paulmataruso/wazuh-docker-mirror
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-02 21:13:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change directories structure

Browse Source
This commit is contained in:
vcerenu
2022-03-30 14:07:52 -03:00
parent 73901f9753
commit dbb46a913e
65 changed files with 880 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

360
multi-node/Migration-to-Wazuh-4.3.md Normal file
View File

@@ -0,0 +1,360 @@
# Opendistro data migration to Wazuh indexer on docker.
This procedure explains how to migrate Opendistro data from Opendistro to Wazuh indexer in docker production deployments.
The example is migrating from v4.2 to v4.3.
## Procedure
Assuming that you have a v4.2 production deployment, perform the following steps.
**1. Stop 4.2 environment**
`docker-compose -f production-cluster.yml stop`
**2. List Elastic volumesStop 4.2 environment**
`docker volume ls --filter name='wazuh-docker_elastic-data'`
**3. Inspect Elastic volume**
`docker volume inspect wazuh-docker_elastic-data-1`
**4. down the 4.2 environment.**
`docker-compose -f production-cluster.yml down`
**5. Run the volume create command:** create new Indexer and Wazuh Manager volumes using the `com.docker.compose.version` label value from the previous command.
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=wazuh-indexer-data-1 \
multi-node_wazuh-indexer-data-1
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=wazuh-indexer-data-2 \
multi-node_wazuh-indexer-data-2
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=wazuh-indexer-data-3 \
multi-node_wazuh-indexer-data-3
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master_wazuh_api_configuration \
multi-node_master_wazuh_api_configuration
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master_wazuh_etc \
wazuh-master_docker_wazuh_etc
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-logs \
multi-node_master-wazuh-logs
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-queue \
multi-node_master-wazuh-queue
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-var-multigroups \
multi-node_master-wazuh-var-multigroups
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-integrations \
multi-node_master-wazuh-integrations
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-active-response \
multi-node_master-wazuh-active-response
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-agentless \
multi-node_master-wazuh-agentless
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-wodles \
multi-node_master-wazuh-wodles
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-filebeat-etc \
multi-node_master-filebeat-etc
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-filebeat-var \
multi-node_master-filebeat-var
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker_wazuh_api_configuration \
multi-node_worker_wazuh_api_configuration
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker_wazuh_etc \
multi-node_worker-wazuh-etc
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-logs \
multi-node_worker-wazuh-logs
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-queue \
multi-node_worker-wazuh-queue
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-var-multigroups \
multi-node_worker-wazuh-var-multigroups
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-integrations \
multi-node_worker-wazuh-integrations
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-active-response \
multi-node_worker-wazuh-active-response
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-agentless \
multi-node_worker-wazuh-agentless
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-wodles \
multi-node_worker-wazuh-wodles
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-filebeat-etc \
multi-node_worker-filebeat-etc
```
```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-filebeat-var \
multi-node_worker-filebeat-var
```
**6. Copy the volume content from Elastic to Wazuh indexer volumes and old Wazuh Manager content to new volumes.**
```
docker container run --rm -it \
-v wazuh-docker_elastic-data-1:/from \
-v multi-node_wazuh-indexer-data-1:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_elastic-data-2:/from \
-v multi-node_wazuh-indexer-data-2:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_elastic-data-3:/from \
-v multi-node_wazuh-indexer-data-3:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-api-configuration:/from \
-v multi-node_master-wazuh-api-configuration:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-etc:/from \
-v multi-node_master-wazuh-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-logs:/from \
-v multi-node_master-wazuh-logs:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-queue:/from \
-v multi-node_master-wazuh-queue:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-var-multigroups:/from \
-v multi-node_master-wazuh-var-multigroups:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-integrations:/from \
-v multi-node_master-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-active-response:/from \
-v multi-node_master-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-agentless:/from \
-v multi-node_master-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_ossec-wodles:/from \
-v multi-node_master-wazuh-wodles:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_filebeat-etc:/from \
-v multi-node_master-filebeat-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_filebeat-var:/from \
-v multi-node_master-filebeat-var:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-api-configuration:/from \
-v multi-node_worker-wazuh-api-configuration:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-etc:/from \
-v multi-node_worker-wazuh-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-logs:/from \
-v multi-node_worker-wazuh-logs:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-queue:/from \
-v multi-node_worker-wazuh-queue:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-var-multigroups:/from \
-v multi-node_worker-wazuh-var-multigroups:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-integrations:/from \
-v multi-node_worker-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-active-response:/from \
-v multi-node_worker-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-agentless:/from \
-v multi-node_worker-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-wodles:/from \
-v multi-node_worker-wazuh-wodles:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-filebeat-etc:/from \
-v multi-node_worker-filebeat-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \
-v wazuh-docker_worker-filebeat-var:/from \
-v multi-node_worker-filebeat-var:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
**Steps 5 and 6 can be done with the volume-migrator.sh script, specifying Docker Version and project name as parameters.**
Ex: $ multi-node/volume-migrator.sh 1.25.0 multi-node
**7. Start the 4.3 environment.**
```
git checkout 4.3
cd multi-node
docker-compose -f generate-indexer-certs.yml run --rm generator
docker-compose up -d
```
**8. Check the access to Wazuh dashboard**: go to the Wazuh Dashboard WebUI and check if everything is working.

204
multi-node/docker-compose.yml Normal file
View File

@@ -0,0 +1,204 @@
# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh.master:
image: wazuh/wazuh-manager:4.3.0
hostname: wazuh.master
restart: always
ports:
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh1.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=acme-user
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- master-wazuh-api-configuration:/var/ossec/api/configuration
- master-wazuh-etc:/var/ossec/etc
- master-wazuh-logs:/var/ossec/logs
- master-wazuh-queue:/var/ossec/queue
- master-wazuh-var-multigroups:/var/ossec/var/multigroups
- master-wazuh-integrations:/var/ossec/integrations
- master-wazuh-active-response:/var/ossec/active-response/bin
- master-wazuh-agentless:/var/ossec/agentless
- master-wazuh-wodles:/var/ossec/wodles
- master-filebeat-etc:/etc/filebeat
- master-filebeat-var:/var/lib/filebeat
- ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key
- ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.worker:
image: wazuh/wazuh-manager:4.3.0
hostname: wazuh.worker
restart: always
environment:
- INDEXER_URL=https://wazuh1.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
volumes:
- worker-wazuh-api-configuration:/var/ossec/api/configuration
- worker-wazuh-etc:/var/ossec/etc
- worker-wazuh-logs:/var/ossec/logs
- worker-wazuh-queue:/var/ossec/queue
- worker-wazuh-var-multigroups:/var/ossec/var/multigroups
- worker-wazuh-integrations:/var/ossec/integrations
- worker-wazuh-active-response:/var/ossec/active-response/bin
- worker-wazuh-agentless:/var/ossec/agentless
- worker-wazuh-wodles:/var/ossec/wodles
- worker-filebeat-etc:/etc/filebeat
- worker-filebeat-var:/var/lib/filebeat
- ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key
- ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
wazuh1.indexer:
image: wazuh/wazuh-indexer:4.3.0
hostname: wazuh1.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data-1:/var/lib/wazuh-indexer
- ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh1.indexer.key
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/wazuh1.indexer.pem
- ./production_cluster/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/admin.pem
- ./production_cluster/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/admin-key.pem
- ./production_cluster/wazuh-indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
- ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
wazuh2.indexer:
image: wazuh/wazuh-indexer:4.3.0
hostname: wazuh2.indexer
restart: always
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data-2:/var/lib/wazuh-indexer
- ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh2.indexer.key
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/wazuh2.indexer.pem
- ./production_cluster/wazuh-indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
- ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
wazuh3.indexer:
image: wazuh/wazuh-indexer:4.3.0
hostname: wazuh3.indexer
restart: always
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data-3:/var/lib/wazuh-indexer
- ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/root-ca.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/wazuh3.indexer.key
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/wazuh3.indexer.pem
- ./production_cluster/wazuh-indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml
- ./production_cluster/wazuh-indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.3.0
hostname: wazuh.dashboard
restart: always
ports:
- 443:443
environment:
- OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
- WAZUH_API_URL="https://wazuh.master"
- API_USERNAME=acme-user
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./production_cluster/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- ./production_cluster/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- ./production_cluster/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
depends_on:
- wazuh1.indexer
links:
- wazuh1.indexer:wazuh1.indexer
- wazuh.master:wazuh.master
nginx:
image: nginx:stable
hostname: nginx
restart: always
ports:
- "1514:1514"
depends_on:
- wazuh.master
- wazuh.worker
- wazuh.dashboard
links:
- wazuh.master:wazuh.master
- wazuh.worker:wazuh.worker
- wazuh.dashboard:wazuh.dashboard
volumes:
- ./production_cluster/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
volumes:
master-wazuh-api-configuration:
master-wazuh-etc:
master-wazuh-logs:
master-wazuh-queue:
master-wazuh-var-multigroups:
master-wazuh-integrations:
master-wazuh-active-response:
master-wazuh-agentless:
master-wazuh-wodles:
master-filebeat-etc:
master-filebeat-var:
worker-wazuh-api-configuration:
worker-wazuh-etc:
worker-wazuh-logs:
worker-wazuh-queue:
worker-wazuh-var-multigroups:
worker-wazuh-integrations:
worker-wazuh-active-response:
worker-wazuh-agentless:
worker-wazuh-wodles:
worker-filebeat-etc:
worker-filebeat-var:
wazuh-indexer-data-1:
wazuh-indexer-data-2:
wazuh-indexer-data-3:

10
multi-node/generate-indexer-certs.yml Normal file
View File

@@ -0,0 +1,10 @@
# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
version: '3'
services:
generator:
image: wazuh/wazuh-certs-generator:0.0.1
hostname: wazuh-certs-generator
volumes:
- ./production_cluster/wazuh_indexer_ssl_certs/certs.yml:/config.yml
- ./production_cluster/wazuh_indexer_ssl_certs/:/certificates/

46
multi-node/production_cluster/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,46 @@
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
server_tokens off;
gzip on;
}
# load balancer for Wazuh cluster
stream {
upstream mycluster {
hash $remote_addr consistent;
server wazuh.master:1514;
server wazuh.worker:1514;
}
server {
listen 1514;
proxy_pass mycluster;
}
}

56
multi-node/production_cluster/wazuh-indexer/internal_users.yml Normal file
View File

@@ -0,0 +1,56 @@
---
# This is the internal user database
# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
_meta:
type: "internalusers"
config_version: 2
# Define your internal users here
## Demo users
admin:
hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
kibanaserver:
hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
reserved: true
description: "Demo kibanaserver user"
kibanaro:
hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
reserved: false
backend_roles:
- "kibanauser"
- "readall"
attributes:
attribute1: "value1"
attribute2: "value2"
attribute3: "value3"
description: "Demo kibanaro user"
logstash:
hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
reserved: false
backend_roles:
- "logstash"
description: "Demo logstash user"
readall:
hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
reserved: false
backend_roles:
- "readall"
description: "Demo readall user"
snapshotrestore:
hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
reserved: false
backend_roles:
- "snapshotrestore"
description: "Demo snapshotrestore user"

41
multi-node/production_cluster/wazuh-indexer/wazuh1.indexer.yml Normal file
View File

@@ -0,0 +1,41 @@
network.host: wazuh1.indexer
node.name: wazuh1.indexer
cluster.initial_master_nodes:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.pem
plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh1.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.audit.type: internal_opensearch
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
opendistro_security.audit.config.disabled_rest_categories: NONE
opendistro_security.audit.config.disabled_transport_categories: NONE
compatibility.override_main_response_version: true

41
multi-node/production_cluster/wazuh-indexer/wazuh2.indexer.yml Normal file
View File

@@ -0,0 +1,41 @@
network.host: wazuh2.indexer
node.name: wazuh2.indexer
cluster.initial_master_nodes:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.pem
plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh2.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.audit.type: internal_opensearch
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
opendistro_security.audit.config.disabled_rest_categories: NONE
opendistro_security.audit.config.disabled_transport_categories: NONE
compatibility.override_main_response_version: true

41
multi-node/production_cluster/wazuh-indexer/wazuh3.indexer.yml Normal file
View File

@@ -0,0 +1,41 @@
network.host: wazuh3.indexer
node.name: wazuh3.indexer
cluster.initial_master_nodes:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.pem
plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/wazuh3.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.audit.type: internal_opensearch
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
opendistro_security.audit.config.disabled_rest_categories: NONE
opendistro_security.audit.config.disabled_transport_categories: NONE
compatibility.override_main_response_version: true

348
multi-node/production_cluster/wazuh_cluster/wazuh_manager.conf Normal file
View File

@@ -0,0 +1,348 @@
<ossec_config>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>no</email_notification>
<smtp_server>smtp.example.wazuh.com</smtp_server>
<email_from>wazuh@example.wazuh.com</email_from>
<email_to>recipient@example.wazuh.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
</global>
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>plain</log_format>
</logging>
<remote>
<connection>secure</connection>
<port>1514</port>
<protocol>tcp</protocol>
<queue_size>131072</queue_size>
</remote>
<!-- Policy monitoring -->
<rootcheck>
<disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev>
<check_sys>yes</check_sys>
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
<!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency>
<rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs>
</rootcheck>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
</wodle>
<sca>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>12h</interval>
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>stretch</os>
<os>buster</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<!-- File integrity monitoring -->
<syscheck>
<disabled>no</disabled>
<!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Generate alert when new file detected -->
<alert_new_files>yes</alert_new_files>
<!-- Don't ignore files that change more than 'frequency' times -->
<auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
<!-- Directories to check (perform all possible verifications) -->
<directories>/etc,/usr/bin,/usr/sbin</directories>
<directories>/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/random.seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<!-- File types to ignore -->
<ignore type="sregex">.log$|.swp$</ignore>
<!-- Check the file, but never compute the diff -->
<nodiff>/etc/ssl/private.key</nodiff>
<skip_nfs>yes</skip_nfs>
<skip_dev>yes</skip_dev>
<skip_proc>yes</skip_proc>
<skip_sys>yes</skip_sys>
<!-- Nice value for Syscheck process -->
<process_priority>10</process_priority>
<!-- Maximum output throughput -->
<max_eps>100</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_interval>1h</max_interval>
<max_eps>10</max_eps>
</synchronization>
</syscheck>
<!-- Active response -->
<global>
<white_list>127.0.0.1</white_list>
<white_list>^localhost.localdomain$</white_list>
<white_list>4.3.0.1</white_list>
<white_list>4.3.0.2</white_list>
<white_list>208.67.220.220</white_list>
</global>
<command>
<name>disable-account</name>
<executable>disable-account.sh</executable>
<expect>user</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>restart-ossec</name>
<executable>restart-ossec.sh</executable>
<expect></expect>
</command>
<command>
<name>firewall-drop</name>
<executable>firewall-drop.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>host-deny</name>
<executable>host-deny.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>route-null</name>
<executable>route-null.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>win_route-null</name>
<executable>route-null.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>win_route-null-2012</name>
<executable>route-null-2012.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>netsh</name>
<executable>netsh.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>netsh-win-2016</name>
<executable>netsh-win-2016.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<!--
<active-response>
active-response options here
</active-response>
-->
<!-- Log analysis -->
<localfile>
<log_format>command</log_format>
<command>df -P</command>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>last -n 20</command>
<frequency>360</frequency>
</localfile>
<ruleset>
<!-- Default ruleset -->
<decoder_dir>ruleset/decoders</decoder_dir>
<rule_dir>ruleset/rules</rule_dir>
<rule_exclude>0215-policy_rules.xml</rule_exclude>
<list>etc/lists/audit-keys</list>
<list>etc/lists/amazon/aws-eventnames</list>
<list>etc/lists/security-eventchannel</list>
<!-- User-defined ruleset -->
<decoder_dir>etc/decoders</decoder_dir>
<rule_dir>etc/rules</rule_dir>
</ruleset>
<!-- Configuration for wazuh-authd -->
<auth>
<disabled>no</disabled>
<port>1515</port>
<use_source_ip>no</use_source_ip>
<force_insert>yes</force_insert>
<force_time>0</force_time>
<purge>yes</purge>
<use_password>no</use_password>
<limit_maxagents>yes</limit_maxagents>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
</auth>
<cluster>
<name>wazuh</name>
<node_name>manager</node_name>
<node_type>master</node_type>
<key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
<port>1516</port>
<bind_addr>0.0.0.0</bind_addr>
<nodes>
<node>wazuh-master</node>
</nodes>
<hidden>no</hidden>
<disabled>no</disabled>
</cluster>
</ossec_config>
<ossec_config>
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
</ossec_config>

348
multi-node/production_cluster/wazuh_cluster/wazuh_worker.conf Normal file
View File

@@ -0,0 +1,348 @@
<ossec_config>
<global>
<jsonout_output>yes</jsonout_output>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>no</email_notification>
<smtp_server>smtp.example.wazuh.com</smtp_server>
<email_from>wazuh@example.wazuh.com</email_from>
<email_to>recipient@example.wazuh.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
</global>
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>plain</log_format>
</logging>
<remote>
<connection>secure</connection>
<port>1514</port>
<protocol>tcp</protocol>
<queue_size>131072</queue_size>
</remote>
<!-- Policy monitoring -->
<rootcheck>
<disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev>
<check_sys>yes</check_sys>
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
<!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency>
<rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs>
</rootcheck>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
</wodle>
<sca>
<enabled>yes</enabled>
<scan_on_start>yes</scan_on_start>
<interval>12h</interval>
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>stretch</os>
<os>buster</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_from_year>2010</update_from_year>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<!-- File integrity monitoring -->
<syscheck>
<disabled>no</disabled>
<!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Generate alert when new file detected -->
<alert_new_files>yes</alert_new_files>
<!-- Don't ignore files that change more than 'frequency' times -->
<auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
<!-- Directories to check (perform all possible verifications) -->
<directories>/etc,/usr/bin,/usr/sbin</directories>
<directories>/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/random.seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<!-- File types to ignore -->
<ignore type="sregex">.log$|.swp$</ignore>
<!-- Check the file, but never compute the diff -->
<nodiff>/etc/ssl/private.key</nodiff>
<skip_nfs>yes</skip_nfs>
<skip_dev>yes</skip_dev>
<skip_proc>yes</skip_proc>
<skip_sys>yes</skip_sys>
<!-- Nice value for Syscheck process -->
<process_priority>10</process_priority>
<!-- Maximum output throughput -->
<max_eps>100</max_eps>
<!-- Database synchronization settings -->
<synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_interval>1h</max_interval>
<max_eps>10</max_eps>
</synchronization>
</syscheck>
<!-- Active response -->
<global>
<white_list>127.0.0.1</white_list>
<white_list>^localhost.localdomain$</white_list>
<white_list>4.3.0.1</white_list>
<white_list>4.3.0.2</white_list>
<white_list>208.67.220.220</white_list>
</global>
<command>
<name>disable-account</name>
<executable>disable-account.sh</executable>
<expect>user</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>restart-ossec</name>
<executable>restart-ossec.sh</executable>
<expect></expect>
</command>
<command>
<name>firewall-drop</name>
<executable>firewall-drop.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>host-deny</name>
<executable>host-deny.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>route-null</name>
<executable>route-null.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>win_route-null</name>
<executable>route-null.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>win_route-null-2012</name>
<executable>route-null-2012.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>netsh</name>
<executable>netsh.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>netsh-win-2016</name>
<executable>netsh-win-2016.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<!--
<active-response>
active-response options here
</active-response>
-->
<!-- Log analysis -->
<localfile>
<log_format>command</log_format>
<command>df -P</command>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>last -n 20</command>
<frequency>360</frequency>
</localfile>
<ruleset>
<!-- Default ruleset -->
<decoder_dir>ruleset/decoders</decoder_dir>
<rule_dir>ruleset/rules</rule_dir>
<rule_exclude>0215-policy_rules.xml</rule_exclude>
<list>etc/lists/audit-keys</list>
<list>etc/lists/amazon/aws-eventnames</list>
<list>etc/lists/security-eventchannel</list>
<!-- User-defined ruleset -->
<decoder_dir>etc/decoders</decoder_dir>
<rule_dir>etc/rules</rule_dir>
</ruleset>
<!-- Configuration for wazuh-authd -->
<auth>
<disabled>no</disabled>
<port>1515</port>
<use_source_ip>no</use_source_ip>
<force_insert>yes</force_insert>
<force_time>0</force_time>
<purge>yes</purge>
<use_password>no</use_password>
<limit_maxagents>yes</limit_maxagents>
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
<!-- <ssl_agent_ca></ssl_agent_ca> -->
<ssl_verify_host>no</ssl_verify_host>
<ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
<ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
<ssl_auto_negotiate>no</ssl_auto_negotiate>
</auth>
<cluster>
<name>wazuh</name>
<node_name>worker01</node_name>
<node_type>worker</node_type>
<key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
<port>1516</port>
<bind_addr>0.0.0.0</bind_addr>
<nodes>
<node>wazuh-master</node>
</nodes>
<hidden>no</hidden>
<disabled>no</disabled>
</cluster>
</ossec_config>
<ossec_config>
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
</ossec_config>

12
multi-node/production_cluster/wazuh_dashboard/opensearch_dashboards.yml Normal file
View File

@@ -0,0 +1,12 @@
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: https://wazuh1.indexer:9200
opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global

7
multi-node/production_cluster/wazuh_dashboard/wazuh.yml Normal file
View File

@@ -0,0 +1,7 @@
hosts:
- 1513629884013:
url: "https://wazuh.master"
port: 55000
username: acme-user
password: MyS3cr37P450r.*-
run_as: false

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/admin-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDyvkI1DXFa1lj7
s5um16SpsjSUv3Y9qhQGKZVECKYUGLU3ZTQ/iPYa+HsfnWTRQRMsSEYfpEauAHKF
Yxh5BeJOYsz4ei200b13YMg+F8KWHVhE4oa26LeyaF5gXlXTm2AyYTgjobBykD0q
E5oQvMkCq4Bk5NXOzNiT9aS/sXduX8FPQYYsjB92yP6M2aQEdHo8S3Srf5bUpOvy
sP2qxkOTEZlhqJqeX+vbgVJ3SIn4du/U2njFVumChjICOSL6Vl8IJuejJmVqkNww
o3vY1BM/dyFhjv0WMiBrZuFml0Wbh+rCnfcoDebVKUK9Dp3m1DpScMBHI7l1Jajv
aOO7UNzJAgMBAAECggEBAInzwHKgEiS6nlVlTHc0JFtgcGt8p/kBeGHMLg09EQ1o
wUwbEudssdjAEFD2RP57CidnZ5rB5H0suei+WYEl6+f6VFx+Kw2RCSkX8pT/MdHY
GXsEdeTrOsKEd+Yylnos2i2nfJ0bXcit2mTYQP10HJSM3On59tyRJCBqQNfERoiN
fVVzdOSF//9ZfkazyuhYxjZpdb74MtWWWppncGNFUvCLfc6JT7RrdWdMGX20yFhV
p/NVBnHRkMcsuyIl9583SYGoTgTktJPeXFntrkCzBEXCBZIvLHHTtEG4KzROR3Sc
WOjpsp4BRIYYGMUbfWHTM2xPiFMPa4GQddTbQv44x8UCgYEA/CIpyXHG68XwX3Q8
IEMUBxVHy4MAHw3CZW4bARa3cvjntDzDO+5tMWXczdFvBN0dvt1wUrveGNzM3w6v
v+UIVSJvMv8uTku6lkQdo/UVf73XH/NAqCEarMkcyLiAGaEASl44TtcybIe9GvCX
VqzKDrH+CSC3H0YvfBDOZ5FM828CgYEA9nc7EG1bG3kwV6qXmzFXAH0suK6pCiJA
cwGHxhvNgJb8NISdPRsOKU1ARV9jdkQu7Lv3eyiIZJejBksFS6aInaC5QR4o1xO1
mjJewogGG6D6vvv3+FaXADvBg/a5sDB5QCtpklm5jck6l57oPwSIezXczVVYBrp2
6VRL0CPbt0cCgYA6z+E9avvCjWZXba6EvADU8iLQFtuVYslAjaFg7KKX//VUNoQ3
25K+3grWO48Q7F7+4XpM4iOZWw+yzCM0uMDr0t9rXti3TLTWTkc3snh0Vpzyh/RC
A47MVREQxPCkiciekEHEKjBJ3pO+z/YNMrrjGKOwD2CHvABhiS4MPHldowKBgAay
pMtEfYZYm8S2IRqZk6iyviVisbtRxPibIQp0NPh6oe33cKJ5esAKlmWMOxK6tZ+/
V/Fj35kEOezw2vr8UpgeBwrK/AckRPokxkh5E9lqXYYVKN75026xMQgaC1/LYXAp
/dt5Tr6Yqlv2eI9F20Ol6hM2b4b3SEX9AXZtkwn/AoGAKDi9EBEx2yDK2241o3lf
AJk+Piefcn6MQXvlHsCOoeYqmK9nGbMGmwSUaOeNPbkimOgwrJKTdcoOh70QgnMm
qKUjxKysxWGjCUwLFFQCGz2rrjYjxvNfaJRkFN33F1R5oiaG6oFf1qQEeSfESwoD
VSPt/ewol6k8wm5ucnsA69U=
-----END PRIVATE KEY-----

19
multi-node/production_cluster/wazuh_indexer_ssl_certs/admin.pem Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDDjCCAfYCFDT7tebzvQn0hJ1oEJxkW0TlDqdJMA0GCSqGSIb3DQEBCwUAMDUx
DjAMBgNVBAsMBVdhenVoMQ4wDAYDVQQKDAVXYXp1aDETMBEGA1UEBwwKQ2FsaWZv
cm5pYTAeFw0yMjAzMzAxNjIxMDlaFw0zMjAzMjcxNjIxMDlaMFIxCzAJBgNVBAYT
AlVTMRMwEQYDVQQHDApDYWxpZm9ybmlhMQ4wDAYDVQQKDAVXYXp1aDEOMAwGA1UE
CwwFV2F6dWgxDjAMBgNVBAMMBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA8r5CNQ1xWtZY+7ObptekqbI0lL92PaoUBimVRAimFBi1N2U0P4j2
Gvh7H51k0UETLEhGH6RGrgByhWMYeQXiTmLM+HottNG9d2DIPhfClh1YROKGtui3
smheYF5V05tgMmE4I6GwcpA9KhOaELzJAquAZOTVzszYk/Wkv7F3bl/BT0GGLIwf
dsj+jNmkBHR6PEt0q3+W1KTr8rD9qsZDkxGZYaianl/r24FSd0iJ+Hbv1Np4xVbp
goYyAjki+lZfCCbnoyZlapDcMKN72NQTP3chYY79FjIga2bhZpdFm4fqwp33KA3m
1SlCvQ6d5tQ6UnDARyO5dSWo72jju1DcyQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
AQC0jnfi85nCjAYAb5xsSUKMFruZ22N+sqy/2oa/auWr4ZtB22hxrBAFCi3bvBRu
vUsLIx6KJAl7/Y6jHBNnLIbFNN8LnH9OD1g7ke6FJZbw0k8JDSQtfRA7p4yOGE/b
Bdhu1IA3KiHD8wRgKAqMDIsFcmOgR8iIiKebw7IqxUQs2RSNgDYyHcjmgys/acr1
0bH6Jivzlz6MxyLRgLD66WakSSOLkg2r66cXy/rc9xvuc3CRRTy9jze8bdIQY2S3
xf2iSmASrkG7KdCNWlDmddykyXFdF/gUm/IpW6lFLoXtV8/WtGeQ2umZgslnjE0b
a/wqN6wb68VUfRecZLojre2Q
-----END CERTIFICATE-----

24
multi-node/production_cluster/wazuh_indexer_ssl_certs/certs.yml Normal file
View File

@@ -0,0 +1,24 @@
nodes:
# Wazuh indexer server nodes
indexer:
name: wazuh1.indexer
ip: wazuh1.indexer
name: wazuh2.indexer
ip: wazuh2.indexer
name: wazuh3.indexer
ip: wazuh3.indexer
# Wazuh server nodes
# Use node_type only with more than one Wazuh manager
server:
name: wazuh.master
ip: wazuh.master
node_type: master
name: wazuh.worker
ip: wazuh.worker
node_type: worker
# Wazuh dashboard node
dashboard:
name: wazuh.dashboard
ip: wazuh.dashboard

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/root-ca.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDoEXkZ83C5Ec87
kubEylLb466yc2pEErHBlT5ehQDxqjW5/G/Jb3X7vkziJJlcaABzzYhso8WfN4LH
iSlU2MFXaPQojUUcHB3kQ0Y8ndZgqPIOIsMWxTaJ2Zxls5F+nyVhs+VmPm0OMmpU
klSt74wlOg0gEF0bOhF5RVSImXlF34lPOjJsnBC07RT5qeNdwSJL646ij7zYdo4v
hSrSmeNdMgu+SIudfPP+1pB0FGIMxgXRLVlo30W2Vp2l0kIBs2Y3Xf5Wb4c+Jk/8
BdwPspAL/ar10yFIE4PhNhnTF4DoTfAy0FkVWyqThZFRr16TZWEZfj6xYkgQX+A7
NAeexGFTAgMBAAECggEALwn7pgr2Ok0l2El6hUENcozACGPkkk/HwBlkPvxuqI17
vmswrX/uRkzYgK4yd8yM6uwqTvsTP6ac150xx4T4C6O2edHIxF3eoToRro+/uHAG
QF9DdAYde+ukC+lOAIB5r0gro4Hb0Rje/K18hJUdrx4JMwqeFLq8d/xZmiahskuu
UUo3Grq5hP6kuyKvG1GXkWG0Y6AkLip3OnaUypVPR3T4J+ydHmo1XjEwNXKdByll
u2thgzLsTmnD8CJYwdmqKhM8O8voTkyFpc6tj4x2K8/NLP1Y0slYdSHC4TSdDfCJ
6d3vShCmH8xM2PuALL4ofXvQ76D4gvLe3SrJ7d9IAQKBgQD4VH70aRSh5M+I6dT2
yqhKwOwpElEupUoft2LytZfYiylryRYJVy8pB+0cN3Dy7/G6MGQ4LSbG2UbQkuT7
iaeKSU3aKhqK9UyBuDUJg+vOK81IaEra1dvnFFzdf58Azk/WwMSzo2iY9MPaWP6k
1DrhXetJHxiqtYk03jLSV6IpAQKBgQDvPGXTAFVSmuxpG6MVd99bnBYGkZ8loLzc
wqPkEWeazQSzcXGfH4sAr2eYpbpvT0X6mIQe3vqRLx4X9tLlG0QhivtIpzP9tOiH
r+IGTepCrgusYp/UDJO+cE22EEMdJumFPcjeQcU9NAYnaf+3Mr+2UOHZD4OoObQt
Z8PJ4qsWUwKBgQCqDbrOhnMBll3kRTR4ODlcz5YpXgjH55rF82BIEsDEIjAgRpjX
lqON9oaR7wli45tmRCMtMQY/36SVyjISaqaXlTFB99krVWWp40o2lOdSzT4LmpfA
Gfk32gLqD64D8EROLL3Gwl0reVnxWUYv+8HCeP1Zmnja1ev6jzrAPhCnAQKBgCKb
Ef+bpLv2PQxXOxf35w9RXL5GgkbnIWqtnRd4jQwPbAao+k6SOYE33jxufLFtPiop
tbLhfk1SC4Bb69XIQ+q2N/MifJrOeHRoNMHEs4ZBtt6QxZ3e0+BQTm1vnMWyw0TK
0yuTR/y6cclxw9O0O5cbzA+h9uF2t2F6CRBDAYyRAoGAI3TGkMD5KHHpdxyY9rca
FDOQGDpr/fBh4MYgTkLWwpW10pmgxSO5+txFhPjhNAcVPJBwP4Nr4pAMjbOnFxef
JdnvWwhari+r5REkeGxNTTZjxirltiVv4BCFfjiVQC4jJrx4pwLB62vu3Gg9sw07
9Ar3f3mX2kvl6uOG3UcDSzM=
-----END PRIVATE KEY-----

20
multi-node/production_cluster/wazuh_indexer_ssl_certs/root-ca.pem Normal file
View File

@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSzCCAjOgAwIBAgIUMsRC29ASzFg/NKEsaNmiG1985WQwDQYJKoZIhvcNAQEL
BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD
YWxpZm9ybmlhMB4XDTIyMDMzMDE2MjEwOVoXDTMyMDMyNzE2MjEwOVowNTEOMAwG
A1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApDYWxpZm9ybmlh
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BF5GfNwuRHPO5LmxMpS
2+OusnNqRBKxwZU+XoUA8ao1ufxvyW91+75M4iSZXGgAc82IbKPFnzeCx4kpVNjB
V2j0KI1FHBwd5ENGPJ3WYKjyDiLDFsU2idmcZbORfp8lYbPlZj5tDjJqVJJUre+M
JToNIBBdGzoReUVUiJl5Rd+JTzoybJwQtO0U+anjXcEiS+uOoo+82HaOL4Uq0pnj
XTILvkiLnXzz/taQdBRiDMYF0S1ZaN9FtladpdJCAbNmN13+Vm+HPiZP/AXcD7KQ
C/2q9dMhSBOD4TYZ0xeA6E3wMtBZFVsqk4WRUa9ek2VhGX4+sWJIEF/gOzQHnsRh
UwIDAQABo1MwUTAdBgNVHQ4EFgQUYl00l8o0bCIkSPZI4vogjUUEGCswHwYDVR0j
BBgwFoAUYl00l8o0bCIkSPZI4vogjUUEGCswDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAQEAtUtlmOYc+frtnXIu3HMPNP7QPr+vhMRaIlt1j2MRMTE8
PtD8xGI50Mub3yc52PD2BPx9WwOFqFJY6fuREfkjkQ6RhAc3NdQ/8ioZ+Tt45Qu3
N8IJKDbjaC6D18DAIq0G2lnxC6ShxcgCjv+8BraWmm9iCnMj78pw0JTVJDtkr87w
qZdSCW3XfzirW4FiHEWynBOvbRCfjxYAYK+AT9g++TDTjbT1MxPtIb1JUDJaFFV0
Oi1lgANY5gWJes5Duw1bcAeQZ9iEX06qOJWWI5DidoM3ARiwHRBv2J/6MUxTMtH8
A0/pV5kqLN586tURZavGdOmlmx+C6QD0GoYi9137Fg==
-----END CERTIFICATE-----

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCdwWuVtuvoVyr9
Zc4t9NUeV7K9XqlcmEJF9FW7/2kb5vAljcoqyum+xZZzQGIY/Jbje+r2jRqw2VyV
tjlShimsAcIb0UHmfKs8btAIfXCa4aLzp3eiSNzRTdQkg94ebkhDKMeW3GKqpqkX
OWrIYb77K/ltRqVUe9WcQZvxzrQqUKKdk/0TfkVU0uY4AxZxfWudL/wWdbMCCgmh
UjvhhjBJRSTIMjGXKxRusXcHz9PsnFGrxr9+DpYhL0qRj8AyF6xg2dfj6vz9Bfgf
dNnOZOIhWkymyXg4vsFwr/d4kXfcRuTl4IGoCtYewGTBKKimpgOxnNcKJsajCHJV
eBPDMdwPAgMBAAECggEAPrXY0pb4iE++YyTJJTOiVIGAKA8tPAW6spxCSI1rdxAC
fqsypngrGw7ok8AQPuaKBLwJ1yCYb5y4VTsu5kM25Y19YBl7HOiKGWfjgrx6utbf
NARqZjSYswtBPZK+BVLJnwji7nGFN1kw9m54qFdS1/3PFUV0C3V+oLLkDuegbwEn
AUqFy6sP/4EEHsDBvvVWSbg6jV28YSUFD8pbDLVwBU3zXMlj/nmxPVRxAyap9xN+
zw66s/E4DvESE7owGdttRGAGVkAsDGDP37a4+CfxRKzpcSBuaMuE+B51dfWebSJM
kYbXC7CAjid/C012pwQG+9E4sZCxqsa5iJWPZfNuAQKBgQDQlQiBcCkd04px40XQ
6mo0zPe/ySMCNd/crQFqqdNucSBiC8cHyroTx3zexoL1Nm9sDwF3bK07Bt0iyuQA
mm+IwCPTlLe8n82+D69ZYZP203YcnJBfRIsmeyDNYWDJm9b6j/eWA8yS+HIMQqvu
UMRdXSHg+pd5ylyIYpTlqN6AQQKBgQDBnmdUleu9KDSl291hM609+fAbOuK63vBz
5Muo8CgUFbd7wwO904oLFC854qeTxvvnMueJ/0LQql3HqkADKLNZmMw8xQ3jXFiw
6vSfctIpt1Pz/+gNlRn14KdwpAhZUt1TmUlA/UaXv9W0KuDcQHj/XBB557CZk6+G
54lx1PZITwKBgCGhlhCAzDBh9nWshopL8bn3vo6u2LU3iJPlVVAkd9Hb7bPBYGMS
PfSIesrUyTLOhyKuPLdLz5av4aIFgsPSIt+y01P/K6z/O0ZE8yn/QMNQjz/HwsOJ
osIeokhbRibbuMsHwYzvqeGcq47shRpU7YR8SsUiwp/BkC/xbT6mftHBAoGAAJQ8
suAP6GzqW2Sg8N16syjAMxSmAPERvwb8JPEy7XxzJAedR0AOtaHF0mJ/Jc3+it54
Gs2MoZsg1KwJrPi+MJJoafYc6IUqLr1FJgTt4/oMYjptszyy6y1U0t1quPmqd8mJ
kowvXdzRAszuBzqaIglgczziJlNuvvSKULDWW7kCgYAdMARsl0vFEAR1Y5QQzeZO
nMkniSS2CQBOvPpltE2qHf/Fuast/weR6/FxeP9R2EiSPNrhAmEiahH2JcHWBZ3Q
BLo57I+S8vxJ6kRXf6XD55loguChF15jXGKsxXw5MP+MANmoZL+fSFO3yMLtyz/Z
HNYj0xkTwFmC1p8FlujnNA==
-----END PRIVATE KEY-----

21
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh.dashboard.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDdjCCAl6gAwIBAgIUNPu15vO9CfSEnWgQnGRbROUOp08wDQYJKoZIhvcNAQEL
BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD
YWxpZm9ybmlhMB4XDTIyMDMzMDE2MjEwOVoXDTMyMDMyNzE2MjEwOVowXDELMAkG
A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w
DAYDVQQLDAVXYXp1aDEYMBYGA1UEAwwPd2F6dWguZGFzaGJvYXJkMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncFrlbbr6Fcq/WXOLfTVHleyvV6pXJhC
RfRVu/9pG+bwJY3KKsrpvsWWc0BiGPyW43vq9o0asNlclbY5UoYprAHCG9FB5nyr
PG7QCH1wmuGi86d3okjc0U3UJIPeHm5IQyjHltxiqqapFzlqyGG++yv5bUalVHvV
nEGb8c60KlCinZP9E35FVNLmOAMWcX1rnS/8FnWzAgoJoVI74YYwSUUkyDIxlysU
brF3B8/T7JxRq8a/fg6WIS9KkY/AMhesYNnX4+r8/QX4H3TZzmTiIVpMpsl4OL7B
cK/3eJF33Ebk5eCBqArWHsBkwSiopqYDsZzXCibGowhyVXgTwzHcDwIDAQABo1cw
VTAfBgNVHSMEGDAWgBRiXTSXyjRsIiRI9kji+iCNRQQYKzAJBgNVHRMEAjAAMAsG
A1UdDwQEAwIE8DAaBgNVHREEEzARgg93YXp1aC5kYXNoYm9hcmQwDQYJKoZIhvcN
AQELBQADggEBAG7U+AvLKrMs3WZ8fgnfYpYmScmZX4TCLy9g98lshe6U3UsYAh0B
nTBfUzoJ43jRma8FICIwZVS4DxB4hnUamPWkffVGnpOtnAhvWoZgksuhLG7uoatx
LShb3X48BKtziltIcnI1EEhynFNzcmWEoSXrVqFyaPbu5TNhp5II07gFnL9HnuES
8VKdudnk0fXoA4YmkYCxZhatT62mp7AsrJ2aUzCpTNu5vrY5zQMNOr+YUKTCCLAz
q4c4P61GejSvgI4A5XI6gSrJMXRYQ+3cm8oWNQHjnk051O/BULqo1vvQQHs2q3/J
9a1sB3ecZnt4Y1+YIXVzEjkaSnlZQzYsd3s=
-----END CERTIFICATE-----

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh.master-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDHhRNdvthNFHRL
IvaVOR+2jocRqyTi5sGISWVblt1flqtxqJ4TwDiYORfka1LXN2dHytAOSnjXB2ZJ
XcShq35A48A4p+2/4/S7WpeLcjNuoziwkE3BttPDPu989IGHscinRg8PFUVf5u2Q
+8IqFad9Fyl2JbnfMUjRRA0ATH2W3YFDPkK8R7qAmViPJDh8r5KW/QzQlKn0sAsl
xgqTMCsRKsCk2Din4F6YGklSoG78iPLMUxyXx/K+M+vYFljwPRert9tOML/1Cx3x
fqYMlm2NgRkZ5QafnpDHNULifSl/sWoI/8Tcl/AvDE0sPd2SYvhj9Hd8pJfNrBvF
Q6lSIMdvAgMBAAECggEBAIKxP/NLXMJ44IiLOXyb85MQn5dKRRpAT4tnkHZDR3Ui
6+DCs/F6G1hTJbxhNN13FDcpuclyrN8loLH0MyY3gLceuL4j+g+VUa0b9WLJhrk1
P6Agll6K1QHzCssOGn75TNeNg7W8mDnuubUbxJ7umkzNTEJxCeUSkoFJkz6b3DRi
camqozyHurPZPNbszm0txfQ+GiUn2ZpRp0OMmuxQ52n18oiDN5OMIWNwvhrJUuzc
TLjUHN9rHGUxfUeVZeap6TKhjnlGOJg8EQq078TxuWEp5WFxxj3/kCLj7QQkUkDg
TfU0/HOIYNsa156/4HGb3LWGJd5heXZ30IST8geGiWECgYEA7SVv4YsHztCSQ4jk
kyMX4pH9+boztjTaxefAlYikmyeB7rNa4u2WI1qTGEH7L5A1vkV5wOGxrOxZnWNp
v4j/zd9tOED1sgMAdrcQiorJGnakh4UVUaZfsH7GgSVtObhI76Ge80USzKp6zExl
SpqAzis8HOFmdXzUvfXrcU0pOlECgYEA12HXDpA74EnJYaDhR62RKCy2PG+GTtOL
3UOs4w2inK/fYbRkCCuC94qJrluEwVhgVsR4HCagjTkPlgb7CDauXCHNIEC+aN2g
C4hrMcrwfQk71e5WhZuzLya7xJIZsj360DsmAqYt0LhTcdNL0gKAmM8ukBIN3J3e
NmJNYTwztb8CgYEAhL65Aup9Q2JzDUS6ljZFr3kDTt/RBIRPlgplPg8P/R2/WKuj
C3Xs3ftcbW65uWUjAFAJmFN9zos6mqREVIfOkSIpFB0gqzWM8+cDZlnLunmBHa78
QQk9dSFx4mbd3jpu8VxqCki2/kPLm0KETJ9xzHZdHtl5LfjjaTYYRgLoOhECgYA2
dmsnJ5m8cWwW39OXiHA4NHYwehMAQ8YOQVqqX3xLGr3luvPAjSAk8Ec4a7P6IBrc
Vfn5RFs82rzyNvmrbghRC8sO6NA9PC2IPQq+II8HTxpuUkJWrrR0q9q3LiqJQ9r0
ZMCL0vGq4bFYCxIVHMTf3yPrEmWm79SM8/aVK9/3iQKBgHsFhhLqP5rvvVaeSFls
h82wLCjswFClmN1dx65/McHtI96q/7jgLXPvs3KsE0OFFAVVttl6/sEKnAUbYC4q
9Xbo6yv3acRT9CTPiRf//vAjgCeFp/aNhP5JwMd+dXR7OWykXBGs47bg097eB6xK
G/fr+3hYOhhNYngT4aMAkyPd
-----END PRIVATE KEY-----

21
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh.master.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDcDCCAligAwIBAgIUNPu15vO9CfSEnWgQnGRbROUOp00wDQYJKoZIhvcNAQEL
BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD
YWxpZm9ybmlhMB4XDTIyMDMzMDE2MjEwOVoXDTMyMDMyNzE2MjEwOVowWTELMAkG
A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w
DAYDVQQLDAVXYXp1aDEVMBMGA1UEAwwMd2F6dWgubWFzdGVyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4UTXb7YTRR0SyL2lTkfto6HEask4ubBiEll
W5bdX5arcaieE8A4mDkX5GtS1zdnR8rQDkp41wdmSV3Eoat+QOPAOKftv+P0u1qX
i3IzbqM4sJBNwbbTwz7vfPSBh7HIp0YPDxVFX+btkPvCKhWnfRcpdiW53zFI0UQN
AEx9lt2BQz5CvEe6gJlYjyQ4fK+Slv0M0JSp9LALJcYKkzArESrApNg4p+BemBpJ
UqBu/IjyzFMcl8fyvjPr2BZY8D0Xq7fbTjC/9Qsd8X6mDJZtjYEZGeUGn56QxzVC
4n0pf7FqCP/E3JfwLwxNLD3dkmL4Y/R3fKSXzawbxUOpUiDHbwIDAQABo1QwUjAf
BgNVHSMEGDAWgBRiXTSXyjRsIiRI9kji+iCNRQQYKzAJBgNVHRMEAjAAMAsGA1Ud
DwQEAwIE8DAXBgNVHREEEDAOggx3YXp1aC5tYXN0ZXIwDQYJKoZIhvcNAQELBQAD
ggEBAHbAaj75GUytJ0Oy+7YMfvV5tBbPwD9ldtpY0yDeBlgOlnygt2gvoW6kaVF8
P4XgcaPbFwTVVBjOQqngpp2wFDJP9VrHYkr8t9Zi/iBVnr9xa6lzkROuuhjI5CW+
12+7ZcXPnLK+s8LIi8f0s7Y8yeMz/cR61NjfkKfYo1uaG508LENEyKjmPe1NyaMP
9rzDJSCm3aiEa62oj/Fsq53vGoLm4wTPJiSx4V+iFqSnKHaVlPXd3KlFN+plfS6E
zZsxogOJORqoSuDpo+WXsr6Ka2baw5FgXZoP5L/oTYC5zpKBi3QUYMjKFkaLpzTd
evbceYlSHXczXvjoen+dW1TKoAY=
-----END CERTIFICATE-----

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh.worker-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC0lr7A3B25t7VK
90I3k3Rl6yOfP1sspjjVM18TYlo0iuF17nYIo8pV4vABE5EWI43X2TcGFasJNtcN
RPpU8kNCfYzOYg42eW/Aq6xzdJqvfrAGCfFfdxn60G+WklMyhK8UjzGtJN/5FGDw
Z1zZjL/BgJ388lxafzuGtTod8f36fFMDiybPo976GlqrWdPQdiNHUC7Y2LxGD/JG
gQgeL3mmA10d4cKDpFeQ/jGYwcxBGpgNZQMRCh1CVmWm5/i+3F5j+tx25LhKowOM
SNm0OMiHHcLhAljEbUIPtVfEQ9HCKCEZO2vnqoI2IE/20jZ/I+rwulcQNsq0DROo
S/G/1zu5AgMBAAECggEBAIAXMIQxXPA/Ctt6mEA9WeF0sJai5LO9zzACORzRtTPx
kkwI8TXdn4Xd6uiIjW+Llm+Uxb+OHPvzJwRleb5I/EYsMXSt/nDLH+YknrRh79os
3QPbh5Z0LzxFHfFKJrL9hAXsL4slTawptTyvxB8XA2hoJyekbLdP6dP5tZhJ7iD9
Xes3hHIRFXgzT3Dp8n387+AItHvH+E1rDL/uobcy45zNvUEl0pOGW6D7U5Ox5VVp
QzVdnKNu1L36CYx3kNNUFwZXTy7FxbtPi0qQwcDezQp8X3OIyTGuHkEFdvU5/7d/
AvxEaSknJcl3QKP0vfyiSXhKznCA7jb49JQrwnrcurUCgYEA6ktP4Rb46YgsLG12
HpWqJsg34alIZ4ftXkPAoJ96zCNR5tXwwPye56qOuAxlIBESNtU6dReTy6LEYVdM
KnX8dJi8KGSfacqoKWPwgqi4zpQV16nQFrS7OrvcQYEE78wmlXhw0kHcIGTOOqh6
lMmKE+B7Ps0D6xwxmtjRxUoa0NsCgYEAxVG4D4+QpIQPp7NmIxkE4xCJH6qfxzOE
odE5QVNnu520MBDA+sd9A1jGc6IsWOEVnCuF1etu0S/ChsXMB8NuahYQMrgKsl29
ixGbFFa9t7DyxY19+jZhpu9ghkTTkKlhibcv0yZ31P8S55LPhdBGrQ6l2q4HqnSI
k0FO5+iw7/sCgYBuH8AH+Jg+jDbXGwwuDALR/8HkW4EgyI8Vg5sC5HL/iIpyiZSD
4Tl/gndaotjVXbDF/Stg5hgd2v+bEUFHo/VpiHDIO6OCQjMQYV0mzM8wqgIqQDMC
uShXzv0T/OSpIbfxAY9mBHbG8xrMD2yuipxQA29qcUqqM7JNKiRPKym3iQKBgQCj
FuAjPG45DE5ENit9Zvh7FPfBjK1zYEmH1f6U1/MtRzPfZnmazbeuRHoCqVAuRhwu
cGq2XVnC3M7TxjjVUdq5JHNO+H8e3gwEHhEnxmoYodCHKGOvo7Mi30fQsqKLNvS/
dwG4bFsvWYSuktGjsHo6H5lGHgGICbm4vIoTdGiKcQKBgQDNW9ou58BQrJ2ibgu/
HUqtLWPOu87q/9PJmdEG7ux44o3X6wSPSP4cajRFUBoPRIcx3ME9h0pK64T5mL74
NgNyZ9FC4la++HZCqBWf56fTXghPd9uUGD1FOaC02ZzN28RBXcbltTwT90F1uSFv
2CVFmMa5LRZS4j8gp0XqFDbGEw==
-----END PRIVATE KEY-----

21
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh.worker.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDcDCCAligAwIBAgIUNPu15vO9CfSEnWgQnGRbROUOp04wDQYJKoZIhvcNAQEL
BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD
YWxpZm9ybmlhMB4XDTIyMDMzMDE2MjEwOVoXDTMyMDMyNzE2MjEwOVowWTELMAkG
A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w
DAYDVQQLDAVXYXp1aDEVMBMGA1UEAwwMd2F6dWgud29ya2VyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJa+wNwdube1SvdCN5N0Zesjnz9bLKY41TNf
E2JaNIrhde52CKPKVeLwARORFiON19k3BhWrCTbXDUT6VPJDQn2MzmIONnlvwKus
c3Sar36wBgnxX3cZ+tBvlpJTMoSvFI8xrSTf+RRg8Gdc2Yy/wYCd/PJcWn87hrU6
HfH9+nxTA4smz6Pe+hpaq1nT0HYjR1Au2Ni8Rg/yRoEIHi95pgNdHeHCg6RXkP4x
mMHMQRqYDWUDEQodQlZlpuf4vtxeY/rcduS4SqMDjEjZtDjIhx3C4QJYxG1CD7VX
xEPRwighGTtr56qCNiBP9tI2fyPq8LpXEDbKtA0TqEvxv9c7uQIDAQABo1QwUjAf
BgNVHSMEGDAWgBRiXTSXyjRsIiRI9kji+iCNRQQYKzAJBgNVHRMEAjAAMAsGA1Ud
DwQEAwIE8DAXBgNVHREEEDAOggx3YXp1aC53b3JrZXIwDQYJKoZIhvcNAQELBQAD
ggEBADzeaY32rrY1o/6QioSwEL69drJzJstTLQC2bIvTtLqlBcHPJRIxB5jZMM2a
vJuB1qepM9IqW3lGzwvx/eLFcemBVk11twjpTO/ClUSvpitIU0iqSRLRGN89wrHM
bxxId9rbGgQzAOOr2802TvmUkUHorklf6FpfBrRGoCSalutYNkzvzRc5DepUZXJm
nzlqRrD28cp1fHNQ6gLyHEDO5t149JED3UEL0vfM4QnOlYPLJ5LHnjfSKhsslReo
9EU314h+1zGg2Rl7LZD30Li7pIIXTHsa3HKtL3BVECJK/xpxGWa4aJ19WfEhdPfh
2/PFRABIeqGR4noZedtnM7p+59Q=
-----END CERTIFICATE-----

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDq3/cxyHhK20rb
dGRpwG+lHw8vdPUGB1jaey1fCetXATDBMeNpltxooJzb9tTIVIGt4ghrK6hqpUm0
kvK2hZX3VnVD94pzUnpVmiwkBtWyIletCFsiWPplU30ukR/sE63+R164b3kmQohy
ppNKEIZrgRkQbsb5Rj4K7koUVT+IKGoPNl2npSO5Y16+y4lqmQIDSshbEnqoV/cm
nhD43Zsx0TPMs76Yutcsp+n4yrYY/l+Wf/BWD3yE6VwlxoqRBBTfMzZQwaK6OsWA
+NMdS/MrfMs0ccuzGLi4LsbINabIIXk2rPERV9syI0TEWNtSp39LzIPvRT96Pdbb
P2uOpHNRAgMBAAECggEBAOZQCA2BDrQYpSbc0zn/wXqhIjre7QWkXrSe5La0+1it
iilnyh/YFvlhxW7Mc4qdkyv24Vp1zQgGXGf9UJM6GvwWg5bKPbEnx135eB87tICg
vGioMPVVWvPREod/N1Y/VfZp9a/VX27s/u+t9/BAlA8G4JUEi4gUIPKHB404qrvP
REa5nJ0Oyu+WMtZ47Wvb0SBVPtPHDHPJV6WIgPWYmKORjoSV39HSj52o6Mnx1VfB
tDVd3mP6Tfujci5lc+zq+DtxsJo8mLgNle/eZ0ysEnccKPBE+3dNtRzIjmVNAHx8
AquYgBAgXoI2ixhToAOP3MIEToPfNyA2u04KcdxyOgECgYEA/Xa5skp2rclu160F
LDa+O/2l4oVGYB8QYSf6L/efGo6wFUb204Ne2/tAB6KzFFwnS98m/1GxxmxTRKRU
baCkmz6eiGA/yQlKsUlIuPcT/vCy68t7clsogn9+qnUbKfYemmQ5g2U7BGKmZbB1
gSN53xXa7aPs7y5TICN/Vpr+oZkCgYEA7TmfbLc6eaP53zL/rhkELsoOcyLdJwR1
2GnIFmySOmoLR+1TOYNcKq0eDQdd101mT3EJgpXPsoDKbbwNr57TZHDl1R9FAGSW
aK3nJHZi6o+Qei2JJwmyRgzYmldkZkiLVbmlAFQvhP5gzlHAAjr4VyDwJqBQx96d
xOFZBPVJ4nkCgYB5khqbY4/s5zLdC8XxYQh5qb2JGreYnw2yLASaQUD08f+PFQyK
gvZauPYLM4SFfXXztEL2L27/ZzHBOLiuJGEPfUd4zgGKIYTL6ASTgx76JuUKp/y7
6vFRNmnAxI6U39Hp56yWU1WtUsvQ9oRFvohT8h2h4gBg8G06eww2s/zx8QKBgBT4
/TE9WbwbVSH4fkZEC+yfDHv9XxPt/wUtBPWGj77+VRT81FjHVkSnnXqFZjR8sUjg
s3iKChy76imdcJBQOFwu5wLait0oB2wlw8Oje8dE/f7vO6rp3or248dxZnzsePUR
Ppcy2iil3KUg8RrBX+dEEDc6ASpKciRPz/DyRp/xAoGASbmawase+/UEV8PLzdVW
OVbUARBJHbDvfNMIqZ7u3k/xX/q7SvPSV4ElEQh3cstQYLAJQx1ZSq+0TH8F48+6
IURddW2JwfxQiuq+m8G50Md8kG6kPW+6BrEFXH2KRvPF6m9Fur50IhWSwjYfmv82
YGyyn3CsDx5lr6eYGRM0Zkk=
-----END PRIVATE KEY-----

21
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh1.indexer.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDdDCCAlygAwIBAgIUNPu15vO9CfSEnWgQnGRbROUOp0owDQYJKoZIhvcNAQEL
BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD
YWxpZm9ybmlhMB4XDTIyMDMzMDE2MjEwOVoXDTMyMDMyNzE2MjEwOVowWzELMAkG
A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w
DAYDVQQLDAVXYXp1aDEXMBUGA1UEAwwOd2F6dWgxLmluZGV4ZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDq3/cxyHhK20rbdGRpwG+lHw8vdPUGB1ja
ey1fCetXATDBMeNpltxooJzb9tTIVIGt4ghrK6hqpUm0kvK2hZX3VnVD94pzUnpV
miwkBtWyIletCFsiWPplU30ukR/sE63+R164b3kmQohyppNKEIZrgRkQbsb5Rj4K
7koUVT+IKGoPNl2npSO5Y16+y4lqmQIDSshbEnqoV/cmnhD43Zsx0TPMs76Yutcs
p+n4yrYY/l+Wf/BWD3yE6VwlxoqRBBTfMzZQwaK6OsWA+NMdS/MrfMs0ccuzGLi4
LsbINabIIXk2rPERV9syI0TEWNtSp39LzIPvRT96PdbbP2uOpHNRAgMBAAGjVjBU
MB8GA1UdIwQYMBaAFGJdNJfKNGwiJEj2SOL6II1FBBgrMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgTwMBkGA1UdEQQSMBCCDndhenVoMS5pbmRleGVyMA0GCSqGSIb3DQEB
CwUAA4IBAQAeLF5so3GKD/NG7eQQEz5z4ebwLuv126JyHHndvGeEzlMmBbEFNv+B
j/NZOplVp8cdchIPsMR/1hw5qdsrA2i75p/lOMkVtxVgiHrIExhvB9wYTo3i8hHq
cKVUdnFR/gB4IawcrXy7Le6NJeVPo6F1HNsjzUzddWP8qAUhViv3HAeA+86ti9Lm
vIH6ww6NR8q4YgWoHmVV7mo3HD7z76BjYMWnJUeK0ziHtyNw2y7/TO0/rQNdvDRx
0MZwVih3XAo81kb2b4VmpCaiZt2/0v/glx0KmY2PYBiipDclEQpNgOIcaEvM7jtl
U7JIE70mSwOchd6nJ7WTGTijrS+hJY8c
-----END CERTIFICATE-----

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBJ2ch4zx2FMlZ
dlPGAlh4zd+mafJf3MsI1E5bZPv0hXQuH4iwBzctj6YhNPnSr2KYurWfoh/U0/cH
JTw1GQgtFnjEwoyYLpz018yH9foU9pQuIaIrtzZ6UpjyXjCh4155pCldzHilz7KR
PloFCFsedDdKRu43j14fSagnFHeDQbkWemmue38dSJciwC+HQUuQE3ENNx0B6Qnc
3dLLkA4RoJpRJPZ3GDObk3bdClac0kMFWUwS+tGBH4tnOnTkPLOEzStM/qIl3xDf
C4r3e1dIK/kLK2xCpOtmfWjDDQyN/4CDugNVvBaYLORHz0otkp91wCfMPqLZ/5q9
sy3SwkK1AgMBAAECggEAdlaFwSVPbajek4kDWlUljx3S4EoYzNKhMg+g0i3Uj8MT
ow5+2BoTnD5eMgoa5RG+/oOlst/JUMNsnVwavw1PDRCvfR0UtkgYsYllLgdt6FoJ
/xlsGgxtvBPO0O8ULJr4zt3c2jLj1/KgHIxu6pZr/QSGu2Mpn7CeodymwQqxDiCt
Sm0bk8J/m9W7ytWFaiVMRBbxRo8NMv2/RMYIBAI3/v1hLPucO+1vyxSja2FE12jg
0LvHp7N7zgGmjZ8CDRMwOiQkdgx1lfEelXteRKyCdWnPzdrtTguWiXyWOXddPKbJ
1peQDSXP8hqua62KK90CEslcVPiSWl8uTYMcNKBsIQKBgQDp376bfxSZxQPm+k9Y
Ph4maT1WeInV4XY/RtavKBPm9y6JHOCF910Mlc1077RMjgmOHwvdwVtg+2oA/Q+P
CGNx+JX7gl1PA0nrj/xHrTcMf61WIGobb08FCvfU7o5CuQj6osHgx4Xx9YLfeTtk
oWdP05n/a0ybMrAU4bpCVXAwwwKBgQDTbXKs32KxIAaDkzA27KVSsP3avKnjMVAK
r0sMhRIv+H4AaHeXRD9JJHNwJr05LuGlsIM9bsdAxWGOMZ4FWsUGF29AWsSL/d3M
+ZygyL6POKFJjmqi1lbW+OgsmyDx/8hSLNuHd3ny56ijZUaVw9J4sdZJpTYgoLiX
YB7Od/yHJwKBgE5ytb3055UYx9FPfxPrajOaM2/w6NMsWHyrJ1IDkIF1wk9Nt2ZY
bgbNrOgfi4vuTPg2I8XTmPI0Av+n4vMobisJpk2CEghx4va4CniEeqWfoiX0o4Lm
WEwpvK3ZAzEQXhmsRHpAkwZxQt/xC2Ia3cuh/9L0S/L3Eqc+fDrJ6+L/AoGBAKlu
MRK2JVm6R14TivTI6ad9rMEopaAqeXFGjobm8O8+XIMpNIUlLO4JZvT+Jm930V49
OL73UnfmdUpFGtRBrFg4WXAiDRX+iEtl0Q3MMWGGyUGv/mamC4tUhoKQgnNMPhUU
W4yQw0pUOQFP/KOx/K26HfaAjgLRqXutjKJ65wTLAoGBAKtOsSbCc1a62CQYvA1N
pvE9QYSM85AfZzeq5s+4a6a/crzEPzwRP1tCMHwu2w/FOQoaI62x8q58Q7N6tgS3
mlhJIXpBL0RXoIlN3jeKbo1cvnGidgC5fGs1NdaF8PE1PciNXITltrxAKDiZ3syy
3s0LfRzI6Gv3NZGgXzN4Es0I
-----END PRIVATE KEY-----

21
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh2.indexer.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDdDCCAlygAwIBAgIUNPu15vO9CfSEnWgQnGRbROUOp0swDQYJKoZIhvcNAQEL
BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD
YWxpZm9ybmlhMB4XDTIyMDMzMDE2MjEwOVoXDTMyMDMyNzE2MjEwOVowWzELMAkG
A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w
DAYDVQQLDAVXYXp1aDEXMBUGA1UEAwwOd2F6dWgyLmluZGV4ZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBJ2ch4zx2FMlZdlPGAlh4zd+mafJf3MsI
1E5bZPv0hXQuH4iwBzctj6YhNPnSr2KYurWfoh/U0/cHJTw1GQgtFnjEwoyYLpz0
18yH9foU9pQuIaIrtzZ6UpjyXjCh4155pCldzHilz7KRPloFCFsedDdKRu43j14f
SagnFHeDQbkWemmue38dSJciwC+HQUuQE3ENNx0B6Qnc3dLLkA4RoJpRJPZ3GDOb
k3bdClac0kMFWUwS+tGBH4tnOnTkPLOEzStM/qIl3xDfC4r3e1dIK/kLK2xCpOtm
fWjDDQyN/4CDugNVvBaYLORHz0otkp91wCfMPqLZ/5q9sy3SwkK1AgMBAAGjVjBU
MB8GA1UdIwQYMBaAFGJdNJfKNGwiJEj2SOL6II1FBBgrMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgTwMBkGA1UdEQQSMBCCDndhenVoMi5pbmRleGVyMA0GCSqGSIb3DQEB
CwUAA4IBAQBQotSlK29h04ju7QxobUl00cGht3PQZPfLmwvtY4S6V2YZt9p2zejb
j7oT4l0OWsHBBugT4RVapaPq6+Ghbpc666srmoVv9Ny+3uVtD1Wks0r0WtWUdLhQ
On5LU30gTu+dGf4PUr+g9bp1XsFnG/pRR5iG96vQR+EDi+z9TcMi2L2JQIoKiiOz
UbOs/djzf1WKhYpzo/kC6+HlIojVqUVdb5Z3kIf9UXuY+0O2LWGe9hgY2r9RWZSQ
k2rlb5sqvVh8PY5RP6D+p6W3x3b4TrH5AjMFTfkbLWxod4xTYwLfMSTuFEiF8HTM
8tBrbJ8NXDy5udiwjCFloZBivGsn8IPy
-----END CERTIFICATE-----

28
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFzTLJn+H65C5M
uSFgWmF1sGqCelxGIRL2qdp8EeC02fRKY3PSMzMwBqYNweQVRT7Anzk3rjiDDGDc
GEJqp1HKUesoGbXU6gW5yVqvJrydSRcSmKh6mtyL4hIEgVCN7DeBY5Xg3+TS6TGL
OHhQf8Fu8JWGGWy2m56tEZcI2Mt/k/ihkjypYv5w+X76ibyRGKOmWJ682LHDsN5q
/o4G55kvy/QVH9zo+2/7k8GZC4Kigtp0bdypvncl85PA2a8z42JYVCySJfy7/AlZ
5PJPCZIHhITUoXBMNJHGn3pgMadXjiNMFlUKIEtIj8tFgbvyqA+jPOizLVlLRQNL
K1u3kQbTAgMBAAECggEACw791+foam53aDKxewGSkVHboo/UuNcAiGnWnTkipvnI
fqAwyX+zTOwSPJKqfcXxTDOar1I+NpVqlOOGUxAnsngB/avyToUG7Owk9cXkpaaA
c7m1MaWWzvtEppvUNRsPv1wh9QCPensvGel+UIHT/q/UrDqfqVXp+SMSnpwARJGY
C+0Q75Qeg7wJ5uX91HpiKGCgoKi6/4KZV30bDRQoqZrqeT/9ZZZ9kyZ6SHlZAPDh
dXl4g3plroBPOnJfUiR/oyV2jUDn3qU7j7Ti0WYbcr3TBRcPeU44Apyhv1CCS0d7
9cBsWEkXSQmgxoiwkuVHG22VpYPukKVjn3dC5wKzAQKBgQDxP88023/y44gaDcBX
u9oNYL1RkofFAGWqnCIOYu1Tm9s2oh83VUcJymA88cGfw9SQRJp9JwVewQvF8M7J
hbhjhqqsSk3C8Bihu7Mgo5qdzwVx+61URLM2ercY0sbtpVCOw3s290OyAIyOX1cY
r1NdK9zfcHmz1x8mNgiN7AQbCwKBgQDR5VE5OfhrJL2Tq/SpaVoSKpUVLiJGvMEU
63nyErSPhAoqtnauIWgpJttiElqNMLcQuszOZXRDXuW6DoiJsl9pmodJUERN8zem
/k2XGXt4ogylFtoULazc6lNlMHklTy6KqmVPxVi3UORebMWHn7VBgjnzzcU/Z5Me
sx4qs67gWQKBgHnO4A4uLeIzZArTmqQxox1SFQTU2VxsoOiNwNxGstGeRgbFwMEt
e5rD5eefoUXLmM3m9aHvS9TV393ngmFZ9Qm7ev1W3wBoPeebYAxAztaTKoqsqo17
yojdWQldkzd2WsBajyHnovSDNnTESrOaAptuhC0FG03kdkPS0GroGgKVAoGAS16J
zP/I+UhHHri3cQHYiv9payKWwknTF1z6+/bFiWdDc1TzxtFOIsDGNDAc/egJRGOf
WVnK5sozuZywYKmBY11OyP+el1MHn9pfKCvJT2b5HWrYQjiogudNrN88ES6eqsJH
AN7/XUwZxOJQB8RMhMprXuV7t6nMhVCSO4kr+XkCgYBcHc8iR0U5UNhUTY4676KO
BPXWikbAwOUvpVNN1qIcI99M/rXJ4n8Lhr3UI1fv/sJbwVQj3ngIqIIPT6flhP/V
ctYVXDjRZI6ziQCM4lj1HgOwVg/QfzHm+yLSBZ1NRnkeGBdkkiUYWXRJkB9Q/F6T
Ica8JPS4fqIRZ89L+hMlFA==
-----END PRIVATE KEY-----

21
multi-node/production_cluster/wazuh_indexer_ssl_certs/wazuh3.indexer.pem Normal file
View File

@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDdDCCAlygAwIBAgIUNPu15vO9CfSEnWgQnGRbROUOp0wwDQYJKoZIhvcNAQEL
BQAwNTEOMAwGA1UECwwFV2F6dWgxDjAMBgNVBAoMBVdhenVoMRMwEQYDVQQHDApD
YWxpZm9ybmlhMB4XDTIyMDMzMDE2MjEwOVoXDTMyMDMyNzE2MjEwOVowWzELMAkG
A1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExDjAMBgNVBAoMBVdhenVoMQ4w
DAYDVQQLDAVXYXp1aDEXMBUGA1UEAwwOd2F6dWgzLmluZGV4ZXIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFzTLJn+H65C5MuSFgWmF1sGqCelxGIRL2
qdp8EeC02fRKY3PSMzMwBqYNweQVRT7Anzk3rjiDDGDcGEJqp1HKUesoGbXU6gW5
yVqvJrydSRcSmKh6mtyL4hIEgVCN7DeBY5Xg3+TS6TGLOHhQf8Fu8JWGGWy2m56t
EZcI2Mt/k/ihkjypYv5w+X76ibyRGKOmWJ682LHDsN5q/o4G55kvy/QVH9zo+2/7
k8GZC4Kigtp0bdypvncl85PA2a8z42JYVCySJfy7/AlZ5PJPCZIHhITUoXBMNJHG
n3pgMadXjiNMFlUKIEtIj8tFgbvyqA+jPOizLVlLRQNLK1u3kQbTAgMBAAGjVjBU
MB8GA1UdIwQYMBaAFGJdNJfKNGwiJEj2SOL6II1FBBgrMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgTwMBkGA1UdEQQSMBCCDndhenVoMy5pbmRleGVyMA0GCSqGSIb3DQEB
CwUAA4IBAQClMNhIV5f+T4ETHEtC1qeQMIUOlycX5GoaxMOvf4CJtvQSNvDTlT+1
OAWt3bcBzuGXzpdsn8FprqyoZsr+OElfQdn2G04yzhtVi1h/+BfroiMl4enldE0D
XwheVAXDi+MmXFkdH2ur9wBi/H40Yay9WO13OsmCjCwTOeQ784kh4L9sCz++SAk8
wmUSJriaS93vbLP/IeREyk3inbF3Ioy3ICaTFxkREHvtArgatFf0VaMCT1vxO5ty
Iu30UPOHLnQOyOMR5bb4TP2c9g3eY7+4uhMEaS4az60akakuL0xMnGGg1zKHi/e8
Vz/sEID7+dAyTWN0Bjl9u5zJLyXSl32E
-----END CERTIFICATE-----

279
multi-node/volume-migrator.sh Executable file
View File

@@ -0,0 +1,279 @@
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=wazuh-indexer-data-1 \
$2_wazuh-indexer-data-1
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=wazuh-indexer-data-2 \
$2_wazuh-indexer-data-2
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=wazuh-indexer-data-3 \
$2_wazuh-indexer-data-3
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master_wazuh_api_configuration \
$2_master_wazuh_api_configuration
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master_wazuh_etc \
wazuh-master_docker_wazuh_etc
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-logs \
$2_master-wazuh-logs
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-queue \
$2_master-wazuh-queue
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-var-multigroups \
$2_master-wazuh-var-multigroups
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-integrations \
$2_master-wazuh-integrations
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-active-response \
$2_master-wazuh-active-response
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-agentless \
$2_master-wazuh-agentless
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-wodles \
$2_master-wazuh-wodles
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-filebeat-etc \
$2_master-filebeat-etc
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-filebeat-var \
$2_master-filebeat-var
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker_wazuh_api_configuration \
$2_worker_wazuh_api_configuration
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker_wazuh_etc \
$2_worker-wazuh-etc
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-logs \
$2_worker-wazuh-logs
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-queue \
$2_worker-wazuh-queue
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-var-multigroups \
$2_worker-wazuh-var-multigroups
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-integrations \
$2_worker-wazuh-integrations
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-active-response \
$2_worker-wazuh-active-response
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-agentless \
$2_worker-wazuh-agentless
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-wodles \
$2_worker-wazuh-wodles
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-filebeat-etc \
$2_worker-filebeat-etc
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-filebeat-var \
$2_worker-filebeat-var
docker container run --rm -it \
-v wazuh-docker_worker-filebeat-var:/from \
-v $2_worker-filebeat-var:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_elastic-data-1:/from \
-v $2_wazuh-indexer-data-1:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_elastic-data-2:/from \
-v $2_wazuh-indexer-data-2:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_elastic-data-3:/from \
-v $2_wazuh-indexer-data-3:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-api-configuration:/from \
-v $2_master-wazuh-api-configuration:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-etc:/from \
-v $2_master-wazuh-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-logs:/from \
-v $2_master-wazuh-logs:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-queue:/from \
-v $2_master-wazuh-queue:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-var-multigroups:/from \
-v $2_master-wazuh-var-multigroups:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-integrations:/from \
-v $2_master-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-active-response:/from \
-v $2_master-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-agentless:/from \
-v $2_master-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-wodles:/from \
-v $2_master-wazuh-wodles:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_filebeat-etc:/from \
-v $2_master-filebeat-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_filebeat-var:/from \
-v $2_master-filebeat-var:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-api-configuration:/from \
-v $2_worker-wazuh-api-configuration:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-etc:/from \
-v $2_worker-wazuh-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-logs:/from \
-v $2_worker-wazuh-logs:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-queue:/from \
-v $2_worker-wazuh-queue:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-var-multigroups:/from \
-v $2_worker-wazuh-var-multigroups:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-integrations:/from \
-v $2_worker-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-active-response:/from \
-v $2_worker-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-agentless:/from \
-v $2_worker-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-wodles:/from \
-v $2_worker-wazuh-wodles:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-filebeat-etc:/from \
-v $2_worker-filebeat-etc:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-filebeat-var:/from \
-v $2_worker-filebeat-var:/to \
alpine ash -c "cd /from ; cp -avp . /to"