fixing helk-logstash permissions bug

https://github.com/hunters-forge/Blacksmith/issues/4
https://github.com/Cyb3rWard0g/HELK/issues/430
https://github.com/Cyb3rWard0g/HELK/issues/423

docker/helk-kibana-analysis-alert-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -46,7 +46,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-kibana-analysis-alert-trial.yml

@@ -35,7 +35,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -47,7 +47,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-kibana-analysis-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -46,7 +46,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-kibana-analysis-trial.yml

@@ -35,7 +35,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -47,7 +47,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-kibana-notebook-analysis-alert-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -46,7 +46,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-kibana-notebook-analysis-alert-trial.yml

@@ -35,7 +35,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -47,7 +47,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-kibana-notebook-analysis-basic.yml

@@ -34,7 +34,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -46,7 +46,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-kibana-notebook-analysis-trial.yml

@@ -35,7 +35,7 @@ services:
     networks:
       helk:
   helk-logstash:
-    image: otrf/helk-logstash:7.5.2.1
+    image: otrf/helk-logstash:7.5.2.2
     container_name: helk-logstash
     logging:
       driver: "json-file"
@@ -47,7 +47,6 @@ services:
       - ./helk-logstash/mordor_pipeline:/usr/share/logstash/mordor_pipeline
       - ./helk-logstash/output_templates:/usr/share/logstash/output_templates
       - ./helk-logstash/plugins:/usr/share/logstash/plugins
-      - ./helk-logstash/config:/usr/share/logstash/config
       - ./helk-logstash/enrichments/cti:/usr/share/logstash/cti
       - ./helk-logstash/scripts:/usr/share/logstash/scripts
     entrypoint: /usr/share/logstash/scripts/logstash-entrypoint.sh

docker/helk-logstash/Dockerfile

@@ -10,21 +10,18 @@ FROM docker.elastic.co/logstash/logstash:7.5.2
 LABEL maintainer="Roberto Rodriguez @Cyb3rWard0g"
 LABEL description="Dockerfile base for the HELK Logstash."
 
-RUN mv /usr/share/logstash/config/logstash.yml /usr/share/logstash/config/logstash.yml.bak
-RUN mv /usr/share/logstash/config/pipelines.yml /usr/share/logstash/config/pipelines.yml.bak
-COPY --chown=logstash:logstash config/logstash.yml /usr/share/logstash/config/logstash.yml
-COPY --chown=logstash:logstash config/pipelines.yml /usr/share/logstash/config/pipelines.yml
-RUN rm -f /usr/share/logstash/pipeline/logstash.conf
+COPY --chown=logstash:logstash config /usr/share/logstash/config
 
 # Build with plugins baked in
 ENV plugins_time_file="/usr/share/logstash/helk-plugins-updated-timestamp.txt"
 RUN printf "%s" "$(date +"%Y-%m-%d %T")" > "${plugins_time_file}"
 RUN chown logstash:logstash "${plugins_time_file}"
-#RUN echo"$(date +"%Y-%m-%d %T")" > "${plugins_time_file}"
+
 COPY --chown=logstash:logstash plugins/helk-offline-logstash-codec_and_filter_plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
 COPY --chown=logstash:logstash plugins/helk-offline-logstash-input_and_output-plugins.zip /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
-RUN logstash-plugin update
-RUN logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
-RUN logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
-RUN rm /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip
-RUN rm /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip
+RUN logstash-plugin update \
+    && logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip \
+    && logstash-plugin install file:///usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip \
+    && rm /usr/share/logstash/plugins/helk-offline-logstash-codec_and_filter_plugins.zip \
+    && rm /usr/share/logstash/plugins/helk-offline-logstash-input_and_output-plugins.zip \
+    && rm -f /usr/share/logstash/pipeline/logstash.conf