mirror of
				https://github.com/wazuh/wazuh-docker.git
				synced 2025-10-24 16:43:37 +00:00 
			
		
		
		
	Compare commits
	
		
			133 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | d46ce7aee3 | ||
|  | 4d0b06b91e | ||
|  | 391b5d237c | ||
|  | e99ba259e0 | ||
|  | f00245007d | ||
|  | 084407f9c9 | ||
|  | f0ebabad89 | ||
|  | afd70ff5f9 | ||
|  | 61f3e080a3 | ||
|  | 2dd9fdfa99 | ||
|  | daaac09c9c | ||
|  | 8d0dd5baeb | ||
|  | 9e9de07322 | ||
|  | 6ed79996af | ||
|  | 413dd71d44 | ||
|  | 68bc08f78f | ||
|  | 6da1b19698 | ||
|  | 750fe5ffe8 | ||
|  | 137f0ba88f | ||
|  | 25cb1fa872 | ||
|  | 8a01495968 | ||
|  | 1ed0bc8e01 | ||
|  | 0699c8fe21 | ||
|  | 64c61bcdbf | ||
|  | 5074eb0b44 | ||
|  | c8b8e8b134 | ||
|  | fc54288a0d | ||
|  | 09731ec148 | ||
|  | 2b9e1a6f89 | ||
|  | 5550edb4ae | ||
|  | 45e08437fc | ||
|  | 1cf4376e3b | ||
|  | 3c1175b0a0 | ||
|  | 1dad6eb83e | ||
|  | 10a02f88fa | ||
|  | 67fd91da9b | ||
|  | c146068138 | ||
|  | 5fa1d1eeb6 | ||
|  | 8a93c8fe3a | ||
|  | ed5f8c0816 | ||
|  | 02965be924 | ||
|  | ad9aa18966 | ||
|  | 21f37d6765 | ||
|  | 01f8dfc46e | ||
|  | c0a65c4ba6 | ||
|  | 63a32590b0 | ||
|  | b76adb084d | ||
|  | f23f7fafab | ||
|  | fceb9f0e07 | ||
|  | 7ddc4daed1 | ||
|  | 574a0147ea | ||
|  | 2f683e43c6 | ||
|  | 6b2780e221 | ||
|  | 4cc0eeea2e | ||
|  | 249c1adb8c | ||
|  | a4646f388a | ||
|  | 6d231cea90 | ||
|  | b45f09fff5 | ||
|  | 15d65820ae | ||
|  | 5d43a0acf8 | ||
|  | 75034895ce | ||
|  | f848aa9600 | ||
|  | 09153da593 | ||
|  | 3428f982f3 | ||
|  | c53a0f86f6 | ||
|  | ffb4395da0 | ||
|  | 31dbb7fc20 | ||
|  | 24b2c4bc4b | ||
|  | 59ccbbee8e | ||
|  | cdf31d7a08 | ||
|  | bb8cbc6d15 | ||
|  | 9656c348a2 | ||
|  | 2b5c950c48 | ||
|  | 504d5b8cc4 | ||
|  | 1eb94b82ee | ||
|  | 6228d3077d | ||
|  | 01563af39a | ||
|  | 1441e570a8 | ||
|  | 20ebf9b467 | ||
|  | 1460c07b92 | ||
|  | ae1611e07c | ||
|  | 5109a35e6a | ||
|  | 94c0307f00 | ||
|  | 102d6ced90 | ||
|  | 60c5b53844 | ||
|  | 653a3f3237 | ||
|  | 89754be5cf | ||
|  | 9694d59016 | ||
|  | 110f30148e | ||
|  | b5db817ecc | ||
|  | b36f24a128 | ||
|  | 5da9c5dd1f | ||
|  | 4eb80c83b0 | ||
|  | 68c41bd64c | ||
|  | 41f2397725 | ||
|  | 5673a9115c | ||
|  | f019658c86 | ||
|  | eb944445be | ||
|  | fe3b9335c1 | ||
|  | 771e4e3988 | ||
|  | 6f60a87b46 | ||
|  | 201e750f2c | ||
|  | 7e75b29a0f | ||
|  | 1c512ae437 | ||
|  | 7cc89ffdb1 | ||
|  | e3d1aa16d0 | ||
|  | b7afcf7646 | ||
|  | b290efb376 | ||
|  | 8dd9bc0421 | ||
|  | 64db5f9067 | ||
|  | 5313c60a06 | ||
|  | ca11769d4f | ||
|  | 1cc88b3097 | ||
|  | e20fb6e728 | ||
|  | d84631761a | ||
|  | 08ac53fee9 | ||
|  | f4c484e887 | ||
|  | 7a99967144 | ||
|  | cd7d882261 | ||
|  | 217be9a075 | ||
|  | e683a68cb4 | ||
|  | 59b55c6d5c | ||
|  | 0d5d167a5d | ||
|  | 13ad837787 | ||
|  | 0ce9aa9991 | ||
|  | d2c91ff90a | ||
|  | c3943a1523 | ||
|  | 6c9506aa9a | ||
|  | 68256252c7 | ||
|  | c8184b9145 | ||
|  | eed5b2a454 | ||
|  | 0da4a86f07 | ||
|  | bb85a9aef2 | 
| @@ -6,28 +6,28 @@ file: | ||||
|     group: root | ||||
|     filetype: file | ||||
|     contains: [] | ||||
|   /usr/share/kibana/optimize/bundles/light_theme.style.css: | ||||
|   /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css: | ||||
|     exists: true | ||||
|     mode: "0664" | ||||
|     owner: kibana | ||||
|     group: root | ||||
|     filetype: file | ||||
|     contains: [] | ||||
|   /usr/share/kibana/optimize/bundles/wazuh_logo_circle.svg: | ||||
|   /usr/share/kibana/src/core/server/core_app/assets/wazuh_logo_circle.svg: | ||||
|     exists: true | ||||
|     mode: "0644" | ||||
|     owner: kibana | ||||
|     group: root | ||||
|     filetype: file | ||||
|     contains: [] | ||||
|   /usr/share/kibana/optimize/bundles/wazuh_wazuh_bg.svg: | ||||
|   /usr/share/kibana/src/core/server/core_app/assets/wazuh_wazuh_bg.svg: | ||||
|     exists: true | ||||
|     mode: "0644" | ||||
|     owner: kibana | ||||
|     group: root | ||||
|     filetype: file | ||||
|     contains: [] | ||||
|   /usr/share/kibana/optimize/wazuh/config/wazuh.yml: | ||||
|   /usr/share/kibana/data/wazuh/config/wazuh.yml: | ||||
|     exists: true | ||||
|     mode: "0644" | ||||
|     owner: kibana | ||||
|   | ||||
							
								
								
									
										18
									
								
								.goss.yaml
									
									
									
									
									
								
							
							
						
						
									
										18
									
								
								.goss.yaml
									
									
									
									
									
								
							| @@ -6,7 +6,7 @@ file: | ||||
|     group: root | ||||
|     filetype: file | ||||
|     contains: [] | ||||
|   /var/ossec/bin/ossec-control: | ||||
|   /var/ossec/bin/wazuh-control: | ||||
|     exists: true | ||||
|     mode: "0750" | ||||
|     owner: root | ||||
| @@ -52,11 +52,11 @@ package: | ||||
|   filebeat: | ||||
|     installed: true | ||||
|     versions: | ||||
|     - 7.9.1 | ||||
|     - 7.10.2 | ||||
|   wazuh-manager: | ||||
|     installed: true | ||||
|     versions: | ||||
|     - 4.0.4 | ||||
|     - 4.2.3 | ||||
| port: | ||||
|   tcp:1514: | ||||
|     listening: true | ||||
| @@ -95,17 +95,17 @@ group: | ||||
| process: | ||||
|   filebeat: | ||||
|     running: true | ||||
|   ossec-analysisd: | ||||
|   wazuh-analysisd: | ||||
|     running: true | ||||
|   ossec-authd: | ||||
|   wazuh-authd: | ||||
|     running: true | ||||
|   ossec-execd: | ||||
|   wazuh-execd: | ||||
|     running: true | ||||
|   ossec-monitord: | ||||
|   wazuh-monitord: | ||||
|     running: true | ||||
|   ossec-remoted: | ||||
|   wazuh-remoted: | ||||
|     running: true | ||||
|   ossec-syscheckd: | ||||
|   wazuh-syscheckd: | ||||
|     running: true | ||||
|   s6-supervise: | ||||
|     running: true | ||||
|   | ||||
							
								
								
									
										56
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										56
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,6 +1,62 @@ | ||||
| # Change Log | ||||
| All notable changes to this project will be documented in this file. | ||||
|  | ||||
| ## Wazuh Docker v4.2.3 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.2.3](https://github.com/wazuh/wazuh/blob/v4.2.3/CHANGELOG.md#v423) | ||||
|  | ||||
| ## Wazuh Docker v4.2.2 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422) | ||||
|  | ||||
| ## Wazuh Docker v4.2.1 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421) | ||||
|  | ||||
| ## Wazuh Docker v4.2.0 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420) | ||||
|  | ||||
| ## Wazuh Docker v4.1.5 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.1.5](https://github.com/wazuh/wazuh/blob/v4.1.5/CHANGELOG.md#v415) | ||||
| - Update ODFE compatibility to version 1.13.2 | ||||
|  | ||||
| ## Wazuh Docker v4.1.4 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.1.4](https://github.com/wazuh/wazuh/blob/v4.1.4/CHANGELOG.md#v414) | ||||
|  | ||||
| ## Wazuh Docker v4.1.3 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.1.3](https://github.com/wazuh/wazuh/blob/v4.1.3/CHANGELOG.md#v413) | ||||
|  | ||||
| ## Wazuh Docker v4.1.2 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v412) | ||||
|  | ||||
| ## Wazuh Docker v4.1.1 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411) | ||||
|  | ||||
| ## Wazuh Docker v4.1.0 | ||||
| ### Added | ||||
|  | ||||
| - Update Wazuh to version [4.1.0](https://github.com/wazuh/wazuh/blob/v4.1.0/CHANGELOG.md#v410) | ||||
| - Update ODFE compatibility to version 1.12.0 | ||||
| - Add support for Elasticsearch (xpack) images once again (7.10.2)  ([@xr09](https://github.com/xr09)) [#409](https://github.com/wazuh/wazuh-docker/pull/409) | ||||
| - Re-enable entrypoint scripts  ([@xr09](https://github.com/xr09)) [#435](https://github.com/wazuh/wazuh-docker/pull/435) | ||||
| - Add Goss binary for healthchecks ([@xr09](https://github.com/xr09)) [$441](https://github.com/wazuh/wazuh-docker/pull/441) | ||||
| - Update s6-overlay to latest version | ||||
|  | ||||
| ## Wazuh Docker v4.0.4_1.11.0 | ||||
|  | ||||
| ### Added | ||||
|   | ||||
							
								
								
									
										37
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										37
									
								
								README.md
									
									
									
									
									
								
							| @@ -22,11 +22,11 @@ In addition, a docker-compose file is provided to launch the containers mentione | ||||
| * [Docker hub](https://hub.docker.com/u/wazuh) | ||||
|  | ||||
|  | ||||
| ### Setup SSL certificate and Basic Authentication | ||||
| ### Setup SSL certificate | ||||
|  | ||||
| Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth. | ||||
| Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed). | ||||
|  | ||||
| Documentation on how to provide these two can be found at [nginx_conf/README.md](nginx_conf/README.md). | ||||
| Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment). | ||||
|  | ||||
|  | ||||
| ## Environment Variables | ||||
| @@ -146,24 +146,29 @@ ADMIN_PRIVILEGES=true               # App privileges | ||||
|  | ||||
| ## Branches | ||||
|  | ||||
| * `4.0` branch on correspond to the latest Wazuh-Docker stable version. | ||||
| * `master` branch contains the latest code, be aware of possible bugs on this branch. | ||||
| * `Wazuh.Version_ElasticStack.Version` (for example 3.13.1_7.8.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch. | ||||
| * `stable` branch on correspond to the last Wazuh stable version. | ||||
|  | ||||
|  | ||||
| ## Compatibility Matrix | ||||
|  | ||||
| | Wazuh version | ODFE    | | ||||
| |---------------|---------| | ||||
| | v4.0.4        | 1.11.0  | | ||||
| |---------------|---------| | ||||
| | v4.0.3        | 1.11.0  | | ||||
| |---------------|---------| | ||||
| | v4.0.2        | 1.11.0  | | ||||
| |---------------|---------| | ||||
| | v4.0.1        | 1.11.0  | | ||||
| |---------------|---------| | ||||
| | v4.0.0        | 1.10.1  | | ||||
| | Wazuh version | ODFE    | XPACK  | | ||||
| |---------------|---------|--------| | ||||
| | v4.2.3        | 1.13.2  | 7.11.2 | | ||||
| | v4.2.2        | 1.13.2  | 7.11.2 | | ||||
| | v4.2.1        | 1.13.2  | 7.11.2 | | ||||
| | v4.2.0        | 1.13.2  | 7.10.2 | | ||||
| | v4.1.5        | 1.13.2  | 7.10.2 | | ||||
| | v4.1.4        | 1.12.0  | 7.10.2 | | ||||
| | v4.1.3        | 1.12.0  | 7.10.2 | | ||||
| | v4.1.2        | 1.12.0  | 7.10.2 | | ||||
| | v4.1.1        | 1.12.0  | 7.10.2 | | ||||
| | v4.1.0        | 1.12.0  | 7.10.2 | | ||||
| | v4.0.4        | 1.11.0  |        | | ||||
| | v4.0.3        | 1.11.0  |        | | ||||
| | v4.0.2        | 1.11.0  |        | | ||||
| | v4.0.1        | 1.11.0  |        | | ||||
| | v4.0.0        | 1.10.1  |        | | ||||
|  | ||||
| ## Credits and Thank you | ||||
|  | ||||
|   | ||||
							
								
								
									
										4
									
								
								VERSION
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								VERSION
									
									
									
									
									
								
							| @@ -1,2 +1,2 @@ | ||||
| WAZUH-DOCKER_VERSION="4.0.4_1.11.0" | ||||
| REVISION="40400" | ||||
| WAZUH-DOCKER_VERSION="4.2.3" | ||||
| REVISION="40217" | ||||
|   | ||||
| @@ -31,7 +31,7 @@ services: | ||||
|       - filebeat_var:/var/lib/filebeat | ||||
|  | ||||
|   elasticsearch: | ||||
|     image: amazon/opendistro-for-elasticsearch:1.11.0 | ||||
|     image: amazon/opendistro-for-elasticsearch:1.13.2 | ||||
|     hostname: elasticsearch | ||||
|     restart: always | ||||
|     ports: | ||||
|   | ||||
| @@ -3,7 +3,7 @@ version: '3.7' | ||||
|  | ||||
| services: | ||||
|   wazuh: | ||||
|     image: wazuh/wazuh-odfe:4.0.4_1.11.0 | ||||
|     image: wazuh/wazuh-odfe:4.2.3 | ||||
|     hostname: wazuh-manager | ||||
|     restart: always | ||||
|     ports: | ||||
| @@ -30,7 +30,7 @@ services: | ||||
|       - filebeat_var:/var/lib/filebeat | ||||
|  | ||||
|   elasticsearch: | ||||
|     image: amazon/opendistro-for-elasticsearch:1.11.0 | ||||
|     image: amazon/opendistro-for-elasticsearch:1.13.2 | ||||
|     hostname: elasticsearch | ||||
|     restart: always | ||||
|     ports: | ||||
| @@ -50,7 +50,7 @@ services: | ||||
|         hard: 65536 | ||||
|  | ||||
|   kibana: | ||||
|     image: wazuh/wazuh-kibana-odfe:4.0.4_1.11.0 | ||||
|     image: wazuh/wazuh-kibana-odfe:4.2.3 | ||||
|     hostname: kibana | ||||
|     restart: always | ||||
|     ports: | ||||
|   | ||||
							
								
								
									
										17
									
								
								generate-elasticsearch-certs.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										17
									
								
								generate-elasticsearch-certs.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,17 @@ | ||||
| version: '2.2' | ||||
|  | ||||
| services: | ||||
|   generator: | ||||
|     container_name: generator | ||||
|     image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 | ||||
|     command: > | ||||
|       bash -c ' | ||||
|         if [[ ! -f config/certificates/bundle.zip ]]; then | ||||
|           bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip; | ||||
|           unzip config/certificates/bundle.zip -d config/certificates/; | ||||
|         fi; | ||||
|         chown -R 1000:0 config/certificates | ||||
|       ' | ||||
|     user: "0" | ||||
|     working_dir: /usr/share/elasticsearch | ||||
|     volumes: ['./xpack:/usr/share/elasticsearch/config/certificates'] | ||||
| @@ -1,8 +1,8 @@ | ||||
| # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
| FROM amazon/opendistro-for-elasticsearch-kibana:1.11.0 | ||||
| FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2 | ||||
| USER kibana | ||||
| ARG ELASTIC_VERSION=7.9.1 | ||||
| ARG WAZUH_VERSION=4.0.4 | ||||
| ARG ELASTIC_VERSION=7.10.2 | ||||
| ARG WAZUH_VERSION=4.2.3 | ||||
| ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}" | ||||
|  | ||||
| WORKDIR /usr/share/kibana | ||||
| @@ -42,7 +42,6 @@ ENV PATTERN="" \ | ||||
|     ADMIN_PRIVILEGES="" | ||||
|  | ||||
| USER kibana | ||||
| RUN NODE_OPTIONS="--max-old-space-size=2048" /usr/local/bin/kibana-docker --optimize | ||||
|  | ||||
| COPY ./config/custom_welcome /tmp/custom_welcome | ||||
| COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./ | ||||
| @@ -50,7 +49,7 @@ RUN chmod +x ./welcome_wazuh.sh | ||||
| ARG CHANGE_WELCOME="true" | ||||
| RUN ./welcome_wazuh.sh | ||||
|  | ||||
| COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/optimize/wazuh/config/wazuh.yml | ||||
| COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml | ||||
| COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./ | ||||
| RUN chmod +x ./wazuh_app_config.sh | ||||
|  | ||||
|   | ||||
| @@ -18,8 +18,6 @@ WAZUH_MAJOR=4 | ||||
| # Customize elasticsearch ip | ||||
| ############################################################################## | ||||
| sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml | ||||
| # disable multitenancy | ||||
| sed -i "s|opendistro_security.multitenancy.enabled:.*|opendistro_security.multitenancy.enabled: false|g" /usr/share/kibana/config/kibana.yml | ||||
|  | ||||
| # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate. | ||||
| if [ "$KIBANA_INDEX" != "" ]; then | ||||
| @@ -55,6 +53,6 @@ rm -f ${default_index} | ||||
| sleep 5 | ||||
| # Configuring Kibana TimePicker. | ||||
| curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ | ||||
| '{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\",\n  \"mode\": \"quick\"}"}}' | ||||
| '{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}' | ||||
|  | ||||
| echo "End settings" | ||||
|   | ||||
| @@ -6,7 +6,7 @@ wazuh_port="${API_PORT:-55000}" | ||||
| api_username="${API_USERNAME:-wazuh-wui}" | ||||
| api_password="${API_PASSWORD:-wazuh-wui}" | ||||
|  | ||||
| kibana_config_file="/usr/share/kibana/optimize/wazuh/config/wazuh.yml" | ||||
| kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml" | ||||
|  | ||||
| declare -A CONFIG_MAP=( | ||||
|   [pattern]=$PATTERN | ||||
|   | ||||
| @@ -4,11 +4,11 @@ | ||||
| if [[ $CHANGE_WELCOME == "true" ]] | ||||
| then | ||||
|     echo "Set Wazuh app as the default landing page" | ||||
|     echo "server.defaultRoute: /app/wazuh" >> /usr/share/kibana/config/kibana.yml | ||||
|     echo "server.defaultRoute: /app/wazuh?security_tenant=global" >> /usr/share/kibana/config/kibana.yml | ||||
|  | ||||
|     echo "Set custom welcome styles" | ||||
|     cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs | ||||
|     cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/optimize/bundles/light_theme.style.css | ||||
|     cp -f /tmp/custom_welcome/*svg /usr/share/kibana/optimize/bundles/ | ||||
|     cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css | ||||
|     cp -f /tmp/custom_welcome/*svg /usr/share/kibana/src/core/server/core_app/assets/ | ||||
| fi | ||||
|  | ||||
|   | ||||
							
								
								
									
										64
									
								
								kibana/Dockerfile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								kibana/Dockerfile
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
| FROM docker.elastic.co/kibana/kibana:7.10.2 | ||||
| USER kibana | ||||
| ARG ELASTIC_VERSION=7.10.2 | ||||
| ARG WAZUH_VERSION=4.2.3 | ||||
| ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}" | ||||
|  | ||||
| WORKDIR /usr/share/kibana | ||||
| RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip | ||||
|  | ||||
| ENV PATTERN="" \ | ||||
|     CHECKS_PATTERN="" \ | ||||
|     CHECKS_TEMPLATE="" \ | ||||
|     CHECKS_API="" \ | ||||
|     CHECKS_SETUP="" \ | ||||
|     EXTENSIONS_PCI="" \ | ||||
|     EXTENSIONS_GDPR="" \ | ||||
|     EXTENSIONS_HIPAA="" \ | ||||
|     EXTENSIONS_NIST="" \ | ||||
|     EXTENSIONS_TSC="" \ | ||||
|     EXTENSIONS_AUDIT="" \ | ||||
|     EXTENSIONS_OSCAP="" \ | ||||
|     EXTENSIONS_CISCAT="" \ | ||||
|     EXTENSIONS_AWS="" \ | ||||
|     EXTENSIONS_GCP="" \ | ||||
|     EXTENSIONS_VIRUSTOTAL="" \ | ||||
|     EXTENSIONS_OSQUERY="" \ | ||||
|     EXTENSIONS_DOCKER="" \ | ||||
|     APP_TIMEOUT="" \ | ||||
|     API_SELECTOR="" \ | ||||
|     IP_SELECTOR="" \ | ||||
|     IP_IGNORE="" \ | ||||
|     WAZUH_MONITORING_ENABLED="" \ | ||||
|     WAZUH_MONITORING_FREQUENCY="" \ | ||||
|     WAZUH_MONITORING_SHARDS="" \ | ||||
|     WAZUH_MONITORING_REPLICAS="" \ | ||||
|     ADMIN_PRIVILEGES="" \ | ||||
|     XPACK_CANVAS="true" \ | ||||
|     XPACK_LOGS="true"   \ | ||||
|     XPACK_INFRA="true"  \ | ||||
|     XPACK_ML="true" \ | ||||
|     XPACK_DEVTOOLS="true"   \ | ||||
|     XPACK_MONITORING="true" \ | ||||
|     XPACK_APM="true" | ||||
|  | ||||
| WORKDIR / | ||||
| USER kibana | ||||
|  | ||||
| COPY --chown=kibana:kibana config/entrypoint.sh ./entrypoint.sh | ||||
| RUN chmod 755 ./entrypoint.sh | ||||
|  | ||||
| RUN printf "\nserver.defaultRoute: /app/wazuh\n" >> /usr/share/kibana/config/kibana.yml | ||||
|  | ||||
| COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml | ||||
| COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./ | ||||
| RUN chmod +x ./wazuh_app_config.sh | ||||
|  | ||||
| COPY --chown=kibana:kibana ./config/kibana_settings.sh ./ | ||||
| RUN chmod +x ./kibana_settings.sh | ||||
|  | ||||
| COPY --chown=kibana:kibana ./config/xpack_config.sh ./ | ||||
| RUN chmod +x ./xpack_config.sh | ||||
|  | ||||
| ENTRYPOINT ./entrypoint.sh | ||||
							
								
								
									
										60
									
								
								kibana/config/entrypoint.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										60
									
								
								kibana/config/entrypoint.sh
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,60 @@ | ||||
| #!/bin/bash | ||||
| # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| set -e | ||||
|  | ||||
| ############################################################################## | ||||
| # Waiting for elasticsearch | ||||
| ############################################################################## | ||||
|  | ||||
| if [ "x${ELASTICSEARCH_URL}" = "x" ]; then | ||||
|   export el_url="http://elasticsearch:9200" | ||||
| else | ||||
|   export el_url="${ELASTICSEARCH_URL}" | ||||
| fi | ||||
|  | ||||
| if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then | ||||
|   export auth="" | ||||
| else | ||||
|   export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k" | ||||
| fi | ||||
|  | ||||
| until curl -XGET $el_url ${auth}; do | ||||
|   >&2 echo "Elastic is unavailable - sleeping" | ||||
|   sleep 5 | ||||
| done | ||||
|  | ||||
| sleep 2 | ||||
|  | ||||
| >&2 echo "Elasticsearch is up." | ||||
|  | ||||
|  | ||||
| ############################################################################## | ||||
| # Waiting for wazuh alerts template | ||||
| ############################################################################## | ||||
|  | ||||
| strlen=0 | ||||
|  | ||||
| while [[ $strlen -eq 0 ]] | ||||
| do | ||||
|   template=$(curl ${auth} $el_url/_cat/templates/wazuh -s) | ||||
|   strlen=${#template} | ||||
|   >&2 echo "Wazuh alerts template not loaded - sleeping." | ||||
|   sleep 2 | ||||
| done | ||||
|  | ||||
| sleep 2 | ||||
|  | ||||
| >&2 echo "Wazuh alerts template is loaded." | ||||
|  | ||||
| ./xpack_config.sh | ||||
|  | ||||
| ./wazuh_app_config.sh | ||||
|  | ||||
| sleep 5 | ||||
|  | ||||
| ./kibana_settings.sh & | ||||
|  | ||||
| sleep 2 | ||||
|  | ||||
| /usr/local/bin/kibana-docker | ||||
							
								
								
									
										79
									
								
								kibana/config/kibana_settings.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										79
									
								
								kibana/config/kibana_settings.sh
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,79 @@ | ||||
| #!/bin/bash | ||||
| # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| WAZUH_MAJOR=4 | ||||
|  | ||||
| ############################################################################## | ||||
| # Wait for the Kibana API to start. It is necessary to do it in this container | ||||
| # because the others are running Elastic Stack and we can not interrupt them. | ||||
| # | ||||
| # The following actions are performed: | ||||
| # | ||||
| # Add the wazuh alerts index as default. | ||||
| # Set the Discover time interval to 24 hours instead of 15 minutes. | ||||
| # Do not ask user to help providing usage statistics to Elastic. | ||||
| ############################################################################## | ||||
|  | ||||
| ############################################################################## | ||||
| # Customize elasticsearch ip | ||||
| ############################################################################## | ||||
| sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml | ||||
|  | ||||
| # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate. | ||||
| if [ "$KIBANA_INDEX" != "" ]; then | ||||
|   if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then | ||||
|     sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml | ||||
|   fi | ||||
|     echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml | ||||
| fi | ||||
|  | ||||
| kibana_proto="http" | ||||
|  | ||||
| if [ "$XPACK_SECURITY_ENABLED" != "" ]; then | ||||
|   kibana_proto="https" | ||||
|   if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then | ||||
|     sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml | ||||
|   fi | ||||
|     echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml | ||||
| fi | ||||
|  | ||||
| # Add auth headers if required | ||||
| if [ "$ELASTICSEARCH_USERNAME" != "" ] && [ "$ELASTICSEARCH_PASSWORD" != "" ]; then | ||||
|     curl_auth="-u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD" | ||||
| fi | ||||
|  | ||||
| while [[ "$(curl $curl_auth -XGET -I  -s -o /dev/null -w ''%{http_code}'' -k $kibana_proto://127.0.0.1:5601/status)" != "200" ]]; do | ||||
|   echo "Waiting for Kibana API. Sleeping 5 seconds" | ||||
|   sleep 5 | ||||
| done | ||||
|  | ||||
|  | ||||
|  | ||||
| # Prepare index selection. | ||||
| echo "Kibana API is running" | ||||
|  | ||||
| default_index="/tmp/default_index.json" | ||||
|  | ||||
| cat > ${default_index} << EOF | ||||
| { | ||||
|   "changes": { | ||||
|     "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*" | ||||
|   } | ||||
| } | ||||
| EOF | ||||
|  | ||||
| sleep 5 | ||||
| # Add the wazuh alerts index as default. | ||||
| curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index} | ||||
| rm -f ${default_index} | ||||
|  | ||||
| sleep 5 | ||||
| # Configuring Kibana TimePicker. | ||||
| curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ | ||||
| '{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}' | ||||
|  | ||||
| sleep 5 | ||||
| # Do not ask user to help providing usage statistics to Elastic | ||||
| curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}' | ||||
|  | ||||
| echo "End settings" | ||||
							
								
								
									
										162
									
								
								kibana/config/wazuh.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										162
									
								
								kibana/config/wazuh.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,162 @@ | ||||
| --- | ||||
| # | ||||
| # Wazuh app - App configuration file | ||||
| # Copyright (C) 2015-2021 Wazuh, Inc. | ||||
| # | ||||
| # This program is free software; you can redistribute it and/or modify | ||||
| # it under the terms of the GNU General Public License as published by | ||||
| # the Free Software Foundation; either version 2 of the License, or | ||||
| # (at your option) any later version. | ||||
| # | ||||
| # Find more information about this on the LICENSE file. | ||||
| # | ||||
| # ======================== Wazuh app configuration file ======================== | ||||
| # | ||||
| # Please check the documentation for more information on configuration options: | ||||
| # https://documentation.wazuh.com/current/installation-guide/index.html | ||||
| # | ||||
| # Also, you can check our repository: | ||||
| # https://github.com/wazuh/wazuh-kibana-app | ||||
| # | ||||
| # ------------------------------- Index patterns ------------------------------- | ||||
| # | ||||
| # Default index pattern to use. | ||||
| #pattern: wazuh-alerts-* | ||||
| # | ||||
| # ----------------------------------- Checks ----------------------------------- | ||||
| # | ||||
| # Defines which checks must to be consider by the healthcheck | ||||
| # step once the Wazuh app starts. Values must to be true or false. | ||||
| #checks.pattern : true | ||||
| #checks.template: true | ||||
| #checks.api     : true | ||||
| #checks.setup   : true | ||||
| #checks.metaFields: true | ||||
| # | ||||
| # --------------------------------- Extensions --------------------------------- | ||||
| # | ||||
| # Defines which extensions should be activated when you add a new API entry. | ||||
| # You can change them after Wazuh app starts. | ||||
| # Values must to be true or false. | ||||
| #extensions.pci       : true | ||||
| #extensions.gdpr      : true | ||||
| #extensions.hipaa     : true | ||||
| #extensions.nist      : true | ||||
| #extensions.tsc       : true | ||||
| #extensions.audit     : true | ||||
| #extensions.oscap     : false | ||||
| #extensions.ciscat    : false | ||||
| #extensions.aws       : false | ||||
| #extensions.gcp       : false | ||||
| #extensions.virustotal: false | ||||
| #extensions.osquery   : false | ||||
| #extensions.docker    : false | ||||
| # | ||||
| # ---------------------------------- Time out ---------------------------------- | ||||
| # | ||||
| # Defines maximum timeout to be used on the Wazuh app requests. | ||||
| # It will be ignored if it is bellow 1500. | ||||
| # It means milliseconds before we consider a request as failed. | ||||
| # Default: 20000 | ||||
| #timeout: 20000 | ||||
| # | ||||
| # -------------------------------- API selector -------------------------------- | ||||
| # | ||||
| # Defines if the user is allowed to change the selected | ||||
| # API directly from the Wazuh app top menu. | ||||
| # Default: true | ||||
| #api.selector: true | ||||
| # | ||||
| # --------------------------- Index pattern selector --------------------------- | ||||
| # | ||||
| # Defines if the user is allowed to change the selected | ||||
| # index pattern directly from the Wazuh app top menu. | ||||
| # Default: true | ||||
| #ip.selector: true | ||||
| # | ||||
| # List of index patterns to be ignored | ||||
| #ip.ignore: [] | ||||
| # | ||||
| # -------------------------------- X-Pack RBAC --------------------------------- | ||||
| # | ||||
| # Custom setting to enable/disable built-in X-Pack RBAC security capabilities. | ||||
| # Default: enabled | ||||
| #xpack.rbac.enabled: true | ||||
| # | ||||
| # ------------------------------ wazuh-monitoring ------------------------------ | ||||
| # | ||||
| # Custom setting to enable/disable wazuh-monitoring indices. | ||||
| # Values: true, false, worker | ||||
| # If worker is given as value, the app will show the Agents status | ||||
| # visualization but won't insert data on wazuh-monitoring indices. | ||||
| # Default: true | ||||
| #wazuh.monitoring.enabled: true | ||||
| # | ||||
| # Custom setting to set the frequency for wazuh-monitoring indices cron task. | ||||
| # Default: 900 (s) | ||||
| #wazuh.monitoring.frequency: 900 | ||||
| # | ||||
| # Configure wazuh-monitoring-* indices shards and replicas. | ||||
| #wazuh.monitoring.shards: 2 | ||||
| #wazuh.monitoring.replicas: 0 | ||||
| # | ||||
| # Configure wazuh-monitoring-* indices custom creation interval. | ||||
| # Values: h (hourly), d (daily), w (weekly), m (monthly) | ||||
| # Default: d | ||||
| #wazuh.monitoring.creation: d | ||||
| # | ||||
| # Default index pattern to use for Wazuh monitoring | ||||
| #wazuh.monitoring.pattern: wazuh-monitoring-* | ||||
| # | ||||
| # --------------------------------- wazuh-cron ---------------------------------- | ||||
| # | ||||
| # Customize the index prefix of predefined jobs | ||||
| # This change is not retroactive, if you change it new indexes will be created | ||||
| # cron.prefix: test | ||||
| # | ||||
| # ------------------------------ wazuh-statistics ------------------------------- | ||||
| # | ||||
| # Custom setting to enable/disable statistics tasks. | ||||
| #cron.statistics.status: true | ||||
| # | ||||
| # Enter the ID of the APIs you want to save data from, leave this empty to run | ||||
| # the task on all configured APIs | ||||
| #cron.statistics.apis: [] | ||||
| # | ||||
| # Define the frequency of task execution using cron schedule expressions | ||||
| #cron.statistics.interval: 0 0 * * * * | ||||
| # | ||||
| # Define the name of the index in which the documents are to be saved. | ||||
| #cron.statistics.index.name: statistics | ||||
| # | ||||
| # Define the interval in which the index will be created | ||||
| #cron.statistics.index.creation: w | ||||
| # | ||||
| # ------------------------------- App privileges -------------------------------- | ||||
| #admin: true | ||||
| # | ||||
| # ---------------------------- Hide manager alerts ------------------------------ | ||||
| # Hide the alerts of the manager in all dashboards and discover | ||||
| #hideManagerAlerts: false | ||||
| # | ||||
| # ------------------------------- App logging level ----------------------------- | ||||
| # Set the logging level for the Wazuh App log files. | ||||
| # Default value: info | ||||
| # Allowed values: info, debug | ||||
| #logs.level: info | ||||
| # | ||||
| # -------------------------------- Enrollment DNS ------------------------------- | ||||
| # Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. | ||||
| # Default value: '' | ||||
| #enrollment.dns: '' | ||||
| # | ||||
| #-------------------------------- API entries ----------------------------------- | ||||
| #The following configuration is the default structure to define an API entry. | ||||
| # | ||||
| #hosts: | ||||
| #  - <id>: | ||||
| #     url: http(s)://<url> | ||||
| #     port: <port> | ||||
| #     username: <username> | ||||
| #     password: <password> | ||||
|  | ||||
							
								
								
									
										64
									
								
								kibana/config/wazuh_app_config.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								kibana/config/wazuh_app_config.sh
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| #!/bin/bash | ||||
| # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| wazuh_url="${WAZUH_API_URL:-https://wazuh}" | ||||
| wazuh_port="${API_PORT:-55000}" | ||||
| api_username="${API_USERNAME:-wazuh-wui}" | ||||
| api_password="${API_PASSWORD:-wazuh-wui}" | ||||
|  | ||||
| kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml" | ||||
|  | ||||
| declare -A CONFIG_MAP=( | ||||
|   [pattern]=$PATTERN | ||||
|   [checks.pattern]=$CHECKS_PATTERN | ||||
|   [checks.template]=$CHECKS_TEMPLATE | ||||
|   [checks.api]=$CHECKS_API | ||||
|   [checks.setup]=$CHECKS_SETUP | ||||
|   [extensions.pci]=$EXTENSIONS_PCI | ||||
|   [extensions.gdpr]=$EXTENSIONS_GDPR | ||||
|   [extensions.hipaa]=$EXTENSIONS_HIPAA | ||||
|   [extensions.nist]=$EXTENSIONS_NIST | ||||
|   [extensions.tsc]=$EXTENSIONS_TSC | ||||
|   [extensions.audit]=$EXTENSIONS_AUDIT | ||||
|   [extensions.oscap]=$EXTENSIONS_OSCAP | ||||
|   [extensions.ciscat]=$EXTENSIONS_CISCAT | ||||
|   [extensions.aws]=$EXTENSIONS_AWS | ||||
|   [extensions.gcp]=$EXTENSIONS_GCP | ||||
|   [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL | ||||
|   [extensions.osquery]=$EXTENSIONS_OSQUERY | ||||
|   [extensions.docker]=$EXTENSIONS_DOCKER | ||||
|   [timeout]=$APP_TIMEOUT | ||||
|   [api.selector]=$API_SELECTOR | ||||
|   [ip.selector]=$IP_SELECTOR | ||||
|   [ip.ignore]=$IP_IGNORE | ||||
|   [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED | ||||
|   [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY | ||||
|   [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS | ||||
|   [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS | ||||
|   [admin]=$ADMIN_PRIVILEGES | ||||
| ) | ||||
|  | ||||
| for i in "${!CONFIG_MAP[@]}" | ||||
| do | ||||
|     if [ "${CONFIG_MAP[$i]}" != "" ]; then | ||||
|         sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file | ||||
|     fi | ||||
| done | ||||
|  | ||||
| CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013) | ||||
|  | ||||
| grep -q 1513629884013 $kibana_config_file | ||||
| _config_exists=$? | ||||
|  | ||||
| if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then | ||||
| cat << EOF >> $kibana_config_file | ||||
| hosts: | ||||
|   - 1513629884013: | ||||
|       url: $wazuh_url | ||||
|       port: $wazuh_port | ||||
|       username: $api_username | ||||
|       password: $api_password | ||||
| EOF | ||||
| else | ||||
|   echo "Wazuh APP already configured" | ||||
| fi | ||||
							
								
								
									
										35
									
								
								kibana/config/xpack_config.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								kibana/config/xpack_config.sh
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| #!/bin/bash | ||||
| # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| kibana_config_file="/usr/share/kibana/config/kibana.yml" | ||||
| if grep -Fq  "#xpack features" "$kibana_config_file"; | ||||
| then | ||||
|   declare -A CONFIG_MAP=( | ||||
|     [xpack.apm.ui.enabled]=$XPACK_APM | ||||
|     [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS | ||||
|     [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS | ||||
|     [xpack.ml.enabled]=$XPACK_ML | ||||
|     [xpack.canvas.enabled]=$XPACK_CANVAS | ||||
|     [xpack.infra.enabled]=$XPACK_INFRA | ||||
|     [xpack.monitoring.enabled]=$XPACK_MONITORING | ||||
|     [console.enabled]=$XPACK_DEVTOOLS | ||||
|   ) | ||||
|   for i in "${!CONFIG_MAP[@]}" | ||||
|   do | ||||
|     if [ "${CONFIG_MAP[$i]}" != "" ]; then | ||||
|       sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file | ||||
|     fi | ||||
|   done | ||||
| else | ||||
|   echo " | ||||
| #xpack features | ||||
| xpack.apm.ui.enabled: $XPACK_APM | ||||
| xpack.grokdebugger.enabled: $XPACK_DEVTOOLS | ||||
| xpack.searchprofiler.enabled: $XPACK_DEVTOOLS | ||||
| xpack.ml.enabled: $XPACK_ML | ||||
| xpack.canvas.enabled: $XPACK_CANVAS | ||||
| xpack.infra.enabled: $XPACK_INFRA | ||||
| xpack.monitoring.enabled: $XPACK_MONITORING | ||||
| console.enabled: $XPACK_DEVTOOLS | ||||
| " >> $kibana_config_file | ||||
| fi | ||||
| @@ -3,7 +3,7 @@ version: '3.7' | ||||
|  | ||||
| services: | ||||
|   wazuh-master: | ||||
|     image: wazuh/wazuh-odfe:4.0.4_1.11.0 | ||||
|     image: wazuh/wazuh-odfe:4.2.3 | ||||
|     hostname: wazuh-master | ||||
|     restart: always | ||||
|     ports: | ||||
| @@ -38,7 +38,7 @@ services: | ||||
|       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf | ||||
|  | ||||
|   wazuh-worker: | ||||
|     image: wazuh/wazuh-odfe:4.0.4_1.11.0 | ||||
|     image: wazuh/wazuh-odfe:4.2.3 | ||||
|     hostname: wazuh-worker | ||||
|     restart: always | ||||
|     environment: | ||||
| @@ -67,7 +67,7 @@ services: | ||||
|       - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf | ||||
|  | ||||
|   elasticsearch: | ||||
|     image: amazon/opendistro-for-elasticsearch:1.11.0 | ||||
|     image: amazon/opendistro-for-elasticsearch:1.13.2 | ||||
|     hostname: elasticsearch | ||||
|     restart: always | ||||
|     ports: | ||||
| @@ -86,11 +86,13 @@ services: | ||||
|       - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem | ||||
|       - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key | ||||
|       - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem | ||||
|       - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem | ||||
|       - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key | ||||
|       - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml | ||||
|       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml | ||||
|  | ||||
|   elasticsearch-2: | ||||
|     image: amazon/opendistro-for-elasticsearch:1.11.0 | ||||
|     image: amazon/opendistro-for-elasticsearch:1.13.2 | ||||
|     hostname: elasticsearch-2 | ||||
|     restart: always | ||||
|     environment: | ||||
| @@ -111,7 +113,7 @@ services: | ||||
|       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml | ||||
|  | ||||
|   elasticsearch-3: | ||||
|     image: amazon/opendistro-for-elasticsearch:1.11.0 | ||||
|     image: amazon/opendistro-for-elasticsearch:1.13.2 | ||||
|     hostname: elasticsearch-3 | ||||
|     restart: always | ||||
|     environment: | ||||
| @@ -132,7 +134,7 @@ services: | ||||
|       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml | ||||
|  | ||||
|   kibana: | ||||
|     image: wazuh/wazuh-kibana-odfe:4.0.4_1.11.0 | ||||
|     image: wazuh/wazuh-kibana-odfe:4.2.3 | ||||
|     hostname: kibana | ||||
|     restart: always | ||||
|     ports: | ||||
|   | ||||
| @@ -20,7 +20,7 @@ opendistro_security.nodes_dn: | ||||
|     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
|     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
|     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
| opendistro_security.authcz.admin_dn: [] | ||||
| opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com'] | ||||
| opendistro_security.audit.type: internal_elasticsearch | ||||
| opendistro_security.enable_snapshot_restore_privilege: true | ||||
| opendistro_security.check_snapshot_restore_write_privileges: true | ||||
|   | ||||
| @@ -20,7 +20,7 @@ opendistro_security.nodes_dn: | ||||
|     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
|     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
|     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
| opendistro_security.authcz.admin_dn: [] | ||||
| opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com'] | ||||
| opendistro_security.audit.type: internal_elasticsearch | ||||
| opendistro_security.enable_snapshot_restore_privilege: true | ||||
| opendistro_security.check_snapshot_restore_write_privileges: true | ||||
|   | ||||
| @@ -20,7 +20,7 @@ opendistro_security.nodes_dn: | ||||
|     - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
|     - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
|     - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' | ||||
| opendistro_security.authcz.admin_dn: [] | ||||
| opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com'] | ||||
| opendistro_security.audit.type: internal_elasticsearch | ||||
| opendistro_security.enable_snapshot_restore_privilege: true | ||||
| opendistro_security.check_snapshot_restore_write_privileges: true | ||||
|   | ||||
| @@ -9,4 +9,5 @@ then | ||||
|     exit | ||||
| else | ||||
|     openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem | ||||
|     chown -R 1000:1000 *.pem | ||||
| fi | ||||
|   | ||||
| @@ -28,3 +28,8 @@ nodes: | ||||
|     dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com | ||||
|     dns:  | ||||
|       - wazuh | ||||
|  | ||||
| clients: | ||||
|   - name: admin | ||||
|     dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com | ||||
|     admin: true | ||||
|   | ||||
| @@ -200,8 +200,8 @@ | ||||
|   <global> | ||||
|     <white_list>127.0.0.1</white_list> | ||||
|     <white_list>^localhost.localdomain$</white_list> | ||||
|     <white_list>4.2.2.1</white_list> | ||||
|     <white_list>4.2.2.2</white_list> | ||||
|     <white_list>4.2.3.1</white_list> | ||||
|     <white_list>4.2.3.2</white_list> | ||||
|     <white_list>208.67.220.220</white_list> | ||||
|   </global> | ||||
|  | ||||
| @@ -307,7 +307,7 @@ | ||||
|     <rule_dir>etc/rules</rule_dir> | ||||
|   </ruleset> | ||||
|  | ||||
|   <!-- Configuration for ossec-authd --> | ||||
|   <!-- Configuration for wazuh-authd --> | ||||
|   <auth> | ||||
|     <disabled>no</disabled> | ||||
|     <port>1515</port> | ||||
|   | ||||
| @@ -200,8 +200,8 @@ | ||||
|   <global> | ||||
|     <white_list>127.0.0.1</white_list> | ||||
|     <white_list>^localhost.localdomain$</white_list> | ||||
|     <white_list>4.2.2.1</white_list> | ||||
|     <white_list>4.2.2.2</white_list> | ||||
|     <white_list>4.2.3.1</white_list> | ||||
|     <white_list>4.2.3.2</white_list> | ||||
|     <white_list>208.67.220.220</white_list> | ||||
|   </global> | ||||
|  | ||||
| @@ -307,7 +307,7 @@ | ||||
|     <rule_dir>etc/rules</rule_dir> | ||||
|   </ruleset> | ||||
|  | ||||
|   <!-- Configuration for ossec-authd --> | ||||
|   <!-- Configuration for wazuh-authd --> | ||||
|   <auth> | ||||
|     <disabled>no</disabled> | ||||
|     <port>1515</port> | ||||
|   | ||||
| @@ -1,8 +1,9 @@ | ||||
| # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
| FROM centos:7 | ||||
|  | ||||
| ARG FILEBEAT_VERSION=7.9.1 | ||||
| ARG WAZUH_VERSION=4.0.4-1 | ||||
| ARG FILEBEAT_CHANNEL=filebeat-oss | ||||
| ARG FILEBEAT_VERSION=7.10.2 | ||||
| ARG WAZUH_VERSION=4.2.3 | ||||
| ARG TEMPLATE_VERSION="master" | ||||
| ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz" | ||||
|  | ||||
| @@ -16,12 +17,14 @@ RUN yum --enablerepo=updates clean metadata && \ | ||||
|   sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \ | ||||
|   yum clean all && rm -rf /var/cache/yum | ||||
|  | ||||
| RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm &&\ | ||||
|   rpm -i filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm | ||||
| RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\ | ||||
|   rpm -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm | ||||
|  | ||||
| RUN curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module | ||||
|  | ||||
| ARG S6_VERSION="v2.1.0.2" | ||||
| RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss | ||||
|  | ||||
| ARG S6_VERSION="v2.2.0.3" | ||||
| RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ | ||||
|     -o /tmp/s6-overlay-amd64.tar.gz && \ | ||||
|     tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \ | ||||
|   | ||||
| @@ -74,6 +74,23 @@ apply_exclusion_data() { | ||||
|   done | ||||
| } | ||||
|  | ||||
| ############################################################################## | ||||
| # This function will rename in the permanent data volume every file | ||||
| # contained in PERMANENT_DATA_MOVE | ||||
| ############################################################################## | ||||
|  | ||||
| move_data_files() { | ||||
|   for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do | ||||
|     file_split=( $mov_file ) | ||||
|     if [ -e ${file_split[0]} ] | ||||
|     then | ||||
|       print "moving ${mov_file}" | ||||
|       exec_cmd "mv -f ${mov_file}" | ||||
|     fi | ||||
|   done | ||||
| } | ||||
|  | ||||
|  | ||||
| ############################################################################## | ||||
| # This function will delete from the permanent data volume every file | ||||
| # contained in PERMANENT_DATA_DEL | ||||
| @@ -84,7 +101,7 @@ remove_data_files() { | ||||
|     if [ -e ${del_file} ] | ||||
|     then | ||||
|       print "Removing ${del_file}" | ||||
|       exec_cmd "rm ${del_file}" | ||||
|       exec_cmd "rm -f ${del_file}" | ||||
|     fi | ||||
|   done | ||||
| } | ||||
| @@ -94,7 +111,7 @@ remove_data_files() { | ||||
| ############################################################################## | ||||
|  | ||||
| create_ossec_key_cert() { | ||||
|   print "Creating ossec-authd key and cert" | ||||
|   print "Creating wazuh-authd key and cert" | ||||
|   exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096" | ||||
|   exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" | ||||
| } | ||||
| @@ -158,10 +175,13 @@ main() { | ||||
|   # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf) | ||||
|   apply_exclusion_data | ||||
|  | ||||
|   # Rename files stored in permanent data (i.e. queue/ossec) | ||||
|   move_data_files | ||||
|  | ||||
|   # Remove some files in permanent_data (i.e. .template.db) | ||||
|   remove_data_files | ||||
|  | ||||
|   # Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist | ||||
|   # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist | ||||
|   if [ $AUTO_ENROLLMENT_ENABLED == true ] | ||||
|   then | ||||
|     if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ] | ||||
|   | ||||
| @@ -102,6 +102,16 @@ EOF | ||||
|   fi | ||||
| } | ||||
|  | ||||
| function_entrypoint_scripts() { | ||||
|   # It will run every .sh script located in entrypoint-scripts folder in lexicographical order | ||||
|   if [ -d "/entrypoint-scripts/" ] | ||||
|   then | ||||
|     for script in `ls /entrypoint-scripts/*.sh | sort -n`; do | ||||
|       bash "$script" | ||||
|     done | ||||
|   fi | ||||
| } | ||||
|  | ||||
|  | ||||
| # Migrate data from /wazuh-migration volume | ||||
| function_wazuh_migration | ||||
| @@ -109,5 +119,8 @@ function_wazuh_migration | ||||
| # create API custom user | ||||
| function_create_custom_user | ||||
|  | ||||
| # run entrypoint scripts | ||||
| function_entrypoint_scripts | ||||
|  | ||||
| # Start Wazuh | ||||
| /var/ossec/bin/ossec-control start | ||||
| /var/ossec/bin/wazuh-control start | ||||
|   | ||||
| @@ -4,6 +4,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration" | ||||
| PERMANENT_DATA[((i++))]="/var/ossec/etc" | ||||
| PERMANENT_DATA[((i++))]="/var/ossec/logs" | ||||
| PERMANENT_DATA[((i++))]="/var/ossec/queue" | ||||
| PERMANENT_DATA[((i++))]="/var/ossec/queue/logcollector" | ||||
| PERMANENT_DATA[((i++))]="/var/ossec/agentless" | ||||
| PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups" | ||||
| PERMANENT_DATA[((i++))]="/var/ossec/integrations" | ||||
| @@ -20,23 +21,21 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff" | ||||
| @@ -59,9 +58,15 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py" | ||||
| export PERMANENT_DATA_EXCP | ||||
|  | ||||
| # Files mounted in a volume that should be deleted | ||||
| i=0 | ||||
| PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db" | ||||
| export PERMANENT_DATA_DEL | ||||
|  | ||||
| i=0 | ||||
| PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh" | ||||
| PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets" | ||||
| export PERMANENT_DATA_MOVE | ||||
|   | ||||
							
								
								
									
										186
									
								
								xpack-compose.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										186
									
								
								xpack-compose.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,186 @@ | ||||
| # Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
| version: '3.7' | ||||
|  | ||||
| services: | ||||
|   wazuh: | ||||
|     image: wazuh/wazuh:4.2.3 | ||||
|     hostname: wazuh-manager | ||||
|     restart: always | ||||
|     ports: | ||||
|       - "1514:1514" | ||||
|       - "1515:1515" | ||||
|       - "514:514/udp" | ||||
|       - "55000:55000" | ||||
|     environment: | ||||
|       - ELASTICSEARCH_URL=https://elasticsearch:9200 | ||||
|       - ELASTIC_USERNAME=elastic | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - FILEBEAT_SSL_VERIFICATION_MODE=none | ||||
|       - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt | ||||
|       - SSL_CERTIFICATE=/etc/ssl/wazuh.crt | ||||
|       - SSL_KEY=/etc/ssl/wazuh.key | ||||
|     volumes: | ||||
|       - ossec_api_configuration:/var/ossec/api/configuration | ||||
|       - ossec_etc:/var/ossec/etc | ||||
|       - ossec_logs:/var/ossec/logs | ||||
|       - ossec_queue:/var/ossec/queue | ||||
|       - ossec_var_multigroups:/var/ossec/var/multigroups | ||||
|       - ossec_integrations:/var/ossec/integrations | ||||
|       - ossec_active_response:/var/ossec/active-response/bin | ||||
|       - ossec_agentless:/var/ossec/agentless | ||||
|       - ossec_wodles:/var/ossec/wodles | ||||
|       - filebeat_etc:/etc/filebeat | ||||
|       - filebeat_var:/var/lib/filebeat | ||||
|       - ./xpack/ca/ca.crt:/etc/ssl/ca.crt | ||||
|       - ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt | ||||
|       - ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key | ||||
|  | ||||
|  | ||||
|   elasticsearch: | ||||
|     image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 | ||||
|     hostname: elasticsearch | ||||
|     restart: always | ||||
|     ports: | ||||
|       - "9200:9200" | ||||
|     environment: | ||||
|       - cluster.name=wazuh-cluster | ||||
|       - node.name=elasticsearch | ||||
|       - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | ||||
|       - bootstrap.memory_lock=true | ||||
|       - xpack.license.self_generated.type=basic | ||||
|       - xpack.security.enabled=true | ||||
|       - xpack.security.http.ssl.enabled=true | ||||
|       - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|       - xpack.security.transport.ssl.enabled=true | ||||
|       - xpack.security.transport.ssl.verification_mode=certificate | ||||
|       - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt | ||||
|       - ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|  | ||||
|   elasticsearch2: | ||||
|     image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 | ||||
|     hostname: elasticsearch2 | ||||
|     restart: always | ||||
|     environment: | ||||
|       - cluster.name=wazuh-cluster | ||||
|       - node.name=elasticsearch2 | ||||
|       - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | ||||
|       - bootstrap.memory_lock=true | ||||
|       - xpack.license.self_generated.type=basic | ||||
|       - xpack.security.enabled=true | ||||
|       - xpack.security.http.ssl.enabled=true | ||||
|       - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|       - xpack.security.transport.ssl.enabled=true | ||||
|       - xpack.security.transport.ssl.verification_mode=certificate | ||||
|       - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt | ||||
|       - ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|  | ||||
|   elasticsearch3: | ||||
|     image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2 | ||||
|     hostname: elasticsearch3 | ||||
|     restart: always | ||||
|     environment: | ||||
|       - cluster.name=wazuh-cluster | ||||
|       - node.name=elasticsearch3 | ||||
|       - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | ||||
|       - bootstrap.memory_lock=true | ||||
|       - xpack.license.self_generated.type=basic | ||||
|       - xpack.security.enabled=true | ||||
|       - xpack.security.http.ssl.enabled=true | ||||
|       - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|       - xpack.security.transport.ssl.enabled=true | ||||
|       - xpack.security.transport.ssl.verification_mode=certificate | ||||
|       - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt | ||||
|       - ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|  | ||||
|  | ||||
|  | ||||
|   kibana: | ||||
|     image: wazuh/wazuh-kibana:4.2.3 | ||||
|     hostname: kibana | ||||
|     restart: always | ||||
|     ports: | ||||
|       - 443:5601 | ||||
|     environment: | ||||
|       - SERVERNAME=localhost | ||||
|       - ELASTICSEARCH_USERNAME=elastic | ||||
|       - ELASTICSEARCH_PASSWORD=SecretPassword | ||||
|       - ELASTICSEARCH_URL=https://elasticsearch:9200 | ||||
|       - ELASTICSEARCH_HOSTS=https://elasticsearch:9200 | ||||
|       - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt | ||||
|       - SERVER_SSL_ENABLED=true | ||||
|       - XPACK_SECURITY_ENABLED=true | ||||
|       - SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key | ||||
|       - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt | ||||
|       - ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key | ||||
|       - ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt | ||||
|     depends_on: | ||||
|       - elasticsearch | ||||
|     links: | ||||
|       - elasticsearch:elasticsearch | ||||
|       - wazuh:wazuh | ||||
|  | ||||
| volumes: | ||||
|   ossec_api_configuration: | ||||
|   ossec_etc: | ||||
|   ossec_logs: | ||||
|   ossec_queue: | ||||
|   ossec_var_multigroups: | ||||
|   ossec_integrations: | ||||
|   ossec_active_response: | ||||
|   ossec_agentless: | ||||
|   ossec_wodles: | ||||
|   filebeat_etc: | ||||
|   filebeat_var: | ||||
							
								
								
									
										192
									
								
								xpack-from-sources.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										192
									
								
								xpack-from-sources.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,192 @@ | ||||
| # Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) | ||||
| version: '3.7' | ||||
|  | ||||
| services: | ||||
|   wazuh: | ||||
|     build: | ||||
|       context: wazuh-odfe/ | ||||
|       args: | ||||
|         - FILEBEAT_CHANNEL=filebeat | ||||
|         - FILEBEAT_VERSION=7.11.2 | ||||
|     image: wazuh/wazuh:4.2.3 | ||||
|     hostname: wazuh-manager | ||||
|     restart: always | ||||
|     ports: | ||||
|       - "1514:1514" | ||||
|       - "1515:1515" | ||||
|       - "514:514/udp" | ||||
|       - "55000:55000" | ||||
|     environment: | ||||
|       - ELASTICSEARCH_URL=https://elasticsearch:9200 | ||||
|       - ELASTIC_USERNAME=elastic | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - FILEBEAT_SSL_VERIFICATION_MODE=none | ||||
|       - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt | ||||
|       - SSL_CERTIFICATE=/etc/ssl/wazuh.crt | ||||
|       - SSL_KEY=/etc/ssl/wazuh.key | ||||
|     volumes: | ||||
|       - ossec_api_configuration:/var/ossec/api/configuration | ||||
|       - ossec_etc:/var/ossec/etc | ||||
|       - ossec_logs:/var/ossec/logs | ||||
|       - ossec_queue:/var/ossec/queue | ||||
|       - ossec_var_multigroups:/var/ossec/var/multigroups | ||||
|       - ossec_integrations:/var/ossec/integrations | ||||
|       - ossec_active_response:/var/ossec/active-response/bin | ||||
|       - ossec_agentless:/var/ossec/agentless | ||||
|       - ossec_wodles:/var/ossec/wodles | ||||
|       - filebeat_etc:/etc/filebeat | ||||
|       - filebeat_var:/var/lib/filebeat | ||||
|       - ./xpack/ca/ca.crt:/etc/ssl/ca.crt | ||||
|       - ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt | ||||
|       - ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key | ||||
|  | ||||
|  | ||||
|   elasticsearch: | ||||
|     image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2 | ||||
|     hostname: elasticsearch | ||||
|     restart: always | ||||
|     ports: | ||||
|       - "9200:9200" | ||||
|     environment: | ||||
|       - cluster.name=wazuh-cluster | ||||
|       - node.name=elasticsearch | ||||
|       - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | ||||
|       - bootstrap.memory_lock=true | ||||
|       - xpack.license.self_generated.type=basic | ||||
|       - xpack.security.enabled=true | ||||
|       - xpack.security.http.ssl.enabled=true | ||||
|       - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|       - xpack.security.transport.ssl.enabled=true | ||||
|       - xpack.security.transport.ssl.verification_mode=certificate | ||||
|       - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt | ||||
|       - ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|  | ||||
|   elasticsearch2: | ||||
|     image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2 | ||||
|     hostname: elasticsearch2 | ||||
|     restart: always | ||||
|     environment: | ||||
|       - cluster.name=wazuh-cluster | ||||
|       - node.name=elasticsearch2 | ||||
|       - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | ||||
|       - bootstrap.memory_lock=true | ||||
|       - xpack.license.self_generated.type=basic | ||||
|       - xpack.security.enabled=true | ||||
|       - xpack.security.http.ssl.enabled=true | ||||
|       - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|       - xpack.security.transport.ssl.enabled=true | ||||
|       - xpack.security.transport.ssl.verification_mode=certificate | ||||
|       - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt | ||||
|       - ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|  | ||||
|   elasticsearch3: | ||||
|     image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2 | ||||
|     hostname: elasticsearch3 | ||||
|     restart: always | ||||
|     environment: | ||||
|       - cluster.name=wazuh-cluster | ||||
|       - node.name=elasticsearch3 | ||||
|       - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3 | ||||
|       - ELASTIC_PASSWORD=SecretPassword | ||||
|       - "ES_JAVA_OPTS=-Xms512m -Xmx512m" | ||||
|       - bootstrap.memory_lock=true | ||||
|       - xpack.license.self_generated.type=basic | ||||
|       - xpack.security.enabled=true | ||||
|       - xpack.security.http.ssl.enabled=true | ||||
|       - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|       - xpack.security.transport.ssl.enabled=true | ||||
|       - xpack.security.transport.ssl.verification_mode=certificate | ||||
|       - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt | ||||
|       - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt | ||||
|       - ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key | ||||
|       - ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt | ||||
|  | ||||
|  | ||||
|  | ||||
|   kibana: | ||||
|     build: kibana/ | ||||
|     image: wazuh/wazuh-kibana:4.2.3 | ||||
|     hostname: kibana | ||||
|     restart: always | ||||
|     ports: | ||||
|       - 443:5601 | ||||
|     environment: | ||||
|       - SERVERNAME=localhost | ||||
|       - ELASTICSEARCH_USERNAME=elastic | ||||
|       - ELASTICSEARCH_PASSWORD=SecretPassword | ||||
|       - ELASTICSEARCH_URL=https://elasticsearch:9200 | ||||
|       - ELASTICSEARCH_HOSTS=https://elasticsearch:9200 | ||||
|       - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt | ||||
|       - SERVER_SSL_ENABLED=true | ||||
|       - XPACK_SECURITY_ENABLED=true | ||||
|       - SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key | ||||
|       - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt | ||||
|     volumes: | ||||
|       - ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt | ||||
|       - ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key | ||||
|       - ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt | ||||
|     depends_on: | ||||
|       - elasticsearch | ||||
|     links: | ||||
|       - elasticsearch:elasticsearch | ||||
|       - wazuh:wazuh | ||||
|  | ||||
| volumes: | ||||
|   ossec_api_configuration: | ||||
|   ossec_etc: | ||||
|   ossec_logs: | ||||
|   ossec_queue: | ||||
|   ossec_var_multigroups: | ||||
|   ossec_integrations: | ||||
|   ossec_active_response: | ||||
|   ossec_agentless: | ||||
|   ossec_wodles: | ||||
|   filebeat_etc: | ||||
|   filebeat_var: | ||||
							
								
								
									
										35
									
								
								xpack/instances.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										35
									
								
								xpack/instances.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,35 @@ | ||||
| instances: | ||||
|   - name: elasticsearch | ||||
|     dns: | ||||
|       - elasticsearch | ||||
|       - localhost | ||||
|     ip: | ||||
|       - 127.0.0.1 | ||||
|  | ||||
|   - name: elasticsearch2 | ||||
|     dns: | ||||
|       - elasticsearch2 | ||||
|       - localhost | ||||
|     ip: | ||||
|       - 127.0.0.1 | ||||
|  | ||||
|   - name: elasticsearch3 | ||||
|     dns: | ||||
|       - elasticsearch3 | ||||
|       - localhost | ||||
|     ip: | ||||
|       - 127.0.0.1 | ||||
|  | ||||
|   - name: kibana | ||||
|     dns: | ||||
|       - kibana | ||||
|       - localhost | ||||
|     ip: | ||||
|       - 127.0.0.1 | ||||
|  | ||||
|   - name: wazuh | ||||
|     dns: | ||||
|       - wazuh | ||||
|       - localhost | ||||
|     ip: | ||||
|       - 127.0.0.1 | ||||
		Reference in New Issue
	
	Block a user