Add Docker setup for Wazuh manager with Filebeat

guidomodarelli · guidomodarelli · commit 00b8e3006ab9 · 2025-05-15T19:01:05.000Z
Introduces Docker configuration and scripts to automate Wazuh manager and Filebeat installation, certificate setup, and service initialization to streamline local development and deployment.
diff --git a/docker/osd-dev/manager/Dockerfile b/docker/osd-dev/manager/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:24.04
+
+ADD --chown=root:root installer.sh /installer/installer.sh
+ADD wazuh-manager.deb /installer/wazuh-manager.deb
+ADD --chown=root:root entrypoint.sh /entrypoint.sh
+
+RUN bash /installer/installer.sh && chmod +x /entrypoint.sh
+
+ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/docker/osd-dev/manager/entrypoint.sh b/docker/osd-dev/manager/entrypoint.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Change permissions to ceritificates
+chmod 500 /etc/filebeat/certs
+chmod 400 /etc/filebeat/certs/*
+chown -R root:root /etc/filebeat/certs
+
+# Start services
+service filebeat start
+/var/ossec/bin/wazuh-control start
+
+tail -f /var/ossec/logs/ossec.log
diff --git a/docker/osd-dev/manager/installer.sh b/docker/osd-dev/manager/installer.sh
@@ -0,0 +1,41 @@
+# Install dependencies
+apt update
+apt install -y curl adduser lsb-release
+
+# Install Wazuh server
+dpkg -i /installer/wazuh-manager.deb
+
+# Configure Wazuh server-Wazuh indexer connection
+echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k username
+echo 'admin' | /var/ossec/bin/wazuh-keystore -f indexer -k password
+
+NODE="wazuh.manager.dev"
+INDEXER_HOST="os1"
+CERTS_PATH="/etc/filebeat/certs"
+WAZUH_VERSION="v4.12.0"
+#mkdir -p /etc/filebeat/certs
+
+sed -i "s|https://0.0.0.0:9200|https://$INDEXER_HOST:9200|g" /var/ossec/etc/ossec.conf
+sed -i "s|/etc/filebeat/certs/root-ca.pem|$CERTS_PATH/ca.pem|g" /var/ossec/etc/ossec.conf
+sed -i "s|/etc/filebeat/certs/filebeat.pem|$CERTS_PATH/$NODE.pem|g" /var/ossec/etc/ossec.conf
+sed -i "s|/etc/filebeat/certs/filebeat-key.pem|$CERTS_PATH/$NODE-key.pem|g" /var/ossec/etc/ossec.conf
+
+# Install Filebeat
+apt install gnupg apt-transport-https -y
+curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
+echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
+apt-get update
+apt-get -y install filebeat
+
+# Configure Filebeat
+curl -so /etc/filebeat/filebeat.yml https://packages.wazuh.com/4.12/tpl/wazuh/filebeat/filebeat.yml
+sed -i "s|127.0.0.1|$INDEXER_HOST|g" /etc/filebeat/filebeat.yml
+sed -i "s|/etc/filebeat/certs/root-ca.pem|$CERTS_PATH/ca.pem|g" /etc/filebeat/filebeat.yml
+sed -i "s|/etc/filebeat/certs/filebeat.pem|$CERTS_PATH/$NODE-key.pem|g" /etc/filebeat/filebeat.yml
+sed -i "s|/etc/filebeat/certs/filebeat-key.pem|$CERTS_PATH/$NODE.pem|g" /etc/filebeat/filebeat.yml
+filebeat keystore create
+echo admin | filebeat keystore add username --stdin --force
+echo admin | filebeat keystore add password --stdin --force
+curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/$WAZUH_VERSION/extensions/elasticsearch/7.x/wazuh-template.json
+chmod go+r /etc/filebeat/wazuh-template.json
+curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
