mirror of
https://github.com/wazuh/wazuh-docker.git
synced 2025-10-24 00:23:44 +00:00
Compare commits
20 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
04389ad2ae | ||
|
bfeb4b007a | ||
|
7d06cb56ef | ||
|
|
f678aaf1e0 | ||
|
|
020031c81d | ||
|
cb0bccc9b5 | ||
|
|
65fd592d52 | ||
|
|
86fbf77aa9 | ||
|
|
8598da8100 | ||
|
|
80bfc148d0 | ||
|
|
eed0cd6930 | ||
|
|
3adb7809dd | ||
|
|
1505d063f5 | ||
|
|
446ecd86e6 | ||
|
|
ddcad44468 | ||
|
|
2c848fb3e1 | ||
|
|
3be8078248 | ||
|
4478021f28 | ||
|
|
8d8b9e1336 | ||
|
|
e1ed44d847 |
2
.github/.goss.yaml
vendored
2
.github/.goss.yaml
vendored
@@ -56,7 +56,7 @@ package:
|
||||
wazuh-manager:
|
||||
installed: true
|
||||
versions:
|
||||
- 4.3.0
|
||||
- 4.3.1
|
||||
port:
|
||||
tcp:1514:
|
||||
listening: true
|
||||
|
||||
2
.github/workflows/push.yml
vendored
2
.github/workflows/push.yml
vendored
@@ -25,7 +25,7 @@ jobs:
|
||||
version: v0.3.16
|
||||
|
||||
- name: Execute Goss tests (wazuh-odfe)
|
||||
run: dgoss run wazuh/wazuh-manager:4.3.0
|
||||
run: dgoss run wazuh/wazuh-manager:4.3.1
|
||||
env:
|
||||
GOSS_SLEEP: 30
|
||||
GOSS_FILE: .github/.goss.yaml
|
||||
@@ -1,6 +1,11 @@
|
||||
# Change Log
|
||||
All notable changes to this project will be documented in this file.
|
||||
|
||||
## Wazuh Docker v4.3.1
|
||||
### Added
|
||||
|
||||
- Update Wazuh to version [4.3.1](https://github.com/wazuh/wazuh/blob/v4.3.1/CHANGELOG.md#v431)
|
||||
|
||||
## Wazuh Docker v4.3.0
|
||||
### Added
|
||||
|
||||
|
||||
@@ -193,6 +193,7 @@ WAZUH_MONITORING_REPLICAS=0 #
|
||||
|
||||
| Wazuh version | ODFE | XPACK |
|
||||
|---------------|---------|--------|
|
||||
| v4.3.1 | | |
|
||||
| v4.3.0 | | |
|
||||
| v4.2.5 | 1.13.2 | 7.11.2 |
|
||||
| v4.2.4 | 1.13.2 | 7.11.2 |
|
||||
|
||||
4
VERSION
4
VERSION
@@ -1,2 +1,2 @@
|
||||
WAZUH-DOCKER_VERSION="4.3.0"
|
||||
REVISION="43100"
|
||||
WAZUH-DOCKER_VERSION="4.3.1"
|
||||
REVISION="40311"
|
||||
|
||||
@@ -4,7 +4,7 @@ version: '3.7'
|
||||
services:
|
||||
wazuh.manager:
|
||||
build: wazuh-manager/
|
||||
image: wazuh/wazuh-manager:4.3.0
|
||||
image: wazuh/wazuh-manager:4.3.1
|
||||
hostname: wazuh.manager
|
||||
restart: always
|
||||
ports:
|
||||
@@ -32,7 +32,7 @@ services:
|
||||
|
||||
wazuh.indexer:
|
||||
build: wazuh-indexer/
|
||||
image: wazuh/wazuh-indexer:4.3.0
|
||||
image: wazuh/wazuh-indexer:4.3.1
|
||||
hostname: wazuh.indexer
|
||||
restart: always
|
||||
ports:
|
||||
@@ -49,7 +49,7 @@ services:
|
||||
|
||||
wazuh.dashboard:
|
||||
build: wazuh-dashboard/
|
||||
image: wazuh/wazuh-dashboard:4.3.0
|
||||
image: wazuh/wazuh-dashboard:4.3.1
|
||||
hostname: wazuh.dashboard
|
||||
restart: always
|
||||
ports:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
|
||||
FROM ubuntu:focal AS builder
|
||||
|
||||
ARG WAZUH_VERSION=4.3.0
|
||||
ARG WAZUH_VERSION=4.3.1
|
||||
ARG INSTALL_DIR=/usr/share/wazuh-dashboard
|
||||
|
||||
# Update and install dependencies
|
||||
@@ -11,7 +11,7 @@ RUN apt-get update && apt install curl libcap2-bin xz-utils -y
|
||||
RUN mkdir -p $INSTALL_DIR
|
||||
|
||||
# Download and extract Wazuh dashboard base
|
||||
RUN curl -o wazuh-dashboard-base.tar.xz https://packages-dev.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-linux-x64.tar.xz && \
|
||||
RUN curl -o wazuh-dashboard-base.tar.xz https://packages.wazuh.com/stack/dashboard/base/wazuh-dashboard-base-${WAZUH_VERSION}-linux-x64.tar.xz && \
|
||||
tar -xf wazuh-dashboard-base.tar.xz --directory $INSTALL_DIR --strip-components=1
|
||||
|
||||
# Generate certificates
|
||||
@@ -19,13 +19,8 @@ COPY config/config.sh .
|
||||
COPY config/config.yml /
|
||||
RUN bash config.sh
|
||||
|
||||
# Create and configure Wazuh dashboard keystore
|
||||
RUN $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
|
||||
echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
|
||||
echo kibanaserver | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
|
||||
|
||||
# Install Wazuh App
|
||||
RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}.zip --allow-root
|
||||
RUN $INSTALL_DIR/bin/opensearch-dashboards-plugin install https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}.zip --allow-root
|
||||
|
||||
# Copy and set permissions to config files
|
||||
COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
|
||||
@@ -80,6 +75,9 @@ ENV PATTERN="" \
|
||||
WAZUH_MONITORING_SHARDS="" \
|
||||
WAZUH_MONITORING_REPLICAS=""
|
||||
|
||||
# Install dependencies
|
||||
RUN apt update && apt install -y libnss3-dev fonts-liberation libfontconfig1
|
||||
|
||||
# Create wazuh-dashboard user and group
|
||||
RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
|
||||
RUN useradd --system \
|
||||
|
||||
@@ -1,6 +1,16 @@
|
||||
#!/bin/bash
|
||||
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
|
||||
|
||||
INSTALL_DIR=/usr/share/wazuh-dashboard
|
||||
DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
|
||||
DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
|
||||
|
||||
# Create and configure Wazuh dashboard keystore
|
||||
|
||||
$INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
|
||||
echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
|
||||
echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
|
||||
|
||||
##############################################################################
|
||||
# Start Wazuh dashboard
|
||||
##############################################################################
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
server.host: 0.0.0.0
|
||||
server.port: 443
|
||||
server.port: 5601
|
||||
opensearch.hosts: https://wazuh.indexer:9200
|
||||
opensearch.ssl.verificationMode: none
|
||||
opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
|
||||
|
||||
@@ -8,7 +8,7 @@ export TARGET_DIR=${CURDIR}/debian/${NAME}
|
||||
# Package build options
|
||||
export USER=${NAME}
|
||||
export GROUP=${NAME}
|
||||
export VERSION=4.3.0
|
||||
export VERSION=4.3.1
|
||||
export LOG_DIR=/var/log/${NAME}
|
||||
export LIB_DIR=/var/lib/${NAME}
|
||||
export PID_DIR=/run/${NAME}
|
||||
@@ -22,7 +22,7 @@ export REPO_DIR=/unattended_installer
|
||||
|
||||
rm -rf ${INSTALLATION_DIR}/
|
||||
|
||||
curl -o ${INDEXER_FILE} https://packages-dev.wazuh.com/stack/indexer/base/${BASE_FILE}
|
||||
curl -o ${INDEXER_FILE} https://packages.wazuh.com/stack/indexer/base/${BASE_FILE}
|
||||
tar -xf ${INDEXER_FILE}
|
||||
|
||||
## TOOLS
|
||||
|
||||
@@ -84,9 +84,10 @@ if [[ "$(id -u)" == "0" ]]; then
|
||||
fi
|
||||
|
||||
|
||||
if [[ "$DISCOVERY" == "single-node" ]]; then
|
||||
if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
|
||||
# run securityadmin.sh for single node with CACERT, CERT and KEY parameter
|
||||
nohup /securityadmin.sh &
|
||||
touch "/var/lib/wazuh-indexer/.flag"
|
||||
fi
|
||||
|
||||
run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"
|
||||
@@ -1,7 +1,7 @@
|
||||
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
|
||||
FROM ubuntu:focal
|
||||
|
||||
ARG WAZUH_VERSION=4.3.0
|
||||
ARG WAZUH_VERSION=4.3.1
|
||||
ARG TEMPLATE_VERSION=4.3
|
||||
ARG FILEBEAT_CHANNEL=filebeat-oss
|
||||
ARG FILEBEAT_VERSION=7.10.2
|
||||
|
||||
@@ -17,7 +17,7 @@ Assuming that you have a v4.2 production deployment, perform the following steps
|
||||
**4. Spin down the 4.2 environment.**
|
||||
`docker-compose -f production-cluster.yml down`
|
||||
|
||||
**Steps 5 and 6 can be done with the volume-migrator.sh script, specifying Docker version and project name as parameters.**
|
||||
**Steps 5 and 6 can be done with the volume-migrator.sh script, specifying Docker compose version and project name as parameters.**
|
||||
|
||||
Ex: $ multi-node/volume-migrator.sh 1.25.0 multi-node
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
server.host: 0.0.0.0
|
||||
server.port: 443
|
||||
server.port: 5601
|
||||
opensearch.hosts: https://wazuh1.indexer:9200
|
||||
opensearch.ssl.verificationMode: certificate
|
||||
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
|
||||
|
||||
@@ -2,6 +2,6 @@ hosts:
|
||||
- 1513629884013:
|
||||
url: "https://wazuh.master"
|
||||
port: 55000
|
||||
username: acme-user
|
||||
username: wazuh-wui
|
||||
password: MyS3cr37P450r.*-
|
||||
run_as: false
|
||||
|
||||
@@ -3,7 +3,7 @@ version: '3.7'
|
||||
|
||||
services:
|
||||
wazuh.master:
|
||||
image: wazuh/wazuh-manager:4.3.0
|
||||
image: wazuh/wazuh-manager:4.3.1
|
||||
hostname: wazuh.master
|
||||
restart: always
|
||||
ports:
|
||||
@@ -18,7 +18,7 @@ services:
|
||||
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
|
||||
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
|
||||
- SSL_KEY=/etc/ssl/filebeat.key
|
||||
- API_USERNAME=acme-user
|
||||
- API_USERNAME=wazuh-wui
|
||||
- API_PASSWORD=MyS3cr37P450r.*-
|
||||
volumes:
|
||||
- master-wazuh-api-configuration:/var/ossec/api/configuration
|
||||
@@ -38,7 +38,7 @@ services:
|
||||
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
||||
|
||||
wazuh.worker:
|
||||
image: wazuh/wazuh-manager:4.3.0
|
||||
image: wazuh/wazuh-manager:4.3.1
|
||||
hostname: wazuh.worker
|
||||
restart: always
|
||||
environment:
|
||||
@@ -67,7 +67,7 @@ services:
|
||||
- ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
|
||||
|
||||
wazuh1.indexer:
|
||||
image: wazuh/wazuh-indexer:4.3.0
|
||||
image: wazuh/wazuh-indexer:4.3.1
|
||||
hostname: wazuh1.indexer
|
||||
restart: always
|
||||
ports:
|
||||
@@ -93,7 +93,7 @@ services:
|
||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
|
||||
|
||||
wazuh2.indexer:
|
||||
image: wazuh/wazuh-indexer:4.3.0
|
||||
image: wazuh/wazuh-indexer:4.3.1
|
||||
hostname: wazuh2.indexer
|
||||
restart: always
|
||||
environment:
|
||||
@@ -115,7 +115,7 @@ services:
|
||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
|
||||
|
||||
wazuh3.indexer:
|
||||
image: wazuh/wazuh-indexer:4.3.0
|
||||
image: wazuh/wazuh-indexer:4.3.1
|
||||
hostname: wazuh3.indexer
|
||||
restart: always
|
||||
environment:
|
||||
@@ -137,15 +137,15 @@ services:
|
||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
|
||||
|
||||
wazuh.dashboard:
|
||||
image: wazuh/wazuh-dashboard:4.3.0
|
||||
image: wazuh/wazuh-dashboard:4.3.1
|
||||
hostname: wazuh.dashboard
|
||||
restart: always
|
||||
ports:
|
||||
- 443:443
|
||||
- 443:5601
|
||||
environment:
|
||||
- OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
|
||||
- WAZUH_API_URL="https://wazuh.master"
|
||||
- API_USERNAME=acme-user
|
||||
- API_USERNAME=wazuh-wui
|
||||
- API_PASSWORD=MyS3cr37P450r.*-
|
||||
volumes:
|
||||
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
server.host: 0.0.0.0
|
||||
server.port: 443
|
||||
server.port: 5601
|
||||
opensearch.hosts: https://wazuh.indexer:9200
|
||||
opensearch.ssl.verificationMode: certificate
|
||||
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
|
||||
|
||||
@@ -2,6 +2,6 @@ hosts:
|
||||
- 1513629884013:
|
||||
url: "https://wazuh.manager"
|
||||
port: 55000
|
||||
username: acme-user
|
||||
username: wazuh-wui
|
||||
password: MyS3cr37P450r.*-
|
||||
run_as: false
|
||||
|
||||
@@ -3,7 +3,7 @@ version: '3.7'
|
||||
|
||||
services:
|
||||
wazuh.manager:
|
||||
image: wazuh/wazuh-manager:4.3.0
|
||||
image: wazuh/wazuh-manager:4.3.1
|
||||
hostname: wazuh.manager
|
||||
restart: always
|
||||
ports:
|
||||
@@ -19,7 +19,7 @@ services:
|
||||
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
|
||||
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
|
||||
- SSL_KEY=/etc/ssl/filebeat.key
|
||||
- API_USERNAME=acme-user
|
||||
- API_USERNAME=wazuh-wui
|
||||
- API_PASSWORD=MyS3cr37P450r.*-
|
||||
volumes:
|
||||
- wazuh_api_configuration:/var/ossec/api/configuration
|
||||
@@ -39,7 +39,7 @@ services:
|
||||
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
||||
|
||||
wazuh.indexer:
|
||||
image: wazuh/wazuh-indexer:4.3.0
|
||||
image: wazuh/wazuh-indexer:4.3.1
|
||||
hostname: wazuh.indexer
|
||||
restart: always
|
||||
ports:
|
||||
@@ -64,16 +64,16 @@ services:
|
||||
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/internal_users.yml
|
||||
|
||||
wazuh.dashboard:
|
||||
image: wazuh/wazuh-dashboard:4.3.0
|
||||
image: wazuh/wazuh-dashboard:4.3.1
|
||||
hostname: wazuh.dashboard
|
||||
restart: always
|
||||
ports:
|
||||
- 443:443
|
||||
- 443:5601
|
||||
environment:
|
||||
- INDEXER_USERNAME=admin
|
||||
- INDEXER_PASSWORD=SecretPassword
|
||||
- WAZUH_API_URL=https://wazuh.manager
|
||||
- API_USERNAME=acme-user
|
||||
- API_USERNAME=wazuh-wui
|
||||
- API_PASSWORD=MyS3cr37P450r.*-
|
||||
volumes:
|
||||
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
|
||||
|
||||
Reference in New Issue
Block a user