Compare commits

...

40 Commits

Author SHA1 Message Date
Manuel Gutierrez
b36f24a128 Merge pull request #442 from wazuh/release-wazuh_4.1.0
Release wazuh 4.1.0
2021-02-17 17:55:24 +01:00
Manuel Gutierrez
5da9c5dd1f Add xpack-from-sources 2021-02-17 17:54:09 +01:00
Manuel Gutierrez
4eb80c83b0 Update kibana xpack paths 2021-02-17 17:45:05 +01:00
Manuel Gutierrez
68c41bd64c Fix curl ssl check 2021-02-17 17:40:19 +01:00
Manuel Gutierrez
41f2397725 Fix elastic version 2021-02-17 16:39:44 +01:00
Manuel Gutierrez
5673a9115c Fix changelog 2021-02-17 16:31:49 +01:00
Manuel Gutierrez
f019658c86 Bump images on prod cluster 2021-02-17 15:51:45 +01:00
Manuel Gutierrez
eb944445be Update changelog 2021-02-17 15:41:47 +01:00
Manuel Gutierrez
fe3b9335c1 Update xpack compose 2021-02-17 14:54:04 +01:00
Manuel Gutierrez
771e4e3988 Update Goss tests 2021-02-17 14:53:52 +01:00
Manuel Gutierrez
6f60a87b46 Bump odfe images 2021-02-17 14:44:09 +01:00
Manuel Gutierrez
201e750f2c Bump xpack images 2021-02-17 14:43:59 +01:00
Manuel Gutierrez
7e75b29a0f Update paths 2021-02-17 14:07:55 +01:00
Manuel Gutierrez
1c512ae437 Bump versions and update path 2021-02-16 17:19:08 +01:00
Manuel Gutierrez
7cc89ffdb1 Bump versions 2021-02-16 17:17:54 +01:00
Manuel Gutierrez
e3d1aa16d0 Update compatibility matrix 2021-02-16 17:16:55 +01:00
Manuel Gutierrez
b7afcf7646 Bump odfe version 2021-02-16 17:09:28 +01:00
Manuel Gutierrez
b290efb376 Update version 2021-02-16 17:09:09 +01:00
Manuel Gutierrez
8dd9bc0421 Merge pull request #441 from wazuh/add-goss-binary
Add goss binary for health checks
2021-02-16 11:30:31 +01:00
Manuel Gutierrez
64db5f9067 Add goss binary for health checks 2021-02-15 18:02:24 +01:00
Manuel Gutierrez
5313c60a06 Merge pull request #409 from wazuh/feature-xpack-4.0
Add images compatible with xpack
2021-02-05 18:10:44 +01:00
Manuel Gutierrez
ca11769d4f Remove dev tag from version 2021-02-05 16:13:48 +01:00
Manuel Gutierrez
1cc88b3097 Rename cert generator container name 2021-02-04 18:33:04 +01:00
Manuel Gutierrez
e20fb6e728 Add generate-elasticsearch-certs.yml and instances.yml 2021-02-04 18:26:04 +01:00
Manuel Gutierrez
d84631761a Update xpack-compose 2021-02-04 18:25:39 +01:00
Manuel Gutierrez
08ac53fee9 Merge pull request #435 from wazuh/433-entrypoint-scripts
Re-enable entrypoint scripts
2021-02-03 14:02:01 +01:00
Manuel Gutierrez
f4c484e887 Re-enable entrypoint scripts 2021-02-03 11:32:07 +01:00
Manuel Gutierrez
7a99967144 Remove kibana_ip 2021-02-02 19:00:06 +01:00
Manuel Gutierrez
cd7d882261 Use kibana_proto 2021-02-02 18:59:46 +01:00
Manuel Gutierrez
217be9a075 Fix curl auth params 2021-02-02 18:57:16 +01:00
Manuel Gutierrez
e683a68cb4 Bump copyright 2021-01-29 13:13:29 +01:00
Manuel Gutierrez
59b55c6d5c Bump to 4.0.4 2021-01-29 13:13:10 +01:00
Manuel Gutierrez
0d5d167a5d Add sample compose for xpack variant 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
13ad837787 Remove duplicated xpack_config exec 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
0ce9aa9991 Set Wazuh app as default route 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
d2c91ff90a Remove useless ARG 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
c3943a1523 Backport kibana-xpack image to v4 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
6c9506aa9a Use an ARG to select filebeat channel 2021-01-26 15:29:32 +01:00
Manuel Gutierrez
68256252c7 Merge pull request #432 from wazuh/bump-s6-overlay
Bump s6-overlay version
2021-01-25 10:14:29 +01:00
Manuel Gutierrez
c8184b9145 Bump s6-overlay version 2021-01-22 17:53:43 +01:00
23 changed files with 963 additions and 43 deletions

View File

@@ -6,28 +6,28 @@ file:
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/bundles/light_theme.style.css: /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css:
exists: true exists: true
mode: "0664" mode: "0664"
owner: kibana owner: kibana
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/bundles/wazuh_logo_circle.svg: /usr/share/kibana/src/core/server/core_app/assets/wazuh_logo_circle.svg:
exists: true exists: true
mode: "0644" mode: "0644"
owner: kibana owner: kibana
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/bundles/wazuh_wazuh_bg.svg: /usr/share/kibana/src/core/server/core_app/assets/wazuh_wazuh_bg.svg:
exists: true exists: true
mode: "0644" mode: "0644"
owner: kibana owner: kibana
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/wazuh/config/wazuh.yml: /usr/share/kibana/data/wazuh/config/wazuh.yml:
exists: true exists: true
mode: "0644" mode: "0644"
owner: kibana owner: kibana

View File

@@ -52,11 +52,11 @@ package:
filebeat: filebeat:
installed: true installed: true
versions: versions:
- 7.9.1 - 7.10.0
wazuh-manager: wazuh-manager:
installed: true installed: true
versions: versions:
- 4.0.4 - 4.1.0
port: port:
tcp:1514: tcp:1514:
listening: true listening: true

View File

@@ -1,5 +1,14 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## Wazuh Docker v4.1.0
### Added
- Update Wazuh to version [4.1.0](https://github.com/wazuh/wazuh/blob/v4.1.0/CHANGELOG.md#v410)
- Update ODFE compatibility to version 1.12.0
- Add support for Elasticsearch (xpack) images once again (7.10.2) ([@xr09](https://github.com/xr09)) [#409](https://github.com/wazuh/wazuh-docker/pull/409)
- Re-enable entrypoint scripts ([@xr09](https://github.com/xr09)) [#435](https://github.com/wazuh/wazuh-docker/pull/435)
- Add Goss binary for healthchecks ([@xr09](https://github.com/xr09)) [$441](https://github.com/wazuh/wazuh-docker/pull/441)
- Update s6-overlay to latest version
## Wazuh Docker v4.0.4_1.11.0 ## Wazuh Docker v4.0.4_1.11.0

View File

@@ -148,22 +148,24 @@ ADMIN_PRIVILEGES=true # App privileges
* `4.0` branch on correspond to the latest Wazuh-Docker stable version. * `4.0` branch on correspond to the latest Wazuh-Docker stable version.
* `master` branch contains the latest code, be aware of possible bugs on this branch. * `master` branch contains the latest code, be aware of possible bugs on this branch.
* `Wazuh.Version_ElasticStack.Version` (for example 3.13.1_7.8.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch. * `Wazuh.Version` (for example 3.13.1_7.8.0 or 4.1.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
## Compatibility Matrix ## Compatibility Matrix
| Wazuh version | ODFE | | Wazuh version | ODFE | XPACK |
|---------------|---------| |---------------|---------|--------|
| v4.0.4 | 1.11.0 | | v4.1.0 | 1.12.0 | 7.10.2 |
|---------------|---------| |---------------|---------|--------|
| v4.0.3 | 1.11.0 | | v4.0.4 | 1.11.0 | |
|---------------|---------| |---------------|---------|--------|
| v4.0.2 | 1.11.0 | | v4.0.3 | 1.11.0 | |
|---------------|---------| |---------------|---------|--------|
| v4.0.1 | 1.11.0 | | v4.0.2 | 1.11.0 | |
|---------------|---------| |---------------|---------|--------|
| v4.0.0 | 1.10.1 | | v4.0.1 | 1.11.0 | |
|---------------|---------|--------|
| v4.0.0 | 1.10.1 | |
## Credits and Thank you ## Credits and Thank you

View File

@@ -1,2 +1,2 @@
WAZUH-DOCKER_VERSION="4.0.4_1.11.0" WAZUH-DOCKER_VERSION="4.1.0"
REVISION="40400" REVISION="41000"

View File

@@ -31,7 +31,7 @@ services:
- filebeat_var:/var/lib/filebeat - filebeat_var:/var/lib/filebeat
elasticsearch: elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.12.0
hostname: elasticsearch hostname: elasticsearch
restart: always restart: always
ports: ports:

View File

@@ -3,7 +3,7 @@ version: '3.7'
services: services:
wazuh: wazuh:
image: wazuh/wazuh-odfe:4.0.4_1.11.0 image: wazuh/wazuh-odfe:4.1.0
hostname: wazuh-manager hostname: wazuh-manager
restart: always restart: always
ports: ports:
@@ -30,7 +30,7 @@ services:
- filebeat_var:/var/lib/filebeat - filebeat_var:/var/lib/filebeat
elasticsearch: elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.12.0
hostname: elasticsearch hostname: elasticsearch
restart: always restart: always
ports: ports:
@@ -50,7 +50,7 @@ services:
hard: 65536 hard: 65536
kibana: kibana:
image: wazuh/wazuh-kibana-odfe:4.0.4_1.11.0 image: wazuh/wazuh-kibana-odfe:4.1.0
hostname: kibana hostname: kibana
restart: always restart: always
ports: ports:

View File

@@ -0,0 +1,17 @@
version: '2.2'
services:
generator:
container_name: generator
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
command: >
bash -c '
if [[ ! -f config/certificates/bundle.zip ]]; then
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip;
unzip config/certificates/bundle.zip -d config/certificates/;
fi;
chown -R 1000:0 /certs
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes: ['./xpack:/usr/share/elasticsearch/config/certificates']

View File

@@ -1,8 +1,8 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM amazon/opendistro-for-elasticsearch-kibana:1.11.0 FROM amazon/opendistro-for-elasticsearch-kibana:1.12.0
USER kibana USER kibana
ARG ELASTIC_VERSION=7.9.1 ARG ELASTIC_VERSION=7.10.0
ARG WAZUH_VERSION=4.0.4 ARG WAZUH_VERSION=4.1.0
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}" ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana WORKDIR /usr/share/kibana
@@ -42,7 +42,6 @@ ENV PATTERN="" \
ADMIN_PRIVILEGES="" ADMIN_PRIVILEGES=""
USER kibana USER kibana
RUN NODE_OPTIONS="--max-old-space-size=2048" /usr/local/bin/kibana-docker --optimize
COPY ./config/custom_welcome /tmp/custom_welcome COPY ./config/custom_welcome /tmp/custom_welcome
COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./ COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
@@ -50,7 +49,7 @@ RUN chmod +x ./welcome_wazuh.sh
ARG CHANGE_WELCOME="true" ARG CHANGE_WELCOME="true"
RUN ./welcome_wazuh.sh RUN ./welcome_wazuh.sh
COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/optimize/wazuh/config/wazuh.yml COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml
COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./ COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
RUN chmod +x ./wazuh_app_config.sh RUN chmod +x ./wazuh_app_config.sh

View File

@@ -6,7 +6,7 @@ wazuh_port="${API_PORT:-55000}"
api_username="${API_USERNAME:-wazuh-wui}" api_username="${API_USERNAME:-wazuh-wui}"
api_password="${API_PASSWORD:-wazuh-wui}" api_password="${API_PASSWORD:-wazuh-wui}"
kibana_config_file="/usr/share/kibana/optimize/wazuh/config/wazuh.yml" kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml"
declare -A CONFIG_MAP=( declare -A CONFIG_MAP=(
[pattern]=$PATTERN [pattern]=$PATTERN

View File

@@ -8,7 +8,7 @@ then
echo "Set custom welcome styles" echo "Set custom welcome styles"
cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs
cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/optimize/bundles/light_theme.style.css cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css
cp -f /tmp/custom_welcome/*svg /usr/share/kibana/optimize/bundles/ cp -f /tmp/custom_welcome/*svg /usr/share/kibana/src/core/server/core_app/assets/
fi fi

64
kibana/Dockerfile Normal file
View File

@@ -0,0 +1,64 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM docker.elastic.co/kibana/kibana:7.10.2
USER kibana
ARG ELASTIC_VERSION=7.10.2
ARG WAZUH_VERSION=4.1.0
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana
RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip
ENV PATTERN="" \
CHECKS_PATTERN="" \
CHECKS_TEMPLATE="" \
CHECKS_API="" \
CHECKS_SETUP="" \
EXTENSIONS_PCI="" \
EXTENSIONS_GDPR="" \
EXTENSIONS_HIPAA="" \
EXTENSIONS_NIST="" \
EXTENSIONS_TSC="" \
EXTENSIONS_AUDIT="" \
EXTENSIONS_OSCAP="" \
EXTENSIONS_CISCAT="" \
EXTENSIONS_AWS="" \
EXTENSIONS_GCP="" \
EXTENSIONS_VIRUSTOTAL="" \
EXTENSIONS_OSQUERY="" \
EXTENSIONS_DOCKER="" \
APP_TIMEOUT="" \
API_SELECTOR="" \
IP_SELECTOR="" \
IP_IGNORE="" \
WAZUH_MONITORING_ENABLED="" \
WAZUH_MONITORING_FREQUENCY="" \
WAZUH_MONITORING_SHARDS="" \
WAZUH_MONITORING_REPLICAS="" \
ADMIN_PRIVILEGES="" \
XPACK_CANVAS="true" \
XPACK_LOGS="true" \
XPACK_INFRA="true" \
XPACK_ML="true" \
XPACK_DEVTOOLS="true" \
XPACK_MONITORING="true" \
XPACK_APM="true"
WORKDIR /
USER kibana
COPY --chown=kibana:kibana config/entrypoint.sh ./entrypoint.sh
RUN chmod 755 ./entrypoint.sh
RUN printf "\nserver.defaultRoute: /app/wazuh\n" >> /usr/share/kibana/config/kibana.yml
COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml
COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
RUN chmod +x ./wazuh_app_config.sh
COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
RUN chmod +x ./kibana_settings.sh
COPY --chown=kibana:kibana ./config/xpack_config.sh ./
RUN chmod +x ./xpack_config.sh
ENTRYPOINT ./entrypoint.sh

View File

@@ -0,0 +1,60 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
set -e
##############################################################################
# Waiting for elasticsearch
##############################################################################
if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
export el_url="http://elasticsearch:9200"
else
export el_url="${ELASTICSEARCH_URL}"
fi
if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
export auth=""
else
export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k"
fi
until curl -XGET $el_url ${auth}; do
>&2 echo "Elastic is unavailable - sleeping"
sleep 5
done
sleep 2
>&2 echo "Elasticsearch is up."
##############################################################################
# Waiting for wazuh alerts template
##############################################################################
strlen=0
while [[ $strlen -eq 0 ]]
do
template=$(curl ${auth} $el_url/_cat/templates/wazuh -s)
strlen=${#template}
>&2 echo "Wazuh alerts template not loaded - sleeping."
sleep 2
done
sleep 2
>&2 echo "Wazuh alerts template is loaded."
./xpack_config.sh
./wazuh_app_config.sh
sleep 5
./kibana_settings.sh &
sleep 2
/usr/local/bin/kibana-docker

View File

@@ -0,0 +1,79 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
WAZUH_MAJOR=4
##############################################################################
# Wait for the Kibana API to start. It is necessary to do it in this container
# because the others are running Elastic Stack and we can not interrupt them.
#
# The following actions are performed:
#
# Add the wazuh alerts index as default.
# Set the Discover time interval to 24 hours instead of 15 minutes.
# Do not ask user to help providing usage statistics to Elastic.
##############################################################################
##############################################################################
# Customize elasticsearch ip
##############################################################################
sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
if [ "$KIBANA_INDEX" != "" ]; then
if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
fi
echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
fi
kibana_proto="http"
if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
kibana_proto="https"
if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
fi
echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
fi
# Add auth headers if required
if [ "$ELASTICSEARCH_USERNAME" != "" ] && [ "$ELASTICSEARCH_PASSWORD" != "" ]; then
curl_auth="-u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD"
fi
while [[ "$(curl $curl_auth -XGET -I -s -o /dev/null -w ''%{http_code}'' -k $kibana_proto://127.0.0.1:5601/status)" != "200" ]]; do
echo "Waiting for Kibana API. Sleeping 5 seconds"
sleep 5
done
# Prepare index selection.
echo "Kibana API is running"
default_index="/tmp/default_index.json"
cat > ${default_index} << EOF
{
"changes": {
"defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
}
}
EOF
sleep 5
# Add the wazuh alerts index as default.
curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
rm -f ${default_index}
sleep 5
# Configuring Kibana TimePicker.
curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}'
sleep 5
# Do not ask user to help providing usage statistics to Elastic
curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
echo "End settings"

162
kibana/config/wazuh.yml Normal file
View File

@@ -0,0 +1,162 @@
---
#
# Wazuh app - App configuration file
# Copyright (C) 2015-2021 Wazuh, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-kibana-app
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api : true
#checks.setup : true
#checks.metaFields: true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci : true
#extensions.gdpr : true
#extensions.hipaa : true
#extensions.nist : true
#extensions.tsc : true
#extensions.audit : true
#extensions.oscap : false
#extensions.ciscat : false
#extensions.aws : false
#extensions.gcp : false
#extensions.virustotal: false
#extensions.osquery : false
#extensions.docker : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# -------------------------------- API selector --------------------------------
#
# Defines if the user is allowed to change the selected
# API directly from the Wazuh app top menu.
# Default: true
#api.selector: true
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# -------------------------------- X-Pack RBAC ---------------------------------
#
# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
# Default: enabled
#xpack.rbac.enabled: true
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-*
#
# --------------------------------- wazuh-cron ----------------------------------
#
# Customize the index prefix of predefined jobs
# This change is not retroactive, if you change it new indexes will be created
# cron.prefix: test
#
# ------------------------------ wazuh-statistics -------------------------------
#
# Custom setting to enable/disable statistics tasks.
#cron.statistics.status: true
#
# Enter the ID of the APIs you want to save data from, leave this empty to run
# the task on all configured APIs
#cron.statistics.apis: []
#
# Define the frequency of task execution using cron schedule expressions
#cron.statistics.interval: 0 0 * * * *
#
# Define the name of the index in which the documents are to be saved.
#cron.statistics.index.name: statistics
#
# Define the interval in which the index will be created
#cron.statistics.index.creation: w
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ---------------------------- Hide manager alerts ------------------------------
# Hide the alerts of the manager in all dashboards and discover
#hideManagerAlerts: false
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
# -------------------------------- Enrollment DNS -------------------------------
# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
# Default value: ''
#enrollment.dns: ''
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
# - <id>:
# url: http(s)://<url>
# port: <port>
# username: <username>
# password: <password>

View File

@@ -0,0 +1,64 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
wazuh_url="${WAZUH_API_URL:-https://wazuh}"
wazuh_port="${API_PORT:-55000}"
api_username="${API_USERNAME:-wazuh-wui}"
api_password="${API_PASSWORD:-wazuh-wui}"
kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml"
declare -A CONFIG_MAP=(
[pattern]=$PATTERN
[checks.pattern]=$CHECKS_PATTERN
[checks.template]=$CHECKS_TEMPLATE
[checks.api]=$CHECKS_API
[checks.setup]=$CHECKS_SETUP
[extensions.pci]=$EXTENSIONS_PCI
[extensions.gdpr]=$EXTENSIONS_GDPR
[extensions.hipaa]=$EXTENSIONS_HIPAA
[extensions.nist]=$EXTENSIONS_NIST
[extensions.tsc]=$EXTENSIONS_TSC
[extensions.audit]=$EXTENSIONS_AUDIT
[extensions.oscap]=$EXTENSIONS_OSCAP
[extensions.ciscat]=$EXTENSIONS_CISCAT
[extensions.aws]=$EXTENSIONS_AWS
[extensions.gcp]=$EXTENSIONS_GCP
[extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
[extensions.osquery]=$EXTENSIONS_OSQUERY
[extensions.docker]=$EXTENSIONS_DOCKER
[timeout]=$APP_TIMEOUT
[api.selector]=$API_SELECTOR
[ip.selector]=$IP_SELECTOR
[ip.ignore]=$IP_IGNORE
[wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
[wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
[wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
[wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
[admin]=$ADMIN_PRIVILEGES
)
for i in "${!CONFIG_MAP[@]}"
do
if [ "${CONFIG_MAP[$i]}" != "" ]; then
sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
fi
done
CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
grep -q 1513629884013 $kibana_config_file
_config_exists=$?
if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
cat << EOF >> $kibana_config_file
hosts:
- 1513629884013:
url: $wazuh_url
port: $wazuh_port
username: $api_username
password: $api_password
EOF
else
echo "Wazuh APP already configured"
fi

View File

@@ -0,0 +1,35 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
kibana_config_file="/usr/share/kibana/config/kibana.yml"
if grep -Fq "#xpack features" "$kibana_config_file";
then
declare -A CONFIG_MAP=(
[xpack.apm.ui.enabled]=$XPACK_APM
[xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
[xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
[xpack.ml.enabled]=$XPACK_ML
[xpack.canvas.enabled]=$XPACK_CANVAS
[xpack.infra.enabled]=$XPACK_INFRA
[xpack.monitoring.enabled]=$XPACK_MONITORING
[console.enabled]=$XPACK_DEVTOOLS
)
for i in "${!CONFIG_MAP[@]}"
do
if [ "${CONFIG_MAP[$i]}" != "" ]; then
sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
fi
done
else
echo "
#xpack features
xpack.apm.ui.enabled: $XPACK_APM
xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
xpack.ml.enabled: $XPACK_ML
xpack.canvas.enabled: $XPACK_CANVAS
xpack.infra.enabled: $XPACK_INFRA
xpack.monitoring.enabled: $XPACK_MONITORING
console.enabled: $XPACK_DEVTOOLS
" >> $kibana_config_file
fi

View File

@@ -3,7 +3,7 @@ version: '3.7'
services: services:
wazuh-master: wazuh-master:
image: wazuh/wazuh-odfe:4.0.4_1.11.0 image: wazuh/wazuh-odfe:4.1.0
hostname: wazuh-master hostname: wazuh-master
restart: always restart: always
ports: ports:
@@ -38,7 +38,7 @@ services:
- ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh-worker: wazuh-worker:
image: wazuh/wazuh-odfe:4.0.4_1.11.0 image: wazuh/wazuh-odfe:4.1.0
hostname: wazuh-worker hostname: wazuh-worker
restart: always restart: always
environment: environment:
@@ -67,7 +67,7 @@ services:
- ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
elasticsearch: elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.12.0
hostname: elasticsearch hostname: elasticsearch
restart: always restart: always
ports: ports:
@@ -90,7 +90,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
elasticsearch-2: elasticsearch-2:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.12.0
hostname: elasticsearch-2 hostname: elasticsearch-2
restart: always restart: always
environment: environment:
@@ -111,7 +111,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
elasticsearch-3: elasticsearch-3:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.12.0
hostname: elasticsearch-3 hostname: elasticsearch-3
restart: always restart: always
environment: environment:
@@ -132,7 +132,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
kibana: kibana:
image: wazuh/wazuh-kibana-odfe:4.0.4_1.11.0 image: wazuh/wazuh-kibana-odfe:4.1.0
hostname: kibana hostname: kibana
restart: always restart: always
ports: ports:

View File

@@ -1,8 +1,9 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM centos:7 FROM centos:7
ARG FILEBEAT_VERSION=7.9.1 ARG FILEBEAT_CHANNEL=filebeat-oss
ARG WAZUH_VERSION=4.0.4-1 ARG FILEBEAT_VERSION=7.10.0
ARG WAZUH_VERSION=4.1.0-1
ARG TEMPLATE_VERSION="master" ARG TEMPLATE_VERSION="master"
ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz" ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
@@ -16,12 +17,14 @@ RUN yum --enablerepo=updates clean metadata && \
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \ sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \
yum clean all && rm -rf /var/cache/yum yum clean all && rm -rf /var/cache/yum
RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm &&\ RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
rpm -i filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm rpm -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm
RUN curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module RUN curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
ARG S6_VERSION="v2.1.0.2" RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss
ARG S6_VERSION="v2.2.0.3"
RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-o /tmp/s6-overlay-amd64.tar.gz && \ -o /tmp/s6-overlay-amd64.tar.gz && \
tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \ tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \

View File

@@ -102,6 +102,16 @@ EOF
fi fi
} }
function_entrypoint_scripts() {
# It will run every .sh script located in entrypoint-scripts folder in lexicographical order
if [ -d "/entrypoint-scripts/" ]
then
for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
bash "$script"
done
fi
}
# Migrate data from /wazuh-migration volume # Migrate data from /wazuh-migration volume
function_wazuh_migration function_wazuh_migration
@@ -109,5 +119,8 @@ function_wazuh_migration
# create API custom user # create API custom user
function_create_custom_user function_create_custom_user
# run entrypoint scripts
function_entrypoint_scripts
# Start Wazuh # Start Wazuh
/var/ossec/bin/ossec-control start /var/ossec/bin/ossec-control start

186
xpack-compose.yml Normal file
View File

@@ -0,0 +1,186 @@
# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh:
image: wazuh/wazuh:4.1.0
hostname: wazuh-manager
restart: always
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=none
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt
- SSL_CERTIFICATE=/etc/ssl/wazuh.crt
- SSL_KEY=/etc/ssl/wazuh.key
volumes:
- ossec_api_configuration:/var/ossec/api/configuration
- ossec_etc:/var/ossec/etc
- ossec_logs:/var/ossec/logs
- ossec_queue:/var/ossec/queue
- ossec_var_multigroups:/var/ossec/var/multigroups
- ossec_integrations:/var/ossec/integrations
- ossec_active_response:/var/ossec/active-response/bin
- ossec_agentless:/var/ossec/agentless
- ossec_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- ./xpack/ca/ca.crt:/etc/ssl/ca.crt
- ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt
- ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch
restart: always
ports:
- "9200:9200"
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch2:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch2
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch2
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch3:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch3
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch3
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt
kibana:
image: wazuh/wazuh-kibana:4.1.0
hostname: kibana
restart: always
ports:
- 443:5601
environment:
- SERVERNAME=localhost
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=SecretPassword
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTICSEARCH_HOSTS=https://elasticsearch:9200
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt
- SERVER_SSL_ENABLED=true
- XPACK_SECURITY_ENABLED=true
- SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key
- SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt
volumes:
- ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt
- ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key
- ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt
depends_on:
- elasticsearch
links:
- elasticsearch:elasticsearch
- wazuh:wazuh
volumes:
ossec_api_configuration:
ossec_etc:
ossec_logs:
ossec_queue:
ossec_var_multigroups:
ossec_integrations:
ossec_active_response:
ossec_agentless:
ossec_wodles:
filebeat_etc:
filebeat_var:

192
xpack-from-sources.yml Normal file
View File

@@ -0,0 +1,192 @@
# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh:
build:
context: wazuh-odfe/
args:
- FILEBEAT_CHANNEL=filebeat
- FILEBEAT_VERSION=7.10.2
image: wazuh/wazuh:4.1.0
hostname: wazuh-manager
restart: always
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=none
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt
- SSL_CERTIFICATE=/etc/ssl/wazuh.crt
- SSL_KEY=/etc/ssl/wazuh.key
volumes:
- ossec_api_configuration:/var/ossec/api/configuration
- ossec_etc:/var/ossec/etc
- ossec_logs:/var/ossec/logs
- ossec_queue:/var/ossec/queue
- ossec_var_multigroups:/var/ossec/var/multigroups
- ossec_integrations:/var/ossec/integrations
- ossec_active_response:/var/ossec/active-response/bin
- ossec_agentless:/var/ossec/agentless
- ossec_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- ./xpack/ca/ca.crt:/etc/ssl/ca.crt
- ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt
- ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch
restart: always
ports:
- "9200:9200"
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch2:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch2
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch2
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch3:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch3
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch3
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt
kibana:
build: kibana/
image: wazuh/wazuh-kibana:4.1.0
hostname: kibana
restart: always
ports:
- 443:5601
environment:
- SERVERNAME=localhost
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=SecretPassword
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTICSEARCH_HOSTS=https://elasticsearch:9200
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt
- SERVER_SSL_ENABLED=true
- XPACK_SECURITY_ENABLED=true
- SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key
- SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt
volumes:
- ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt
- ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key
- ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt
depends_on:
- elasticsearch
links:
- elasticsearch:elasticsearch
- wazuh:wazuh
volumes:
ossec_api_configuration:
ossec_etc:
ossec_logs:
ossec_queue:
ossec_var_multigroups:
ossec_integrations:
ossec_active_response:
ossec_agentless:
ossec_wodles:
filebeat_etc:
filebeat_var:

35
xpack/instances.yml Normal file
View File

@@ -0,0 +1,35 @@
instances:
- name: elasticsearch
dns:
- elasticsearch
- localhost
ip:
- 127.0.0.1
- name: elasticsearch2
dns:
- elasticsearch2
- localhost
ip:
- 127.0.0.1
- name: elasticsearch3
dns:
- elasticsearch3
- localhost
ip:
- 127.0.0.1
- name: kibana
dns:
- kibana
- localhost
ip:
- 127.0.0.1
- name: wazuh
dns:
- wazuh
- localhost
ip:
- 127.0.0.1