Add opendistro support and bump to 4.0-staging

docker-compose.yml

@@ -3,14 +3,20 @@ version: '3.7'
 
 services:
   wazuh:
-    build: wazuh
+    build: wazuh-opendistro/
+    image: wazuh-opendistro
     hostname: wazuh-manager
     restart: always
     ports:
-      - "1514:1514/udp"
+      - "1514:1514"
       - "1515:1515"
       - "514:514/udp"
       - "55000:55000"
+    environment:
+      - ELASTICSEARCH_URL=https://elasticsearch:9200
+      - ELASTIC_USERNAME=admin
+      - ELASTIC_PASSWORD=admin
+      - FILEBEAT_SSL_VERIFICATION_MODE=none
     volumes:
       - ossec_api_configuration:/var/ossec/api/configuration
       - ossec_etc:/var/ossec/etc
@@ -25,46 +31,45 @@ services:
       - filebeat_var:/var/lib/filebeat
 
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0
+    image: amazon/opendistro-for-elasticsearch:1.9.0
     hostname: elasticsearch
     restart: always
     ports:
       - "9200:9200"
     environment:
-      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
-      - bootstrap.memory_lock=true
       - discovery.type=single-node
+      - cluster.name=wazuh-cluster
+      - network.host=0.0.0.0
+      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - bootstrap.memory_lock=true
     ulimits:
       memlock:
         soft: -1
         hard: -1
-    volumes:
-      - ./elastic_conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
+      nofile:
+        soft: 65536
+        hard: 65536
 
   kibana:
-    build: kibana
+    build: kibana-opendistro/
+    image: wazuh-kibana-opendistro
     hostname: kibana
     restart: always
+    ports:
+      - 443:5601
+    environment:
+      - ELASTICSEARCH_USERNAME=admin
+      - ELASTICSEARCH_PASSWORD=admin
+      - SERVER_SSL_ENABLED=true
+      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
+      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
+
     depends_on:
       - elasticsearch
     links:
       - elasticsearch:elasticsearch
       - wazuh:wazuh
 
-  nginx:
-    image: nginx:stable
-    hostname: nginx
-    restart: always
-    ports:
-      - "80:80"
-      - "443:443"
-    depends_on:
-      - kibana
-    links:
-      - kibana:kibana
-    volumes:
-      - ./nginx_conf:/etc/nginx/conf.d:ro
-
 volumes:
   ossec_api_configuration:
   ossec_etc:

kibana-opendistro/Dockerfile

@@ -0,0 +1,57 @@
+# Wazuh Docker Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+FROM amazon/opendistro-for-elasticsearch-kibana:1.9.0
+USER kibana
+ARG ELASTIC_VERSION=7.8.0
+ARG WAZUH_VERSION=4.0.0
+ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
+
+WORKDIR /usr/share/kibana
+RUN ./bin/kibana-plugin install https://packages-dev.wazuh.com/pre-release/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip
+
+WORKDIR /
+USER root
+COPY config/entrypoint.sh ./entrypoint.sh
+RUN chmod 755 ./entrypoint.sh
+
+ENV PATTERN="" \
+    CHECKS_PATTERN="" \
+    CHECKS_TEMPLATE="" \
+    CHECKS_API="" \
+    CHECKS_SETUP="" \
+    EXTENSIONS_PCI="" \
+    EXTENSIONS_GDPR="" \
+    EXTENSIONS_AUDIT="" \
+    EXTENSIONS_OSCAP="" \
+    EXTENSIONS_CISCAT="" \
+    EXTENSIONS_AWS="" \
+    EXTENSIONS_VIRUSTOTAL="" \
+    EXTENSIONS_OSQUERY="" \
+    APP_TIMEOUT="" \
+    WAZUH_SHARDS="" \
+    WAZUH_REPLICAS="" \
+    WAZUH_VERSION_SHARDS="" \
+    WAZUH_VERSION_REPLICAS="" \
+    IP_SELECTOR="" \
+    IP_IGNORE="" \
+    WAZUH_MONITORING_ENABLED="" \
+    WAZUH_MONITORING_FREQUENCY="" \
+    WAZUH_MONITORING_SHARDS="" \
+    WAZUH_MONITORING_REPLICAS="" \
+    ADMIN_PRIVILEGES=""
+
+USER kibana
+RUN NODE_OPTIONS="--max-old-space-size=2048" /usr/local/bin/kibana-docker --optimize
+
+COPY ./config/custom_welcome /tmp/custom_welcome
+COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
+RUN chmod +x ./welcome_wazuh.sh
+ARG CHANGE_WELCOME="true"
+RUN ./welcome_wazuh.sh
+
+COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
+RUN chmod +x ./wazuh_app_config.sh
+
+COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
+RUN chmod +x ./kibana_settings.sh
+
+ENTRYPOINT ./entrypoint.sh

kibana-opendistro/config/custom_welcome/security-login.style.css

@@ -0,0 +1,118 @@
+#security-login-app .content {
+  background: url(./wazuh_wazuh_bg.svg) !important;
+  width: 100% !important;
+  height: 100% !important;
+  background-size: cover !important;
+}
+
+.app-wrapper {
+  left: 0;
+}
+
+.global-nav.is-global-nav-open+.app-wrapper {
+  left: 0;
+}
+
+.btn-default {
+  background-color: #00a9e5!important;
+  border-color: #00a0e5!important;
+  color: #ffffff;
+  padding: 8px;
+}
+
+.btn-default:hover {
+  background-color: #00a9e5!important;
+  border-color: #00a0e5!important;
+  color: #ffffff;
+}
+
+.brand-image-container {
+  text-align: center;
+}
+
+.brand-image {
+  display: none;
+}
+
+.login-wrapper {
+  position: absolute;
+  width: 430px;
+  top: 55px;
+  border-radius: 1px;
+  padding: 1em;
+}
+
+.login-wrapper .login-title {
+  text-align: center;
+  padding-bottom: 10px;
+  color: #ffffff !important;
+  font-size: 35px !important;
+  font-weight: 300;
+}
+
+.login-wrapper .login-subtitle {
+  text-align: center;
+  padding-bottom: 15px;
+  color: #ffffff !important;
+  font-size: 16px !important;
+}
+
+.login-wrapper .login-form {
+  padding: 16px;
+  box-shadow: 0 2px 2px -1px rgba(152, 162, 179, 0.3), 0 1px 5px -2px rgba(152, 162, 179, 0.3);
+  background-color: #FFF;
+  border: 1px solid #D3DAE6;
+  border-radius: 4px;
+  -webkit-box-flex: 1;
+  -ms-flex-positive: 1;
+  flex-grow: 1;
+  margin-top: 32px;
+}
+
+.login-wrapper .login-form .input-group {
+  margin-bottom: 1em;
+}
+
+.login-wrapper .login-form .kuiTextInput {
+  cursor: initial;
+}
+
+.login-wrapper .login-form .kuiTextInput:invalid:not(.ng-touched) {
+  border-color: #D9D9D9;
+}
+
+.login-wrapper .login-form .kuiTextInput.has-error {
+  border-color: #A30000;
+}
+
+.login-wrapper .login-form .btn-login {
+  width: 100%;
+}
+
+.login-wrapper .error-message {
+  color: #b4251d;
+  font-size: 14px;
+  margin-top: 16px;
+  margin-bottom: 0;
+  background-color: #f8e9e9;
+  padding: 8px;
+  font-weight: 400;
+  border-left: 2px solid #BD271E;
+}
+
+.loginWelcome__logo {
+  display: inline-block;
+  width: 80px;
+  height: 80px;
+  line-height: 80px;
+  text-align: center;
+  background-color: #FFF;
+  border-radius: 100%;
+  padding: 16px;
+  box-shadow: 0 6px 12px -1px rgba(152, 162, 179, 0.2), 0 4px 4px -1px rgba(152, 162, 179, 0.2), 0 2px 2px 0 rgba(152, 162, 179, 0.2);
+  margin-bottom: 32px;
+}
+
+.loginWelcome__logo {
+  background: url(./wazuh_logo_circle.svg) center center no-repeat !important;
+}

kibana-opendistro/config/custom_welcome/template.js.hbs

@@ -0,0 +1,112 @@
+var kbnCsp = JSON.parse(document.querySelector('kbn-csp').getAttribute('data'));
+window.__kbnStrictCsp__ = kbnCsp.strictCsp;
+window.__kbnDarkMode__ = {{darkMode}};
+window.__kbnPublicPath__ = {{publicPathMap}};
+
+if (window.__kbnStrictCsp__ && window.__kbnCspNotEnforced__) {
+  var legacyBrowserError = document.getElementById('kbn_legacy_browser_error');
+  legacyBrowserError.style.display = 'flex';
+} else {
+  if (!window.__kbnCspNotEnforced__ && window.console) {
+    window.console.log("^ A single error about an inline script not firing due to content security policy is expected!");
+  }
+  var loadingMessage = document.getElementById('kbn_loading_message');
+  loadingMessage.style.display = 'flex';
+
+  window.onload = function () {
+      //WAZUH 
+      var interval = setInterval(() => {  
+        var title = document.getElementsByClassName('login-title');
+        if ((title || []).length) {
+          clearInterval(interval);
+          title[0].textContent = "Welcome to Wazuh";
+          var subtitle = document.getElementsByClassName('login-subtitle');
+          subtitle[0].textContent = "The Open Source Security Platform";
+          var logo = document.getElementsByClassName('brand-image-container');
+          $(logo).append('<span class="loginWelcome__logo"></span>');
+        } 
+      })  
+    //
+
+    function failure() {
+      // make subsequent calls to failure() noop
+      failure = function () {};
+
+      var err = document.createElement('h1');
+      err.style['color'] = 'white';
+      err.style['font-family'] = 'monospace';
+      err.style['text-align'] = 'center';
+      err.style['background'] = '#F44336';
+      err.style['padding'] = '25px';
+      err.innerText = document.querySelector('[data-error-message]').dataset.errorMessage;
+
+      document.body.innerHTML = err.outerHTML;
+    }
+
+var stylesheetTarget = document.querySelector('head meta[name="add-styles-here"]')
+    function loadStyleSheet(url, cb) {
+      var dom = document.createElement('link');
+      dom.rel = 'stylesheet';
+      dom.type = 'text/css';
+      dom.href = url;
+      dom.addEventListener('error', failure);
+      dom.addEventListener('load', cb);
+      document.head.insertBefore(dom, stylesheetTarget);
+    }
+
+    var scriptsTarget = document.querySelector('head meta[name="add-scripts-here"]')
+    function loadScript(url, cb) {
+      var dom = document.createElement('script');
+      {{!-- NOTE: async = false is used to trigger async-download/ordered-execution as outlined here: https://www.html5rocks.com/en/tutorials/speed/script-loading/ --}}
+      dom.async = false;
+      dom.src = url;
+      dom.addEventListener('error', failure);
+      dom.addEventListener('load', cb);
+      document.head.insertBefore(dom, scriptsTarget);
+    }
+
+    function load(urls, cb) {
+      var pending = urls.length;
+      urls.forEach(function (url) {
+        var innerCb = function () {
+          pending = pending - 1;
+          if (pending === 0 && typeof cb === 'function') {
+            cb();
+          }
+        }
+
+        if (typeof url !== 'string') {
+          load(url, innerCb);
+        } else if (url.slice(-4) === '.css') {
+          loadStyleSheet(url, innerCb);
+        } else {
+          loadScript(url, innerCb);
+        }
+      });
+    }
+
+    load([
+      {{#each jsDependencyPaths}}
+        '{{this}}',
+      {{/each}}
+    ], function () {
+      {{#unless legacyBundlePath}}
+        if (!__kbnBundles__ || !__kbnBundles__['entry/core'] || typeof __kbnBundles__['entry/core'].__kbnBootstrap__ !== 'function') {
+          console.error('entry/core bundle did not load correctly');
+          failure();
+        } else {
+          __kbnBundles__['entry/core'].__kbnBootstrap__()
+        }
+      {{/unless}}
+
+      load([
+        {{#if legacyBundlePath}}
+          '{{legacyBundlePath}}',
+        {{/if}}
+        {{#each styleSheetPaths}}
+          '{{this}}',
+        {{/each}}
+      ]);
+    });
+  }
+}