change filebeat version to 0.4

wazuh · Dec 20, 2023 · e8527c3 · e8527c3
1 parent 52e8096
commit e8527c3
Show file tree

Hide file tree

Showing 9 changed files with 276 additions and 285 deletions.
diff --git a/.github/workflows/wazuh-build-push-docker-action.yml b/.github/workflows/wazuh-build-push-docker-action.yml
@@ -55,63 +55,63 @@ jobs:
     name: Run build and push manager image
     runs-on: ubuntu-latest
     steps:
-     - name: Step 01 - Download wazuh-kibana-app
-       uses: actions/checkout@v2
-       with:
+      - name: Step 01 - Download wazuh-kibana-app
+        uses: actions/checkout@v2
+        with:
           path: wazuh-kibana-app
-     - name: Step 02 - Login to quay.io
-       run: |
-        docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
-     - name: Step 03 - Build image
-       run: |
-        cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_manager_filebeat_sources_cmake
-        docker build -t quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} \
-        --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \
-        --build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \
-        --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \
-        --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz .
-     - name: Step 04 - Push image to quay.io
-       run: |
-        docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }}
+      - name: Step 02 - Login to quay.io
+        run: |
+          docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+      - name: Step 03 - Build image
+        run: |
+          cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_manager_filebeat_sources_cmake
+          docker build -t quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} \
+          --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \
+          --build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \
+          --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \
+          --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz .
+      - name: Step 04 - Push image to quay.io
+        run: |
+          docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }}
 
   job-build-agent-image:
     if: ${{ github.event.inputs.build-agent-image == 'true' }}
     name: Run build and push agent image
     runs-on: ubuntu-latest
     steps:
-     - name: Step 01 - Download wazuh-kibana-app
-       uses: actions/checkout@v2
-       with:
+      - name: Step 01 - Download wazuh-kibana-app
+        uses: actions/checkout@v2
+        with:
           path: wazuh-kibana-app
-     - name: Step 02 - Login to quay.io
-       run: |
-        docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
-     - name: Step 03 - Build image
-       run: |
-        cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_agent_ubuntu_sources_cmake
-        docker build -t quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} \
-        --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-agent-version }} .
-     - name: Step 04 - Push image to quay.io
-       run: |
-        docker push quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }}
+      - name: Step 02 - Login to quay.io
+        run: |
+          docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+      - name: Step 03 - Build image
+        run: |
+          cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_agent_ubuntu_sources_cmake
+          docker build -t quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} \
+          --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-agent-version }} .
+      - name: Step 04 - Push image to quay.io
+        run: |
+          docker push quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }}
 
   job-build-cypress-image:
     if: ${{ github.event.inputs.build-cypress-image == 'true' }}
     name: Run build and push cypress image
     runs-on: ubuntu-latest
     steps:
-     - name: Step 01 - Download wazuh-kibana-app
-       uses: actions/checkout@v2
-       with:
+      - name: Step 01 - Download wazuh-kibana-app
+        uses: actions/checkout@v2
+        with:
           path: wazuh-kibana-app
-     - name: Step 02 - Login to quay.io
-       run: |
-        docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
-     - name: Step 03 - Build image
-       run: |
-        cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/ubuntu-cypress
-        docker build -t quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} \
-        --build-arg UBUNTU_CYPRESS_BRANCH=${{ github.event.inputs.ubuntu-cypress-branch }} .
-     - name: Step 04 - Push image to quay.io
-       run: |
-        docker push quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }}
+      - name: Step 02 - Login to quay.io
+        run: |
+          docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+      - name: Step 03 - Build image
+        run: |
+          cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/ubuntu-cypress
+          docker build -t quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} \
+          --build-arg UBUNTU_CYPRESS_BRANCH=${{ github.event.inputs.ubuntu-cypress-branch }} .
+      - name: Step 04 - Push image to quay.io
+        run: |
+          docker push quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }}
diff --git a/docker/kbn-dev/dev.yml b/docker/kbn-dev/dev.yml
@@ -1,16 +1,16 @@
-version: "2.2"
+version: '2.2'
 
 x-logging: &logging
   logging:
     driver: loki
     options:
-      loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+      loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
 
 services:
   exporter:
     image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
     <<: *logging
-    hostname: "exporter-kbn-${ES_VERSION}"
+    hostname: 'exporter-kbn-${ES_VERSION}'
     networks:
       - es-dev
       - mon
@@ -21,7 +21,7 @@ services:
 
   imposter:
     image: outofcoffee/imposter
-    hostname: "imposter-kbn-${ES_VERSION}"
+    hostname: 'imposter-kbn-${ES_VERSION}'
     networks:
       - es-dev
       - mon
@@ -32,15 +32,15 @@ services:
     volumes:
       - ../imposter:/opt/imposter/config
     ports:
-       - ${IMPOSTER_PORT}:8080
+      - ${IMPOSTER_PORT}:8080
 
   filebeat:
     depends_on:
       es01:
         condition: service_healthy
     image: elastic/filebeat:7.10.2
     hostname: filebeat
-    user: "0:0"
+    user: '0:0'
     networks:
       - es-dev
       - mon
@@ -54,7 +54,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -69,7 +69,7 @@ services:
 
   setup:
     hostname: setup
-    user: "0"
+    user: '0'
     image: docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION}
     volumes:
       - certs:/usr/share/elasticsearch/config/certs
@@ -120,7 +120,7 @@ services:
         echo "All done!";
       '
     healthcheck:
-      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
+      test: ['CMD-SHELL', '[ -f config/certs/es01/es01.crt ]']
       interval: 1s
       timeout: 5s
       retries: 120
@@ -140,7 +140,7 @@ services:
       - certs:/usr/share/elasticsearch/config/certs
       - esdata01:/usr/share/elasticsearch/data
     environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - 'ES_JAVA_OPTS=-Xms512m -Xmx512m'
       - node.name=es01
       - discovery.type=single-node
       - discovery.seed_hosts=es01
@@ -166,7 +166,7 @@ services:
     healthcheck:
       test:
         [
-          "CMD-SHELL",
+          'CMD-SHELL',
           "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
         ]
       interval: 10s
@@ -186,7 +186,7 @@ services:
       - mon
     <<: *logging
     volumes:
-      - "${SRC}:/home/node/kbn/plugins/wazuh"
+      - '${SRC}:/home/node/kbn/plugins/wazuh'
       - certs:/home/node/kbn/config/certs
       - kibana_cache:/home/node/.cache
       - ./config/kibana/kibana.yml:/home/node/kbn/config/kibana.yml
@@ -198,7 +198,7 @@ services:
       # Kibana configuration is in the mounted config file, as the entrypoint
       # does not generate the config file from the envirtonment
       - LOGS=/proc/1/fd/1
-    entrypoint: ["tail", "-f", "/dev/null"]
+    entrypoint: ['tail', '-f', '/dev/null']
     healthcheck:
       test: sh /home/node/setup_permissions.sh es01
       interval: 5s

diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml
@@ -193,7 +193,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo ${PASSWORD}| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml

diff --git a/docker/wazuh-4.2-es/pre.yml b/docker/wazuh-4.2-es/pre.yml
@@ -1,16 +1,16 @@
-version: "2.2"
+version: '2.2'
 
 x-logging: &logging
   logging:
     driver: loki
     options:
-      loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+      loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
 
 services:
   exporter:
     image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
     <<: *logging
-    hostname: "exporter-kbn-${ES_VERSION}"
+    hostname: 'exporter-kbn-${ES_VERSION}'
     networks:
       - es-pre
       - mon
@@ -21,7 +21,7 @@ services:
 
   imposter:
     image: outofcoffee/imposter
-    hostname: "imposter-kbn-${ES_VERSION}"
+    hostname: 'imposter-kbn-${ES_VERSION}'
     networks:
       - es-pre
       - mon
@@ -38,7 +38,7 @@ services:
         condition: service_healthy
     image: elastic/filebeat:7.10.2
     hostname: filebeat
-    user: "0:0"
+    user: '0:0'
     networks:
       - es-pre
     <<: *logging
@@ -51,7 +51,7 @@ services:
         echo admin | filebeat keystore add username --stdin --force
         echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
         curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json
-        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+        curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
         # copy filebeat to preserve correct permissions without
         # affecting host filesystem
         cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -72,7 +72,7 @@ services:
       - certs:/usr/share/elasticsearch/config/certs
       - ./config/wazuh_indexer_ssl_certs/:/tmp/certs
       - ./config/setup_permissions.sh:/tmp/setup_permissions.sh
-    user: "0"
+    user: '0'
     command: >
       bash -c '
         if [ x${ELASTIC_PASSWORD} == x ]; then
@@ -134,7 +134,7 @@ services:
         echo "All done!";
       '
     healthcheck:
-      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
+      test: ['CMD-SHELL', '[ -f config/certs/es01/es01.crt ]']
       interval: 1s
       timeout: 5s
       retries: 120
@@ -152,7 +152,7 @@ services:
       - certs:/usr/share/elasticsearch/config/certs
       - esdata01:/usr/share/elasticsearch/data
     environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+      - 'ES_JAVA_OPTS=-Xms512m -Xmx512m'
       - node.name=es01
       - cluster.name=${CLUSTER_NAME}
       # - cluster.initial_master_nodes=es01,es02,es03
@@ -180,7 +180,7 @@ services:
     healthcheck:
       test:
         [
-          "CMD-SHELL",
+          'CMD-SHELL',
           "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
         ]
       interval: 10s
@@ -303,7 +303,7 @@ services:
     healthcheck:
       test:
         [
-          "CMD-SHELL",
+          'CMD-SHELL',
           "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
         ]
       interval: 10s
@@ -312,7 +312,7 @@ services:
 
 networks:
   es-pre:
-    name: "es-pre-${ES_VERSION}"
+    name: 'es-pre-${ES_VERSION}'
     driver: bridge
   mon:
     external: true