Compare commits

..

104 Commits

Author SHA1 Message Date
José Fernández Aguilera
5cabaa4700 Merge pull request #553 from wazuh/10842-release-4.2.5
Update release 4.2.5
2021-11-15 20:12:48 +01:00
vcerenu
603e48237b Bump release 4.2.5 2021-11-15 11:48:03 -03:00
vcerenu
71628e1575 Bump release 4.2.5 2021-11-15 11:47:20 -03:00
vcerenu
a5d13c9fc6 Bump release 4.2.5 2021-11-15 10:35:40 -03:00
Gonzalo Acuña
a9442d7345 Merge pull request #544 from wazuh/507-permanent-folder
Fix directory problem in permanent_data
2021-11-05 08:28:08 -03:00
vcerenu
f02697786c fix directory problem in permanent_data 2021-11-04 16:00:09 -03:00
Gonzalo Acuña
d530faa8f3 Merge pull request #543 from wazuh/507-permanent-folder
Add /var/ossec/logs/archives to permanent_data
2021-11-04 12:16:05 -03:00
vcerenu
898f699d85 507 - add /var/ossec/logs/archives to permanent_data 2021-11-04 11:05:04 -03:00
Gonzalo Acuña
4ebeaba873 Merge pull request #538 from wazuh/535-release-4.2.4
Update release 4.2.4
2021-10-20 10:09:52 -03:00
vcerenu
aa59a302c3 Update release 4.2.4 2021-10-19 16:37:13 -03:00
Gonzalo Acuña
67d92fc992 Merge pull request #537 from wazuh/535-release-4.2.4
Release v4.2.4
2021-10-18 15:28:34 -03:00
vcerenu
fbe7a0a571 update release 4.2.4 2021-10-14 16:39:41 -03:00
vcerenu
ffffe5539a update release 4.2.4 2021-10-14 16:23:43 -03:00
José Fernández Aguilera
d46ce7aee3 Merge pull request #530 from wazuh/529-release-423
Release v4.2.3
2021-10-07 15:54:45 +02:00
vcerenu
4d0b06b91e bump release 4.2.3 2021-10-06 08:38:25 -03:00
vcerenu
391b5d237c bump release 4.2.3 2021-10-05 12:57:25 -03:00
Alberto Rodríguez
e99ba259e0 Added util.py to permanent data 2021-09-23 20:00:03 +02:00
Alberto Rodríguez
f00245007d Merge pull request #516 from wazuh/4.2.2
Release v4.2.2
2021-09-15 16:50:12 +02:00
vcerenu
084407f9c9 Update 4.2.2 2021-09-15 10:55:43 -03:00
vcerenu
f0ebabad89 Update 4.2.2 2021-09-15 10:51:19 -03:00
Alberto Rodríguez
afd70ff5f9 Merge pull request #513 from wazuh/4.2.1
Release v4.2.1
2021-09-14 15:12:06 +02:00
vcerenu
61f3e080a3 Update 4.2.1 2021-09-14 10:08:48 -03:00
vcerenu
2dd9fdfa99 Update 4.2.1 2021-09-14 10:03:16 -03:00
vcerenu
daaac09c9c Update 4.2.1 2021-09-13 15:21:53 -03:00
vcerenu
8d0dd5baeb Update 4.2.1 2021-09-09 11:13:04 -03:00
vcerenu
9e9de07322 Update 4.2.1 2021-09-09 09:23:36 -03:00
José Fernández Aguilera
6ed79996af Merge pull request #509 from wazuh/fix-4.2-upgrade
Fix 4.2 upgrade
2021-09-03 11:37:17 +02:00
dfolcha
413dd71d44 Remove -r flag 2021-09-03 09:16:20 +02:00
dfolcha
68bc08f78f Add function to rename files and directories 2021-09-02 17:05:23 +02:00
dfolcha
6da1b19698 Exclude queue/ossec from volume 2021-09-02 15:12:33 +02:00
José Fernández Aguilera
750fe5ffe8 Merge pull request #504 from wazuh/update-4.2
Update AR files
2021-08-27 12:18:23 +02:00
dfolcha
137f0ba88f Update goss tests 2021-08-27 12:11:00 +02:00
dfolcha
25cb1fa872 Fix wrong OD version 2021-08-27 12:01:58 +02:00
dfolcha
8a01495968 Update AR files 2021-08-27 10:47:45 +02:00
Alberto Rodríguez
1ed0bc8e01 Merge pull request #503 from wazuh/update-4.2
Update 4.2
2021-08-26 16:17:13 +02:00
dfolcha
0699c8fe21 Add admin key pair to production development 2021-08-26 15:08:18 +02:00
Alberto R
64c61bcdbf Fixed mode Kibana settings 2021-06-28 23:35:30 +02:00
Alberto Rodríguez
5074eb0b44 Merge pull request #479 from wazuh/476-update-4.2
Bump ODFE 3.13.2 on Wazuh 4.2.0
2021-05-24 14:03:33 +02:00
José Fernández
c8b8e8b134 Bump to ODFE 1.13.2 2021-05-24 13:01:47 +02:00
José Fernández
fc54288a0d Update README 2021-05-24 11:45:07 +02:00
Alberto Rodríguez
09731ec148 Merge pull request #473 from wazuh/457-nginx-conf-readme-4.2
457: Broken link fix and removed deprecated information at README
2021-04-29 14:35:31 +02:00
jcruzlp
2b9e1a6f89 Removed unussed basic auth 2021-04-27 13:39:14 +02:00
jcruzlp
5550edb4ae Fixed broken link 2021-04-27 13:39:13 +02:00
VictorMorenoJimenez
45e08437fc Change ossec-control to wazuh-control 2021-04-15 15:57:48 +02:00
Alberto Rodríguez
1cf4376e3b Merge pull request #461 from wazuh/feature-name-change
Feature name change
2021-04-13 17:27:20 +02:00
VictorMorenoJimenez
3c1175b0a0 Bump to v4.2.0 2021-04-13 16:44:28 +02:00
Victor Moreno Jimenez
1dad6eb83e Bump to v4.1.4 2021-04-13 16:44:28 +02:00
Victor Moreno Jimenez
10a02f88fa Bump to 4.1.3 2021-04-13 16:44:27 +02:00
Manuel Gutierrez
67fd91da9b Bump to 4.1.1 2021-04-13 16:44:27 +02:00
Manuel Gutierrez
c146068138 Add xpack-from-sources 2021-04-13 16:44:27 +02:00
Manuel Gutierrez
5fa1d1eeb6 Update kibana xpack paths 2021-04-13 16:44:26 +02:00
Manuel Gutierrez
8a93c8fe3a Fix curl ssl check 2021-04-13 16:44:26 +02:00
Manuel Gutierrez
ed5f8c0816 Fix elastic version 2021-04-13 16:44:26 +02:00
Manuel Gutierrez
02965be924 Fix changelog 2021-04-13 16:44:25 +02:00
Manuel Gutierrez
ad9aa18966 Bump images on prod cluster 2021-04-13 16:44:25 +02:00
Manuel Gutierrez
21f37d6765 Update changelog 2021-04-13 16:44:25 +02:00
Manuel Gutierrez
01f8dfc46e Update xpack compose 2021-04-13 16:44:24 +02:00
Manuel Gutierrez
c0a65c4ba6 Update Goss tests 2021-04-13 16:44:24 +02:00
Manuel Gutierrez
63a32590b0 Bump odfe images 2021-04-13 16:44:24 +02:00
Manuel Gutierrez
b76adb084d Bump xpack images 2021-04-13 16:44:23 +02:00
Manuel Gutierrez
f23f7fafab Update paths 2021-04-13 16:44:23 +02:00
Manuel Gutierrez
fceb9f0e07 Bump versions and update path 2021-04-13 16:44:23 +02:00
Manuel Gutierrez
7ddc4daed1 Bump versions 2021-04-13 16:44:22 +02:00
Manuel Gutierrez
574a0147ea Update compatibility matrix 2021-04-13 16:44:22 +02:00
Manuel Gutierrez
2f683e43c6 Bump odfe version 2021-04-13 16:44:22 +02:00
Manuel Gutierrez
6b2780e221 Update version 2021-04-13 16:44:21 +02:00
Manuel Gutierrez
4cc0eeea2e Add goss binary for health checks 2021-04-13 16:44:21 +02:00
Manuel Gutierrez
249c1adb8c Remove dev tag from version 2021-04-13 16:44:21 +02:00
Manuel Gutierrez
a4646f388a Rename cert generator container name 2021-04-13 16:44:20 +02:00
Manuel Gutierrez
6d231cea90 Add generate-elasticsearch-certs.yml and instances.yml 2021-04-13 16:44:20 +02:00
Manuel Gutierrez
b45f09fff5 Update xpack-compose 2021-04-13 16:44:20 +02:00
Manuel Gutierrez
15d65820ae Remove kibana_ip 2021-04-13 16:44:19 +02:00
Manuel Gutierrez
5d43a0acf8 Use kibana_proto 2021-04-13 16:44:19 +02:00
Manuel Gutierrez
75034895ce Fix curl auth params 2021-04-13 16:44:18 +02:00
Manuel Gutierrez
f848aa9600 Bump copyright 2021-04-13 16:44:18 +02:00
Manuel Gutierrez
09153da593 Bump to 4.0.4 2021-04-13 16:44:18 +02:00
Manuel Gutierrez
3428f982f3 Add sample compose for xpack variant 2021-04-13 16:44:17 +02:00
Manuel Gutierrez
c53a0f86f6 Remove duplicated xpack_config exec 2021-04-13 16:44:17 +02:00
Manuel Gutierrez
ffb4395da0 Set Wazuh app as default route 2021-04-13 16:44:17 +02:00
Manuel Gutierrez
31dbb7fc20 Remove useless ARG 2021-04-13 16:44:16 +02:00
Manuel Gutierrez
24b2c4bc4b Backport kibana-xpack image to v4 2021-04-13 16:44:16 +02:00
Manuel Gutierrez
59ccbbee8e Use an ARG to select filebeat channel 2021-04-13 16:44:16 +02:00
Manuel Gutierrez
cdf31d7a08 Re-enable entrypoint scripts 2021-04-13 16:44:15 +02:00
Manuel Gutierrez
bb8cbc6d15 Bump s6-overlay version 2021-04-13 16:44:15 +02:00
Manuel Gutierrez
9656c348a2 Add link to changelog 2021-04-13 16:44:15 +02:00
Manuel Gutierrez
2b5c950c48 Bump goss test 2021-04-13 16:44:14 +02:00
Manuel Gutierrez
504d5b8cc4 Bump year 2021-04-13 16:44:14 +02:00
Manuel Gutierrez
1eb94b82ee Bump versions 2021-04-13 16:44:14 +02:00
Manuel Gutierrez
6228d3077d Add tests for Kibana customizations 2021-04-13 16:44:13 +02:00
Manuel Gutierrez
01563af39a Execute tests for kibana image 2021-04-13 16:44:13 +02:00
Manuel Gutierrez
1441e570a8 Add Goss tests for Kibana image 2021-04-13 16:44:13 +02:00
Manuel Gutierrez
20ebf9b467 Port all tests from Ansible repo 2021-04-13 16:44:12 +02:00
Manuel Gutierrez
1460c07b92 Include GOSS_SLEEP 2021-04-13 16:44:12 +02:00
Manuel Gutierrez
ae1611e07c Fix yaml syntax 2021-04-13 16:44:12 +02:00
Manuel Gutierrez
5109a35e6a Add Goss Actions 2021-04-13 16:44:11 +02:00
Manuel Gutierrez
94c0307f00 Add goss verifications 2021-04-13 16:44:11 +02:00
VictorMorenoJimenez
102d6ced90 Bump to v4.2.0 2021-04-13 16:39:14 +02:00
Alberto Rodríguez
60c5b53844 Merge pull request #456 from wazuh/bump-4.1.4
Bump to v4.1.4
2021-03-26 15:11:11 +01:00
Victor Moreno Jimenez
653a3f3237 Bump to v4.1.4 2021-03-26 08:59:23 +01:00
Alberto Rodríguez
89754be5cf Merge pull request #455 from wazuh/bump-4.1.3
Bump to 4.1.3
2021-03-23 18:09:31 +01:00
Victor Moreno Jimenez
9694d59016 Bump to 4.1.3 2021-03-23 16:10:06 +01:00
Manuel Gutierrez
eed5b2a454 Merge pull request #422 from wazuh/feature-tools-rename
Adopt Wazuh standard on tool names
2020-12-15 19:14:44 +01:00
Manuel Gutierrez
0da4a86f07 Update references to authd 2020-12-15 15:21:34 +01:00
Manuel Gutierrez
bb85a9aef2 Update script name 2020-12-15 13:23:34 +01:00
26 changed files with 170 additions and 90 deletions

View File

@@ -6,7 +6,7 @@ file:
group: root
filetype: file
contains: []
/var/ossec/bin/ossec-control:
/var/ossec/bin/wazuh-control:
exists: true
mode: "0750"
owner: root
@@ -52,11 +52,11 @@ package:
filebeat:
installed: true
versions:
- 7.10.0
- 7.10.2
wazuh-manager:
installed: true
versions:
- 4.1.2
- 4.2.5
port:
tcp:1514:
listening: true
@@ -95,17 +95,17 @@ group:
process:
filebeat:
running: true
ossec-analysisd:
wazuh-analysisd:
running: true
ossec-authd:
wazuh-authd:
running: true
ossec-execd:
wazuh-execd:
running: true
ossec-monitord:
wazuh-monitord:
running: true
ossec-remoted:
wazuh-remoted:
running: true
ossec-syscheckd:
wazuh-syscheckd:
running: true
s6-supervise:
running: true

View File

@@ -1,6 +1,53 @@
# Change Log
All notable changes to this project will be documented in this file.
## Wazuh Docker v4.2.5
### Added
- Update Wazuh to version [4.2.5](https://github.com/wazuh/wazuh/blob/v4.2.5/CHANGELOG.md#v425)
## Wazuh Docker v4.2.4
### Added
- Update Wazuh to version [4.2.4](https://github.com/wazuh/wazuh/blob/v4.2.4/CHANGELOG.md#v424)
## Wazuh Docker v4.2.3
### Added
- Update Wazuh to version [4.2.3](https://github.com/wazuh/wazuh/blob/v4.2.3/CHANGELOG.md#v423)
## Wazuh Docker v4.2.2
### Added
- Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422)
## Wazuh Docker v4.2.1
### Added
- Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
## Wazuh Docker v4.2.0
### Added
- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
## Wazuh Docker v4.1.5
### Added
- Update Wazuh to version [4.1.5](https://github.com/wazuh/wazuh/blob/v4.1.5/CHANGELOG.md#v415)
- Update ODFE compatibility to version 1.13.2
## Wazuh Docker v4.1.4
### Added
- Update Wazuh to version [4.1.4](https://github.com/wazuh/wazuh/blob/v4.1.4/CHANGELOG.md#v414)
## Wazuh Docker v4.1.3
### Added
- Update Wazuh to version [4.1.3](https://github.com/wazuh/wazuh/blob/v4.1.3/CHANGELOG.md#v413)
## Wazuh Docker v4.1.2
### Added

View File

@@ -22,11 +22,11 @@ In addition, a docker-compose file is provided to launch the containers mentione
* [Docker hub](https://hub.docker.com/u/wazuh)
### Setup SSL certificate and Basic Authentication
### Setup SSL certificate
Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth.
Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
Documentation on how to provide these two can be found at [nginx_conf/README.md](nginx_conf/README.md).
Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
## Environment Variables
@@ -146,29 +146,30 @@ ADMIN_PRIVILEGES=true # App privileges
## Branches
* `4.0` branch on correspond to the latest Wazuh-Docker stable version.
* `master` branch contains the latest code, be aware of possible bugs on this branch.
* `Wazuh.Version` (for example 3.13.1_7.8.0 or 4.1.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
* `stable` branch on correspond to the last Wazuh stable version.
## Compatibility Matrix
| Wazuh version | ODFE | XPACK |
|---------------|---------|--------|
| v4.2.5 | 1.13.2 | 7.11.2 |
| v4.2.4 | 1.13.2 | 7.11.2 |
| v4.2.3 | 1.13.2 | 7.11.2 |
| v4.2.2 | 1.13.2 | 7.11.2 |
| v4.2.1 | 1.13.2 | 7.11.2 |
| v4.2.0 | 1.13.2 | 7.10.2 |
| v4.1.5 | 1.13.2 | 7.10.2 |
| v4.1.4 | 1.12.0 | 7.10.2 |
| v4.1.3 | 1.12.0 | 7.10.2 |
| v4.1.2 | 1.12.0 | 7.10.2 |
|---------------|---------|--------|
| v4.1.1 | 1.12.0 | 7.10.2 |
|---------------|---------|--------|
| v4.1.0 | 1.12.0 | 7.10.2 |
|---------------|---------|--------|
| v4.0.4 | 1.11.0 | |
|---------------|---------|--------|
| v4.0.3 | 1.11.0 | |
|---------------|---------|--------|
| v4.0.2 | 1.11.0 | |
|---------------|---------|--------|
| v4.0.1 | 1.11.0 | |
|---------------|---------|--------|
| v4.0.0 | 1.10.1 | |
## Credits and Thank you

View File

@@ -1,2 +1,2 @@
WAZUH-DOCKER_VERSION="4.1.2"
REVISION="41100"
WAZUH-DOCKER_VERSION="4.2.5"
REVISION="40220"

View File

@@ -31,7 +31,7 @@ services:
- filebeat_var:/var/lib/filebeat
elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.12.0
image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch
restart: always
ports:

View File

@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh:
image: wazuh/wazuh-odfe:4.1.2
image: wazuh/wazuh-odfe:4.2.5
hostname: wazuh-manager
restart: always
ports:
@@ -30,7 +30,7 @@ services:
- filebeat_var:/var/lib/filebeat
elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.12.0
image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch
restart: always
ports:
@@ -50,7 +50,7 @@ services:
hard: 65536
kibana:
image: wazuh/wazuh-kibana-odfe:4.1.2
image: wazuh/wazuh-kibana-odfe:4.2.5
hostname: kibana
restart: always
ports:

View File

@@ -10,7 +10,7 @@ services:
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip;
unzip config/certificates/bundle.zip -d config/certificates/;
fi;
chown -R 1000:0 /certs
chown -R 1000:0 config/certificates
'
user: "0"
working_dir: /usr/share/elasticsearch

View File

@@ -1,8 +1,8 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM amazon/opendistro-for-elasticsearch-kibana:1.12.0
FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
USER kibana
ARG ELASTIC_VERSION=7.10.0
ARG WAZUH_VERSION=4.1.2
ARG ELASTIC_VERSION=7.10.2
ARG WAZUH_VERSION=4.2.5
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana

View File

@@ -18,8 +18,6 @@ WAZUH_MAJOR=4
# Customize elasticsearch ip
##############################################################################
sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
# disable multitenancy
sed -i "s|opendistro_security.multitenancy.enabled:.*|opendistro_security.multitenancy.enabled: false|g" /usr/share/kibana/config/kibana.yml
# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
if [ "$KIBANA_INDEX" != "" ]; then
@@ -55,6 +53,6 @@ rm -f ${default_index}
sleep 5
# Configuring Kibana TimePicker.
curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}'
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\"}"}}'
echo "End settings"

View File

@@ -4,7 +4,7 @@
if [[ $CHANGE_WELCOME == "true" ]]
then
echo "Set Wazuh app as the default landing page"
echo "server.defaultRoute: /app/wazuh" >> /usr/share/kibana/config/kibana.yml
echo "server.defaultRoute: /app/wazuh?security_tenant=global" >> /usr/share/kibana/config/kibana.yml
echo "Set custom welcome styles"
cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs

View File

@@ -2,7 +2,7 @@
FROM docker.elastic.co/kibana/kibana:7.10.2
USER kibana
ARG ELASTIC_VERSION=7.10.2
ARG WAZUH_VERSION=4.1.2
ARG WAZUH_VERSION=4.2.5
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana

View File

@@ -70,7 +70,7 @@ rm -f ${default_index}
sleep 5
# Configuring Kibana TimePicker.
curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}'
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\"}"}}'
sleep 5
# Do not ask user to help providing usage statistics to Elastic

View File

@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh-master:
image: wazuh/wazuh-odfe:4.1.2
image: wazuh/wazuh-odfe:4.2.5
hostname: wazuh-master
restart: always
ports:
@@ -38,7 +38,7 @@ services:
- ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh-worker:
image: wazuh/wazuh-odfe:4.1.2
image: wazuh/wazuh-odfe:4.2.5
hostname: wazuh-worker
restart: always
environment:
@@ -67,7 +67,7 @@ services:
- ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.12.0
image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch
restart: always
ports:
@@ -86,11 +86,13 @@ services:
- ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
- ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
- ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
- ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
- ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
- ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
elasticsearch-2:
image: amazon/opendistro-for-elasticsearch:1.12.0
image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch-2
restart: always
environment:
@@ -111,7 +113,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
elasticsearch-3:
image: amazon/opendistro-for-elasticsearch:1.12.0
image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch-3
restart: always
environment:
@@ -132,7 +134,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
kibana:
image: wazuh/wazuh-kibana-odfe:4.1.2
image: wazuh/wazuh-kibana-odfe:4.2.5
hostname: kibana
restart: always
ports:

View File

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
- 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
opendistro_security.authcz.admin_dn: []
opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true

View File

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
- 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
opendistro_security.authcz.admin_dn: []
opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true

View File

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
- 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
opendistro_security.authcz.admin_dn: []
opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true

View File

@@ -9,4 +9,5 @@ then
exit
else
openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
chown -R 1000:1000 *.pem
fi

View File

@@ -27,4 +27,9 @@ nodes:
- name: filebeat
dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
dns:
- wazuh
- wazuh
clients:
- name: admin
dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
admin: true

View File

@@ -94,7 +94,7 @@
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities -->
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
@@ -104,7 +104,7 @@
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>stretch</os>
@@ -112,7 +112,7 @@
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
@@ -200,8 +200,8 @@
<global>
<white_list>127.0.0.1</white_list>
<white_list>^localhost.localdomain$</white_list>
<white_list>4.2.2.1</white_list>
<white_list>4.2.2.2</white_list>
<white_list>4.2.5.1</white_list>
<white_list>4.2.5.2</white_list>
<white_list>208.67.220.220</white_list>
</global>
@@ -307,7 +307,7 @@
<rule_dir>etc/rules</rule_dir>
</ruleset>
<!-- Configuration for ossec-authd -->
<!-- Configuration for wazuh-authd -->
<auth>
<disabled>no</disabled>
<port>1515</port>
@@ -346,4 +346,4 @@
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
</ossec_config>
</ossec_config>

View File

@@ -94,7 +94,7 @@
<ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities -->
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
@@ -104,7 +104,7 @@
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>stretch</os>
@@ -112,7 +112,7 @@
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
@@ -200,8 +200,8 @@
<global>
<white_list>127.0.0.1</white_list>
<white_list>^localhost.localdomain$</white_list>
<white_list>4.2.2.1</white_list>
<white_list>4.2.2.2</white_list>
<white_list>4.2.5.1</white_list>
<white_list>4.2.5.2</white_list>
<white_list>208.67.220.220</white_list>
</global>
@@ -307,7 +307,7 @@
<rule_dir>etc/rules</rule_dir>
</ruleset>
<!-- Configuration for ossec-authd -->
<!-- Configuration for wazuh-authd -->
<auth>
<disabled>no</disabled>
<port>1515</port>
@@ -346,4 +346,4 @@
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
</ossec_config>
</ossec_config>

View File

@@ -2,8 +2,8 @@
FROM centos:7
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.0
ARG WAZUH_VERSION=4.1.2-1
ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_VERSION=4.2.5
ARG TEMPLATE_VERSION="master"
ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
@@ -13,6 +13,7 @@ RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
COPY config/wazuh.repo /etc/yum.repos.d/wazuh.repo
RUN yum --enablerepo=updates clean metadata && \
yum upgrade -y && \
yum -y install openssl which expect openssh-clients && yum -y install wazuh-manager-${WAZUH_VERSION} -y && \
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \
yum clean all && rm -rf /var/cache/yum

View File

@@ -74,6 +74,23 @@ apply_exclusion_data() {
done
}
##############################################################################
# This function will rename in the permanent data volume every file
# contained in PERMANENT_DATA_MOVE
##############################################################################
move_data_files() {
for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
file_split=( $mov_file )
if [ -e ${file_split[0]} ]
then
print "moving ${mov_file}"
exec_cmd "mv -f ${mov_file}"
fi
done
}
##############################################################################
# This function will delete from the permanent data volume every file
# contained in PERMANENT_DATA_DEL
@@ -84,7 +101,7 @@ remove_data_files() {
if [ -e ${del_file} ]
then
print "Removing ${del_file}"
exec_cmd "rm ${del_file}"
exec_cmd "rm -f ${del_file}"
fi
done
}
@@ -94,7 +111,7 @@ remove_data_files() {
##############################################################################
create_ossec_key_cert() {
print "Creating ossec-authd key and cert"
print "Creating wazuh-authd key and cert"
exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
}
@@ -158,10 +175,13 @@ main() {
# Restore files stored in permanent data that are not permanent (i.e. internal_options.conf)
apply_exclusion_data
# Rename files stored in permanent data (i.e. queue/ossec)
move_data_files
# Remove some files in permanent_data (i.e. .template.db)
remove_data_files
# Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
# Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
if [ $AUTO_ENROLLMENT_ENABLED == true ]
then
if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]

View File

@@ -123,4 +123,4 @@ function_create_custom_user
function_entrypoint_scripts
# Start Wazuh
/var/ossec/bin/ossec-control start
/var/ossec/bin/wazuh-control start

View File

@@ -10,6 +10,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/integrations"
PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
PERMANENT_DATA[((i++))]="/var/ossec/wodles"
PERMANENT_DATA[((i++))]="/etc/filebeat"
export PERMANENT_DATA
# Files mounted in a volume that should not be permanent
@@ -20,23 +21,21 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -59,9 +58,15 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
export PERMANENT_DATA_EXCP
# Files mounted in a volume that should be deleted
i=0
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
export PERMANENT_DATA_DEL
i=0
PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
export PERMANENT_DATA_MOVE

View File

@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh:
image: wazuh/wazuh:4.1.2
image: wazuh/wazuh:4.2.5
hostname: wazuh-manager
restart: always
ports:
@@ -146,7 +146,7 @@ services:
kibana:
image: wazuh/wazuh-kibana:4.1.2
image: wazuh/wazuh-kibana:4.2.5
hostname: kibana
restart: always
ports:

View File

@@ -7,8 +7,8 @@ services:
context: wazuh-odfe/
args:
- FILEBEAT_CHANNEL=filebeat
- FILEBEAT_VERSION=7.10.2
image: wazuh/wazuh:4.1.2
- FILEBEAT_VERSION=7.11.2
image: wazuh/wazuh:4.2.5
hostname: wazuh-manager
restart: always
ports:
@@ -42,7 +42,7 @@ services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
hostname: elasticsearch
restart: always
ports:
@@ -79,7 +79,7 @@ services:
- ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch2:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
hostname: elasticsearch2
restart: always
environment:
@@ -114,7 +114,7 @@ services:
- ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch3:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
hostname: elasticsearch3
restart: always
environment:
@@ -152,7 +152,7 @@ services:
kibana:
build: kibana/
image: wazuh/wazuh-kibana:4.1.2
image: wazuh/wazuh-kibana:4.2.5
hostname: kibana
restart: always
ports: