Merge pull request #289 from wazuh/wazuh-release-v3.11.1_7.5.1

Wazuh Release v3.11.1_7.5.1

Author: Jose M. Garcia

CHANGELOG.md

@@ -1,14 +1,20 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
-## Wazuh Docker v3.11.0_7.5.1
+## Wazuh Docker v3.11.1_7.5.1
 
 ### Added
 
-- Update to Wazuh version 3.11.0_7.5.1
+- Update to Wazuh version 3.11.1_7.5.1
 - Filebeat configuration file updated to latest version ([@manuasir](https://github.com/manuasir)) [#271](https://github.com/wazuh/wazuh-docker/pull/271)
 - Allow using the hostname as node_name for managers ([@JPLachance](https://github.com/JPLachance)) [#261](https://github.com/wazuh/wazuh-docker/pull/261)
 
+## Wazuh Docker v3.11.0_7.5.1
+
+### Added
+
+- Update to Wazuh version 3.11.0_7.5.1
+
 ## Wazuh Docker v3.10.2_7.5.0
 
 ### Added

VERSION

@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="3.11.0_7.5.1"
-REVISION="31100"
+WAZUH-DOCKER_VERSION="3.11.1_7.5.1"
+REVISION="31110"

docker-compose.yml

@@ -3,7 +3,7 @@ version: '2'
 
 services:
   wazuh:
-    image: wazuh/wazuh:3.11.0_7.5.1
+    image: wazuh/wazuh:3.11.1_7.5.1
     hostname: wazuh-manager
     restart: always
     ports:
@@ -13,7 +13,7 @@ services:
       - "55000:55000"
 
   elasticsearch:
-    image: wazuh/wazuh-elasticsearch:3.11.0_7.5.1
+    image: wazuh/wazuh-elasticsearch:3.11.1_7.5.1
     hostname: elasticsearch
     restart: always
     ports:
@@ -30,7 +30,7 @@ services:
     mem_limit: 2g
 
   kibana:
-    image: wazuh/wazuh-kibana:3.11.0_7.5.1
+    image: wazuh/wazuh-kibana:3.11.1_7.5.1
     hostname: kibana
     restart: always
     depends_on:
@@ -39,7 +39,7 @@ services:
       - elasticsearch:elasticsearch
       - wazuh:wazuh
   nginx:
-    image: wazuh/wazuh-nginx:3.11.0_7.5.1
+    image: wazuh/wazuh-nginx:3.11.1_7.5.1
     hostname: nginx
     restart: always
     environment:

elasticsearch/Dockerfile

@@ -15,7 +15,7 @@ ENV XPACK_ML="true"
 
 ENV ENABLE_CONFIGURE_S3="false"
 
-ARG TEMPLATE_VERSION=v3.11.0
+ARG TEMPLATE_VERSION=v3.11.1
 
 # Elasticearch cluster configuration environment variables
 # If ELASTIC_CLUSTER is set to "true" the following variables will be added to the Elasticsearch configuration

kibana/Dockerfile

@@ -2,7 +2,7 @@
 FROM docker.elastic.co/kibana/kibana:7.5.1
 USER kibana
 ARG ELASTIC_VERSION=7.5.1
-ARG WAZUH_VERSION=3.11.0
+ARG WAZUH_VERSION=3.11.1
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 #ADD  https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_APP_VERSION}.zip /usr/share/kibana/

wazuh/Dockerfile

@@ -3,12 +3,12 @@ FROM phusion/baseimage:latest
 
 ARG FILEBEAT_VERSION=7.5.1
 
-ARG WAZUH_VERSION=3.11.0-1
+ARG WAZUH_VERSION=3.11.1-1
 
 ENV API_USER="foo" \
    API_PASS="bar"
 
-ARG TEMPLATE_VERSION="v3.11.0"
+ARG TEMPLATE_VERSION="v3.11.1"
 
 # Set repositories.
 RUN set -x && echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \

wazuh/config/00-wazuh.sh

@@ -104,6 +104,17 @@ function ossec_shutdown(){
   ${WAZUH_INSTALL_PATH}/bin/ossec-control stop;
 }
 
+##############################################################################
+# Allow users to set the container hostname as <node_name> dynamically on
+# container start.
+#
+# To use this:
+# 1. Create your own ossec.conf file
+# 2. In your ossec.conf file, set to_be_replaced_by_hostname as your node_name
+# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
+##############################################################################
+sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
+
 # Trap exit signals and do a proper shutdown
 trap "ossec_shutdown; exit" SIGINT SIGTERM
 

wazuh/config/filebeat.yml

@@ -1,53 +1,15 @@
-# Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)
-filebeat.inputs:
-  - type: log
-    paths:
-      - '/var/ossec/logs/alerts/alerts.json'
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+  - module: wazuh
+    alerts:
+      enabled: true
+    archives:
+      enabled: false
 
 setup.template.json.enabled: true
-setup.template.json.path: "/etc/filebeat/wazuh-template.json"
-setup.template.json.name: "wazuh"
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
 setup.template.overwrite: true
+setup.ilm.enabled: false
 
-processors:
-  - decode_json_fields:
-      fields: ['message']
-      process_array: true
-      max_depth: 200
-      target: ''
-      overwrite_keys: true
-  - drop_fields:
-      fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
-  - rename:
-      fields:
-        - from: "data.aws.sourceIPAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.srcip"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-  - rename:
-      fields:
-        - from: "data.win.eventdata.ipAddress"
-          to: "@src_ip"
-      ignore_missing: true
-      fail_on_error: false
-      when:
-        regexp:
-          data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
-
-output.elasticsearch:
-  hosts: ['http://elasticsearch:9200']
-  #pipeline: geoip
-  indices:
-    - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
+output.elasticsearch.hosts: ['http://elasticsearch:9200']