From 74e400ce1d190a795e71b5eba930340552e37964 Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Tue, 2 Mar 2021 11:15:11 -0800 Subject: [PATCH 1/2] Upgrade Kibana to 7.11.1 Signed-off-by: Tyler Smalley --- Dockerfile | 4 ++-- hardening_manifest.yaml | 10 +++++----- scripts/kibana-docker | 4 ++++ 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9408762..48f006c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,8 +14,8 @@ RUN yum update --setopt=tsflags=nodocs -y && \ RUN mkdir /usr/share/kibana WORKDIR /usr/share/kibana -COPY --chown=1000:0 kibana-7.10.2-linux-x86_64.tar.gz . -RUN tar --strip-components=1 -zxf kibana-7.10.2-linux-x86_64.tar.gz +COPY --chown=1000:0 kibana-7.11.1-linux-x86_64.tar.gz . +RUN tar --strip-components=1 -zxf kibana-7.11.1-linux-x86_64.tar.gz # Ensure that group permissions are the same as user permissions. # This will help when relying on GID-0 to run Kibana, rather than UID-1000. diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 52c0f10..c5be855 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "elastic/kibana/kibana" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "7.10.2" +- "7.11.1" - "latest" # Build args passed to Dockerfile ARGs @@ -23,18 +23,18 @@ labels: org.opencontainers.image.licenses: "Elastic License" org.opencontainers.image.url: "https://www.elastic.co/products/kibana" org.opencontainers.image.vendor: "Elastic" - org.opencontainers.image.version: "7.10.2" + org.opencontainers.image.version: "7.11.1" # mil.dso.ironbank.image.keywords: "" # mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "Kibana" # List of resources to make available to the offline build context resources: -- filename: kibana-7.10.2-linux-x86_64.tar.gz - url: https://artifacts.elastic.co/downloads/kibana/kibana-7.10.2-linux-x86_64.tar.gz +- filename: kibana-7.11.1-linux-x86_64.tar.gz + url: https://artifacts.elastic.co/downloads/kibana/kibana-7.11.1-linux-x86_64.tar.gz validation: type: sha512 - value: aa68f850cc09cf5dcb7c0b48bb8df788ca58eaad38d96141b8e59917fd38b42c728c0968f7cb2c8132c5aaeb595525cdde0859554346c496f53c569e03abe412 + value: 5facaac7adced5ac2830158d6a7994d9c32e042c320f250626166a9e86cce3fa4c3e8b92809526492b4d09b0b8623ea2c3bfd02751a8f1387bc3f09a1bee642b - filename: tini url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64 validation: diff --git a/scripts/kibana-docker b/scripts/kibana-docker index 49feba1..33f994c 100755 --- a/scripts/kibana-docker +++ b/scripts/kibana-docker @@ -47,6 +47,10 @@ kibana_vars=( elasticsearch.ssl.truststore.password elasticsearch.ssl.verificationMode elasticsearch.username + enterpriseSearch.accessCheckTimeout + enterpriseSearch.accessCheckTimeoutWarning + enterpriseSearch.enabled + enterpriseSearch.host i18n.locale interpreter.enableInVisualize kibana.autocompleteTerminateAfter -- GitLab From c73dadb374e8255f997385ccc60d74f5efc56973 Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Thu, 4 Mar 2021 08:48:04 -0800 Subject: [PATCH 2/2] Re-add user Signed-off-by: Tyler Smalley --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 48f006c..b326169 100644 --- a/Dockerfile +++ b/Dockerfile @@ -70,6 +70,8 @@ RUN groupadd --gid 1000 kibana && \ --home-dir /usr/share/kibana --no-create-home \ kibana +USER kibana + ENTRYPOINT ["/bin/tini", "--"] CMD ["/usr/local/bin/kibana-docker"] -- GitLab