mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-24 00:23:44 +00:00
Compare commits
64 Commits
2577-test-
...
v4.13.1
Author | SHA1 | Date | |
---|---|---|---|
|
7a3dce5014 | ||
|
2d39e6a06b | ||
|
927fcfc3b8 | ||
|
58f5dadef6 | ||
|
6ef7e3acaf | ||
|
a9c6beaecd | ||
|
3cf3c541d0 | ||
|
6269a55c9d | ||
|
8943e9ad77 | ||
|
649a312d3a | ||
|
9634a2b4af | ||
|
2dd0f3b7d2 | ||
|
7bc245ef66 | ||
|
7dc5f82bac | ||
|
2fdc514bb0 | ||
|
4ff7c4f5b0 | ||
|
7a7443b717 | ||
|
4ce722291b | ||
|
ffe384be91 | ||
|
963ccf7671 | ||
|
55f4de8f06 | ||
|
e4ce58c0c9 | ||
|
ebe230fccb | ||
|
bcb46d0926 | ||
|
43d8f2b29d | ||
|
ee599583eb | ||
|
14caf8058d | ||
|
b86ea0d6bc | ||
|
d122b702f1 | ||
|
fde6c509d7 | ||
|
fb5b4488de | ||
|
8d0f306801 | ||
|
831d759cd9 | ||
|
2811883877 | ||
|
c94263eacd | ||
|
5d5fe18d82 | ||
|
339500631d | ||
|
1057715f3d | ||
|
0222bcc9f8 | ||
|
23e8982c45 | ||
|
cb6c3de364 | ||
|
89184e77ab | ||
|
191ef58a9b | ||
|
ac7121e411 | ||
|
1146acb3a4 | ||
|
a8582fdd4b | ||
|
7a13fa72b3 | ||
|
dc74728c42 | ||
|
7fdcb0a320 | ||
|
5c99764d2c | ||
|
28f7be1f7d | ||
|
92bbd3395f | ||
|
49594251a6 | ||
|
8cb8437d7f | ||
|
5bbce9e403 | ||
|
8306a49967 | ||
|
1ae575d56f | ||
|
fb65400657 | ||
|
283ca123e3 | ||
|
16202f2f21 | ||
|
b99d946282 | ||
|
f5473f0004 | ||
|
e211c97f59 | ||
|
fb4a062f5a |
6
.env
6
.env
@@ -1,6 +1,6 @@
|
|||||||
WAZUH_VERSION=4.13.0
|
WAZUH_VERSION=4.13.1
|
||||||
WAZUH_IMAGE_VERSION=4.13.0
|
WAZUH_IMAGE_VERSION=4.13.1
|
||||||
WAZUH_TAG_REVISION=1
|
WAZUH_TAG_REVISION=1
|
||||||
FILEBEAT_TEMPLATE_BRANCH=4.13.0
|
FILEBEAT_TEMPLATE_BRANCH=4.13.1
|
||||||
WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
|
WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
|
||||||
WAZUH_UI_REVISION=1
|
WAZUH_UI_REVISION=1
|
||||||
|
2
.github/.goss.yaml
vendored
2
.github/.goss.yaml
vendored
@@ -56,7 +56,7 @@ package:
|
|||||||
wazuh-manager:
|
wazuh-manager:
|
||||||
installed: true
|
installed: true
|
||||||
versions:
|
versions:
|
||||||
- 4.13.0
|
- 4.13.1
|
||||||
port:
|
port:
|
||||||
tcp:1514:
|
tcp:1514:
|
||||||
listening: true
|
listening: true
|
||||||
|
@@ -6,7 +6,7 @@ on:
|
|||||||
inputs:
|
inputs:
|
||||||
image_tag:
|
image_tag:
|
||||||
description: 'Docker image tag'
|
description: 'Docker image tag'
|
||||||
default: '4.13.0'
|
default: '4.13.1'
|
||||||
required: true
|
required: true
|
||||||
docker_reference:
|
docker_reference:
|
||||||
description: 'wazuh-docker reference'
|
description: 'wazuh-docker reference'
|
||||||
@@ -41,7 +41,7 @@ on:
|
|||||||
inputs:
|
inputs:
|
||||||
image_tag:
|
image_tag:
|
||||||
description: 'Docker image tag'
|
description: 'Docker image tag'
|
||||||
default: '4.13.0'
|
default: '4.13.1'
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
docker_reference:
|
docker_reference:
|
||||||
|
4
.github/workflows/push.yml
vendored
4
.github/workflows/push.yml
vendored
@@ -192,7 +192,7 @@ jobs:
|
|||||||
run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
|
run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
|
||||||
|
|
||||||
- name: Start Wazuh agent
|
- name: Start Wazuh agent
|
||||||
run: docker-compose -f wazuh-agent/docker-compose.yml up -d
|
run: docker compose -f wazuh-agent/docker-compose.yml up -d
|
||||||
|
|
||||||
- name: Check Wazuh agent enrollment
|
- name: Check Wazuh agent enrollment
|
||||||
run: |
|
run: |
|
||||||
@@ -355,7 +355,7 @@ jobs:
|
|||||||
run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
|
run: sed -i "s/<WAZUH_MANAGER_IP>/$(ip addr show docker0 | grep 'inet ' | awk '{print $2}' | cut -d'/' -f1)/g" wazuh-agent/docker-compose.yml
|
||||||
|
|
||||||
- name: Start Wazuh agent
|
- name: Start Wazuh agent
|
||||||
run: docker-compose -f wazuh-agent/docker-compose.yml up -d
|
run: docker compose -f wazuh-agent/docker-compose.yml up -d
|
||||||
|
|
||||||
- name: Check Wazuh agent enrollment
|
- name: Check Wazuh agent enrollment
|
||||||
run: |
|
run: |
|
||||||
|
24
CHANGELOG.md
24
CHANGELOG.md
@@ -1,10 +1,31 @@
|
|||||||
# Change Log
|
# Change Log
|
||||||
All notable changes to this project will be documented in this file.
|
All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
|
## [4.13.1]
|
||||||
|
|
||||||
|
### Added
|
||||||
|
|
||||||
|
- None
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- None
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
|
||||||
|
- None
|
||||||
|
|
||||||
|
### Deleted
|
||||||
|
|
||||||
|
- None
|
||||||
|
|
||||||
## [4.13.0]
|
## [4.13.0]
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
- Add opensearch_dashboard.yml parameters. ([#1985](https://github.com/wazuh/wazuh-docker/pull/1985))
|
||||||
|
- Set right ownership for malicious-ioc files on container start ([#1926](https://github.com/wazuh/wazuh-docker/pull/1926))
|
||||||
|
- Delete services statement in wazuh agent deployment. ([#1925](https://github.com/wazuh/wazuh-docker/pull/1925))
|
||||||
- Add permanent_data exceptions. ([#1890](https://github.com/wazuh/wazuh-docker/pull/1890))
|
- Add permanent_data exceptions. ([#1890](https://github.com/wazuh/wazuh-docker/pull/1890))
|
||||||
- Integrate bumper script via GitHub action. ([#1863](https://github.com/wazuh/wazuh-docker/pull/1863))
|
- Integrate bumper script via GitHub action. ([#1863](https://github.com/wazuh/wazuh-docker/pull/1863))
|
||||||
- Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870))
|
- Add missing malicious-ioc ruleset lists ([#1870](https://github.com/wazuh/wazuh-docker/pull/1870))
|
||||||
@@ -16,11 +37,12 @@ All notable changes to this project will be documented in this file.
|
|||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
- Syscollector configuration change ([#1994](https://github.com/wazuh/wazuh-docker/pull/1994))
|
||||||
- Modify wazuh-keystore use ([#1750](https://github.com/wazuh/wazuh-docker/pull/1750)) \- (wazuh-keystore)
|
- Modify wazuh-keystore use ([#1750](https://github.com/wazuh/wazuh-docker/pull/1750)) \- (wazuh-keystore)
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
- None
|
- Add wazuh-template.json into permanent data exception ([#1968](https://github.com/wazuh/wazuh-docker/pull/1968))
|
||||||
|
|
||||||
### Deleted
|
### Deleted
|
||||||
|
|
||||||
|
@@ -18,7 +18,7 @@ The `wazuh/wazuh-docker` repository provides resources to deploy the Wazuh cyber
|
|||||||
## Branch Convention
|
## Branch Convention
|
||||||
|
|
||||||
- `main`: Developing and testing of new features.
|
- `main`: Developing and testing of new features.
|
||||||
- `X.Y.Z`: Version-specific branches (e.g., `4.13.0`, `4.12.0`, etc.).
|
- `X.Y.Z`: Version-specific branches (e.g., `4.13.1`, `4.12.0`, etc.).
|
||||||
|
|
||||||
## Documentation
|
## Documentation
|
||||||
|
|
||||||
|
@@ -1,4 +1,4 @@
|
|||||||
{
|
{
|
||||||
"version": "4.13.0",
|
"version": "4.13.1",
|
||||||
"stage": "alpha1"
|
"stage": "rc1"
|
||||||
}
|
}
|
||||||
|
@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
|
|||||||
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
|
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ build-docker-images/build-images.sh -v 4.13.0
|
$ build-docker-images/build-images.sh -v 4.13.1
|
||||||
```
|
```
|
||||||
|
|
||||||
To get all the available script options use the -h or --help option:
|
To get all the available script options use the -h or --help option:
|
||||||
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
|
|||||||
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
|
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
|
||||||
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
|
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
|
||||||
-r, --revision <rev> [Optional] Package revision. By default 1
|
-r, --revision <rev> [Optional] Package revision. By default 1
|
||||||
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.13.0.
|
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.13.1.
|
||||||
-h, --help Show this help.
|
-h, --help Show this help.
|
||||||
|
|
||||||
```
|
```
|
@@ -1,4 +1,4 @@
|
|||||||
WAZUH_IMAGE_VERSION=4.13.0
|
WAZUH_IMAGE_VERSION=4.13.1
|
||||||
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
|
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
|
||||||
WAZUH_TAG_REVISION=1
|
WAZUH_TAG_REVISION=1
|
||||||
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
|
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
|
||||||
@@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
|
|||||||
# License (version 2) as published by the FSF - Free Software
|
# License (version 2) as published by the FSF - Free Software
|
||||||
# Foundation.
|
# Foundation.
|
||||||
|
|
||||||
WAZUH_IMAGE_VERSION="4.13.0"
|
WAZUH_IMAGE_VERSION="4.13.1"
|
||||||
WAZUH_TAG_REVISION="1"
|
WAZUH_TAG_REVISION="1"
|
||||||
WAZUH_DEV_STAGE=""
|
WAZUH_DEV_STAGE=""
|
||||||
FILEBEAT_MODULE_VERSION="0.4"
|
FILEBEAT_MODULE_VERSION="0.4"
|
||||||
|
@@ -167,12 +167,13 @@ set_custom_cluster_key() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
# Modify /var/ossec/queue/rids directory owner on
|
# Set correct ownership for Wazuh related directories
|
||||||
# container start.
|
# on container start.
|
||||||
##############################################################################
|
##############################################################################
|
||||||
|
|
||||||
set_rids_owner() {
|
configure_permissions() {
|
||||||
chown -R wazuh:wazuh /var/ossec/queue/rids
|
chown -R wazuh:wazuh /var/ossec/queue/rids
|
||||||
|
chown -R wazuh:wazuh /var/ossec/etc/lists
|
||||||
}
|
}
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
@@ -226,8 +227,8 @@ main() {
|
|||||||
# Delete temporary data folder
|
# Delete temporary data folder
|
||||||
rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
|
rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
|
||||||
|
|
||||||
# Set rids directory owner
|
# Set correct ownership for Wazuh related directories
|
||||||
set_rids_owner
|
configure_permissions
|
||||||
}
|
}
|
||||||
|
|
||||||
main
|
main
|
||||||
|
@@ -100,6 +100,7 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
|
|||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-ip"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-ip"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-domains"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-domains"
|
||||||
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malware-hashes"
|
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malware-hashes"
|
||||||
|
PERMANENT_DATA_EXCP[((i++))]="/etc/filebeat/wazuh-template.json"
|
||||||
export PERMANENT_DATA_EXCP
|
export PERMANENT_DATA_EXCP
|
||||||
|
|
||||||
# Files mounted in a volume that should be deleted
|
# Files mounted in a volume that should be deleted
|
||||||
|
@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
|
|||||||
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
|
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
|
||||||
|
|
||||||
```
|
```
|
||||||
$ build-docker-images/build-images.sh -v 4.13.0
|
$ build-docker-images/build-images.sh -v 4.13.1
|
||||||
```
|
```
|
||||||
|
|
||||||
To get all the available script options use the -h or --help option:
|
To get all the available script options use the -h or --help option:
|
||||||
@@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
|
|||||||
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
|
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
|
||||||
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
|
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
|
||||||
-r, --revision <rev> [Optional] Package revision. By default 1
|
-r, --revision <rev> [Optional] Package revision. By default 1
|
||||||
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.13.0.
|
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.13.1.
|
||||||
-h, --help Show this help.
|
-h, --help Show this help.
|
||||||
|
|
||||||
```
|
```
|
@@ -1,6 +1,6 @@
|
|||||||
# Development Guide - Introduction
|
# Development Guide - Introduction
|
||||||
|
|
||||||
Welcome to the Development Guide for Wazuh-docker version 4.13.0. This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development.
|
Welcome to the Development Guide for Wazuh-docker version 4.13.1. This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development.
|
||||||
|
|
||||||
## Purpose of This Guide
|
## Purpose of This Guide
|
||||||
|
|
||||||
|
@@ -1,6 +1,6 @@
|
|||||||
# Development Guide - Setup Environment
|
# Development Guide - Setup Environment
|
||||||
|
|
||||||
This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 4.13.0). A proper setup is crucial for building images, running tests, and contributing effectively.
|
This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 4.13.1). A proper setup is crucial for building images, running tests, and contributing effectively.
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
@@ -26,12 +26,12 @@ Before you begin, ensure your system meets the following requirements:
|
|||||||
Follow these steps to prepare your development environment:
|
Follow these steps to prepare your development environment:
|
||||||
|
|
||||||
1. **Clone the Repository**:
|
1. **Clone the Repository**:
|
||||||
Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `4.13.0`.
|
Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `4.13.1`.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
|
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
|
||||||
cd wazuh-docker
|
cd wazuh-docker
|
||||||
git checkout 4.13.0
|
git checkout 4.13.1
|
||||||
```
|
```
|
||||||
|
|
||||||
2. **Verify Docker Installation**:
|
2. **Verify Docker Installation**:
|
||||||
|
@@ -1,6 +1,6 @@
|
|||||||
# Reference Manual - Description
|
# Reference Manual - Description
|
||||||
|
|
||||||
This section provides a detailed description of Wazuh-docker (version 4.13.0), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.
|
This section provides a detailed description of Wazuh-docker (version 4.13.1), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.
|
||||||
|
|
||||||
## What is Wazuh?
|
## What is Wazuh?
|
||||||
|
|
||||||
@@ -18,7 +18,7 @@ Wazuh-docker is a project that provides Docker images and `docker compose` confi
|
|||||||
|
|
||||||
## Core Components in Wazuh-Docker
|
## Core Components in Wazuh-Docker
|
||||||
|
|
||||||
The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 4.13.0:
|
The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 4.13.1:
|
||||||
|
|
||||||
1. **Wazuh Manager**:
|
1. **Wazuh Manager**:
|
||||||
- The central component that collects and analyzes data from deployed Wazuh agents.
|
- The central component that collects and analyzes data from deployed Wazuh agents.
|
||||||
@@ -28,7 +28,7 @@ The Wazuh-Docker project typically provides images for the following core Wazuh
|
|||||||
2. **Wazuh Indexer**:
|
2. **Wazuh Indexer**:
|
||||||
- A highly scalable, full-text search and analytics engine.
|
- A highly scalable, full-text search and analytics engine.
|
||||||
- Based on OpenSearch (or historically Elasticsearch), it stores and indexes alerts and monitoring data generated by the Wazuh manager.
|
- Based on OpenSearch (or historically Elasticsearch), it stores and indexes alerts and monitoring data generated by the Wazuh manager.
|
||||||
- The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 4.13.0, this is typically an OpenSearch-based component.
|
- The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 4.13.1, this is typically an OpenSearch-based component.
|
||||||
|
|
||||||
3. **Wazuh Dashboard**:
|
3. **Wazuh Dashboard**:
|
||||||
- A flexible visualization tool based on OpenSearch Dashboards (or historically Kibana).
|
- A flexible visualization tool based on OpenSearch Dashboards (or historically Kibana).
|
||||||
|
@@ -1,6 +1,6 @@
|
|||||||
# Reference Manual - Introduction
|
# Reference Manual - Introduction
|
||||||
|
|
||||||
Welcome to the Reference Manual for Wazuh-Docker, version 4.13.0. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker.
|
Welcome to the Reference Manual for Wazuh-Docker, version 4.13.1. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker.
|
||||||
|
|
||||||
## Purpose of This Manual
|
## Purpose of This Manual
|
||||||
|
|
||||||
@@ -44,4 +44,4 @@ This manual is structured to help you find information efficiently:
|
|||||||
- If you need to customize your deployment, refer to the [Configuration](configuration/configuration.md) section.
|
- If you need to customize your deployment, refer to the [Configuration](configuration/configuration.md) section.
|
||||||
- For specific terms or concepts, consult the [Glossary](glossary.md).
|
- For specific terms or concepts, consult the [Glossary](glossary.md).
|
||||||
|
|
||||||
This manual refers to version 4.13.0 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version.
|
This manual refers to version 4.13.1 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version.
|
||||||
|
@@ -29,4 +29,4 @@
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
Consult the official Wazuh documentation for version 4.13.0 for detailed information on all possible configuration parameters for each component.
|
Consult the official Wazuh documentation for version 4.13.1 for detailed information on all possible configuration parameters for each component.
|
@@ -1,6 +1,6 @@
|
|||||||
# Reference Manual - Configuration
|
# Reference Manual - Configuration
|
||||||
|
|
||||||
This section details how to configure your Wazuh-Docker deployment (version 4.13.0). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment.
|
This section details how to configure your Wazuh-Docker deployment (version 4.13.1). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment.
|
||||||
|
|
||||||
## Overview of Configuration Methods
|
## Overview of Configuration Methods
|
||||||
|
|
||||||
|
@@ -1,6 +1,6 @@
|
|||||||
# Reference Manual - Deployment
|
# Reference Manual - Deployment
|
||||||
|
|
||||||
This section provides detailed instructions for deploying Wazuh-Docker (version 4.13.0) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments.
|
This section provides detailed instructions for deploying Wazuh-Docker (version 4.13.1) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments.
|
||||||
|
|
||||||
## Overview of Deployment Options
|
## Overview of Deployment Options
|
||||||
|
|
||||||
@@ -24,11 +24,11 @@ Ensure you have:
|
|||||||
|
|
||||||
- Met all the [System Requirements](ref/getting-started/requirements.md).
|
- Met all the [System Requirements](ref/getting-started/requirements.md).
|
||||||
- Installed Docker and Docker Compose on your host(s).
|
- Installed Docker and Docker Compose on your host(s).
|
||||||
- Cloned the `wazuh-docker` repository (version `4.13.0`) or downloaded the necessary deployment files.
|
- Cloned the `wazuh-docker` repository (version `4.13.1`) or downloaded the necessary deployment files.
|
||||||
```bash
|
```bash
|
||||||
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
|
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
|
||||||
cd wazuh-docker
|
cd wazuh-docker
|
||||||
git checkout v4.13.0
|
git checkout v4.13.1
|
||||||
```
|
```
|
||||||
- Made a backup of any existing Wazuh data if you are migrating or upgrading.
|
- Made a backup of any existing Wazuh data if you are migrating or upgrading.
|
||||||
|
|
||||||
|
@@ -17,18 +17,18 @@ This deployment utilizes the `multi-node/docker-compose.yml` file, which defines
|
|||||||
|
|
||||||
3. Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
|
3. Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
|
||||||
```bash
|
```bash
|
||||||
docker-compose -f generate-indexer-certs.yml run --rm generator
|
docker compose -f generate-indexer-certs.yml run --rm generator
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Start the Wazuh environment using `docker-compose`:
|
4. Start the Wazuh environment using `docker compose`:
|
||||||
|
|
||||||
* To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
|
* To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
|
||||||
```bash
|
```bash
|
||||||
docker-compose up
|
docker compose up
|
||||||
```
|
```
|
||||||
* To run in the background (detached mode, allowing the containers to run independently of your terminal):
|
* To run in the background (detached mode, allowing the containers to run independently of your terminal):
|
||||||
```bash
|
```bash
|
||||||
docker-compose up -d
|
docker compose up -d
|
||||||
```
|
```
|
||||||
|
|
||||||
Please allow some time for the environment to initialize, especially on the first run. A multi-node setup can take a few minutes (depending on your host resources and network) as the Wazuh Indexer cluster forms, and the necessary indexes and index patterns are generated.
|
Please allow some time for the environment to initialize, especially on the first run. A multi-node setup can take a few minutes (depending on your host resources and network) as the Wazuh Indexer cluster forms, and the necessary indexes and index patterns are generated.
|
||||||
|
@@ -17,18 +17,18 @@ This deployment uses the `single-node/docker-compose.yml` file, which defines a
|
|||||||
|
|
||||||
3. Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
|
3. Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
|
||||||
```bash
|
```bash
|
||||||
docker-compose -f generate-indexer-certs.yml run --rm generator
|
docker compose -f generate-indexer-certs.yml run --rm generator
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Start the Wazuh environment using `docker-compose`:
|
4. Start the Wazuh environment using `docker compose`:
|
||||||
|
|
||||||
* To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
|
* To run in the foreground (logs will be displayed in your current terminal; press `Ctrl+C` to stop):
|
||||||
```bash
|
```bash
|
||||||
docker-compose up
|
docker compose up
|
||||||
```
|
```
|
||||||
* To run in the background (detached mode, allowing the containers to run independently of your terminal):
|
* To run in the background (detached mode, allowing the containers to run independently of your terminal):
|
||||||
```bash
|
```bash
|
||||||
docker-compose up -d
|
docker compose up -d
|
||||||
```
|
```
|
||||||
|
|
||||||
Please allow some time for the environment to initialize, especially on the first run. It can take approximately a minute or two (depending on your host's resources) as the Wazuh Indexer starts up and generates the necessary indexes and index patterns.
|
Please allow some time for the environment to initialize, especially on the first run. It can take approximately a minute or two (depending on your host's resources) as the Wazuh Indexer starts up and generates the necessary indexes and index patterns.
|
||||||
|
@@ -23,14 +23,14 @@ Follow these steps to deploy the Wazuh agent using Docker.
|
|||||||
```
|
```
|
||||||
**Note:** Replace `<YOUR_WAZUH_MANAGER_IP_OR_HOSTNAME>` with the actual IP address or hostname of your Wazuh manager.
|
**Note:** Replace `<YOUR_WAZUH_MANAGER_IP_OR_HOSTNAME>` with the actual IP address or hostname of your Wazuh manager.
|
||||||
|
|
||||||
3. Start the environment using `docker-compose`:
|
3. Start the environment using `docker compose`:
|
||||||
|
|
||||||
* To run in the foreground (logs will be displayed in your current terminal, and you can stop it with `Ctrl+C`):
|
* To run in the foreground (logs will be displayed in your current terminal, and you can stop it with `Ctrl+C`):
|
||||||
```bash
|
```bash
|
||||||
docker-compose up
|
docker compose up
|
||||||
```
|
```
|
||||||
|
|
||||||
* To run in the background (detached mode, allowing the container to run independently of your terminal):
|
* To run in the background (detached mode, allowing the container to run independently of your terminal):
|
||||||
```bash
|
```bash
|
||||||
docker-compose up -d
|
docker compose up -d
|
||||||
```
|
```
|
@@ -1,6 +1,6 @@
|
|||||||
# Reference Manual - Getting Started
|
# Reference Manual - Getting Started
|
||||||
|
|
||||||
This section guides you through the initial steps to get your Wazuh-docker (version 4.13.0) environment up and running. We will cover the prerequisites and point you to the deployment instructions.
|
This section guides you through the initial steps to get your Wazuh-docker (version 4.13.1) environment up and running. We will cover the prerequisites and point you to the deployment instructions.
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
@@ -27,11 +27,11 @@ Before diving into the deployment, please ensure you have reviewed:
|
|||||||
Verify that your host system has sufficient RAM, CPU, and disk space. Ensure Docker and Docker Compose are installed and functioning correctly.
|
Verify that your host system has sufficient RAM, CPU, and disk space. Ensure Docker and Docker Compose are installed and functioning correctly.
|
||||||
|
|
||||||
2. **Obtain Wazuh-docker Configuration**:
|
2. **Obtain Wazuh-docker Configuration**:
|
||||||
You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 4.13.0.
|
You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 4.13.1.
|
||||||
```bash
|
```bash
|
||||||
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
|
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
|
||||||
cd wazuh-docker
|
cd wazuh-docker
|
||||||
git checkout v4.13.0
|
git checkout v4.13.1
|
||||||
# Navigate to the specific docker-compose directory, e.g., single-node or multi-node
|
# Navigate to the specific docker-compose directory, e.g., single-node or multi-node
|
||||||
# cd docker-compose/single-node/ (example path)
|
# cd docker-compose/single-node/ (example path)
|
||||||
```
|
```
|
||||||
|
@@ -1,6 +1,6 @@
|
|||||||
# Reference Manual - Requirements
|
# Reference Manual - Requirements
|
||||||
|
|
||||||
Before deploying Wazuh-Docker (version 4.13.0), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment.
|
Before deploying Wazuh-Docker (version 4.13.1), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment.
|
||||||
|
|
||||||
## Host System Requirements
|
## Host System Requirements
|
||||||
|
|
||||||
|
@@ -1,6 +1,6 @@
|
|||||||
# Reference Manual - Glossary
|
# Reference Manual - Glossary
|
||||||
|
|
||||||
This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 4.13.0).
|
This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 4.13.1).
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@@ -22,7 +22,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
|
|||||||
|
|
||||||
**D**
|
**D**
|
||||||
|
|
||||||
- **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 4.13.0, this is typically OpenSearch Dashboards.
|
- **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 4.13.1, this is typically OpenSearch Dashboards.
|
||||||
- **Decoder**: A component in the Wazuh Manager that parses and extracts relevant information (fields) from raw log messages or event data.
|
- **Decoder**: A component in the Wazuh Manager that parses and extracts relevant information (fields) from raw log messages or event data.
|
||||||
- **Docker**: An open platform for developing, shipping, and running applications inside containers.
|
- **Docker**: An open platform for developing, shipping, and running applications inside containers.
|
||||||
- **Docker Compose**: A tool for defining and running multi-container Docker applications. It uses a YAML file (`docker-compose.yml`) to configure the application's services, networks, and volumes.
|
- **Docker Compose**: A tool for defining and running multi-container Docker applications. It uses a YAML file (`docker-compose.yml`) to configure the application's services, networks, and volumes.
|
||||||
@@ -42,7 +42,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
|
|||||||
|
|
||||||
**I**
|
**I**
|
||||||
|
|
||||||
- **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 4.13.0, this is typically OpenSearch.
|
- **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 4.13.1, this is typically OpenSearch.
|
||||||
|
|
||||||
**L**
|
**L**
|
||||||
|
|
||||||
|
@@ -79,7 +79,7 @@
|
|||||||
<os>yes</os>
|
<os>yes</os>
|
||||||
<network>yes</network>
|
<network>yes</network>
|
||||||
<packages>yes</packages>
|
<packages>yes</packages>
|
||||||
<ports all="no">yes</ports>
|
<ports all="yes">yes</ports>
|
||||||
<processes>yes</processes>
|
<processes>yes</processes>
|
||||||
|
|
||||||
<!-- Database synchronization settings -->
|
<!-- Database synchronization settings -->
|
||||||
|
@@ -79,7 +79,7 @@
|
|||||||
<os>yes</os>
|
<os>yes</os>
|
||||||
<network>yes</network>
|
<network>yes</network>
|
||||||
<packages>yes</packages>
|
<packages>yes</packages>
|
||||||
<ports all="no">yes</ports>
|
<ports all="yes">yes</ports>
|
||||||
<processes>yes</processes>
|
<processes>yes</processes>
|
||||||
|
|
||||||
<!-- Database synchronization settings -->
|
<!-- Database synchronization settings -->
|
||||||
|
@@ -10,3 +10,7 @@ server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
|
|||||||
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
|
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
|
||||||
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
||||||
uiSettings.overrides.defaultRoute: /app/wz-home
|
uiSettings.overrides.defaultRoute: /app/wz-home
|
||||||
|
# Session expiration settings
|
||||||
|
opensearch_security.cookie.ttl: 900000
|
||||||
|
opensearch_security.session.ttl: 900000
|
||||||
|
opensearch_security.session.keepalive: true
|
@@ -1,7 +1,7 @@
|
|||||||
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
||||||
services:
|
services:
|
||||||
wazuh.master:
|
wazuh.master:
|
||||||
image: wazuh/wazuh-manager:4.13.0
|
image: wazuh/wazuh-manager:4.13.1
|
||||||
hostname: wazuh.master
|
hostname: wazuh.master
|
||||||
restart: always
|
restart: always
|
||||||
ulimits:
|
ulimits:
|
||||||
@@ -43,7 +43,7 @@ services:
|
|||||||
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
||||||
|
|
||||||
wazuh.worker:
|
wazuh.worker:
|
||||||
image: wazuh/wazuh-manager:4.13.0
|
image: wazuh/wazuh-manager:4.13.1
|
||||||
hostname: wazuh.worker
|
hostname: wazuh.worker
|
||||||
restart: always
|
restart: always
|
||||||
ulimits:
|
ulimits:
|
||||||
@@ -79,7 +79,7 @@ services:
|
|||||||
- ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
|
- ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
|
||||||
|
|
||||||
wazuh1.indexer:
|
wazuh1.indexer:
|
||||||
image: wazuh/wazuh-indexer:4.13.0
|
image: wazuh/wazuh-indexer:4.13.1
|
||||||
hostname: wazuh1.indexer
|
hostname: wazuh1.indexer
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
ports:
|
||||||
@@ -105,7 +105,7 @@ services:
|
|||||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
||||||
|
|
||||||
wazuh2.indexer:
|
wazuh2.indexer:
|
||||||
image: wazuh/wazuh-indexer:4.13.0
|
image: wazuh/wazuh-indexer:4.13.1
|
||||||
hostname: wazuh2.indexer
|
hostname: wazuh2.indexer
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
@@ -127,7 +127,7 @@ services:
|
|||||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
||||||
|
|
||||||
wazuh3.indexer:
|
wazuh3.indexer:
|
||||||
image: wazuh/wazuh-indexer:4.13.0
|
image: wazuh/wazuh-indexer:4.13.1
|
||||||
hostname: wazuh3.indexer
|
hostname: wazuh3.indexer
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
@@ -149,7 +149,7 @@ services:
|
|||||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
||||||
|
|
||||||
wazuh.dashboard:
|
wazuh.dashboard:
|
||||||
image: wazuh/wazuh-dashboard:4.13.0
|
image: wazuh/wazuh-dashboard:4.13.1
|
||||||
hostname: wazuh.dashboard
|
hostname: wazuh.dashboard
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
ports:
|
||||||
|
@@ -79,7 +79,7 @@
|
|||||||
<os>yes</os>
|
<os>yes</os>
|
||||||
<network>yes</network>
|
<network>yes</network>
|
||||||
<packages>yes</packages>
|
<packages>yes</packages>
|
||||||
<ports all="no">yes</ports>
|
<ports all="yes">yes</ports>
|
||||||
<processes>yes</processes>
|
<processes>yes</processes>
|
||||||
|
|
||||||
<!-- Database synchronization settings -->
|
<!-- Database synchronization settings -->
|
||||||
|
@@ -10,3 +10,7 @@ server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
|
|||||||
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
|
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
|
||||||
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
||||||
uiSettings.overrides.defaultRoute: /app/wz-home
|
uiSettings.overrides.defaultRoute: /app/wz-home
|
||||||
|
# Session expiration settings
|
||||||
|
opensearch_security.cookie.ttl: 900000
|
||||||
|
opensearch_security.session.ttl: 900000
|
||||||
|
opensearch_security.session.keepalive: true
|
@@ -1,7 +1,7 @@
|
|||||||
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
||||||
services:
|
services:
|
||||||
wazuh.manager:
|
wazuh.manager:
|
||||||
image: wazuh/wazuh-manager:4.13.0
|
image: wazuh/wazuh-manager:4.13.1
|
||||||
hostname: wazuh.manager
|
hostname: wazuh.manager
|
||||||
restart: always
|
restart: always
|
||||||
ulimits:
|
ulimits:
|
||||||
@@ -44,7 +44,7 @@ services:
|
|||||||
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
||||||
|
|
||||||
wazuh.indexer:
|
wazuh.indexer:
|
||||||
image: wazuh/wazuh-indexer:4.13.0
|
image: wazuh/wazuh-indexer:4.13.1
|
||||||
hostname: wazuh.indexer
|
hostname: wazuh.indexer
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
ports:
|
||||||
@@ -69,7 +69,7 @@ services:
|
|||||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
||||||
|
|
||||||
wazuh.dashboard:
|
wazuh.dashboard:
|
||||||
image: wazuh/wazuh-dashboard:4.13.0
|
image: wazuh/wazuh-dashboard:4.13.1
|
||||||
hostname: wazuh.dashboard
|
hostname: wazuh.dashboard
|
||||||
restart: always
|
restart: always
|
||||||
ports:
|
ports:
|
||||||
|
@@ -83,7 +83,7 @@
|
|||||||
<os>yes</os>
|
<os>yes</os>
|
||||||
<network>yes</network>
|
<network>yes</network>
|
||||||
<packages>yes</packages>
|
<packages>yes</packages>
|
||||||
<ports all="no">yes</ports>
|
<ports all="yes">yes</ports>
|
||||||
<processes>yes</processes>
|
<processes>yes</processes>
|
||||||
|
|
||||||
<!-- Database synchronization settings -->
|
<!-- Database synchronization settings -->
|
||||||
|
@@ -1,9 +1,7 @@
|
|||||||
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
|
||||||
version: '3.7'
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
wazuh.agent:
|
wazuh.agent:
|
||||||
image: wazuh/wazuh-agent:4.13.0
|
image: wazuh/wazuh-agent:4.13.1
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
- WAZUH_MANAGER_SERVER=<WAZUH_MANAGER_IP>
|
- WAZUH_MANAGER_SERVER=<WAZUH_MANAGER_IP>
|
||||||
|
Reference in New Issue
Block a user