From 2c2c32e8b74268ad7bd6fd1d74134f7a64a5b8b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 18 Mar 2022 09:52:40 -0300 Subject: [PATCH 1/6] README update --- README.md | 144 +++++++++++++++++++++--------------------------------- 1 file changed, 56 insertions(+), 88 deletions(-) diff --git a/README.md b/README.md index 20947916..5b5ae345 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ In this repository you will find the containers to run: In addition, a docker-compose file is provided to launch the containers mentioned above. -* Wazuh indexer cluster. In the Wazuh indexer Dockerfile we can visualize variables to configure an Wazuh indexer Cluster. These variables are used in the file *config_cluster.sh* to set them in the *opensearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml). +* Wazuh indexer cluster. In the Wazuh indexer Dockerfile we can visualize variables to configure an Wazuh indexer Cluster. These variables are used in the file *config_cluster.sh* to set them in the *opensearch.yml* configuration file. You can see the meaning of the node variables and other cluster settings [here](https://opensearch.org/docs/latest/opensearch/cluster/). ## Documentation @@ -48,107 +48,75 @@ SSL_CERTIFICATE="" # Path of Filebeat SSL Certi SSL_KEY="" # Path of Filebeat SSL Key ``` -### Kibana -``` -PATTERN="wazuh-alerts-*" # Default index pattern to use - -CHECKS_PATTERN=true # Defines which checks must to be consider by the healthcheck -CHECKS_TEMPLATE=true # step once the Wazuh app starts. Values must to be true or false -CHECKS_API=true -CHECKS_SETUP=true - -EXTENSIONS_PCI=true # Enable PCI Extension -EXTENSIONS_GDPR=true # Enable GDPR Extension -EXTENSIONS_HIPAA=true # Enable HIPAA Extension -EXTENSIONS_NIST=true # Enable NIST Extension -EXTENSIONS_TSC=true # Enable TSC Extension -EXTENSIONS_AUDIT=true # Enable Audit Extension -EXTENSIONS_OSCAP=false # Enable OpenSCAP Extension -EXTENSIONS_CISCAT=false # Enable CISCAT Extension -EXTENSIONS_AWS=false # Enable AWS Extension -EXTENSIONS_GCP=false # Enable GCP Extension -EXTENSIONS_VIRUSTOTAL=false # Enable Virustotal Extension -EXTENSIONS_OSQUERY=false # Enable OSQuery Extension -EXTENSIONS_DOCKER=false # Enable Docker Extension - -APP_TIMEOUT=20000 # Defines maximum timeout to be used on the Wazuh app requests - -API_SELECTOR=true Defines if the user is allowed to change the selected API directly from the Wazuh app top menu -IP_SELECTOR=true # Defines if the user is allowed to change the selected index pattern directly from the Wazuh app top menu -IP_IGNORE="[]" # List of index patterns to be ignored - -WAZUH_MONITORING_ENABLED=true # Custom settings to enable/disable wazuh-monitoring indices -WAZUH_MONITORING_CREATION=d # Custom setting to set the wazuh-monitoring-* indices creation interval -WAZUH_MONITORING_FREQUENCY=900 # Custom setting to set the frequency for wazuh-monitoring indices cron task -WAZUH_MONITORING_SHARDS=2 # Configure wazuh-monitoring-* indices shards and replicas -WAZUH_MONITORING_REPLICAS=0 # - -ADMIN_PRIVILEGES=true # App privileges -``` - ## Directory structure ├── build-wazuh-images.yml ├── CHANGELOG.md ├── docker-compose.yml ├── generate-indexer-certs.yml +├── indexer_certs_creator +│ ├── config +│ │ └── entrypoint.sh +│ └── Dockerfile ├── LICENSE ├── production_cluster -│   ├── nginx -│   │   ├── nginx.conf -│   │   └── ssl -│   │   └── generate-self-signed-cert.sh -│   ├── wazuh_cluster -│   │   ├── wazuh_manager.conf -│   │   └── wazuh_worker.conf -│   ├── wazuh_dashboard -│   │   └── opensearch_dashboards.yml -│   ├── wazuh-indexer -│   │   ├── internal_users.yml -│   │   ├── opensearch.yml -│   │   ├── wazuh1.indexer.yml -│   │   ├── wazuh2.indexer.yml -│   │   └── wazuh3.indexer.yml -│   └── wazuh_indexer_ssl_certs -│   └── certs.yml +│ ├── nginx +│ │ ├── nginx.conf +│ │ └── ssl +│ │ └── generate-self-signed-cert.sh +│ ├── wazuh_cluster +│ │ ├── wazuh_manager.conf +│ │ └── wazuh_worker.conf +│ ├── wazuh_dashboard +│ │ ├── opensearch_dashboards.yml +│ │ └── wazuh.yml +│ ├── wazuh-indexer +│ │ ├── internal_users.yml +│ │ ├── wazuh1.indexer.yml +│ │ ├── wazuh2.indexer.yml +│ │ └── wazuh3.indexer.yml +│ └── wazuh_indexer_ssl_certs +│ └── certs.yml ├── production-cluster.yml ├── README.md ├── VERSION ├── wazuh-dashboard -│   ├── config -│   │   ├── opensearch_dashboards.yml -│   │   ├── entrypoint.sh -│   │   ├── wazuh_app_config.sh -│   │   └── wazuh.yml -│   └── Dockerfile +│ ├── config +│ │ ├── entrypoint.sh +│ │ ├── opensearch_dashboards.yml +│ │ ├── wazuh_app_config.sh +│ │ └── wazuh.yml +│ └── Dockerfile ├── wazuh-indexer -│   ├── config -│   │   ├── config.sh -│   │   ├── config.yml -│   │   ├── entrypoint.sh -│   │   ├── opensearch.yml -│   │   ├── securityadmin.sh -│   │   └── unattended_installer.tar.gz -│   └── Dockerfile +│ ├── config +│ │ ├── config.sh +│ │ ├── config.yml +│ │ ├── entrypoint.sh +│ │ ├── internal_users.yml +│ │ ├── opensearch.yml +│ │ ├── roles_mapping.yml +│ │ ├── roles.yml +│ │ └── securityadmin.sh +│ └── Dockerfile └── wazuh-manager -    ├── config -    │   ├── create_user.py -    │   ├── etc -    │   │   ├── cont-init.d -    │   │   │   ├── 0-wazuh-init -    │   │   │   ├── 1-config-filebeat -    │   │   │   └── 2-manager -    │   │   └── services.d -    │   │   ├── filebeat -    │   │   │   ├── finish -    │   │   │   └── run -    │   │   └── ossec-logs -    │   │   └── run -    │   ├── filebeat.yml -    │   ├── permanent_data.env -    │   ├── permanent_data.sh -    │   └── wazuh.repo -    └── Dockerfile + ├── config + │ ├── create_user.py + │ ├── etc + │ │ ├── cont-init.d + │ │ │ ├── 0-wazuh-init + │ │ │ ├── 1-config-filebeat + │ │ │ └── 2-manager + │ │ └── services.d + │ │ ├── filebeat + │ │ │ ├── finish + │ │ │ └── run + │ │ └── ossec-logs + │ │ └── run + │ ├── filebeat.yml + │ ├── permanent_data.env + │ ├── permanent_data.sh + │ └── wazuh.repo + └── Dockerfile ## Branches From 9ba1692e98fad7380d82e106adee77d235c710d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 18 Mar 2022 09:55:16 -0300 Subject: [PATCH 2/6] README format update --- README.md | 134 +++++++++++++++++++++++++++--------------------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/README.md b/README.md index 5b5ae345..79f14f05 100644 --- a/README.md +++ b/README.md @@ -50,73 +50,73 @@ SSL_KEY="" # Path of Filebeat SSL Key ## Directory structure -├── build-wazuh-images.yml -├── CHANGELOG.md -├── docker-compose.yml -├── generate-indexer-certs.yml -├── indexer_certs_creator -│ ├── config -│ │ └── entrypoint.sh -│ └── Dockerfile -├── LICENSE -├── production_cluster -│ ├── nginx -│ │ ├── nginx.conf -│ │ └── ssl -│ │ └── generate-self-signed-cert.sh -│ ├── wazuh_cluster -│ │ ├── wazuh_manager.conf -│ │ └── wazuh_worker.conf -│ ├── wazuh_dashboard -│ │ ├── opensearch_dashboards.yml -│ │ └── wazuh.yml -│ ├── wazuh-indexer -│ │ ├── internal_users.yml -│ │ ├── wazuh1.indexer.yml -│ │ ├── wazuh2.indexer.yml -│ │ └── wazuh3.indexer.yml -│ └── wazuh_indexer_ssl_certs -│ └── certs.yml -├── production-cluster.yml -├── README.md -├── VERSION -├── wazuh-dashboard -│ ├── config -│ │ ├── entrypoint.sh -│ │ ├── opensearch_dashboards.yml -│ │ ├── wazuh_app_config.sh -│ │ └── wazuh.yml -│ └── Dockerfile -├── wazuh-indexer -│ ├── config -│ │ ├── config.sh -│ │ ├── config.yml -│ │ ├── entrypoint.sh -│ │ ├── internal_users.yml -│ │ ├── opensearch.yml -│ │ ├── roles_mapping.yml -│ │ ├── roles.yml -│ │ └── securityadmin.sh -│ └── Dockerfile -└── wazuh-manager - ├── config - │ ├── create_user.py - │ ├── etc - │ │ ├── cont-init.d - │ │ │ ├── 0-wazuh-init - │ │ │ ├── 1-config-filebeat - │ │ │ └── 2-manager - │ │ └── services.d - │ │ ├── filebeat - │ │ │ ├── finish - │ │ │ └── run - │ │ └── ossec-logs - │ │ └── run - │ ├── filebeat.yml - │ ├── permanent_data.env - │ ├── permanent_data.sh - │ └── wazuh.repo - └── Dockerfile + ├── build-wazuh-images.yml + ├── CHANGELOG.md + ├── docker-compose.yml + ├── generate-indexer-certs.yml + ├── indexer_certs_creator + │ ├── config + │ │ └── entrypoint.sh + │ └── Dockerfile + ├── LICENSE + ├── production_cluster + │ ├── nginx + │ │ ├── nginx.conf + │ │ └── ssl + │ │ └── generate-self-signed-cert.sh + │ ├── wazuh_cluster + │ │ ├── wazuh_manager.conf + │ │ └── wazuh_worker.conf + │ ├── wazuh_dashboard + │ │ ├── opensearch_dashboards.yml + │ │ └── wazuh.yml + │ ├── wazuh-indexer + │ │ ├── internal_users.yml + │ │ ├── wazuh1.indexer.yml + │ │ ├── wazuh2.indexer.yml + │ │ └── wazuh3.indexer.yml + │ └── wazuh_indexer_ssl_certs + │ └── certs.yml + ├── production-cluster.yml + ├── README.md + ├── VERSION + ├── wazuh-dashboard + │ ├── config + │ │ ├── entrypoint.sh + │ │ ├── opensearch_dashboards.yml + │ │ ├── wazuh_app_config.sh + │ │ └── wazuh.yml + │ └── Dockerfile + ├── wazuh-indexer + │ ├── config + │ │ ├── config.sh + │ │ ├── config.yml + │ │ ├── entrypoint.sh + │ │ ├── internal_users.yml + │ │ ├── opensearch.yml + │ │ ├── roles_mapping.yml + │ │ ├── roles.yml + │ │ └── securityadmin.sh + │ └── Dockerfile + └── wazuh-manager + ├── config + │ ├── create_user.py + │ ├── etc + │ │ ├── cont-init.d + │ │ │ ├── 0-wazuh-init + │ │ │ ├── 1-config-filebeat + │ │ │ └── 2-manager + │ │ └── services.d + │ │ ├── filebeat + │ │ │ ├── finish + │ │ │ └── run + │ │ └── ossec-logs + │ │ └── run + │ ├── filebeat.yml + │ ├── permanent_data.env + │ ├── permanent_data.sh + │ └── wazuh.repo + └── Dockerfile ## Branches From 6eb2e37f414a64890c1fe255b792154ef38faf96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 18 Mar 2022 10:17:47 -0300 Subject: [PATCH 3/6] Dashboard variables restored --- README.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/README.md b/README.md index 79f14f05..3fa14934 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,43 @@ SSL_CERTIFICATE="" # Path of Filebeat SSL Certi SSL_KEY="" # Path of Filebeat SSL Key ``` +### Dashboard +``` +PATTERN="wazuh-alerts-*" # Default index pattern to use + +CHECKS_PATTERN=true # Defines which checks must to be consider by the healthcheck +CHECKS_TEMPLATE=true # step once the Wazuh app starts. Values must to be true or false +CHECKS_API=true +CHECKS_SETUP=true + +EXTENSIONS_PCI=true # Enable PCI Extension +EXTENSIONS_GDPR=true # Enable GDPR Extension +EXTENSIONS_HIPAA=true # Enable HIPAA Extension +EXTENSIONS_NIST=true # Enable NIST Extension +EXTENSIONS_TSC=true # Enable TSC Extension +EXTENSIONS_AUDIT=true # Enable Audit Extension +EXTENSIONS_OSCAP=false # Enable OpenSCAP Extension +EXTENSIONS_CISCAT=false # Enable CISCAT Extension +EXTENSIONS_AWS=false # Enable AWS Extension +EXTENSIONS_GCP=false # Enable GCP Extension +EXTENSIONS_VIRUSTOTAL=false # Enable Virustotal Extension +EXTENSIONS_OSQUERY=false # Enable OSQuery Extension +EXTENSIONS_DOCKER=false # Enable Docker Extension + +APP_TIMEOUT=20000 # Defines maximum timeout to be used on the Wazuh app requests + +API_SELECTOR=true Defines if the user is allowed to change the selected API directly from the Wazuh app top menu +IP_SELECTOR=true # Defines if the user is allowed to change the selected index pattern directly from the Wazuh app top menu +IP_IGNORE="[]" # List of index patterns to be ignored + +WAZUH_MONITORING_ENABLED=true # Custom settings to enable/disable wazuh-monitoring indices +WAZUH_MONITORING_FREQUENCY=900 # Custom setting to set the frequency for wazuh-monitoring indices cron task +WAZUH_MONITORING_SHARDS=2 # Configure wazuh-monitoring-* indices shards and replicas +WAZUH_MONITORING_REPLICAS=0 # + +ADMIN_PRIVILEGES=true # App privileges +``` + ## Directory structure ├── build-wazuh-images.yml From b3b638a83cab34d4f94afe2812e9ec6fcc9662e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 18 Mar 2022 10:20:08 -0300 Subject: [PATCH 4/6] Wazuh app options added --- wazuh-dashboard/Dockerfile | 36 ++++++++++++++++++++ wazuh-dashboard/config/wazuh_app_config.sh | 38 ++++++++++++++++++++++ 2 files changed, 74 insertions(+) diff --git a/wazuh-dashboard/Dockerfile b/wazuh-dashboard/Dockerfile index 4f42ed51..1be5a8be 100644 --- a/wazuh-dashboard/Dockerfile +++ b/wazuh-dashboard/Dockerfile @@ -60,6 +60,42 @@ ENV USER="wazuh-dashboard" \ GROUP="wazuh-dashboard" \ NAME="wazuh-dashboard" \ INSTALL_DIR="/usr/share/wazuh-dashboard" + +# Set Wazuh app variables +ENV PATTERN="" \ + CHECKS_PATTERN="" \ + CHECKS_TEMPLATE="" \ + CHECKS_API="" \ + CHECKS_SETUP="" \ + EXTENSIONS_PCI="" \ + EXTENSIONS_GDPR="" \ + EXTENSIONS_HIPAA="" \ + EXTENSIONS_NIST="" \ + EXTENSIONS_TSC="" \ + EXTENSIONS_AUDIT="" \ + EXTENSIONS_OSCAP="" \ + EXTENSIONS_CISCAT="" \ + EXTENSIONS_AWS="" \ + EXTENSIONS_GCP="" \ + EXTENSIONS_VIRUSTOTAL="" \ + EXTENSIONS_OSQUERY="" \ + EXTENSIONS_DOCKER="" \ + APP_TIMEOUT="" \ + API_SELECTOR="" \ + IP_SELECTOR="" \ + IP_IGNORE="" \ + WAZUH_MONITORING_ENABLED="" \ + WAZUH_MONITORING_FREQUENCY="" \ + WAZUH_MONITORING_SHARDS="" \ + WAZUH_MONITORING_REPLICAS="" \ + ADMIN_PRIVILEGES="" \ + XPACK_CANVAS="true" \ + XPACK_LOGS="true" \ + XPACK_INFRA="true" \ + XPACK_ML="true" \ + XPACK_DEVTOOLS="true" \ + XPACK_MONITORING="true" \ + XPACK_APM="true" # Create wazuh-dashboard user and group RUN getent group $GROUP || groupadd -r -g 1000 $GROUP diff --git a/wazuh-dashboard/config/wazuh_app_config.sh b/wazuh-dashboard/config/wazuh_app_config.sh index 9674bdff..e00fd4c7 100644 --- a/wazuh-dashboard/config/wazuh_app_config.sh +++ b/wazuh-dashboard/config/wazuh_app_config.sh @@ -9,6 +9,44 @@ api_run_as="${RUN_AS:-false}" dashboard_config_file="/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml" +declare -A CONFIG_MAP=( + [pattern]=$PATTERN + [checks.pattern]=$CHECKS_PATTERN + [checks.template]=$CHECKS_TEMPLATE + [checks.api]=$CHECKS_API + [checks.setup]=$CHECKS_SETUP + [extensions.pci]=$EXTENSIONS_PCI + [extensions.gdpr]=$EXTENSIONS_GDPR + [extensions.hipaa]=$EXTENSIONS_HIPAA + [extensions.nist]=$EXTENSIONS_NIST + [extensions.tsc]=$EXTENSIONS_TSC + [extensions.audit]=$EXTENSIONS_AUDIT + [extensions.oscap]=$EXTENSIONS_OSCAP + [extensions.ciscat]=$EXTENSIONS_CISCAT + [extensions.aws]=$EXTENSIONS_AWS + [extensions.gcp]=$EXTENSIONS_GCP + [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL + [extensions.osquery]=$EXTENSIONS_OSQUERY + [extensions.docker]=$EXTENSIONS_DOCKER + [timeout]=$APP_TIMEOUT + [api.selector]=$API_SELECTOR + [ip.selector]=$IP_SELECTOR + [ip.ignore]=$IP_IGNORE + [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED + [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY + [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS + [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS + [admin]=$ADMIN_PRIVILEGES +) + +for i in "${!CONFIG_MAP[@]}" +do + if [ "${CONFIG_MAP[$i]}" != "" ]; then + sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $dashboard_config_file + fi +done + + grep -q 1513629884013 $dashboard_config_file _config_exists=$? From 0b1659c60bfa19324f7b62ca05e0dd19a9a76fd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 18 Mar 2022 10:43:34 -0300 Subject: [PATCH 5/6] Wazuh app options config updated --- wazuh-dashboard/Dockerfile | 2 +- wazuh-dashboard/config/wazuh.yml | 168 ++++++++++++++++++++- wazuh-dashboard/config/wazuh_app_config.sh | 2 +- 3 files changed, 163 insertions(+), 9 deletions(-) diff --git a/wazuh-dashboard/Dockerfile b/wazuh-dashboard/Dockerfile index 1be5a8be..a81579ed 100644 --- a/wazuh-dashboard/Dockerfile +++ b/wazuh-dashboard/Dockerfile @@ -60,7 +60,7 @@ ENV USER="wazuh-dashboard" \ GROUP="wazuh-dashboard" \ NAME="wazuh-dashboard" \ INSTALL_DIR="/usr/share/wazuh-dashboard" - + # Set Wazuh app variables ENV PATTERN="" \ CHECKS_PATTERN="" \ diff --git a/wazuh-dashboard/config/wazuh.yml b/wazuh-dashboard/config/wazuh.yml index 62a72893..e2f3f755 100644 --- a/wazuh-dashboard/config/wazuh.yml +++ b/wazuh-dashboard/config/wazuh.yml @@ -1,7 +1,161 @@ -hosts: - - default: - url: https://wazuh.manager - port: 55000 - username: wazuh-wui - password: wazuh-wui - run_as: false +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2021 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +#checks.metaFields: true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.tsc : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.gcp : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# -------------------------------- API selector -------------------------------- +# +# Defines if the user is allowed to change the selected +# API directly from the Wazuh app top menu. +# Default: true +#api.selector: true +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-* +# +# --------------------------------- wazuh-cron ---------------------------------- +# +# Customize the index prefix of predefined jobs +# This change is not retroactive, if you change it new indexes will be created +# cron.prefix: test +# +# ------------------------------ wazuh-statistics ------------------------------- +# +# Custom setting to enable/disable statistics tasks. +#cron.statistics.status: true +# +# Enter the ID of the APIs you want to save data from, leave this empty to run +# the task on all configured APIs +#cron.statistics.apis: [] +# +# Define the frequency of task execution using cron schedule expressions +#cron.statistics.interval: 0 0 * * * * +# +# Define the name of the index in which the documents are to be saved. +#cron.statistics.index.name: statistics +# +# Define the interval in which the index will be created +#cron.statistics.index.creation: w +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ---------------------------- Hide manager alerts ------------------------------ +# Hide the alerts of the manager in all dashboards and discover +#hideManagerAlerts: false +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +# -------------------------------- Enrollment DNS ------------------------------- +# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. +# Default value: '' +#enrollment.dns: '' +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# username: +# password: \ No newline at end of file diff --git a/wazuh-dashboard/config/wazuh_app_config.sh b/wazuh-dashboard/config/wazuh_app_config.sh index e00fd4c7..784f10eb 100644 --- a/wazuh-dashboard/config/wazuh_app_config.sh +++ b/wazuh-dashboard/config/wazuh_app_config.sh @@ -51,7 +51,7 @@ grep -q 1513629884013 $dashboard_config_file _config_exists=$? if [[ $_config_exists -ne 0 ]]; then -cat << EOF > $dashboard_config_file +cat << EOF >> $dashboard_config_file hosts: - 1513629884013: url: $wazuh_url From 3df1d95ec789387f550fde09d516893ff6bca99a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gonzalo=20Acu=C3=B1a?= Date: Fri, 18 Mar 2022 10:52:01 -0300 Subject: [PATCH 6/6] wazuh.yml update --- wazuh-dashboard/config/wazuh.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wazuh-dashboard/config/wazuh.yml b/wazuh-dashboard/config/wazuh.yml index e2f3f755..aeb519f7 100644 --- a/wazuh-dashboard/config/wazuh.yml +++ b/wazuh-dashboard/config/wazuh.yml @@ -158,4 +158,4 @@ # url: http(s):// # port: # username: -# password: \ No newline at end of file +# password: