paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-10-23 16:14:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Conflicts resolution

Browse Source
This commit is contained in:
Gonzalo Acuña
2025-06-19 12:28:14 -03:00
parent 31101be6d2 4fcca62c3d
commit f43faae24b
32 changed files with 841 additions and 601 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.github/workflows/push.yml vendored
View File

@@ -23,6 +23,7 @@ jobs:
docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar
docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar
docker save wazuh/wazuh-agent:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
- name: Temporarily save Wazuh manager Docker image
uses: actions/upload-artifact@v4
@@ -50,6 +51,11 @@ jobs:
with:
name: docker-artifact-agent
path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-agent.tar
- name: Temporarily save Wazuh Cert Tool Docker image
uses: actions/upload-artifact@v3
with:
name: docker-artifact-cert-tool
path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar
retention-days: 1
- name: Install Goss
@@ -93,6 +99,10 @@ jobs:
uses: actions/download-artifact@v4
with:
name: docker-artifact-agent
- name: Retrieve saved Wazuh Cert Tool Docker image
uses: actions/download-artifact@v3
with:
name: docker-artifact-cert-tool
- name: Docker load
run: |
@@ -102,7 +112,13 @@ jobs:
docker load --input ./wazuh-agent.tar
- name: Create single node certficates
run: docker compose -f single-node/generate-indexer-certs.yml run --rm generator
run: docker compose -f single-node/generate-certs.yml run --rm generator
docker load --input ./wazuh-cert-tool.tar
rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
- name: Create single node certficates
run: docker-compose -f single-node/generate-certs.yml run --rm generator
- name: Start single node stack
run: docker compose -f single-node/docker-compose.yml up -d
@@ -237,17 +253,26 @@ jobs:
uses: actions/download-artifact@v4
with:
name: docker-artifact-agent
- name: Retrieve saved Wazuh Cert Tool Docker image
uses: actions/download-artifact@v3
with:
name: docker-artifact-cert-tool
- name: Docker load
run: |
docker load --input ./wazuh-manager.tar
docker load --input ./wazuh-indexer.tar
docker load --input ./wazuh-dashboard.tar
docker load --input ./wazuh-agent.tar
rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-agent.tar
- name: Create multi node certficates
run: docker compose -f multi-node/generate-indexer-certs.yml run --rm generator
run: docker compose -f multi-node/generate-certs.yml run --rm generator
docker load --input ./wazuh-manager.tar
docker load --input ./wazuh-cert-tool.tar
rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar
- name: Create multi node certficates
run: docker-compose -f multi-node/generate-certs.yml run --rm generator
- name: Start multi node stack
run: docker compose -f multi-node/docker-compose.yml up -d

36
CHANGELOG.md
View File

@@ -1,10 +1,46 @@
# Change Log
All notable changes to this project will be documented in this file.
## [6.0.0]
### Added
- none
### Changed
- None
### Fixed
- None
### Deleted
- None
## [5.0.0]
### Added
- none
### Changed
- None
### Fixed
- None
### Deleted
- None
## [4.10.2]
### Added
- None
### Changed

3
build-docker-images/build-images.sh
View File

@@ -65,7 +65,8 @@ build() {
echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env
echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env
docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1
docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache
docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/
return 0
}

5
indexer-certs-creator/Dockerfile → build-docker-images/wazuh-cert-tool/Dockerfile
View File

@@ -1,7 +1,8 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal
FROM amazonlinux:2023
RUN apt-get update && apt-get install openssl curl -y
RUN yum install curl-minimal openssl -y &&\
yum clean all
WORKDIR /

4
indexer-certs-creator/config/entrypoint.sh → build-docker-images/wazuh-cert-tool/config/entrypoint.sh
View File

@@ -8,8 +8,8 @@
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PASSWORD_TOOL=wazuh-passwords-tool.sh
PACKAGES_URL=https://packages.wazuh.com/5.0/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
PACKAGES_URL=https://packages.wazuh.com/6.0/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_URL$CERT_TOOL")

11
build-docker-images/wazuh-dashboard/Dockerfile
View File

@@ -87,6 +87,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR
RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
# Set $JAVA_HOME
RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
ENV JAVA_HOME=$INSTALL_DIR/jdk
ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
# Add k-NN lib directory to library loading path variable
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
# Set workdir and user
WORKDIR $INSTALL_DIR
USER wazuh-dashboard
@@ -95,3 +104,5 @@ USER wazuh-dashboard
EXPOSE 443
ENTRYPOINT [ "/entrypoint.sh" ]
CMD ["opensearch-dashboards"]

8
build-docker-images/wazuh-dashboard/config/config.sh
View File

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PACKAGES_URL=https://packages.wazuh.com/5.0/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
PACKAGES_URL=https://packages.wazuh.com/6.0/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
@@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A
mkdir -p ${CONFIG_DIR}/certs
# Copy Wazuh dashboard certs to install config dir
cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem
cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem
cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem
chmod -R 500 ${CONFIG_DIR}/certs

4
build-docker-images/wazuh-dashboard/config/config.yml
View File

@@ -1,5 +1,5 @@
nodes:
# Wazuh dashboard server nodes
dashboard:
- name: demo.dashboard
ip: demo.dashboard
- name: dashboard
ip: wazuh.dashboard

221
build-docker-images/wazuh-dashboard/config/entrypoint.sh
View File

@@ -2,6 +2,215 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
INSTALL_DIR=/usr/share/wazuh-dashboard
export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR
WAZUH_CONFIG_MOUNT=/wazuh-config-mount
opensearch_dashboards_vars=(
console.enabled
console.proxyConfig
console.proxyFilter
ops.cGroupOverrides.cpuPath
ops.cGroupOverrides.cpuAcctPath
cpu.cgroup.path.override
cpuacct.cgroup.path.override
server.basePath
server.customResponseHeaders
server.compression.enabled
server.compression.referrerWhitelist
server.cors
server.cors.origin
server.defaultRoute
server.host
server.keepAliveTimeout
server.maxPayloadBytes
server.name
server.port
csp.rules
csp.strict
csp.warnLegacyBrowsers
data.search.usageTelemetry.enabled
opensearch.customHeaders
opensearch.hosts
opensearch.logQueries
opensearch.memoryCircuitBreaker.enabled
opensearch.memoryCircuitBreaker.maxPercentage
opensearch.password
opensearch.pingTimeout
opensearch.requestHeadersWhitelist
opensearch.requestHeadersAllowlist
opensearch_security.multitenancy.enabled
opensearch_security.readonly_mode.roles
opensearch.requestTimeout
opensearch.shardTimeout
opensearch.sniffInterval
opensearch.sniffOnConnectionFault
opensearch.sniffOnStart
opensearch.ssl.alwaysPresentCertificate
opensearch.ssl.certificate
opensearch.ssl.key
opensearch.ssl.keyPassphrase
opensearch.ssl.keystore.path
opensearch.ssl.keystore.password
opensearch.ssl.truststore.path
opensearch.ssl.truststore.password
opensearch.ssl.verificationMode
opensearch.username
i18n.locale
interpreter.enableInVisualize
opensearchDashboards.autocompleteTerminateAfter
opensearchDashboards.autocompleteTimeout
opensearchDashboards.defaultAppId
opensearchDashboards.index
logging.dest
logging.json
logging.quiet
logging.rotate.enabled
logging.rotate.everyBytes
logging.rotate.keepFiles
logging.rotate.pollingInterval
logging.rotate.usePolling
logging.silent
logging.useUTC
logging.verbose
map.includeOpenSearchMapsService
map.proxyOpenSearchMapsServiceInMaps
map.regionmap
map.tilemap.options.attribution
map.tilemap.options.maxZoom
map.tilemap.options.minZoom
map.tilemap.options.subdomains
map.tilemap.url
monitoring.cluster_alerts.email_notifications.email_address
monitoring.enabled
monitoring.opensearchDashboards.collection.enabled
monitoring.opensearchDashboards.collection.interval
monitoring.ui.container.opensearch.enabled
monitoring.ui.container.logstash.enabled
monitoring.ui.opensearch.password
monitoring.ui.opensearch.pingTimeout
monitoring.ui.opensearch.hosts
monitoring.ui.opensearch.username
monitoring.ui.opensearch.logFetchCount
monitoring.ui.opensearch.ssl.certificateAuthorities
monitoring.ui.opensearch.ssl.verificationMode
monitoring.ui.enabled
monitoring.ui.max_bucket_size
monitoring.ui.min_interval_seconds
newsfeed.enabled
ops.interval
path.data
pid.file
regionmap
security.showInsecureClusterWarning
server.rewriteBasePath
server.socketTimeout
server.customResponseHeaders
server.ssl.enabled
server.ssl.key
server.ssl.keyPassphrase
server.ssl.keystore.path
server.ssl.keystore.password
server.ssl.truststore.path
server.ssl.truststore.password
server.ssl.cert
server.ssl.certificate
server.ssl.certificateAuthorities
server.ssl.cipherSuites
server.ssl.clientAuthentication
opensearch.ssl.certificateAuthorities
server.ssl.redirectHttpFromPort
server.ssl.supportedProtocols
server.xsrf.disableProtection
server.xsrf.whitelist
status.allowAnonymous
status.v6ApiFormat
tilemap.options.attribution
tilemap.options.maxZoom
tilemap.options.minZoom
tilemap.options.subdomains
tilemap.url
timeline.enabled
vega.enableExternalUrls
apm_oss.apmAgentConfigurationIndex
apm_oss.indexPattern
apm_oss.errorIndices
apm_oss.onboardingIndices
apm_oss.spanIndices
apm_oss.sourcemapIndices
apm_oss.transactionIndices
apm_oss.metricsIndices
telemetry.allowChangingOptInStatus
telemetry.enabled
telemetry.optIn
telemetry.optInStatusUrl
telemetry.sendUsageFrom
vis_builder.enabled
data_source.enabled
data_source.encryption.wrappingKeyName
data_source.encryption.wrappingKeyNamespace
data_source.encryption.wrappingKey
data_source.audit.enabled
data_source.audit.appender.kind
data_source.audit.appender.path
data_source.audit.appender.layout.kind
data_source.audit.appender.layout.highlight
data_source.audit.appender.layout.pattern
ml_commons_dashboards.enabled
assistant.chat.enabled
observability.query_assist.enabled
uiSettings.overrides.defaultRoute
)
print() {
echo -e $1
}
error_and_exit() {
echo "Error executing command: '$1'."
echo 'Exiting.'
exit 1
}
exec_cmd() {
eval $1 > /dev/null 2>&1 || error_and_exit "$1"
}
exec_cmd_stdout() {
eval $1 2>&1 || error_and_exit "$1"
}
function runOpensearchDashboards {
touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
value=${!env_var}
if [[ -n $value ]]; then
longoptfile="${opensearch_dashboards_var}: ${value}"
if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then
sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
else
echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml
fi
fi
done
umask 0002
/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \
--cpu.cgroup.path.override=/ \
--cpuacct.cgroup.path.override=/
}
mount_files() {
if [ -e $WAZUH_CONFIG_MOUNT/* ]
then
print "Identified Wazuh cdashboard onfiguration files to mount..."
exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR"
else
print "No Wazuh dashboard configuration files to mount..."
fi
}
DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
@@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o
/wazuh_app_config.sh $WAZUH_UI_REVISION
/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
mount_files
if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
set -- opensearch-dashboards "$@"
fi
if [ "$1" = "opensearch-dashboards" ]; then
runOpensearchDashboards "$@"
else
exec "$@"
fi

17
build-docker-images/wazuh-indexer/Dockerfile
View File

@@ -19,14 +19,6 @@ COPY config/config.sh .
COPY config/config.yml /
COPY config/action_groups.yml /
COPY config/internal_users.yml /
COPY config/roles_mapping.yml /
COPY config/roles.yml /
RUN bash config.sh
################################################################################
@@ -43,6 +35,15 @@ ENV USER="wazuh-indexer" \
NAME="wazuh-indexer" \
INSTALL_DIR="/usr/share/wazuh-indexer"
# Set $JAVA_HOME
RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \
echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh
ENV JAVA_HOME="$INSTALL_DIR/jdk"
ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin
# Add k-NN lib directory to library loading path variable
ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib"
RUN yum install curl-minimal shadow-utils findutils hostname -y
RUN getent group $GROUP || groupadd -r -g 1000 $GROUP

12
build-docker-images/wazuh-indexer/config/action_groups.yml
View File

@@ -1,12 +0,0 @@
---
_meta:
type: "actiongroups"
config_version: 2
# ISM API permissions group
manage_ism:
reserved: true
hidden: false
allowed_actions:
- "cluster:admin/opendistro/ism/*"
static: false

4
build-docker-images/wazuh-indexer/config/config.sh
View File

@@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PASSWORD_TOOL=wazuh-passwords-tool.sh
PACKAGES_URL=https://packages.wazuh.com/5.0/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/
PACKAGES_URL=https://packages.wazuh.com/6.0/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/6.0/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')

301
build-docker-images/wazuh-indexer/config/entrypoint.sh
View File

@@ -7,12 +7,272 @@ umask 0002
export USER=wazuh-indexer
export INSTALLATION_DIR=/usr/share/wazuh-indexer
export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}
export JAVA_HOME=${INSTALLATION_DIR}/jdk
export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
opensearch_vars=(
cluster.name
node.name
node.roles
path.data
path.logs
bootstrap.memory_lock
network.host
http.port
transport.port
network.bind_host
network.publish_host
transport.tcp.port
compatibility.override_main_response_version
http.host
http.bind_host
http.publish_host
http.compression
transport.host
transport.bind_host
transport.publish_host
discovery.seed_hosts
discovery.seed_providers
discovery.type
cluster.initial_cluster_manager_nodes
cluster.initial_master_nodes
node.max_local_storage_nodes
gateway.recover_after_nodes
gateway.recover_after_data_nodes
gateway.expected_data_nodes
gateway.recover_after_time
plugins.security.nodes_dn
plugins.security.nodes_dn_dynamic_config_enabled
plugins.security.authcz.admin_dn
plugins.security.roles_mapping_resolution
plugins.security.dls.mode
plugins.security.compliance.salt
config.dynamic.http.anonymous_auth_enabled
plugins.security.restapi.roles_enabled
plugins.security.restapi.password_validation_regex
plugins.security.restapi.password_validation_error_message
plugins.security.restapi.password_min_length
plugins.security.restapi.password_score_based_validation_strength
plugins.security.unsupported.restapi.allow_securityconfig_modification
plugins.security.authcz.impersonation_dn
plugins.security.authcz.rest_impersonation_user
plugins.security.allow_default_init_securityindex
plugins.security.allow_unsafe_democertificates
plugins.security.system_indices.permission.enabled
plugins.security.config_index_name
plugins.security.cert.oid
plugins.security.cert.intercluster_request_evaluator_class
plugins.security.enable_snapshot_restore_privilege
plugins.security.check_snapshot_restore_write_privileges
plugins.security.cache.ttl_minutes
plugins.security.protected_indices.enabled
plugins.security.protected_indices.roles
plugins.security.protected_indices.indices
plugins.security.system_indices.enabled
plugins.security.system_indices.indices
plugins.security.audit.enable_rest
plugins.security.audit.enable_transport
plugins.security.audit.resolve_bulk_requests
plugins.security.audit.config.disabled_categories
plugins.security.audit.ignore_requests
plugins.security.audit.threadpool.size
plugins.security.audit.threadpool.max_queue_len
plugins.security.audit.ignore_users
plugins.security.audit.type
plugins.security.audit.config.http_endpoints
plugins.security.audit.config.index
plugins.security.audit.config.type
plugins.security.audit.config.username
plugins.security.audit.config.password
plugins.security.audit.config.enable_ssl
plugins.security.audit.config.verify_hostnames
plugins.security.audit.config.enable_ssl_client_auth
plugins.security.audit.config.cert_alias
plugins.security.audit.config.pemkey_filepath
plugins.security.audit.config.pemkey_content
plugins.security.audit.config.pemkey_password
plugins.security.audit.config.pemcert_filepath
plugins.security.audit.config.pemcert_content
plugins.security.audit.config.pemtrustedcas_filepath
plugins.security.audit.config.pemtrustedcas_content
plugins.security.audit.config.webhook.url
plugins.security.audit.config.webhook.format
plugins.security.audit.config.webhook.ssl.verify
plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath
plugins.security.audit.config.webhook.ssl.pemtrustedcas_content
plugins.security.audit.config.log4j.logger_name
plugins.security.audit.config.log4j.level
opendistro_security.audit.config.disabled_rest_categories
opendistro_security.audit.config.disabled_transport_categories
plugins.security.ssl.transport.enforce_hostname_verification
plugins.security.ssl.transport.resolve_hostname
plugins.security.ssl.http.clientauth_mode
plugins.security.ssl.http.enabled_ciphers
plugins.security.ssl.http.enabled_protocols
plugins.security.ssl.transport.enabled_ciphers
plugins.security.ssl.transport.enabled_protocols
plugins.security.ssl.transport.keystore_type
plugins.security.ssl.transport.keystore_filepath
plugins.security.ssl.transport.keystore_alias
plugins.security.ssl.transport.keystore_password
plugins.security.ssl.transport.truststore_type
plugins.security.ssl.transport.truststore_filepath
plugins.security.ssl.transport.truststore_alias
plugins.security.ssl.transport.truststore_password
plugins.security.ssl.http.enabled
plugins.security.ssl.http.keystore_type
plugins.security.ssl.http.keystore_filepath
plugins.security.ssl.http.keystore_alias
plugins.security.ssl.http.keystore_password
plugins.security.ssl.http.truststore_type
plugins.security.ssl.http.truststore_filepath
plugins.security.ssl.http.truststore_alias
plugins.security.ssl.http.truststore_password
plugins.security.ssl.transport.enable_openssl_if_available
plugins.security.ssl.http.enable_openssl_if_available
plugins.security.ssl.transport.pemkey_filepath
plugins.security.ssl.transport.pemkey_password
plugins.security.ssl.transport.pemcert_filepath
plugins.security.ssl.transport.pemtrustedcas_filepath
plugins.security.ssl.http.pemkey_filepath
plugins.security.ssl.http.pemkey_password
plugins.security.ssl.http.pemcert_filepath
plugins.security.ssl.http.pemtrustedcas_filepath
plugins.security.ssl.transport.enabled
plugins.security.ssl.transport.client.pemkey_password
plugins.security.ssl.transport.keystore_keypassword
plugins.security.ssl.transport.server.keystore_keypassword
plugins.sercurity.ssl.transport.server.keystore_alias
plugins.sercurity.ssl.transport.client.keystore_alias
plugins.sercurity.ssl.transport.server.truststore_alias
plugins.sercurity.ssl.transport.client.truststore_alias
plugins.security.ssl.client.external_context_id
plugins.secuirty.ssl.transport.principal_extractor_class
plugins.security.ssl.http.crl.file_path
plugins.security.ssl.http.crl.validate
plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp
plugins.security.ssl.http.crl.check_only_end_entitites
plugins.security.ssl.http.crl.disable_ocsp
plugins.security.ssl.http.crl.disable_crldp
plugins.security.ssl.allow_client_initiated_renegotiation
indices.breaker.total.use_real_memory
indices.breaker.total.limit
indices.breaker.fielddata.limit
indices.breaker.fielddata.overhead
indices.breaker.request.limit
indices.breaker.request.overhead
network.breaker.inflight_requests.limit
network.breaker.inflight_requests.overhead
cluster.routing.allocation.enable
cluster.routing.allocation.node_concurrent_incoming_recoveries
cluster.routing.allocation.node_concurrent_outgoing_recoveries
cluster.routing.allocation.node_concurrent_recoveries
cluster.routing.allocation.node_initial_primaries_recoveries
cluster.routing.allocation.same_shard.host
cluster.routing.rebalance.enable
cluster.routing.allocation.allow_rebalance
cluster.routing.allocation.cluster_concurrent_rebalance
cluster.routing.allocation.balance.shard
cluster.routing.allocation.balance.index
cluster.routing.allocation.balance.threshold
cluster.routing.allocation.balance.prefer_primary
cluster.routing.allocation.disk.threshold_enabled
cluster.routing.allocation.disk.watermark.low
cluster.routing.allocation.disk.watermark.high
cluster.routing.allocation.disk.watermark.flood_stage
cluster.info.update.interval
cluster.routing.allocation.shard_movement_strategy
cluster.blocks.read_only
cluster.blocks.read_only_allow_delete
cluster.max_shards_per_node
cluster.persistent_tasks.allocation.enable
cluster.persistent_tasks.allocation.recheck_interval
cluster.search.request.slowlog.threshold.warn
cluster.search.request.slowlog.threshold.info
cluster.search.request.slowlog.threshold.debug
cluster.search.request.slowlog.threshold.trace
cluster.search.request.slowlog.level
cluster.fault_detection.leader_check.timeout
cluster.fault_detection.follower_check.timeout
action.auto_create_index
action.destructive_requires_name
cluster.default.index.refresh_interval
cluster.minimum.index.refresh_interval
cluster.indices.close.enable
indices.recovery.max_bytes_per_sec
indices.recovery.max_concurrent_file_chunks
indices.recovery.max_concurrent_operations
indices.recovery.max_concurrent_remote_store_streams
indices.time_series_index.default_index_merge_policy
indices.fielddata.cache.size
index.number_of_shards
index.number_of_routing_shards
index.shard.check_on_startup
index.codec
index.codec.compression_level
index.routing_partition_size
index.soft_deletes.retention_lease.period
index.load_fixed_bitset_filters_eagerly
index.hidden
index.merge.policy
index.merge_on_flush.enabled
index.merge_on_flush.max_full_flush_merge_wait_time
index.merge_on_flush.policy
index.check_pending_flush.enabled
index.number_of_replicas
index.auto_expand_replicas
index.search.idle.after
index.refresh_interval
index.max_result_window
index.max_inner_result_window
index.max_rescore_window
index.max_docvalue_fields_search
index.max_script_fields
index.max_ngram_diff
index.max_shingle_diff
index.max_refresh_listeners
index.analyze.max_token_count
index.highlight.max_analyzed_offset
index.max_terms_count
index.max_regex_length
index.query.default_field
index.query.max_nested_depth
index.routing.allocation.enable
index.routing.rebalance.enable
index.gc_deletes
index.default_pipeline
index.final_pipeline
index.optimize_doc_id_lookup.fuzzy_set.enabled
index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability
search.max_buckets
search.phase_took_enabled
search.allow_expensive_queries
search.default_allow_partial_results
search.cancel_after_time_interval
search.default_search_timeout
search.default_keep_alive
search.keep_alive_interval
search.max_keep_alive
search.low_level_cancellation
search.max_open_scroll_context
search.request_stats_enabled
search.highlight.term_vector_multi_value
snapshot.max_concurrent_operations
cluster.remote_store.translog.buffer_interval
remote_store.moving_average_window_size
opensearch.notifications.core.allowed_config_types
opensearch.notifications.core.email.minimum_header_length
opensearch.notifications.core.email.size_limit
opensearch.notifications.core.http.connection_timeout
opensearch.notifications.core.http.host_deny_list
opensearch.notifications.core.http.max_connection_per_route
opensearch.notifications.core.http.max_connections
opensearch.notifications.core.http.socket_timeout
opensearch.notifications.core.tooltip_support
opensearch.notifications.general.filter_by_backend_roles
)
run_as_other_user_if_needed() {
if [[ "$(id -u)" == "0" ]]; then
# If running as root, drop to specified UID and run command
@@ -24,6 +284,37 @@ run_as_other_user_if_needed() {
fi
}
function buildOpensearchConfig {
echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml
for opensearch_var in ${opensearch_vars[*]}; do
env_var=$(echo ${opensearch_var^^} | tr . _)
value=${!env_var}
if [[ -n $value ]]; then
if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)"
sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml
charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
fi
while :
do
case "$charline" in
"-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;;
*) break;;
esac
charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1)
done
longoptfile="${opensearch_var}: ${value}"
if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then
sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml
else
echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml
fi
fi
done
}
buildOpensearchConfig
# Allow user specify custom CMD, maybe bin/opensearch itself
# for example to directly specify `-E` style parameters for opensearch on k8s
# or simply to run /bin/bash to check the image
@@ -84,10 +375,4 @@ if [[ "$(id -u)" == "0" ]]; then
fi
#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
# run securityadmin.sh for single node with CACERT, CERT and KEY parameter
# nohup /securityadmin.sh &
# touch "/var/lib/wazuh-indexer/.flag"
#fi
run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

74
build-docker-images/wazuh-indexer/config/internal_users.yml
View File

@@ -1,74 +0,0 @@
---
# This is the internal user database
# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
_meta:
type: "internalusers"
config_version: 2
# Define your internal users here
## Demo users
admin:
hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
reserved: true
backend_roles:
- "admin"
description: "Demo admin user"
kibanaserver:
hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
reserved: true
description: "Demo kibanaserver user"
kibanaro:
hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
reserved: false
backend_roles:
- "kibanauser"
- "readall"
attributes:
attribute1: "value1"
attribute2: "value2"
attribute3: "value3"
description: "Demo kibanaro user"
logstash:
hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
reserved: false
backend_roles:
- "logstash"
description: "Demo logstash user"
readall:
hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
reserved: false
backend_roles:
- "readall"
description: "Demo readall user"
snapshotrestore:
hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
reserved: false
backend_roles:
- "snapshotrestore"
description: "Demo snapshotrestore user"
wazuh_admin:
hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
reserved: true
hidden: false
backend_roles: []
attributes: {}
opendistro_security_roles: []
static: false
wazuh_user:
hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
reserved: true
hidden: false
backend_roles: []
attributes: {}
opendistro_security_roles: []
static: false

26
build-docker-images/wazuh-indexer/config/opensearch.yml
View File

@@ -1,26 +0,0 @@
network.host: "0.0.0.0"
node.name: "wazuh.indexer"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
discovery.type: single-node
compatibility.override_main_response_version: true
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]

171
build-docker-images/wazuh-indexer/config/roles.yml
View File

@@ -1,171 +0,0 @@
_meta:
type: "roles"
config_version: 2
# Restrict users so they can only view visualization and dashboards on kibana
kibana_read_only:
reserved: true
# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
security_rest_api_access:
reserved: true
# Allows users to view monitors, destinations and alerts
alerting_read_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/alerting/alerts/get'
- 'cluster:admin/opendistro/alerting/destination/get'
- 'cluster:admin/opendistro/alerting/monitor/get'
- 'cluster:admin/opendistro/alerting/monitor/search'
# Allows users to view and acknowledge alerts
alerting_ack_alerts:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/alerting/alerts/*'
# Allows users to use all alerting functionality
alerting_full_access:
reserved: true
cluster_permissions:
- 'cluster_monitor'
- 'cluster:admin/opendistro/alerting/*'
index_permissions:
- index_patterns:
- '*'
allowed_actions:
- 'indices_monitor'
- 'indices:admin/aliases/get'
- 'indices:admin/mappings/get'
# Allow users to read Anomaly Detection detectors and results
anomaly_read_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/ad/detector/info'
- 'cluster:admin/opendistro/ad/detector/search'
- 'cluster:admin/opendistro/ad/detectors/get'
- 'cluster:admin/opendistro/ad/result/search'
- 'cluster:admin/opendistro/ad/tasks/search'
# Allows users to use all Anomaly Detection functionality
anomaly_full_access:
reserved: true
cluster_permissions:
- 'cluster_monitor'
- 'cluster:admin/opendistro/ad/*'
index_permissions:
- index_patterns:
- '*'
allowed_actions:
- 'indices_monitor'
- 'indices:admin/aliases/get'
- 'indices:admin/mappings/get'
# Allows users to read Notebooks
notebooks_read_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/notebooks/list'
- 'cluster:admin/opendistro/notebooks/get'
# Allows users to all Notebooks functionality
notebooks_full_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/notebooks/create'
- 'cluster:admin/opendistro/notebooks/update'
- 'cluster:admin/opendistro/notebooks/delete'
- 'cluster:admin/opendistro/notebooks/get'
- 'cluster:admin/opendistro/notebooks/list'
# Allows users to read and download Reports
reports_instances_read_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/reports/instance/list'
- 'cluster:admin/opendistro/reports/instance/get'
- 'cluster:admin/opendistro/reports/menu/download'
# Allows users to read and download Reports and Report-definitions
reports_read_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/reports/definition/get'
- 'cluster:admin/opendistro/reports/definition/list'
- 'cluster:admin/opendistro/reports/instance/list'
- 'cluster:admin/opendistro/reports/instance/get'
- 'cluster:admin/opendistro/reports/menu/download'
# Allows users to all Reports functionality
reports_full_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/reports/definition/create'
- 'cluster:admin/opendistro/reports/definition/update'
- 'cluster:admin/opendistro/reports/definition/on_demand'
- 'cluster:admin/opendistro/reports/definition/delete'
- 'cluster:admin/opendistro/reports/definition/get'
- 'cluster:admin/opendistro/reports/definition/list'
- 'cluster:admin/opendistro/reports/instance/list'
- 'cluster:admin/opendistro/reports/instance/get'
- 'cluster:admin/opendistro/reports/menu/download'
# Allows users to use all asynchronous-search functionality
asynchronous_search_full_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/asynchronous_search/*'
index_permissions:
- index_patterns:
- '*'
allowed_actions:
- 'indices:data/read/search*'
# Allows users to read stored asynchronous-search results
asynchronous_search_read_access:
reserved: true
cluster_permissions:
- 'cluster:admin/opendistro/asynchronous_search/get'
wazuh_ui_user:
reserved: true
hidden: false
cluster_permissions: []
index_permissions:
- index_patterns:
- "wazuh-*"
dls: ""
fls: []
masked_fields: []
allowed_actions:
- "read"
tenant_permissions: []
static: false
wazuh_ui_admin:
reserved: true
hidden: false
cluster_permissions: []
index_permissions:
- index_patterns:
- "wazuh-*"
dls: ""
fls: []
masked_fields: []
allowed_actions:
- "read"
- "delete"
- "manage"
- "index"
tenant_permissions: []
static: false
# ISM API permissions role
manage_ism:
reserved: true
hidden: false
cluster_permissions:
- "manage_ism"
static: false

78
build-docker-images/wazuh-indexer/config/roles_mapping.yml
View File

@@ -1,78 +0,0 @@
---
# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles.
# Permissions for Wazuh indexer roles are configured in roles.yml
_meta:
type: "rolesmapping"
config_version: 2
# Define your roles mapping here
## Demo roles mapping
all_access:
reserved: false
backend_roles:
- "admin"
description: "Maps admin to all_access"
own_index:
reserved: false
users:
- "*"
description: "Allow full access to an index named like the username"
logstash:
reserved: false
backend_roles:
- "logstash"
kibana_user:
reserved: false
backend_roles:
- "kibanauser"
users:
- "wazuh_user"
- "wazuh_admin"
description: "Maps kibanauser to kibana_user"
readall:
reserved: false
backend_roles:
- "readall"
manage_snapshots:
reserved: false
backend_roles:
- "snapshotrestore"
kibana_server:
reserved: true
users:
- "kibanaserver"
wazuh_ui_admin:
reserved: true
hidden: false
backend_roles: []
hosts: []
users:
- "wazuh_admin"
- "kibanaserver"
and_backend_roles: []
wazuh_ui_user:
reserved: true
hidden: false
backend_roles: []
hosts: []
users:
- "wazuh_user"
and_backend_roles: []
# ISM API permissions role mapping
manage_ism:
reserved: true
hidden: false
users:
- "kibanaserver"

4
docs/README.md
View File

@@ -138,7 +138,7 @@ The folder `wazuh-agent` contains a README explaining how to run a container wit
│   │   ├── wazuh2.indexer.yml
│   │   └── wazuh3.indexer.yml
│   ├── docker-compose.yml
│   ├── generate-indexer-certs.yml
│   ├── generate-certs.yml
│   ├── Migration-to-Wazuh-4.4.md
│   ├── README.md
│   └── volume-migrator.sh
@@ -157,7 +157,7 @@ The folder `wazuh-agent` contains a README explaining how to run a container wit
│   │   │   └── wazuh.indexer.yml
│   │   └── wazuh_indexer_ssl_certs [error opening dir]
│   ├── docker-compose.yml
│   ├── generate-indexer-certs.yml
│   ├── generate-certs.yml
│   └── README.md
├── VERSION.json
└── wazuh-agent

2
docs/ref/getting-started/deployment/multi-node.md
View File

@@ -17,7 +17,7 @@ This deployment utilizes the `multi-node/docker-compose.yml` file, which defines
3. Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
```bash
docker-compose -f generate-indexer-certs.yml run --rm generator
docker-compose -f generate-certs.yml run --rm generator
```
4. Start the Wazuh environment using `docker-compose`:

2
docs/ref/getting-started/deployment/single-node.md
View File

@@ -17,7 +17,7 @@ This deployment uses the `single-node/docker-compose.yml` file, which defines a
3. Run the script to generate the necessary certificates for the Wazuh Stack. This ensures secure communication between the nodes:
```bash
docker-compose -f generate-indexer-certs.yml run --rm generator
docker-compose -f generate-certs.yml run --rm generator
```
4. Start the Wazuh environment using `docker-compose`:

2
multi-node/Migration-to-Wazuh-4.4.md
View File

@@ -354,7 +354,7 @@ docker container run --rm -it \
```
git checkout 4.4
cd multi-node
docker-compose -f generate-indexer-certs.yml run --rm generator
docker-compose -f generate-certs.yml run --rm generator
docker-compose up -d
```

2
multi-node/README.md
View File

@@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144
```
2) Run the certificate creation script:
```
$ docker compose -f generate-indexer-certs.yml run --rm generator
$ docker compose -f generate-certs.yml run --rm generator
```
3) Start the environment with docker compose:

12
multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
View File

@@ -1,12 +0,0 @@
server.host: 0.0.0.0
server.port: 5601
opensearch.hosts: https://wazuh1.indexer:9200
opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wz-home

38
multi-node/config/wazuh_indexer/wazuh1.indexer.yml
View File

@@ -1,38 +0,0 @@
network.host: wazuh1.indexer
node.name: wazuh1.indexer
cluster.initial_master_nodes:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
compatibility.override_main_response_version: true

38
multi-node/config/wazuh_indexer/wazuh2.indexer.yml
View File

@@ -1,38 +0,0 @@
network.host: wazuh2.indexer
node.name: wazuh2.indexer
cluster.initial_master_nodes:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
compatibility.override_main_response_version: true

38
multi-node/config/wazuh_indexer/wazuh3.indexer.yml
View File

@@ -1,38 +0,0 @@
network.host: wazuh3.indexer
node.name: wazuh3.indexer
cluster.initial_master_nodes:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
cluster.name: "wazuh-cluster"
discovery.seed_hosts:
- wazuh1.indexer
- wazuh2.indexer
- wazuh3.indexer
node.max_local_storage_nodes: "3"
path.data: /var/lib/wazuh-indexer
path.logs: /var/log/wazuh-indexer
plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false
plugins.security.authcz.admin_dn:
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.check_snapshot_restore_write_privileges: true
plugins.security.enable_snapshot_restore_privilege: true
plugins.security.nodes_dn:
- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"
plugins.security.restapi.roles_enabled:
- "all_access"
- "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false
compatibility.override_main_response_version: true

184
multi-node/docker-compose.yml
View File

@@ -16,15 +16,15 @@ services:
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh1.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
INDEXER_URL: https://wazuh1.indexer:9200
INDEXER_USERNAME: admin
INDEXER_PASSWORD: admin
FILEBEAT_SSL_VERIFICATION_MODE: full
SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
SSL_CERTIFICATE: /etc/ssl/filebeat.pem
SSL_KEY: /etc/ssl/filebeat.key
API_USERNAME: wazuh-wui
API_PASSWORD: MyS3cr37P450r.*-
volumes:
- master-wazuh-api-configuration:/var/ossec/api/configuration
- master-wazuh-etc:/var/ossec/etc
@@ -54,13 +54,13 @@ services:
soft: 655360
hard: 655360
environment:
- INDEXER_URL=https://wazuh1.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
INDEXER_URL: https://wazuh1.indexer:9200
INDEXER_USERNAME: admin
INDEXER_PASSWORD: admin
FILEBEAT_SSL_VERIFICATION_MODE: full
SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
SSL_CERTIFICATE: /etc/ssl/filebeat.pem
SSL_KEY: /etc/ssl/filebeat.key
volumes:
- worker-wazuh-api-configuration:/var/ossec/api/configuration
- worker-wazuh-etc:/var/ossec/etc
@@ -82,11 +82,6 @@ services:
image: wazuh/wazuh-indexer:6.0.0
hostname: wazuh1.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
ulimits:
memlock:
soft: -1
@@ -94,6 +89,38 @@ services:
nofile:
soft: 65536
hard: 65536
ports:
- "9200:9200"
environment:
OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
bootstrap.memory_lock: "true"
NETWORK_HOST: wazuh1.indexer
NODE_NAME: wazuh1.indexer
CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
CLUSTER_NAME: "wazuh-cluster"
DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
NODE_MAX_LOCAL_STORAGE_NODES: "3"
PATH_DATA: /var/lib/wazuh-indexer
PATH_LOGS: /var/log/wazuh-indexer
PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key
PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
volumes:
- wazuh-indexer-data-1:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -101,16 +128,13 @@ services:
- ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
- ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
wazuh2.indexer:
image: wazuh/wazuh-indexer:6.0.0
hostname: wazuh2.indexer
restart: always
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
ulimits:
memlock:
soft: -1
@@ -118,21 +142,48 @@ services:
nofile:
soft: 65536
hard: 65536
environment:
OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
bootstrap.memory_lock: "true"
NETWORK_HOST: wazuh2.indexer
NODE_NAME: wazuh2.indexer
CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
CLUSTER_NAME: "wazuh-cluster"
DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
NODE_MAX_LOCAL_STORAGE_NODES: "3"
PATH_DATA: /var/lib/wazuh-indexer
PATH_LOGS: /var/log/wazuh-indexer
PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key
PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
volumes:
- wazuh-indexer-data-2:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key
- ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem
- ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
wazuh3.indexer:
image: wazuh/wazuh-indexer:6.0.0
hostname: wazuh3.indexer
restart: always
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
ulimits:
memlock:
soft: -1
@@ -140,35 +191,84 @@ services:
nofile:
soft: 65536
hard: 65536
environment:
OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
bootstrap.memory_lock: "true"
NETWORK_HOST: wazuh3.indexer
NODE_NAME: wazuh3.indexer
CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
CLUSTER_NAME: "wazuh-cluster"
DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]'
NODE_MAX_LOCAL_STORAGE_NODES: "3"
PATH_DATA: /var/lib/wazuh-indexer
PATH_LOGS: /var/log/wazuh-indexer
PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key
PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]'
PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
volumes:
- wazuh-indexer-data-3:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key
- ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem
- ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:6.0.0
hostname: wazuh.dashboard
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- 443:5601
environment:
- OPENSEARCH_HOSTS="https://wazuh1.indexer:9200"
- WAZUH_API_URL="https://wazuh.master"
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200"
WAZUH_API_URL: "https://wazuh.master"
API_USERNAME: wazuh-wui
API_PASSWORD: MyS3cr37P450r.*-
DASHBOARD_USERNAME: kibanaserver
DASHBOARD_PASSWORD: kibanaserver
SERVER_HOST: "0.0.0.0"
SERVER_PORT: "5601"
OPENSEARCH_SSL_VERIFICATIONMODE: certificate
OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
SERVER_SSL_ENABLED: "true"
OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
volumes:
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
# if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
depends_on:
- wazuh1.indexer
links:

5
single-node/generate-indexer-certs.yml → multi-node/generate-certs.yml
View File

@@ -1,8 +1,9 @@
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services:
generator:
image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator
image: wazuh/wazuh-cert-tool:6.0.0
hostname: wazuh-cert-tool
container_name: wazuh-cert-tool
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/
- ./config/certs.yml:/config/certs.yml

2
single-node/README.md
View File

@@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144
```
2) Run the certificate creation script:
```
$ docker compose -f generate-indexer-certs.yml run --rm generator
$ docker-compose -f generate-certs.yml run --rm generator
```
3) Start the environment with docker compose:

97
single-node/docker-compose.yml
View File

@@ -17,15 +17,15 @@ services:
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
INDEXER_URL: https://wazuh.indexer:9200
INDEXER_USERNAME: admin
INDEXER_PASSWORD: admin
FILEBEAT_SSL_VERIFICATION_MODE: full
SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
SSL_CERTIFICATE: /etc/ssl/filebeat.pem
SSL_KEY: /etc/ssl/filebeat.key
API_USERNAME: wazuh-wui
API_PASSWORD: MyS3cr37P450r.*-
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration
- wazuh_etc:/var/ossec/etc
@@ -47,10 +47,6 @@ services:
image: wazuh/wazuh-indexer:6.0.0
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
ulimits:
memlock:
soft: -1
@@ -58,6 +54,37 @@ services:
nofile:
soft: 65536
hard: 65536
ports:
- "9200:9200"
environment:
OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g"
bootstrap.memory_lock: "true"
NODE_NAME: "wazuh.indexer"
CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer"
CLUSTER_NAME: "wazuh-cluster"
PATH_DATA: /var/lib/wazuh-indexer
PATH_LOGS: /var/log/wazuh-indexer
HTTP_PORT: 9200-9299
TRANSPORT_TCP_PORT: 9300-9399
COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true"
PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem
PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true"
PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false"
PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false"
PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true"
PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true"
PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]'
PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true"
PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]'
PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true"
CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false"
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
@@ -65,31 +92,49 @@ services:
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
# if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:6.0.0
hostname: wazuh.dashboard
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
WAZUH_API_URL: https://wazuh.manager
DASHBOARD_USERNAME: kibanaserver
DASHBOARD_PASSWORD: kibanaserver
API_USERNAME: wazuh-wui
API_PASSWORD: MyS3cr37P450r.*-
SERVER_HOST: 0.0.0.0
SERVER_PORT: 5601
OPENSEARCH_HOSTS: https://wazuh.indexer:9200
OPENSEARCH_SSL_VERIFICATIONMODE: certificate
OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]'
OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false"
SERVER_SSL_ENABLED: "true"
OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]'
SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]'
UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home
volumes:
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
- ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml
# if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables
# - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml
depends_on:
- wazuh.indexer
links:

6
multi-node/generate-indexer-certs.yml → single-node/generate-certs.yml
View File

@@ -1,8 +1,10 @@
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services:
generator:
image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator
image: wazuh/wazuh-cert-tool:6.0.0
hostname: wazuh-cert-tool
container_name: wazuh-cert-tool
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/
- ./config/certs.yml:/config/certs.yml

2
tools/repository_bumper.sh
View File

@@ -78,7 +78,7 @@ update_stage_in_files() {
update_docker_images_tag() {
local NEW_TAG="$1"
local DOCKERFILES=( $(grep_command "wazuh/wazuh-[a-zA-Z0-9._-]*" "${DIR}" "--exclude="README.md" --exclude="generate-indexer-certs.yml"") )
local DOCKERFILES=( $(grep_command "wazuh/wazuh-[a-zA-Z0-9._-]*" "${DIR}" "--exclude="README.md" --exclude="generate-certs.yml"") )
for file in "${DOCKERFILES[@]}"; do
sed -i -E "s/(wazuh\/wazuh-[a-zA-Z0-9._-]*):[a-zA-Z0-9._-]+/\1:${NEW_TAG}/g" "${file}"
if [[ $(git diff --name-only "${file}") ]]; then