIME_INSTALLATION == true ] -then - if [ $AUTO_ENROLLMENT_ENABLED == true ] - then - if [ ! -e ${DATA_PATH}/etc/sslmanager.key ] - then - print "Creating ossec-authd key and cert" - exec_cmd "openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096" - exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key -out ${DATA_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" - fi - fi - if [ $API_GENERATE_CERTS == true ] - then - if [ ! -e ${DATA_PATH}/api/configuration/ssl/server.crt ] - then - print "Enabling Wazuh API HTTPS" - edit_configuration "https" "yes" - print "Create Wazuh API key and cert" - exec_cmd "openssl genrsa -out ${DATA_PATH}/api/configuration/ssl/server.key 4096" - exec_cmd "openssl req -new -x509 -key ${DATA_PATH}/api/configuration/ssl/server.key -out ${DATA_PATH}/api/configuration/ssl/server.crt -days 3650 -subj /CN=${HOSTNAME}/" - fi - fi -fi - -############################################################################## -# Copy all files from $WAZUH_CONFIG_MOUNT to $DATA_PATH and respect -# destination files permissions -# -# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at -# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will -# replace the ossec.conf file in /var/ossec/data/etc with yours. -############################################################################## -if [ -e "$WAZUH_CONFIG_MOUNT" ] -then - print "Identified Wazuh configuration files to mount..." - - exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $DATA_PATH" -else - print "No Wazuh configuration files to mount..." -fi - -function ossec_shutdown(){ - ${WAZUH_INSTALL_PATH}/bin/ossec-control stop; -} - -# Trap exit signals and do a proper shutdown -trap "ossec_shutdown; exit" SIGINT SIGTERM - -chmod -R g+rw ${DATA_PATH} - -############################################################################## -# Interpret any passed arguments (via docker command to this entrypoint) as -# paths or commands, and execute them. -# -# This can be useful for actions that need to be run before the services are -# started, such as "/var/ossec/bin/ossec-control enable agentless". -############################################################################## -for CUSTOM_COMMAND in "$@" -do - echo "Executing command \`${CUSTOM_COMMAND}\`" - exec_cmd_stdout "${CUSTOM_COMMAND}" done -############################################################################## -# Change Wazuh API user credentials. -############################################################################## - -pushd /var/ossec/api/configuration/auth/ - -echo "Change Wazuh API user credentials" -change_user="node htpasswd -b -c user $API_USER $API_PASS" -eval $change_user - -popd - - -############################################################################## -# Customize filebeat output ip -############################################################################## -if [ "$FILEBEAT_OUTPUT" != "" ]; then - sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml -fi - ############################################################################## # Start Wazuh Server. ##############################################################################