diff --git a/.goss.yaml b/.github/.goss.yaml similarity index 100% rename from .goss.yaml rename to .github/.goss.yaml diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 4637f903..8919b1a0 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -11,13 +11,13 @@ jobs: uses: actions/checkout@v2 - name: Build the docker-compose stack - run: docker-compose -f build-from-sources.yml up -d --build + run: docker-compose -f build-wazuh-images.yml up -d --build - name: Check running containers run: docker ps -a - name: Shutdown the stack - run: docker-compose -f build-from-sources.yml kill + run: docker-compose -f build-wazuh-images.yml kill - name: Install Goss uses: e1himself/goss-installation-action@v1.0.3 @@ -25,12 +25,7 @@ jobs: version: v0.3.16 - name: Execute Goss tests (wazuh-odfe) - run: dgoss run wazuh/wazuh-odfe:dev-version + run: dgoss run wazuh/wazuh-manager:4.4.0 env: GOSS_SLEEP: 30 - GOSS_FILE: .goss.yaml - - - name: Execute Goss tests (wazuh-kibana-odfe) - run: dgoss run wazuh/wazuh-kibana-odfe:dev-version - env: - GOSS_FILE: .goss.kibana.yaml + GOSS_FILE: .github/.goss.yaml \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..a2abaa56 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +single-node/config/wazuh_indexer_ssl_certs/*.pem +single-node/config/wazuh_indexer_ssl_certs/*.key +multi-node/config/wazuh_indexer_ssl_certs/*.pem +multi-node/config/wazuh_indexer_ssl_certs/*.key diff --git a/.goss.kibana.yaml b/.goss.kibana.yaml deleted file mode 100644 index 8a29ce3c..00000000 --- a/.goss.kibana.yaml +++ /dev/null @@ -1,53 +0,0 @@ -file: - /usr/share/kibana/config/kibana.yml: - exists: true - mode: "0664" - owner: kibana - group: root - filetype: file - contains: [] - /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css: - exists: true - mode: "0664" - owner: kibana - group: root - filetype: file - contains: [] - /usr/share/kibana/src/core/server/core_app/assets/wazuh_logo_circle.svg: - exists: true - mode: "0644" - owner: kibana - group: root - filetype: file - contains: [] - /usr/share/kibana/src/core/server/core_app/assets/wazuh_wazuh_bg.svg: - exists: true - mode: "0644" - owner: kibana - group: root - filetype: file - contains: [] - /usr/share/kibana/data/wazuh/config/wazuh.yml: - exists: true - mode: "0644" - owner: kibana - group: kibana - filetype: file - contains: [] - /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs: - exists: true - mode: "0664" - owner: kibana - group: root - filetype: file - contains: [] -user: - kibana: - exists: true - groups: - - kibana - home: /usr/share/kibana - shell: /bin/bash -group: - kibana: - exists: true diff --git a/CHANGELOG.md b/CHANGELOG.md index 93858340..71625af9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file. - Update Wazuh to version [4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440) +## Wazuh Docker v4.3.1 +### Added + +- Update Wazuh to version [4.3.1](https://github.com/wazuh/wazuh/blob/v4.3.1/CHANGELOG.md#v431) + ## Wazuh Docker v4.3.0 ### Added diff --git a/README.md b/README.md index 66faf9a7..95827661 100644 --- a/README.md +++ b/README.md @@ -7,13 +7,14 @@ In this repository you will find the containers to run: -* wazuh-opendistro: It runs the Wazuh manager, Wazuh API and Filebeat OSS (for integration with ODFE) -* wazuh-kibana-opendistro: Provides a web user interface to browse through alerts data. It includes Wazuh plugin for Kibana, that allows you to visualize agents configuration and status. -* opendistro-for-elasticsearch: An Elasticsearch (ODFE) container (working as a single-node cluster) using ODFE Docker images. **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).** +* Wazuh manager: it runs the Wazuh manager, Wazuh API and Filebeat OSS +* Wazuh dashboard: provides a web user interface to browse through alerts data and allows you to visualize agents configuration and status. +* Wazuh indexer: Wazuh indexer container (working as a single-node cluster or as a multi-node cluster). **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).** -In addition, a docker-compose file is provided to launch the containers mentioned above. - -* Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml). +The folder `build-docker-images` contains a README explaining how to build the Wazuh images and the necessary assets. +The folder `indexer-certs-creator` contains a README explaining how to create the certificates creator tool and the necessary assets. +The folder `single-node` contains a README explaining how to run a Wazuh environment with one Wazuh manager, one Wazuh indexer, and one Wazuh dashboard. +The folder `multi-node` contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexer, and one Wazuh dashboard. ## Documentation @@ -39,16 +40,16 @@ API_USERNAME="wazuh" # Wazuh API username API_PASSWORD="wazuh" # Wazuh API password - Must comply with requirements # (8+ length, uppercase, lowercase, specials chars) -ELASTICSEARCH_URL=https://elasticsearch:9200 # Elasticsearch URL -ELASTIC_USERNAME=admin # Elasticsearch Username -ELASTIC_PASSWORD=admin # Elasticsearch Password +INDEXER_URL=https://wazuh.indexer:9200 # Wazuh indexer URL +INDEXER_USERNAME=admin # Wazuh indexer Username +INDEXER_PASSWORD=admin # Wazuh indexer Password FILEBEAT_SSL_VERIFICATION_MODE=full # Filebeat SSL Verification mode (full or none) SSL_CERTIFICATE_AUTHORITIES="" # Path of Filebeat SSL CA SSL_CERTIFICATE="" # Path of Filebeat SSL Certificate SSL_KEY="" # Path of Filebeat SSL Key ``` -### Kibana +### Dashboard ``` PATTERN="wazuh-alerts-*" # Default index pattern to use @@ -81,66 +82,105 @@ WAZUH_MONITORING_ENABLED=true # Custom settings to enable/disable wazuh-mo WAZUH_MONITORING_FREQUENCY=900 # Custom setting to set the frequency for wazuh-monitoring indices cron task WAZUH_MONITORING_SHARDS=2 # Configure wazuh-monitoring-* indices shards and replicas WAZUH_MONITORING_REPLICAS=0 # - -ADMIN_PRIVILEGES=true # App privileges ``` ## Directory structure + ├── build-docker-images + │   ├── docker-compose.yml + │   ├── wazuh-dashboard + │   │   ├── config + │   │   │   ├── config.sh + │   │   │   ├── config.yml + │   │   │   ├── entrypoint.sh + │   │   │   ├── opensearch_dashboards.yml + │   │   │   ├── wazuh_app_config.sh + │   │   │   └── wazuh.yml + │   │   └── Dockerfile + │   ├── wazuh-indexer + │   │   ├── config + │   │   │   ├── config.sh + │   │   │   ├── config.yml + │   │   │   ├── entrypoint.sh + │   │   │   ├── internal_users.yml + │   │   │   ├── opensearch.yml + │   │   │   ├── roles_mapping.yml + │   │   │   ├── roles.yml + │   │   │   └── securityadmin.sh + │   │   └── Dockerfile + │   └── wazuh-manager + │   ├── config + │   │   ├── create_user.py + │   │   ├── etc + │   │   │   ├── cont-init.d + │   │   │   │   ├── 0-wazuh-init + │   │   │   │   ├── 1-config-filebeat + │   │   │   │   └── 2-manager + │   │   │   └── services.d + │   │   │   ├── filebeat + │   │   │   │   ├── finish + │   │   │   │   └── run + │   │   │   └── ossec-logs + │   │   │   └── run + │   │   ├── filebeat.yml + │   │   ├── permanent_data.env + │   │   ├── permanent_data.sh + │   │   └── wazuh.repo + │   └── Dockerfile ├── CHANGELOG.md - ├── docker-compose.yml - ├── generate-opendistro-certs.yml - ├── kibana-odfe + ├── indexer-certs-creator │   ├── config - │   │   ├── custom_welcome - │   │   │   ├── light_theme.style.css - │   │   │   ├── template.js.hbs - │   │   │   ├── wazuh_logo_circle.svg - │   │   │   └── wazuh_wazuh_bg.svg - │   │   ├── entrypoint.sh - │   │   ├── kibana_settings.sh - │   │   ├── wazuh_app_config.sh - │   │   ├── wazuh.yml - │   │   └── welcome_wazuh.sh + │   │   └── entrypoint.sh │   └── Dockerfile ├── LICENSE - ├── production_cluster - │   ├── elastic_opendistro - │   │   ├── elasticsearch-node1.yml - │   │   ├── elasticsearch-node2.yml - │   │   ├── elasticsearch-node3.yml - │   │   └── internal_users.yml - │   ├── kibana_ssl - │   │   └── generate-self-signed-cert.sh - │   ├── nginx - │   │   ├── nginx.conf - │   │   └── ssl - │   │   └── generate-self-signed-cert.sh - │   ├── ssl_certs - │   │   └── certs.yml - │   └── wazuh_cluster - │   ├── wazuh_manager.conf - │   └── wazuh_worker.conf - ├── production-cluster.yml + ├── multi-node + │   ├── config + │   │   ├── nginx + │   │   │   └── nginx.conf + │   │   ├── wazuh_cluster + │   │   │   ├── wazuh_manager.conf + │   │   │   └── wazuh_worker.conf + │   │   ├── wazuh_dashboard + │   │   │   ├── opensearch_dashboards.yml + │   │   │   └── wazuh.yml + │   │   ├── wazuh_indexer + │   │   │   ├── internal_users.yml + │   │   │   ├── wazuh1.indexer.yml + │   │   │   ├── wazuh2.indexer.yml + │   │   │   └── wazuh3.indexer.yml + │   │   └── wazuh_indexer_ssl_certs + │   │   └── certs.yml + │   ├── docker-compose.yml + │   ├── generate-indexer-certs.yml + │   ├── Migration-to-Wazuh-4.3.md + │   └── volume-migrator.sh ├── README.md - ├── VERSION - └── wazuh-odfe - ├── config - │   ├── create_user.py - │   ├── etc - │   │   ├── cont-init.d - │   │   │   ├── 0-wazuh-init - │   │   │   ├── 1-config-filebeat - │   │   │   └── 2-manager - │   │   └── services.d - │   │   └── filebeat - │   │   ├── finish - │   │   └── run - │   ├── filebeat.yml - │   ├── permanent_data.env - │   ├── permanent_data.sh - │   └── wazuh.repo - └── Dockerfile + ├── single-node + │   ├── config + │   │   ├── wazuh_cluster + │   │   │   └── wazuh_manager.conf + │   │   ├── wazuh_dashboard + │   │   │   ├── opensearch_dashboards.yml + │   │   │   └── wazuh.yml + │   │   ├── wazuh_indexer + │   │   │   ├── internal_users.yml + │   │   │   └── wazuh.indexer.yml + │   │   └── wazuh_indexer_ssl_certs + │   │   ├── admin-key.pem + │   │   ├── admin.pem + │   │   ├── certs.yml + │   │   ├── root-ca.key + │   │   ├── root-ca.pem + │   │   ├── wazuh.dashboard-key.pem + │   │   ├── wazuh.dashboard.pem + │   │   ├── wazuh.indexer-key.pem + │   │   ├── wazuh.indexer.pem + │   │   ├── wazuh.manager-key.pem + │   │   └── wazuh.manager.pem + │   ├── docker-compose.yml + │   ├── generate-indexer-certs.yml + │   └── README.md + └── VERSION @@ -154,6 +194,7 @@ ADMIN_PRIVILEGES=true # App privileges | Wazuh version | ODFE | XPACK | |---------------|---------|--------| | v4.4.0 | | | +| v4.3.1 | | | | v4.3.0 | | | | v4.2.6 | 1.13.2 | 7.11.2 | | v4.2.5 | 1.13.2 | 7.11.2 | diff --git a/build-docker-images/README.md b/build-docker-images/README.md new file mode 100644 index 00000000..9860d8b0 --- /dev/null +++ b/build-docker-images/README.md @@ -0,0 +1,7 @@ +# Wazuh Docker Image Builder + +This stack allows you to build the Wazuh manager, indexer, and dashboard images locally by running the command: + +``` +$ docker-compose build +``` \ No newline at end of file diff --git a/build-docker-images/docker-compose.yml b/build-docker-images/docker-compose.yml new file mode 100644 index 00000000..1e4f0c84 --- /dev/null +++ b/build-docker-images/docker-compose.yml @@ -0,0 +1,79 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3.7' + +services: + wazuh.manager: + build: wazuh-manager/ + image: wazuh/wazuh-manager:4.4.0 + hostname: wazuh.manager + restart: always + ports: + - "1514:1514" + - "1515:1515" + - "514:514/udp" + - "55000:55000" + environment: + - INDEXER_URL=https://wazuh.indexer:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=admin + - FILEBEAT_SSL_VERIFICATION_MODE=none + volumes: + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles + - filebeat_etc:/etc/filebeat + - filebeat_var:/var/lib/filebeat + + wazuh.indexer: + build: wazuh-indexer/ + image: wazuh/wazuh-indexer:4.4.0 + hostname: wazuh.indexer + restart: always + ports: + - "9200:9200" + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + + wazuh.dashboard: + build: wazuh-dashboard/ + image: wazuh/wazuh-dashboard:4.4.0 + hostname: wazuh.dashboard + restart: always + ports: + - 443:443 + environment: + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=admin + - SERVER_SSL_ENABLED=false + - WAZUH_API_URL=https://wazuh.manager + depends_on: + - wazuh.indexer + links: + - wazuh.indexer:wazuh.indexer + - wazuh.manager:wazuh.manager + +volumes: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_integrations: + wazuh_active_response: + wazuh_agentless: + wazuh_wodles: + filebeat_etc: + filebeat_var: diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile new file mode 100644 index 00000000..19bd110d --- /dev/null +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -0,0 +1,109 @@ +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) +FROM ubuntu:focal AS builder + +ARG WAZUH_VERSION=4.4.0 +ARG INSTALL_DIR=/usr/share/wazuh-dashboard + +# Update and install dependencies +RUN apt-get update && apt install curl libcap2-bin xz-utils -y + +# Create Install dir +RUN mkdir -p $INSTALL_DIR + +# Download and extract Wazuh dashboard base +RUN curl -o wazuh-dashboard-base.tar.xz https://packages.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-linux-x64.tar.xz && \ + tar -xf wazuh-dashboard-base.tar.xz --directory $INSTALL_DIR --strip-components=1 + +# Generate certificates +COPY config/config.sh . +COPY config/config.yml / +RUN bash config.sh + +# Install Wazuh App +RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}.zip --allow-root + +# Copy and set permissions to config files +COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/ +COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ +RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml + +# Create and set permissions to data directories +RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh +RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config +RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs + +################################################################################ +# Build stage 1 (the current Wazuh dashboard image): +# +# Copy wazuh-dashboard from stage 0 +# Add entrypoint +# Add wazuh_app_config +################################################################################ +FROM ubuntu:focal + +# Set environment variables +ENV USER="wazuh-dashboard" \ + GROUP="wazuh-dashboard" \ + NAME="wazuh-dashboard" \ + INSTALL_DIR="/usr/share/wazuh-dashboard" + +# Set Wazuh app variables +ENV PATTERN="" \ + CHECKS_PATTERN="" \ + CHECKS_TEMPLATE="" \ + CHECKS_API="" \ + CHECKS_SETUP="" \ + EXTENSIONS_PCI="" \ + EXTENSIONS_GDPR="" \ + EXTENSIONS_HIPAA="" \ + EXTENSIONS_NIST="" \ + EXTENSIONS_TSC="" \ + EXTENSIONS_AUDIT="" \ + EXTENSIONS_OSCAP="" \ + EXTENSIONS_CISCAT="" \ + EXTENSIONS_AWS="" \ + EXTENSIONS_GCP="" \ + EXTENSIONS_VIRUSTOTAL="" \ + EXTENSIONS_OSQUERY="" \ + EXTENSIONS_DOCKER="" \ + APP_TIMEOUT="" \ + API_SELECTOR="" \ + IP_SELECTOR="" \ + IP_IGNORE="" \ + WAZUH_MONITORING_ENABLED="" \ + WAZUH_MONITORING_FREQUENCY="" \ + WAZUH_MONITORING_SHARDS="" \ + WAZUH_MONITORING_REPLICAS="" + +# Install dependencies +RUN apt update && apt install -y libnss3-dev fonts-liberation libfontconfig1 + +# Create wazuh-dashboard user and group +RUN getent group $GROUP || groupadd -r -g 1000 $GROUP +RUN useradd --system \ + --uid 1000 \ + --no-create-home \ + --home-dir $INSTALL_DIR \ + --gid $GROUP \ + --shell /sbin/nologin \ + --comment "$USER user" \ + $USER + +# Copy and set permissions to scripts +COPY config/entrypoint.sh / +COPY config/wazuh_app_config.sh / +RUN chmod 700 /entrypoint.sh +RUN chmod 700 /wazuh_app_config.sh +RUN chown 1000:1000 /*.sh + +# Copy Install dir from builder to current image +COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR + +# Set workdir and user +WORKDIR $INSTALL_DIR +USER wazuh-dashboard + +# Services ports +EXPOSE 443 + +ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh new file mode 100644 index 00000000..ef068df4 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -0,0 +1,42 @@ +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) +# This has to be exported to make some magic below work. +export DH_OPTIONS + +export NAME=wazuh-dashboard +export TARGET_DIR=${CURDIR}/debian/${NAME} +export INSTALLATION_DIR=/usr/share/${NAME} +export CONFIG_DIR=${INSTALLATION_DIR}/config + +## Variables +CERT_TOOL=wazuh-certs-tool.sh +PACKAGES_URL=https://packages.wazuh.com/4.4/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/ + +## Check if the cert tool exists in S3 buckets +CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') +CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') + +## If cert tool exists in some bucket, download it, if not exit 1 +if [ "$CERT_TOOL_PACKAGES" = "200" ]; then + curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL + echo "Cert tool exists in Packages bucket" +elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then + curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL + echo "Cert tool exists in Packages-dev bucket" +else + echo "Cert tool does not exist in any bucket" + exit 1 +fi + +chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A + +# Create certs directory +mkdir -p ${CONFIG_DIR}/certs + +# Copy Wazuh dashboard certs to install config dir +cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem +cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem +cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem + +chmod -R 500 ${CONFIG_DIR}/certs +chmod -R 400 ${CONFIG_DIR}/certs/* \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/config.yml b/build-docker-images/wazuh-dashboard/config/config.yml new file mode 100644 index 00000000..24764d54 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/config.yml @@ -0,0 +1,5 @@ +nodes: + # Wazuh dashboard server nodes + dashboard: + - name: demo.dashboard + ip: demo.dashboard \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh new file mode 100644 index 00000000..6d6b1932 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/bash +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) + +INSTALL_DIR=/usr/share/wazuh-dashboard +DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}" +DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}" + +# Create and configure Wazuh dashboard keystore + +$INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \ +echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \ +echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root + +############################################################################## +# Start Wazuh dashboard +############################################################################## + +/wazuh_app_config.sh + +/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml b/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml new file mode 100644 index 00000000..994b83e2 --- /dev/null +++ b/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml @@ -0,0 +1,13 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh.indexer:9200 +opensearch.ssl.verificationMode: none +opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +server.ssl.enabled: true +server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem" +server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"] +uiSettings.overrides.defaultRoute: /app/wazuh + diff --git a/kibana-odfe/config/wazuh.yml b/build-docker-images/wazuh-dashboard/config/wazuh.yml similarity index 96% rename from kibana-odfe/config/wazuh.yml rename to build-docker-images/wazuh-dashboard/config/wazuh.yml index 3b074c61..2c5649d7 100644 --- a/kibana-odfe/config/wazuh.yml +++ b/build-docker-images/wazuh-dashboard/config/wazuh.yml @@ -77,12 +77,6 @@ # List of index patterns to be ignored #ip.ignore: [] # -# -------------------------------- X-Pack RBAC --------------------------------- -# -# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. -# Default: enabled -#xpack.rbac.enabled: true -# # ------------------------------ wazuh-monitoring ------------------------------ # # Custom setting to enable/disable wazuh-monitoring indices. @@ -159,4 +153,3 @@ # port: # username: # password: - diff --git a/kibana/config/wazuh_app_config.sh b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh similarity index 78% rename from kibana/config/wazuh_app_config.sh rename to build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh index fddf93b4..3b5f2f5d 100644 --- a/kibana/config/wazuh_app_config.sh +++ b/build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh @@ -5,8 +5,9 @@ wazuh_url="${WAZUH_API_URL:-https://wazuh}" wazuh_port="${API_PORT:-55000}" api_username="${API_USERNAME:-wazuh-wui}" api_password="${API_PASSWORD:-wazuh-wui}" +api_run_as="${RUN_AS:-false}" -kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml" +dashboard_config_file="/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" declare -A CONFIG_MAP=( [pattern]=$PATTERN @@ -35,30 +36,30 @@ declare -A CONFIG_MAP=( [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS - [admin]=$ADMIN_PRIVILEGES ) for i in "${!CONFIG_MAP[@]}" do if [ "${CONFIG_MAP[$i]}" != "" ]; then - sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file + sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $dashboard_config_file fi done -CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013) -grep -q 1513629884013 $kibana_config_file +grep -q 1513629884013 $dashboard_config_file _config_exists=$? -if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then -cat << EOF >> $kibana_config_file +if [[ $_config_exists -ne 0 ]]; then +cat << EOF >> $dashboard_config_file hosts: - 1513629884013: url: $wazuh_url port: $wazuh_port username: $api_username password: $api_password + run_as: $api_run_as EOF else echo "Wazuh APP already configured" fi + diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile new file mode 100644 index 00000000..e4c61e2a --- /dev/null +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -0,0 +1,75 @@ +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) +FROM ubuntu:focal AS builder + +RUN apt-get update -y && apt-get install curl openssl xz-utils -y + +COPY config/opensearch.yml / + +COPY config/config.sh . + +COPY config/config.yml / + +COPY config/internal_users.yml / + +COPY config/roles_mapping.yml / + +COPY config/roles.yml / + +RUN bash config.sh + +################################################################################ +# Build stage 1 (the actual Wazuh indexer image): +# +# Copy wazuh-indexer from stage 0 +# Add entrypoint +################################################################################ +FROM ubuntu:focal + +ENV USER="wazuh-indexer" \ + GROUP="wazuh-indexer" \ + NAME="wazuh-indexer" \ + INSTALL_DIR="/usr/share/wazuh-indexer" + +RUN getent group $GROUP || groupadd -r -g 1000 $GROUP + +RUN useradd --system \ + --uid 1000 \ + --no-create-home \ + --home-dir $INSTALL_DIR \ + --gid $GROUP \ + --shell /sbin/nologin \ + --comment "$USER user" \ + $USER + +WORKDIR $INSTALL_DIR + +COPY config/entrypoint.sh / + +COPY config/securityadmin.sh / + +RUN chmod 700 /entrypoint.sh && chmod 700 /securityadmin.sh + +RUN chown 1000:1000 /*.sh + +COPY --from=builder --chown=1000:1000 /debian/wazuh-indexer/usr/share/wazuh-indexer /usr/share/wazuh-indexer +COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/systemd /usr/lib/systemd +COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/sysctl.d /usr/lib/sysctl.d +COPY --from=builder --chown=0:0 /debian/wazuh-indexer/usr/lib/tmpfiles.d /usr/lib/tmpfiles.d + + +RUN mkdir -p /var/lib/wazuh-indexer && chown 1000:1000 /var/lib/wazuh-indexer && \ + mkdir -p /usr/share/wazuh-indexer/logs && chown 1000:1000 /usr/share/wazuh-indexer/logs && \ + mkdir -p /run/wazuh-indexer && chown 1000:1000 /run/wazuh-indexer && \ + mkdir -p /var/log/wazuh-indexer && chown 1000:1000 /var/log/wazuh-indexer && \ + chmod 700 /usr/share/wazuh-indexer/config && \ + chmod 600 /usr/share/wazuh-indexer/config/jvm.options && \ + chmod 600 /usr/share/wazuh-indexer/config/opensearch.yml + +USER wazuh-indexer + +# Services ports +EXPOSE 9200 + +ENTRYPOINT ["/entrypoint.sh"] +# Dummy overridable parameter parsed by entrypoint +CMD ["opensearchwrapper"] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh new file mode 100644 index 00000000..a4a7cac5 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -0,0 +1,110 @@ +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) +# This has to be exported to make some magic below work. +export DH_OPTIONS + +export NAME=wazuh-indexer +export TARGET_DIR=${CURDIR}/debian/${NAME} + +# Package build options +export USER=${NAME} +export GROUP=${NAME} +export VERSION=4.4.0 +export LOG_DIR=/var/log/${NAME} +export LIB_DIR=/var/lib/${NAME} +export PID_DIR=/run/${NAME} +export INSTALLATION_DIR=/usr/share/${NAME} +export CONFIG_DIR=${INSTALLATION_DIR}/config +export BASE_DIR=${NAME}-* +export INDEXER_FILE=wazuh-indexer-base.tar.xz +export BASE_FILE=wazuh-indexer-base-${VERSION}-linux-x64.tar.xz +export REPO_DIR=/unattended_installer + + +rm -rf ${INSTALLATION_DIR}/ + +curl -o ${INDEXER_FILE} https://packages.wazuh.com/stack/indexer/base/${BASE_FILE} +tar -xf ${INDEXER_FILE} + +## TOOLS + +## Variables +CERT_TOOL=wazuh-certs-tool.sh +PASSWORD_TOOL=wazuh-passwords-tool.sh +PACKAGES_URL=https://packages.wazuh.com/4.4/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/ + +## Check if the cert tool exists in S3 buckets +CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') +CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') + +## If cert tool exists in some bucket, download it, if not exit 1 +if [ "$CERT_TOOL_PACKAGES" = "200" ]; then + curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL + echo "Cert tool exists in Packages bucket" +elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then + curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL + echo "Cert tool exists in Packages-dev bucket" +else + echo "Cert tool does not exist in any bucket" + exit 1 +fi + + +## Check if the password tool exists in S3 buckets +PASSWORD_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk '{print $2}') +PASSWORD_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$PASSWORD_TOOL | grep -E "^HTTP" | awk '{print $2}') + +## If password tool exists in some bucket, download it, if not exit 1 +if [ "$PASSWORD_TOOL_PACKAGES" = "200" ]; then + curl -o $PASSWORD_TOOL $PACKAGES_URL$PASSWORD_TOOL + echo "Password tool exists in Packages bucket" +elif [ "$PASSWORD_TOOL_PACKAGES_DEV" = "200" ]; then + curl -o $PASSWORD_TOOL $PACKAGES_DEV_URL$PASSWORD_TOOL + echo "Password tool exists in Packages-dev bucket" +else + echo "Password tool does not exist in any bucket" + exit 1 +fi + +chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A + +# copy to target +mkdir -p ${TARGET_DIR}${INSTALLATION_DIR} +mkdir -p ${TARGET_DIR}${CONFIG_DIR} +mkdir -p ${TARGET_DIR}${LIB_DIR} +mkdir -p ${TARGET_DIR}${LOG_DIR} +mkdir -p ${TARGET_DIR}/etc/init.d +mkdir -p ${TARGET_DIR}/etc/default +mkdir -p ${TARGET_DIR}/usr/lib/tmpfiles.d +mkdir -p ${TARGET_DIR}/usr/lib/sysctl.d +mkdir -p ${TARGET_DIR}/usr/lib/systemd/system +mkdir -p ${TARGET_DIR}${CONFIG_DIR}/certs +# Move configuration files for wazuh-indexer +mv -f ${BASE_DIR}/etc/init.d/${NAME} ${TARGET_DIR}/etc/init.d/${NAME} +mv -f ${BASE_DIR}/etc/wazuh-indexer/* ${TARGET_DIR}${CONFIG_DIR} +mv -f ${BASE_DIR}/etc/sysconfig/${NAME} ${TARGET_DIR}/etc/default/ +mv -f ${BASE_DIR}/usr/lib/tmpfiles.d/* ${TARGET_DIR}/usr/lib/tmpfiles.d/ +mv -f ${BASE_DIR}/usr/lib/sysctl.d/* ${TARGET_DIR}/usr/lib/sysctl.d/ +mv -f ${BASE_DIR}/usr/lib/systemd/system/* ${TARGET_DIR}/usr/lib/systemd/system/ +rm -rf ${BASE_DIR}/etc +rm -rf ${BASE_DIR}/usr +# Copy installation files to final location +cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR} +# Copy the security tools +cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ +cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ +# Copy Wazuh's config files for the security plugin +cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/ +cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/ +cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/securityconfig/ +cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} +# Copy Wazuh indexer's certificates +cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem +cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem +cp -pr /wazuh-certificates/root-ca.key ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.key +cp -pr /wazuh-certificates/root-ca.pem ${TARGET_DIR}${CONFIG_DIR}/certs/root-ca.pem +cp -pr /wazuh-certificates/admin.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin.pem +cp -pr /wazuh-certificates/admin-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/admin-key.pem + +chmod -R 500 ${TARGET_DIR}${CONFIG_DIR}/certs +chmod -R 400 ${TARGET_DIR}${CONFIG_DIR}/certs/* \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.yml b/build-docker-images/wazuh-indexer/config/config.yml new file mode 100644 index 00000000..e5383c7c --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/config.yml @@ -0,0 +1,5 @@ +nodes: + # Wazuh indexer server nodes + indexer: + - name: demo.indexer + ip: demo.indexer \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh new file mode 100644 index 00000000..084573fc --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) +set -e + +umask 0002 + +export USER=wazuh-indexer +export INSTALLATION_DIR=/usr/share/wazuh-indexer +export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config +export JAVA_HOME=${INSTALLATION_DIR}/jdk +export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) +export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) +export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" +export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" + +run_as_other_user_if_needed() { + if [[ "$(id -u)" == "0" ]]; then + # If running as root, drop to specified UID and run command + exec chroot --userspec=1000:0 / "${@}" + else + # Either we are running in Openshift with random uid and are a member of the root group + # or with a custom --user + exec "${@}" + fi +} + +# Allow user specify custom CMD, maybe bin/opensearch itself +# for example to directly specify `-E` style parameters for opensearch on k8s +# or simply to run /bin/bash to check the image +if [[ "$1" != "opensearchwrapper" ]]; then + if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then + # Rewrite CMD args to replace $1 with `opensearch` explicitly, + # Without this, user could specify `opensearch -E x.y=z` but + # `bin/opensearch -E x.y=z` would not work. + set -- "opensearch" "${@:2}" + # Use chroot to switch to UID 1000 / GID 0 + exec chroot --userspec=1000:0 / "$@" + else + # User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?) + exec "$@" + fi +fi + +# Allow environment variables to be set by creating a file with the +# contents, and setting an environment variable with the suffix _FILE to +# point to it. This can be used to provide secrets to a container, without +# the values being specified explicitly when running the container. +# +# This is also sourced in opensearch-env, and is only needed here +# as well because we use INDEXER_PASSWORD below. Sourcing this script +# is idempotent. +source /usr/share/wazuh-indexer/bin/opensearch-env-from-file + +if [[ -f bin/opensearch-users ]]; then + # Check for the INDEXER_PASSWORD environment variable to set the + # bootstrap password for Security. + # + # This is only required for the first node in a cluster with Security + # enabled, but we have no way of knowing which node we are yet. We'll just + # honor the variable if it's present. + if [[ -n "$INDEXER_PASSWORD" ]]; then + [[ -f /usr/share/wazuh-indexer/config/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create) + if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then + # keystore is unencrypted + if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then + (run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password') + fi + else + # keystore requires password + if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \ + | opensearch-keystore list | grep -q '^bootstrap.password$') ; then + COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")" + (run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password') + fi + fi + fi +fi + +if [[ "$(id -u)" == "0" ]]; then + # If requested and running as root, mutate the ownership of bind-mounts + if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then + chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs} + fi +fi + + +if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then + # run securityadmin.sh for single node with CACERT, CERT and KEY parameter + nohup /securityadmin.sh & + touch "/var/lib/wazuh-indexer/.flag" +fi + +run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/internal_users.yml b/build-docker-images/wazuh-indexer/config/internal_users.yml new file mode 100644 index 00000000..40fcb9cd --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/internal_users.yml @@ -0,0 +1,74 @@ +--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +_meta: + type: "internalusers" + config_version: 2 + +# Define your internal users here + +## Demo users + +admin: + hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" + reserved: true + backend_roles: + - "admin" + description: "Demo admin user" + +kibanaserver: + hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." + reserved: true + description: "Demo kibanaserver user" + +kibanaro: + hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" + reserved: false + backend_roles: + - "kibanauser" + - "readall" + attributes: + attribute1: "value1" + attribute2: "value2" + attribute3: "value3" + description: "Demo kibanaro user" + +logstash: + hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" + reserved: false + backend_roles: + - "logstash" + description: "Demo logstash user" + +readall: + hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" + reserved: false + backend_roles: + - "readall" + description: "Demo readall user" + +snapshotrestore: + hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" + reserved: false + backend_roles: + - "snapshotrestore" + description: "Demo snapshotrestore user" + +wazuh_admin: + hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu" + reserved: true + hidden: false + backend_roles: [] + attributes: {} + opendistro_security_roles: [] + static: false + +wazuh_user: + hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO" + reserved: true + hidden: false + backend_roles: [] + attributes: {} + opendistro_security_roles: [] + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/opensearch.yml b/build-docker-images/wazuh-indexer/config/opensearch.yml new file mode 100644 index 00000000..4e944c89 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/opensearch.yml @@ -0,0 +1,26 @@ +network.host: "0.0.0.0" +node.name: "wazuh.indexer" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +discovery.type: single-node +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/indexer-key.pem +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml new file mode 100644 index 00000000..ed47beae --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/roles.yml @@ -0,0 +1,163 @@ +_meta: + type: "roles" + config_version: 2 + +# Restrict users so they can only view visualization and dashboards on kibana +kibana_read_only: + reserved: true + +# The security REST API access role is used to assign specific users access to change the security settings through the REST API. +security_rest_api_access: + reserved: true + +# Allows users to view monitors, destinations and alerts +alerting_read_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/alerting/alerts/get' + - 'cluster:admin/opendistro/alerting/destination/get' + - 'cluster:admin/opendistro/alerting/monitor/get' + - 'cluster:admin/opendistro/alerting/monitor/search' + +# Allows users to view and acknowledge alerts +alerting_ack_alerts: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/alerting/alerts/*' + +# Allows users to use all alerting functionality +alerting_full_access: + reserved: true + cluster_permissions: + - 'cluster_monitor' + - 'cluster:admin/opendistro/alerting/*' + index_permissions: + - index_patterns: + - '*' + allowed_actions: + - 'indices_monitor' + - 'indices:admin/aliases/get' + - 'indices:admin/mappings/get' + +# Allow users to read Anomaly Detection detectors and results +anomaly_read_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/ad/detector/info' + - 'cluster:admin/opendistro/ad/detector/search' + - 'cluster:admin/opendistro/ad/detectors/get' + - 'cluster:admin/opendistro/ad/result/search' + - 'cluster:admin/opendistro/ad/tasks/search' + +# Allows users to use all Anomaly Detection functionality +anomaly_full_access: + reserved: true + cluster_permissions: + - 'cluster_monitor' + - 'cluster:admin/opendistro/ad/*' + index_permissions: + - index_patterns: + - '*' + allowed_actions: + - 'indices_monitor' + - 'indices:admin/aliases/get' + - 'indices:admin/mappings/get' + +# Allows users to read Notebooks +notebooks_read_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/notebooks/list' + - 'cluster:admin/opendistro/notebooks/get' + +# Allows users to all Notebooks functionality +notebooks_full_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/notebooks/create' + - 'cluster:admin/opendistro/notebooks/update' + - 'cluster:admin/opendistro/notebooks/delete' + - 'cluster:admin/opendistro/notebooks/get' + - 'cluster:admin/opendistro/notebooks/list' + +# Allows users to read and download Reports +reports_instances_read_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/reports/instance/list' + - 'cluster:admin/opendistro/reports/instance/get' + - 'cluster:admin/opendistro/reports/menu/download' + +# Allows users to read and download Reports and Report-definitions +reports_read_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/reports/definition/get' + - 'cluster:admin/opendistro/reports/definition/list' + - 'cluster:admin/opendistro/reports/instance/list' + - 'cluster:admin/opendistro/reports/instance/get' + - 'cluster:admin/opendistro/reports/menu/download' + +# Allows users to all Reports functionality +reports_full_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/reports/definition/create' + - 'cluster:admin/opendistro/reports/definition/update' + - 'cluster:admin/opendistro/reports/definition/on_demand' + - 'cluster:admin/opendistro/reports/definition/delete' + - 'cluster:admin/opendistro/reports/definition/get' + - 'cluster:admin/opendistro/reports/definition/list' + - 'cluster:admin/opendistro/reports/instance/list' + - 'cluster:admin/opendistro/reports/instance/get' + - 'cluster:admin/opendistro/reports/menu/download' + +# Allows users to use all asynchronous-search functionality +asynchronous_search_full_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/asynchronous_search/*' + index_permissions: + - index_patterns: + - '*' + allowed_actions: + - 'indices:data/read/search*' + +# Allows users to read stored asynchronous-search results +asynchronous_search_read_access: + reserved: true + cluster_permissions: + - 'cluster:admin/opendistro/asynchronous_search/get' + +wazuh_ui_user: + reserved: true + hidden: false + cluster_permissions: [] + index_permissions: + - index_patterns: + - "wazuh-*" + dls: "" + fls: [] + masked_fields: [] + allowed_actions: + - "read" + tenant_permissions: [] + static: false + +wazuh_ui_admin: + reserved: true + hidden: false + cluster_permissions: [] + index_permissions: + - index_patterns: + - "wazuh-*" + dls: "" + fls: [] + masked_fields: [] + allowed_actions: + - "read" + - "delete" + - "manage" + - "index" + tenant_permissions: [] + static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml new file mode 100644 index 00000000..6f893132 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/roles_mapping.yml @@ -0,0 +1,71 @@ +--- +# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles. +# Permissions for Wazuh indexer roles are configured in roles.yml + +_meta: + type: "rolesmapping" + config_version: 2 + +# Define your roles mapping here + +## Demo roles mapping + +all_access: + reserved: false + backend_roles: + - "admin" + description: "Maps admin to all_access" + +own_index: + reserved: false + users: + - "*" + description: "Allow full access to an index named like the username" + +logstash: + reserved: false + backend_roles: + - "logstash" + +kibana_user: + reserved: false + backend_roles: + - "kibanauser" + users: + - "wazuh_user" + - "wazuh_admin" + description: "Maps kibanauser to kibana_user" + +readall: + reserved: false + backend_roles: + - "readall" + +manage_snapshots: + reserved: false + backend_roles: + - "snapshotrestore" + +kibana_server: + reserved: true + users: + - "kibanaserver" + +wazuh_ui_admin: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - "wazuh_admin" + - "kibanaserver" + and_backend_roles: [] + +wazuh_ui_user: + reserved: true + hidden: false + backend_roles: [] + hosts: [] + users: + - "wazuh_user" + and_backend_roles: [] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/securityadmin.sh b/build-docker-images/wazuh-indexer/config/securityadmin.sh new file mode 100644 index 00000000..f9a5bb10 --- /dev/null +++ b/build-docker-images/wazuh-indexer/config/securityadmin.sh @@ -0,0 +1,3 @@ +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) +sleep 30 +bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/ -nhnv -cacert $CACERT -cert $CERT -key $KEY -p 9300 -icl \ No newline at end of file diff --git a/wazuh-odfe/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile similarity index 66% rename from wazuh-odfe/Dockerfile rename to build-docker-images/wazuh-manager/Dockerfile index 051c520c..65b05578 100644 --- a/wazuh-odfe/Dockerfile +++ b/build-docker-images/wazuh-manager/Dockerfile @@ -1,27 +1,22 @@ # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) -FROM centos:7 +FROM ubuntu:focal +ARG WAZUH_VERSION=4.4.0 +ARG TEMPLATE_VERSION=4.4 ARG FILEBEAT_CHANNEL=filebeat-oss ARG FILEBEAT_VERSION=7.10.2 -ARG WAZUH_VERSION=4.4.0-1 -ARG TEMPLATE_VERSION="master" ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz" -# Set repositories. -RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH +RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y -COPY config/wazuh.repo /etc/yum.repos.d/wazuh.repo +RUN apt-key adv --fetch-keys https://packages.wazuh.com/key/GPG-KEY-WAZUH && \ + echo "deb https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list && \ + apt-get update && \ + apt-get install wazuh-manager=${WAZUH_VERSION}-1 -RUN yum --enablerepo=updates clean metadata && \ - yum upgrade -y && \ - yum -y install openssl which expect openssh-clients && yum -y install wazuh-manager-${WAZUH_VERSION} -y && \ - sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \ - yum clean all && rm -rf /var/cache/yum - -RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\ - rpm -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm - -RUN curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module +RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\ + dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \ + curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss @@ -32,6 +27,9 @@ RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releas tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \ rm /tmp/s6-overlay-amd64.tar.gz +COPY config/etc/ /etc/ +COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py + COPY config/filebeat.yml /etc/filebeat/ RUN chmod go-w /etc/filebeat/filebeat.yml @@ -39,11 +37,9 @@ RUN chmod go-w /etc/filebeat/filebeat.yml ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat RUN chmod go-w /etc/filebeat/wazuh-template.json -COPY config/etc/ /etc/ -COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py - # Prepare permanent data # Sync calls are due to https://github.com/docker/docker/issues/9547 + COPY config/permanent_data.env config/permanent_data.sh / RUN chmod 755 /permanent_data.sh && \ sync && /permanent_data.sh && \ @@ -52,4 +48,4 @@ RUN chmod 755 /permanent_data.sh && \ # Services ports EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp -ENTRYPOINT [ "/init" ] +ENTRYPOINT [ "/init" ] \ No newline at end of file diff --git a/wazuh-odfe/config/create_user.py b/build-docker-images/wazuh-manager/config/create_user.py similarity index 96% rename from wazuh-odfe/config/create_user.py rename to build-docker-images/wazuh-manager/config/create_user.py index 40a1e04d..cc492398 100644 --- a/wazuh-odfe/config/create_user.py +++ b/build-docker-images/wazuh-manager/config/create_user.py @@ -13,6 +13,7 @@ SPECIAL_CHARS = "@$!%*?&-_" try: + from wazuh.rbac.orm import create_rbac_db from wazuh.security import ( create_user, get_users, @@ -66,6 +67,10 @@ if __name__ == "__main__": # abort if no user file detected sys.exit(0) username, password = read_user_file() + + # create RBAC database + create_rbac_db() + initial_users = db_users() if username not in initial_users: # create a new user diff --git a/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init similarity index 91% rename from wazuh-odfe/config/etc/cont-init.d/0-wazuh-init rename to build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init index e3c9ebfa..c0e2ffff 100644 --- a/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init @@ -41,12 +41,18 @@ exec_cmd_stdout() { mount_permanent_data() { for permanent_dir in "${PERMANENT_DATA[@]}"; do + data_tmp="${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/" + print ${data_tmp} # Check if the path is not empty if find ${permanent_dir} -mindepth 1 | read; then print "The path ${permanent_dir} is already mounted" else - print "Installing ${permanent_dir}" - exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/. ${permanent_dir}" + if find ${data_tmp} -mindepth 1 | read; then + print "Installing ${permanent_dir}" + exec_cmd "cp -a ${data_tmp}. ${permanent_dir}" + else + print "The path ${permanent_dir} is empty, skiped" + fi fi done } @@ -164,6 +170,15 @@ set_custom_cluster_key() { sed -i 's/to_be_replaced_by_cluster_key<\/key>/'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf } +############################################################################## +# Modify /var/ossec/queue/rids directory owner on +# container start. +############################################################################## + +set_rids_owner() { + chown -R wazuh:wazuh /var/ossec/queue/rids +} + ############################################################################## # Main function ############################################################################## @@ -202,6 +217,8 @@ main() { # Delete temporary data folder rm -rf ${WAZUH_INSTALL_PATH}/data_tmp + # Set rids directory owner + set_rids_owner } main diff --git a/wazuh-odfe/config/etc/cont-init.d/1-config-filebeat b/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat similarity index 78% rename from wazuh-odfe/config/etc/cont-init.d/1-config-filebeat rename to build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat index b77a550d..e475e357 100644 --- a/wazuh-odfe/config/etc/cont-init.d/1-config-filebeat +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat @@ -3,21 +3,21 @@ set -e -if [ "$ELASTICSEARCH_URL" != "" ]; then +if [ "$INDEXER_URL" != "" ]; then >&2 echo "Customize Elasticsearch ouput IP" - sed -i "s|hosts:.*|hosts: ['$ELASTICSEARCH_URL']|g" /etc/filebeat/filebeat.yml + sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml fi # Configure filebeat.yml security settings -if [ "$ELASTIC_USERNAME" != "" ]; then +if [ "$INDEXER_USERNAME" != "" ]; then >&2 echo "Configuring username." - sed -i "s|#username:.*|username: '$ELASTIC_USERNAME'|g" /etc/filebeat/filebeat.yml + sed -i "s|#username:.*|username: '$INDEXER_USERNAME'|g" /etc/filebeat/filebeat.yml fi -if [ "$ELASTIC_PASSWORD" != "" ]; then +if [ "$INDEXER_PASSWORD" != "" ]; then >&2 echo "Configuring password." - sed -i "s|#password:.*|password: '$ELASTIC_PASSWORD'|g" /etc/filebeat/filebeat.yml + sed -i "s|#password:.*|password: '$INDEXER_PASSWORD'|g" /etc/filebeat/filebeat.yml fi if [ "$FILEBEAT_SSL_VERIFICATION_MODE" != "" ]; then diff --git a/wazuh-odfe/config/etc/cont-init.d/2-manager b/build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager similarity index 100% rename from wazuh-odfe/config/etc/cont-init.d/2-manager rename to build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager diff --git a/wazuh-odfe/config/etc/services.d/filebeat/finish b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish similarity index 100% rename from wazuh-odfe/config/etc/services.d/filebeat/finish rename to build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish diff --git a/wazuh-odfe/config/etc/services.d/filebeat/run b/build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run similarity index 100% rename from wazuh-odfe/config/etc/services.d/filebeat/run rename to build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run diff --git a/wazuh-odfe/config/etc/services.d/ossec-logs/run b/build-docker-images/wazuh-manager/config/etc/services.d/ossec-logs/run similarity index 100% rename from wazuh-odfe/config/etc/services.d/ossec-logs/run rename to build-docker-images/wazuh-manager/config/etc/services.d/ossec-logs/run diff --git a/wazuh-odfe/config/filebeat.yml b/build-docker-images/wazuh-manager/config/filebeat.yml similarity index 92% rename from wazuh-odfe/config/filebeat.yml rename to build-docker-images/wazuh-manager/config/filebeat.yml index 8a627bf9..e9874fb4 100644 --- a/wazuh-odfe/config/filebeat.yml +++ b/build-docker-images/wazuh-manager/config/filebeat.yml @@ -13,7 +13,7 @@ setup.template.json.name: 'wazuh' setup.template.overwrite: true setup.ilm.enabled: false output.elasticsearch: - hosts: ['https://elasticsearch:9200'] + hosts: ['https://wazuh.indexer:9200'] #username: #password: #ssl.verification_mode: diff --git a/wazuh-odfe/config/permanent_data.env b/build-docker-images/wazuh-manager/config/permanent_data.env similarity index 98% rename from wazuh-odfe/config/permanent_data.env rename to build-docker-images/wazuh-manager/config/permanent_data.env index 34f646c3..0a3ebd35 100644 --- a/wazuh-odfe/config/permanent_data.env +++ b/build-docker-images/wazuh-manager/config/permanent_data.env @@ -59,7 +59,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py" -PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py" export PERMANENT_DATA_EXCP # Files mounted in a volume that should be deleted diff --git a/wazuh-odfe/config/permanent_data.sh b/build-docker-images/wazuh-manager/config/permanent_data.sh similarity index 100% rename from wazuh-odfe/config/permanent_data.sh rename to build-docker-images/wazuh-manager/config/permanent_data.sh diff --git a/build-from-sources.yml b/build-from-sources.yml deleted file mode 100644 index 637556e1..00000000 --- a/build-from-sources.yml +++ /dev/null @@ -1,84 +0,0 @@ -# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) -version: '3.7' - -services: - wazuh: - build: wazuh-odfe/ - image: wazuh/wazuh-odfe:dev-version - hostname: wazuh-manager - restart: always - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTIC_USERNAME=admin - - ELASTIC_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=none - volumes: - - ossec_api_configuration:/var/ossec/api/configuration - - ossec_etc:/var/ossec/etc - - ossec_logs:/var/ossec/logs - - ossec_queue:/var/ossec/queue - - ossec_var_multigroups:/var/ossec/var/multigroups - - ossec_integrations:/var/ossec/integrations - - ossec_active_response:/var/ossec/active-response/bin - - ossec_agentless:/var/ossec/agentless - - ossec_wodles:/var/ossec/wodles - - filebeat_etc:/etc/filebeat - - filebeat_var:/var/lib/filebeat - - elasticsearch: - image: amazon/opendistro-for-elasticsearch:1.13.2 - hostname: elasticsearch - restart: always - ports: - - "9200:9200" - environment: - - discovery.type=single-node - - cluster.name=wazuh-cluster - - network.host=0.0.0.0 - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - - kibana: - build: kibana-odfe/ - image: wazuh/wazuh-kibana-odfe:dev-version - hostname: kibana - restart: always - ports: - - 443:5601 - environment: - - ELASTICSEARCH_USERNAME=admin - - ELASTICSEARCH_PASSWORD=admin - - SERVER_SSL_ENABLED=true - - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert - - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key - - depends_on: - - elasticsearch - links: - - elasticsearch:elasticsearch - - wazuh:wazuh - -volumes: - ossec_api_configuration: - ossec_etc: - ossec_logs: - ossec_queue: - ossec_var_multigroups: - ossec_integrations: - ossec_active_response: - ossec_agentless: - ossec_wodles: - filebeat_etc: - filebeat_var: diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index e7ed2f7d..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,82 +0,0 @@ -# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) -version: '3.7' - -services: - wazuh: - image: wazuh/wazuh-odfe:4.4.0 - hostname: wazuh-manager - restart: always - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTIC_USERNAME=admin - - ELASTIC_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=none - volumes: - - ossec_api_configuration:/var/ossec/api/configuration - - ossec_etc:/var/ossec/etc - - ossec_logs:/var/ossec/logs - - ossec_queue:/var/ossec/queue - - ossec_var_multigroups:/var/ossec/var/multigroups - - ossec_integrations:/var/ossec/integrations - - ossec_active_response:/var/ossec/active-response/bin - - ossec_agentless:/var/ossec/agentless - - ossec_wodles:/var/ossec/wodles - - filebeat_etc:/etc/filebeat - - filebeat_var:/var/lib/filebeat - - elasticsearch: - image: amazon/opendistro-for-elasticsearch:1.13.2 - hostname: elasticsearch - restart: always - ports: - - "9200:9200" - environment: - - discovery.type=single-node - - cluster.name=wazuh-cluster - - network.host=0.0.0.0 - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - - kibana: - image: wazuh/wazuh-kibana-odfe:4.4.0 - hostname: kibana - restart: always - ports: - - 443:5601 - environment: - - ELASTICSEARCH_USERNAME=admin - - ELASTICSEARCH_PASSWORD=admin - - SERVER_SSL_ENABLED=true - - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert - - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key - - depends_on: - - elasticsearch - links: - - elasticsearch:elasticsearch - - wazuh:wazuh - -volumes: - ossec_api_configuration: - ossec_etc: - ossec_logs: - ossec_queue: - ossec_var_multigroups: - ossec_integrations: - ossec_active_response: - ossec_agentless: - ossec_wodles: - filebeat_etc: - filebeat_var: diff --git a/generate-elasticsearch-certs.yml b/generate-elasticsearch-certs.yml deleted file mode 100644 index e68bbf62..00000000 --- a/generate-elasticsearch-certs.yml +++ /dev/null @@ -1,17 +0,0 @@ -version: '2.2' - -services: - generator: - container_name: generator - image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 - command: > - bash -c ' - if [[ ! -f config/certificates/bundle.zip ]]; then - bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip; - unzip config/certificates/bundle.zip -d config/certificates/; - fi; - chown -R 1000:0 config/certificates - ' - user: "0" - working_dir: /usr/share/elasticsearch - volumes: ['./xpack:/usr/share/elasticsearch/config/certificates'] diff --git a/generate-opendistro-certs.yml b/generate-opendistro-certs.yml deleted file mode 100644 index cd23e310..00000000 --- a/generate-opendistro-certs.yml +++ /dev/null @@ -1,10 +0,0 @@ -# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) -version: '3' - -services: - generator: - image: wazuh/opendistro-certs-generator:0.1 - hostname: opendistro-certs-generator - volumes: - - ./production_cluster/ssl_certs/certs.yml:/usr/src/config/myconf.yml - - ./production_cluster/ssl_certs/:/usr/src/certs/out/ diff --git a/indexer-certs-creator/Dockerfile b/indexer-certs-creator/Dockerfile new file mode 100644 index 00000000..d9ac2941 --- /dev/null +++ b/indexer-certs-creator/Dockerfile @@ -0,0 +1,12 @@ +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) +FROM ubuntu:focal + +RUN apt-get update && apt-get install openssl curl -y + +WORKDIR / + +COPY config/entrypoint.sh / + +RUN chmod 700 /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/indexer-certs-creator/README.md b/indexer-certs-creator/README.md new file mode 100644 index 00000000..b7dbc565 --- /dev/null +++ b/indexer-certs-creator/README.md @@ -0,0 +1,9 @@ +# Certificate creation image build + +The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks. + +To create the image, the following command must be executed: + +``` +$ docker build -t wazuh/wazuh-certs-generator:0.0.1 . +``` diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh new file mode 100644 index 00000000..66c71a5c --- /dev/null +++ b/indexer-certs-creator/config/entrypoint.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) + +############################################################################## +# Downloading Cert Gen Tool +############################################################################## + +## Variables +CERT_TOOL=wazuh-certs-tool.sh +PASSWORD_TOOL=wazuh-passwords-tool.sh +PACKAGES_URL=https://packages.wazuh.com/4.4/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.4/ + +## Check if the cert tool exists in S3 buckets +CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') +CERT_TOOL_PACKAGES_DEV=$(curl --silent -I $PACKAGES_DEV_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') + +## If cert tool exists in some bucket, download it, if not exit 1 +if [ "$CERT_TOOL_PACKAGES" = "200" ]; then + curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL + echo "Cert tool exists in Packages bucket" +elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then + curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL + echo "Cert tool exists in Packages-dev bucket" +else + echo "Cert tool does not exist in any bucket" + echo "ERROR: certificates were not created" + exit 1 +fi + +cp /config/certs.yml /config.yml + +chmod 700 /$CERT_TOOL + +############################################################################## +# Creating Cluster certificates +############################################################################## + +## Execute cert tool and parsin cert.yml to set UID permissions +source /$CERT_TOOL -A +nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' ) +node_names=($nodes_server) + +echo "Moving created certificates to destination directory" +cp /wazuh-certificates/* /certificates/ +echo "changing certificate permissions" +chmod -R 500 /certificates +chmod -R 400 /certificates/* +echo "Setting UID indexer and dashboard" +chown 1000:1000 /certificates/* +echo "Setting UID for wazuh manager and worker" +cp /certificates/root-ca.pem /certificates/root-ca-manager.pem +cp /certificates/root-ca.key /certificates/root-ca-manager.key +chown 999:997 /certificates/root-ca-manager.pem +chown 999:997 /certificates/root-ca-manager.key + +for i in ${node_names[@]}; +do + chown 999:997 "/certificates/${i}.pem" + chown 999:997 "/certificates/${i}-key.pem" +done diff --git a/kibana-odfe/Dockerfile b/kibana-odfe/Dockerfile deleted file mode 100644 index d133d140..00000000 --- a/kibana-odfe/Dockerfile +++ /dev/null @@ -1,59 +0,0 @@ -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) -FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2 -USER kibana -ARG ELASTIC_VERSION=7.10.2 -ARG WAZUH_VERSION=4.4.0 -ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}" - -WORKDIR /usr/share/kibana -RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip - -WORKDIR / -USER root -COPY config/entrypoint.sh ./entrypoint.sh -RUN chmod 755 ./entrypoint.sh - -ENV PATTERN="" \ - CHECKS_PATTERN="" \ - CHECKS_TEMPLATE="" \ - CHECKS_API="" \ - CHECKS_SETUP="" \ - EXTENSIONS_PCI="" \ - EXTENSIONS_GDPR="" \ - EXTENSIONS_HIPAA="" \ - EXTENSIONS_NIST="" \ - EXTENSIONS_TSC="" \ - EXTENSIONS_AUDIT="" \ - EXTENSIONS_OSCAP="" \ - EXTENSIONS_CISCAT="" \ - EXTENSIONS_AWS="" \ - EXTENSIONS_GCP="" \ - EXTENSIONS_VIRUSTOTAL="" \ - EXTENSIONS_OSQUERY="" \ - EXTENSIONS_DOCKER="" \ - APP_TIMEOUT="" \ - API_SELECTOR="" \ - IP_SELECTOR="" \ - IP_IGNORE="" \ - WAZUH_MONITORING_ENABLED="" \ - WAZUH_MONITORING_FREQUENCY="" \ - WAZUH_MONITORING_SHARDS="" \ - WAZUH_MONITORING_REPLICAS="" \ - ADMIN_PRIVILEGES="" - -USER kibana - -COPY ./config/custom_welcome /tmp/custom_welcome -COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./ -RUN chmod +x ./welcome_wazuh.sh -ARG CHANGE_WELCOME="true" -RUN ./welcome_wazuh.sh - -COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml -COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./ -RUN chmod +x ./wazuh_app_config.sh - -COPY --chown=kibana:kibana ./config/kibana_settings.sh ./ -RUN chmod +x ./kibana_settings.sh - -ENTRYPOINT ./entrypoint.sh diff --git a/kibana-odfe/config/custom_welcome/light_theme.style.css b/kibana-odfe/config/custom_welcome/light_theme.style.css deleted file mode 100644 index a1256a82..00000000 --- a/kibana-odfe/config/custom_welcome/light_theme.style.css +++ /dev/null @@ -1,4349 +0,0 @@ -/*! - * Bootstrap v3.3.6 (http://getbootstrap.com) - * Copyright 2011-2015 Twitter, Inc. - * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) - */ -/* @notice - * This product bundles bootstrap@3.3.6 which is available under a - * "MIT" license. - * - * The MIT License (MIT) - * - * Copyright (c) 2011-2015 Twitter, Inc - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ -.container { - margin-right: auto; - margin-left: auto; - padding-left: 15px; - padding-right: 15px; -} -@media (min-width: 768px) { - .container { - width: 750px; - } -} -@media (min-width: 992px) { - .container { - width: 970px; - } -} -@media (min-width: 1200px) { - .container { - width: 1170px; - } -} -.container-fluid { - margin-right: auto; - margin-left: auto; - padding-left: 15px; - padding-right: 15px; -} -.row { - margin-left: -15px; - margin-right: -15px; -} -.col-xs-1, .col-sm-1, .col-md-1, .col-lg-1, .col-xs-2, .col-sm-2, .col-md-2, .col-lg-2, .col-xs-3, .col-sm-3, .col-md-3, .col-lg-3, .col-xs-4, .col-sm-4, .col-md-4, .col-lg-4, .col-xs-5, .col-sm-5, .col-md-5, .col-lg-5, .col-xs-6, .col-sm-6, .col-md-6, .col-lg-6, .col-xs-7, .col-sm-7, .col-md-7, .col-lg-7, .col-xs-8, .col-sm-8, .col-md-8, .col-lg-8, .col-xs-9, .col-sm-9, .col-md-9, .col-lg-9, .col-xs-10, .col-sm-10, .col-md-10, .col-lg-10, .col-xs-11, .col-sm-11, .col-md-11, .col-lg-11, .col-xs-12, .col-sm-12, .col-md-12, .col-lg-12 { - position: relative; - min-height: 1px; - padding-left: 15px; - padding-right: 15px; -} -.col-xs-1, .col-xs-2, .col-xs-3, .col-xs-4, .col-xs-5, .col-xs-6, .col-xs-7, .col-xs-8, .col-xs-9, .col-xs-10, .col-xs-11, .col-xs-12 { - float: left; -} -.col-xs-12 { - width: 100%; -} -.col-xs-11 { - width: 91.66666667%; -} -.col-xs-10 { - width: 83.33333333%; -} -.col-xs-9 { - width: 75%; -} -.col-xs-8 { - width: 66.66666667%; -} -.col-xs-7 { - width: 58.33333333%; -} -.col-xs-6 { - width: 50%; -} -.col-xs-5 { - width: 41.66666667%; -} -.col-xs-4 { - width: 33.33333333%; -} -.col-xs-3 { - width: 25%; -} -.col-xs-2 { - width: 16.66666667%; -} -.col-xs-1 { - width: 8.33333333%; -} -.col-xs-pull-12 { - right: 100%; -} -.col-xs-pull-11 { - right: 91.66666667%; -} -.col-xs-pull-10 { - right: 83.33333333%; -} -.col-xs-pull-9 { - right: 75%; -} -.col-xs-pull-8 { - right: 66.66666667%; -} -.col-xs-pull-7 { - right: 58.33333333%; -} -.col-xs-pull-6 { - right: 50%; -} -.col-xs-pull-5 { - right: 41.66666667%; -} -.col-xs-pull-4 { - right: 33.33333333%; -} -.col-xs-pull-3 { - right: 25%; -} -.col-xs-pull-2 { - right: 16.66666667%; -} -.col-xs-pull-1 { - right: 8.33333333%; -} -.col-xs-pull-0 { - right: auto; -} -.col-xs-push-12 { - left: 100%; -} -.col-xs-push-11 { - left: 91.66666667%; -} -.col-xs-push-10 { - left: 83.33333333%; -} -.col-xs-push-9 { - left: 75%; -} -.col-xs-push-8 { - left: 66.66666667%; -} -.col-xs-push-7 { - left: 58.33333333%; -} -.col-xs-push-6 { - left: 50%; -} -.col-xs-push-5 { - left: 41.66666667%; -} -.col-xs-push-4 { - left: 33.33333333%; -} -.col-xs-push-3 { - left: 25%; -} -.col-xs-push-2 { - left: 16.66666667%; -} -.col-xs-push-1 { - left: 8.33333333%; -} -.col-xs-push-0 { - left: auto; -} -.col-xs-offset-12 { - margin-left: 100%; -} -.col-xs-offset-11 { - margin-left: 91.66666667%; -} -.col-xs-offset-10 { - margin-left: 83.33333333%; -} -.col-xs-offset-9 { - margin-left: 75%; -} -.col-xs-offset-8 { - margin-left: 66.66666667%; -} -.col-xs-offset-7 { - margin-left: 58.33333333%; -} -.col-xs-offset-6 { - margin-left: 50%; -} -.col-xs-offset-5 { - margin-left: 41.66666667%; -} -.col-xs-offset-4 { - margin-left: 33.33333333%; -} -.col-xs-offset-3 { - margin-left: 25%; -} -.col-xs-offset-2 { - margin-left: 16.66666667%; -} -.col-xs-offset-1 { - margin-left: 8.33333333%; -} -.col-xs-offset-0 { - margin-left: 0%; -} -@media (min-width: 768px) { - .col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12 { - float: left; - } - .col-sm-12 { - width: 100%; - } - .col-sm-11 { - width: 91.66666667%; - } - .col-sm-10 { - width: 83.33333333%; - } - .col-sm-9 { - width: 75%; - } - .col-sm-8 { - width: 66.66666667%; - } - .col-sm-7 { - width: 58.33333333%; - } - .col-sm-6 { - width: 50%; - } - .col-sm-5 { - width: 41.66666667%; - } - .col-sm-4 { - width: 33.33333333%; - } - .col-sm-3 { - width: 25%; - } - .col-sm-2 { - width: 16.66666667%; - } - .col-sm-1 { - width: 8.33333333%; - } - .col-sm-pull-12 { - right: 100%; - } - .col-sm-pull-11 { - right: 91.66666667%; - } - .col-sm-pull-10 { - right: 83.33333333%; - } - .col-sm-pull-9 { - right: 75%; - } - .col-sm-pull-8 { - right: 66.66666667%; - } - .col-sm-pull-7 { - right: 58.33333333%; - } - .col-sm-pull-6 { - right: 50%; - } - .col-sm-pull-5 { - right: 41.66666667%; - } - .col-sm-pull-4 { - right: 33.33333333%; - } - .col-sm-pull-3 { - right: 25%; - } - .col-sm-pull-2 { - right: 16.66666667%; - } - .col-sm-pull-1 { - right: 8.33333333%; - } - .col-sm-pull-0 { - right: auto; - } - .col-sm-push-12 { - left: 100%; - } - .col-sm-push-11 { - left: 91.66666667%; - } - .col-sm-push-10 { - left: 83.33333333%; - } - .col-sm-push-9 { - left: 75%; - } - .col-sm-push-8 { - left: 66.66666667%; - } - .col-sm-push-7 { - left: 58.33333333%; - } - .col-sm-push-6 { - left: 50%; - } - .col-sm-push-5 { - left: 41.66666667%; - } - .col-sm-push-4 { - left: 33.33333333%; - } - .col-sm-push-3 { - left: 25%; - } - .col-sm-push-2 { - left: 16.66666667%; - } - .col-sm-push-1 { - left: 8.33333333%; - } - .col-sm-push-0 { - left: auto; - } - .col-sm-offset-12 { - margin-left: 100%; - } - .col-sm-offset-11 { - margin-left: 91.66666667%; - } - .col-sm-offset-10 { - margin-left: 83.33333333%; - } - .col-sm-offset-9 { - margin-left: 75%; - } - .col-sm-offset-8 { - margin-left: 66.66666667%; - } - .col-sm-offset-7 { - margin-left: 58.33333333%; - } - .col-sm-offset-6 { - margin-left: 50%; - } - .col-sm-offset-5 { - margin-left: 41.66666667%; - } - .col-sm-offset-4 { - margin-left: 33.33333333%; - } - .col-sm-offset-3 { - margin-left: 25%; - } - .col-sm-offset-2 { - margin-left: 16.66666667%; - } - .col-sm-offset-1 { - margin-left: 8.33333333%; - } - .col-sm-offset-0 { - margin-left: 0%; - } -} -@media (min-width: 992px) { - .col-md-1, .col-md-2, .col-md-3, .col-md-4, .col-md-5, .col-md-6, .col-md-7, .col-md-8, .col-md-9, .col-md-10, .col-md-11, .col-md-12 { - float: left; - } - .col-md-12 { - width: 100%; - } - .col-md-11 { - width: 91.66666667%; - } - .col-md-10 { - width: 83.33333333%; - } - .col-md-9 { - width: 75%; - } - .col-md-8 { - width: 66.66666667%; - } - .col-md-7 { - width: 58.33333333%; - } - .col-md-6 { - width: 50%; - } - .col-md-5 { - width: 41.66666667%; - } - .col-md-4 { - width: 33.33333333%; - } - .col-md-3 { - width: 25%; - } - .col-md-2 { - width: 16.66666667%; - } - .col-md-1 { - width: 8.33333333%; - } - .col-md-pull-12 { - right: 100%; - } - .col-md-pull-11 { - right: 91.66666667%; - } - .col-md-pull-10 { - right: 83.33333333%; - } - .col-md-pull-9 { - right: 75%; - } - .col-md-pull-8 { - right: 66.66666667%; - } - .col-md-pull-7 { - right: 58.33333333%; - } - .col-md-pull-6 { - right: 50%; - } - .col-md-pull-5 { - right: 41.66666667%; - } - .col-md-pull-4 { - right: 33.33333333%; - } - .col-md-pull-3 { - right: 25%; - } - .col-md-pull-2 { - right: 16.66666667%; - } - .col-md-pull-1 { - right: 8.33333333%; - } - .col-md-pull-0 { - right: auto; - } - .col-md-push-12 { - left: 100%; - } - .col-md-push-11 { - left: 91.66666667%; - } - .col-md-push-10 { - left: 83.33333333%; - } - .col-md-push-9 { - left: 75%; - } - .col-md-push-8 { - left: 66.66666667%; - } - .col-md-push-7 { - left: 58.33333333%; - } - .col-md-push-6 { - left: 50%; - } - .col-md-push-5 { - left: 41.66666667%; - } - .col-md-push-4 { - left: 33.33333333%; - } - .col-md-push-3 { - left: 25%; - } - .col-md-push-2 { - left: 16.66666667%; - } - .col-md-push-1 { - left: 8.33333333%; - } - .col-md-push-0 { - left: auto; - } - .col-md-offset-12 { - margin-left: 100%; - } - .col-md-offset-11 { - margin-left: 91.66666667%; - } - .col-md-offset-10 { - margin-left: 83.33333333%; - } - .col-md-offset-9 { - margin-left: 75%; - } - .col-md-offset-8 { - margin-left: 66.66666667%; - } - .col-md-offset-7 { - margin-left: 58.33333333%; - } - .col-md-offset-6 { - margin-left: 50%; - } - .col-md-offset-5 { - margin-left: 41.66666667%; - } - .col-md-offset-4 { - margin-left: 33.33333333%; - } - .col-md-offset-3 { - margin-left: 25%; - } - .col-md-offset-2 { - margin-left: 16.66666667%; - } - .col-md-offset-1 { - margin-left: 8.33333333%; - } - .col-md-offset-0 { - margin-left: 0%; - } -} -@media (min-width: 1200px) { - .col-lg-1, .col-lg-2, .col-lg-3, .col-lg-4, .col-lg-5, .col-lg-6, .col-lg-7, .col-lg-8, .col-lg-9, .col-lg-10, .col-lg-11, .col-lg-12 { - float: left; - } - .col-lg-12 { - width: 100%; - } - .col-lg-11 { - width: 91.66666667%; - } - .col-lg-10 { - width: 83.33333333%; - } - .col-lg-9 { - width: 75%; - } - .col-lg-8 { - width: 66.66666667%; - } - .col-lg-7 { - width: 58.33333333%; - } - .col-lg-6 { - width: 50%; - } - .col-lg-5 { - width: 41.66666667%; - } - .col-lg-4 { - width: 33.33333333%; - } - .col-lg-3 { - width: 25%; - } - .col-lg-2 { - width: 16.66666667%; - } - .col-lg-1 { - width: 8.33333333%; - } - .col-lg-pull-12 { - right: 100%; - } - .col-lg-pull-11 { - right: 91.66666667%; - } - .col-lg-pull-10 { - right: 83.33333333%; - } - .col-lg-pull-9 { - right: 75%; - } - .col-lg-pull-8 { - right: 66.66666667%; - } - .col-lg-pull-7 { - right: 58.33333333%; - } - .col-lg-pull-6 { - right: 50%; - } - .col-lg-pull-5 { - right: 41.66666667%; - } - .col-lg-pull-4 { - right: 33.33333333%; - } - .col-lg-pull-3 { - right: 25%; - } - .col-lg-pull-2 { - right: 16.66666667%; - } - .col-lg-pull-1 { - right: 8.33333333%; - } - .col-lg-pull-0 { - right: auto; - } - .col-lg-push-12 { - left: 100%; - } - .col-lg-push-11 { - left: 91.66666667%; - } - .col-lg-push-10 { - left: 83.33333333%; - } - .col-lg-push-9 { - left: 75%; - } - .col-lg-push-8 { - left: 66.66666667%; - } - .col-lg-push-7 { - left: 58.33333333%; - } - .col-lg-push-6 { - left: 50%; - } - .col-lg-push-5 { - left: 41.66666667%; - } - .col-lg-push-4 { - left: 33.33333333%; - } - .col-lg-push-3 { - left: 25%; - } - .col-lg-push-2 { - left: 16.66666667%; - } - .col-lg-push-1 { - left: 8.33333333%; - } - .col-lg-push-0 { - left: auto; - } - .col-lg-offset-12 { - margin-left: 100%; - } - .col-lg-offset-11 { - margin-left: 91.66666667%; - } - .col-lg-offset-10 { - margin-left: 83.33333333%; - } - .col-lg-offset-9 { - margin-left: 75%; - } - .col-lg-offset-8 { - margin-left: 66.66666667%; - } - .col-lg-offset-7 { - margin-left: 58.33333333%; - } - .col-lg-offset-6 { - margin-left: 50%; - } - .col-lg-offset-5 { - margin-left: 41.66666667%; - } - .col-lg-offset-4 { - margin-left: 33.33333333%; - } - .col-lg-offset-3 { - margin-left: 25%; - } - .col-lg-offset-2 { - margin-left: 16.66666667%; - } - .col-lg-offset-1 { - margin-left: 8.33333333%; - } - .col-lg-offset-0 { - margin-left: 0%; - } -} -.table { - width: 100%; - max-width: 100%; - margin-bottom: 20px; - font-size: 14px; -} -.table thead { - font-size: 12px; -} -.table > thead > tr > th, -.table > tbody > tr > th, -.table > tfoot > tr > th, -.table > thead > tr > td, -.table > tbody > tr > td, -.table > tfoot > tr > td { - padding: 8px; - line-height: 1.42857143; - vertical-align: top; - border-top: 1px solid #D3DAE6; -} -.table > thead > tr > th { - vertical-align: bottom; - border-bottom: 1px solid #D3DAE6; -} -.table > caption + thead > tr:first-child > th, -.table > colgroup + thead > tr:first-child > th, -.table > thead:first-child > tr:first-child > th, -.table > caption + thead > tr:first-child > td, -.table > colgroup + thead > tr:first-child > td, -.table > thead:first-child > tr:first-child > td { - border-top: 0; -} -.table > tbody + tbody { - border-top: 2px solid #D3DAE6; -} -.table .table { - background-color: #FFF; -} -.table-condensed > thead > tr > th, -.table-condensed > tbody > tr > th, -.table-condensed > tfoot > tr > th, -.table-condensed > thead > tr > td, -.table-condensed > tbody > tr > td, -.table-condensed > tfoot > tr > td { - padding: 5px; - font-size: 12px; -} -.table-bordered { - border: 1px solid #D3DAE6; -} -.table-bordered > thead > tr > th, -.table-bordered > tbody > tr > th, -.table-bordered > tfoot > tr > th, -.table-bordered > thead > tr > td, -.table-bordered > tbody > tr > td, -.table-bordered > tfoot > tr > td { - border: 1px solid #D3DAE6; -} -.table-bordered > thead > tr > th, -.table-bordered > thead > tr > td { - border-bottom-width: 2px; -} -.table-striped > tbody > tr:nth-of-type(odd) { - background-color: #D3DAE6; -} -.table-hover > tbody > tr:hover { - background-color: #D3DAE6; -} -table col[class*="col-"] { - position: static; - float: none; - display: table-column; -} -table td[class*="col-"], -table th[class*="col-"] { - position: static; - float: none; - display: table-cell; -} -.table > thead > tr > td.active, -.table > tbody > tr > td.active, -.table > tfoot > tr > td.active, -.table > thead > tr > th.active, -.table > tbody > tr > th.active, -.table > tfoot > tr > th.active, -.table > thead > tr.active > td, -.table > tbody > tr.active > td, -.table > tfoot > tr.active > td, -.table > thead > tr.active > th, -.table > tbody > tr.active > th, -.table > tfoot > tr.active > th { - background-color: #D3DAE6; -} -.table-hover > tbody > tr > td.active:hover, -.table-hover > tbody > tr > th.active:hover, -.table-hover > tbody > tr.active:hover > td, -.table-hover > tbody > tr:hover > .active, -.table-hover > tbody > tr.active:hover > th { - background-color: #c3ccdd; -} -.table > thead > tr > td.success, -.table > tbody > tr > td.success, -.table > tfoot > tr > td.success, -.table > thead > tr > th.success, -.table > tbody > tr > th.success, -.table > tfoot > tr > th.success, -.table > thead > tr.success > td, -.table > tbody > tr.success > td, -.table > tfoot > tr.success > td, -.table > thead > tr.success > th, -.table > tbody > tr.success > th, -.table > tfoot > tr.success > th { - background-color: #017D73; -} -.table-hover > tbody > tr > td.success:hover, -.table-hover > tbody > tr > th.success:hover, -.table-hover > tbody > tr.success:hover > td, -.table-hover > tbody > tr:hover > .success, -.table-hover > tbody > tr.success:hover > th { - background-color: #01645c; -} -.table > thead > tr > td.info, -.table > tbody > tr > td.info, -.table > tfoot > tr > td.info, -.table > thead > tr > th.info, -.table > tbody > tr > th.info, -.table > tfoot > tr > th.info, -.table > thead > tr.info > td, -.table > tbody > tr.info > td, -.table > tfoot > tr.info > td, -.table > thead > tr.info > th, -.table > tbody > tr.info > th, -.table > tfoot > tr.info > th { - background-color: #006BB4; -} -.table-hover > tbody > tr > td.info:hover, -.table-hover > tbody > tr > th.info:hover, -.table-hover > tbody > tr.info:hover > td, -.table-hover > tbody > tr:hover > .info, -.table-hover > tbody > tr.info:hover > th { - background-color: #005c9b; -} -.table > thead > tr > td.warning, -.table > tbody > tr > td.warning, -.table > tfoot > tr > td.warning, -.table > thead > tr > th.warning, -.table > tbody > tr > th.warning, -.table > tfoot > tr > th.warning, -.table > thead > tr.warning > td, -.table > tbody > tr.warning > td, -.table > tfoot > tr.warning > td, -.table > thead > tr.warning > th, -.table > tbody > tr.warning > th, -.table > tfoot > tr.warning > th { - background-color: #F5A700; -} -.table-hover > tbody > tr > td.warning:hover, -.table-hover > tbody > tr > th.warning:hover, -.table-hover > tbody > tr.warning:hover > td, -.table-hover > tbody > tr:hover > .warning, -.table-hover > tbody > tr.warning:hover > th { - background-color: #dc9600; -} -.table > thead > tr > td.danger, -.table > tbody > tr > td.danger, -.table > tfoot > tr > td.danger, -.table > thead > tr > th.danger, -.table > tbody > tr > th.danger, -.table > tfoot > tr > th.danger, -.table > thead > tr.danger > td, -.table > tbody > tr.danger > td, -.table > tfoot > tr.danger > td, -.table > thead > tr.danger > th, -.table > tbody > tr.danger > th, -.table > tfoot > tr.danger > th { - background-color: #BD271E; -} -.table-hover > tbody > tr > td.danger:hover, -.table-hover > tbody > tr > th.danger:hover, -.table-hover > tbody > tr.danger:hover > td, -.table-hover > tbody > tr:hover > .danger, -.table-hover > tbody > tr.danger:hover > th { - background-color: #a7221b; -} -.table-responsive { - overflow-x: auto; - min-height: 0.01%; -} -@media screen and (max-width: 767px) { - .table-responsive { - width: 100%; - margin-bottom: 15px; - overflow-y: hidden; - -ms-overflow-style: -ms-autohiding-scrollbar; - border: 1px solid #D3DAE6; - } - .table-responsive > .table { - margin-bottom: 0; - } - .table-responsive > .table > thead > tr > th, - .table-responsive > .table > tbody > tr > th, - .table-responsive > .table > tfoot > tr > th, - .table-responsive > .table > thead > tr > td, - .table-responsive > .table > tbody > tr > td, - .table-responsive > .table > tfoot > tr > td { - white-space: nowrap; - } - .table-responsive > .table-bordered { - border: 0; - } - .table-responsive > .table-bordered > thead > tr > th:first-child, - .table-responsive > .table-bordered > tbody > tr > th:first-child, - .table-responsive > .table-bordered > tfoot > tr > th:first-child, - .table-responsive > .table-bordered > thead > tr > td:first-child, - .table-responsive > .table-bordered > tbody > tr > td:first-child, - .table-responsive > .table-bordered > tfoot > tr > td:first-child { - border-left: 0; - } - .table-responsive > .table-bordered > thead > tr > th:last-child, - .table-responsive > .table-bordered > tbody > tr > th:last-child, - .table-responsive > .table-bordered > tfoot > tr > th:last-child, - .table-responsive > .table-bordered > thead > tr > td:last-child, - .table-responsive > .table-bordered > tbody > tr > td:last-child, - .table-responsive > .table-bordered > tfoot > tr > td:last-child { - border-right: 0; - } - .table-responsive > .table-bordered > tbody > tr:last-child > th, - .table-responsive > .table-bordered > tfoot > tr:last-child > th, - .table-responsive > .table-bordered > tbody > tr:last-child > td, - .table-responsive > .table-bordered > tfoot > tr:last-child > td { - border-bottom: 0; - } -} -.form-control { - display: block; - width: 100%; - height: 32px; - padding: 5px 15px; - font-size: 14px; - line-height: 1.42857143; - color: #343741; - background-color: #fafbfd; - background-image: none; - border: 1px solid #D3DAE6; - border-radius: 4px; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); - transition: border-color ease-in-out .15s, box-shadow ease-in-out .15s; -} -.form-control:focus { - border-color: #006BB4; - outline: 0; - box-shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(0, 107, 180, 0.6); -} -.form-control::-moz-placeholder { - color: #98A2B3; - opacity: 1; -} -.form-control:-ms-input-placeholder { - color: #98A2B3; -} -.form-control::-webkit-input-placeholder { - color: #98A2B3; -} -.form-control::-ms-expand { - border: 0; - background-color: transparent; -} -.form-control[disabled], -.form-control[readonly], -fieldset[disabled] .form-control { - background-color: #D3DAE6; - opacity: 1; -} -.form-control[disabled], -fieldset[disabled] .form-control { - cursor: not-allowed; -} -textarea.form-control { - height: auto; -} -.form-group:not(:empty) { - margin-bottom: 15px; -} -.radio, -.checkbox { - position: relative; - display: block; - margin-top: 10px; - margin-bottom: 10px; -} -.radio label, -.checkbox label { - min-height: 20px; - padding-left: 20px; - margin-bottom: 0; - font-weight: normal; - cursor: pointer; -} -.radio input[type="radio"], -.radio-inline input[type="radio"], -.checkbox input[type="checkbox"], -.checkbox-inline input[type="checkbox"] { - position: absolute; - margin-left: -20px; - margin-top: 4px \9; -} -.radio + .radio, -.checkbox + .checkbox { - margin-top: -5px; -} -.radio-inline, -.checkbox-inline { - position: relative; - display: inline-block; - padding-left: 20px; - margin-bottom: 0; - vertical-align: middle; - font-weight: normal; - cursor: pointer; -} -.radio-inline + .radio-inline, -.checkbox-inline + .checkbox-inline { - margin-top: 0; - margin-left: 10px; -} -.radio-inline.disabled, -.checkbox-inline.disabled, -fieldset[disabled] .radio-inline, -fieldset[disabled] .checkbox-inline { - cursor: not-allowed; -} -.radio.disabled label, -.checkbox.disabled label, -fieldset[disabled] .radio label, -fieldset[disabled] .checkbox label { - cursor: not-allowed; -} -.form-control-static { - padding-top: 6px; - padding-bottom: 6px; - margin-bottom: 0; - min-height: 34px; -} -.form-control-static.input-lg, -.form-control-static.input-sm { - padding-left: 0; - padding-right: 0; -} -.input-sm { - height: 32px; - padding: 6px 9px; - font-size: 12px; - line-height: 1.5; - border-radius: 4px; -} -select.input-sm { - height: 32px; - line-height: 32px; -} -textarea.input-sm, -select[multiple].input-sm { - height: auto; -} -.form-group-sm .form-control { - height: 32px; - padding: 6px 9px; - font-size: 12px; - line-height: 1.5; - border-radius: 4px; -} -.form-group-sm select.form-control { - height: 32px; - line-height: 32px; -} -.form-group-sm textarea.form-control, -.form-group-sm select[multiple].form-control { - height: auto; -} -.form-group-sm .form-control-static { - height: 32px; - min-height: 32px; - padding: 7px 9px; - font-size: 12px; - line-height: 1.5; -} -.input-lg { - height: 62px; - padding: 18px 27px; - font-size: 18px; - line-height: 1.3333333; - border-radius: 4px; -} -select.input-lg { - height: 62px; - line-height: 62px; -} -textarea.input-lg, -select[multiple].input-lg { - height: auto; -} -.form-group-lg .form-control { - height: 62px; - padding: 18px 27px; - font-size: 18px; - line-height: 1.3333333; - border-radius: 4px; -} -.form-group-lg select.form-control { - height: 62px; - line-height: 62px; -} -.form-group-lg textarea.form-control, -.form-group-lg select[multiple].form-control { - height: auto; -} -.form-group-lg .form-control-static { - height: 62px; - min-height: 38px; - padding: 19px 27px; - font-size: 18px; - line-height: 1.3333333; -} -.has-feedback { - position: relative; -} -.has-feedback .form-control { - padding-right: 40px; -} -.form-control-feedback { - position: absolute; - top: 0; - right: 0; - z-index: 2; - display: block; - width: 32px; - height: 32px; - line-height: 32px; - text-align: center; - pointer-events: none; -} -.input-lg + .form-control-feedback, -.input-group-lg + .form-control-feedback, -.form-group-lg .form-control + .form-control-feedback { - width: 62px; - height: 62px; - line-height: 62px; -} -.input-sm + .form-control-feedback, -.input-group-sm + .form-control-feedback, -.form-group-sm .form-control + .form-control-feedback { - width: 32px; - height: 32px; - line-height: 32px; -} -.has-success .help-block, -.has-success .control-label, -.has-success .radio, -.has-success .checkbox, -.has-success .radio-inline, -.has-success .checkbox-inline, -.has-success.radio label, -.has-success.checkbox label, -.has-success.radio-inline label, -.has-success.checkbox-inline label { - color: #FFF; -} -.has-success .form-control { - border-color: #FFF; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} -.has-success .form-control:focus { - border-color: #e6e6e6; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; -} -.has-success .input-group-addon { - color: #FFF; - border-color: #FFF; - background-color: #017D73; -} -.has-success .form-control-feedback { - color: #FFF; -} -.has-warning .help-block, -.has-warning .control-label, -.has-warning .radio, -.has-warning .checkbox, -.has-warning .radio-inline, -.has-warning .checkbox-inline, -.has-warning.radio label, -.has-warning.checkbox label, -.has-warning.radio-inline label, -.has-warning.checkbox-inline label { - color: #FFF; -} -.has-warning .form-control { - border-color: #FFF; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} -.has-warning .form-control:focus { - border-color: #e6e6e6; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; -} -.has-warning .input-group-addon { - color: #FFF; - border-color: #FFF; - background-color: #F5A700; -} -.has-warning .form-control-feedback { - color: #FFF; -} -.has-error .help-block, -.has-error .control-label, -.has-error .radio, -.has-error .checkbox, -.has-error .radio-inline, -.has-error .checkbox-inline, -.has-error.radio label, -.has-error.checkbox label, -.has-error.radio-inline label, -.has-error.checkbox-inline label { - color: #FFF; -} -.has-error .form-control { - border-color: #FFF; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075); -} -.has-error .form-control:focus { - border-color: #e6e6e6; - box-shadow: inset 0 1px 1px rgba(0, 0, 0, 0.075), 0 0 6px #ffffff; -} -.has-error .input-group-addon { - color: #FFF; - border-color: #FFF; - background-color: #BD271E; -} -.has-error .form-control-feedback { - color: #FFF; -} -.has-feedback label ~ .form-control-feedback { - top: 25px; -} -.has-feedback label.sr-only ~ .form-control-feedback { - top: 0; -} -.help-block { - display: block; - margin-top: 5px; - margin-bottom: 10px; - color: #6d7388; -} -@media (min-width: 768px) { - .form-inline .form-group { - display: inline-block; - margin-bottom: 0; - vertical-align: middle; - } - .form-inline .form-control { - display: inline-block; - width: auto; - vertical-align: middle; - } - .form-inline .form-control-static { - display: inline-block; - } - .form-inline .input-group { - display: inline-table; - vertical-align: middle; - } - .form-inline .input-group .input-group-addon, - .form-inline .input-group .form-control { - width: auto; - } - .form-inline .input-group > .form-control { - width: 100%; - } - .form-inline .control-label { - margin-bottom: 0; - vertical-align: middle; - } - .form-inline .radio, - .form-inline .checkbox { - display: inline-block; - margin-top: 0; - margin-bottom: 0; - vertical-align: middle; - } - .form-inline .radio label, - .form-inline .checkbox label { - padding-left: 0; - } - .form-inline .radio input[type="radio"], - .form-inline .checkbox input[type="checkbox"] { - position: relative; - margin-left: 0; - } - .form-inline .has-feedback .form-control-feedback { - top: 0; - } -} -.form-horizontal .radio, -.form-horizontal .checkbox, -.form-horizontal .radio-inline, -.form-horizontal .checkbox-inline { - margin-top: 0; - margin-bottom: 0; - padding-top: 6px; -} -.form-horizontal .radio, -.form-horizontal .checkbox { - min-height: 26px; -} -.form-horizontal .form-group { - margin-left: -15px; - margin-right: -15px; -} -@media (min-width: 768px) { - .form-horizontal .control-label { - text-align: right; - margin-bottom: 0; - padding-top: 6px; - } -} -.form-horizontal .has-feedback .form-control-feedback { - right: 15px; -} -@media (min-width: 768px) { - .form-horizontal .form-group-lg .control-label { - padding-top: 19px; - font-size: 18px; - } -} -@media (min-width: 768px) { - .form-horizontal .form-group-sm .control-label { - padding-top: 7px; - font-size: 12px; - } -} -.text-left { - text-align: left; -} -.text-right { - text-align: right; -} -.text-center { - text-align: center; -} -.text-muted { - color: #b2bac6; -} -.text-primary { - color: #343741; -} -a.text-primary:hover, -a.text-primary:focus { - color: #1d1f25; -} -.text-success { - color: #FFF; -} -a.text-success:hover, -a.text-success:focus { - color: #e6e6e6; -} -.text-info { - color: #FFF; -} -a.text-info:hover, -a.text-info:focus { - color: #e6e6e6; -} -.text-warning { - color: #FFF; -} -a.text-warning:hover, -a.text-warning:focus { - color: #e6e6e6; -} -.text-danger { - color: #FFF; -} -a.text-danger:hover, -a.text-danger:focus { - color: #e6e6e6; -} -.bg-info { - background-color: #006BB4; -} -a.bg-info:hover, -a.bg-info:focus { - background-color: #004d81; -} -.list-unstyled { - padding-left: 0; - list-style: none; -} -@media (min-width: 0) { - .dl-horizontal dt { - float: left; - width: 160px; - clear: left; - text-align: right; - overflow: hidden; - text-overflow: ellipsis; - white-space: nowrap; - } - .dl-horizontal dd { - margin-left: 180px; - } -} -.fade { - opacity: 0; - transition: opacity 0.15s linear; -} -.fade.in { - opacity: 1; -} -.collapse { - display: none; -} -.collapse.in { - display: block; -} -tr.collapse.in { - display: table-row; -} -tbody.collapse.in { - display: table-row-group; -} -.collapsing { - position: relative; - height: 0; - overflow: hidden; - transition-property: height, visibility; - transition-duration: 0.35s; - transition-timing-function: ease; -} -/** - * ui/angular-ui-select depends upon these styles. Don't use them in your markup. - * Please use the UI Framework styles instead. - */ -.btn { - display: inline-block; - margin-bottom: 0; - font-weight: normal; - text-align: center; - vertical-align: middle; - touch-action: manipulation; - cursor: pointer; - background-image: none; - border: 1px solid transparent; - white-space: nowrap; - padding: 5px 15px; - font-size: 14px; - line-height: 1.42857143; - border-radius: 4px; - -webkit-user-select: none; - -moz-user-select: none; - -ms-user-select: none; - user-select: none; -} -.btn:focus, -.btn:active:focus, -.btn.active:focus, -.btn.focus, -.btn:active.focus, -.btn.active.focus { - box-shadow: 0 0 0 1px white, 0 0 0 2px #0079a5; - /* 3 */ -} -.btn:hover, -.btn:focus, -.btn.focus { - color: #FFF; - text-decoration: none; -} -.btn:active, -.btn.active { - outline: 0; - background-image: none; - box-shadow: inset 0 3px 5px rgba(0, 0, 0, 0.125); -} -.btn.disabled, -.btn[disabled], -fieldset[disabled] .btn { - cursor: not-allowed; - opacity: 0.65; - filter: alpha(opacity=65); - box-shadow: none; -} -a.btn.disabled, -fieldset[disabled] a.btn { - pointer-events: none; -} -.btn-default { - color: #FFF; - background-color: #006BB4; - border-color: #006BB4; -} -.btn-default:focus, -.btn-default.focus { - color: #FFF; - background-color: #004d81; - border-color: #001f35; -} -.btn-default:hover { - color: #FFF; - background-color: #004d81; - border-color: #004777; -} -.btn-default:active, -.btn-default.active, -.open > .dropdown-toggle.btn-default { - color: #FFF; - background-color: #004d81; - border-color: #004777; -} -.btn-default:active:hover, -.btn-default.active:hover, -.open > .dropdown-toggle.btn-default:hover, -.btn-default:active:focus, -.btn-default.active:focus, -.open > .dropdown-toggle.btn-default:focus, -.btn-default:active.focus, -.btn-default.active.focus, -.open > .dropdown-toggle.btn-default.focus { - color: #FFF; - background-color: #00375d; - border-color: #001f35; -} -.btn-default:active, -.btn-default.active, -.open > .dropdown-toggle.btn-default { - background-image: none; -} -.btn-default.disabled:hover, -.btn-default[disabled]:hover, -fieldset[disabled] .btn-default:hover, -.btn-default.disabled:focus, -.btn-default[disabled]:focus, -fieldset[disabled] .btn-default:focus, -.btn-default.disabled.focus, -.btn-default[disabled].focus, -fieldset[disabled] .btn-default.focus { - background-color: #006BB4; - border-color: #006BB4; -} -.btn-default .badge { - color: #006BB4; - background-color: #FFF; -} -.btn-primary { - color: #FFF; - background-color: #006BB4; - border-color: #006BB4; -} -.btn-primary:focus, -.btn-primary.focus { - color: #FFF; - background-color: #004d81; - border-color: #001f35; -} -.btn-primary:hover { - color: #FFF; - background-color: #004d81; - border-color: #004777; -} -.btn-primary:active, -.btn-primary.active, -.open > .dropdown-toggle.btn-primary { - color: #FFF; - background-color: #004d81; - border-color: #004777; -} -.btn-primary:active:hover, -.btn-primary.active:hover, -.open > .dropdown-toggle.btn-primary:hover, -.btn-primary:active:focus, -.btn-primary.active:focus, -.open > .dropdown-toggle.btn-primary:focus, -.btn-primary:active.focus, -.btn-primary.active.focus, -.open > .dropdown-toggle.btn-primary.focus { - color: #FFF; - background-color: #00375d; - border-color: #001f35; -} -.btn-primary:active, -.btn-primary.active, -.open > .dropdown-toggle.btn-primary { - background-image: none; -} -.btn-primary.disabled:hover, -.btn-primary[disabled]:hover, -fieldset[disabled] .btn-primary:hover, -.btn-primary.disabled:focus, -.btn-primary[disabled]:focus, -fieldset[disabled] .btn-primary:focus, -.btn-primary.disabled.focus, -.btn-primary[disabled].focus, -fieldset[disabled] .btn-primary.focus { - background-color: #006BB4; - border-color: #006BB4; -} -.btn-primary .badge { - color: #006BB4; - background-color: #FFF; -} -.btn-xs { - padding: 1px 5px; - font-size: 12px; - line-height: 1.5; - border-radius: 4px; -} -.navbar { - position: relative; - min-height: 45px; - margin-bottom: 0px; - border: 1px solid transparent; -} -@media (min-width: 0) { - .navbar { - border-radius: 4px; - } -} -@media (min-width: 0) { - .navbar-header { - float: left; - } -} -.navbar-collapse { - overflow-x: visible; - padding-right: 10px; - padding-left: 10px; - border-top: 1px solid transparent; - box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1); - -webkit-overflow-scrolling: touch; -} -.navbar-collapse.in { - overflow-y: auto; -} -@media (min-width: 0) { - .navbar-collapse { - width: auto; - border-top: 0; - box-shadow: none; - } - .navbar-collapse.collapse { - display: block !important; - height: auto !important; - padding-bottom: 0; - overflow: visible !important; - } - .navbar-collapse.in { - overflow-y: visible; - } - .navbar-fixed-top .navbar-collapse, - .navbar-fixed-bottom .navbar-collapse { - padding-left: 0; - padding-right: 0; - } -} -.navbar-fixed-top .navbar-collapse, -.navbar-fixed-bottom .navbar-collapse { - max-height: 340px; -} -@media (max-device-width: 480px) and (orientation: landscape) { - .navbar-fixed-top .navbar-collapse, - .navbar-fixed-bottom .navbar-collapse { - max-height: 200px; - } -} -.container > .navbar-header, -.container-fluid > .navbar-header, -.container > .navbar-collapse, -.container-fluid > .navbar-collapse { - margin-right: -10px; - margin-left: -10px; -} -@media (min-width: 0) { - .container > .navbar-header, - .container-fluid > .navbar-header, - .container > .navbar-collapse, - .container-fluid > .navbar-collapse { - margin-right: 0; - margin-left: 0; - } -} -.navbar-fixed-top, -.navbar-fixed-bottom { - position: fixed; - right: 0; - left: 0; - z-index: 1050; -} -@media (min-width: 0) { - .navbar-fixed-top, - .navbar-fixed-bottom { - border-radius: 0; - } -} -.navbar-fixed-top { - top: 0; - border-width: 0 0 1px; -} -.navbar-fixed-bottom { - bottom: 0; - margin-bottom: 0; - border-width: 1px 0 0; -} -.navbar-brand { - float: left; - padding: 12.5px 10px; - font-size: 18px; - line-height: 20px; - height: 45px; -} -.navbar-brand:hover, -.navbar-brand:focus { - text-decoration: none; -} -.navbar-brand > img { - display: block; -} -@media (min-width: 0) { - .navbar > .container .navbar-brand, - .navbar > .container-fluid .navbar-brand { - margin-left: -10px; - } -} -.navbar-toggle { - position: relative; - float: right; - margin-right: 10px; - padding: 9px 10px; - margin-top: 5.5px; - margin-bottom: 5.5px; - background-color: transparent; - background-image: none; - border: 1px solid transparent; - border-radius: 4px; -} -.navbar-toggle:focus { - outline: 0; -} -.navbar-toggle .icon-bar { - display: block; - width: 22px; - height: 2px; - border-radius: 1px; -} -.navbar-toggle .icon-bar + .icon-bar { - margin-top: 4px; -} -@media (min-width: 0) { - .navbar-toggle { - display: none; - } -} -.navbar-nav { - margin: 6.25px -10px; -} -.navbar-nav > li > a { - padding-top: 10px; - padding-bottom: 10px; - line-height: 20px; -} -@media (max-width: -1) { - .navbar-nav .open .dropdown-menu { - position: static; - float: none; - width: auto; - margin-top: 0; - background-color: transparent; - border: 0; - box-shadow: none; - } - .navbar-nav .open .dropdown-menu > li > a, - .navbar-nav .open .dropdown-menu .dropdown-header { - padding: 5px 15px 5px 25px; - } - .navbar-nav .open .dropdown-menu > li > a { - line-height: 20px; - } - .navbar-nav .open .dropdown-menu > li > a:hover, - .navbar-nav .open .dropdown-menu > li > a:focus { - background-image: none; - } -} -@media (min-width: 0) { - .navbar-nav { - float: left; - margin: 0; - } - .navbar-nav > li { - float: left; - } - .navbar-nav > li > a { - padding-top: 12.5px; - padding-bottom: 12.5px; - } -} -.navbar-form { - margin-left: -10px; - margin-right: -10px; - padding: 10px 10px; - border-top: 1px solid transparent; - border-bottom: 1px solid transparent; - box-shadow: inset 0 1px 0 rgba(255, 255, 255, 0.1), 0 1px 0 rgba(255, 255, 255, 0.1); - margin-top: 6.5px; - margin-bottom: 6.5px; -} -@media (min-width: 768px) { - .navbar-form .form-group { - display: inline-block; - margin-bottom: 0; - vertical-align: middle; - } - .navbar-form .form-control { - display: inline-block; - width: auto; - vertical-align: middle; - } - .navbar-form .form-control-static { - display: inline-block; - } - .navbar-form .input-group { - display: inline-table; - vertical-align: middle; - } - .navbar-form .input-group .input-group-addon, - .navbar-form .input-group .form-control { - width: auto; - } - .navbar-form .input-group > .form-control { - width: 100%; - } - .navbar-form .control-label { - margin-bottom: 0; - vertical-align: middle; - } - .navbar-form .radio, - .navbar-form .checkbox { - display: inline-block; - margin-top: 0; - margin-bottom: 0; - vertical-align: middle; - } - .navbar-form .radio label, - .navbar-form .checkbox label { - padding-left: 0; - } - .navbar-form .radio input[type="radio"], - .navbar-form .checkbox input[type="checkbox"] { - position: relative; - margin-left: 0; - } - .navbar-form .has-feedback .form-control-feedback { - top: 0; - } -} -@media (max-width: -1) { - .navbar-form .form-group { - margin-bottom: 5px; - } - .navbar-form .form-group:last-child { - margin-bottom: 0; - } -} -@media (min-width: 0) { - .navbar-form { - width: auto; - border: 0; - margin-left: 0; - margin-right: 0; - padding-top: 0; - padding-bottom: 0; - box-shadow: none; - } -} -.navbar-nav > li > .dropdown-menu { - margin-top: 0; - border-top-right-radius: 0; - border-top-left-radius: 0; -} -.navbar-fixed-bottom .navbar-nav > li > .dropdown-menu { - margin-bottom: 0; - border-top-right-radius: 4px; - border-top-left-radius: 4px; - border-bottom-right-radius: 0; - border-bottom-left-radius: 0; -} -.navbar-text { - margin-top: 12.5px; - margin-bottom: 12.5px; -} -@media (min-width: 0) { - .navbar-text { - float: left; - margin-left: 10px; - margin-right: 10px; - } -} -@media (min-width: 0) { - .navbar-left { - float: left !important; - } - .navbar-right { - float: right !important; - margin-right: -10px; - } - .navbar-right ~ .navbar-right { - margin-right: 0; - } -} -.navbar-default { - background-color: #F5F7FA; - border-color: transparent; -} -.navbar-default .navbar-brand { - color: #69707D; -} -.navbar-default .navbar-brand:hover, -.navbar-default .navbar-brand:focus { - color: #69707D; - background-color: transparent; -} -.navbar-default .navbar-text { - color: #69707D; -} -.navbar-default .navbar-nav > li > a { - color: #69707D; -} -.navbar-default .navbar-nav > li > a:hover, -.navbar-default .navbar-nav > li > a:focus { - color: #69707D; - background-color: transparent; -} -.navbar-default .navbar-nav > .active > a, -.navbar-default .navbar-nav > .active > a:hover, -.navbar-default .navbar-nav > .active > a:focus { - color: #343741; - background-color: transparent; -} -.navbar-default .navbar-nav > .disabled > a, -.navbar-default .navbar-nav > .disabled > a:hover, -.navbar-default .navbar-nav > .disabled > a:focus { - color: #69707D; - background-color: transparent; -} -.navbar-default .navbar-toggle { - border-color: #d3dce9; -} -.navbar-default .navbar-toggle:hover, -.navbar-default .navbar-toggle:focus { - background-color: #d3dce9; -} -.navbar-default .navbar-toggle .icon-bar { - background-color: #FFF; -} -.navbar-default .navbar-collapse, -.navbar-default .navbar-form { - border-color: transparent; -} -.navbar-default .navbar-nav > .open > a, -.navbar-default .navbar-nav > .open > a:hover, -.navbar-default .navbar-nav > .open > a:focus { - background-color: transparent; - color: #343741; -} -@media (max-width: -1) { - .navbar-default .navbar-nav .open .dropdown-menu > li > a { - color: #69707D; - } - .navbar-default .navbar-nav .open .dropdown-menu > li > a:hover, - .navbar-default .navbar-nav .open .dropdown-menu > li > a:focus { - color: #69707D; - background-color: transparent; - } - .navbar-default .navbar-nav .open .dropdown-menu > .active > a, - .navbar-default .navbar-nav .open .dropdown-menu > .active > a:hover, - .navbar-default .navbar-nav .open .dropdown-menu > .active > a:focus { - color: #343741; - background-color: transparent; - } - .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a, - .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a:hover, - .navbar-default .navbar-nav .open .dropdown-menu > .disabled > a:focus { - color: #69707D; - background-color: transparent; - } -} -.navbar-default .navbar-link { - color: #69707D; -} -.navbar-default .navbar-link:hover { - color: #69707D; -} -.navbar-inverse { - background-color: #343741; - border-color: #1d1f25; -} -.navbar-inverse .navbar-brand { - color: #FFF; -} -.navbar-inverse .navbar-brand:hover, -.navbar-inverse .navbar-brand:focus { - color: #FFF; - background-color: #4b4f5d; -} -.navbar-inverse .navbar-text { - color: #FFF; -} -.navbar-inverse .navbar-nav > li > a { - color: #D3DAE6; -} -.navbar-inverse .navbar-nav > li > a:hover, -.navbar-inverse .navbar-nav > li > a:focus { - color: #FFF; - background-color: #61677a; -} -.navbar-inverse .navbar-nav > .active > a, -.navbar-inverse .navbar-nav > .active > a:hover, -.navbar-inverse .navbar-nav > .active > a:focus { - color: #FFF; - background-color: #69707D; -} -.navbar-inverse .navbar-nav > .disabled > a, -.navbar-inverse .navbar-nav > .disabled > a:hover, -.navbar-inverse .navbar-nav > .disabled > a:focus { - color: #b2bac6; - background-color: transparent; -} -.navbar-inverse .navbar-toggle { - border-color: #1d1f25; -} -.navbar-inverse .navbar-toggle:hover, -.navbar-inverse .navbar-toggle:focus { - background-color: #1d1f25; -} -.navbar-inverse .navbar-toggle .icon-bar { - background-color: #FFF; -} -.navbar-inverse .navbar-collapse, -.navbar-inverse .navbar-form { - border-color: #24262d; -} -.navbar-inverse .navbar-nav > .open > a, -.navbar-inverse .navbar-nav > .open > a:hover, -.navbar-inverse .navbar-nav > .open > a:focus { - background-color: #69707D; - color: #FFF; -} -@media (max-width: -1) { - .navbar-inverse .navbar-nav .open .dropdown-menu > .dropdown-header { - border-color: #1d1f25; - } - .navbar-inverse .navbar-nav .open .dropdown-menu .divider { - background-color: #1d1f25; - } - .navbar-inverse .navbar-nav .open .dropdown-menu > li > a { - color: #D3DAE6; - } - .navbar-inverse .navbar-nav .open .dropdown-menu > li > a:hover, - .navbar-inverse .navbar-nav .open .dropdown-menu > li > a:focus { - color: #FFF; - background-color: #61677a; - } - .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a, - .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a:hover, - .navbar-inverse .navbar-nav .open .dropdown-menu > .active > a:focus { - color: #FFF; - background-color: #69707D; - } - .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a, - .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a:hover, - .navbar-inverse .navbar-nav .open .dropdown-menu > .disabled > a:focus { - color: #b2bac6; - background-color: transparent; - } -} -.navbar-inverse .navbar-link { - color: #D3DAE6; -} -.navbar-inverse .navbar-link:hover { - color: #FFF; -} -.close { - float: right; - font-size: 21px; - font-weight: bold; - line-height: 1; - color: #000; - text-shadow: none; - opacity: 0.2; - filter: alpha(opacity=20); -} -.close:hover, -.close:focus { - color: #000; - text-decoration: none; - cursor: pointer; - opacity: 0.5; - filter: alpha(opacity=50); -} -button.close { - padding: 0; - cursor: pointer; - background: transparent; - border: 0; - -webkit-appearance: none; -} -.modal-open { - overflow: hidden; -} -.modal { - display: none; - overflow: hidden; - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: 1070; - -webkit-overflow-scrolling: touch; - outline: 0; -} -.modal.fade .modal-dialog { - transform: translate(0, -25%); - transition: transform 0.3s ease-out; -} -.modal.in .modal-dialog { - transform: translate(0, 0); -} -.modal-open .modal { - overflow-x: hidden; - overflow-y: auto; -} -.modal-dialog { - position: relative; - width: auto; - margin: 10px; -} -.modal-content { - position: relative; - background-color: #FFF; - border: 1px solid #98A2B3; - border: 1px solid rgba(0, 0, 0, 0.2); - border-radius: 4px; - box-shadow: 0 3px 9px rgba(0, 0, 0, 0.5); - background-clip: padding-box; - outline: 0; -} -.modal-backdrop { - position: fixed; - top: 0; - right: 0; - bottom: 0; - left: 0; - z-index: 1060; - background-color: #000; -} -.modal-backdrop.fade { - opacity: 0; - filter: alpha(opacity=0); -} -.modal-backdrop.in { - opacity: 0.5; - filter: alpha(opacity=50); -} -.modal-header { - padding: 15px; - border-bottom: 1px solid #e5e5e5; -} -.modal-header .close { - margin-top: -2px; -} -.modal-title { - margin: 0; - line-height: 1.42857143; -} -.modal-body { - position: relative; - padding: 15px; -} -.modal-footer { - padding: 15px; - text-align: right; - border-top: 1px solid #e5e5e5; -} -.modal-scrollbar-measure { - position: absolute; - top: -9999px; - width: 50px; - height: 50px; - overflow: scroll; -} -@media (min-width: 768px) { - .modal-dialog { - width: 600px; - margin: 30px auto; - } - .modal-content { - box-shadow: 0 5px 15px rgba(0, 0, 0, 0.5); - } - .modal-sm { - width: 300px; - } -} -@media (min-width: 992px) { - .modal-lg { - width: 900px; - } -} -@-webkit-keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} -@keyframes progress-bar-stripes { - from { - background-position: 40px 0; - } - to { - background-position: 0 0; - } -} -.progress { - overflow: hidden; - height: 20px; - margin-bottom: 20px; - background-color: #b8bec8; - border-radius: 4px; - box-shadow: inset 0 1px 2px rgba(0, 0, 0, 0.1); -} -.progress-bar { - float: left; - width: 0%; - height: 100%; - font-size: 12px; - line-height: 20px; - color: #FFF; - text-align: center; - background-color: #54B399; - transition: width 0.6s ease; -} -.progress-striped .progress-bar, -.progress-bar-striped { - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); - background-size: 40px 40px; -} -.progress.active .progress-bar, -.progress-bar.active { - -webkit-animation: progress-bar-stripes 2s linear infinite; - animation: progress-bar-stripes 2s linear infinite; -} -.progress-bar-success { - background-color: #017D73; -} -.progress-striped .progress-bar-success { - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} -.progress-bar-info { - background-color: #006BB4; -} -.progress-striped .progress-bar-info { - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} -.progress-bar-warning { - background-color: #F5A700; -} -.progress-striped .progress-bar-warning { - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} -.progress-bar-danger { - background-color: #BD271E; -} -.progress-striped .progress-bar-danger { - background-image: linear-gradient(45deg, rgba(255, 255, 255, 0.15) 25%, transparent 25%, transparent 50%, rgba(255, 255, 255, 0.15) 50%, rgba(255, 255, 255, 0.15) 75%, transparent 75%, transparent); -} -.list-group { - margin-bottom: 20px; - padding-left: 0; -} -.list-group-item { - position: relative; - display: block; - padding: 10px 15px; - margin-bottom: -1px; - background-color: #FFF; - border: 1px solid #D3DAE6; -} -.list-group-item:first-child { - border-top-right-radius: 4px; - border-top-left-radius: 4px; -} -.list-group-item:last-child { - margin-bottom: 0; - border-bottom-right-radius: 4px; - border-bottom-left-radius: 4px; -} -.list-group-item--noBorder { - border-top: 0; -} -a.list-group-item, -button.list-group-item { - color: #69707D; -} -a.list-group-item .list-group-item-heading, -button.list-group-item .list-group-item-heading { - color: #343741; -} -a.list-group-item:hover, -button.list-group-item:hover, -a.list-group-item:focus, -button.list-group-item:focus { - text-decoration: none; - color: #69707D; - background-color: #F5F7FA; -} -button.list-group-item { - width: 100%; - text-align: left; -} -.list-group-item.disabled, -.list-group-item.disabled:hover, -.list-group-item.disabled:focus { - background-color: #D3DAE6; - color: #b2bac6; - cursor: not-allowed; -} -.list-group-item.disabled .list-group-item-heading, -.list-group-item.disabled:hover .list-group-item-heading, -.list-group-item.disabled:focus .list-group-item-heading { - color: inherit; -} -.list-group-item.disabled .list-group-item-text, -.list-group-item.disabled:hover .list-group-item-text, -.list-group-item.disabled:focus .list-group-item-text { - color: #b2bac6; -} -.list-group-item.active, -.list-group-item.active:hover, -.list-group-item.active:focus { - z-index: 2; - color: #343741; - background-color: #343741; - border-color: #343741; -} -.list-group-item.active .list-group-item-heading, -.list-group-item.active:hover .list-group-item-heading, -.list-group-item.active:focus .list-group-item-heading, -.list-group-item.active .list-group-item-heading > small, -.list-group-item.active:hover .list-group-item-heading > small, -.list-group-item.active:focus .list-group-item-heading > small, -.list-group-item.active .list-group-item-heading > .small, -.list-group-item.active:hover .list-group-item-heading > .small, -.list-group-item.active:focus .list-group-item-heading > .small { - color: inherit; -} -.list-group-item.active .list-group-item-text, -.list-group-item.active:hover .list-group-item-text, -.list-group-item.active:focus .list-group-item-text { - color: #969bab; -} -.list-group-item-success { - color: #FFF; - background-color: #017D73; -} -a.list-group-item-success, -button.list-group-item-success { - color: #FFF; -} -a.list-group-item-success .list-group-item-heading, -button.list-group-item-success .list-group-item-heading { - color: inherit; -} -a.list-group-item-success:hover, -button.list-group-item-success:hover, -a.list-group-item-success:focus, -button.list-group-item-success:focus { - color: #FFF; - background-color: #01645c; -} -a.list-group-item-success.active, -button.list-group-item-success.active, -a.list-group-item-success.active:hover, -button.list-group-item-success.active:hover, -a.list-group-item-success.active:focus, -button.list-group-item-success.active:focus { - color: #fff; - background-color: #FFF; - border-color: #FFF; -} -.list-group-item-info { - color: #FFF; - background-color: #006BB4; -} -a.list-group-item-info, -button.list-group-item-info { - color: #FFF; -} -a.list-group-item-info .list-group-item-heading, -button.list-group-item-info .list-group-item-heading { - color: inherit; -} -a.list-group-item-info:hover, -button.list-group-item-info:hover, -a.list-group-item-info:focus, -button.list-group-item-info:focus { - color: #FFF; - background-color: #005c9b; -} -a.list-group-item-info.active, -button.list-group-item-info.active, -a.list-group-item-info.active:hover, -button.list-group-item-info.active:hover, -a.list-group-item-info.active:focus, -button.list-group-item-info.active:focus { - color: #fff; - background-color: #FFF; - border-color: #FFF; -} -.list-group-item-warning { - color: #FFF; - background-color: #F5A700; -} -a.list-group-item-warning, -button.list-group-item-warning { - color: #FFF; -} -a.list-group-item-warning .list-group-item-heading, -button.list-group-item-warning .list-group-item-heading { - color: inherit; -} -a.list-group-item-warning:hover, -button.list-group-item-warning:hover, -a.list-group-item-warning:focus, -button.list-group-item-warning:focus { - color: #FFF; - background-color: #dc9600; -} -a.list-group-item-warning.active, -button.list-group-item-warning.active, -a.list-group-item-warning.active:hover, -button.list-group-item-warning.active:hover, -a.list-group-item-warning.active:focus, -button.list-group-item-warning.active:focus { - color: #fff; - background-color: #FFF; - border-color: #FFF; -} -.list-group-item-danger { - color: #FFF; - background-color: #BD271E; -} -a.list-group-item-danger, -button.list-group-item-danger { - color: #FFF; -} -a.list-group-item-danger .list-group-item-heading, -button.list-group-item-danger .list-group-item-heading { - color: inherit; -} -a.list-group-item-danger:hover, -button.list-group-item-danger:hover, -a.list-group-item-danger:focus, -button.list-group-item-danger:focus { - color: #FFF; - background-color: #a7221b; -} -a.list-group-item-danger.active, -button.list-group-item-danger.active, -a.list-group-item-danger.active:hover, -button.list-group-item-danger.active:hover, -a.list-group-item-danger.active:focus, -button.list-group-item-danger.active:focus { - color: #fff; - background-color: #FFF; - border-color: #FFF; -} -.list-group-item-heading { - margin-top: 0; - margin-bottom: 5px; -} -.list-group-item-text { - margin-bottom: 0; - line-height: 1.3; -} -.nav { - margin-bottom: 0; - padding-left: 0; - list-style: none; -} -.nav > li { - position: relative; - display: block; -} -.nav > li > a { - position: relative; - display: block; - padding: 10px 15px; -} -.nav > li > a:hover, -.nav > li > a:focus { - text-decoration: none; - background-color: #D3DAE6; -} -.nav > li.disabled > a { - color: #b2bac6; -} -.nav > li.disabled > a:hover, -.nav > li.disabled > a:focus { - color: #b2bac6; - text-decoration: none; - background-color: transparent; - cursor: not-allowed; -} -.nav .open > a, -.nav .open > a:hover, -.nav .open > a:focus { - background-color: #D3DAE6; - border-color: #006BB4; -} -.nav .nav-divider { - height: 1px; - margin: 9px 0; - overflow: hidden; - background-color: #e5e5e5; -} -.nav > li > a > img { - max-width: none; -} -.nav-tabs { - border-bottom: 1px solid #D3DAE6; -} -.nav-tabs > li { - float: left; - margin-bottom: -1px; -} -.nav-tabs > li > a { - margin-right: 2px; - line-height: 1.42857143; - border: 1px solid transparent; - border-radius: 4px 4px 0 0; -} -.nav-tabs > li > a:hover { - border-color: #D3DAE6; - background-color: #FFF; -} -.nav-tabs > li.active > a, -.nav-tabs > li.active > a:hover, -.nav-tabs > li.active > a:focus { - color: #343741; - background-color: #FFF; - border: 1px solid #D3DAE6; - border-bottom-color: transparent; - cursor: default; -} -.nav-tabs.nav-justified { - width: 100%; - border-bottom: 0; -} -.nav-tabs.nav-justified > li { - float: none; -} -.nav-tabs.nav-justified > li > a { - text-align: center; - margin-bottom: 5px; -} -.nav-tabs.nav-justified > .dropdown .dropdown-menu { - top: auto; - left: auto; -} -@media (min-width: 768px) { - .nav-tabs.nav-justified > li { - display: table-cell; - width: 1%; - } - .nav-tabs.nav-justified > li > a { - margin-bottom: 0; - } -} -.nav-tabs.nav-justified > li > a { - margin-right: 0; - border-radius: 4px; -} -.nav-tabs.nav-justified > .active > a, -.nav-tabs.nav-justified > .active > a:hover, -.nav-tabs.nav-justified > .active > a:focus { - border: 1px solid #FFF; -} -@media (min-width: 768px) { - .nav-tabs.nav-justified > li > a { - border-bottom: 1px solid #FFF; - border-radius: 4px 4px 0 0; - } - .nav-tabs.nav-justified > .active > a, - .nav-tabs.nav-justified > .active > a:hover, - .nav-tabs.nav-justified > .active > a:focus { - border-bottom-color: #FFF; - } -} -.nav-pills > li { - float: left; -} -.nav-pills > li > a { - border-radius: 4px; -} -.nav-pills > li + li { - margin-left: 2px; -} -.nav-pills > li.active > a, -.nav-pills > li.active > a:hover, -.nav-pills > li.active > a:focus { - color: #FFF; - background-color: #006BB4; -} -.nav-stacked > li { - float: none; -} -.nav-stacked > li + li { - margin-top: 2px; - margin-left: 0; -} -.nav-justified { - width: 100%; -} -.nav-justified > li { - float: none; -} -.nav-justified > li > a { - text-align: center; - margin-bottom: 5px; -} -.nav-justified > .dropdown .dropdown-menu { - top: auto; - left: auto; -} -@media (min-width: 768px) { - .nav-justified > li { - display: table-cell; - width: 1%; - } - .nav-justified > li > a { - margin-bottom: 0; - } -} -.nav-tabs-justified { - border-bottom: 0; -} -.nav-tabs-justified > li > a { - margin-right: 0; - border-radius: 4px; -} -.nav-tabs-justified > .active > a, -.nav-tabs-justified > .active > a:hover, -.nav-tabs-justified > .active > a:focus { - border: 1px solid #FFF; -} -@media (min-width: 768px) { - .nav-tabs-justified > li > a { - border-bottom: 1px solid #FFF; - border-radius: 4px 4px 0 0; - } - .nav-tabs-justified > .active > a, - .nav-tabs-justified > .active > a:hover, - .nav-tabs-justified > .active > a:focus { - border-bottom-color: #FFF; - } -} -.tab-content > .tab-pane { - display: none; -} -.tab-content > .active { - display: block; -} -.nav-tabs .dropdown-menu { - margin-top: -1px; - border-top-right-radius: 0; - border-top-left-radius: 0; -} -.alert { - padding: 15px; - margin-bottom: 20px; - border: 1px solid transparent; - border-radius: 4px; -} -.alert h4 { - margin-top: 0; - color: inherit; -} -.alert .alert-link { - font-weight: bold; -} -.alert > p, -.alert > ul { - margin-bottom: 0; -} -.alert > p + p { - margin-top: 5px; -} -.alert-dismissable, -.alert-dismissible { - padding-right: 35px; -} -.alert-dismissable .close, -.alert-dismissible .close { - position: relative; - top: -2px; - right: -21px; - color: inherit; -} -.alert-success { - background-color: #017D73; - border-color: #014a44; - color: #FFF; -} -.alert-success hr { - border-top-color: #00312d; -} -.alert-success .alert-link { - color: #e6e6e6; -} -.alert-info { - background-color: #006BB4; - border-color: #004d81; - color: #FFF; -} -.alert-info hr { - border-top-color: #003e68; -} -.alert-info .alert-link { - color: #e6e6e6; -} -.alert-warning { - background-color: #F5A700; - border-color: #c28400; - color: #FFF; -} -.alert-warning hr { - border-top-color: #a97300; -} -.alert-warning .alert-link { - color: #e6e6e6; -} -.alert-danger { - background-color: #BD271E; - border-color: #911e17; - color: #FFF; -} -.alert-danger hr { - border-top-color: #7b1914; -} -.alert-danger .alert-link { - color: #e6e6e6; -} -.bsTooltip { - position: absolute; - z-index: 1040; - display: block; - font-family: 'Open Sans', Helvetica, Arial, sans-serif; - font-style: normal; - font-weight: normal; - letter-spacing: normal; - line-break: auto; - line-height: 1.42857143; - text-align: left; - text-align: start; - text-decoration: none; - text-shadow: none; - text-transform: none; - white-space: normal; - word-break: normal; - word-spacing: normal; - word-wrap: normal; - font-size: 12px; - opacity: 0; - filter: alpha(opacity=0); -} -.bsTooltip.in { - opacity: 0.8; - filter: alpha(opacity=80); -} -.bsTooltip.top { - margin-top: -3px; - padding: 5px 0; -} -.bsTooltip.right { - margin-left: 3px; - padding: 0 5px; -} -.bsTooltip.bottom { - margin-top: 3px; - padding: 5px 0; -} -.bsTooltip.left { - margin-left: -3px; - padding: 0 5px; -} -.bsTooltip-inner { - max-width: 200px; - padding: 3px 8px; - color: #fff; - text-align: center; - background-color: #000; - border-radius: 4px; -} -.bsTooltip-arrow { - position: absolute; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} -.bsTooltip.top .bsTooltip-arrow { - bottom: 0; - left: 50%; - margin-left: -5px; - border-width: 5px 5px 0; - border-top-color: #000; -} -.bsTooltip.top-left .bsTooltip-arrow { - bottom: 0; - right: 5px; - margin-bottom: -5px; - border-width: 5px 5px 0; - border-top-color: #000; -} -.bsTooltip.top-right .bsTooltip-arrow { - bottom: 0; - left: 5px; - margin-bottom: -5px; - border-width: 5px 5px 0; - border-top-color: #000; -} -.bsTooltip.right .bsTooltip-arrow { - top: 50%; - left: 0; - margin-top: -5px; - border-width: 5px 5px 5px 0; - border-right-color: #000; -} -.bsTooltip.left .bsTooltip-arrow { - top: 50%; - right: 0; - margin-top: -5px; - border-width: 5px 0 5px 5px; - border-left-color: #000; -} -.bsTooltip.bottom .bsTooltip-arrow { - top: 0; - left: 50%; - margin-left: -5px; - border-width: 0 5px 5px; - border-bottom-color: #000; -} -.bsTooltip.bottom-left .bsTooltip-arrow { - top: 0; - right: 5px; - margin-top: -5px; - border-width: 0 5px 5px; - border-bottom-color: #000; -} -.bsTooltip.bottom-right .bsTooltip-arrow { - top: 0; - left: 5px; - margin-top: -5px; - border-width: 0 5px 5px; - border-bottom-color: #000; -} -.visible-xs, -.visible-sm, -.visible-md, -.visible-lg { - display: none !important; -} -.visible-xs-block, -.visible-xs-inline, -.visible-xs-inline-block, -.visible-sm-block, -.visible-sm-inline, -.visible-sm-inline-block, -.visible-md-block, -.visible-md-inline, -.visible-md-inline-block, -.visible-lg-block, -.visible-lg-inline, -.visible-lg-inline-block { - display: none !important; -} -@media (max-width: 767px) { - .visible-xs { - display: block !important; - } - table.visible-xs { - display: table !important; - } - tr.visible-xs { - display: table-row !important; - } - th.visible-xs, - td.visible-xs { - display: table-cell !important; - } -} -@media (max-width: 767px) { - .visible-xs-block { - display: block !important; - } -} -@media (max-width: 767px) { - .visible-xs-inline { - display: inline !important; - } -} -@media (max-width: 767px) { - .visible-xs-inline-block { - display: inline-block !important; - } -} -@media (min-width: 768px) and (max-width: 991px) { - .visible-sm { - display: block !important; - } - table.visible-sm { - display: table !important; - } - tr.visible-sm { - display: table-row !important; - } - th.visible-sm, - td.visible-sm { - display: table-cell !important; - } -} -@media (min-width: 768px) and (max-width: 991px) { - .visible-sm-block { - display: block !important; - } -} -@media (min-width: 768px) and (max-width: 991px) { - .visible-sm-inline { - display: inline !important; - } -} -@media (min-width: 768px) and (max-width: 991px) { - .visible-sm-inline-block { - display: inline-block !important; - } -} -@media (min-width: 992px) and (max-width: 1199px) { - .visible-md { - display: block !important; - } - table.visible-md { - display: table !important; - } - tr.visible-md { - display: table-row !important; - } - th.visible-md, - td.visible-md { - display: table-cell !important; - } -} -@media (min-width: 992px) and (max-width: 1199px) { - .visible-md-block { - display: block !important; - } -} -@media (min-width: 992px) and (max-width: 1199px) { - .visible-md-inline { - display: inline !important; - } -} -@media (min-width: 992px) and (max-width: 1199px) { - .visible-md-inline-block { - display: inline-block !important; - } -} -@media (min-width: 1200px) { - .visible-lg { - display: block !important; - } - table.visible-lg { - display: table !important; - } - tr.visible-lg { - display: table-row !important; - } - th.visible-lg, - td.visible-lg { - display: table-cell !important; - } -} -@media (min-width: 1200px) { - .visible-lg-block { - display: block !important; - } -} -@media (min-width: 1200px) { - .visible-lg-inline { - display: inline !important; - } -} -@media (min-width: 1200px) { - .visible-lg-inline-block { - display: inline-block !important; - } -} -@media (max-width: 767px) { - .hidden-xs { - display: none !important; - } -} -@media (min-width: 768px) and (max-width: 991px) { - .hidden-sm { - display: none !important; - } -} -@media (min-width: 992px) and (max-width: 1199px) { - .hidden-md { - display: none !important; - } -} -@media (min-width: 1200px) { - .hidden-lg { - display: none !important; - } -} -.visible-print { - display: none !important; -} -@media print { - .visible-print { - display: block !important; - } - table.visible-print { - display: table !important; - } - tr.visible-print { - display: table-row !important; - } - th.visible-print, - td.visible-print { - display: table-cell !important; - } -} -.visible-print-block { - display: none !important; -} -@media print { - .visible-print-block { - display: block !important; - } -} -.visible-print-inline { - display: none !important; -} -@media print { - .visible-print-inline { - display: inline !important; - } -} -.visible-print-inline-block { - display: none !important; -} -@media print { - .visible-print-inline-block { - display: inline-block !important; - } -} -@media print { - .hidden-print { - display: none !important; - } -} -.caret { - display: inline-block; - width: 0; - height: 0; - margin-left: 2px; - vertical-align: middle; - border-top: 4px dashed; - border-top: 4px solid \9; - border-right: 4px solid transparent; - border-left: 4px solid transparent; -} -.dropup, -.dropdown { - position: relative; -} -.dropdown-toggle:focus { - outline: 0; -} -.dropdown-menu { - position: absolute; - top: 100%; - left: 0; - z-index: 1000; - display: none; - float: left; - min-width: 160px; - padding: 5px 0; - margin: 2px 0 0; - list-style: none; - font-size: 14px; - text-align: left; - background-color: #FFF; - border: 1px solid #D3DAE6; - border-radius: 4px; - box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.1); - background-clip: padding-box; -} -.dropdown-menu.pull-right { - right: 0; - left: auto; -} -.dropdown-menu .divider { - height: 1px; - margin: 9px 0; - overflow: hidden; - background-color: #D3DAE6; -} -.dropdown-menu > li > a, -.dropdown-menu > li > button { - display: block; - padding: 3px 20px; - clear: both; - font-weight: normal; - line-height: 1.42857143; - color: #7b7b7b; - white-space: nowrap; -} -.dropdown-menu > li > button { - -webkit-appearance: none; - -moz-appearance: none; - appearance: none; - background: none; - border: none; - width: 100%; - text-align: left; -} -.dropdown-menu > li > a:hover, -.dropdown-menu > li > button:hover, -.dropdown-menu > li > a:focus, -.dropdown-menu > li > button:focus { - text-decoration: none; - color: #FFF; - background-color: #343741; -} -.dropdown-menu > .active > button, -.dropdown-menu > .active > a, -.dropdown-menu > .active > button:hover, -.dropdown-menu > .active > a:hover, -.dropdown-menu > .active > button:focus, -.dropdown-menu > .active > a:focus { - color: #FFF; - text-decoration: none; - outline: 0; - background-color: #343741; -} -.dropdown-menu > .disabled > a, -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - color: #98A2B3; -} -.dropdown-menu > .disabled > a:hover, -.dropdown-menu > .disabled > a:focus { - text-decoration: none; - background-color: transparent; - background-image: none; - filter: progid:DXImageTransform.Microsoft.gradient(enabled = false); - cursor: not-allowed; -} -.open > .dropdown-menu { - display: block; -} -.open > a { - outline: 0; -} -.dropdown-menu-right { - left: auto; - right: 0; -} -.dropdown-menu-left { - left: 0; - right: auto; -} -.dropdown-header { - display: block; - padding: 3px 20px; - font-size: 12px; - line-height: 1.42857143; - color: #98A2B3; - white-space: nowrap; -} -.dropdown-backdrop { - position: fixed; - left: 0; - right: 0; - bottom: 0; - top: 0; - z-index: 990; -} -.pull-right > .dropdown-menu { - right: 0; - left: auto; -} -.dropup .caret, -.navbar-fixed-bottom .dropdown .caret { - border-top: 0; - border-bottom: 4px dashed; - border-bottom: 4px solid \9; - content: ""; -} -.dropup .dropdown-menu, -.navbar-fixed-bottom .dropdown .dropdown-menu { - top: auto; - bottom: 100%; - margin-bottom: 2px; -} -@media (min-width: 0) { - .navbar-right .dropdown-menu { - left: auto; - right: 0; - } - .navbar-right .dropdown-menu-left { - left: 0; - right: auto; - } -} -.input-group { - position: relative; - display: table; - border-collapse: separate; -} -.input-group[class*="col-"] { - float: none; - padding-left: 0; - padding-right: 0; -} -.input-group .form-control { - position: relative; - z-index: 2; - float: left; - width: 100%; - margin-bottom: 0; -} -.input-group .form-control:focus { - z-index: 3; -} -.input-group-lg > .form-control, -.input-group-lg > .input-group-addon { - height: 62px; - padding: 18px 27px; - font-size: 18px; - line-height: 1.3333333; - border-radius: 4px; -} -select.input-group-lg > .form-control, -select.input-group-lg > .input-group-addon { - height: 62px; - line-height: 62px; -} -textarea.input-group-lg > .form-control, -textarea.input-group-lg > .input-group-addon, -select[multiple].input-group-lg > .form-control, -select[multiple].input-group-lg > .input-group-addon { - height: auto; -} -.input-group-sm > .form-control, -.input-group-sm > .input-group-addon { - height: 32px; - padding: 6px 9px; - font-size: 12px; - line-height: 1.5; - border-radius: 4px; -} -select.input-group-sm > .form-control, -select.input-group-sm > .input-group-addon { - height: 32px; - line-height: 32px; -} -textarea.input-group-sm > .form-control, -textarea.input-group-sm > .input-group-addon, -select[multiple].input-group-sm > .form-control, -select[multiple].input-group-sm > .input-group-addon { - height: auto; -} -.input-group-addon, -.input-group .form-control { - display: table-cell; -} -.input-group-addon:not(:first-child):not(:last-child), -.input-group .form-control:not(:first-child):not(:last-child) { - border-radius: 0; -} -.input-group-addon { - width: 1%; - white-space: nowrap; - vertical-align: middle; -} -.input-group-addon { - padding: 5px 15px; - font-size: 14px; - font-weight: normal; - line-height: 1; - color: #343741; - text-align: center; - background-color: #D3DAE6; - border: 1px solid #D3DAE6; - border-radius: 4px; -} -.input-group-addon.input-sm { - padding: 6px 9px; - font-size: 12px; - border-radius: 4px; -} -.input-group-addon.input-lg { - padding: 18px 27px; - font-size: 18px; - border-radius: 4px; -} -.input-group-addon input[type="radio"], -.input-group-addon input[type="checkbox"] { - margin-top: 0; -} -.input-group .form-control:first-child, -.input-group-addon:first-child { - border-bottom-right-radius: 0; - border-top-right-radius: 0; -} -.input-group-addon:first-child { - border-right: 0; -} -.input-group .form-control:last-child, -.input-group-addon:last-child { - border-bottom-left-radius: 0; - border-top-left-radius: 0; -} -.input-group-addon:last-child { - border-left: 0; -} -.pagination { - display: inline-block; - padding-left: 0; - margin: 20px 0; - border-radius: 4px; -} -.pagination > li { - display: inline; -} -.pagination > li > a, -.pagination > li > span { - position: relative; - float: left; - padding: 5px 15px; - line-height: 1.42857143; - text-decoration: none; - color: #006BB4; - background-color: transparent; - border: 1px solid transparent; - margin-left: -1px; -} -.pagination > li:first-child > a, -.pagination > li:first-child > span { - margin-left: 0; - border-bottom-left-radius: 4px; - border-top-left-radius: 4px; -} -.pagination > li:last-child > a, -.pagination > li:last-child > span { - border-bottom-right-radius: 4px; - border-top-right-radius: 4px; -} -.pagination > li > a:hover, -.pagination > li > span:hover, -.pagination > li > a:focus, -.pagination > li > span:focus { - z-index: 2; - color: #006BB4; - background-color: rgba(0, 0, 0, 0); - border-color: transparent; -} -.pagination > .active > a, -.pagination > .active > span, -.pagination > .active > a:hover, -.pagination > .active > span:hover, -.pagination > .active > a:focus, -.pagination > .active > span:focus { - z-index: 3; - color: #343741; - background-color: rgba(0, 0, 0, 0); - border-color: transparent; - cursor: default; -} -.pagination > .disabled > span, -.pagination > .disabled > span:hover, -.pagination > .disabled > span:focus, -.pagination > .disabled > a, -.pagination > .disabled > a:hover, -.pagination > .disabled > a:focus { - color: #343741; - background-color: rgba(38, 38, 38, 0); - border-color: transparent; - cursor: not-allowed; -} -.pagination-lg > li > a, -.pagination-lg > li > span { - padding: 18px 27px; - font-size: 18px; - line-height: 1.3333333; -} -.pagination-lg > li:first-child > a, -.pagination-lg > li:first-child > span { - border-bottom-left-radius: 4px; - border-top-left-radius: 4px; -} -.pagination-lg > li:last-child > a, -.pagination-lg > li:last-child > span { - border-bottom-right-radius: 4px; - border-top-right-radius: 4px; -} -.pagination-sm > li > a, -.pagination-sm > li > span { - padding: 6px 9px; - font-size: 12px; - line-height: 1.5; -} -.pagination-sm > li:first-child > a, -.pagination-sm > li:first-child > span { - border-bottom-left-radius: 4px; - border-top-left-radius: 4px; -} -.pagination-sm > li:last-child > a, -.pagination-sm > li:last-child > span { - border-bottom-right-radius: 4px; - border-top-right-radius: 4px; -} -.pager { - padding-left: 0; - margin: 20px 0; - list-style: none; - text-align: center; -} -.pager li { - display: inline; -} -.pager li > a, -.pager li > span { - display: inline-block; - padding: 5px 14px; - background-color: transparent; - border: 1px solid transparent; - border-radius: 0; -} -.pager li > a:hover, -.pager li > a:focus { - text-decoration: none; - background-color: rgba(0, 0, 0, 0); -} -.pager .next > a, -.pager .next > span { - float: right; -} -.pager .previous > a, -.pager .previous > span { - float: left; -} -.pager .disabled > a, -.pager .disabled > a:hover, -.pager .disabled > a:focus, -.pager .disabled > span { - color: #FFF; - background-color: transparent; - cursor: not-allowed; -} -.label { - display: inline; - padding: .2em .6em .3em; - font-size: 75%; - font-weight: bold; - line-height: 1; - color: #FFF; - text-align: center; - white-space: nowrap; - vertical-align: baseline; - border-radius: .25em; -} -a.label:hover, -a.label:focus { - color: #FFF; - text-decoration: none; - cursor: pointer; -} -.label:empty { - display: none; -} -.label-default { - background-color: #006BB4; -} -.label-default[href]:hover, -.label-default[href]:focus { - background-color: #004d81; -} -.label-primary { - background-color: #343741; -} -.label-primary[href]:hover, -.label-primary[href]:focus { - background-color: #1d1f25; -} -.label-success { - background-color: #017D73; -} -.label-success[href]:hover, -.label-success[href]:focus { - background-color: #014a44; -} -.label-info { - background-color: #006BB4; -} -.label-info[href]:hover, -.label-info[href]:focus { - background-color: #004d81; -} -.label-warning { - background-color: #F5A700; -} -.label-warning[href]:hover, -.label-warning[href]:focus { - background-color: #c28400; -} -.label-danger { - background-color: #BD271E; -} -.label-danger[href]:hover, -.label-danger[href]:focus { - background-color: #911e17; -} -.panel { - margin-bottom: 20px; - background-color: #FFF; - border: 1px solid transparent; - border-radius: 4px; - box-shadow: 0 1px 1px rgba(0, 0, 0, 0.05); -} -.panel-body { - padding: 15px; -} -.panel-heading { - padding: 10px 15px; - border-bottom: 1px solid transparent; - border-top-right-radius: 3px; - border-top-left-radius: 3px; -} -.panel-heading > .dropdown .dropdown-toggle { - color: inherit; -} -.panel-title { - margin-top: 0; - margin-bottom: 0; - font-size: 16px; - color: inherit; -} -.panel-title > a, -.panel-title > small, -.panel-title > .small, -.panel-title > small > a, -.panel-title > .small > a { - color: inherit; -} -.panel-footer { - padding: 10px 15px; - background-color: #F5F7FA; - border-top: 1px solid #D3DAE6; - border-bottom-right-radius: 3px; - border-bottom-left-radius: 3px; -} -.panel > .list-group, -.panel > .panel-collapse > .list-group { - margin-bottom: 0; -} -.panel > .list-group .list-group-item, -.panel > .panel-collapse > .list-group .list-group-item { - border-width: 1px 0; - border-radius: 0; -} -.panel > .list-group:first-child .list-group-item:first-child, -.panel > .panel-collapse > .list-group:first-child .list-group-item:first-child { - border-top: 0; - border-top-right-radius: 3px; - border-top-left-radius: 3px; -} -.panel > .list-group:last-child .list-group-item:last-child, -.panel > .panel-collapse > .list-group:last-child .list-group-item:last-child { - border-bottom: 0; - border-bottom-right-radius: 3px; - border-bottom-left-radius: 3px; -} -.panel > .panel-heading + .panel-collapse > .list-group .list-group-item:first-child { - border-top-right-radius: 0; - border-top-left-radius: 0; -} -.panel-heading + .list-group .list-group-item:first-child { - border-top-width: 0; -} -.list-group + .panel-footer { - border-top-width: 0; -} -.panel > .table, -.panel > .table-responsive > .table, -.panel > .panel-collapse > .table { - margin-bottom: 0; -} -.panel > .table caption, -.panel > .table-responsive > .table caption, -.panel > .panel-collapse > .table caption { - padding-left: 15px; - padding-right: 15px; -} -.panel > .table:first-child, -.panel > .table-responsive:first-child > .table:first-child { - border-top-right-radius: 3px; - border-top-left-radius: 3px; -} -.panel > .table:first-child > thead:first-child > tr:first-child, -.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child, -.panel > .table:first-child > tbody:first-child > tr:first-child, -.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child { - border-top-left-radius: 3px; - border-top-right-radius: 3px; -} -.panel > .table:first-child > thead:first-child > tr:first-child td:first-child, -.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child td:first-child, -.panel > .table:first-child > tbody:first-child > tr:first-child td:first-child, -.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child td:first-child, -.panel > .table:first-child > thead:first-child > tr:first-child th:first-child, -.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child th:first-child, -.panel > .table:first-child > tbody:first-child > tr:first-child th:first-child, -.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child th:first-child { - border-top-left-radius: 3px; -} -.panel > .table:first-child > thead:first-child > tr:first-child td:last-child, -.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child td:last-child, -.panel > .table:first-child > tbody:first-child > tr:first-child td:last-child, -.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child td:last-child, -.panel > .table:first-child > thead:first-child > tr:first-child th:last-child, -.panel > .table-responsive:first-child > .table:first-child > thead:first-child > tr:first-child th:last-child, -.panel > .table:first-child > tbody:first-child > tr:first-child th:last-child, -.panel > .table-responsive:first-child > .table:first-child > tbody:first-child > tr:first-child th:last-child { - border-top-right-radius: 3px; -} -.panel > .table:last-child, -.panel > .table-responsive:last-child > .table:last-child { - border-bottom-right-radius: 3px; - border-bottom-left-radius: 3px; -} -.panel > .table:last-child > tbody:last-child > tr:last-child, -.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child, -.panel > .table:last-child > tfoot:last-child > tr:last-child, -.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child { - border-bottom-left-radius: 3px; - border-bottom-right-radius: 3px; -} -.panel > .table:last-child > tbody:last-child > tr:last-child td:first-child, -.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child td:first-child, -.panel > .table:last-child > tfoot:last-child > tr:last-child td:first-child, -.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child td:first-child, -.panel > .table:last-child > tbody:last-child > tr:last-child th:first-child, -.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child th:first-child, -.panel > .table:last-child > tfoot:last-child > tr:last-child th:first-child, -.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child th:first-child { - border-bottom-left-radius: 3px; -} -.panel > .table:last-child > tbody:last-child > tr:last-child td:last-child, -.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child td:last-child, -.panel > .table:last-child > tfoot:last-child > tr:last-child td:last-child, -.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child td:last-child, -.panel > .table:last-child > tbody:last-child > tr:last-child th:last-child, -.panel > .table-responsive:last-child > .table:last-child > tbody:last-child > tr:last-child th:last-child, -.panel > .table:last-child > tfoot:last-child > tr:last-child th:last-child, -.panel > .table-responsive:last-child > .table:last-child > tfoot:last-child > tr:last-child th:last-child { - border-bottom-right-radius: 3px; -} -.panel > .panel-body + .table, -.panel > .panel-body + .table-responsive, -.panel > .table + .panel-body, -.panel > .table-responsive + .panel-body { - border-top: 1px solid #D3DAE6; -} -.panel > .table > tbody:first-child > tr:first-child th, -.panel > .table > tbody:first-child > tr:first-child td { - border-top: 0; -} -.panel > .table-bordered, -.panel > .table-responsive > .table-bordered { - border: 0; -} -.panel > .table-bordered > thead > tr > th:first-child, -.panel > .table-responsive > .table-bordered > thead > tr > th:first-child, -.panel > .table-bordered > tbody > tr > th:first-child, -.panel > .table-responsive > .table-bordered > tbody > tr > th:first-child, -.panel > .table-bordered > tfoot > tr > th:first-child, -.panel > .table-responsive > .table-bordered > tfoot > tr > th:first-child, -.panel > .table-bordered > thead > tr > td:first-child, -.panel > .table-responsive > .table-bordered > thead > tr > td:first-child, -.panel > .table-bordered > tbody > tr > td:first-child, -.panel > .table-responsive > .table-bordered > tbody > tr > td:first-child, -.panel > .table-bordered > tfoot > tr > td:first-child, -.panel > .table-responsive > .table-bordered > tfoot > tr > td:first-child { - border-left: 0; -} -.panel > .table-bordered > thead > tr > th:last-child, -.panel > .table-responsive > .table-bordered > thead > tr > th:last-child, -.panel > .table-bordered > tbody > tr > th:last-child, -.panel > .table-responsive > .table-bordered > tbody > tr > th:last-child, -.panel > .table-bordered > tfoot > tr > th:last-child, -.panel > .table-responsive > .table-bordered > tfoot > tr > th:last-child, -.panel > .table-bordered > thead > tr > td:last-child, -.panel > .table-responsive > .table-bordered > thead > tr > td:last-child, -.panel > .table-bordered > tbody > tr > td:last-child, -.panel > .table-responsive > .table-bordered > tbody > tr > td:last-child, -.panel > .table-bordered > tfoot > tr > td:last-child, -.panel > .table-responsive > .table-bordered > tfoot > tr > td:last-child { - border-right: 0; -} -.panel > .table-bordered > thead > tr:first-child > td, -.panel > .table-responsive > .table-bordered > thead > tr:first-child > td, -.panel > .table-bordered > tbody > tr:first-child > td, -.panel > .table-responsive > .table-bordered > tbody > tr:first-child > td, -.panel > .table-bordered > thead > tr:first-child > th, -.panel > .table-responsive > .table-bordered > thead > tr:first-child > th, -.panel > .table-bordered > tbody > tr:first-child > th, -.panel > .table-responsive > .table-bordered > tbody > tr:first-child > th { - border-bottom: 0; -} -.panel > .table-bordered > tbody > tr:last-child > td, -.panel > .table-responsive > .table-bordered > tbody > tr:last-child > td, -.panel > .table-bordered > tfoot > tr:last-child > td, -.panel > .table-responsive > .table-bordered > tfoot > tr:last-child > td, -.panel > .table-bordered > tbody > tr:last-child > th, -.panel > .table-responsive > .table-bordered > tbody > tr:last-child > th, -.panel > .table-bordered > tfoot > tr:last-child > th, -.panel > .table-responsive > .table-bordered > tfoot > tr:last-child > th { - border-bottom: 0; -} -.panel > .table-responsive { - border: 0; - margin-bottom: 0; -} -.panel-group { - margin-bottom: 20px; -} -.panel-group .panel { - margin-bottom: 0; - border-radius: 4px; -} -.panel-group .panel + .panel { - margin-top: 5px; -} -.panel-group .panel-heading { - border-bottom: 0; -} -.panel-group .panel-heading + .panel-collapse > .panel-body, -.panel-group .panel-heading + .panel-collapse > .list-group { - border-top: 1px solid #D3DAE6; -} -.panel-group .panel-footer { - border-top: 0; -} -.panel-group .panel-footer + .panel-collapse .panel-body { - border-bottom: 1px solid #D3DAE6; -} -.panel-default { - border-color: #D3DAE6; -} -.panel-default > .panel-heading { - color: #7b7b7b; - background-color: #F5F7FA; - border-color: #D3DAE6; -} -.panel-default > .panel-heading + .panel-collapse > .panel-body { - border-top-color: #D3DAE6; -} -.panel-default > .panel-heading .badge { - color: #F5F7FA; - background-color: #7b7b7b; -} -.panel-default > .panel-footer + .panel-collapse > .panel-body { - border-bottom-color: #D3DAE6; -} -.panel-primary { - border-color: #343741; -} -.panel-primary > .panel-heading { - color: #FFF; - background-color: #343741; - border-color: #343741; -} -.panel-primary > .panel-heading + .panel-collapse > .panel-body { - border-top-color: #343741; -} -.panel-primary > .panel-heading .badge { - color: #343741; - background-color: #FFF; -} -.panel-primary > .panel-footer + .panel-collapse > .panel-body { - border-bottom-color: #343741; -} -.panel-success { - border-color: #014a44; -} -.panel-success > .panel-heading { - color: #FFF; - background-color: #017D73; - border-color: #014a44; -} -.panel-success > .panel-heading + .panel-collapse > .panel-body { - border-top-color: #014a44; -} -.panel-success > .panel-heading .badge { - color: #017D73; - background-color: #FFF; -} -.panel-success > .panel-footer + .panel-collapse > .panel-body { - border-bottom-color: #014a44; -} -.panel-info { - border-color: #004d81; -} -.panel-info > .panel-heading { - color: #FFF; - background-color: #006BB4; - border-color: #004d81; -} -.panel-info > .panel-heading + .panel-collapse > .panel-body { - border-top-color: #004d81; -} -.panel-info > .panel-heading .badge { - color: #006BB4; - background-color: #FFF; -} -.panel-info > .panel-footer + .panel-collapse > .panel-body { - border-bottom-color: #004d81; -} -.panel-warning { - border-color: #c28400; -} -.panel-warning > .panel-heading { - color: #FFF; - background-color: #F5A700; - border-color: #c28400; -} -.panel-warning > .panel-heading + .panel-collapse > .panel-body { - border-top-color: #c28400; -} -.panel-warning > .panel-heading .badge { - color: #F5A700; - background-color: #FFF; -} -.panel-warning > .panel-footer + .panel-collapse > .panel-body { - border-bottom-color: #c28400; -} -.panel-danger { - border-color: #911e17; -} -.panel-danger > .panel-heading { - color: #FFF; - background-color: #BD271E; - border-color: #911e17; -} -.panel-danger > .panel-heading + .panel-collapse > .panel-body { - border-top-color: #911e17; -} -.panel-danger > .panel-heading .badge { - color: #BD271E; - background-color: #FFF; -} -.panel-danger > .panel-footer + .panel-collapse > .panel-body { - border-bottom-color: #911e17; -} -.popover { - position: absolute; - top: 0; - left: 0; - z-index: 1010; - display: none; - max-width: 276px; - padding: 1px; - font-family: 'Open Sans', Helvetica, Arial, sans-serif; - font-style: normal; - font-weight: normal; - letter-spacing: normal; - line-break: auto; - line-height: 1.42857143; - text-align: left; - text-align: start; - text-decoration: none; - text-shadow: none; - text-transform: none; - white-space: normal; - word-break: normal; - word-spacing: normal; - word-wrap: normal; - font-size: 14px; - background-color: #FFF; - background-clip: padding-box; - border: 1px solid #D3DAE6; - border-radius: 4px; - box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.1); -} -.popover.top { - margin-top: -10px; -} -.popover.right { - margin-left: 10px; -} -.popover.bottom { - margin-top: 10px; -} -.popover.left { - margin-left: -10px; -} -.popover-title { - margin: 0; - padding: 8px 14px; - font-size: 14px; - background-color: #f7f7f7; - border-bottom: 1px solid #ebebeb; - border-radius: 3px 3px 0 0; -} -.popover-content { - padding: 9px 14px; -} -.popover > .arrow, -.popover > .arrow:after { - position: absolute; - display: block; - width: 0; - height: 0; - border-color: transparent; - border-style: solid; -} -.popover > .arrow { - border-width: 11px; -} -.popover > .arrow:after { - border-width: 10px; - content: ""; -} -.popover.top > .arrow { - left: 50%; - margin-left: -11px; - border-bottom-width: 0; - border-top-color: #92a3c1; - border-top-color: #d3dae6; - bottom: -11px; -} -.popover.top > .arrow:after { - content: " "; - bottom: 1px; - margin-left: -10px; - border-bottom-width: 0; - border-top-color: #FFF; -} -.popover.right > .arrow { - top: 50%; - left: -11px; - margin-top: -11px; - border-left-width: 0; - border-right-color: #92a3c1; - border-right-color: #d3dae6; -} -.popover.right > .arrow:after { - content: " "; - left: 1px; - bottom: -10px; - border-left-width: 0; - border-right-color: #FFF; -} -.popover.bottom > .arrow { - left: 50%; - margin-left: -11px; - border-top-width: 0; - border-bottom-color: #92a3c1; - border-bottom-color: #d3dae6; - top: -11px; -} -.popover.bottom > .arrow:after { - content: " "; - top: 1px; - margin-left: -10px; - border-top-width: 0; - border-bottom-color: #FFF; -} -.popover.left > .arrow { - top: 50%; - right: -11px; - margin-top: -11px; - border-right-width: 0; - border-left-color: #92a3c1; - border-left-color: #d3dae6; -} -.popover.left > .arrow:after { - content: " "; - right: 1px; - border-right-width: 0; - border-left-color: #FFF; - bottom: -10px; -} -.clearfix:before, -.clearfix:after, -.container:before, -.container:after, -.container-fluid:before, -.container-fluid:after, -.row:before, -.row:after, -.form-horizontal .form-group:before, -.form-horizontal .form-group:after, -.dl-horizontal dd:before, -.dl-horizontal dd:after, -.navbar:before, -.navbar:after, -.navbar-header:before, -.navbar-header:after, -.navbar-collapse:before, -.navbar-collapse:after, -.modal-header:before, -.modal-header:after, -.modal-footer:before, -.modal-footer:after, -.nav:before, -.nav:after, -.pager:before, -.pager:after, -.panel-body:before, -.panel-body:after { - content: " "; - display: table; -} -.clearfix:after, -.container:after, -.container-fluid:after, -.row:after, -.form-horizontal .form-group:after, -.dl-horizontal dd:after, -.navbar:after, -.navbar-header:after, -.navbar-collapse:after, -.modal-header:after, -.modal-footer:after, -.nav:after, -.pager:after, -.panel-body:after { - clear: both; -} -.center-block { - display: block; - margin-left: auto; - margin-right: auto; -} -.pull-right { - float: right !important; -} -.pull-left { - float: left !important; -} -.hide { - display: none !important; -} -.show { - display: block !important; -} -.invisible { - visibility: hidden; -} -.text-hide { - font: 0/0 a; - color: transparent; - text-shadow: none; - background-color: transparent; - border: 0; -} -.hidden { - display: none !important; -} -.affix { - position: fixed; -} -.navbar > .container-fluid > .navbar-nav:not(.pull-right):first-child, -.navbar > .container-fluid > .navbar-form:not(.pull-right):first-child { - margin-left: -15px; - margin-top: 4px; -} -.navbar { - border-width: 0; -} -.navbar-btn-link { - margin: 0; - border-radius: 0; -} -@media (max-width: 768px) { - .navbar-btn-link { - width: 100%; - text-align: left; - } -} -.navbar-default .badge { - background-color: #FFF; - color: #F5F7FA; -} -.navbar-inverse .kbnGlobalNav__logoBrand { - height: 45px; - width: 252px; - background-color: #4b4f5d; -} -.navbar-inverse .kbnGlobalNav__smallLogoBrand { - height: 45px; - width: 45px; - background-color: #4b4f5d; -} -.navbar-inverse .badge { - background-color: #FFF; - color: #4b4f5d; -} -.navbar-brand { - cursor: default; - font-size: 1.8em; - -webkit-user-select: none; - -moz-user-select: none; - -ms-user-select: none; - user-select: none; -} -.navbar-nav { - font-size: 12px; -} -.navbar-nav > .active > a { - border-bottom-color: #7b7b7b; - background-color: transparent; -} -.navbar-toggle { - margin-top: 4px; -} -.text-primary, -.text-primary:hover { - color: #343741; -} -.text-success, -.text-success:hover { - color: #017D73; -} -.text-danger, -.text-danger:hover { - color: #BD271E; -} -.text-warning, -.text-warning:hover { - color: #F5A700; -} -.text-info, -.text-info:hover { - color: #006BB4; -} -table .success, -.table .success, -table .warning, -.table .warning, -table .danger, -.table .danger, -table .info, -.table .info { - color: #FFF; -} -table .success a, -.table .success a, -table .warning a, -.table .warning a, -table .danger a, -.table .danger a, -table .info a, -.table .info a { - color: #FFF; -} -.table-bordered > thead > tr > th, -.table-bordered > tbody > tr > th, -.table-bordered > tfoot > tr > th, -.table-bordered > thead > tr > td, -.table-bordered > tbody > tr > td, -.table-bordered > tfoot > tr > td { - border: 1px solid #D3DAE6; -} -.form-control, -input { - border-width: 1px; - box-shadow: none; -} -.form-control:focus, -input:focus { - box-shadow: none; -} -.has-warning .help-block, -.has-warning .control-label, -.has-warning .radio, -.has-warning .checkbox, -.has-warning .radio-inline, -.has-warning .checkbox-inline, -.has-warning .form-control-feedback { - color: #F5A700; -} -.has-warning .form-control, -.has-warning .form-control:focus { - border: 1px solid; - border-color: #F5A700; -} -.has-warning .input-group-addon { - border-color: #F5A700; -} -.has-error .help-block, -.has-error .control-label, -.has-error .radio, -.has-error .checkbox, -.has-error .radio-inline, -.has-error .checkbox-inline, -.has-error .form-control-feedback { - color: #BD271E; -} -.has-error .form-control, -.has-error .form-control:focus { - border: 1px solid; - border-color: #BD271E; -} -.has-error .input-group-addon { - border-color: #BD271E; -} -.has-success .help-block, -.has-success .control-label, -.has-success .radio, -.has-success .checkbox, -.has-success .radio-inline, -.has-success .checkbox-inline, -.has-success .form-control-feedback { - color: #017D73; -} -.has-success .form-control, -.has-success .form-control:focus { - border: solid #017D73; -} -.has-success .input-group-addon { - border-color: #017D73; -} -.nav .open > a, -.nav .open > a:hover, -.nav .open > a:focus { - border-color: transparent; -} -.pager a, -.pager a:hover { - color: #FFF; -} -.pager .disabled > a, -.pager .disabled > a:hover, -.pager .disabled > a:focus, -.pager .disabled > span { - background-color: rgba(38, 38, 38, 0); -} -.panel { - border-radius: 0; - box-shadow: 0 0 0 rgba(0, 0, 0, 0); -} -.progress { - box-shadow: none; -} -.progress .progress-bar { - font-size: 10px; - line-height: 10px; -} -.well { - box-shadow: none; -} - -/*------------- WAZUH -------------*/ -.wz-login { - background: url(./wazuh_wazuh_bg.svg) !important; - width: 100% !important; - height: 100% !important; - background-size: cover !important; -} - -.login-wrapper { - text-align: center; - width: 430px!important; - top: 55px; - border-radius: 1px; - padding: 1em; -} - -#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > div.euiText.euiText--medium > div { - text-align: center; - padding-bottom: 10px; - color: #ffffff !important; - font-size: 35px !important; - font-weight: 300; -} - -#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > div.euiText.euiText--small > div { - text-align: center; - padding-bottom: 15px; - color: #ffffff !important; - font-size: 16px !important; -} - -#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > form { - padding: 16px; - box-shadow: 0 2px 2px -1px rgba(152, 162, 179, 0.3), 0 1px 5px -2px rgba(152, 162, 179, 0.3); - background-color: #FFF; - border: 1px solid #D3DAE6; - border-radius: 4px; - -webkit-box-flex: 1; - -ms-flex-positive: 1; - flex-grow: 1; - margin-top: 32px; -} - -.loginWelcome__logo { - display: inline-block; - width: 80px; - height: 80px; - line-height: 80px; - text-align: center; - background-color: #FFF; - border-radius: 100%; - padding: 16px; - box-shadow: 0 6px 12px -1px rgba(152, 162, 179, 0.2), 0 4px 4px -1px rgba(152, 162, 179, 0.2), 0 2px 2px 0 rgba(152, 162, 179, 0.2); - margin-bottom: 32px; -} - -div.euiFormRow > div.euiFormRow__fieldWrapper > button { - background-color: #00a9e5!important; - border-color: #00a9e5!important; - color: #fff; -} - -.loginWelcome__logo { - background: url(./wazuh_logo_circle.svg) center center no-repeat !important; -} diff --git a/kibana-odfe/config/custom_welcome/template.js.hbs b/kibana-odfe/config/custom_welcome/template.js.hbs deleted file mode 100644 index b3ee1d61..00000000 --- a/kibana-odfe/config/custom_welcome/template.js.hbs +++ /dev/null @@ -1,112 +0,0 @@ -var kbnCsp = JSON.parse(document.querySelector('kbn-csp').getAttribute('data')); -window.__kbnStrictCsp__ = kbnCsp.strictCsp; -window.__kbnThemeTag__ = "{{themeTag}}"; -window.__kbnPublicPath__ = {{publicPathMap}}; -window.__kbnBundles__ = {{kbnBundlesLoaderSource}} - -if (window.__kbnStrictCsp__ && window.__kbnCspNotEnforced__) { - var legacyBrowserError = document.getElementById('kbn_legacy_browser_error'); - legacyBrowserError.style.display = 'flex'; -} else { - if (!window.__kbnCspNotEnforced__ && window.console) { - window.console.log("^ A single error about an inline script not firing due to content security policy is expected!"); - } - var loadingMessage = document.getElementById('kbn_loading_message'); - loadingMessage.style.display = 'flex'; - - window.onload = function () { - //WAZUH - var interval = setInterval(() => { - var title = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > div.euiText.euiText--medium > div") - if (!!title) { - clearInterval(interval); - var content = document.querySelector("#kibana-body > div"); - content.classList.add("wz-login") - title.textContent = "Welcome to Wazuh"; - var subtitle = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > div.euiText.euiText--small > div") - subtitle.textContent = "The Open Source Security Platform"; - var logo = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > figure"); - logo.remove(); - var logoContainer = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul"); - $(logoContainer).prepend(''); - } - }) - // - - function failure() { - // make subsequent calls to failure() noop - failure = function () {}; - - var err = document.createElement('h1'); - err.style['color'] = 'white'; - err.style['font-family'] = 'monospace'; - err.style['text-align'] = 'center'; - err.style['background'] = '#F44336'; - err.style['padding'] = '25px'; - err.innerText = document.querySelector('[data-error-message]').dataset.errorMessage; - - document.body.innerHTML = err.outerHTML; - } - - var stylesheetTarget = document.querySelector('head meta[name="add-styles-here"]') - function loadStyleSheet(url, cb) { - var dom = document.createElement('link'); - dom.rel = 'stylesheet'; - dom.type = 'text/css'; - dom.href = url; - dom.addEventListener('error', failure); - dom.addEventListener('load', cb); - document.head.insertBefore(dom, stylesheetTarget); - } - - var scriptsTarget = document.querySelector('head meta[name="add-scripts-here"]') - function loadScript(url, cb) { - var dom = document.createElement('script'); - {{!-- NOTE: async = false is used to trigger async-download/ordered-execution as outlined here: https://www.html5rocks.com/en/tutorials/speed/script-loading/ --}} - dom.async = false; - dom.src = url; - dom.addEventListener('error', failure); - dom.addEventListener('load', cb); - document.head.insertBefore(dom, scriptsTarget); - } - - function load(urls, cb) { - var pending = urls.length; - urls.forEach(function (url) { - var innerCb = function () { - pending = pending - 1; - if (pending === 0 && typeof cb === 'function') { - cb(); - } - } - - if (typeof url !== 'string') { - load(url, innerCb); - } else if (url.slice(-4) === '.css') { - loadStyleSheet(url, innerCb); - } else { - loadScript(url, innerCb); - } - }); - } - - load([ - {{#each jsDependencyPaths}} - '{{this}}', - {{/each}} - ], function () { - {{#unless legacyBundlePath}} - __kbnBundles__.get('entry/core/public').__kbnBootstrap__(); - {{/unless}} - - load([ - {{#if legacyBundlePath}} - '{{legacyBundlePath}}', - {{/if}} - {{#each styleSheetPaths}} - '{{this}}', - {{/each}} - ]); - }); - } -} diff --git a/kibana-odfe/config/custom_welcome/wazuh_logo_circle.svg b/kibana-odfe/config/custom_welcome/wazuh_logo_circle.svg deleted file mode 100644 index 45a61d74..00000000 --- a/kibana-odfe/config/custom_welcome/wazuh_logo_circle.svg +++ /dev/null @@ -1 +0,0 @@ -wazuh_logo_circle \ No newline at end of file diff --git a/kibana-odfe/config/custom_welcome/wazuh_wazuh_bg.svg b/kibana-odfe/config/custom_welcome/wazuh_wazuh_bg.svg deleted file mode 100644 index 0c49c5c6..00000000 --- a/kibana-odfe/config/custom_welcome/wazuh_wazuh_bg.svg +++ /dev/null @@ -1 +0,0 @@ -wazuh_wazuh_bg \ No newline at end of file diff --git a/kibana-odfe/config/entrypoint.sh b/kibana-odfe/config/entrypoint.sh deleted file mode 100644 index f96672fb..00000000 --- a/kibana-odfe/config/entrypoint.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) - -set -e - -############################################################################## -# Waiting for elasticsearch -############################################################################## - -if [ "x${ELASTICSEARCH_URL}" == "x" ]; then - if [[ ${ENABLED_SECURITY} == "false" ]]; then - export el_url="http://elasticsearch:9200" - else - export el_url="https://elasticsearch:9200" - fi -else - export el_url="${ELASTICSEARCH_URL}" -fi - -if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" == "x" || "x${ELASTICSEARCH_PASSWORD}" == "x" ]]; then - auth="" - # remove security plugin from kibana if elasticsearch is not using it either - /usr/share/kibana/bin/kibana-plugin remove opendistro_security -else - export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k" -fi - -until curl -XGET $el_url ${auth}; do - >&2 echo "Elastic is unavailable - sleeping" - sleep 5 -done - -sleep 2 - ->&2 echo "Elasticsearch is up." - - -############################################################################## -# Waiting for wazuh alerts template -############################################################################## - -strlen=0 - -while [[ $strlen -eq 0 ]] -do - template=$(curl ${auth} $el_url/_cat/templates/wazuh -s) - strlen=${#template} - >&2 echo "Wazuh alerts template not loaded - sleeping." - sleep 2 -done - -sleep 2 - ->&2 echo "Wazuh alerts template is loaded." - - -./wazuh_app_config.sh - -sleep 5 - -./kibana_settings.sh & - -sleep 2 - -/usr/local/bin/kibana-docker diff --git a/kibana-odfe/config/kibana_settings.sh b/kibana-odfe/config/kibana_settings.sh deleted file mode 100644 index 7b182678..00000000 --- a/kibana-odfe/config/kibana_settings.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) - -WAZUH_MAJOR=4 - -############################################################################## -# Wait for the Kibana API to start. It is necessary to do it in this container -# because the others are running Elastic Stack and we can not interrupt them. -# -# The following actions are performed: -# -# Add the wazuh alerts index as default. -# Set the Discover time interval to 24 hours instead of 15 minutes. -# Do not ask user to help providing usage statistics to Elastic. -############################################################################## - -############################################################################## -# Customize elasticsearch ip -############################################################################## -sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml - -# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate. -if [ "$KIBANA_INDEX" != "" ]; then - if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then - sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml - fi - echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml -fi - -while [[ "$(curl -XGET -I -s -o /dev/null -w '%{http_code}' -k https://127.0.0.1:5601/app/login)" != "200" ]]; do - echo "Waiting for Kibana API. Sleeping 5 seconds" - sleep 5 -done - -# Prepare index selection. -echo "Kibana API is running" - -default_index="/tmp/default_index.json" - -cat > ${default_index} << EOF -{ - "changes": { - "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*" - } -} -EOF - -sleep 5 -# Add the wazuh alerts index as default. -curl ${auth} -POST -k https://127.0.0.1:5601/api/kibana/settings -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index} -rm -f ${default_index} - -sleep 5 -# Configuring Kibana TimePicker. -curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ -'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\"}"}}' - -echo "End settings" diff --git a/kibana-odfe/config/wazuh_app_config.sh b/kibana-odfe/config/wazuh_app_config.sh deleted file mode 100644 index fddf93b4..00000000 --- a/kibana-odfe/config/wazuh_app_config.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) - -wazuh_url="${WAZUH_API_URL:-https://wazuh}" -wazuh_port="${API_PORT:-55000}" -api_username="${API_USERNAME:-wazuh-wui}" -api_password="${API_PASSWORD:-wazuh-wui}" - -kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml" - -declare -A CONFIG_MAP=( - [pattern]=$PATTERN - [checks.pattern]=$CHECKS_PATTERN - [checks.template]=$CHECKS_TEMPLATE - [checks.api]=$CHECKS_API - [checks.setup]=$CHECKS_SETUP - [extensions.pci]=$EXTENSIONS_PCI - [extensions.gdpr]=$EXTENSIONS_GDPR - [extensions.hipaa]=$EXTENSIONS_HIPAA - [extensions.nist]=$EXTENSIONS_NIST - [extensions.tsc]=$EXTENSIONS_TSC - [extensions.audit]=$EXTENSIONS_AUDIT - [extensions.oscap]=$EXTENSIONS_OSCAP - [extensions.ciscat]=$EXTENSIONS_CISCAT - [extensions.aws]=$EXTENSIONS_AWS - [extensions.gcp]=$EXTENSIONS_GCP - [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL - [extensions.osquery]=$EXTENSIONS_OSQUERY - [extensions.docker]=$EXTENSIONS_DOCKER - [timeout]=$APP_TIMEOUT - [api.selector]=$API_SELECTOR - [ip.selector]=$IP_SELECTOR - [ip.ignore]=$IP_IGNORE - [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED - [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY - [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS - [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS - [admin]=$ADMIN_PRIVILEGES -) - -for i in "${!CONFIG_MAP[@]}" -do - if [ "${CONFIG_MAP[$i]}" != "" ]; then - sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file - fi -done - -CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013) - -grep -q 1513629884013 $kibana_config_file -_config_exists=$? - -if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then -cat << EOF >> $kibana_config_file -hosts: - - 1513629884013: - url: $wazuh_url - port: $wazuh_port - username: $api_username - password: $api_password -EOF -else - echo "Wazuh APP already configured" -fi diff --git a/kibana-odfe/config/welcome_wazuh.sh b/kibana-odfe/config/welcome_wazuh.sh deleted file mode 100644 index c3846762..00000000 --- a/kibana-odfe/config/welcome_wazuh.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) - -if [[ $CHANGE_WELCOME == "true" ]] -then - echo "Set Wazuh app as the default landing page" - echo "server.defaultRoute: /app/wazuh?security_tenant=global" >> /usr/share/kibana/config/kibana.yml - - echo "Set custom welcome styles" - cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs - cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css - cp -f /tmp/custom_welcome/*svg /usr/share/kibana/src/core/server/core_app/assets/ -fi - diff --git a/kibana/Dockerfile b/kibana/Dockerfile deleted file mode 100644 index d0a17f71..00000000 --- a/kibana/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) -FROM docker.elastic.co/kibana/kibana:7.10.2 -USER kibana -ARG ELASTIC_VERSION=7.10.2 -ARG WAZUH_VERSION=4.4.0 -ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}" - -WORKDIR /usr/share/kibana -RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip - -ENV PATTERN="" \ - CHECKS_PATTERN="" \ - CHECKS_TEMPLATE="" \ - CHECKS_API="" \ - CHECKS_SETUP="" \ - EXTENSIONS_PCI="" \ - EXTENSIONS_GDPR="" \ - EXTENSIONS_HIPAA="" \ - EXTENSIONS_NIST="" \ - EXTENSIONS_TSC="" \ - EXTENSIONS_AUDIT="" \ - EXTENSIONS_OSCAP="" \ - EXTENSIONS_CISCAT="" \ - EXTENSIONS_AWS="" \ - EXTENSIONS_GCP="" \ - EXTENSIONS_VIRUSTOTAL="" \ - EXTENSIONS_OSQUERY="" \ - EXTENSIONS_DOCKER="" \ - APP_TIMEOUT="" \ - API_SELECTOR="" \ - IP_SELECTOR="" \ - IP_IGNORE="" \ - WAZUH_MONITORING_ENABLED="" \ - WAZUH_MONITORING_FREQUENCY="" \ - WAZUH_MONITORING_SHARDS="" \ - WAZUH_MONITORING_REPLICAS="" \ - ADMIN_PRIVILEGES="" \ - XPACK_CANVAS="true" \ - XPACK_LOGS="true" \ - XPACK_INFRA="true" \ - XPACK_ML="true" \ - XPACK_DEVTOOLS="true" \ - XPACK_MONITORING="true" \ - XPACK_APM="true" - -WORKDIR / -USER kibana - -COPY --chown=kibana:kibana config/entrypoint.sh ./entrypoint.sh -RUN chmod 755 ./entrypoint.sh - -RUN printf "\nserver.defaultRoute: /app/wazuh\n" >> /usr/share/kibana/config/kibana.yml - -COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml -COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./ -RUN chmod +x ./wazuh_app_config.sh - -COPY --chown=kibana:kibana ./config/kibana_settings.sh ./ -RUN chmod +x ./kibana_settings.sh - -COPY --chown=kibana:kibana ./config/xpack_config.sh ./ -RUN chmod +x ./xpack_config.sh - -ENTRYPOINT ./entrypoint.sh diff --git a/kibana/config/entrypoint.sh b/kibana/config/entrypoint.sh deleted file mode 100644 index 2edeaaf2..00000000 --- a/kibana/config/entrypoint.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) - -set -e - -############################################################################## -# Waiting for elasticsearch -############################################################################## - -if [ "x${ELASTICSEARCH_URL}" = "x" ]; then - export el_url="http://elasticsearch:9200" -else - export el_url="${ELASTICSEARCH_URL}" -fi - -if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then - export auth="" -else - export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k" -fi - -until curl -XGET $el_url ${auth}; do - >&2 echo "Elastic is unavailable - sleeping" - sleep 5 -done - -sleep 2 - ->&2 echo "Elasticsearch is up." - - -############################################################################## -# Waiting for wazuh alerts template -############################################################################## - -strlen=0 - -while [[ $strlen -eq 0 ]] -do - template=$(curl ${auth} $el_url/_cat/templates/wazuh -s) - strlen=${#template} - >&2 echo "Wazuh alerts template not loaded - sleeping." - sleep 2 -done - -sleep 2 - ->&2 echo "Wazuh alerts template is loaded." - -./xpack_config.sh - -./wazuh_app_config.sh - -sleep 5 - -./kibana_settings.sh & - -sleep 2 - -/usr/local/bin/kibana-docker diff --git a/kibana/config/kibana_settings.sh b/kibana/config/kibana_settings.sh deleted file mode 100644 index 146ff53e..00000000 --- a/kibana/config/kibana_settings.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) - -WAZUH_MAJOR=4 - -############################################################################## -# Wait for the Kibana API to start. It is necessary to do it in this container -# because the others are running Elastic Stack and we can not interrupt them. -# -# The following actions are performed: -# -# Add the wazuh alerts index as default. -# Set the Discover time interval to 24 hours instead of 15 minutes. -# Do not ask user to help providing usage statistics to Elastic. -############################################################################## - -############################################################################## -# Customize elasticsearch ip -############################################################################## -sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml - -# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate. -if [ "$KIBANA_INDEX" != "" ]; then - if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then - sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml - fi - echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml -fi - -kibana_proto="http" - -if [ "$XPACK_SECURITY_ENABLED" != "" ]; then - kibana_proto="https" - if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then - sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml - fi - echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml -fi - -# Add auth headers if required -if [ "$ELASTICSEARCH_USERNAME" != "" ] && [ "$ELASTICSEARCH_PASSWORD" != "" ]; then - curl_auth="-u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD" -fi - -while [[ "$(curl $curl_auth -XGET -I -s -o /dev/null -w ''%{http_code}'' -k $kibana_proto://127.0.0.1:5601/status)" != "200" ]]; do - echo "Waiting for Kibana API. Sleeping 5 seconds" - sleep 5 -done - - - -# Prepare index selection. -echo "Kibana API is running" - -default_index="/tmp/default_index.json" - -cat > ${default_index} << EOF -{ - "changes": { - "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*" - } -} -EOF - -sleep 5 -# Add the wazuh alerts index as default. -curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index} -rm -f ${default_index} - -sleep 5 -# Configuring Kibana TimePicker. -curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ -'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\"}"}}' - -sleep 5 -# Do not ask user to help providing usage statistics to Elastic -curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}' - -echo "End settings" diff --git a/kibana/config/wazuh.yml b/kibana/config/wazuh.yml deleted file mode 100644 index 3b074c61..00000000 --- a/kibana/config/wazuh.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# -# Wazuh app - App configuration file -# Copyright (C) 2015-2021 Wazuh, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# Find more information about this on the LICENSE file. -# -# ======================== Wazuh app configuration file ======================== -# -# Please check the documentation for more information on configuration options: -# https://documentation.wazuh.com/current/installation-guide/index.html -# -# Also, you can check our repository: -# https://github.com/wazuh/wazuh-kibana-app -# -# ------------------------------- Index patterns ------------------------------- -# -# Default index pattern to use. -#pattern: wazuh-alerts-* -# -# ----------------------------------- Checks ----------------------------------- -# -# Defines which checks must to be consider by the healthcheck -# step once the Wazuh app starts. Values must to be true or false. -#checks.pattern : true -#checks.template: true -#checks.api : true -#checks.setup : true -#checks.metaFields: true -# -# --------------------------------- Extensions --------------------------------- -# -# Defines which extensions should be activated when you add a new API entry. -# You can change them after Wazuh app starts. -# Values must to be true or false. -#extensions.pci : true -#extensions.gdpr : true -#extensions.hipaa : true -#extensions.nist : true -#extensions.tsc : true -#extensions.audit : true -#extensions.oscap : false -#extensions.ciscat : false -#extensions.aws : false -#extensions.gcp : false -#extensions.virustotal: false -#extensions.osquery : false -#extensions.docker : false -# -# ---------------------------------- Time out ---------------------------------- -# -# Defines maximum timeout to be used on the Wazuh app requests. -# It will be ignored if it is bellow 1500. -# It means milliseconds before we consider a request as failed. -# Default: 20000 -#timeout: 20000 -# -# -------------------------------- API selector -------------------------------- -# -# Defines if the user is allowed to change the selected -# API directly from the Wazuh app top menu. -# Default: true -#api.selector: true -# -# --------------------------- Index pattern selector --------------------------- -# -# Defines if the user is allowed to change the selected -# index pattern directly from the Wazuh app top menu. -# Default: true -#ip.selector: true -# -# List of index patterns to be ignored -#ip.ignore: [] -# -# -------------------------------- X-Pack RBAC --------------------------------- -# -# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. -# Default: enabled -#xpack.rbac.enabled: true -# -# ------------------------------ wazuh-monitoring ------------------------------ -# -# Custom setting to enable/disable wazuh-monitoring indices. -# Values: true, false, worker -# If worker is given as value, the app will show the Agents status -# visualization but won't insert data on wazuh-monitoring indices. -# Default: true -#wazuh.monitoring.enabled: true -# -# Custom setting to set the frequency for wazuh-monitoring indices cron task. -# Default: 900 (s) -#wazuh.monitoring.frequency: 900 -# -# Configure wazuh-monitoring-* indices shards and replicas. -#wazuh.monitoring.shards: 2 -#wazuh.monitoring.replicas: 0 -# -# Configure wazuh-monitoring-* indices custom creation interval. -# Values: h (hourly), d (daily), w (weekly), m (monthly) -# Default: d -#wazuh.monitoring.creation: d -# -# Default index pattern to use for Wazuh monitoring -#wazuh.monitoring.pattern: wazuh-monitoring-* -# -# --------------------------------- wazuh-cron ---------------------------------- -# -# Customize the index prefix of predefined jobs -# This change is not retroactive, if you change it new indexes will be created -# cron.prefix: test -# -# ------------------------------ wazuh-statistics ------------------------------- -# -# Custom setting to enable/disable statistics tasks. -#cron.statistics.status: true -# -# Enter the ID of the APIs you want to save data from, leave this empty to run -# the task on all configured APIs -#cron.statistics.apis: [] -# -# Define the frequency of task execution using cron schedule expressions -#cron.statistics.interval: 0 0 * * * * -# -# Define the name of the index in which the documents are to be saved. -#cron.statistics.index.name: statistics -# -# Define the interval in which the index will be created -#cron.statistics.index.creation: w -# -# ------------------------------- App privileges -------------------------------- -#admin: true -# -# ---------------------------- Hide manager alerts ------------------------------ -# Hide the alerts of the manager in all dashboards and discover -#hideManagerAlerts: false -# -# ------------------------------- App logging level ----------------------------- -# Set the logging level for the Wazuh App log files. -# Default value: info -# Allowed values: info, debug -#logs.level: info -# -# -------------------------------- Enrollment DNS ------------------------------- -# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. -# Default value: '' -#enrollment.dns: '' -# -#-------------------------------- API entries ----------------------------------- -#The following configuration is the default structure to define an API entry. -# -#hosts: -# - : -# url: http(s):// -# port: -# username: -# password: - diff --git a/kibana/config/xpack_config.sh b/kibana/config/xpack_config.sh deleted file mode 100644 index afc593e9..00000000 --- a/kibana/config/xpack_config.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) - -kibana_config_file="/usr/share/kibana/config/kibana.yml" -if grep -Fq "#xpack features" "$kibana_config_file"; -then - declare -A CONFIG_MAP=( - [xpack.apm.ui.enabled]=$XPACK_APM - [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS - [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS - [xpack.ml.enabled]=$XPACK_ML - [xpack.canvas.enabled]=$XPACK_CANVAS - [xpack.infra.enabled]=$XPACK_INFRA - [xpack.monitoring.enabled]=$XPACK_MONITORING - [console.enabled]=$XPACK_DEVTOOLS - ) - for i in "${!CONFIG_MAP[@]}" - do - if [ "${CONFIG_MAP[$i]}" != "" ]; then - sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file - fi - done -else - echo " -#xpack features -xpack.apm.ui.enabled: $XPACK_APM -xpack.grokdebugger.enabled: $XPACK_DEVTOOLS -xpack.searchprofiler.enabled: $XPACK_DEVTOOLS -xpack.ml.enabled: $XPACK_ML -xpack.canvas.enabled: $XPACK_CANVAS -xpack.infra.enabled: $XPACK_INFRA -xpack.monitoring.enabled: $XPACK_MONITORING -console.enabled: $XPACK_DEVTOOLS -" >> $kibana_config_file -fi diff --git a/multi-node/Migration-to-Wazuh-4.3.md b/multi-node/Migration-to-Wazuh-4.3.md new file mode 100644 index 00000000..611e14b8 --- /dev/null +++ b/multi-node/Migration-to-Wazuh-4.3.md @@ -0,0 +1,361 @@ +# Opendistro data migration to Wazuh indexer on docker. +This procedure explains how to migrate Opendistro data from Opendistro to Wazuh indexer in docker production deployments. +The example is migrating from v4.2 to v4.3. + +## Procedure +Assuming that you have a v4.2 production deployment, perform the following steps. + +**1. Stop 4.2 environment** +`docker-compose -f production-cluster.yml stop` + +**2. List elasticsearch volumes** +`docker volume ls --filter name='wazuh-docker_elastic-data'` + +**3. Inspect elasticsearch volume** +`docker volume inspect wazuh-docker_elastic-data-1` + +**4. Spin down the 4.2 environment.** +`docker-compose -f production-cluster.yml down` + +**Steps 5 and 6 can be done with the volume-migrator.sh script, specifying Docker compose version and project name as parameters.** + +Ex: $ multi-node/volume-migrator.sh 1.25.0 multi-node + +**5. Run the volume create command:** create new indexer and Wazuh manager volumes using the `com.docker.compose.version` label value from the previous command. + +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=wazuh-indexer-data-1 \ + multi-node_wazuh-indexer-data-1 +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=wazuh-indexer-data-2 \ + multi-node_wazuh-indexer-data-2 +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=wazuh-indexer-data-3 \ + multi-node_wazuh-indexer-data-3 +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master_wazuh_api_configuration \ + multi-node_master_wazuh_api_configuration +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master_wazuh_etc \ + multi-node_docker_wazuh_etc +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-logs \ + multi-node_master-wazuh-logs +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-queue \ + multi-node_master-wazuh-queue +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-var-multigroups \ + multi-node_master-wazuh-var-multigroups +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-integrations \ + multi-node_master-wazuh-integrations +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-active-response \ + multi-node_master-wazuh-active-response +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-agentless \ + multi-node_master-wazuh-agentless +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-wazuh-wodles \ + multi-node_master-wazuh-wodles +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-filebeat-etc \ + multi-node_master-filebeat-etc +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=master-filebeat-var \ + multi-node_master-filebeat-var +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker_wazuh_api_configuration \ + multi-node_worker_wazuh_api_configuration +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker_wazuh_etc \ + multi-node_worker-wazuh-etc +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-logs \ + multi-node_worker-wazuh-logs +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-queue \ + multi-node_worker-wazuh-queue +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-var-multigroups \ + multi-node_worker-wazuh-var-multigroups +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-integrations \ + multi-node_worker-wazuh-integrations +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-active-response \ + multi-node_worker-wazuh-active-response +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-agentless \ + multi-node_worker-wazuh-agentless +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-wazuh-wodles \ + multi-node_worker-wazuh-wodles +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-filebeat-etc \ + multi-node_worker-filebeat-etc +``` +``` +docker volume create \ + --label com.docker.compose.project=multi-node \ + --label com.docker.compose.version=1.25.0 \ + --label com.docker.compose.volume=worker-filebeat-var \ + multi-node_worker-filebeat-var +``` +**6. Copy the volume content from elasticsearch to Wazuh indexer volumes and old Wazuh manager content to new volumes.** +``` +docker container run --rm -it \ + -v wazuh-docker_elastic-data-1:/from \ + -v multi-node_wazuh-indexer-data-1:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_elastic-data-2:/from \ + -v multi-node_wazuh-indexer-data-2:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_elastic-data-3:/from \ + -v multi-node_wazuh-indexer-data-3:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-api-configuration:/from \ + -v multi-node_master-wazuh-api-configuration:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-etc:/from \ + -v multi-node_master-wazuh-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-logs:/from \ + -v multi-node_master-wazuh-logs:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-queue:/from \ + -v multi-node_master-wazuh-queue:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-var-multigroups:/from \ + -v multi-node_master-wazuh-var-multigroups:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-integrations:/from \ + -v multi-node_master-wazuh-integrations:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-active-response:/from \ + -v multi-node_master-wazuh-active-response:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-agentless:/from \ + -v multi-node_master-wazuh-agentless:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_ossec-wodles:/from \ + -v multi-node_master-wazuh-wodles:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_filebeat-etc:/from \ + -v multi-node_master-filebeat-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_filebeat-var:/from \ + -v multi-node_master-filebeat-var:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-api-configuration:/from \ + -v multi-node_worker-wazuh-api-configuration:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-etc:/from \ + -v multi-node_worker-wazuh-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-logs:/from \ + -v multi-node_worker-wazuh-logs:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-queue:/from \ + -v multi-node_worker-wazuh-queue:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-var-multigroups:/from \ + -v multi-node_worker-wazuh-var-multigroups:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-integrations:/from \ + -v multi-node_worker-wazuh-integrations:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-active-response:/from \ + -v multi-node_worker-wazuh-active-response:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-agentless:/from \ + -v multi-node_worker-wazuh-agentless:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-wodles:/from \ + -v multi-node_worker-wazuh-wodles:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-filebeat-etc:/from \ + -v multi-node_worker-filebeat-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` +``` +docker container run --rm -it \ + -v wazuh-docker_worker-filebeat-var:/from \ + -v multi-node_worker-filebeat-var:/to \ + alpine ash -c "cd /from ; cp -avp . /to" +``` + +**7. Start the 4.3 environment.** +``` +git checkout 4.3 +cd multi-node +docker-compose -f generate-indexer-certs.yml run --rm generator +docker-compose up -d +``` + +**8. Check the access to Wazuh dashboard**: go to the Wazuh dashboard using the web browser and check the data. diff --git a/multi-node/README.md b/multi-node/README.md new file mode 100644 index 00000000..c1e8b998 --- /dev/null +++ b/multi-node/README.md @@ -0,0 +1,26 @@ +# Deploy Wazuh Docker in multi node configuration + +This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: + +1) Increase max_map_count on your host (Linux). This command must be run with root permissions: +``` +$ sysctl -w vm.max_map_count=262144 +``` +2) Run the certificate creation script: +``` +$ docker-compose -f generate-indexer-certs.yml run --rm generator +``` +3) Start the environment with docker-compose: + +- In the foregroud: +``` +$ docker-compose up +``` + +- In the background: +``` +$ docker-compose up -d +``` + + +The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated. diff --git a/multi-node/config/certs.yml b/multi-node/config/certs.yml new file mode 100644 index 00000000..f88f5f7f --- /dev/null +++ b/multi-node/config/certs.yml @@ -0,0 +1,24 @@ +nodes: + # Wazuh indexer server nodes + indexer: + - name: wazuh1.indexer + ip: wazuh1.indexer + - name: wazuh2.indexer + ip: wazuh2.indexer + - name: wazuh3.indexer + ip: wazuh3.indexer + + # Wazuh server nodes + # Use node_type only with more than one Wazuh manager + server: + - name: wazuh.master + ip: wazuh.master + node_type: master + - name: wazuh.worker + ip: wazuh.worker + node_type: worker + + # Wazuh dashboard node + dashboard: + - name: wazuh.dashboard + ip: wazuh.dashboard \ No newline at end of file diff --git a/production_cluster/nginx/nginx.conf b/multi-node/config/nginx/nginx.conf similarity index 55% rename from production_cluster/nginx/nginx.conf rename to multi-node/config/nginx/nginx.conf index 8cd13ca2..92deb263 100644 --- a/production_cluster/nginx/nginx.conf +++ b/multi-node/config/nginx/nginx.conf @@ -28,27 +28,6 @@ http { server_tokens off; gzip on; - # kibana UI - server { - listen 80; - listen [::]:80; - return 301 https://$host:443$request_uri; - } - - server { - listen 443 default_server ssl http2; - listen [::]:443 ssl http2; - ssl_certificate /etc/nginx/ssl/cert.pem; - ssl_certificate_key /etc/nginx/ssl/key.pem; - location / { - proxy_pass https://kibana:5601/; - proxy_ssl_verify off; - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - } - } - } @@ -57,11 +36,11 @@ http { stream { upstream mycluster { hash $remote_addr consistent; - server wazuh-master:1514; - server wazuh-worker:1514; + server wazuh.master:1514; + server wazuh.worker:1514; } server { listen 1514; proxy_pass mycluster; } -} +} \ No newline at end of file diff --git a/multi-node/config/wazuh_cluster/wazuh_manager.conf b/multi-node/config/wazuh_cluster/wazuh_manager.conf new file mode 100644 index 00000000..70bb61fc --- /dev/null +++ b/multi-node/config/wazuh_cluster/wazuh_manager.conf @@ -0,0 +1,373 @@ + + + yes + yes + no + no + no + smtp.example.wazuh.com + wazuh@example.wazuh.com + recipient@example.wazuh.com + 12 + alerts.log + 10m + 0 + + + + 3 + 12 + + + + + plain + + + + secure + 1514 + tcp + 131072 + + + + + no + yes + yes + yes + yes + yes + yes + yes + + + 43200 + + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt + + yes + + + + yes + 1800 + 1d + yes + + wodles/java + wodles/ciscat + + + + + yes + yes + /var/log/osquery/osqueryd.results.log + /etc/osquery/osquery.conf + yes + + + + + no + 1h + yes + yes + yes + yes + yes + yes + yes + + + + 10 + + + + + yes + yes + 12h + yes + + + + no + 5m + 6h + yes + + + + no + trusty + xenial + bionic + focal + 1h + + + + + no + stretch + buster + bullseye + 1h + + + + + no + 5 + 6 + 7 + 8 + 1h + + + + + no + amazon-linux + amazon-linux-2 + 1h + + + + + no + 1h + + + + + yes + 1h + + + + + yes + 2010 + 1h + + + + + + + no + + + 43200 + + yes + + + yes + + + no + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin,/boot + + + /etc/mtab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/random.seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + .log$|.swp$ + + + /etc/ssl/private.key + + yes + yes + yes + yes + + + 10 + + + 100 + + + + yes + 5m + 1h + 10 + + + + + + 127.0.0.1 + ^localhost.localdomain$ + 127.0.0.53 + + + + disable-account + disable-account + yes + + + + restart-wazuh + restart-wazuh + + + + firewall-drop + firewall-drop + yes + + + + host-deny + host-deny + yes + + + + route-null + route-null + yes + + + + win_route-null + route-null.exe + yes + + + + netsh + netsh.exe + yes + + + + + + + command + df -P + 360 + + + + full_command + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports + 360 + + + + full_command + last -n 20 + 360 + + + + + ruleset/decoders + ruleset/rules + 0215-policy_rules.xml + etc/lists/audit-keys + etc/lists/amazon/aws-eventnames + etc/lists/security-eventchannel + + + etc/decoders + etc/rules + + + + yes + 1 + 64 + 15m + + + + + no + 1515 + no + yes + no + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + wazuh + manager + master + c98b6ha9b6169zc5f67rae55ae4z5647 + 1516 + 0.0.0.0 + + wazuh.master + + no + no + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/syslog + + + + syslog + /var/log/dpkg.log + + + + syslog + /var/log/kern.log + + + \ No newline at end of file diff --git a/production_cluster/wazuh_cluster/wazuh_worker.conf b/multi-node/config/wazuh_cluster/wazuh_worker.conf similarity index 81% rename from production_cluster/wazuh_cluster/wazuh_worker.conf rename to multi-node/config/wazuh_cluster/wazuh_worker.conf index 1c17cac7..42110124 100644 --- a/production_cluster/wazuh_cluster/wazuh_worker.conf +++ b/multi-node/config/wazuh_cluster/wazuh_worker.conf @@ -10,6 +10,8 @@ recipient@example.wazuh.com 12 alerts.log + 10m + 0 @@ -43,8 +45,8 @@ 43200 - /var/ossec/etc/rootcheck/rootkit_files.txt - /var/ossec/etc/rootcheck/rootkit_trojans.txt + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt yes @@ -79,6 +81,11 @@ yes yes yes + + + + 10 + @@ -91,7 +98,7 @@ no 5m - 6h + 6h yes @@ -109,6 +116,7 @@ no stretch buster + bullseye 1h @@ -122,6 +130,20 @@ 1h + + + no + amazon-linux + amazon-linux-2 + 1h + + + + + no + 1h + + yes @@ -207,63 +229,42 @@ disable-account - disable-account.sh - user + disable-account yes - restart-ossec - restart-ossec.sh - + restart-wazuh + restart-wazuh firewall-drop - firewall-drop.sh - srcip + firewall-drop yes host-deny - host-deny.sh - srcip + host-deny yes route-null - route-null.sh - srcip + route-null yes win_route-null - route-null.cmd - srcip - yes - - - - win_route-null-2012 - route-null-2012.cmd - srcip + route-null.exe yes netsh - netsh.cmd - srcip - yes - - - - netsh-win-2016 - netsh-win-2016.cmd - srcip + netsh.exe yes @@ -307,21 +308,25 @@ etc/rules + + yes + 1 + 64 + 15m + + no 1515 no - yes - 0 yes no - yes HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no - /var/ossec/etc/sslmanager.cert - /var/ossec/etc/sslmanager.key + etc/sslmanager.cert + etc/sslmanager.key no @@ -333,7 +338,7 @@ 1516 0.0.0.0 - wazuh-master + wazuh.master no no @@ -346,4 +351,25 @@ syslog /var/ossec/logs/active-responses.log - + + + syslog + /var/log/auth.log + + + + syslog + /var/log/syslog + + + + syslog + /var/log/dpkg.log + + + + syslog + /var/log/kern.log + + + \ No newline at end of file diff --git a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml new file mode 100644 index 00000000..b065a625 --- /dev/null +++ b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml @@ -0,0 +1,12 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh1.indexer:9200 +opensearch.ssl.verificationMode: certificate +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +server.ssl.enabled: true +server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" +server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] +uiSettings.overrides.defaultRoute: /app/wazuh diff --git a/multi-node/config/wazuh_dashboard/wazuh.yml b/multi-node/config/wazuh_dashboard/wazuh.yml new file mode 100644 index 00000000..425686a3 --- /dev/null +++ b/multi-node/config/wazuh_dashboard/wazuh.yml @@ -0,0 +1,7 @@ +hosts: + - 1513629884013: + url: "https://wazuh.master" + port: 55000 + username: wazuh-wui + password: MyS3cr37P450r.*- + run_as: false diff --git a/production_cluster/elastic_opendistro/internal_users.yml b/multi-node/config/wazuh_indexer/internal_users.yml similarity index 100% rename from production_cluster/elastic_opendistro/internal_users.yml rename to multi-node/config/wazuh_indexer/internal_users.yml diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml new file mode 100644 index 00000000..59cbe9bf --- /dev/null +++ b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml @@ -0,0 +1,38 @@ +network.host: wazuh1.indexer +node.name: wazuh1.indexer +cluster.initial_master_nodes: + - wazuh1.indexer + - wazuh2.indexer + - wazuh3.indexer +cluster.name: "wazuh-cluster" +discovery.seed_hosts: + - wazuh1.indexer + - wazuh2.indexer + - wazuh3.indexer +node.max_local_storage_nodes: "3" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false +compatibility.override_main_response_version: true diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml new file mode 100644 index 00000000..478ed1d0 --- /dev/null +++ b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml @@ -0,0 +1,38 @@ +network.host: wazuh2.indexer +node.name: wazuh2.indexer +cluster.initial_master_nodes: + - wazuh1.indexer + - wazuh2.indexer + - wazuh3.indexer +cluster.name: "wazuh-cluster" +discovery.seed_hosts: + - wazuh1.indexer + - wazuh2.indexer + - wazuh3.indexer +node.max_local_storage_nodes: "3" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false +compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml new file mode 100644 index 00000000..8caa513d --- /dev/null +++ b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml @@ -0,0 +1,38 @@ +network.host: wazuh3.indexer +node.name: wazuh3.indexer +cluster.initial_master_nodes: + - wazuh1.indexer + - wazuh2.indexer + - wazuh3.indexer +cluster.name: "wazuh-cluster" +discovery.seed_hosts: + - wazuh1.indexer + - wazuh2.indexer + - wazuh3.indexer +node.max_local_storage_nodes: "3" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false +compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml new file mode 100644 index 00000000..82e67e43 --- /dev/null +++ b/multi-node/docker-compose.yml @@ -0,0 +1,204 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3.7' + +services: + wazuh.master: + image: wazuh/wazuh-manager:4.4.0 + hostname: wazuh.master + restart: always + ports: + - "1515:1515" + - "514:514/udp" + - "55000:55000" + environment: + - INDEXER_URL=https://wazuh1.indexer:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem + - SSL_CERTIFICATE=/etc/ssl/filebeat.pem + - SSL_KEY=/etc/ssl/filebeat.key + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - master-wazuh-api-configuration:/var/ossec/api/configuration + - master-wazuh-etc:/var/ossec/etc + - master-wazuh-logs:/var/ossec/logs + - master-wazuh-queue:/var/ossec/queue + - master-wazuh-var-multigroups:/var/ossec/var/multigroups + - master-wazuh-integrations:/var/ossec/integrations + - master-wazuh-active-response:/var/ossec/active-response/bin + - master-wazuh-agentless:/var/ossec/agentless + - master-wazuh-wodles:/var/ossec/wodles + - master-filebeat-etc:/etc/filebeat + - master-filebeat-var:/var/lib/filebeat + - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key + - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf + + wazuh.worker: + image: wazuh/wazuh-manager:4.4.0 + hostname: wazuh.worker + restart: always + environment: + - INDEXER_URL=https://wazuh1.indexer:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem + - SSL_CERTIFICATE=/etc/ssl/filebeat.pem + - SSL_KEY=/etc/ssl/filebeat.key + volumes: + - worker-wazuh-api-configuration:/var/ossec/api/configuration + - worker-wazuh-etc:/var/ossec/etc + - worker-wazuh-logs:/var/ossec/logs + - worker-wazuh-queue:/var/ossec/queue + - worker-wazuh-var-multigroups:/var/ossec/var/multigroups + - worker-wazuh-integrations:/var/ossec/integrations + - worker-wazuh-active-response:/var/ossec/active-response/bin + - worker-wazuh-agentless:/var/ossec/agentless + - worker-wazuh-wodles:/var/ossec/wodles + - worker-filebeat-etc:/etc/filebeat + - worker-filebeat-var:/var/lib/filebeat + - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key + - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf + + wazuh1.indexer: + image: wazuh/wazuh-indexer:4.4.0 + hostname: wazuh1.indexer + restart: always + ports: + - "9200:9200" + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - "bootstrap.memory_lock=true" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data-1:/var/lib/wazuh-indexer + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem + - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem + - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem + - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + + wazuh2.indexer: + image: wazuh/wazuh-indexer:4.4.0 + hostname: wazuh2.indexer + restart: always + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - "bootstrap.memory_lock=true" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data-2:/var/lib/wazuh-indexer + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.pem + - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + + wazuh3.indexer: + image: wazuh/wazuh-indexer:4.4.0 + hostname: wazuh3.indexer + restart: always + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - "bootstrap.memory_lock=true" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data-3:/var/lib/wazuh-indexer + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.pem + - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:4.4.0 + hostname: wazuh.dashboard + restart: always + ports: + - 443:5601 + environment: + - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" + - WAZUH_API_URL="https://wazuh.master" + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem + - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + depends_on: + - wazuh1.indexer + links: + - wazuh1.indexer:wazuh1.indexer + - wazuh.master:wazuh.master + + nginx: + image: nginx:stable + hostname: nginx + restart: always + ports: + - "1514:1514" + depends_on: + - wazuh.master + - wazuh.worker + - wazuh.dashboard + links: + - wazuh.master:wazuh.master + - wazuh.worker:wazuh.worker + - wazuh.dashboard:wazuh.dashboard + volumes: + - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro + +volumes: + master-wazuh-api-configuration: + master-wazuh-etc: + master-wazuh-logs: + master-wazuh-queue: + master-wazuh-var-multigroups: + master-wazuh-integrations: + master-wazuh-active-response: + master-wazuh-agentless: + master-wazuh-wodles: + master-filebeat-etc: + master-filebeat-var: + worker-wazuh-api-configuration: + worker-wazuh-etc: + worker-wazuh-logs: + worker-wazuh-queue: + worker-wazuh-var-multigroups: + worker-wazuh-integrations: + worker-wazuh-active-response: + worker-wazuh-agentless: + worker-wazuh-wodles: + worker-filebeat-etc: + worker-filebeat-var: + wazuh-indexer-data-1: + wazuh-indexer-data-2: + wazuh-indexer-data-3: diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-indexer-certs.yml new file mode 100644 index 00000000..fb0f5c72 --- /dev/null +++ b/multi-node/generate-indexer-certs.yml @@ -0,0 +1,10 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3' + +services: + generator: + image: wazuh/wazuh-certs-generator:0.0.1 + hostname: wazuh-certs-generator + volumes: + - ./config/wazuh_indexer_ssl_certs/:/certificates/ + - ./config/certs.yml:/config/certs.yml \ No newline at end of file diff --git a/multi-node/volume-migrator.sh b/multi-node/volume-migrator.sh new file mode 100755 index 00000000..f11a1da6 --- /dev/null +++ b/multi-node/volume-migrator.sh @@ -0,0 +1,279 @@ +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=wazuh-indexer-data-1 \ + $2_wazuh-indexer-data-1 + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=wazuh-indexer-data-2 \ + $2_wazuh-indexer-data-2 + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=wazuh-indexer-data-3 \ + $2_wazuh-indexer-data-3 + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master_wazuh_api_configuration \ + $2_master_wazuh_api_configuration + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master_wazuh_etc \ + $2_docker_wazuh_etc + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-wazuh-logs \ + $2_master-wazuh-logs + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-wazuh-queue \ + $2_master-wazuh-queue + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-wazuh-var-multigroups \ + $2_master-wazuh-var-multigroups + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-wazuh-integrations \ + $2_master-wazuh-integrations + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-wazuh-active-response \ + $2_master-wazuh-active-response + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-wazuh-agentless \ + $2_master-wazuh-agentless + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-wazuh-wodles \ + $2_master-wazuh-wodles + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-filebeat-etc \ + $2_master-filebeat-etc + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=master-filebeat-var \ + $2_master-filebeat-var + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker_wazuh_api_configuration \ + $2_worker_wazuh_api_configuration + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker_wazuh_etc \ + $2_worker-wazuh-etc + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-wazuh-logs \ + $2_worker-wazuh-logs + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-wazuh-queue \ + $2_worker-wazuh-queue + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-wazuh-var-multigroups \ + $2_worker-wazuh-var-multigroups + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-wazuh-integrations \ + $2_worker-wazuh-integrations + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-wazuh-active-response \ + $2_worker-wazuh-active-response + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-wazuh-agentless \ + $2_worker-wazuh-agentless + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-wazuh-wodles \ + $2_worker-wazuh-wodles + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-filebeat-etc \ + $2_worker-filebeat-etc + +docker volume create \ + --label com.docker.compose.project=$2 \ + --label com.docker.compose.version=$1 \ + --label com.docker.compose.volume=worker-filebeat-var \ + $2_worker-filebeat-var + +docker container run --rm -it \ + -v wazuh-docker_worker-filebeat-var:/from \ + -v $2_worker-filebeat-var:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_elastic-data-1:/from \ + -v $2_wazuh-indexer-data-1:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_elastic-data-2:/from \ + -v $2_wazuh-indexer-data-2:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_elastic-data-3:/from \ + -v $2_wazuh-indexer-data-3:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-api-configuration:/from \ + -v $2_master-wazuh-api-configuration:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-etc:/from \ + -v $2_master-wazuh-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-logs:/from \ + -v $2_master-wazuh-logs:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-queue:/from \ + -v $2_master-wazuh-queue:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-var-multigroups:/from \ + -v $2_master-wazuh-var-multigroups:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-integrations:/from \ + -v $2_master-wazuh-integrations:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-active-response:/from \ + -v $2_master-wazuh-active-response:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-agentless:/from \ + -v $2_master-wazuh-agentless:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_ossec-wodles:/from \ + -v $2_master-wazuh-wodles:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_filebeat-etc:/from \ + -v $2_master-filebeat-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_filebeat-var:/from \ + -v $2_master-filebeat-var:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-api-configuration:/from \ + -v $2_worker-wazuh-api-configuration:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-etc:/from \ + -v $2_worker-wazuh-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-logs:/from \ + -v $2_worker-wazuh-logs:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-queue:/from \ + -v $2_worker-wazuh-queue:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-var-multigroups:/from \ + -v $2_worker-wazuh-var-multigroups:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-integrations:/from \ + -v $2_worker-wazuh-integrations:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-active-response:/from \ + -v $2_worker-wazuh-active-response:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-agentless:/from \ + -v $2_worker-wazuh-agentless:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-ossec-wodles:/from \ + -v $2_worker-wazuh-wodles:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-filebeat-etc:/from \ + -v $2_worker-filebeat-etc:/to \ + alpine ash -c "cd /from ; cp -avp . /to" + +docker container run --rm -it \ + -v wazuh-docker_worker-filebeat-var:/from \ + -v $2_worker-filebeat-var:/to \ + alpine ash -c "cd /from ; cp -avp . /to" diff --git a/production-cluster.yml b/production-cluster.yml deleted file mode 100644 index 64502411..00000000 --- a/production-cluster.yml +++ /dev/null @@ -1,206 +0,0 @@ -# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) -version: '3.7' - -services: - wazuh-master: - image: wazuh/wazuh-odfe:4.4.0 - hostname: wazuh-master - restart: always - ports: - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTIC_USERNAME=admin - - ELASTIC_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=acme-user - - API_PASSWORD=MyS3cr37P450r.*- - volumes: - - ossec-api-configuration:/var/ossec/api/configuration - - ossec-etc:/var/ossec/etc - - ossec-logs:/var/ossec/logs - - ossec-queue:/var/ossec/queue - - ossec-var-multigroups:/var/ossec/var/multigroups - - ossec-integrations:/var/ossec/integrations - - ossec-active-response:/var/ossec/active-response/bin - - ossec-agentless:/var/ossec/agentless - - ossec-wodles:/var/ossec/wodles - - filebeat-etc:/etc/filebeat - - filebeat-var:/var/lib/filebeat - - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem - - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem - - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key - - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf - - wazuh-worker: - image: wazuh/wazuh-odfe:4.4.0 - hostname: wazuh-worker - restart: always - environment: - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTIC_USERNAME=admin - - ELASTIC_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - volumes: - - worker-ossec-api-configuration:/var/ossec/api/configuration - - worker-ossec-etc:/var/ossec/etc - - worker-ossec-logs:/var/ossec/logs - - worker-ossec-queue:/var/ossec/queue - - worker-ossec-var-multigroups:/var/ossec/var/multigroups - - worker-ossec-integrations:/var/ossec/integrations - - worker-ossec-active-response:/var/ossec/active-response/bin - - worker-ossec-agentless:/var/ossec/agentless - - worker-ossec-wodles:/var/ossec/wodles - - worker-filebeat-etc:/etc/filebeat - - worker-filebeat-var:/var/lib/filebeat - - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem - - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem - - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key - - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf - - elasticsearch: - image: amazon/opendistro-for-elasticsearch:1.13.2 - hostname: elasticsearch - restart: always - ports: - - "9200:9200" - environment: - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - elastic-data-1:/usr/share/elasticsearch/data - - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem - - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key - - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem - - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem - - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key - - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml - - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - - elasticsearch-2: - image: amazon/opendistro-for-elasticsearch:1.13.2 - hostname: elasticsearch-2 - restart: always - environment: - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - elastic-data-2:/usr/share/elasticsearch/data - - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem - - ./production_cluster/ssl_certs/node2.key:/usr/share/elasticsearch/config/node2.key - - ./production_cluster/ssl_certs/node2.pem:/usr/share/elasticsearch/config/node2.pem - - ./production_cluster/elastic_opendistro/elasticsearch-node2.yml:/usr/share/elasticsearch/config/elasticsearch.yml - - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - - elasticsearch-3: - image: amazon/opendistro-for-elasticsearch:1.13.2 - hostname: elasticsearch-3 - restart: always - environment: - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - elastic-data-3:/usr/share/elasticsearch/data - - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem - - ./production_cluster/ssl_certs/node3.key:/usr/share/elasticsearch/config/node3.key - - ./production_cluster/ssl_certs/node3.pem:/usr/share/elasticsearch/config/node3.pem - - ./production_cluster/elastic_opendistro/elasticsearch-node3.yml:/usr/share/elasticsearch/config/elasticsearch.yml - - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - - kibana: - image: wazuh/wazuh-kibana-odfe:4.4.0 - hostname: kibana - restart: always - ports: - - 5601:5601 - environment: - - ELASTICSEARCH_USERNAME=admin - - ELASTICSEARCH_PASSWORD=SecretPassword - - SERVER_SSL_ENABLED=true - - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/cert.pem - - SERVER_SSL_KEY=/usr/share/kibana/config/key.pem - - WAZUH_API_URL="https://wazuh-master" - - API_USERNAME=acme-user - - API_PASSWORD=MyS3cr37P450r.*- - volumes: - - ./production_cluster/kibana_ssl/cert.pem:/usr/share/kibana/config/cert.pem - - ./production_cluster/kibana_ssl/key.pem:/usr/share/kibana/config/key.pem - - depends_on: - - elasticsearch - links: - - elasticsearch:elasticsearch - - wazuh-master:wazuh-master - - nginx: - image: nginx:stable - hostname: nginx - restart: always - ports: - - "80:80" - - "443:443" - - "1514:1514" - depends_on: - - wazuh-master - - wazuh-worker - - kibana - links: - - wazuh-master:wazuh-master - - wazuh-worker:wazuh-worker - - kibana:kibana - volumes: - - ./production_cluster/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - - ./production_cluster/nginx/ssl:/etc/nginx/ssl:ro - -volumes: - ossec-api-configuration: - ossec-etc: - ossec-logs: - ossec-queue: - ossec-var-multigroups: - ossec-integrations: - ossec-active-response: - ossec-agentless: - ossec-wodles: - filebeat-etc: - filebeat-var: - worker-ossec-api-configuration: - worker-ossec-etc: - worker-ossec-logs: - worker-ossec-queue: - worker-ossec-var-multigroups: - worker-ossec-integrations: - worker-ossec-active-response: - worker-ossec-agentless: - worker-ossec-wodles: - worker-filebeat-etc: - worker-filebeat-var: - elastic-data-1: - elastic-data-2: - elastic-data-3: diff --git a/production_cluster/elastic_opendistro/elasticsearch-node1.yml b/production_cluster/elastic_opendistro/elasticsearch-node1.yml deleted file mode 100644 index 4f9a628d..00000000 --- a/production_cluster/elastic_opendistro/elasticsearch-node1.yml +++ /dev/null @@ -1,31 +0,0 @@ -network.host: 0.0.0.0 -cluster.name: wazuh-cluster -node.name: elasticsearch -discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3 -cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3 -bootstrap.memory_lock: true - -opendistro_security.ssl.transport.pemcert_filepath: node1.pem -opendistro_security.ssl.transport.pemkey_filepath: node1.key -opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.transport.resolve_hostname: false -opendistro_security.ssl.http.enabled: true -opendistro_security.ssl.http.pemcert_filepath: node1.pem -opendistro_security.ssl.http.pemkey_filepath: node1.key -opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem -opendistro_security.allow_default_init_securityindex: true -opendistro_security.nodes_dn: - - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' -opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com'] -opendistro_security.audit.type: internal_elasticsearch -opendistro_security.enable_snapshot_restore_privilege: true -opendistro_security.check_snapshot_restore_write_privileges: true -opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] -cluster.routing.allocation.disk.threshold_enabled: false -#opendistro_security.audit.config.disabled_rest_categories: NONE -#opendistro_security.audit.config.disabled_transport_categories: NONE -opendistro_security.audit.log_request_body: false diff --git a/production_cluster/elastic_opendistro/elasticsearch-node2.yml b/production_cluster/elastic_opendistro/elasticsearch-node2.yml deleted file mode 100644 index e368461e..00000000 --- a/production_cluster/elastic_opendistro/elasticsearch-node2.yml +++ /dev/null @@ -1,31 +0,0 @@ -network.host: 0.0.0.0 -cluster.name: wazuh-cluster -node.name: elasticsearch-2 -discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3 -cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3 -bootstrap.memory_lock: true - -opendistro_security.ssl.transport.pemcert_filepath: node2.pem -opendistro_security.ssl.transport.pemkey_filepath: node2.key -opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.transport.resolve_hostname: false -opendistro_security.ssl.http.enabled: true -opendistro_security.ssl.http.pemcert_filepath: node2.pem -opendistro_security.ssl.http.pemkey_filepath: node2.key -opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem -opendistro_security.allow_default_init_securityindex: true -opendistro_security.nodes_dn: - - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' -opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com'] -opendistro_security.audit.type: internal_elasticsearch -opendistro_security.enable_snapshot_restore_privilege: true -opendistro_security.check_snapshot_restore_write_privileges: true -opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] -cluster.routing.allocation.disk.threshold_enabled: false -#opendistro_security.audit.config.disabled_rest_categories: NONE -#opendistro_security.audit.config.disabled_transport_categories: NONE -opendistro_security.audit.log_request_body: false diff --git a/production_cluster/elastic_opendistro/elasticsearch-node3.yml b/production_cluster/elastic_opendistro/elasticsearch-node3.yml deleted file mode 100644 index 14717a81..00000000 --- a/production_cluster/elastic_opendistro/elasticsearch-node3.yml +++ /dev/null @@ -1,31 +0,0 @@ -network.host: 0.0.0.0 -cluster.name: wazuh-cluster -node.name: elasticsearch-3 -discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3 -cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3 -bootstrap.memory_lock: true - -opendistro_security.ssl.transport.pemcert_filepath: node3.pem -opendistro_security.ssl.transport.pemkey_filepath: node3.key -opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.transport.resolve_hostname: false -opendistro_security.ssl.http.enabled: true -opendistro_security.ssl.http.pemcert_filepath: node3.pem -opendistro_security.ssl.http.pemkey_filepath: node3.key -opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem -opendistro_security.allow_default_init_securityindex: true -opendistro_security.nodes_dn: - - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' -opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com'] -opendistro_security.audit.type: internal_elasticsearch -opendistro_security.enable_snapshot_restore_privilege: true -opendistro_security.check_snapshot_restore_write_privileges: true -opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] -cluster.routing.allocation.disk.threshold_enabled: false -#opendistro_security.audit.config.disabled_rest_categories: NONE -#opendistro_security.audit.config.disabled_transport_categories: NONE -opendistro_security.audit.log_request_body: false diff --git a/production_cluster/kibana_ssl/generate-self-signed-cert.sh b/production_cluster/kibana_ssl/generate-self-signed-cert.sh deleted file mode 100644 index 5951acf7..00000000 --- a/production_cluster/kibana_ssl/generate-self-signed-cert.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -cd $DIR - -if [ -s key.pem ] -then - echo "Certificate already exists" - exit -else - openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem - chown -R 1000:1000 *.pem -fi diff --git a/production_cluster/nginx/ssl/generate-self-signed-cert.sh b/production_cluster/nginx/ssl/generate-self-signed-cert.sh deleted file mode 100644 index e006733f..00000000 --- a/production_cluster/nginx/ssl/generate-self-signed-cert.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -cd $DIR - -if [ -s key.pem ] -then - echo "Certificate already exists" - exit -else - openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem -fi diff --git a/production_cluster/ssl_certs/certs.yml b/production_cluster/ssl_certs/certs.yml deleted file mode 100644 index 486e4178..00000000 --- a/production_cluster/ssl_certs/certs.yml +++ /dev/null @@ -1,35 +0,0 @@ -ca: - root: - dn: CN=root-ca,OU=CA,O=Example\, Inc.,DC=example,DC=com - pkPassword: none - keysize: 2048 - file: root-ca.pem - intermediate: - dn: CN=intermediate,OU=CA,O=Example\, Inc.,DC=example,DC=com - keysize: 2048 - validityDays: 3650 - pkPassword: intermediate-ca-password - file: intermediate-ca.pem - -nodes: - - name: node1 - dn: CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com - dns: - - elasticsearch - - name: node2 - dn: CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com - dns: - - elasticsearch-2 - - name: node3 - dn: CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com - dns: - - elasticsearch-3 - - name: filebeat - dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com - dns: - - wazuh - -clients: - - name: admin - dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com - admin: true diff --git a/single-node/README.md b/single-node/README.md new file mode 100644 index 00000000..efd303c7 --- /dev/null +++ b/single-node/README.md @@ -0,0 +1,24 @@ +# Deploy Wazuh Docker in single node configuration + +This deployment is defined in the `docker-compose.yml` file with one Wazuh manager containers, one Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: + +1) Increase max_map_count on your host (Linux). This command must be run with root permissions: +``` +$ sysctl -w vm.max_map_count=262144 +``` +2) Run the certificate creation script: +``` +$ docker-compose -f generate-indexer-certs.yml run --rm generator +``` +3) Start the environment with docker-compose: + +- In the foregroud: +``` +$ docker-compose up +``` +- In the background: +``` +$ docker-compose up -d +``` + +The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated. diff --git a/single-node/config/certs.yml b/single-node/config/certs.yml new file mode 100755 index 00000000..8cb8d3f2 --- /dev/null +++ b/single-node/config/certs.yml @@ -0,0 +1,16 @@ +nodes: + # Wazuh indexer server nodes + indexer: + - name: wazuh.indexer + ip: wazuh.indexer + + # Wazuh server nodes + # Use node_type only with more than one Wazuh manager + server: + - name: wazuh.manager + ip: wazuh.manager + + # Wazuh dashboard node + dashboard: + - name: wazuh.dashboard + ip: wazuh.dashboard \ No newline at end of file diff --git a/production_cluster/wazuh_cluster/wazuh_manager.conf b/single-node/config/wazuh_cluster/wazuh_manager.conf similarity index 84% rename from production_cluster/wazuh_cluster/wazuh_manager.conf rename to single-node/config/wazuh_cluster/wazuh_manager.conf index e24dd77f..f3268e7d 100644 --- a/production_cluster/wazuh_cluster/wazuh_manager.conf +++ b/single-node/config/wazuh_cluster/wazuh_manager.conf @@ -10,6 +10,8 @@ recipient@example.wazuh.com 12 alerts.log + 10m + 0 @@ -43,8 +45,8 @@ 43200 - /var/ossec/etc/rootcheck/rootkit_files.txt - /var/ossec/etc/rootcheck/rootkit_trojans.txt + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt yes @@ -79,6 +81,11 @@ yes yes yes + + + + 10 + @@ -91,7 +98,7 @@ no 5m - 6h + 6h yes @@ -109,6 +116,7 @@ no stretch buster + bullseye 1h @@ -122,6 +130,20 @@ 1h + + + no + amazon-linux + amazon-linux-2 + 1h + + + + + no + 1h + + yes @@ -207,63 +229,42 @@ disable-account - disable-account.sh - user + disable-account yes - restart-ossec - restart-ossec.sh - + restart-wazuh + restart-wazuh firewall-drop - firewall-drop.sh - srcip + firewall-drop yes host-deny - host-deny.sh - srcip + host-deny yes route-null - route-null.sh - srcip + route-null yes win_route-null - route-null.cmd - srcip - yes - - - - win_route-null-2012 - route-null-2012.cmd - srcip + route-null.exe yes netsh - netsh.cmd - srcip - yes - - - - netsh-win-2016 - netsh-win-2016.cmd - srcip + netsh.exe yes @@ -307,36 +308,40 @@ etc/rules + + yes + 1 + 64 + 15m + + no 1515 no - yes - 0 yes no - yes HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no - /var/ossec/etc/sslmanager.cert - /var/ossec/etc/sslmanager.key + etc/sslmanager.cert + etc/sslmanager.key no wazuh - manager + node01 master - c98b6ha9b6169zc5f67rae55ae4z5647 + 1516 0.0.0.0 - wazuh-master + NODE_IP no - no + yes @@ -346,4 +351,5 @@ syslog /var/ossec/logs/active-responses.log + diff --git a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml new file mode 100644 index 00000000..2a9cdba2 --- /dev/null +++ b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml @@ -0,0 +1,12 @@ +server.host: 0.0.0.0 +server.port: 5601 +opensearch.hosts: https://wazuh.indexer:9200 +opensearch.ssl.verificationMode: certificate +opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] +opensearch_security.multitenancy.enabled: false +opensearch_security.readonly_mode.roles: ["kibana_read_only"] +server.ssl.enabled: true +server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" +server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" +opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] +uiSettings.overrides.defaultRoute: /app/wazuh diff --git a/single-node/config/wazuh_dashboard/wazuh.yml b/single-node/config/wazuh_dashboard/wazuh.yml new file mode 100644 index 00000000..ea5e82b4 --- /dev/null +++ b/single-node/config/wazuh_dashboard/wazuh.yml @@ -0,0 +1,7 @@ +hosts: + - 1513629884013: + url: "https://wazuh.manager" + port: 55000 + username: wazuh-wui + password: MyS3cr37P450r.*- + run_as: false diff --git a/single-node/config/wazuh_indexer/internal_users.yml b/single-node/config/wazuh_indexer/internal_users.yml new file mode 100644 index 00000000..d9f05b34 --- /dev/null +++ b/single-node/config/wazuh_indexer/internal_users.yml @@ -0,0 +1,56 @@ +--- +# This is the internal user database +# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh + +_meta: + type: "internalusers" + config_version: 2 + +# Define your internal users here + +## Demo users + +admin: + hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO" + reserved: true + backend_roles: + - "admin" + description: "Demo admin user" + +kibanaserver: + hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." + reserved: true + description: "Demo kibanaserver user" + +kibanaro: + hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" + reserved: false + backend_roles: + - "kibanauser" + - "readall" + attributes: + attribute1: "value1" + attribute2: "value2" + attribute3: "value3" + description: "Demo kibanaro user" + +logstash: + hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" + reserved: false + backend_roles: + - "logstash" + description: "Demo logstash user" + +readall: + hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" + reserved: false + backend_roles: + - "readall" + description: "Demo readall user" + +snapshotrestore: + hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" + reserved: false + backend_roles: + - "snapshotrestore" + description: "Demo snapshotrestore user" diff --git a/single-node/config/wazuh_indexer/wazuh.indexer.yml b/single-node/config/wazuh_indexer/wazuh.indexer.yml new file mode 100644 index 00000000..e87e35ea --- /dev/null +++ b/single-node/config/wazuh_indexer/wazuh.indexer.yml @@ -0,0 +1,28 @@ +network.host: "0.0.0.0" +node.name: "wazuh.indexer" +path.data: /var/lib/wazuh-indexer +path.logs: /var/log/wazuh-indexer +discovery.type: single-node +compatibility.override_main_response_version: true +plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem +plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key +plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem +plugins.security.ssl.http.enabled: true +plugins.security.ssl.transport.enforce_hostname_verification: false +plugins.security.ssl.transport.resolve_hostname: false +plugins.security.authcz.admin_dn: +- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.check_snapshot_restore_write_privileges: true +plugins.security.enable_snapshot_restore_privilege: true +plugins.security.nodes_dn: +- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" +plugins.security.restapi.roles_enabled: +- "all_access" +- "security_rest_api_access" +plugins.security.system_indices.enabled: true +plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] +plugins.security.allow_default_init_securityindex: true +cluster.routing.allocation.disk.threshold_enabled: false \ No newline at end of file diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml new file mode 100644 index 00000000..c8e3d0cc --- /dev/null +++ b/single-node/docker-compose.yml @@ -0,0 +1,102 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3.7' + +services: + wazuh.manager: + image: wazuh/wazuh-manager:4.4.0 + hostname: wazuh.manager + restart: always + ports: + - "1514:1514" + - "1515:1515" + - "514:514/udp" + - "55000:55000" + environment: + - INDEXER_URL=https://wazuh.indexer:9200 + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - FILEBEAT_SSL_VERIFICATION_MODE=full + - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem + - SSL_CERTIFICATE=/etc/ssl/filebeat.pem + - SSL_KEY=/etc/ssl/filebeat.key + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_integrations:/var/ossec/integrations + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_agentless:/var/ossec/agentless + - wazuh_wodles:/var/ossec/wodles + - filebeat_etc:/etc/filebeat + - filebeat_var:/var/lib/filebeat + - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key + - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf + + wazuh.indexer: + image: wazuh/wazuh-indexer:4.4.0 + hostname: wazuh.indexer + restart: always + ports: + - "9200:9200" + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key + - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem + - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem + - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem + - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml + - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:4.4.0 + hostname: wazuh.dashboard + restart: always + ports: + - 443:5601 + environment: + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=SecretPassword + - WAZUH_API_URL=https://wazuh.manager + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- + volumes: + - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem + - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem + - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem + - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + depends_on: + - wazuh.indexer + links: + - wazuh.indexer:wazuh.indexer + - wazuh.manager:wazuh.manager + +volumes: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_integrations: + wazuh_active_response: + wazuh_agentless: + wazuh_wodles: + filebeat_etc: + filebeat_var: + wazuh-indexer-data: diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml new file mode 100644 index 00000000..fb0f5c72 --- /dev/null +++ b/single-node/generate-indexer-certs.yml @@ -0,0 +1,10 @@ +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +version: '3' + +services: + generator: + image: wazuh/wazuh-certs-generator:0.0.1 + hostname: wazuh-certs-generator + volumes: + - ./config/wazuh_indexer_ssl_certs/:/certificates/ + - ./config/certs.yml:/config/certs.yml \ No newline at end of file diff --git a/wazuh-odfe/config/wazuh.repo b/wazuh-odfe/config/wazuh.repo deleted file mode 100644 index e230d6a9..00000000 --- a/wazuh-odfe/config/wazuh.repo +++ /dev/null @@ -1,7 +0,0 @@ -[wazuh_repo] -gpgcheck=1 -gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH -enabled=1 -name=Wazuh repository -baseurl=https://packages.wazuh.com/4.x/yum/ -protect=1 diff --git a/xpack-compose.yml b/xpack-compose.yml deleted file mode 100644 index 8fdb12e7..00000000 --- a/xpack-compose.yml +++ /dev/null @@ -1,186 +0,0 @@ -# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) -version: '3.7' - -services: - wazuh: - image: wazuh/wazuh:4.4.0 - hostname: wazuh-manager - restart: always - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTIC_USERNAME=elastic - - ELASTIC_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=none - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt - - SSL_CERTIFICATE=/etc/ssl/wazuh.crt - - SSL_KEY=/etc/ssl/wazuh.key - volumes: - - ossec_api_configuration:/var/ossec/api/configuration - - ossec_etc:/var/ossec/etc - - ossec_logs:/var/ossec/logs - - ossec_queue:/var/ossec/queue - - ossec_var_multigroups:/var/ossec/var/multigroups - - ossec_integrations:/var/ossec/integrations - - ossec_active_response:/var/ossec/active-response/bin - - ossec_agentless:/var/ossec/agentless - - ossec_wodles:/var/ossec/wodles - - filebeat_etc:/etc/filebeat - - filebeat_var:/var/lib/filebeat - - ./xpack/ca/ca.crt:/etc/ssl/ca.crt - - ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt - - ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key - - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 - hostname: elasticsearch - restart: always - ports: - - "9200:9200" - environment: - - cluster.name=wazuh-cluster - - node.name=elasticsearch - - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 - - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 - - ELASTIC_PASSWORD=SecretPassword - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt - - ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key - - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt - - elasticsearch2: - image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 - hostname: elasticsearch2 - restart: always - environment: - - cluster.name=wazuh-cluster - - node.name=elasticsearch2 - - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 - - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 - - ELASTIC_PASSWORD=SecretPassword - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt - - ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key - - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt - - elasticsearch3: - image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 - hostname: elasticsearch3 - restart: always - environment: - - cluster.name=wazuh-cluster - - node.name=elasticsearch3 - - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 - - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 - - ELASTIC_PASSWORD=SecretPassword - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt - - ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key - - ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt - - - - kibana: - image: wazuh/wazuh-kibana:4.4.0 - hostname: kibana - restart: always - ports: - - 443:5601 - environment: - - SERVERNAME=localhost - - ELASTICSEARCH_USERNAME=elastic - - ELASTICSEARCH_PASSWORD=SecretPassword - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTICSEARCH_HOSTS=https://elasticsearch:9200 - - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt - - SERVER_SSL_ENABLED=true - - XPACK_SECURITY_ENABLED=true - - SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key - - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt - volumes: - - ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt - - ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key - - ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt - depends_on: - - elasticsearch - links: - - elasticsearch:elasticsearch - - wazuh:wazuh - -volumes: - ossec_api_configuration: - ossec_etc: - ossec_logs: - ossec_queue: - ossec_var_multigroups: - ossec_integrations: - ossec_active_response: - ossec_agentless: - ossec_wodles: - filebeat_etc: - filebeat_var: diff --git a/xpack-from-sources.yml b/xpack-from-sources.yml deleted file mode 100644 index ff5fb355..00000000 --- a/xpack-from-sources.yml +++ /dev/null @@ -1,192 +0,0 @@ -# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) -version: '3.7' - -services: - wazuh: - build: - context: wazuh-odfe/ - args: - - FILEBEAT_CHANNEL=filebeat - - FILEBEAT_VERSION=7.11.2 - image: wazuh/wazuh:4.4.0 - hostname: wazuh-manager - restart: always - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTIC_USERNAME=elastic - - ELASTIC_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=none - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt - - SSL_CERTIFICATE=/etc/ssl/wazuh.crt - - SSL_KEY=/etc/ssl/wazuh.key - volumes: - - ossec_api_configuration:/var/ossec/api/configuration - - ossec_etc:/var/ossec/etc - - ossec_logs:/var/ossec/logs - - ossec_queue:/var/ossec/queue - - ossec_var_multigroups:/var/ossec/var/multigroups - - ossec_integrations:/var/ossec/integrations - - ossec_active_response:/var/ossec/active-response/bin - - ossec_agentless:/var/ossec/agentless - - ossec_wodles:/var/ossec/wodles - - filebeat_etc:/etc/filebeat - - filebeat_var:/var/lib/filebeat - - ./xpack/ca/ca.crt:/etc/ssl/ca.crt - - ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt - - ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key - - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2 - hostname: elasticsearch - restart: always - ports: - - "9200:9200" - environment: - - cluster.name=wazuh-cluster - - node.name=elasticsearch - - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 - - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 - - ELASTIC_PASSWORD=SecretPassword - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt - - ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key - - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt - - elasticsearch2: - image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2 - hostname: elasticsearch2 - restart: always - environment: - - cluster.name=wazuh-cluster - - node.name=elasticsearch2 - - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 - - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 - - ELASTIC_PASSWORD=SecretPassword - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt - - ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key - - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt - - elasticsearch3: - image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2 - hostname: elasticsearch3 - restart: always - environment: - - cluster.name=wazuh-cluster - - node.name=elasticsearch3 - - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 - - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 - - ELASTIC_PASSWORD=SecretPassword - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - bootstrap.memory_lock=true - - xpack.license.self_generated.type=basic - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt - - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key - - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - volumes: - - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt - - ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key - - ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt - - - - kibana: - build: kibana/ - image: wazuh/wazuh-kibana:4.4.0 - hostname: kibana - restart: always - ports: - - 443:5601 - environment: - - SERVERNAME=localhost - - ELASTICSEARCH_USERNAME=elastic - - ELASTICSEARCH_PASSWORD=SecretPassword - - ELASTICSEARCH_URL=https://elasticsearch:9200 - - ELASTICSEARCH_HOSTS=https://elasticsearch:9200 - - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt - - SERVER_SSL_ENABLED=true - - XPACK_SECURITY_ENABLED=true - - SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key - - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt - volumes: - - ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt - - ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key - - ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt - depends_on: - - elasticsearch - links: - - elasticsearch:elasticsearch - - wazuh:wazuh - -volumes: - ossec_api_configuration: - ossec_etc: - ossec_logs: - ossec_queue: - ossec_var_multigroups: - ossec_integrations: - ossec_active_response: - ossec_agentless: - ossec_wodles: - filebeat_etc: - filebeat_var: diff --git a/xpack/instances.yml b/xpack/instances.yml deleted file mode 100644 index a6a61904..00000000 --- a/xpack/instances.yml +++ /dev/null @@ -1,35 +0,0 @@ -instances: - - name: elasticsearch - dns: - - elasticsearch - - localhost - ip: - - 127.0.0.1 - - - name: elasticsearch2 - dns: - - elasticsearch2 - - localhost - ip: - - 127.0.0.1 - - - name: elasticsearch3 - dns: - - elasticsearch3 - - localhost - ip: - - 127.0.0.1 - - - name: kibana - dns: - - kibana - - localhost - ip: - - 127.0.0.1 - - - name: wazuh - dns: - - wazuh - - localhost - ip: - - 127.0.0.1 \ No newline at end of file