From 15f35ca6a83392dc8e2f1bbe33aaf1072ffab81e Mon Sep 17 00:00:00 2001 From: havidarou Date: Fri, 8 Feb 2019 15:32:36 +0000 Subject: [PATCH] Adding env variables for alerts data flow --- elasticsearch/config/load_settings.sh | 9 ++++++++- kibana/config/kibana_settings.sh | 21 +++++++++++++++---- logstash/Dockerfile | 6 ++++++ logstash/config/run.sh | 29 +++++++-------------------- wazuh/config/entrypoint.sh | 8 ++++++++ 5 files changed, 46 insertions(+), 27 deletions(-) diff --git a/elasticsearch/config/load_settings.sh b/elasticsearch/config/load_settings.sh index a196e766..bac61378 100644 --- a/elasticsearch/config/load_settings.sh +++ b/elasticsearch/config/load_settings.sh @@ -9,6 +9,13 @@ else el_url="${ELASTICSEARCH_URL}" fi +if [ "x${WAZUH_API_URL}" = "x" ]; then + wazuh_url="https://wazuh" +else + wazuh_url="${WAZUH_API_URL}" +fi + + until curl -XGET $el_url; do >&2 echo "Elastic is unavailable - sleeping" sleep 5 @@ -35,7 +42,7 @@ if [ "x$CONFIG_CODE" = "x404" ]; then { "api_user": "'"$API_USER_Q"'", "api_password": "'"$API_PASSWORD"'", - "url": "https://wazuh", + "url": "'"$wazuh_url"'", "api_port": "55000", "insecure": "true", "component": "API", diff --git a/kibana/config/kibana_settings.sh b/kibana/config/kibana_settings.sh index 29f993e1..77b116d7 100644 --- a/kibana/config/kibana_settings.sh +++ b/kibana/config/kibana_settings.sh @@ -15,7 +15,20 @@ WAZUH_MAJOR=3 # Do not ask user to help providing usage statistics to Elastic. ############################################################################## -while [[ "$(curl -XGET -I -s -o /dev/null -w ''%{http_code}'' kibana:5601/status)" != "200" ]]; do +############################################################################## +# Customize elasticsearch ip +############################################################################## +if [ "$ELASTICSEARCH_KIBANA_IP" != "" ]; then + sed -i "s/elasticsearch:9200/$ELASTICSEARCH_KIBANA_IP:9200/" /usr/share/kibana/config/kibana.yml +fi + +if [ "$KIBANA_IP" != "" ]; then + kibana_ip="$KIBANA_IP" +else + kibana_ip="kibana" +fi + +while [[ "$(curl -XGET -I -s -o /dev/null -w ''%{http_code}'' $kibana_ip:5601/status)" != "200" ]]; do echo "Waiting for Kibana API. Sleeping 5 seconds" sleep 5 done @@ -35,16 +48,16 @@ EOF sleep 5 # Add the wazuh alerts index as default. -curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index} +curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index} rm -f ${default_index} sleep 5 # Configuring Kibana TimePicker. -curl -POST "http://kibana:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ +curl -POST "http://$kibana_ip:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ '{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}' sleep 5 # Do not ask user to help providing usage statistics to Elastic -curl -POST "http://kibana:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}' +curl -POST "http://$kibana_ip:5601/api/telemetry/v1/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}' echo "End settings" diff --git a/logstash/Dockerfile b/logstash/Dockerfile index 853bcca6..e0beeb68 100644 --- a/logstash/Dockerfile +++ b/logstash/Dockerfile @@ -4,3 +4,9 @@ FROM docker.elastic.co/logstash/logstash:6.5.4 RUN rm -f /usr/share/logstash/pipeline/logstash.conf COPY config/01-wazuh.conf /usr/share/logstash/pipeline/01-wazuh.conf + +USER root +COPY config/run.sh /run.sh +RUN chmod +x /run.sh + +ENTRYPOINT ["/run.sh"] diff --git a/logstash/config/run.sh b/logstash/config/run.sh index 016c5b5b..a10d3e3c 100644 --- a/logstash/config/run.sh +++ b/logstash/config/run.sh @@ -5,27 +5,12 @@ # variables expected by this script. # -# - -# -# Apply Templates -# - -set -e -host="elasticsearch" -until curl -XGET $host:9200; do - >&2 echo "Elastic is unavailable - sleeping" - sleep 1 -done - -# Add logstash as command if needed -if [ "${1:0:1}" = '-' ]; then - set -- logstash "$@" -fi - -# Run as user "logstash" if the command is "logstash" -if [ "$1" = 'logstash' ]; then - set -- gosu logstash "$@" +############################################################################## +# Customize logstash output ip +############################################################################## +if [ "$LOGSTASH_OUTPUT" != "" ]; then + sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/pipeline/01-wazuh.conf + sed -i "s/elasticsearch:9200/$LOGSTASH_OUTPUT:9200/" /usr/share/logstash/config/logstash.yml fi -exec "$@" +/usr/local/bin/docker-entrypoint diff --git a/wazuh/config/entrypoint.sh b/wazuh/config/entrypoint.sh index 5d750316..37b37be2 100644 --- a/wazuh/config/entrypoint.sh +++ b/wazuh/config/entrypoint.sh @@ -141,6 +141,14 @@ eval $change_user popd + +############################################################################## +# Customize filebeat output ip +############################################################################## +if [ "$FILEBEAT_OUTPUT" != "" ]; then + sed -i "s/logstash:5000/$FILEBEAT_OUTPUT:5000/" /etc/filebeat/filebeat.yml +fi + ############################################################################## # Start Wazuh Server. ##############################################################################