From 6e2657800e8580e4dc26410c0b77a1f52b185077 Mon Sep 17 00:00:00 2001
From: yenienserrano <ian.serrano@wazuh.com>
Date: Tue, 12 Dec 2023 15:40:15 +0100
Subject: [PATCH] Add dockerfile and config files

---
 .../build-packages/docker/config/config.sh    |  40 ++++++
 .../build-packages/docker/config/config.yml   |   5 +
 .../docker/config/entrypoint.sh               |  20 +++
 .../docker/config/opensearch_dashboards.yml   |  16 +++
 .../build-packages/docker/config/wazuh.yml    | 136 ++++++++++++++++++
 .../docker/config/wazuh_app_config.sh         |  51 +++++++
 .../build-packages/docker/wzd.Dockerfile      |  96 +++++++++++++
 7 files changed, 364 insertions(+)
 create mode 100644 dev-tools/build-packages/docker/config/config.sh
 create mode 100644 dev-tools/build-packages/docker/config/config.yml
 create mode 100644 dev-tools/build-packages/docker/config/entrypoint.sh
 create mode 100644 dev-tools/build-packages/docker/config/opensearch_dashboards.yml
 create mode 100644 dev-tools/build-packages/docker/config/wazuh.yml
 create mode 100644 dev-tools/build-packages/docker/config/wazuh_app_config.sh
 create mode 100644 dev-tools/build-packages/docker/wzd.Dockerfile

diff --git a/dev-tools/build-packages/docker/config/config.sh b/dev-tools/build-packages/docker/config/config.sh
new file mode 100644
index 000000000000..a688742920c0
--- /dev/null
+++ b/dev-tools/build-packages/docker/config/config.sh
@@ -0,0 +1,40 @@
+export DH_OPTIONS
+
+export NAME=wazuh-dashboard
+export TARGET_DIR=${CURDIR}/debian/${NAME}
+export INSTALLATION_DIR=/usr/share/${NAME}
+export CONFIG_DIR=${INSTALLATION_DIR}/config
+
+## Variables
+CERT_TOOL=wazuh-certs-tool.sh
+PACKAGES_URL=https://packages.wazuh.com/4.9/
+PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/
+
+## Check if the cert tool exists in S3 buckets
+CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}')
+
+## If cert tool exists in some bucket, download it, if not exit 1
+if [ "$CERT_TOOL_PACKAGES" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL
+  echo "Cert tool exists in Packages bucket"
+elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then
+  curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL
+  echo "Cert tool exists in Packages-dev bucket"
+else
+  echo "Cert tool does not exist in any bucket"
+  exit 1
+fi
+
+chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
+
+# Create certs directory
+mkdir -p ${CONFIG_DIR}/certs
+
+# Copy Wazuh dashboard certs to install config dir
+cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
+cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
+cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
+
+chmod -R 500 ${CONFIG_DIR}/certs
+chmod -R 400 ${CONFIG_DIR}/certs/*
diff --git a/dev-tools/build-packages/docker/config/config.yml b/dev-tools/build-packages/docker/config/config.yml
new file mode 100644
index 000000000000..1e4864a1bb5d
--- /dev/null
+++ b/dev-tools/build-packages/docker/config/config.yml
@@ -0,0 +1,5 @@
+nodes:
+  # Wazuh dashboard server nodes
+  dashboard:
+    - name: demo.dashboard
+      ip: demo.dashboard
diff --git a/dev-tools/build-packages/docker/config/entrypoint.sh b/dev-tools/build-packages/docker/config/entrypoint.sh
new file mode 100644
index 000000000000..8ea5b0eee053
--- /dev/null
+++ b/dev-tools/build-packages/docker/config/entrypoint.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+INSTALL_DIR=/usr/share/wazuh-dashboard
+DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
+DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
+
+# Create and configure Wazuh dashboard keystore
+
+yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
+echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
+echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
+
+##############################################################################
+# Start Wazuh dashboard
+##############################################################################
+
+/wazuh_app_config.sh $WAZUH_UI_REVISION
+
+/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+
diff --git a/dev-tools/build-packages/docker/config/opensearch_dashboards.yml b/dev-tools/build-packages/docker/config/opensearch_dashboards.yml
new file mode 100644
index 000000000000..993b8bbb1add
--- /dev/null
+++ b/dev-tools/build-packages/docker/config/opensearch_dashboards.yml
@@ -0,0 +1,16 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
+
+opensearchDashboards.branding:
+  useExpandedHeader: false
+
diff --git a/dev-tools/build-packages/docker/config/wazuh.yml b/dev-tools/build-packages/docker/config/wazuh.yml
new file mode 100644
index 000000000000..63707be09e60
--- /dev/null
+++ b/dev-tools/build-packages/docker/config/wazuh.yml
@@ -0,0 +1,136 @@
+---
+#
+# Wazuh app - App configuration file
+# Copyright (C) 2017, Wazuh Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Find more information about this on the LICENSE file.
+#
+# ======================== Wazuh app configuration file ========================
+#
+# Please check the documentation for more information on configuration options:
+# https://documentation.wazuh.com/current/installation-guide/index.html
+#
+# Also, you can check our repository:
+# https://github.com/wazuh/wazuh-dashboard-plugins
+#
+# ------------------------------- Index patterns -------------------------------
+#
+# Default index pattern to use.
+#pattern: wazuh-alerts-*
+#
+# ----------------------------------- Checks -----------------------------------
+#
+# Defines which checks must to be consider by the healthcheck
+# step once the Wazuh app starts. Values must to be true or false.
+#checks.pattern : true
+#checks.template: true
+#checks.api     : true
+#checks.setup   : true
+#checks.metaFields: true
+#
+# ---------------------------------- Time out ----------------------------------
+#
+# Defines maximum timeout to be used on the Wazuh app requests.
+# It will be ignored if it is bellow 1500.
+# It means milliseconds before we consider a request as failed.
+# Default: 20000
+#timeout: 20000
+#
+# -------------------------------- API selector --------------------------------
+#
+# Defines if the user is allowed to change the selected
+# API directly from the Wazuh app top menu.
+# Default: true
+#api.selector: true
+#
+# --------------------------- Index pattern selector ---------------------------
+#
+# Defines if the user is allowed to change the selected
+# index pattern directly from the Wazuh app top menu.
+# Default: true
+#ip.selector: true
+#
+# List of index patterns to be ignored
+#ip.ignore: []
+#
+# ------------------------------ wazuh-monitoring ------------------------------
+#
+# Custom setting to enable/disable wazuh-monitoring indices.
+# Values: true, false, worker
+# If worker is given as value, the app will show the Agents status
+# visualization but won't insert data on wazuh-monitoring indices.
+# Default: true
+#wazuh.monitoring.enabled: true
+#
+# Custom setting to set the frequency for wazuh-monitoring indices cron task.
+# Default: 900 (s)
+#wazuh.monitoring.frequency: 900
+#
+# Configure wazuh-monitoring-* indices shards and replicas.
+#wazuh.monitoring.shards: 2
+#wazuh.monitoring.replicas: 0
+#
+# Configure wazuh-monitoring-* indices custom creation interval.
+# Values: h (hourly), d (daily), w (weekly), m (monthly)
+# Default: d
+#wazuh.monitoring.creation: d
+#
+# Default index pattern to use for Wazuh monitoring
+#wazuh.monitoring.pattern: wazuh-monitoring-*
+#
+# --------------------------------- wazuh-cron ----------------------------------
+#
+# Customize the index prefix of predefined jobs
+# This change is not retroactive, if you change it new indexes will be created
+# cron.prefix: test
+#
+# ------------------------------ wazuh-statistics -------------------------------
+#
+# Custom setting to enable/disable statistics tasks.
+#cron.statistics.status: true
+#
+# Enter the ID of the APIs you want to save data from, leave this empty to run
+# the task on all configured APIs
+#cron.statistics.apis: []
+#
+# Define the frequency of task execution using cron schedule expressions
+#cron.statistics.interval: 0 0 * * * *
+#
+# Define the name of the index in which the documents are to be saved.
+#cron.statistics.index.name: statistics
+#
+# Define the interval in which the index will be created
+#cron.statistics.index.creation: w
+#
+# ------------------------------- App privileges --------------------------------
+#admin: true
+#
+# ---------------------------- Hide manager alerts ------------------------------
+# Hide the alerts of the manager in all dashboards and discover
+#hideManagerAlerts: false
+#
+# ------------------------------- App logging level -----------------------------
+# Set the logging level for the Wazuh App log files.
+# Default value: info
+# Allowed values: info, debug
+#logs.level: info
+#
+# -------------------------------- Enrollment DNS -------------------------------
+# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
+# Default value: ''
+#enrollment.dns: ''
+#
+#-------------------------------- API entries -----------------------------------
+#The following configuration is the default structure to define an API entry.
+#
+#hosts:
+#  - <id>:
+#     url: http(s)://<url>
+#     port: <port>
+#     username: <username>
+#     password: <password>
diff --git a/dev-tools/build-packages/docker/config/wazuh_app_config.sh b/dev-tools/build-packages/docker/config/wazuh_app_config.sh
new file mode 100644
index 000000000000..1e7cec3e8eac
--- /dev/null
+++ b/dev-tools/build-packages/docker/config/wazuh_app_config.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
+
+wazuh_url="${WAZUH_API_URL:-https://wazuh}"
+wazuh_port="${API_PORT:-55000}"
+api_username="${API_USERNAME:-wazuh-wui}"
+api_password="${API_PASSWORD:-wazuh-wui}"
+api_run_as="${RUN_AS:-false}"
+
+dashboard_config_file="/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml"
+
+declare -A CONFIG_MAP=(
+  [pattern]=$PATTERN
+  [checks.pattern]=$CHECKS_PATTERN
+  [checks.template]=$CHECKS_TEMPLATE
+  [checks.api]=$CHECKS_API
+  [checks.setup]=$CHECKS_SETUP
+  [timeout]=$APP_TIMEOUT
+  [api.selector]=$API_SELECTOR
+  [ip.selector]=$IP_SELECTOR
+  [ip.ignore]=$IP_IGNORE
+  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
+  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
+  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
+  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
+)
+
+for i in "${!CONFIG_MAP[@]}"
+do
+    if [ "${CONFIG_MAP[$i]}" != "" ]; then
+        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $dashboard_config_file
+    fi
+done
+
+
+grep -q 1513629884013 $dashboard_config_file
+_config_exists=$?
+
+if [[ $_config_exists -ne 0 ]]; then
+cat << EOF >> $dashboard_config_file
+hosts:
+  - 1513629884013:
+      url: $wazuh_url
+      port: $wazuh_port
+      username: $api_username
+      password: $api_password
+      run_as: $api_run_as
+EOF
+else
+  echo "Wazuh APP already configured"
+fi
diff --git a/dev-tools/build-packages/docker/wzd.Dockerfile b/dev-tools/build-packages/docker/wzd.Dockerfile
new file mode 100644
index 000000000000..9a72ff466c47
--- /dev/null
+++ b/dev-tools/build-packages/docker/wzd.Dockerfile
@@ -0,0 +1,96 @@
+FROM ubuntu:jammy AS builder
+
+ARG INSTALL_DIR=/usr/share/wazuh-dashboard
+ARG PACKAGE_NAME
+
+# Update and install dependencies
+RUN apt-get update && apt install curl libcap2-bin xz-utils unzip -y
+
+# Create Install dir
+RUN mkdir -p $INSTALL_DIR
+RUN mkdir -p /tmp
+
+# Download and extract wazuh-dashboard
+COPY ./$PACKAGE_PATH /tmp
+RUN unzip /tmp/$PACKAGE_PATH -d /tmp/tar/
+RUN tar -xf /tmp/tar/$(ls /tmp/tar) --directory  $INSTALL_DIR --strip-components=1
+
+# Generate certificates
+COPY config/config.sh .
+COPY config/config.yml /
+RUN bash config.sh
+
+# Create and set permissions to data directories
+RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
+RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
+RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
+
+# Copy and set permissions to config files
+COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
+COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
+RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
+
+
+################################################################################
+# Build stage 1 (the current Wazuh dashboard image):
+#
+# Copy wazuh-dashboard from stage 0
+# Add entrypoint
+# Add wazuh_app_config
+################################################################################
+FROM ubuntu:jammy
+
+# Set environment variables
+ENV USER="wazuh-dashboard" \
+  GROUP="wazuh-dashboard" \
+  NAME="wazuh-dashboard" \
+  INSTALL_DIR="/usr/share/wazuh-dashboard"
+
+# Set Wazuh app variables
+ENV PATTERN="" \
+  CHECKS_PATTERN="" \
+  CHECKS_TEMPLATE="" \
+  CHECKS_API="" \
+  CHECKS_SETUP="" \
+  APP_TIMEOUT="" \
+  API_SELECTOR="" \
+  IP_SELECTOR="" \
+  IP_IGNORE="" \
+  WAZUH_MONITORING_ENABLED="" \
+  WAZUH_MONITORING_FREQUENCY="" \
+  WAZUH_MONITORING_SHARDS="" \
+  WAZUH_MONITORING_REPLICAS=""
+
+# Create wazuh-dashboard user and group
+RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
+RUN useradd --system \
+  --uid 1000 \
+  --no-create-home \
+  --home-dir $INSTALL_DIR \
+  --gid $GROUP \
+  --shell /sbin/nologin \
+  --comment "$USER user" \
+  $USER
+
+# Copy and set permissions to scripts
+COPY config/entrypoint.sh /
+COPY config/wazuh_app_config.sh /
+RUN chmod 700 /entrypoint.sh
+RUN chmod 700 /wazuh_app_config.sh
+RUN chown 1000:1000 /*.sh
+
+# Copy Install dir from builder to current image
+COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
+
+# Create custom directory
+RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+
+# Set workdir and user
+WORKDIR $INSTALL_DIR
+USER wazuh-dashboard
+
+# Services ports
+EXPOSE 443
+
+ENTRYPOINT [ "/entrypoint.sh" ]