From 8dfdf5326e9f78b10db8306e152548e59d06f3de Mon Sep 17 00:00:00 2001 From: defensivedepth Date: Mon, 16 Oct 2023 13:22:39 -0400 Subject: [PATCH 1/3] Remove unsupported integrations --- so-elastic-fleet-package-registry/Dockerfile | 6 ++- .../scripts/supported-integrations.sh | 10 ++++ .../scripts/supported-integrations.txt | 50 +++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 so-elastic-fleet-package-registry/scripts/supported-integrations.sh create mode 100644 so-elastic-fleet-package-registry/scripts/supported-integrations.txt diff --git a/so-elastic-fleet-package-registry/Dockerfile b/so-elastic-fleet-package-registry/Dockerfile index a93c82a0..4447faee 100644 --- a/so-elastic-fleet-package-registry/Dockerfile +++ b/so-elastic-fleet-package-registry/Dockerfile @@ -12,10 +12,14 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -ARG VERSION +ARG VERSION=8.8.2 FROM docker.elastic.co/package-registry/distribution:$VERSION as original_image +COPY scripts /scripts + +RUN chmod +x /scripts/supported-integrations.sh && bash /scripts/supported-integrations.sh + # Cleanup unneeded packages, keeping the two most recent versons of each one # Except for endpoint packages, keep all versions RUN cd /packages/package-storage/ \ diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.sh b/so-elastic-fleet-package-registry/scripts/supported-integrations.sh new file mode 100644 index 00000000..56d3faae --- /dev/null +++ b/so-elastic-fleet-package-registry/scripts/supported-integrations.sh @@ -0,0 +1,10 @@ +#/bin/bash + +cd /packages/package-storage/ +for file in * +do + PATTERN=$(echo $file | cut -d "-" -f 1)- + [[ ! $(grep -x "$PATTERN" /scripts/supported-integrations.txt) ]] && rm "$file" && echo "Deleted: $file..." +done + +exit 0 \ No newline at end of file diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.txt b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt new file mode 100644 index 00000000..544d8ff6 --- /dev/null +++ b/so-elastic-fleet-package-registry/scripts/supported-integrations.txt @@ -0,0 +1,50 @@ +apache- +auditd- +aws- +azure- +barracuda- +cisco_asa- +cloudflare- +crowdstrike- +darktrace- +elasticsearch- +endpoint- +f5_bigip- +fleet_server- +fim- +fortinet- +fortinet_fortigate- +gcp- +github- +google_workspace- +http_endpoint- +httpjson- +juniper- +juniper_srx- +kafka_log- +lastpass- +log- +m365_defender- +microsoft_defender_endpoint- +microsoft_dhcp- +netflow- +o365- +okta- +osquery_manager- +panw- +pfsense- +redis- +sentinel_one- +sonicwall_firewall- +symantec_endpoint- +system- +tcp- +ti_abusech- +ti_misp- +ti_otx- +ti_recordedfuture- +udp- +windows- +zscaler_zia- +zscaler_zpa- +1password- \ No newline at end of file From f97ca608b8fe22ab3ebf03f24aa36f1f95e845b2 Mon Sep 17 00:00:00 2001 From: defensivedepth Date: Tue, 17 Oct 2023 15:09:35 -0400 Subject: [PATCH 2/3] Cleanup --- so-elastic-fleet-package-registry/Dockerfile | 6 +++--- .../scripts/supported-integrations.sh | 10 +++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/so-elastic-fleet-package-registry/Dockerfile b/so-elastic-fleet-package-registry/Dockerfile index 4447faee..7a873906 100644 --- a/so-elastic-fleet-package-registry/Dockerfile +++ b/so-elastic-fleet-package-registry/Dockerfile @@ -12,13 +12,13 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -ARG VERSION=8.8.2 +ARG VERSION FROM docker.elastic.co/package-registry/distribution:$VERSION as original_image +# Remove unsupported packages COPY scripts /scripts - -RUN chmod +x /scripts/supported-integrations.sh && bash /scripts/supported-integrations.sh +RUN chmod +x /scripts/supported-integrations.sh && bash /scripts/supported-integrations.sh && rm -rf /scripts # Cleanup unneeded packages, keeping the two most recent versons of each one # Except for endpoint packages, keep all versions diff --git a/so-elastic-fleet-package-registry/scripts/supported-integrations.sh b/so-elastic-fleet-package-registry/scripts/supported-integrations.sh index 56d3faae..9181fca9 100644 --- a/so-elastic-fleet-package-registry/scripts/supported-integrations.sh +++ b/so-elastic-fleet-package-registry/scripts/supported-integrations.sh @@ -1,4 +1,12 @@ -#/bin/bash +#!/bin/bash +# +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +# This script removes unsupported packages from our self-hosted Elastic Package Repo container image. +# It is meant to be used during the image build process. cd /packages/package-storage/ for file in * From c7a2457cce6756510c525ae018963ca1ae1585e5 Mon Sep 17 00:00:00 2001 From: defensivedepth Date: Tue, 17 Oct 2023 15:40:16 -0400 Subject: [PATCH 3/3] Disable unsupported integrations --- so-kibana/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/so-kibana/Dockerfile b/so-kibana/Dockerfile index 8ed38ebe..610573cd 100644 --- a/so-kibana/Dockerfile +++ b/so-kibana/Dockerfile @@ -34,6 +34,9 @@ RUN ln -s /usr/share/kibana /opt/kibana ENV PATH=/usr/share/kibana/bin:$PATH +# Disable hardcoded Integrations from showing up +RUN sed -i 's/"server": true,/"server": false,/g' /usr/share/kibana/node_modules/@kbn/custom-integrations-plugin/kibana.jsonc + # Copy over the dashboards RUN mkdir /usr/share/kibana/dashboards