init

.dockerignore

@@ -0,0 +1,30 @@
+.idea/
+__pycache__/
+*.py[cod]
+*$py.class
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+Makefile
+Dockerfile
+README.md
+docker-compose.yaml
+entrypoint.sh
+test.py
+register_agent.py__
+wazuh-daemonset.yaml

.flake8

@@ -0,0 +1,28 @@
+[flake8]
+jobs = auto
+verbose = 1
+quiet = 0
+tee = True
+exclude =
+    # git folder
+    .git,
+    # python cache
+    __pycache__,
+    test,
+    eggs
+filename =
+    *.py
+
+disable-noqa = False
+
+max-line-length = 120
+max-complexity = 10
+ignore =
+    F401
+    C901
+    W504
+    W503
+    F841
+    F811
+    F524
+    E501

.gitignore

@@ -0,0 +1,12 @@
+.idea/
+__pycache__/
+build/
+.DS_Store
+.env
+venv/
+main.py
+*.json
+src/
+register_agent.py__
+test.py
+docker-compose.yaml

.pep8

@@ -0,0 +1,2 @@
+[pep8]
+exclude = .git,__pycache__,*/migrations/*,node_modules/*

.pre-commit-config.yaml

@@ -0,0 +1,69 @@
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.3.0
+    hooks:
+    -   id: check-yaml
+    -   id: end-of-file-fixer
+    -   id: trailing-whitespace
+    -   id: check-docstring-first
+    -   id: check-merge-conflict
+    -   id: mixed-line-ending
+        args: [--fix=lf]
+- repo: https://github.com/ambv/black
+  rev: stable
+  hooks:
+    - id: black
+- repo: https://github.com/ambv/black
+  rev: stable
+  hooks:
+  - id: black
+    language_version: python3.8
+- repo: https://github.com/motet-a/jinjalint
+  rev: ''
+  hooks:
+  - id: jinjalint
+- repo: https://github.com/pre-commit/pygrep-hooks
+  rev: v1.7.1  # Use the ref you want to point at
+  hooks:
+  - id: python-use-type-annotations
+  - id: python-check-blanket-noqa
+  - id: python-no-eval
+  - id: python-check-mock-methods
+  - id: rst-backticks
+  - id: text-unicode-replacement-char
+- repo: https://github.com/jumanjihouse/pre-commit-hooks
+  rev: master  # or specific git tag
+  hooks:
+    - id: bundler-audit
+    - id: check-mailmap
+    - id: fasterer
+    - id: forbid-binary
+    - id: git-check
+    - id: markdownlint
+    - id: reek
+    - id: require-ascii
+    - id: rubocop
+    - id: script-must-have-extension
+    - id: script-must-not-have-extension
+    - id: shellcheck
+    - id: shfmt
+- repo: https://github.com/jorisroovers/gitlint
+  rev: 'v0.15.0'
+  hooks:
+  - id: gitlint
+- repo: local
+  hooks:
+  - id: flake8
+    name: flake8
+    stages: [commit]
+    language: system
+    entry: flake8
+    types: [python]
+- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
+  rev: v1.2.1
+  hooks:
+  - id: python-safety-dependencies-check
+- repo: https://github.com/PyCQA/bandit
+  rev: '1.7.0'
+  hooks:
+  - id: bandit

Dockerfile

@@ -0,0 +1,36 @@
+FROM  bitnami/minideb:latest
+LABEL maintainer="[email protected]"
+LABEL version="4.0.4"
+LABEL description="Wazuh Docker Agent"
+ENV JOIN_MANAGER_MASTER_HOST=""
+ENV JOIN_MANAGER_WORKER_HOST=""
+ENV VIRUS_TOTAL_KEY=""
+ENV JOIN_MANAGER_PROTOCOL="https"
+ENV JOIN_MANAGER_USER = ""
+ENV JOIN_MANAGER_PASSWORD=""
+ENV JOIN_MANAGER_API_PORT="55000"
+ENV HEALTH_CHECK_PROCESSES=""
+ENV FLASK_APP="register_agent.py"
+ENV FLASK_ENV="development"
+ENV FLASK_DEBUG=0
+ENV FLASK_BIND=0.0.0.0
+RUN install_packages \
+  procps curl apt-transport-https gnupg2 inotify-tools python-docker python3-pip python3-setuptools python3-dev gcc && \
+  curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - && \
+  echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list && \
+  install_packages wazuh-agent && \
+  echo "deb http://security.debian.org/debian-security stretch/updates main" >> /etc/apt/sources.list && \
+  mkdir -p /usr/share/man/man1 && \
+  install_packages openjdk-8-jdk
+COPY . /var/ossec/
+WORKDIR /var/ossec/
+RUN pip3 --no-cache-dir install -r /var/ossec/requirements.txt && \
+  rm -rf /var/ossec/requirements.txt && \
+  chmod +x /var/ossec/register_agent.py && \
+  apt-get remove --purge -y python3-dev gcc && \
+  apt-get clean autoclean && \
+  apt-get autoremove -y && \
+  rm -rf /var/lib/{apt,dpkg,cache,log}/ && \
+  rm -rf  /tmp/* /var/tmp/* /var/log/*
+EXPOSE 5000
+ENTRYPOINT ["./register_agent.py"]

Makefile

@@ -0,0 +1,14 @@
+VERSION ?= v4.0.4
+
+all: docker
+
+docker:
+	docker build -t kennyopennix/wazuh-agent:latest .  && \
+	docker build -t kennyopennix/wazuh-agent:$(VERSION) .
+
+docker-run:
+	docker run kennyopennix/wazuh-agent:$(VERSION)
+
+docker-push:
+	docker push kennyopennix/wazuh-agent:latest && \
+	docker push kennyopennix/wazuh-agent:$(VERSION)

README.md

@@ -0,0 +1,109 @@
+
+# docker-wazuh-agent
+
+Wazuh is a free, open source and enterprise-ready security monitoring
+solution for threat detection, integrity monitoring, incident response and compliance.
+
+## Description
+
+Wazuh Agent as Docker Image with auto registration on Wazuh server.
+
+As well as local docker You can deploy the image to Kubernetes as DaemonSet.
+
+Current agent version is `4.0.4`
+
+## Environments
+
+`JOIN_MANAGER_PROTOCOL` - http or https, default `https`
+
+`JOIN_MANAGER_MASTER_HOST` - Ip address or Domain name of Wazuh server
+
+`JOIN_MANAGER_WORKER_HOST` - Ip address or Domain name of Wazuh worker
+
+`JOIN_MANAGER_USER` - Username for authorization on Wazuh server
+
+`JOIN_MANAGER_PASSWORD` - Password for authorization
+
+`JOIN_MANAGER_API_PORT` - Wazuh server api port, default `55000`
+
+`JOIN_MANAGER_PORT` - Wazuh server port for communication between agent and server,
+defaul `1514`
+
+`NODE_NAME` - Node name if not present image will use `HOSTNAME` system variable
+
+`HEALTH_CHECK_PROCESSES` - process list for health checks determinate by comma
+
+`VIRUS_TOTAL_KEY` - Api key for VirusTotal integration
+
+`FLASK_DEBUG` - Switch on Flask debug, default `0`
+
+## Run as docker image
+
+The Simplest way of running the container
+
+```shell
+docker run --rm kennyopennix/wazuh-agent:latest
+```
+
+Advanced usage
+
+```bash
+docker run -d --name wazuh -v /:/rootfs:ro --net host --hostname ${HOSTNAME} \
+-e JOIN_MANAGER_MASTER_HOST=172.17.0.1 -e JOIN_MANAGER_WORKER_HOST=172.17.0.1 \
+-e JOIN_PASSWORD=test123 -e JOIN_MANAGER_USER=user \
+-v /etc/os-release:/etc/os-release -v /var/run/docker.sock:/var/run/docker.sock \
+ kennyopennix/wazuh-agent:latest
+
+```
+
+## Run as Kubernetes DaemonSet
+
+Setup environments in `wazuh-daemon-sets.yaml` like above.
+
+Example:
+
+```yaml
+env:
+    - name: JOIN_MANAGER
+      value: "wazuh.wazuh.svc.cluster.local"
+    - name: JOIN_MANAGER_MASTER_HOST
+      value: "wazuh.wazuh.svc.cluster.local"
+    - name: JOIN_MANAGER_WORKER_HOST
+      value: "wazuh-workers.wazuh.svc.cluster.local"
+    - name: JOIN_MANAGER_PROTOCOL
+      value: "https"
+    - name: NODE_NAME
+      valueFrom:
+        fieldRef:
+          fieldPath: spec.nodeName
+    - name: WAZUH_GROUPS
+      value: default
+    - name: JOIN_PASSWORD
+      value: password
+    - name: JOIN_MANAGER_USER
+      valueFrom:
+       secretKeyRef:
+         name: wazuh-api-cred
+         key: username
+    - name: JOIN_MANAGER_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: wazuh-api-cred
+          key: password
+    - name: JOIN_MANAGER_API_PORT
+      value: "55000"
+    - name: JOIN_MANAGER_PORT
+      value: "1514"
+    - name: HEALTH_CHECK_PROCESSES
+      value: "ossec-execd,ossec-syscheckd,ossec-logcollector,wazuh-modulesd,ossec-authd"
+
+```
+
+And apply template ```kubectl -f wazuh-daemon-sets.yaml```
+DaemonSet will deploy to wazuh namespace.
+
+## Build docker image
+
+```bash
+docker build . -t wazuh-agent:latest
+```

local_internal_options.jinja2

@@ -0,0 +1 @@
+wazuh_command.remote_commands=1