paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-11-10 00:45:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1175 from wazuh/merge-4.8.0-into-4.8.1

Browse Source 
Merge 4.8.0 into 4.8.1
This commit is contained in:
Gonzalo Acuña
2024-01-04 14:45:10 -03:00
committed by GitHub
parent cc05d1a251 daa122f14b
commit 4e8569009e
4 changed files with 73 additions and 252 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager
View File

@@ -112,6 +112,12 @@ function_entrypoint_scripts() {
fi fi
} }
function_configure_vulnerability_detection() {
if [ "$INDEXER_PASSWORD" != "" ]; then
>&2 echo "Configuring password."
sed -i "s|<password>VDPass</password>|<password>$INDEXER_PASSWORD</password>|g" /var/ossec/etc/ossec.conf
fi
}
# Migrate data from /wazuh-migration volume # Migrate data from /wazuh-migration volume
function_wazuh_migration function_wazuh_migration
@@ -119,6 +125,9 @@ function_wazuh_migration
# create API custom user # create API custom user
function_create_custom_user function_create_custom_user
# configure Vulnerabilty detection
function_configure_vulnerability_detection
# run entrypoint scripts # run entrypoint scripts
function_entrypoint_scripts function_entrypoint_scripts

106
multi-node/config/wazuh_cluster/wazuh_manager.conf
View File

@@ -95,91 +95,29 @@
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
</sca> </sca>
<vulnerability-detector> <vulnerability-detection>
<enabled>no</enabled> <enabled>yes</enabled>
<interval>5m</interval> <index-status>yes</index-status>
<min_full_scan_interval>6h</min_full_scan_interval> <feed-update-interval>60m</feed-update-interval>
<run_on_start>yes</run_on_start> </vulnerability-detection>
<!-- Ubuntu OS vulnerabilities --> <indexer>
<provider name="canonical"> <enabled>yes</enabled>
<enabled>no</enabled> <hosts>
<os>trusty</os> <host>https://wazuh1.indexer:9200</host>
<os>xenial</os> <host>https://wazuh2.indexer:9200</host>
<os>bionic</os> <host>https://wazuh3.indexer:9200</host>
<os>focal</os> </hosts>
<os>jammy</os> <username>admin</username>
<update_interval>1h</update_interval> <password>VDPass</password>
</provider> <ssl>
<certificate_authorities>
<!-- Debian OS vulnerabilities --> <ca>/etc/ssl/root-ca.pem</ca>
<provider name="debian"> </certificate_authorities>
<enabled>no</enabled> <certificate>/etc/ssl/filebeat.pem</certificate>
<os>buster</os> <key>/etc/ssl/filebeat.key</key>
<os>bullseye</os> </ssl>
<os>bookworm</os> </indexer>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<!-- File integrity monitoring --> <!-- File integrity monitoring -->
<syscheck> <syscheck>

106
multi-node/config/wazuh_cluster/wazuh_worker.conf
View File

@@ -95,91 +95,29 @@
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
</sca> </sca>
<vulnerability-detector> <vulnerability-detection>
<enabled>no</enabled> <enabled>yes</enabled>
<interval>5m</interval> <index-status>yes</index-status>
<min_full_scan_interval>6h</min_full_scan_interval> <feed-update-interval>60m</feed-update-interval>
<run_on_start>yes</run_on_start> </vulnerability-detection>
<!-- Ubuntu OS vulnerabilities --> <indexer>
<provider name="canonical"> <enabled>yes</enabled>
<enabled>no</enabled> <hosts>
<os>trusty</os> <host>https://wazuh1.indexer:9200</host>
<os>xenial</os> <host>https://wazuh2.indexer:9200</host>
<os>bionic</os> <host>https://wazuh3.indexer:9200</host>
<os>focal</os> </hosts>
<os>jammy</os> <username>admin</username>
<update_interval>1h</update_interval> <password>VDPass</password>
</provider> <ssl>
<certificate_authorities>
<!-- Debian OS vulnerabilities --> <ca>/etc/ssl/root-ca.pem</ca>
<provider name="debian"> </certificate_authorities>
<enabled>no</enabled> <certificate>/etc/ssl/filebeat.pem</certificate>
<os>buster</os> <key>/etc/ssl/filebeat.key</key>
<os>bullseye</os> </ssl>
<os>bookworm</os> </indexer>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<!-- File integrity monitoring --> <!-- File integrity monitoring -->
<syscheck> <syscheck>

104
single-node/config/wazuh_cluster/wazuh_manager.conf
View File

@@ -95,91 +95,27 @@
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
</sca> </sca>
<vulnerability-detector> <vulnerability-detection>
<enabled>no</enabled> <enabled>yes</enabled>
<interval>5m</interval> <index-status>yes</index-status>
<min_full_scan_interval>6h</min_full_scan_interval> <feed-update-interval>60m</feed-update-interval>
<run_on_start>yes</run_on_start> </vulnerability-detection>
<!-- Ubuntu OS vulnerabilities --> <indexer>
<provider name="canonical"> <enabled>yes</enabled>
<enabled>no</enabled> <hosts>
<os>trusty</os> <host>https://wazuh.indexer:9200</host>
<os>xenial</os> </hosts>
<os>bionic</os> <username>admin</username>
<os>focal</os> <password>VDPass</password>
<os>jammy</os> <ssl>
<update_interval>1h</update_interval> <certificate_authorities>
</provider> <ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<!-- Debian OS vulnerabilities --> <certificate>/etc/ssl/filebeat.pem</certificate>
<provider name="debian"> <key>/etc/ssl/filebeat.key</key>
<enabled>no</enabled> </ssl>
<os>buster</os> </indexer>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<!-- File integrity monitoring --> <!-- File integrity monitoring -->
<syscheck> <syscheck>