diff --git a/production-cluster.yml b/production-cluster.yml index 3b1ef143..6161fbdd 100644 --- a/production-cluster.yml +++ b/production-cluster.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-odfe:4.3.0-dev + image: wazuh/wazuh-odfe:4.3.0 hostname: wazuh.master restart: always ports: @@ -38,7 +38,7 @@ services: - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-odfe:4.3.0-dev + image: wazuh/wazuh-odfe:4.3.0 hostname: wazuh.worker restart: always environment: @@ -175,8 +175,8 @@ services: - wazuh.worker:wazuh.worker - wazuh.dashboard:wazuh.dashboard volumes: - - ./production_cluster/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - - ./production_cluster/nginx/ssl:/etc/nginx/ssl:ro + - ./production_cluster/nginx_wazuh/nginx.conf:/etc/nginx/nginx.conf:ro + - ./production_cluster/nginx_wazuh/ssl:/etc/nginx/ssl:ro volumes: ossec-api-configuration: diff --git a/production-cluster_odfe.yml b/production-cluster_odfe.yml index ae431ba2..2907bfbe 100644 --- a/production-cluster_odfe.yml +++ b/production-cluster_odfe.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh-master: - image: wazuh/wazuh-odfe:4.3.0 + image: wazuh/wazuh-odfe:4.4.0 hostname: wazuh-master restart: always ports: @@ -11,7 +11,7 @@ services: - "514:514/udp" - "55000:55000" environment: - - ELASTICSEARCH_URL=https://wazuh-indexer:9700 + - ELASTICSEARCH_URL=https://elasticsearch:9200 - ELASTIC_USERNAME=admin - ELASTIC_PASSWORD=SecretPassword - FILEBEAT_SSL_VERIFICATION_MODE=full @@ -32,17 +32,17 @@ services: - ossec-wodles:/var/ossec/wodles - filebeat-etc:/etc/filebeat - filebeat-var:/var/lib/filebeat - - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem - - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem - - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.key:/etc/ssl/filebeat.key + - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem + - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem + - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh-worker: - image: wazuh/wazuh-odfe:4.3.0 + image: wazuh/wazuh-odfe:4.4.0 hostname: wazuh-worker restart: always environment: - - ELASTICSEARCH_URL=https://wazuh-indexer:9700 + - ELASTICSEARCH_URL=https://elasticsearch:9200 - ELASTIC_USERNAME=admin - ELASTIC_PASSWORD=SecretPassword - FILEBEAT_SSL_VERIFICATION_MODE=full @@ -61,21 +61,19 @@ services: - worker-ossec-wodles:/var/ossec/wodles - worker-filebeat-etc:/etc/filebeat - worker-filebeat-var:/var/lib/filebeat - - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem - - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem - - ./production_cluster/wazuh_indexer_ssl_certs/filebeat.key:/etc/ssl/filebeat.key + - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem + - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem + - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf - wazuh-indexer: - image: wazuh-indexer - hostname: wazuh-indexer + elasticsearch: + image: amazon/opendistro-for-elasticsearch:1.13.2 + hostname: elasticsearch restart: always ports: - - "9700:9700" + - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "NODE_TYPE=master" - - "bootstrap.memory_lock=true" + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 @@ -84,23 +82,21 @@ services: soft: 65536 hard: 65536 volumes: - - wazuh-indexer-data-1:/var/lib/wazuh-indexer - - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem - - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer.key:/etc/wazuh-indexer/certs/wazuh-indexer.key - - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer.pem:/etc/wazuh-indexer/certs/wazuh-indexer.pem - - ./production_cluster/wazuh_indexer_ssl_certs/admin.pem:/etc/wazuh-indexer/certs/admin.pem - - ./production_cluster/wazuh_indexer_ssl_certs/admin.key:/etc/wazuh-indexer/certs/admin-key.pem - - ./production_cluster/wazuh-indexer/opensearch-node1.yml:/etc/wazuh-indexer/opensearch.yml - - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + - elastic-data-1:/usr/share/elasticsearch/data + - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem + - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key + - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem + - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem + - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key + - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - wazuh-indexer-2: - image: wazuh-indexer - hostname: wazuh-indexer-2 + elasticsearch-2: + image: amazon/opendistro-for-elasticsearch:1.13.2 + hostname: elasticsearch-2 restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "NODE_TYPE=worker" - - "bootstrap.memory_lock=true" + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 @@ -109,21 +105,19 @@ services: soft: 65536 hard: 65536 volumes: - - wazuh-indexer-data-2:/var/lib/wazuh-indexer - - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem - - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-2.key:/etc/wazuh-indexer/certs/wazuh-indexer-2.key - - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-2.pem:/etc/wazuh-indexer/certs/wazuh-indexer-2.pem - - ./production_cluster/wazuh-indexer/opensearch-node2.yml:/etc/wazuh-indexer/opensearch.yml - - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml + - elastic-data-2:/usr/share/elasticsearch/data + - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem + - ./production_cluster/ssl_certs/node2.key:/usr/share/elasticsearch/config/node2.key + - ./production_cluster/ssl_certs/node2.pem:/usr/share/elasticsearch/config/node2.pem + - ./production_cluster/elastic_opendistro/elasticsearch-node2.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - wazuh-indexer-3: - image: wazuh-indexer - hostname: wazuh-indexer-3 + elasticsearch-3: + image: amazon/opendistro-for-elasticsearch:1.13.2 + hostname: elasticsearch-3 restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "NODE_TYPE=worker" - - "bootstrap.memory_lock=true" + - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 @@ -132,15 +126,15 @@ services: soft: 65536 hard: 65536 volumes: - - wazuh-indexer-data-3:/var/lib/wazuh-indexer - - ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/wazuh-indexer/certs/root-ca.pem - - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-3.key:/etc/wazuh-indexer/certs/wazuh-indexer-3.key - - ./production_cluster/wazuh_indexer_ssl_certs/wazuh-indexer-3.pem:/etc/wazuh-indexer/certs/wazuh-indexer-3.pem - - ./production_cluster/wazuh-indexer/opensearch-node3.yml:/etc/wazuh-indexer/opensearch.yml - - ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml + - elastic-data-3:/usr/share/elasticsearch/data + - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem + - ./production_cluster/ssl_certs/node3.key:/usr/share/elasticsearch/config/node3.key + - ./production_cluster/ssl_certs/node3.pem:/usr/share/elasticsearch/config/node3.pem + - ./production_cluster/elastic_opendistro/elasticsearch-node3.yml:/usr/share/elasticsearch/config/elasticsearch.yml + - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml kibana: - image: wazuh/wazuh-dashboard:4.3.0 + image: wazuh/wazuh-kibana-odfe:4.4.0 hostname: kibana restart: always ports: @@ -149,19 +143,19 @@ services: - ELASTICSEARCH_USERNAME=admin - ELASTICSEARCH_PASSWORD=SecretPassword - SERVER_SSL_ENABLED=true - - SERVER_SSL_CERTIFICATE=/etc/wazuh-dashboard/certs/cert.pem - - SERVER_SSL_KEY=/etc/wazuh-dashboard/certs/key.pem + - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/cert.pem + - SERVER_SSL_KEY=/usr/share/kibana/config/key.pem - WAZUH_API_URL="https://wazuh-master" - API_USERNAME=acme-user - API_PASSWORD=MyS3cr37P450r.*- volumes: - - ./production_cluster/kibana_ssl/cert.pem:/etc/wazuh-dashboard/certs/cert.pem - - ./production_cluster/kibana_ssl/key.pem:/etc/wazuh-dashboard/certs/key.pem + - ./production_cluster/kibana_ssl/cert.pem:/usr/share/kibana/config/cert.pem + - ./production_cluster/kibana_ssl/key.pem:/usr/share/kibana/config/key.pem depends_on: - - wazuh-indexer + - elasticsearch links: - - wazuh-indexer:wazuh-indexer + - elasticsearch:elasticsearch - wazuh-master:wazuh-master nginx: @@ -207,6 +201,6 @@ volumes: worker-ossec-wodles: worker-filebeat-etc: worker-filebeat-var: - wazuh-indexer-data-1: - wazuh-indexer-data-2: - wazuh-indexer-data-3: + elastic-data-1: + elastic-data-2: + elastic-data-3: \ No newline at end of file diff --git a/production_cluster/nginx/nginx.conf b/production_cluster/nginx/nginx.conf index c68c6f2d..8cd13ca2 100644 --- a/production_cluster/nginx/nginx.conf +++ b/production_cluster/nginx/nginx.conf @@ -41,7 +41,7 @@ http { ssl_certificate /etc/nginx/ssl/cert.pem; ssl_certificate_key /etc/nginx/ssl/key.pem; location / { - proxy_pass https://wazuh.dashboard:5601/; + proxy_pass https://kibana:5601/; proxy_ssl_verify off; proxy_buffer_size 128k; proxy_buffers 4 256k; @@ -57,8 +57,8 @@ http { stream { upstream mycluster { hash $remote_addr consistent; - server wazuh.master:1514; - server wazuh.worker:1514; + server wazuh-master:1514; + server wazuh-worker:1514; } server { listen 1514; diff --git a/production_cluster/nginx_wazuh/nginx.conf b/production_cluster/nginx_wazuh/nginx.conf new file mode 100644 index 00000000..c68c6f2d --- /dev/null +++ b/production_cluster/nginx_wazuh/nginx.conf @@ -0,0 +1,67 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + + keepalive_timeout 65; + + server_tokens off; + gzip on; + + # kibana UI + server { + listen 80; + listen [::]:80; + return 301 https://$host:443$request_uri; + } + + server { + listen 443 default_server ssl http2; + listen [::]:443 ssl http2; + ssl_certificate /etc/nginx/ssl/cert.pem; + ssl_certificate_key /etc/nginx/ssl/key.pem; + location / { + proxy_pass https://wazuh.dashboard:5601/; + proxy_ssl_verify off; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + } + } + +} + + + +# load balancer for Wazuh cluster +stream { + upstream mycluster { + hash $remote_addr consistent; + server wazuh.master:1514; + server wazuh.worker:1514; + } + server { + listen 1514; + proxy_pass mycluster; + } +} diff --git a/production_cluster/nginx_wazuh/ssl/generate-self-signed-cert.sh b/production_cluster/nginx_wazuh/ssl/generate-self-signed-cert.sh new file mode 100644 index 00000000..e006733f --- /dev/null +++ b/production_cluster/nginx_wazuh/ssl/generate-self-signed-cert.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +cd $DIR + +if [ -s key.pem ] +then + echo "Certificate already exists" + exit +else + openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem +fi