Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scripts for building the Filebeat module for Wazuh #2142

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Scripts for building the Filebeat module for Wazuh #2142

wants to merge 3 commits into from

Conversation

c-bordon
Copy link
Member

Related issue
closes #1563

Description

The necessary changes are made in order to build on-demand Filebeat modules for Wazuh.

Logs example

cbordon@cbordon-MS-7C88:~/Documents/wazuh/repositorios/wazuh-packages/filebeat$ ./build-filebeat-module.sh -s /tmp -w 4.4
Sending build context to Docker daemon  4.608kB
Step 1/11 : FROM rockylinux:8.5
 ---> 210996f98b85
Step 2/11 : RUN yum clean all && yum update -y
 ---> Using cache
 ---> c4304fa5da18
Step 3/11 : RUN yum install -y     curl     tar     git     make     autoconf     automake     python3-devel     python3-pip     gcc
 ---> Using cache
 ---> 7f9335a7342e
Step 4/11 : RUN curl -so go.tar.gz "https://dl.google.com/go/go1.17.10.linux-amd64.tar.gz" > /dev/null 2>&1 &&     tar -xzf go.tar.gz > /dev/null 2>&1 &&     mv go /var/ &&     rm -f go.tar.gz > /dev/null 2>&1
 ---> Using cache
 ---> 103c3277bfc3
Step 5/11 : ENV GOROOT "/var/go"
 ---> Using cache
 ---> 38d7fb433049
Step 6/11 : ENV GOPATH "/var"
 ---> Using cache
 ---> efd54c5c4334
Step 7/11 : ENV PATH "$GOPATH/bin:$GOROOT/bin:$PATH"
 ---> Using cache
 ---> edb2316659b3
Step 8/11 : RUN git clone https://github.com/magefile/mage &&     cd mage &&     go run bootstrap.go
 ---> Using cache
 ---> 15064de58c73
Step 9/11 : ADD build.sh /usr/local/bin/builder
 ---> Using cache
 ---> c0acab727570
Step 10/11 : RUN chmod +x /usr/local/bin/builder
 ---> Using cache
 ---> 8486acbd9dc8
Step 11/11 : ENTRYPOINT ["/usr/local/bin/builder"]
 ---> Using cache
 ---> c18beabb237d
Successfully built c18beabb237d
Successfully tagged filebeat_module_builder:latest
go build -ldflags "-X github.com/elastic/beats/libbeat/version.buildTime=2023-03-27T15:19:18Z -X github.com/elastic/beats/libbeat/version.commit=aacf9ecd9c494aa0908f61fbca82c906b16562a8"
Installing mage v1.10.0.
go get: installing executables with 'go get' in module mode is deprecated.
        To adjust and download dependencies of the current module, use 'go get -d'.
        To install using requirements of the current module, use 'go install'.
        To install ignoring the current module, use 'go install' with a version,
        like 'go install example.com/cmd@latest'.
        For more information, see https://golang.org/doc/go-get-install-deprecation
        or run 'go help get' or 'go help install'.
/root/.magefile cleaned
mage generate:module
mage update
No fields files for module apache2
Generated fields.yml for filebeat to /tmp/beats/filebeat/fields.yml
Generated fields.yml for filebeat to /tmp/beats/filebeat/fields.yml
>> Building filebeat.yml for linux/amd64
>> Building filebeat.reference.yml for linux/amd64
>> Building filebeat.docker.yml for linux/amd64
exec: go list -m
Generated fields.yml for filebeat to /tmp/beats/filebeat/build/fields/fields.all.yml
You are using pip version 21.3.1, however version 23.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Filebeat module file wazuh-filebeat-4.4.0.tar.gz added to /tmp.

Tests

https://ci.wazuh.info/job/Packages_builder_cbordon/11/console

  • Build the package in any supported platform
    • Linux
    • Windows
    • macOS
    • Solaris
    • AIX
    • HP-UX
  • Package installation
  • Package upgrade
  • Package downgrade
  • Package remove
  • Package install/remove/install
  • Change added to CHANGELOG.md
  • Tests for Linux RPM
    • Build the package for x86_64
    • Build the package for i386
    • Build the package for armhf
    • Build the package for aarch64
    • %files section is correctly updated if necessary
  • Tests for Linux deb
    • Build the package for x86_64
    • Build the package for i386
    • Build the package for armhf
    • Build the package for aarch64
    • Package install/remove/install
    • Package install/purge/install
    • Check file permissions after installing the package
  • Tests for macOS
    • Test the package from macOS Sierra to Mojave
  • Tests for Solaris
    • Test the package on Solaris 10
    • Test the package on Solaris 11
    • Check file permissions on Solaris 11 template
  • Tests for IBM AIX
    • %files section is correctly updated if necessary
    • Check the changes from IBM AIX 5 to 7

@c-bordon c-bordon self-assigned this Mar 27, 2023
@c-bordon c-bordon linked an issue Mar 27, 2023 that may be closed by this pull request
Update filebeat module for 4.x installations #1563
Closed
davidcr01
davidcr01 approved these changes Mar 28, 2023
View reviewed changes
Copy link
Contributor

@davidcr01 davidcr01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GJ!

DFolchA
DFolchA suggested changes Mar 30, 2023
View reviewed changes
filebeat/build-filebeat-module.sh
echo -e " [Optional] Set the destination path of package. By default, an output folder will be created."
echo -e ""
echo -e " -w, --wazuh-branch <branch>"
echo -e " Enter the branch or tag of the Wazuh repository from which you want to build the module."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to add an option to set the version of the module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DFolchA DFolchA DFolchA requested changes

@davidcr01 davidcr01 davidcr01 approved these changes

Assignees

@c-bordon c-bordon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update filebeat module for 4.x installations
3 participants
@c-bordon @DFolchA @davidcr01