forked from opensearch-project/OpenSearch
-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Adding /var/run/wazuh-indexer to the list of ignored files (#339) * Fix sysv files (#343) * Change sysv script to reference opensearch script * Correct permissions on sysv script * Updating sysv service file permissions to match 4.8 * Moving logstash dockerfile and associated files to its own folder (#302) * Moving logstash dockerfile and associated files to its own folder * Removing unused context from logstash container in splunk compose * Changing context in manager to splunk integration to newly created logstash folder * Using common logstash container for Security Lake integration * Removing unused dockerfiles * Adding gzip to logstash pipeline * Adding gzip decompression to lambda * Changing aws REGION variable name * Cleanup commented code * Adding environment variables for docker images versions * Adding logstash version to .env * Fixing minor issues in compose files * Removing certs configuration * Format YAML and Readme file from 3rd-party integrations * Remove unused code * Upgrade integrations to the latest Wazuh version * Fic environment variable * Remove unused code and fix ASL documentation --------- Co-authored-by: Álex Ruiz <[email protected]> * Fixing chown command (#347) --------- Co-authored-by: Federico Gustavo Galland <[email protected]>
- Loading branch information
Showing
29 changed files
with
243 additions
and
270 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
external | ||
docker/certs | ||
docker/certs | ||
docker/config |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,46 +1,17 @@ | ||
# MULTI-STAGE build | ||
# docker build --platform linux/amd64 --no-cache -f aws-lambda.dockerfile -t docker-image:test . | ||
# docker run --platform linux/amd64 -p 9000:8080 docker-image:test | ||
|
||
FROM python:3.9 as builder | ||
# Create a virtualenv for dependencies. This isolates these packages from | ||
# system-level packages. | ||
RUN python3 -m venv /env | ||
# Setting these environment variables are the same as running | ||
# source /env/bin/activate. | ||
ENV VIRTUAL_ENV /env | ||
ENV PATH /env/bin:$PATH | ||
# Copy the application's requirements.txt and run pip to install all | ||
# dependencies into the virtualenv. | ||
COPY requirements.txt /app/requirements.txt | ||
RUN pip install -r /app/requirements.txt | ||
# FROM public.ecr.aws/lambda/python:3.9 | ||
FROM amazon/aws-lambda-python:3.12 | ||
|
||
# Copy requirements.txt | ||
COPY requirements.aws.txt ${LAMBDA_TASK_ROOT} | ||
|
||
FROM python:3.9 | ||
ENV LOGSTASH_KEYSTORE_PASS="SecretPassword" | ||
# Add the application source code. | ||
COPY --chown=logstash:logstash ./src /home/app | ||
# Add execution persmissions. | ||
RUN chmod a+x /home/app/lambda_function.py | ||
# Copy the application's dependencies. | ||
COPY --from=builder /env /env | ||
# Install the specified packages | ||
RUN pip install -r requirements.aws.txt | ||
|
||
# Install Logstash | ||
RUN apt-get update && apt-get install -y iputils-ping wget gpg apt-transport-https | ||
RUN wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg && \ | ||
echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-8.x.list && \ | ||
apt-get update && apt install -y logstash | ||
# Install logstash-input-opensearch plugin. | ||
RUN /usr/share/logstash/bin/logstash-plugin install logstash-input-opensearch | ||
# Copy the Logstash's ingestion pipelines. | ||
COPY --chown=logstash:logstash logstash/pipeline /usr/share/logstash/pipeline | ||
# Grant logstash ownership over its files | ||
RUN chown --recursive logstash:logstash /usr/share/logstash /etc/logstash /var/log/logstash /var/lib/logstash | ||
# Copy function code | ||
COPY src ${LAMBDA_TASK_ROOT} | ||
|
||
USER logstash | ||
# Copy and run the setup.sh script to create and configure a keystore for Logstash. | ||
COPY --chown=logstash:logstash logstash/setup.sh /usr/share/logstash/bin/setup.sh | ||
RUN bash /usr/share/logstash/bin/setup.sh | ||
|
||
# Disable ECS compatibility | ||
RUN `echo "pipeline.ecs_compatibility: disabled" >> /etc/logstash/logstash.yml` | ||
|
||
WORKDIR /home/app | ||
# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile) | ||
CMD [ "lambda_function.lambda_handler" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -39,4 +39,4 @@ curl -X POST "http://localhost:9000/2015-03-31/functions/function/invocations" - | |
} | ||
} | ||
] | ||
}' | ||
}' |
34 changes: 0 additions & 34 deletions
34
integrations/amazon-security-lake/logstash/pipeline/indexer-to-file.conf
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.