Working Docker image

fe175304 · Matevz Erzen · Matevz Erzen · e9bb14da · fe175304 · fe175304
Commit fe175304 authored 3 years ago by Matevz Erzen Committed by Matevz Erzen 3 years ago
--- a/.dockerignore
+++ b/.dockerignore
+__pycache__/
+*.pyc
+*$py.class
+.idea/
+dump.rdb
\ No newline at end of file
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,6 +9,6 @@ RUN pip3 install -r requirements.txt

 COPY . .

-RUN apt-get update && apt-get install -y redis-server
+RUN apt-get update && apt-get install -y redis-server jq

-ENTRYPOINT ["entrypoint.sh"]
\ No newline at end of file
+ENTRYPOINT ["./entrypoint.sh"]
\ No newline at end of file
--- a/README.md
+++ b/README.md
@@ -40,9 +40,11 @@ docker run evidence-collector

 ```
 pip install -r requirements.txt
+
+sudo apt-get install jq
 ```

-4. Install Redis server (or run it in a separate Docker container - in this case remove server start command from `entrypoint.sh`):
+4. a) Install Redis server locally:

 ```
 sudo apt-get install redis-server
@@ -50,7 +52,19 @@ sudo apt-get install redis-server

 > Note: To stop Redis server use `/etc/init.d/redis-server stop`.

-5. Run `entrypoint.sh`"
+4. b) Run Redis server in Docker container:
+
+```
+docker run --name my-redis-server -p 6379:6379 -d redis
+```
+
+In this case also comment-out server start command in `entrypoint.sh`:
+
+```
+#redis-server &
+```
+
+5. Run `entrypoint.sh`:

 ```
 ./entrypoint.sh
@@ -58,6 +72,8 @@ sudo apt-get install redis-server

 > Note: This repository consists of multiple Python modules. When running Python code manually, use of `-m` flag might be necessary.

+## Component configuration 
+
 ### API User authentication

 Current implementation has disabled SSL certificate verification & uses simple username/password verification (defined inside `/constants/constants.py`). Production version should change this with cert verification.

--- a/constants.json
+++ b/constants.json
+{
+    "wazuh": {
+        "ip": "192.168.33.10",
+        "port": 55000,
+        "username": "wazuh-wui",
+        "password": "wazuh-wui"
+    },
+    "elastic": {
+        "ip": "192.168.33.10",
+        "port": 9200,
+        "username": "admin",
+        "password": "changeme"
+    },
+    "redis": {
+        "ip": "localhost",
+        "port": 6379,
+        "queue": "low"
+    }
+}
\ No newline at end of file
--- a/constants/constants.py
+++ b/constants/constants.py
-WAZUH_IP = '192.168.33.10'
-WAZUH_API_PORT = 55000
-WAZUH_USERNAME = 'wazuh-wui'
-WAZUH_PASSWORD = 'wazuh-wui'
-
-ELASTIC_IP = '192.168.33.10'
-ELASTIC_API_PORT = 9200
-ELASTIC_USERNAME = 'admin'
-ELASTIC_PASSWORD = 'changeme'
-
-REDIS_IP = 'localhost'
-REDIS_PORT = '6379'
-REDIS_QUEUE_NAME = 'low'
\ No newline at end of file
--- a/entrypoint.sh
+++ b/entrypoint.sh
 #!/bin/bash

-redis-server &
+redis_ip=$(cat constants.json | jq -r '.redis.ip')
+redis_port=$(cat constants.json | jq -r '.redis.port')
+redis_queue=$(cat constants.json | jq -r '.redis.queue')

-rqworker low &
+redis-server --port $redis_port &

-rqscheduler &
+rqworker $redis_queue &

-python3 -m scheduler.scheduler &
\ No newline at end of file
+rqscheduler --host $redis_ip --port $redis_port &
+
+python3 -m scheduler.scheduler
+
+tail -f /dev/null
\ No newline at end of file
--- a/forward_evidence/forward_evidence.py
+++ b/forward_evidence/forward_evidence.py
+from evidence import evidence_pb2, evidence
+
+def create_grpc_message(ev):
+    ev_grpc = evidence_pb2.Evidence()
+
+    ev_grpc.id = ev.id
+    ev_grpc.timestamp = ev.timestamp
+    ev_grpc.resource_id = ev.resource_id
+    ev_grpc.service_id = ev.tool
+    ev_grpc.resource = ev.resource_type
+    ev_grpc.applicable_metrics = ev.measurement_result
+    ev_grpc.raw = ev.raw
+
--- a/proto/evidence.proto
+++ b/proto/evidence.proto
@@ -5,8 +5,8 @@ import "google/protobuf/timestamp.proto";

 option go_package = "evidence";

-// TODO
-// Coppied from https://github.com/clouditor/clouditor/blob/main/proto/evidence.proto
+// TODO: Addapt to the final Evidence structure..
+// Copied from https://github.com/clouditor/clouditor/blob/main/proto/evidence.proto
 message Evidence {
  string id = 1;


--- a/scheduler/scheduler.py
+++ b/scheduler/scheduler.py
+import json
 from redis import Redis
 from rq import Queue
 from rq_scheduler import Scheduler
-from constants import constants
 from wazuh_evidence_collector import wazuh_evidence_collector

+f = open('constants.json',)
+constants = json.load(f)
+f.close()
+
 def remove_jobs(scheduler):
    jobs = scheduler.get_jobs()
    for job in jobs:
@@ -14,20 +18,21 @@ def print_jobs(scheduler):
    for job in jobs:
        print(job)

-redis = Redis(constants.REDIS_IP, constants.REDIS_PORT)
-q = Queue(constants.REDIS_QUEUE_NAME, connection=redis)
+redis = Redis(constants['redis']['ip'], constants['redis']['port'])
+q = Queue(constants['redis']['queue'], connection=redis)
 scheduler = Scheduler(connection=redis)

 # TODO: Remove if needed
 remove_jobs(scheduler)

 # TODO: Change cron expression and repeat value for production verion.
+# Should probably be "0 0 * * * ".
 scheduler.cron(
    '* * * * * ',               
    func=wazuh_evidence_collector.run_full_check,                 
    args=[],
    repeat=10,
-    queue_name='low',
+    queue_name=constants['redis']['queue'],
    use_local_timezone=False
 )


--- a/wazuh_evidence_collector/wazuh_evidence_collector.py
+++ b/wazuh_evidence_collector/wazuh_evidence_collector.py
+import json
 from wazuh_evidence_collector.wazuh_client import WazuhClient
 from elasticsearch import Elasticsearch
 from elasticsearch_dsl import Search
@@ -5,15 +6,19 @@ from evidence.evidence import Evidence, simple_evidence
 from random import randint
 from sys import maxsize
 from datetime import datetime
-from constants.constants import *
 import pprint

-wc = WazuhClient(WAZUH_IP, WAZUH_API_PORT, WAZUH_USERNAME, WAZUH_PASSWORD)
+f = open('constants.json',)
+constants = json.load(f)
+f.close()
+
+wc = WazuhClient(constants['wazuh']['ip'], constants['wazuh']['port'], constants['wazuh']['username'], constants['wazuh']['password'])
+
 es = Elasticsearch(
-        ELASTIC_IP,
-        http_auth=(ELASTIC_USERNAME, ELASTIC_PASSWORD),
+        constants['elastic']['ip'],
+        http_auth=(constants['elastic']['username'], constants['elastic']['password']),
        scheme='https',
-        port=ELASTIC_API_PORT,
+        port=constants['elastic']['port'],
        use_ssl=False,
        verify_certs=False,
        ssl_show_warn=False,
@@ -53,8 +58,7 @@ def run_full_check():

    # TODO: : Remove for production. This is only output for easier local testing.
    for evidence in agent_evidences:
-        pprint.pprint(evidence.toJson())
-
+        pprint.pprint(evidence.__dict__)
    
    return agent_evidences