Compare commits

..

129 Commits

Author SHA1 Message Date
Alberto Rodríguez
f00245007d Merge pull request #516 from wazuh/4.2.2
Release v4.2.2
2021-09-15 16:50:12 +02:00
vcerenu
084407f9c9 Update 4.2.2 2021-09-15 10:55:43 -03:00
vcerenu
f0ebabad89 Update 4.2.2 2021-09-15 10:51:19 -03:00
Alberto Rodríguez
afd70ff5f9 Merge pull request #513 from wazuh/4.2.1
Release v4.2.1
2021-09-14 15:12:06 +02:00
vcerenu
61f3e080a3 Update 4.2.1 2021-09-14 10:08:48 -03:00
vcerenu
2dd9fdfa99 Update 4.2.1 2021-09-14 10:03:16 -03:00
vcerenu
daaac09c9c Update 4.2.1 2021-09-13 15:21:53 -03:00
vcerenu
8d0dd5baeb Update 4.2.1 2021-09-09 11:13:04 -03:00
vcerenu
9e9de07322 Update 4.2.1 2021-09-09 09:23:36 -03:00
José Fernández Aguilera
6ed79996af Merge pull request #509 from wazuh/fix-4.2-upgrade
Fix 4.2 upgrade
2021-09-03 11:37:17 +02:00
dfolcha
413dd71d44 Remove -r flag 2021-09-03 09:16:20 +02:00
dfolcha
68bc08f78f Add function to rename files and directories 2021-09-02 17:05:23 +02:00
dfolcha
6da1b19698 Exclude queue/ossec from volume 2021-09-02 15:12:33 +02:00
José Fernández Aguilera
750fe5ffe8 Merge pull request #504 from wazuh/update-4.2
Update AR files
2021-08-27 12:18:23 +02:00
dfolcha
137f0ba88f Update goss tests 2021-08-27 12:11:00 +02:00
dfolcha
25cb1fa872 Fix wrong OD version 2021-08-27 12:01:58 +02:00
dfolcha
8a01495968 Update AR files 2021-08-27 10:47:45 +02:00
Alberto Rodríguez
1ed0bc8e01 Merge pull request #503 from wazuh/update-4.2
Update 4.2
2021-08-26 16:17:13 +02:00
dfolcha
0699c8fe21 Add admin key pair to production development 2021-08-26 15:08:18 +02:00
Alberto R
64c61bcdbf Fixed mode Kibana settings 2021-06-28 23:35:30 +02:00
Alberto Rodríguez
5074eb0b44 Merge pull request #479 from wazuh/476-update-4.2
Bump ODFE 3.13.2 on Wazuh 4.2.0
2021-05-24 14:03:33 +02:00
José Fernández
c8b8e8b134 Bump to ODFE 1.13.2 2021-05-24 13:01:47 +02:00
José Fernández
fc54288a0d Update README 2021-05-24 11:45:07 +02:00
Alberto Rodríguez
09731ec148 Merge pull request #473 from wazuh/457-nginx-conf-readme-4.2
457: Broken link fix and removed deprecated information at README
2021-04-29 14:35:31 +02:00
jcruzlp
2b9e1a6f89 Removed unussed basic auth 2021-04-27 13:39:14 +02:00
jcruzlp
5550edb4ae Fixed broken link 2021-04-27 13:39:13 +02:00
VictorMorenoJimenez
45e08437fc Change ossec-control to wazuh-control 2021-04-15 15:57:48 +02:00
Alberto Rodríguez
1cf4376e3b Merge pull request #461 from wazuh/feature-name-change
Feature name change
2021-04-13 17:27:20 +02:00
VictorMorenoJimenez
3c1175b0a0 Bump to v4.2.0 2021-04-13 16:44:28 +02:00
Victor Moreno Jimenez
1dad6eb83e Bump to v4.1.4 2021-04-13 16:44:28 +02:00
Victor Moreno Jimenez
10a02f88fa Bump to 4.1.3 2021-04-13 16:44:27 +02:00
Manuel Gutierrez
67fd91da9b Bump to 4.1.1 2021-04-13 16:44:27 +02:00
Manuel Gutierrez
c146068138 Add xpack-from-sources 2021-04-13 16:44:27 +02:00
Manuel Gutierrez
5fa1d1eeb6 Update kibana xpack paths 2021-04-13 16:44:26 +02:00
Manuel Gutierrez
8a93c8fe3a Fix curl ssl check 2021-04-13 16:44:26 +02:00
Manuel Gutierrez
ed5f8c0816 Fix elastic version 2021-04-13 16:44:26 +02:00
Manuel Gutierrez
02965be924 Fix changelog 2021-04-13 16:44:25 +02:00
Manuel Gutierrez
ad9aa18966 Bump images on prod cluster 2021-04-13 16:44:25 +02:00
Manuel Gutierrez
21f37d6765 Update changelog 2021-04-13 16:44:25 +02:00
Manuel Gutierrez
01f8dfc46e Update xpack compose 2021-04-13 16:44:24 +02:00
Manuel Gutierrez
c0a65c4ba6 Update Goss tests 2021-04-13 16:44:24 +02:00
Manuel Gutierrez
63a32590b0 Bump odfe images 2021-04-13 16:44:24 +02:00
Manuel Gutierrez
b76adb084d Bump xpack images 2021-04-13 16:44:23 +02:00
Manuel Gutierrez
f23f7fafab Update paths 2021-04-13 16:44:23 +02:00
Manuel Gutierrez
fceb9f0e07 Bump versions and update path 2021-04-13 16:44:23 +02:00
Manuel Gutierrez
7ddc4daed1 Bump versions 2021-04-13 16:44:22 +02:00
Manuel Gutierrez
574a0147ea Update compatibility matrix 2021-04-13 16:44:22 +02:00
Manuel Gutierrez
2f683e43c6 Bump odfe version 2021-04-13 16:44:22 +02:00
Manuel Gutierrez
6b2780e221 Update version 2021-04-13 16:44:21 +02:00
Manuel Gutierrez
4cc0eeea2e Add goss binary for health checks 2021-04-13 16:44:21 +02:00
Manuel Gutierrez
249c1adb8c Remove dev tag from version 2021-04-13 16:44:21 +02:00
Manuel Gutierrez
a4646f388a Rename cert generator container name 2021-04-13 16:44:20 +02:00
Manuel Gutierrez
6d231cea90 Add generate-elasticsearch-certs.yml and instances.yml 2021-04-13 16:44:20 +02:00
Manuel Gutierrez
b45f09fff5 Update xpack-compose 2021-04-13 16:44:20 +02:00
Manuel Gutierrez
15d65820ae Remove kibana_ip 2021-04-13 16:44:19 +02:00
Manuel Gutierrez
5d43a0acf8 Use kibana_proto 2021-04-13 16:44:19 +02:00
Manuel Gutierrez
75034895ce Fix curl auth params 2021-04-13 16:44:18 +02:00
Manuel Gutierrez
f848aa9600 Bump copyright 2021-04-13 16:44:18 +02:00
Manuel Gutierrez
09153da593 Bump to 4.0.4 2021-04-13 16:44:18 +02:00
Manuel Gutierrez
3428f982f3 Add sample compose for xpack variant 2021-04-13 16:44:17 +02:00
Manuel Gutierrez
c53a0f86f6 Remove duplicated xpack_config exec 2021-04-13 16:44:17 +02:00
Manuel Gutierrez
ffb4395da0 Set Wazuh app as default route 2021-04-13 16:44:17 +02:00
Manuel Gutierrez
31dbb7fc20 Remove useless ARG 2021-04-13 16:44:16 +02:00
Manuel Gutierrez
24b2c4bc4b Backport kibana-xpack image to v4 2021-04-13 16:44:16 +02:00
Manuel Gutierrez
59ccbbee8e Use an ARG to select filebeat channel 2021-04-13 16:44:16 +02:00
Manuel Gutierrez
cdf31d7a08 Re-enable entrypoint scripts 2021-04-13 16:44:15 +02:00
Manuel Gutierrez
bb8cbc6d15 Bump s6-overlay version 2021-04-13 16:44:15 +02:00
Manuel Gutierrez
9656c348a2 Add link to changelog 2021-04-13 16:44:15 +02:00
Manuel Gutierrez
2b5c950c48 Bump goss test 2021-04-13 16:44:14 +02:00
Manuel Gutierrez
504d5b8cc4 Bump year 2021-04-13 16:44:14 +02:00
Manuel Gutierrez
1eb94b82ee Bump versions 2021-04-13 16:44:14 +02:00
Manuel Gutierrez
6228d3077d Add tests for Kibana customizations 2021-04-13 16:44:13 +02:00
Manuel Gutierrez
01563af39a Execute tests for kibana image 2021-04-13 16:44:13 +02:00
Manuel Gutierrez
1441e570a8 Add Goss tests for Kibana image 2021-04-13 16:44:13 +02:00
Manuel Gutierrez
20ebf9b467 Port all tests from Ansible repo 2021-04-13 16:44:12 +02:00
Manuel Gutierrez
1460c07b92 Include GOSS_SLEEP 2021-04-13 16:44:12 +02:00
Manuel Gutierrez
ae1611e07c Fix yaml syntax 2021-04-13 16:44:12 +02:00
Manuel Gutierrez
5109a35e6a Add Goss Actions 2021-04-13 16:44:11 +02:00
Manuel Gutierrez
94c0307f00 Add goss verifications 2021-04-13 16:44:11 +02:00
VictorMorenoJimenez
102d6ced90 Bump to v4.2.0 2021-04-13 16:39:14 +02:00
Alberto Rodríguez
60c5b53844 Merge pull request #456 from wazuh/bump-4.1.4
Bump to v4.1.4
2021-03-26 15:11:11 +01:00
Victor Moreno Jimenez
653a3f3237 Bump to v4.1.4 2021-03-26 08:59:23 +01:00
Alberto Rodríguez
89754be5cf Merge pull request #455 from wazuh/bump-4.1.3
Bump to 4.1.3
2021-03-23 18:09:31 +01:00
Victor Moreno Jimenez
9694d59016 Bump to 4.1.3 2021-03-23 16:10:06 +01:00
Alberto Rodríguez
110f30148e Merge pull request #445 from wazuh/release-wazuh_4.1.1
Bump to 4.1.1
2021-02-25 17:50:03 +01:00
Manuel Gutierrez
b5db817ecc Bump to 4.1.1 2021-02-22 12:31:59 +01:00
Manuel Gutierrez
b36f24a128 Merge pull request #442 from wazuh/release-wazuh_4.1.0
Release wazuh 4.1.0
2021-02-17 17:55:24 +01:00
Manuel Gutierrez
5da9c5dd1f Add xpack-from-sources 2021-02-17 17:54:09 +01:00
Manuel Gutierrez
4eb80c83b0 Update kibana xpack paths 2021-02-17 17:45:05 +01:00
Manuel Gutierrez
68c41bd64c Fix curl ssl check 2021-02-17 17:40:19 +01:00
Manuel Gutierrez
41f2397725 Fix elastic version 2021-02-17 16:39:44 +01:00
Manuel Gutierrez
5673a9115c Fix changelog 2021-02-17 16:31:49 +01:00
Manuel Gutierrez
f019658c86 Bump images on prod cluster 2021-02-17 15:51:45 +01:00
Manuel Gutierrez
eb944445be Update changelog 2021-02-17 15:41:47 +01:00
Manuel Gutierrez
fe3b9335c1 Update xpack compose 2021-02-17 14:54:04 +01:00
Manuel Gutierrez
771e4e3988 Update Goss tests 2021-02-17 14:53:52 +01:00
Manuel Gutierrez
6f60a87b46 Bump odfe images 2021-02-17 14:44:09 +01:00
Manuel Gutierrez
201e750f2c Bump xpack images 2021-02-17 14:43:59 +01:00
Manuel Gutierrez
7e75b29a0f Update paths 2021-02-17 14:07:55 +01:00
Manuel Gutierrez
1c512ae437 Bump versions and update path 2021-02-16 17:19:08 +01:00
Manuel Gutierrez
7cc89ffdb1 Bump versions 2021-02-16 17:17:54 +01:00
Manuel Gutierrez
e3d1aa16d0 Update compatibility matrix 2021-02-16 17:16:55 +01:00
Manuel Gutierrez
b7afcf7646 Bump odfe version 2021-02-16 17:09:28 +01:00
Manuel Gutierrez
b290efb376 Update version 2021-02-16 17:09:09 +01:00
Manuel Gutierrez
8dd9bc0421 Merge pull request #441 from wazuh/add-goss-binary
Add goss binary for health checks
2021-02-16 11:30:31 +01:00
Manuel Gutierrez
64db5f9067 Add goss binary for health checks 2021-02-15 18:02:24 +01:00
Manuel Gutierrez
5313c60a06 Merge pull request #409 from wazuh/feature-xpack-4.0
Add images compatible with xpack
2021-02-05 18:10:44 +01:00
Manuel Gutierrez
ca11769d4f Remove dev tag from version 2021-02-05 16:13:48 +01:00
Manuel Gutierrez
1cc88b3097 Rename cert generator container name 2021-02-04 18:33:04 +01:00
Manuel Gutierrez
e20fb6e728 Add generate-elasticsearch-certs.yml and instances.yml 2021-02-04 18:26:04 +01:00
Manuel Gutierrez
d84631761a Update xpack-compose 2021-02-04 18:25:39 +01:00
Manuel Gutierrez
08ac53fee9 Merge pull request #435 from wazuh/433-entrypoint-scripts
Re-enable entrypoint scripts
2021-02-03 14:02:01 +01:00
Manuel Gutierrez
f4c484e887 Re-enable entrypoint scripts 2021-02-03 11:32:07 +01:00
Manuel Gutierrez
7a99967144 Remove kibana_ip 2021-02-02 19:00:06 +01:00
Manuel Gutierrez
cd7d882261 Use kibana_proto 2021-02-02 18:59:46 +01:00
Manuel Gutierrez
217be9a075 Fix curl auth params 2021-02-02 18:57:16 +01:00
Manuel Gutierrez
e683a68cb4 Bump copyright 2021-01-29 13:13:29 +01:00
Manuel Gutierrez
59b55c6d5c Bump to 4.0.4 2021-01-29 13:13:10 +01:00
Manuel Gutierrez
0d5d167a5d Add sample compose for xpack variant 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
13ad837787 Remove duplicated xpack_config exec 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
0ce9aa9991 Set Wazuh app as default route 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
d2c91ff90a Remove useless ARG 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
c3943a1523 Backport kibana-xpack image to v4 2021-01-26 15:29:34 +01:00
Manuel Gutierrez
6c9506aa9a Use an ARG to select filebeat channel 2021-01-26 15:29:32 +01:00
Manuel Gutierrez
68256252c7 Merge pull request #432 from wazuh/bump-s6-overlay
Bump s6-overlay version
2021-01-25 10:14:29 +01:00
Manuel Gutierrez
c8184b9145 Bump s6-overlay version 2021-01-22 17:53:43 +01:00
Manuel Gutierrez
eed5b2a454 Merge pull request #422 from wazuh/feature-tools-rename
Adopt Wazuh standard on tool names
2020-12-15 19:14:44 +01:00
Manuel Gutierrez
0da4a86f07 Update references to authd 2020-12-15 15:21:34 +01:00
Manuel Gutierrez
bb85a9aef2 Update script name 2020-12-15 13:23:34 +01:00
33 changed files with 1085 additions and 91 deletions

View File

@@ -6,28 +6,28 @@ file:
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/bundles/light_theme.style.css: /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css:
exists: true exists: true
mode: "0664" mode: "0664"
owner: kibana owner: kibana
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/bundles/wazuh_logo_circle.svg: /usr/share/kibana/src/core/server/core_app/assets/wazuh_logo_circle.svg:
exists: true exists: true
mode: "0644" mode: "0644"
owner: kibana owner: kibana
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/bundles/wazuh_wazuh_bg.svg: /usr/share/kibana/src/core/server/core_app/assets/wazuh_wazuh_bg.svg:
exists: true exists: true
mode: "0644" mode: "0644"
owner: kibana owner: kibana
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/usr/share/kibana/optimize/wazuh/config/wazuh.yml: /usr/share/kibana/data/wazuh/config/wazuh.yml:
exists: true exists: true
mode: "0644" mode: "0644"
owner: kibana owner: kibana

View File

@@ -6,7 +6,7 @@ file:
group: root group: root
filetype: file filetype: file
contains: [] contains: []
/var/ossec/bin/ossec-control: /var/ossec/bin/wazuh-control:
exists: true exists: true
mode: "0750" mode: "0750"
owner: root owner: root
@@ -52,11 +52,11 @@ package:
filebeat: filebeat:
installed: true installed: true
versions: versions:
- 7.9.1 - 7.10.2
wazuh-manager: wazuh-manager:
installed: true installed: true
versions: versions:
- 4.0.4 - 4.2.2
port: port:
tcp:1514: tcp:1514:
listening: true listening: true
@@ -95,17 +95,17 @@ group:
process: process:
filebeat: filebeat:
running: true running: true
ossec-analysisd: wazuh-analysisd:
running: true running: true
ossec-authd: wazuh-authd:
running: true running: true
ossec-execd: wazuh-execd:
running: true running: true
ossec-monitord: wazuh-monitord:
running: true running: true
ossec-remoted: wazuh-remoted:
running: true running: true
ossec-syscheckd: wazuh-syscheckd:
running: true running: true
s6-supervise: s6-supervise:
running: true running: true

View File

@@ -1,6 +1,57 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## Wazuh Docker v4.2.2
### Added
- Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422)
## Wazuh Docker v4.2.1
### Added
- Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
## Wazuh Docker v4.2.0
### Added
- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
## Wazuh Docker v4.1.5
### Added
- Update Wazuh to version [4.1.5](https://github.com/wazuh/wazuh/blob/v4.1.5/CHANGELOG.md#v415)
- Update ODFE compatibility to version 1.13.2
## Wazuh Docker v4.1.4
### Added
- Update Wazuh to version [4.1.4](https://github.com/wazuh/wazuh/blob/v4.1.4/CHANGELOG.md#v414)
## Wazuh Docker v4.1.3
### Added
- Update Wazuh to version [4.1.3](https://github.com/wazuh/wazuh/blob/v4.1.3/CHANGELOG.md#v413)
## Wazuh Docker v4.1.2
### Added
- Update Wazuh to version [4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v412)
## Wazuh Docker v4.1.1
### Added
- Update Wazuh to version [4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411)
## Wazuh Docker v4.1.0
### Added
- Update Wazuh to version [4.1.0](https://github.com/wazuh/wazuh/blob/v4.1.0/CHANGELOG.md#v410)
- Update ODFE compatibility to version 1.12.0
- Add support for Elasticsearch (xpack) images once again (7.10.2) ([@xr09](https://github.com/xr09)) [#409](https://github.com/wazuh/wazuh-docker/pull/409)
- Re-enable entrypoint scripts ([@xr09](https://github.com/xr09)) [#435](https://github.com/wazuh/wazuh-docker/pull/435)
- Add Goss binary for healthchecks ([@xr09](https://github.com/xr09)) [$441](https://github.com/wazuh/wazuh-docker/pull/441)
- Update s6-overlay to latest version
## Wazuh Docker v4.0.4_1.11.0 ## Wazuh Docker v4.0.4_1.11.0
### Added ### Added

View File

@@ -22,11 +22,11 @@ In addition, a docker-compose file is provided to launch the containers mentione
* [Docker hub](https://hub.docker.com/u/wazuh) * [Docker hub](https://hub.docker.com/u/wazuh)
### Setup SSL certificate and Basic Authentication ### Setup SSL certificate
Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth. Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
Documentation on how to provide these two can be found at [nginx_conf/README.md](nginx_conf/README.md). Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
## Environment Variables ## Environment Variables
@@ -146,24 +146,28 @@ ADMIN_PRIVILEGES=true # App privileges
## Branches ## Branches
* `4.0` branch on correspond to the latest Wazuh-Docker stable version.
* `master` branch contains the latest code, be aware of possible bugs on this branch. * `master` branch contains the latest code, be aware of possible bugs on this branch.
* `Wazuh.Version_ElasticStack.Version` (for example 3.13.1_7.8.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch. * `stable` branch on correspond to the last Wazuh stable version.
## Compatibility Matrix ## Compatibility Matrix
| Wazuh version | ODFE | | Wazuh version | ODFE | XPACK |
|---------------|---------| |---------------|---------|--------|
| v4.0.4 | 1.11.0 | | v4.2.2 | 1.13.2 | 7.11.2 |
|---------------|---------| | v4.2.1 | 1.13.2 | 7.11.2 |
| v4.0.3 | 1.11.0 | | v4.2.0 | 1.13.2 | 7.10.2 |
|---------------|---------| | v4.1.5 | 1.13.2 | 7.10.2 |
| v4.0.2 | 1.11.0 | | v4.1.4 | 1.12.0 | 7.10.2 |
|---------------|---------| | v4.1.3 | 1.12.0 | 7.10.2 |
| v4.0.1 | 1.11.0 | | v4.1.2 | 1.12.0 | 7.10.2 |
|---------------|---------| | v4.1.1 | 1.12.0 | 7.10.2 |
| v4.0.0 | 1.10.1 | | v4.1.0 | 1.12.0 | 7.10.2 |
| v4.0.4 | 1.11.0 | |
| v4.0.3 | 1.11.0 | |
| v4.0.2 | 1.11.0 | |
| v4.0.1 | 1.11.0 | |
| v4.0.0 | 1.10.1 | |
## Credits and Thank you ## Credits and Thank you

View File

@@ -1,2 +1,2 @@
WAZUH-DOCKER_VERSION="4.0.4_1.11.0" WAZUH-DOCKER_VERSION="4.2.2"
REVISION="40400" REVISION="40215"

View File

@@ -31,7 +31,7 @@ services:
- filebeat_var:/var/lib/filebeat - filebeat_var:/var/lib/filebeat
elasticsearch: elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch hostname: elasticsearch
restart: always restart: always
ports: ports:

View File

@@ -3,7 +3,7 @@ version: '3.7'
services: services:
wazuh: wazuh:
image: wazuh/wazuh-odfe:4.0.4_1.11.0 image: wazuh/wazuh-odfe:4.2.2
hostname: wazuh-manager hostname: wazuh-manager
restart: always restart: always
ports: ports:
@@ -30,7 +30,7 @@ services:
- filebeat_var:/var/lib/filebeat - filebeat_var:/var/lib/filebeat
elasticsearch: elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch hostname: elasticsearch
restart: always restart: always
ports: ports:
@@ -50,7 +50,7 @@ services:
hard: 65536 hard: 65536
kibana: kibana:
image: wazuh/wazuh-kibana-odfe:4.0.4_1.11.0 image: wazuh/wazuh-kibana-odfe:4.2.2
hostname: kibana hostname: kibana
restart: always restart: always
ports: ports:

View File

@@ -0,0 +1,17 @@
version: '2.2'
services:
generator:
container_name: generator
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
command: >
bash -c '
if [[ ! -f config/certificates/bundle.zip ]]; then
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip;
unzip config/certificates/bundle.zip -d config/certificates/;
fi;
chown -R 1000:0 config/certificates
'
user: "0"
working_dir: /usr/share/elasticsearch
volumes: ['./xpack:/usr/share/elasticsearch/config/certificates']

View File

@@ -1,8 +1,8 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM amazon/opendistro-for-elasticsearch-kibana:1.11.0 FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
USER kibana USER kibana
ARG ELASTIC_VERSION=7.9.1 ARG ELASTIC_VERSION=7.10.2
ARG WAZUH_VERSION=4.0.4 ARG WAZUH_VERSION=4.2.2
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}" ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana WORKDIR /usr/share/kibana
@@ -42,7 +42,6 @@ ENV PATTERN="" \
ADMIN_PRIVILEGES="" ADMIN_PRIVILEGES=""
USER kibana USER kibana
RUN NODE_OPTIONS="--max-old-space-size=2048" /usr/local/bin/kibana-docker --optimize
COPY ./config/custom_welcome /tmp/custom_welcome COPY ./config/custom_welcome /tmp/custom_welcome
COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./ COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
@@ -50,7 +49,7 @@ RUN chmod +x ./welcome_wazuh.sh
ARG CHANGE_WELCOME="true" ARG CHANGE_WELCOME="true"
RUN ./welcome_wazuh.sh RUN ./welcome_wazuh.sh
COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/optimize/wazuh/config/wazuh.yml COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml
COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./ COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
RUN chmod +x ./wazuh_app_config.sh RUN chmod +x ./wazuh_app_config.sh

View File

@@ -18,8 +18,6 @@ WAZUH_MAJOR=4
# Customize elasticsearch ip # Customize elasticsearch ip
############################################################################## ##############################################################################
sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
# disable multitenancy
sed -i "s|opendistro_security.multitenancy.enabled:.*|opendistro_security.multitenancy.enabled: false|g" /usr/share/kibana/config/kibana.yml
# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate. # If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
if [ "$KIBANA_INDEX" != "" ]; then if [ "$KIBANA_INDEX" != "" ]; then
@@ -55,6 +53,6 @@ rm -f ${default_index}
sleep 5 sleep 5
# Configuring Kibana TimePicker. # Configuring Kibana TimePicker.
curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \ curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\",\n \"mode\": \"quick\"}"}}' '{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\"}"}}'
echo "End settings" echo "End settings"

View File

@@ -6,7 +6,7 @@ wazuh_port="${API_PORT:-55000}"
api_username="${API_USERNAME:-wazuh-wui}" api_username="${API_USERNAME:-wazuh-wui}"
api_password="${API_PASSWORD:-wazuh-wui}" api_password="${API_PASSWORD:-wazuh-wui}"
kibana_config_file="/usr/share/kibana/optimize/wazuh/config/wazuh.yml" kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml"
declare -A CONFIG_MAP=( declare -A CONFIG_MAP=(
[pattern]=$PATTERN [pattern]=$PATTERN

View File

@@ -4,11 +4,11 @@
if [[ $CHANGE_WELCOME == "true" ]] if [[ $CHANGE_WELCOME == "true" ]]
then then
echo "Set Wazuh app as the default landing page" echo "Set Wazuh app as the default landing page"
echo "server.defaultRoute: /app/wazuh" >> /usr/share/kibana/config/kibana.yml echo "server.defaultRoute: /app/wazuh?security_tenant=global" >> /usr/share/kibana/config/kibana.yml
echo "Set custom welcome styles" echo "Set custom welcome styles"
cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs
cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/optimize/bundles/light_theme.style.css cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css
cp -f /tmp/custom_welcome/*svg /usr/share/kibana/optimize/bundles/ cp -f /tmp/custom_welcome/*svg /usr/share/kibana/src/core/server/core_app/assets/
fi fi

64
kibana/Dockerfile Normal file
View File

@@ -0,0 +1,64 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM docker.elastic.co/kibana/kibana:7.10.2
USER kibana
ARG ELASTIC_VERSION=7.10.2
ARG WAZUH_VERSION=4.2.2
ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
WORKDIR /usr/share/kibana
RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip
ENV PATTERN="" \
CHECKS_PATTERN="" \
CHECKS_TEMPLATE="" \
CHECKS_API="" \
CHECKS_SETUP="" \
EXTENSIONS_PCI="" \
EXTENSIONS_GDPR="" \
EXTENSIONS_HIPAA="" \
EXTENSIONS_NIST="" \
EXTENSIONS_TSC="" \
EXTENSIONS_AUDIT="" \
EXTENSIONS_OSCAP="" \
EXTENSIONS_CISCAT="" \
EXTENSIONS_AWS="" \
EXTENSIONS_GCP="" \
EXTENSIONS_VIRUSTOTAL="" \
EXTENSIONS_OSQUERY="" \
EXTENSIONS_DOCKER="" \
APP_TIMEOUT="" \
API_SELECTOR="" \
IP_SELECTOR="" \
IP_IGNORE="" \
WAZUH_MONITORING_ENABLED="" \
WAZUH_MONITORING_FREQUENCY="" \
WAZUH_MONITORING_SHARDS="" \
WAZUH_MONITORING_REPLICAS="" \
ADMIN_PRIVILEGES="" \
XPACK_CANVAS="true" \
XPACK_LOGS="true" \
XPACK_INFRA="true" \
XPACK_ML="true" \
XPACK_DEVTOOLS="true" \
XPACK_MONITORING="true" \
XPACK_APM="true"
WORKDIR /
USER kibana
COPY --chown=kibana:kibana config/entrypoint.sh ./entrypoint.sh
RUN chmod 755 ./entrypoint.sh
RUN printf "\nserver.defaultRoute: /app/wazuh\n" >> /usr/share/kibana/config/kibana.yml
COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml
COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
RUN chmod +x ./wazuh_app_config.sh
COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
RUN chmod +x ./kibana_settings.sh
COPY --chown=kibana:kibana ./config/xpack_config.sh ./
RUN chmod +x ./xpack_config.sh
ENTRYPOINT ./entrypoint.sh

View File

@@ -0,0 +1,60 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
set -e
##############################################################################
# Waiting for elasticsearch
##############################################################################
if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
export el_url="http://elasticsearch:9200"
else
export el_url="${ELASTICSEARCH_URL}"
fi
if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
export auth=""
else
export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k"
fi
until curl -XGET $el_url ${auth}; do
>&2 echo "Elastic is unavailable - sleeping"
sleep 5
done
sleep 2
>&2 echo "Elasticsearch is up."
##############################################################################
# Waiting for wazuh alerts template
##############################################################################
strlen=0
while [[ $strlen -eq 0 ]]
do
template=$(curl ${auth} $el_url/_cat/templates/wazuh -s)
strlen=${#template}
>&2 echo "Wazuh alerts template not loaded - sleeping."
sleep 2
done
sleep 2
>&2 echo "Wazuh alerts template is loaded."
./xpack_config.sh
./wazuh_app_config.sh
sleep 5
./kibana_settings.sh &
sleep 2
/usr/local/bin/kibana-docker

View File

@@ -0,0 +1,79 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
WAZUH_MAJOR=4
##############################################################################
# Wait for the Kibana API to start. It is necessary to do it in this container
# because the others are running Elastic Stack and we can not interrupt them.
#
# The following actions are performed:
#
# Add the wazuh alerts index as default.
# Set the Discover time interval to 24 hours instead of 15 minutes.
# Do not ask user to help providing usage statistics to Elastic.
##############################################################################
##############################################################################
# Customize elasticsearch ip
##############################################################################
sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
if [ "$KIBANA_INDEX" != "" ]; then
if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
fi
echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
fi
kibana_proto="http"
if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
kibana_proto="https"
if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
fi
echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
fi
# Add auth headers if required
if [ "$ELASTICSEARCH_USERNAME" != "" ] && [ "$ELASTICSEARCH_PASSWORD" != "" ]; then
curl_auth="-u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD"
fi
while [[ "$(curl $curl_auth -XGET -I -s -o /dev/null -w ''%{http_code}'' -k $kibana_proto://127.0.0.1:5601/status)" != "200" ]]; do
echo "Waiting for Kibana API. Sleeping 5 seconds"
sleep 5
done
# Prepare index selection.
echo "Kibana API is running"
default_index="/tmp/default_index.json"
cat > ${default_index} << EOF
{
"changes": {
"defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
}
}
EOF
sleep 5
# Add the wazuh alerts index as default.
curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
rm -f ${default_index}
sleep 5
# Configuring Kibana TimePicker.
curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
'{"changes":{"timepicker:timeDefaults":"{\n \"from\": \"now-12h\",\n \"to\": \"now\"}"}}'
sleep 5
# Do not ask user to help providing usage statistics to Elastic
curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
echo "End settings"

162
kibana/config/wazuh.yml Normal file
View File

@@ -0,0 +1,162 @@
---
#
# Wazuh app - App configuration file
# Copyright (C) 2015-2021 Wazuh, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Find more information about this on the LICENSE file.
#
# ======================== Wazuh app configuration file ========================
#
# Please check the documentation for more information on configuration options:
# https://documentation.wazuh.com/current/installation-guide/index.html
#
# Also, you can check our repository:
# https://github.com/wazuh/wazuh-kibana-app
#
# ------------------------------- Index patterns -------------------------------
#
# Default index pattern to use.
#pattern: wazuh-alerts-*
#
# ----------------------------------- Checks -----------------------------------
#
# Defines which checks must to be consider by the healthcheck
# step once the Wazuh app starts. Values must to be true or false.
#checks.pattern : true
#checks.template: true
#checks.api : true
#checks.setup : true
#checks.metaFields: true
#
# --------------------------------- Extensions ---------------------------------
#
# Defines which extensions should be activated when you add a new API entry.
# You can change them after Wazuh app starts.
# Values must to be true or false.
#extensions.pci : true
#extensions.gdpr : true
#extensions.hipaa : true
#extensions.nist : true
#extensions.tsc : true
#extensions.audit : true
#extensions.oscap : false
#extensions.ciscat : false
#extensions.aws : false
#extensions.gcp : false
#extensions.virustotal: false
#extensions.osquery : false
#extensions.docker : false
#
# ---------------------------------- Time out ----------------------------------
#
# Defines maximum timeout to be used on the Wazuh app requests.
# It will be ignored if it is bellow 1500.
# It means milliseconds before we consider a request as failed.
# Default: 20000
#timeout: 20000
#
# -------------------------------- API selector --------------------------------
#
# Defines if the user is allowed to change the selected
# API directly from the Wazuh app top menu.
# Default: true
#api.selector: true
#
# --------------------------- Index pattern selector ---------------------------
#
# Defines if the user is allowed to change the selected
# index pattern directly from the Wazuh app top menu.
# Default: true
#ip.selector: true
#
# List of index patterns to be ignored
#ip.ignore: []
#
# -------------------------------- X-Pack RBAC ---------------------------------
#
# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
# Default: enabled
#xpack.rbac.enabled: true
#
# ------------------------------ wazuh-monitoring ------------------------------
#
# Custom setting to enable/disable wazuh-monitoring indices.
# Values: true, false, worker
# If worker is given as value, the app will show the Agents status
# visualization but won't insert data on wazuh-monitoring indices.
# Default: true
#wazuh.monitoring.enabled: true
#
# Custom setting to set the frequency for wazuh-monitoring indices cron task.
# Default: 900 (s)
#wazuh.monitoring.frequency: 900
#
# Configure wazuh-monitoring-* indices shards and replicas.
#wazuh.monitoring.shards: 2
#wazuh.monitoring.replicas: 0
#
# Configure wazuh-monitoring-* indices custom creation interval.
# Values: h (hourly), d (daily), w (weekly), m (monthly)
# Default: d
#wazuh.monitoring.creation: d
#
# Default index pattern to use for Wazuh monitoring
#wazuh.monitoring.pattern: wazuh-monitoring-*
#
# --------------------------------- wazuh-cron ----------------------------------
#
# Customize the index prefix of predefined jobs
# This change is not retroactive, if you change it new indexes will be created
# cron.prefix: test
#
# ------------------------------ wazuh-statistics -------------------------------
#
# Custom setting to enable/disable statistics tasks.
#cron.statistics.status: true
#
# Enter the ID of the APIs you want to save data from, leave this empty to run
# the task on all configured APIs
#cron.statistics.apis: []
#
# Define the frequency of task execution using cron schedule expressions
#cron.statistics.interval: 0 0 * * * *
#
# Define the name of the index in which the documents are to be saved.
#cron.statistics.index.name: statistics
#
# Define the interval in which the index will be created
#cron.statistics.index.creation: w
#
# ------------------------------- App privileges --------------------------------
#admin: true
#
# ---------------------------- Hide manager alerts ------------------------------
# Hide the alerts of the manager in all dashboards and discover
#hideManagerAlerts: false
#
# ------------------------------- App logging level -----------------------------
# Set the logging level for the Wazuh App log files.
# Default value: info
# Allowed values: info, debug
#logs.level: info
#
# -------------------------------- Enrollment DNS -------------------------------
# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
# Default value: ''
#enrollment.dns: ''
#
#-------------------------------- API entries -----------------------------------
#The following configuration is the default structure to define an API entry.
#
#hosts:
# - <id>:
# url: http(s)://<url>
# port: <port>
# username: <username>
# password: <password>

View File

@@ -0,0 +1,64 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
wazuh_url="${WAZUH_API_URL:-https://wazuh}"
wazuh_port="${API_PORT:-55000}"
api_username="${API_USERNAME:-wazuh-wui}"
api_password="${API_PASSWORD:-wazuh-wui}"
kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml"
declare -A CONFIG_MAP=(
[pattern]=$PATTERN
[checks.pattern]=$CHECKS_PATTERN
[checks.template]=$CHECKS_TEMPLATE
[checks.api]=$CHECKS_API
[checks.setup]=$CHECKS_SETUP
[extensions.pci]=$EXTENSIONS_PCI
[extensions.gdpr]=$EXTENSIONS_GDPR
[extensions.hipaa]=$EXTENSIONS_HIPAA
[extensions.nist]=$EXTENSIONS_NIST
[extensions.tsc]=$EXTENSIONS_TSC
[extensions.audit]=$EXTENSIONS_AUDIT
[extensions.oscap]=$EXTENSIONS_OSCAP
[extensions.ciscat]=$EXTENSIONS_CISCAT
[extensions.aws]=$EXTENSIONS_AWS
[extensions.gcp]=$EXTENSIONS_GCP
[extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
[extensions.osquery]=$EXTENSIONS_OSQUERY
[extensions.docker]=$EXTENSIONS_DOCKER
[timeout]=$APP_TIMEOUT
[api.selector]=$API_SELECTOR
[ip.selector]=$IP_SELECTOR
[ip.ignore]=$IP_IGNORE
[wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
[wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
[wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
[wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
[admin]=$ADMIN_PRIVILEGES
)
for i in "${!CONFIG_MAP[@]}"
do
if [ "${CONFIG_MAP[$i]}" != "" ]; then
sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
fi
done
CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
grep -q 1513629884013 $kibana_config_file
_config_exists=$?
if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
cat << EOF >> $kibana_config_file
hosts:
- 1513629884013:
url: $wazuh_url
port: $wazuh_port
username: $api_username
password: $api_password
EOF
else
echo "Wazuh APP already configured"
fi

View File

@@ -0,0 +1,35 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
kibana_config_file="/usr/share/kibana/config/kibana.yml"
if grep -Fq "#xpack features" "$kibana_config_file";
then
declare -A CONFIG_MAP=(
[xpack.apm.ui.enabled]=$XPACK_APM
[xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
[xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
[xpack.ml.enabled]=$XPACK_ML
[xpack.canvas.enabled]=$XPACK_CANVAS
[xpack.infra.enabled]=$XPACK_INFRA
[xpack.monitoring.enabled]=$XPACK_MONITORING
[console.enabled]=$XPACK_DEVTOOLS
)
for i in "${!CONFIG_MAP[@]}"
do
if [ "${CONFIG_MAP[$i]}" != "" ]; then
sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
fi
done
else
echo "
#xpack features
xpack.apm.ui.enabled: $XPACK_APM
xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
xpack.ml.enabled: $XPACK_ML
xpack.canvas.enabled: $XPACK_CANVAS
xpack.infra.enabled: $XPACK_INFRA
xpack.monitoring.enabled: $XPACK_MONITORING
console.enabled: $XPACK_DEVTOOLS
" >> $kibana_config_file
fi

View File

@@ -3,7 +3,7 @@ version: '3.7'
services: services:
wazuh-master: wazuh-master:
image: wazuh/wazuh-odfe:4.0.4_1.11.0 image: wazuh/wazuh-odfe:4.2.2
hostname: wazuh-master hostname: wazuh-master
restart: always restart: always
ports: ports:
@@ -38,7 +38,7 @@ services:
- ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh-worker: wazuh-worker:
image: wazuh/wazuh-odfe:4.0.4_1.11.0 image: wazuh/wazuh-odfe:4.2.2
hostname: wazuh-worker hostname: wazuh-worker
restart: always restart: always
environment: environment:
@@ -67,7 +67,7 @@ services:
- ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
elasticsearch: elasticsearch:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch hostname: elasticsearch
restart: always restart: always
ports: ports:
@@ -86,11 +86,13 @@ services:
- ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
- ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
- ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
- ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
- ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
- ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
elasticsearch-2: elasticsearch-2:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch-2 hostname: elasticsearch-2
restart: always restart: always
environment: environment:
@@ -111,7 +113,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
elasticsearch-3: elasticsearch-3:
image: amazon/opendistro-for-elasticsearch:1.11.0 image: amazon/opendistro-for-elasticsearch:1.13.2
hostname: elasticsearch-3 hostname: elasticsearch-3
restart: always restart: always
environment: environment:
@@ -132,7 +134,7 @@ services:
- ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
kibana: kibana:
image: wazuh/wazuh-kibana-odfe:4.0.4_1.11.0 image: wazuh/wazuh-kibana-odfe:4.2.2
hostname: kibana hostname: kibana
restart: always restart: always
ports: ports:

View File

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
- 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
opendistro_security.authcz.admin_dn: [] opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
opendistro_security.audit.type: internal_elasticsearch opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true opendistro_security.check_snapshot_restore_write_privileges: true

View File

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
- 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
opendistro_security.authcz.admin_dn: [] opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
opendistro_security.audit.type: internal_elasticsearch opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true opendistro_security.check_snapshot_restore_write_privileges: true

View File

@@ -20,7 +20,7 @@ opendistro_security.nodes_dn:
- 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
- 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com' - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
opendistro_security.authcz.admin_dn: [] opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
opendistro_security.audit.type: internal_elasticsearch opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true opendistro_security.check_snapshot_restore_write_privileges: true

View File

@@ -9,4 +9,5 @@ then
exit exit
else else
openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
chown -R 1000:1000 *.pem
fi fi

View File

@@ -27,4 +27,9 @@ nodes:
- name: filebeat - name: filebeat
dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
dns: dns:
- wazuh - wazuh
clients:
- name: admin
dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
admin: true

View File

@@ -94,7 +94,7 @@
<ignore_time>6h</ignore_time> <ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start> <run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities --> <!-- Ubuntu OS vulnerabilities -->
<provider name="canonical"> <provider name="canonical">
<enabled>no</enabled> <enabled>no</enabled>
<os>trusty</os> <os>trusty</os>
@@ -104,7 +104,7 @@
<update_interval>1h</update_interval> <update_interval>1h</update_interval>
</provider> </provider>
<!-- Debian OS vulnerabilities --> <!-- Debian OS vulnerabilities -->
<provider name="debian"> <provider name="debian">
<enabled>no</enabled> <enabled>no</enabled>
<os>stretch</os> <os>stretch</os>
@@ -112,7 +112,7 @@
<update_interval>1h</update_interval> <update_interval>1h</update_interval>
</provider> </provider>
<!-- RedHat OS vulnerabilities --> <!-- RedHat OS vulnerabilities -->
<provider name="redhat"> <provider name="redhat">
<enabled>no</enabled> <enabled>no</enabled>
<os>5</os> <os>5</os>
@@ -307,7 +307,7 @@
<rule_dir>etc/rules</rule_dir> <rule_dir>etc/rules</rule_dir>
</ruleset> </ruleset>
<!-- Configuration for ossec-authd --> <!-- Configuration for wazuh-authd -->
<auth> <auth>
<disabled>no</disabled> <disabled>no</disabled>
<port>1515</port> <port>1515</port>
@@ -346,4 +346,4 @@
<log_format>syslog</log_format> <log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location> <location>/var/ossec/logs/active-responses.log</location>
</localfile> </localfile>
</ossec_config> </ossec_config>

View File

@@ -94,7 +94,7 @@
<ignore_time>6h</ignore_time> <ignore_time>6h</ignore_time>
<run_on_start>yes</run_on_start> <run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities --> <!-- Ubuntu OS vulnerabilities -->
<provider name="canonical"> <provider name="canonical">
<enabled>no</enabled> <enabled>no</enabled>
<os>trusty</os> <os>trusty</os>
@@ -104,7 +104,7 @@
<update_interval>1h</update_interval> <update_interval>1h</update_interval>
</provider> </provider>
<!-- Debian OS vulnerabilities --> <!-- Debian OS vulnerabilities -->
<provider name="debian"> <provider name="debian">
<enabled>no</enabled> <enabled>no</enabled>
<os>stretch</os> <os>stretch</os>
@@ -112,7 +112,7 @@
<update_interval>1h</update_interval> <update_interval>1h</update_interval>
</provider> </provider>
<!-- RedHat OS vulnerabilities --> <!-- RedHat OS vulnerabilities -->
<provider name="redhat"> <provider name="redhat">
<enabled>no</enabled> <enabled>no</enabled>
<os>5</os> <os>5</os>
@@ -307,7 +307,7 @@
<rule_dir>etc/rules</rule_dir> <rule_dir>etc/rules</rule_dir>
</ruleset> </ruleset>
<!-- Configuration for ossec-authd --> <!-- Configuration for wazuh-authd -->
<auth> <auth>
<disabled>no</disabled> <disabled>no</disabled>
<port>1515</port> <port>1515</port>
@@ -346,4 +346,4 @@
<log_format>syslog</log_format> <log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location> <location>/var/ossec/logs/active-responses.log</location>
</localfile> </localfile>
</ossec_config> </ossec_config>

View File

@@ -1,8 +1,9 @@
# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
FROM centos:7 FROM centos:7
ARG FILEBEAT_VERSION=7.9.1 ARG FILEBEAT_CHANNEL=filebeat-oss
ARG WAZUH_VERSION=4.0.4-1 ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_VERSION=4.2.2
ARG TEMPLATE_VERSION="master" ARG TEMPLATE_VERSION="master"
ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz" ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
@@ -16,12 +17,14 @@ RUN yum --enablerepo=updates clean metadata && \
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \ sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \
yum clean all && rm -rf /var/cache/yum yum clean all && rm -rf /var/cache/yum
RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm &&\ RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
rpm -i filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm && rm -f filebeat-oss-${FILEBEAT_VERSION}-x86_64.rpm rpm -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm
RUN curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module RUN curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
ARG S6_VERSION="v2.1.0.2" RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss
ARG S6_VERSION="v2.2.0.3"
RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-o /tmp/s6-overlay-amd64.tar.gz && \ -o /tmp/s6-overlay-amd64.tar.gz && \
tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \ tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \

View File

@@ -74,6 +74,23 @@ apply_exclusion_data() {
done done
} }
##############################################################################
# This function will rename in the permanent data volume every file
# contained in PERMANENT_DATA_MOVE
##############################################################################
move_data_files() {
for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
file_split=( $mov_file )
if [ -e ${file_split[0]} ]
then
print "moving ${mov_file}"
exec_cmd "mv -f ${mov_file}"
fi
done
}
############################################################################## ##############################################################################
# This function will delete from the permanent data volume every file # This function will delete from the permanent data volume every file
# contained in PERMANENT_DATA_DEL # contained in PERMANENT_DATA_DEL
@@ -84,7 +101,7 @@ remove_data_files() {
if [ -e ${del_file} ] if [ -e ${del_file} ]
then then
print "Removing ${del_file}" print "Removing ${del_file}"
exec_cmd "rm ${del_file}" exec_cmd "rm -f ${del_file}"
fi fi
done done
} }
@@ -94,7 +111,7 @@ remove_data_files() {
############################################################################## ##############################################################################
create_ossec_key_cert() { create_ossec_key_cert() {
print "Creating ossec-authd key and cert" print "Creating wazuh-authd key and cert"
exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096" exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/" exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
} }
@@ -158,10 +175,13 @@ main() {
# Restore files stored in permanent data that are not permanent (i.e. internal_options.conf) # Restore files stored in permanent data that are not permanent (i.e. internal_options.conf)
apply_exclusion_data apply_exclusion_data
# Rename files stored in permanent data (i.e. queue/ossec)
move_data_files
# Remove some files in permanent_data (i.e. .template.db) # Remove some files in permanent_data (i.e. .template.db)
remove_data_files remove_data_files
# Generate ossec-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
if [ $AUTO_ENROLLMENT_ENABLED == true ] if [ $AUTO_ENROLLMENT_ENABLED == true ]
then then
if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ] if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]

View File

@@ -102,6 +102,16 @@ EOF
fi fi
} }
function_entrypoint_scripts() {
# It will run every .sh script located in entrypoint-scripts folder in lexicographical order
if [ -d "/entrypoint-scripts/" ]
then
for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
bash "$script"
done
fi
}
# Migrate data from /wazuh-migration volume # Migrate data from /wazuh-migration volume
function_wazuh_migration function_wazuh_migration
@@ -109,5 +119,8 @@ function_wazuh_migration
# create API custom user # create API custom user
function_create_custom_user function_create_custom_user
# run entrypoint scripts
function_entrypoint_scripts
# Start Wazuh # Start Wazuh
/var/ossec/bin/ossec-control start /var/ossec/bin/wazuh-control start

View File

@@ -4,6 +4,7 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
PERMANENT_DATA[((i++))]="/var/ossec/etc" PERMANENT_DATA[((i++))]="/var/ossec/etc"
PERMANENT_DATA[((i++))]="/var/ossec/logs" PERMANENT_DATA[((i++))]="/var/ossec/logs"
PERMANENT_DATA[((i++))]="/var/ossec/queue" PERMANENT_DATA[((i++))]="/var/ossec/queue"
PERMANENT_DATA[((i++))]="/var/ossec/queue/logcollector"
PERMANENT_DATA[((i++))]="/var/ossec/agentless" PERMANENT_DATA[((i++))]="/var/ossec/agentless"
PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups" PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
PERMANENT_DATA[((i++))]="/var/ossec/integrations" PERMANENT_DATA[((i++))]="/var/ossec/integrations"
@@ -20,23 +21,21 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw_mac.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-slack.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ossec-tweeter.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-ossec.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
@@ -65,3 +64,8 @@ export PERMANENT_DATA_EXCP
i=0 i=0
PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db" PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
export PERMANENT_DATA_DEL export PERMANENT_DATA_DEL
i=0
PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
export PERMANENT_DATA_MOVE

186
xpack-compose.yml Normal file
View File

@@ -0,0 +1,186 @@
# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh:
image: wazuh/wazuh:4.2.2
hostname: wazuh-manager
restart: always
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=none
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt
- SSL_CERTIFICATE=/etc/ssl/wazuh.crt
- SSL_KEY=/etc/ssl/wazuh.key
volumes:
- ossec_api_configuration:/var/ossec/api/configuration
- ossec_etc:/var/ossec/etc
- ossec_logs:/var/ossec/logs
- ossec_queue:/var/ossec/queue
- ossec_var_multigroups:/var/ossec/var/multigroups
- ossec_integrations:/var/ossec/integrations
- ossec_active_response:/var/ossec/active-response/bin
- ossec_agentless:/var/ossec/agentless
- ossec_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- ./xpack/ca/ca.crt:/etc/ssl/ca.crt
- ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt
- ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch
restart: always
ports:
- "9200:9200"
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch2:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch2
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch2
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch3:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
hostname: elasticsearch3
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch3
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt
kibana:
image: wazuh/wazuh-kibana:4.2.2
hostname: kibana
restart: always
ports:
- 443:5601
environment:
- SERVERNAME=localhost
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=SecretPassword
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTICSEARCH_HOSTS=https://elasticsearch:9200
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt
- SERVER_SSL_ENABLED=true
- XPACK_SECURITY_ENABLED=true
- SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key
- SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt
volumes:
- ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt
- ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key
- ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt
depends_on:
- elasticsearch
links:
- elasticsearch:elasticsearch
- wazuh:wazuh
volumes:
ossec_api_configuration:
ossec_etc:
ossec_logs:
ossec_queue:
ossec_var_multigroups:
ossec_integrations:
ossec_active_response:
ossec_agentless:
ossec_wodles:
filebeat_etc:
filebeat_var:

192
xpack-from-sources.yml Normal file
View File

@@ -0,0 +1,192 @@
# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh:
build:
context: wazuh-odfe/
args:
- FILEBEAT_CHANNEL=filebeat
- FILEBEAT_VERSION=7.11.2
image: wazuh/wazuh:4.2.2
hostname: wazuh-manager
restart: always
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTIC_USERNAME=elastic
- ELASTIC_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=none
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt
- SSL_CERTIFICATE=/etc/ssl/wazuh.crt
- SSL_KEY=/etc/ssl/wazuh.key
volumes:
- ossec_api_configuration:/var/ossec/api/configuration
- ossec_etc:/var/ossec/etc
- ossec_logs:/var/ossec/logs
- ossec_queue:/var/ossec/queue
- ossec_var_multigroups:/var/ossec/var/multigroups
- ossec_integrations:/var/ossec/integrations
- ossec_active_response:/var/ossec/active-response/bin
- ossec_agentless:/var/ossec/agentless
- ossec_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- ./xpack/ca/ca.crt:/etc/ssl/ca.crt
- ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt
- ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
hostname: elasticsearch
restart: always
ports:
- "9200:9200"
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch2:
image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
hostname: elasticsearch2
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch2
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
elasticsearch3:
image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
hostname: elasticsearch3
restart: always
environment:
- cluster.name=wazuh-cluster
- node.name=elasticsearch3
- discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
- cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
- ELASTIC_PASSWORD=SecretPassword
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- bootstrap.memory_lock=true
- xpack.license.self_generated.type=basic
- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
- xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
- xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
- ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key
- ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt
kibana:
build: kibana/
image: wazuh/wazuh-kibana:4.2.2
hostname: kibana
restart: always
ports:
- 443:5601
environment:
- SERVERNAME=localhost
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=SecretPassword
- ELASTICSEARCH_URL=https://elasticsearch:9200
- ELASTICSEARCH_HOSTS=https://elasticsearch:9200
- ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt
- SERVER_SSL_ENABLED=true
- XPACK_SECURITY_ENABLED=true
- SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key
- SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt
volumes:
- ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt
- ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key
- ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt
depends_on:
- elasticsearch
links:
- elasticsearch:elasticsearch
- wazuh:wazuh
volumes:
ossec_api_configuration:
ossec_etc:
ossec_logs:
ossec_queue:
ossec_var_multigroups:
ossec_integrations:
ossec_active_response:
ossec_agentless:
ossec_wodles:
filebeat_etc:
filebeat_var:

35
xpack/instances.yml Normal file
View File

@@ -0,0 +1,35 @@
instances:
- name: elasticsearch
dns:
- elasticsearch
- localhost
ip:
- 127.0.0.1
- name: elasticsearch2
dns:
- elasticsearch2
- localhost
ip:
- 127.0.0.1
- name: elasticsearch3
dns:
- elasticsearch3
- localhost
ip:
- 127.0.0.1
- name: kibana
dns:
- kibana
- localhost
ip:
- 127.0.0.1
- name: wazuh
dns:
- wazuh
- localhost
ip:
- 127.0.0.1