Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge 4.10.1 into 4.10.2 #473

Merged
merged 5 commits into from
Oct 17, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
name: Integrations maintenance request
about: Used by the Indexer team to maintain third-party software integrations and track the results.
title: Integrations maintenance request
labels: level/task, request/operational, type/maintenance
assignees: ""
---

## Description

The Wazuh Indexer team is responsible for the maintenance of the third-party integrations hosted in the wazuh/wazuh-indexer repository. We must ensure these integrations work under new releases of the third-party software (Splunk, Elastic, Logstash, …) and our own.

For that, we need to:

- [ ] Create a pull request that upgrades the components to the latest version.
- [ ] Update our testing environments to verify the integrations work under new versions.
- [ ] Test the integrations, checking that:
- The Docker Compose project starts without errors.
- The data arrives to the destination.
- All the dashboards can be imported successfully.
- All the dashboards are populated with data.
- [ ] Finally, upgrade the compatibility matrix in integrations/README.md with the new versions.

> [!NOTE]
> * For Logstash, we use the logstash-oss image.
> * For Wazuh Indexer and Wazuh Dashboard, we use the opensearch and opensearch-dashboards images. These must match the opensearch version that we support (e.g: for Wazuh 4.9.0 it is OpenSearch 2.13.0).

## Issues

- _List here the detected issues_
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
### Dependencies

### Changed
- Upgrade third-party integrations to the latest versions ([#447](https://github.com/wazuh/wazuh-indexer/pull/447))

### Deprecated

Expand Down
6 changes: 3 additions & 3 deletions distribution/packages/src/rpm/wazuh-indexer.rpm.spec
Original file line number Diff line number Diff line change
Expand Up @@ -268,11 +268,11 @@ exit 0
%changelog
* Tue Feb 20 2025 support <[email protected]> - 4.10.2
- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-2.html
* Fri Nov 06 2024 support <[email protected]> - 4.10.1
* Tue Jan 28 2025 support <[email protected]> - 4.10.1
- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-1.html
* Mon Sep 23 2024 support <[email protected]> - 4.10.0
* Tue Nov 26 2024 support <[email protected]> - 4.10.0
- More info: https://documentation.wazuh.com/current/release-notes/release-4-10-0.html
* Fri Sep 20 2024 support <[email protected]> - 4.9.1
* Tue Oct 15 2024 support <[email protected]> - 4.9.1
- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-1.html
* Thu Aug 15 2024 support <[email protected]> - 4.9.0
- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html
Expand Down
61 changes: 11 additions & 50 deletions docker/README.md
Original file line number Diff line number Diff line change
@@ -1,55 +1,19 @@
# Indexer development environments
# Docker environments

Install [Docker Desktop][docker-desktop] as per its instructions, available for Windows, Mac
and Linux (Ubuntu, Debian & Fedora).
This ensures that the development experience between Linux, Mac and Windows is as
similar as possible.

> IMPORTANT: be methodic during the installation of Docker Desktop, and proceed
> step by step as described in their documentation. Make sure that your system
> meets the system requirements before installing Docker Desktop, and read any
> post-installation note, specially on Linux: [Differences between
> Docker Desktop for Linux and Docker Engine][docker-variant].
Multipurpose Docker environments to run, test and build `wazuh-indexer`.

## Pre-requisites

1. Assign resources to [Docker Desktop][docker-desktop]. The requirements for the
environments are:
1. Install [Docker][docker] as per its instructions.

1. Your workstation must meet the minimum hardware requirements:

- 8 GB of RAM (minimum)
- 4 cores

The more resources the better ☺

2. Clone the [wazuh-indexer][wi-repo].

3. Set up user permissions

The Docker volumes will be created by the internal Docker user, making them
read-only. To prevent this, a new group named `docker-desktop` and GUID 100999
needs to be created, then added to your user and the source code folder:

```bash
sudo groupadd -g 100999 docker-desktop
sudo useradd -u 100999 -g 100999 -M docker-desktop
sudo chown -R docker-desktop:docker-desktop $WZD_HOME
sudo usermod -aG docker-desktop $USER
```

## Understanding Docker contexts

Before we begin starting Docker containers, we need to understand the
differences between Docker Engine and Docker Desktop, more precisely, that the
use different contexts.

Carefully read these two sections of the Docker documentation:

- [Differences between Docker Desktop for Linux and Docker Engine][docker-variant].
- [Switch between Docker Desktop and Docker Engine][docker-context].

Docker Desktop will change to its context automatically at start, so be sure
that any existing Docker container using the default context is **stopped**
before starting Docker Desktop and any of the environments in this folder.
1. Clone the [wazuh-indexer][wi-repo].

## Development environments

Expand All @@ -61,27 +25,24 @@ Example:
Usage: ./dev.sh {up|down|stop}
```

Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run`
to start the application.
Once the `wi-dev:x.y.z` container is up, attach a shell to it and run `./gradlew run` to start the application.

## Containers to generate packages

Use the `ci/ci.sh` script to start provisioned containers to generate packages.

```bash
Usage: ./ci.sh {up|down|stop} [ci]
Usage: ./ci.sh {up|down|stop}
```

Refer to [scripts/README.md](../scripts/README.md) for details about how to build packages.
Refer to [packaging_scripts/README.md](../packaging_scripts/README.md) for details about how to build packages.

[docker-desktop]: https://docs.docker.com/get-docker
[docker-variant]: https://docs.docker.com/desktop/install/linux-install/#differences-between-docker-desktop-for-linux-and-docker-engine
[docker-context]: https://docs.docker.com/desktop/install/linux-install/#context
[docker]: https://docs.docker.com/engine/install
[wi-repo]: https://github.com/wazuh/wazuh-indexer

## Building Docker images

The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is example of the command needed to build the image. Set the build arguments and the image tag accordingly.
The [prod](./prod) folder contains the code to build Docker images. A tarball of `wazuh-indexer` needs to be located at the same level that the Dockerfile. Below there is an example of the command needed to build the image. Set the build arguments and the image tag accordingly.

```console
docker build --build-arg="VERSION=4.10.2" --build-arg="INDEXER_TAR_NAME=wazuh-indexer-4.10.2-1_linux-x64_cfca84f.tar.gz" --tag=wazuh-indexer:4.10.2 --progress=plain --no-cache .
Expand Down
2 changes: 0 additions & 2 deletions docker/ci/ci.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "3.9"

services:
# Essentially wi-dev, but doesn't expose port 9200
wi-build:
Expand Down
2 changes: 0 additions & 2 deletions docker/dev/dev.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
version: "3.9"

services:
wi-dev:
image: wi-dev:${VERSION}
Expand Down
7 changes: 7 additions & 0 deletions integrations/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,10 @@ We host development environments to support the following integrations:
- [Splunk](./splunk/README.md).
- [Elasticsearch](./elastic/README.md).
- [OpenSearch](./opensearch/README.md).

**Compatibility matrix**

| | Wazuh | Logstash | OpenSearch | Elastic | Splunk |
| -------------- | ----- | -------- | ---------- | ------- | ------ |
| v1.0 | 4.8.1 | 8.9.0 | 2.14.0 | 8.14.3 | 9.1.4 |
| Latest version | 4.9.0 | 8.9.0 | 2.17.1 | 8.15.2 | 9.3.1 |
12 changes: 6 additions & 6 deletions integrations/docker/.env
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,25 @@ KIBANA_PORT=5602
MEM_LIMIT=1073741824

# Wazuh version
WAZUH_VERSION=4.8.1
WAZUH_VERSION=4.9.0

# Wazuh Indexer version (Provisionally using OpenSearch)
WAZUH_INDEXER_VERSION=2.14.0
WAZUH_INDEXER_VERSION=2.13.0

# Wazuh Dashboard version (Provisionally using OpenSearch Dashboards)
WAZUH_DASHBOARD_VERSION=2.14.0
WAZUH_DASHBOARD_VERSION=2.13.0

# Wazuh certs generator version
WAZUH_CERTS_GENERATOR_VERSION=0.0.1

# OpenSearch destination cluster version
OS_VERSION=2.14.0
OS_VERSION=2.17.1

# Logstash version:
LOGSTASH_OSS_VERSION=8.9.0

# Splunk version:
SPLUNK_VERSION=9.1.4
SPLUNK_VERSION=9.3.1

# Version of Elastic products
STACK_VERSION=8.14.3
STACK_VERSION=8.15.2
4 changes: 2 additions & 2 deletions integrations/opensearch/dashboards.ndjson

Large diffs are not rendered by default.

6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-amazon-aws
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-incident-response
Original file line number Diff line number Diff line change
Expand Up @@ -82,11 +82,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-malware-detection
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
8 changes: 2 additions & 6 deletions integrations/splunk/wazuh-pci-dss
Original file line number Diff line number Diff line change
Expand Up @@ -83,11 +83,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down Expand Up @@ -133,4 +129,4 @@
},
"description": "",
"title": "wazuh-pci-dss-v1.0"
}
}
8 changes: 2 additions & 6 deletions integrations/splunk/wazuh-security-events
Original file line number Diff line number Diff line change
Expand Up @@ -203,11 +203,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down Expand Up @@ -293,4 +289,4 @@
},
"description": "",
"title": "wazuh-security-events-v1.0"
}
}
6 changes: 1 addition & 5 deletions integrations/splunk/wazuh-vulnerabilities
Original file line number Diff line number Diff line change
Expand Up @@ -178,11 +178,7 @@
"type": "input.timerange",
"options": {
"token": "global_time",
"defaultValue": "-60m@m,now",
"queryParameters": {
"latest": "$global_time.latest$",
"earliest": "$global_time.earliest$"
}
"defaultValue": "-60m@m,now"
},
"title": "Global Time Range"
}
Expand Down
4 changes: 2 additions & 2 deletions packaging_scripts/provision.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
# Install necessary packages
apt-get update -y && apt-get upgrade -y && apt-get install -y curl build-essential &&
apt-get install -y debmake debhelper-compat &&
apt-get install -y libxrender1 libxtst6 libasound2 libxi6 libgconf-2-4 &&
apt-get install -y libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-dev libxcomposite-dev libxdamage1 libxfixes3 libxfixes-dev libxrandr2 libgbm-dev libxkbcommon-x11-0 libpangocairo-1.0-0 libcairo2 libcairo2-dev libnss3 libnspr4 libnspr4-dev freeglut3 &&
apt-get install -y libxrender1 libxtst6 libxi6 &&
apt-get install -y libatk1.0-0 libatk-bridge2.0-0 libcups2 libdrm2 libatspi2.0-dev libxcomposite-dev libxdamage1 libxfixes3 libxfixes-dev libxrandr2 libgbm-dev libxkbcommon-x11-0 libpangocairo-1.0-0 libcairo2 libcairo2-dev libnss3 libnspr4 libnspr4-dev &&
apt-get clean -y
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
## 2024-09-20 Version 4.9.1-rc1 Release Notes
## 2024-09-27 Version 4.9.1-rc2 Release Notes

## [4.9.1-rc1]
## [4.9.1]
### Added
-

Expand Down