diff --git a/.gitignore b/.gitignore index 822b7b01b9..3cd39a7ea2 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,7 @@ ova/Config_files/filebeat.yml *.pkg.tar.zst .gradle .java +filebeat/output stack/dashboard/base/output stack/indexer/base/output .cache diff --git a/filebeat/build-filebeat-module.sh b/filebeat/build-filebeat-module.sh new file mode 100755 index 0000000000..cf28ed8737 --- /dev/null +++ b/filebeat/build-filebeat-module.sh @@ -0,0 +1,117 @@ +#!/bin/bash + +# Wazuh package generator +# Copyright (C) 2023, Wazuh Inc. +# +# This program is a free software; you can redistribute it +# and/or modify it under the terms of the GNU General Public +# License (version 2) as published by the FSF - Free Software +# Foundation. + +set -e + +wazuh_branch="" +current_path="$( cd $(dirname $0) ; pwd -P )" +dockerfile_path="${current_path}/docker" +container_name="filebeat_module_builder" +outdir="${current_path}/output" + +# ----------------------------------------------------------------------------- + +trap ctrl_c INT + +clean() { + exit_code=$1 + + # Clean the files + rm -rf ${dockerfile_path}/*.sh + + exit ${exit_code} +} + +ctrl_c() { + clean 1 +} + +# ----------------------------------------------------------------------------- + +build() { + + # Copy the necessary files + cp ${current_path}/build.sh ${dockerfile_path} + + # Build the Docker image + docker build -t ${container_name} ${dockerfile_path} || return 1 + + docker run -t --rm -v ${outdir}/:/tmp/output:Z ${container_name} ${wazuh_branch} || return 1 + + echo "Filebeat module file $(ls -Art ${outdir} | tail -n 1) added to ${outdir}." + + return 0 +} + +# ----------------------------------------------------------------------------- + +help() { + echo + echo -e "" + echo -e "NAME" + echo -e " $(basename "${0}") - Build Wazuh Filebeat module." + echo -e "" + echo -e "SYNOPSIS" + echo -e " $(basename "${0}") [OPTIONS]" + echo -e "" + echo -e "DESCRIPTION" + echo -e " -h, --help" + echo -e " Shows help." + echo -e "" + echo -e " -s, --store " + echo -e " [Optional] Set the destination path of package. By default, an output folder will be created." + echo -e "" + echo -e " -w, --wazuh-branch " + echo -e " Enter the branch or tag of the Wazuh repository from which you want to build the module." + echo -e "" + exit $1 +} + +# ----------------------------------------------------------------------------- + +main() { + while [ -n "${1}" ] + do + case "${1}" in + "-h"|"--help") + help 0 + ;; + "-s"|"--store") + if [ -n "${2}" ]; then + outdir="${2}" + shift 2 + else + help 1 + fi + ;; + "-w"|"--wazuh-branch") + if [ -n "${2}" ]; then + wazuh_branch="${2}" + shift 2 + else + help 1 + fi + ;; + *) + help 1 + esac + done + + if [ -z "${wazuh_branch}" ]; then + echo "Wazuh branch cannot be empty" + exit $1 + fi + + build || clean 1 + + clean 0 +} + +main "$@" diff --git a/filebeat/build.sh b/filebeat/build.sh new file mode 100755 index 0000000000..8056f6912a --- /dev/null +++ b/filebeat/build.sh @@ -0,0 +1,41 @@ +#!/bin/bash +set -e + +w_beats_branch="v7.10.2" +w_wazuh_branch=$1 +w_filename="" + +download_sources() { + cd /tmp + git clone https://github.com/elastic/beats.git -b $w_beats_branch --single-branch --depth=1 > /dev/null 2>&1 + cd beats/filebeat/ > /dev/null 2>&1 + go get > /dev/null 2>&1 + make + make create-module MODULE=wazuh + rm -rf module/wazuh/* + + # Fetch Wazuh module source files + cd /tmp + git clone https://github.com/wazuh/wazuh -b $w_wazuh_branch --single-branch --depth=1 > /dev/null 2>&1 + w_filename="wazuh-filebeat-$(cat wazuh/src/VERSION | cut -d 'v' -f 2).tar.gz" + cd /tmp/beats/filebeat + cp -R /tmp/wazuh/extensions/filebeat/7.x/wazuh-module/* module/wazuh +} + +build_module() { + + download_sources + + # Generate production files for Wazuh module + make update + cd build/package/module + chown root:root -R wazuh/ + tar -czvf $w_filename wazuh/* > /dev/null 2>&1 + + # Move final package to /tmp/$W_FILENAME + mv $w_filename /tmp/output + + exit 0 +} + +build_module diff --git a/filebeat/docker/Dockerfile b/filebeat/docker/Dockerfile new file mode 100644 index 0000000000..2c143ccc74 --- /dev/null +++ b/filebeat/docker/Dockerfile @@ -0,0 +1,34 @@ +FROM rockylinux:8.5 + +# Install all the necessary tools to build the packages +RUN yum clean all && yum update -y +RUN yum install -y \ + curl \ + tar \ + git \ + make \ + autoconf \ + automake \ + python3-devel \ + python3-pip \ + gcc + +RUN curl -so go.tar.gz "https://dl.google.com/go/go1.17.10.linux-amd64.tar.gz" > /dev/null 2>&1 && \ + tar -xzf go.tar.gz > /dev/null 2>&1 && \ + mv go /var/ && \ + rm -f go.tar.gz > /dev/null 2>&1 + +ENV GOROOT "/var/go" +ENV GOPATH "/var" +ENV PATH "$GOPATH/bin:$GOROOT/bin:$PATH" + +RUN git clone https://github.com/magefile/mage && \ + cd mage && \ + go run bootstrap.go + +# Add the scripts to build the RPM package +ADD build.sh /usr/local/bin/builder +RUN chmod +x /usr/local/bin/builder + +# Set the entrypoint +ENTRYPOINT ["/usr/local/bin/builder"]