paulmataruso/wazuh-docker-mirror
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-10-23 04:51:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

resolving conflicts

Browse Source
This commit is contained in:
vcerenu
2024-04-30 05:39:50 -03:00
parent ec76ea8d92 1e7d1c62ec
commit 4c74ebfc80
39 changed files with 340 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.env
View File

@@ -1,3 +1,6 @@
WAZUH_VERSION=4.7.4
WAZUH_IMAGE_VERSION=4.7.4
WAZUH_VERSION=4.8.0
WAZUH_IMAGE_VERSION=4.8.0
WAZUH_TAG_REVISION=1
FILEBEAT_TEMPLATE_BRANCH=4.8.0
WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
WAZUH_UI_REVISION=1

2
.github/.goss.yaml vendored
View File

@@ -56,7 +56,7 @@ package:
wazuh-manager:
installed: true
versions:
- 4.7.4-1
- 4.8.0-1
port:
tcp:1514:
listening: true

50
.github/workflows/push.yml vendored
View File

@@ -126,8 +126,9 @@ jobs:
- name: Check documents into wazuh-alerts index
run: |
sleep 120
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 100 ]]; then
if [[ $docs -gt 0 ]]; then
echo "wazuh-alerts index documents: ${docs}"
else
echo "wazuh-alerts index documents: ${docs}"
@@ -138,7 +139,7 @@ jobs:
run: |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
if [[ $qty_templates -eq 3 ]]; then
if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:"
echo "${templates}"
else
@@ -161,10 +162,6 @@ jobs:
env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
- name: Check errors in ossec.log
run: ./.github/single-node-log-check.sh
- name: Check filebeat output
run: ./.github/single-node-filebeat-check.sh
@@ -178,8 +175,8 @@ jobs:
exit 1
fi
- name: Stop single node stack
run: docker-compose -f single-node/docker-compose.yml down
- name: Check errors in ossec.log
run: ./.github/single-node-log-check.sh
check-multi-node:
runs-on: ubuntu-latest
@@ -192,6 +189,14 @@ jobs:
- name: Create enviroment variables
run: cat .env > $GITHUB_ENV
- name: free disk space
run: |
sudo swapoff -a
sudo rm -f /swapfile
sudo apt clean
docker rmi $(docker image ls -aq)
df -h
- name: Retrieve saved Wazuh dashboard Docker image
uses: actions/download-artifact@v3
with:
@@ -212,6 +217,7 @@ jobs:
docker load --input ./wazuh-manager.tar
docker load --input ./wazuh-indexer.tar
docker load --input ./wazuh-dashboard.tar
rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
- name: Create multi node certficates
run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
@@ -221,7 +227,13 @@ jobs:
- name: Check Wazuh indexer start
run: |
sleep 120
until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l` -eq 1 ]]
do
echo 'Waiting for Wazuh indexer start'
free -m
df -h
sleep 10
done
status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
if [[ $status_green -eq 1 ]]; then
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
@@ -250,8 +262,15 @@ jobs:
- name: Check documents into wazuh-alerts index
run: |
until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``) -gt 0 ]]
do
echo 'Waiting for Wazuh indexer events'
free -m
df -h
sleep 10
done
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 100 ]]; then
if [[ $docs -gt 1 ]]; then
echo "wazuh-alerts index documents: ${docs}"
else
echo "wazuh-alerts index documents: ${docs}"
@@ -262,7 +281,7 @@ jobs:
run: |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
if [[ $qty_templates -eq 3 ]]; then
if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:"
echo "${templates}"
else
@@ -292,10 +311,6 @@ jobs:
env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
- name: Check errors in ossec.log
run: ./.github/multi-node-log-check.sh
- name: Check filebeat output
run: ./.github/multi-node-filebeat-check.sh
@@ -307,4 +322,7 @@ jobs:
else
echo "Wazuh dashboard status: ${status}"
exit 1
fi
fi
- name: Check errors in ossec.log
run: ./.github/multi-node-log-check.sh

8
.github/workflows/trivy-dashboard-4-4.yml → .github/workflows/trivy-dashboard.yml vendored
View File

@@ -31,12 +31,18 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with: { ref: 4.4 }
- name: Installing dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq
- name: Checkout latest tag
run: |
latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
git fetch origin
git checkout $latest
- name: Build Wazuh images
run: build-docker-images/build-images.sh

8
.github/workflows/trivy-indexer-4-4.yml → .github/workflows/trivy-indexer.yml vendored
View File

@@ -31,12 +31,18 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with: { ref: 4.4 }
- name: Installing dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq
- name: Checkout latest tag
run: |
latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
git fetch origin
git checkout $latest
- name: Build Wazuh images
run: build-docker-images/build-images.sh

8
.github/workflows/trivy-manager-4-4.yml → .github/workflows/trivy-manager.yml vendored
View File

@@ -31,12 +31,18 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with: { ref: 4.4 }
- name: Installing dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq
- name: Checkout latest tag
run: |
latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
git fetch origin
git checkout $latest
- name: Build Wazuh images
run: build-docker-images/build-images.sh

5
CHANGELOG.md
View File

@@ -1,6 +1,11 @@
# Change Log
All notable changes to this project will be documented in this file.
## Wazuh Docker v4.8.0
### Added
- Update Wazuh to version [4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
## Wazuh Docker v4.7.4
### Added

2
README.md
View File

@@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ##
│   │   └── Dockerfile
│   ├── wazuh-indexer
│   │   ├── config
│ │ │ ├── action_groups.yml
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
@@ -195,6 +196,7 @@ WAZUH_MONITORING_REPLICAS=0 ##
| Wazuh version | ODFE | XPACK |
|---------------|---------|--------|
| v4.8.0 | | |
| v4.7.4 | | |
| v4.7.3 | | |
| v4.7.2 | | |

45
SECURITY.md Normal file
View File

@@ -0,0 +1,45 @@
# Wazuh Open Source Project Security Policy
Version: 2023-06-12
## Introduction
This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
## Scope
This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
## Reporting Security Vulnerabilities
If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
## Vulnerability Disclosure Policy
Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
- Validation: We will validate the issue and work on reproducing it in our environment.
- Remediation: We will work on a fix and thoroughly test it
- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
## Automatic Scanning
We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
## Credit
We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
## Compliance with this Policy
We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
## Changes to this Security Policy
This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).

4
VERSION
View File

@@ -1,2 +1,2 @@
WAZUH-DOCKER_VERSION="4.7.4"
REVISION="40717"
WAZUH-DOCKER_VERSION="4.8.0"
REVISION="40808"

6
build-docker-images/README.md
View File

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
```
$ build-docker-images/build-images.sh -v 4.5.2
$ build-docker-images/build-images.sh -v 4.8.0
```
To get all the available script options use the -h or --help option:
@@ -24,9 +24,9 @@ $ build-docker-images/build-images.sh -h
Usage: build-docker-images/build-images.sh [OPTIONS]
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.3.
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
-r, --revision <rev> [Optional] Package revision. By default 1
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.7.4.
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.8.0.
-h, --help Show this help.
```

8
build-docker-images/build-images.sh
View File

@@ -1,7 +1,7 @@
WAZUH_IMAGE_VERSION=4.7.4
WAZUH_IMAGE_VERSION=4.8.0
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
WAZUH_TAG_REVISION=1
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
# Wazuh package generator
@@ -12,10 +12,10 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
# License (version 2) as published by the FSF - Free Software
# Foundation.
WAZUH_IMAGE_VERSION="4.7.4"
WAZUH_IMAGE_VERSION="4.8.0"
WAZUH_TAG_REVISION="1"
WAZUH_DEV_STAGE=""
FILEBEAT_MODULE_VERSION="0.3"
FILEBEAT_MODULE_VERSION="0.4"
# -----------------------------------------------------------------------------

17
build-docker-images/wazuh-dashboard/Dockerfile
View File

@@ -1,5 +1,5 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal AS builder
FROM amazonlinux:2023 AS builder
ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION
@@ -7,7 +7,7 @@ ARG INSTALL_DIR=/usr/share/wazuh-dashboard
ARG WAZUH_UI_REVISION
# Update and install dependencies
RUN apt-get update && apt install curl libcap2-bin xz-utils -y
RUN yum install curl-minimal libcap xz tar openssl -y
# Create Install dir
RUN mkdir -p $INSTALL_DIR
@@ -28,12 +28,12 @@ RUN bash /install_wazuh_app.sh
# Copy and set permissions to config files
COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
# Create and set permissions to data directories
RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
################################################################################
# Build stage 1 (the current Wazuh dashboard image):
@@ -42,7 +42,7 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/
# Add entrypoint
# Add wazuh_app_config
################################################################################
FROM ubuntu:focal
FROM amazonlinux:2023
# Set environment variables
ENV USER="wazuh-dashboard" \
@@ -80,6 +80,9 @@ ENV PATTERN="" \
WAZUH_MONITORING_SHARDS="" \
WAZUH_MONITORING_REPLICAS=""
# Update and install dependencies
RUN yum install shadow-utils -y
# Create wazuh-dashboard user and group
RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
RUN useradd --system \

4
build-docker-images/wazuh-dashboard/config/config.sh
View File

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PACKAGES_URL=https://packages.wazuh.com/4.7/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
PACKAGES_URL=https://packages.wazuh.com/4.8/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')

2
build-docker-images/wazuh-dashboard/config/dl_base.sh
View File

@@ -1,5 +1,5 @@
REPOSITORY="packages.wazuh.com/4.x"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)

14
build-docker-images/wazuh-dashboard/config/install_wazuh_app.sh
View File

@@ -1,6 +1,8 @@
## variables
WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CHECK_UPDATES=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -11,15 +13,23 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
## check version to use the correct repository
if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
fi
fi
fi
# Install Wazuh App
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CHECK_UPDATES --allow-root
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CORE --allow-root

2
build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml
View File

@@ -9,5 +9,5 @@ server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
uiSettings.overrides.defaultRoute: /app/wz-home

11
build-docker-images/wazuh-indexer/Dockerfile
View File

@@ -1,10 +1,10 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal AS builder
FROM amazonlinux:2023 AS builder
ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION
RUN apt-get update -y && apt-get install curl openssl xz-utils -y
RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
COPY config/opensearch.yml /
@@ -12,6 +12,8 @@ COPY config/config.sh .
COPY config/config.yml /
COPY config/action_groups.yml /
COPY config/internal_users.yml /
COPY config/roles_mapping.yml /
@@ -25,14 +27,17 @@ RUN bash config.sh
#
# Copy wazuh-indexer from stage 0
# Add entrypoint
################################################################################
FROM ubuntu:focal
FROM amazonlinux:2023
ENV USER="wazuh-indexer" \
GROUP="wazuh-indexer" \
NAME="wazuh-indexer" \
INSTALL_DIR="/usr/share/wazuh-indexer"
RUN yum install curl-minimal shadow-utils findutils hostname -y
RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
RUN useradd --system \

12
build-docker-images/wazuh-indexer/config/action_groups.yml Normal file
View File

@@ -0,0 +1,12 @@
---
_meta:
type: "actiongroups"
config_version: 2
# ISM API permissions group
manage_ism:
reserved: true
hidden: false
allowed_actions:
- "cluster:admin/opendistro/ism/*"
static: false

7
build-docker-images/wazuh-indexer/config/config.sh
View File

@@ -23,7 +23,7 @@ rm -rf ${INSTALLATION_DIR}/
## variables
REPOSITORY="packages.wazuh.com/4.x"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE}
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PASSWORD_TOOL=wazuh-passwords-tool.sh
PACKAGES_URL=https://packages.wazuh.com/4.7/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
PACKAGES_URL=https://packages.wazuh.com/4.8/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
@@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/
# Copy Wazuh's config files for the security plugin
cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
# Copy Wazuh indexer's certificates

12
build-docker-images/wazuh-indexer/config/roles.yml
View File

@@ -142,7 +142,7 @@ wazuh_ui_user:
allowed_actions:
- "read"
tenant_permissions: []
static: false
static: false
wazuh_ui_admin:
reserved: true
@@ -160,4 +160,12 @@ wazuh_ui_admin:
- "manage"
- "index"
tenant_permissions: []
static: false
static: false
# ISM API permissions role
manage_ism:
reserved: true
hidden: false
cluster_permissions:
- "manage_ism"
static: false

11
build-docker-images/wazuh-indexer/config/roles_mapping.yml
View File

@@ -33,7 +33,7 @@ kibana_user:
- "kibanauser"
users:
- "wazuh_user"
- "wazuh_admin"
- "wazuh_admin"
description: "Maps kibanauser to kibana_user"
readall:
@@ -68,4 +68,11 @@ wazuh_ui_user:
hosts: []
users:
- "wazuh_user"
and_backend_roles: []
and_backend_roles: []
# ISM API permissions role mapping
manage_ism:
reserved: true
hidden: false
users:
- "kibanaserver"

34
build-docker-images/wazuh-manager/Dockerfile
View File

@@ -1,5 +1,5 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal
FROM amazonlinux:2023
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
@@ -9,22 +9,24 @@ ARG FILEBEAT_TEMPLATE_BRANCH
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_FILEBEAT_MODULE
ARG S6_VERSION="v2.2.0.3"
RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y
RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
yum clean all
COPY config/check_repository.sh /
COPY config/filebeat_module.sh /
COPY config/permanent_data.env config/permanent_data.sh /
RUN chmod 775 /check_repository.sh
RUN source /check_repository.sh
RUN apt-get update && \
apt-get install wazuh-manager=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
COPY config/filebeat_module.sh /
RUN chmod 775 /filebeat_module.sh
RUN source /filebeat_module.sh
ARG S6_VERSION="v2.2.0.3"
RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
yum clean all && \
chmod 775 /filebeat_module.sh && \
source /filebeat_module.sh && \
rm /filebeat_module.sh && \
curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-o /tmp/s6-overlay-amd64.tar.gz && \
tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
@@ -43,11 +45,6 @@ RUN chmod go-w /etc/filebeat/wazuh-template.json
# Prepare permanent data
# Sync calls are due to https://github.com/docker/docker/issues/9547
COPY config/permanent_data.env config/permanent_data.sh /
RUN chmod 755 /permanent_data.sh && \
sync && /permanent_data.sh && \
sync && rm /permanent_data.sh
#Make mount directories for keep permissions
RUN mkdir -p /var/ossec/var/multigroups && \
@@ -58,7 +55,10 @@ RUN mkdir -p /var/ossec/var/multigroups && \
chmod 770 /var/ossec/agentless && \
mkdir -p /var/ossec/active-response/bin && \
chown root:wazuh /var/ossec/active-response/bin && \
chmod 770 /var/ossec/active-response/bin
chmod 770 /var/ossec/active-response/bin && \
chmod 755 /permanent_data.sh && \
sync && /permanent_data.sh && \
sync && rm /permanent_data.sh
# Services ports
EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp

15
build-docker-images/wazuh-manager/config/check_repository.sh
View File

@@ -1,7 +1,8 @@
## variables
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -12,18 +13,18 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
## check version to use the correct repository
if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
fi
fi
fi
apt-key adv --fetch-keys ${APT_KEY}
echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list
rpm --import "${APT_KEY}"
echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

5
build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
View File

@@ -184,8 +184,9 @@ set_rids_owner() {
##############################################################################
set_correct_permOwner() {
find / -group 997 -exec chown :101 {} +;
find / -user 999 -exec chown 101 {} +;
find / -group 997 -exec chown :999 {} +;
find / -group 101 -exec chown :999 {} +;
find / -user 101 -exec chown 999 {} +;
}
##############################################################################

10
build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager
View File

@@ -112,6 +112,13 @@ function_entrypoint_scripts() {
fi
}
function_configure_vulnerability_detection() {
if [ "$INDEXER_PASSWORD" != "" ]; then
>&2 echo "Configuring password."
/var/ossec/bin/wazuh-keystore -f indexer -k username -v $INDEXER_USERNAME
/var/ossec/bin/wazuh-keystore -f indexer -k password -v $INDEXER_PASSWORD
fi
}
# Migrate data from /wazuh-migration volume
function_wazuh_migration
@@ -119,6 +126,9 @@ function_wazuh_migration
# create API custom user
function_create_custom_user
# configure Vulnerabilty detection
function_configure_vulnerability_detection
# run entrypoint scripts
function_entrypoint_scripts

2
build-docker-images/wazuh-manager/config/filebeat.yml
View File

@@ -8,9 +8,9 @@ filebeat.modules:
enabled: false
setup.template.json.enabled: true
setup.template.overwrite: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.template.overwrite: true
setup.ilm.enabled: false
output.elasticsearch:
hosts: ['https://wazuh.indexer:9200']

6
build-docker-images/wazuh-manager/config/filebeat_module.sh
View File

@@ -1,5 +1,5 @@
REPOSITORY="packages.wazuh.com/4.x"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -20,6 +20,6 @@ elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
fi
fi
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\
dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
yum install -y ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module

28
build-docker-images/wazuh-manager/config/permanent_data.env
View File

@@ -16,13 +16,16 @@ export PERMANENT_DATA
# Files mounted in a volume that should not be permanent
i=0
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
@@ -53,14 +56,37 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws_tools.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/wazuh_integration.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/aws_bucket.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/cloudtrail.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/config.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/guardduty.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/load_balancers.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/server_access.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/umbrella.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/vpcflow.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/waf.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/aws_service.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/cloudwatchlogs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/inspector.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/s3_log_handler.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_processor.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
export PERMANENT_DATA_EXCP
# Files mounted in a volume that should be deleted

15
indexer-certs-creator/config/entrypoint.sh
View File

@@ -8,8 +8,8 @@
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PASSWORD_TOOL=wazuh-passwords-tool.sh
PACKAGES_URL=https://packages.wazuh.com/4.7/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
PACKAGES_URL=https://packages.wazuh.com/4.8/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
@@ -38,7 +38,7 @@ chmod 700 /$CERT_TOOL
## Execute cert tool and parsin cert.yml to set UID permissions
source /$CERT_TOOL -A
nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' )
nodes_server=$( cert_parseYaml /config.yml | grep -E "nodes[_]+server[_]+[0-9]+=" | sed -e 's/nodes__server__[0-9]=//' | sed 's/"//g' )
node_names=($nodes_server)
echo "Moving created certificates to the destination directory"
@@ -51,11 +51,12 @@ chown 1000:1000 /certificates/*
echo "Setting UID for wazuh manager and worker"
cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
cp /certificates/root-ca.key /certificates/root-ca-manager.key
chown 101:101 /certificates/root-ca-manager.pem
chown 101:101 /certificates/root-ca-manager.key
chown 999:999 /certificates/root-ca-manager.pem
chown 999:999 /certificates/root-ca-manager.key
for i in ${node_names[@]};
do
chown 101:101 "/certificates/${i}.pem"
chown 101:101 "/certificates/${i}-key.pem"
chown 999:999 "/certificates/${i}.pem"
chown 999:999 "/certificates/${i}-key.pem"
done

109
multi-node/config/wazuh_cluster/wazuh_manager.conf
View File

@@ -95,91 +95,27 @@
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<os>jammy</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>buster</os>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://wazuh1.indexer:9200</host>
<host>https://wazuh2.indexer:9200</host>
<host>https://wazuh3.indexer:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/ssl/filebeat.pem</certificate>
<key>/etc/ssl/filebeat.key</key>
</ssl>
</indexer>
<!-- File integrity monitoring -->
<syscheck>
@@ -371,9 +307,4 @@
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</ossec_config>

109
multi-node/config/wazuh_cluster/wazuh_worker.conf
View File

@@ -95,91 +95,27 @@
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<os>jammy</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>buster</os>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://wazuh1.indexer:9200</host>
<host>https://wazuh2.indexer:9200</host>
<host>https://wazuh3.indexer:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/ssl/filebeat.pem</certificate>
<key>/etc/ssl/filebeat.key</key>
</ssl>
</indexer>
<!-- File integrity monitoring -->
<syscheck>
@@ -371,9 +307,4 @@
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</ossec_config>

2
multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
View File

@@ -9,4 +9,4 @@ server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
uiSettings.overrides.defaultRoute: /app/wz-home

12
multi-node/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh.master:
image: wazuh/wazuh-manager:4.7.4
image: wazuh/wazuh-manager:4.8.0
hostname: wazuh.master
restart: always
ulimits:
@@ -45,7 +45,7 @@ services:
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.worker:
image: wazuh/wazuh-manager:4.7.4
image: wazuh/wazuh-manager:4.8.0
hostname: wazuh.worker
restart: always
ulimits:
@@ -81,7 +81,7 @@ services:
- ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
wazuh1.indexer:
image: wazuh/wazuh-indexer:4.7.4
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh1.indexer
restart: always
ports:
@@ -107,7 +107,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh2.indexer:
image: wazuh/wazuh-indexer:4.7.4
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh2.indexer
restart: always
environment:
@@ -129,7 +129,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh3.indexer:
image: wazuh/wazuh-indexer:4.7.4
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh3.indexer
restart: always
environment:
@@ -151,7 +151,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.4
image: wazuh/wazuh-dashboard:4.8.0
hostname: wazuh.dashboard
restart: always
ports:

2
multi-node/generate-indexer-certs.yml
View File

@@ -3,7 +3,7 @@ version: '3'
services:
generator:
image: wazuh/wazuh-certs-generator:0.0.1
image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/

102
single-node/config/wazuh_cluster/wazuh_manager.conf
View File

@@ -95,91 +95,25 @@
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<os>jammy</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>buster</os>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://wazuh.indexer:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/ssl/filebeat.pem</certificate>
<key>/etc/ssl/filebeat.key</key>
</ssl>
</indexer>
<!-- File integrity monitoring -->
<syscheck>

2
single-node/config/wazuh_dashboard/opensearch_dashboards.yml
View File

@@ -9,4 +9,4 @@ server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
uiSettings.overrides.defaultRoute: /app/wz-home

8
single-node/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.7.4
image: wazuh/wazuh-manager:4.8.0
hostname: wazuh.manager
restart: always
ulimits:
@@ -46,13 +46,13 @@ services:
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.indexer:
image: wazuh/wazuh-indexer:4.7.4
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
ulimits:
memlock:
soft: -1
@@ -71,7 +71,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.4
image: wazuh/wazuh-dashboard:4.8.0
hostname: wazuh.dashboard
restart: always
ports:

2
single-node/generate-indexer-certs.yml
View File

@@ -3,7 +3,7 @@ version: '3'
services:
generator:
image: wazuh/wazuh-certs-generator:0.0.1
image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/