mirror of
				https://github.com/wazuh/wazuh-docker.git
				synced 2025-10-24 16:43:45 +00:00 
			
		
		
		
	Compare commits
	
		
			64 Commits
		
	
	
		
			v4.10.2
			...
			enhancemen
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | e20e92e475 | ||
|  | 61c32079fa | ||
|  | 5be199b9df | ||
|  | 971858cddd | ||
|  | b9a52df0ff | ||
|  | 5252ce6c53 | ||
|  | 5ef484647a | ||
|  | 084530ef80 | ||
|  | 69df531ca9 | ||
|  | f809a1ebbb | ||
|  | a5c313843e | ||
|  | ea0e679c27 | ||
|  | 7ca14b9fc8 | ||
|  | 42977e3131 | ||
|  | 447c0bdaf8 | ||
|  | e6c5e82a32 | ||
|  | 46d6dc8fe5 | ||
|  | 08ba82d16d | ||
|  | 205983317f | ||
|  | 570bf081bc | ||
|  | 8522ec23b9 | ||
|  | 4f4edab1a9 | ||
|  | d5a60b7264 | ||
|  | 39554677bf | ||
|  | 1a1bc2d72b | ||
|  | 34bd04e5fc | ||
|  | 54b2d4ce33 | ||
|  | 096f0abb32 | ||
|  | 8a1e5043c6 | ||
|  | eded59bc25 | ||
|  | 0110e696d0 | ||
|  | 6e30c077d6 | ||
|  | 622c67d2cc | ||
|  | 55f209e57f | ||
|  | 4923750ea4 | ||
|  | e1d70c35fe | ||
|  | 7eb5d0843c | ||
|  | 36e7160332 | ||
|  | cf3eb61081 | ||
|  | fda4a171f4 | ||
|  | 1e6f93b20a | ||
|  | aed1004471 | ||
|  | 450a59a7c8 | ||
|  | 6d63befeb7 | ||
|  | 1f32d2a358 | ||
|  | fc1ece705e | ||
|  | 4ba7cba72d | ||
|  | 37918b47cd | ||
|  | 937b5fad87 | ||
|  | 3d7c673671 | ||
|  | 7ec98fedf9 | ||
|  | 10f278cadb | ||
|  | fa025c602e | ||
|  | f4ccd4b0a6 | ||
|  | c95eb42902 | ||
|  | f685bfaa9d | ||
|  | dc13ef3f72 | ||
|  | 9918f95f3f | ||
|  | 935aee6d2a | ||
|  | e8d2463d99 | ||
|  | 4f0da7a58e | ||
|  | 799dadc1cf | ||
|  | b47361e4c9 | ||
|  | d3d2ae7b86 | 
							
								
								
									
										6
									
								
								.env
									
									
									
									
									
								
							
							
						
						
									
										6
									
								
								.env
									
									
									
									
									
								
							| @@ -1,6 +1,6 @@ | ||||
| WAZUH_VERSION=4.10.2 | ||||
| WAZUH_IMAGE_VERSION=4.10.2 | ||||
| WAZUH_VERSION=5.0.0 | ||||
| WAZUH_IMAGE_VERSION=5.0.0 | ||||
| WAZUH_TAG_REVISION=1 | ||||
| FILEBEAT_TEMPLATE_BRANCH=4.10.2 | ||||
| FILEBEAT_TEMPLATE_BRANCH=5.0.0 | ||||
| WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz | ||||
| WAZUH_UI_REVISION=1 | ||||
|   | ||||
							
								
								
									
										2
									
								
								.github/.goss.yaml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/.goss.yaml
									
									
									
									
										vendored
									
									
								
							| @@ -56,7 +56,7 @@ package: | ||||
|   wazuh-manager: | ||||
|     installed: true | ||||
|     versions: | ||||
|     - 4.10.2 | ||||
|     - 5.0.0-1 | ||||
| port: | ||||
|   tcp:1514: | ||||
|     listening: true | ||||
|   | ||||
| @@ -6,13 +6,13 @@ on: | ||||
|     inputs: | ||||
|       image_tag: | ||||
|         description: 'Docker image tag' | ||||
|         default: '4.10.2' | ||||
|         default: '5.0.0' | ||||
|         required: true | ||||
|       docker_reference: | ||||
|         description: 'wazuh-docker reference' | ||||
|         default: 'v4.10.2' | ||||
|         required: false | ||||
|       products: | ||||
|         default: 'v5.0.0' | ||||
|         required: true | ||||
|       PRODUCTS: | ||||
|         description: 'Comma-separated list of the image names to build and push' | ||||
|         default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer' | ||||
|         required: true | ||||
| @@ -42,12 +42,12 @@ on: | ||||
|     inputs: | ||||
|       image_tag: | ||||
|         description: 'Docker image tag' | ||||
|         default: '4.10.2' | ||||
|         default: '5.0.0' | ||||
|         required: true | ||||
|         type: string | ||||
|       docker_reference: | ||||
|         description: 'wazuh-docker reference' | ||||
|         default: 'v4.10.2' | ||||
|         default: 'v5.0.0' | ||||
|         required: false | ||||
|         type: string | ||||
|       products: | ||||
| @@ -116,12 +116,6 @@ jobs: | ||||
|         username: ${{ secrets.DOCKERHUB_USERNAME }} | ||||
|         password: ${{ secrets.DOCKERHUB_PASSWORD }} | ||||
|  | ||||
|     - name: Install Docker Compose | ||||
|       run: | | ||||
|         sudo apt-get update | ||||
|         sudo apt-get install -y docker-compose | ||||
|         echo "Installed Docker Compose version: $(docker-compose --version)" | ||||
|  | ||||
|     - name: Build Wazuh images | ||||
|       run: | | ||||
|         IMAGE_TAG=${{ inputs.image_tag }} | ||||
|   | ||||
							
								
								
									
										72
									
								
								.github/workflows/push.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										72
									
								
								.github/workflows/push.yml
									
									
									
									
										vendored
									
									
								
							| @@ -8,12 +8,7 @@ jobs: | ||||
|     steps: | ||||
|  | ||||
|     - name: Check out code | ||||
|       uses: actions/checkout@v4 | ||||
|  | ||||
|     - name: Install docker-compose | ||||
|       run: | | ||||
|         curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | ||||
|         chmod +x /usr/local/bin/docker-compose | ||||
|       uses: actions/checkout@v3 | ||||
|  | ||||
|     - name: Build Wazuh images | ||||
|       run: build-docker-images/build-images.sh | ||||
| @@ -27,28 +22,36 @@ jobs: | ||||
|         docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | ||||
|         docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | ||||
|         docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | ||||
|         docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar | ||||
|  | ||||
|     - name: Temporarily save Wazuh manager Docker image | ||||
|       uses: actions/upload-artifact@v4 | ||||
|       uses: actions/upload-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-manager | ||||
|         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar | ||||
|         retention-days: 1 | ||||
|  | ||||
|     - name: Temporarily save Wazuh indexer Docker image | ||||
|       uses: actions/upload-artifact@v4 | ||||
|       uses: actions/upload-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-indexer | ||||
|         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar | ||||
|         retention-days: 1 | ||||
|  | ||||
|     - name: Temporarily save Wazuh dashboard Docker image | ||||
|       uses: actions/upload-artifact@v4 | ||||
|       uses: actions/upload-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-dashboard | ||||
|         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar | ||||
|         retention-days: 1 | ||||
|  | ||||
|     - name: Temporarily save Wazuh Cert Tool Docker image | ||||
|       uses: actions/upload-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-cert-tool | ||||
|         path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar | ||||
|         retention-days: 1 | ||||
|  | ||||
|     - name: Install Goss | ||||
|       uses: e1himself/goss-installation-action@v1.0.3 | ||||
|       with: | ||||
| @@ -66,43 +69,45 @@ jobs: | ||||
|     steps: | ||||
|  | ||||
|     - name: Check out code | ||||
|       uses: actions/checkout@v4 | ||||
|  | ||||
|     - name: Install docker-compose | ||||
|       run: | | ||||
|         curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | ||||
|         chmod +x /usr/local/bin/docker-compose | ||||
|       uses: actions/checkout@v3 | ||||
|  | ||||
|     - name: Create enviroment variables | ||||
|       run: cat .env > $GITHUB_ENV | ||||
|  | ||||
|     - name: Retrieve saved Wazuh indexer Docker image | ||||
|       uses: actions/download-artifact@v4 | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-indexer | ||||
|  | ||||
|     - name: Retrieve saved Wazuh manager Docker image | ||||
|       uses: actions/download-artifact@v4 | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-manager | ||||
|  | ||||
|     - name: Retrieve saved Wazuh dashboard Docker image | ||||
|       uses: actions/download-artifact@v4 | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-dashboard | ||||
|  | ||||
|     - name: Retrieve saved Wazuh Cert Tool Docker image | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-cert-tool | ||||
|  | ||||
|     - name: Docker load | ||||
|       run: | | ||||
|         docker load --input ./wazuh-indexer.tar | ||||
|         docker load --input ./wazuh-dashboard.tar | ||||
|         docker load --input ./wazuh-manager.tar | ||||
|         docker load --input ./wazuh-cert-tool.tar | ||||
|         rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar | ||||
|  | ||||
|  | ||||
|     - name: Create single node certficates | ||||
|       run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator | ||||
|       run: docker compose -f single-node/generate-certs.yml run --rm generator | ||||
|  | ||||
|     - name: Start single node stack | ||||
|       run: docker-compose -f single-node/docker-compose.yml up -d | ||||
|       run: docker compose -f single-node/docker-compose.yml up -d | ||||
|  | ||||
|     - name: Check Wazuh indexer start | ||||
|       run: | | ||||
| @@ -194,12 +199,7 @@ jobs: | ||||
|     steps: | ||||
|  | ||||
|     - name: Check out code | ||||
|       uses: actions/checkout@v4 | ||||
|  | ||||
|     - name: Install docker-compose | ||||
|       run: | | ||||
|         curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | ||||
|         chmod +x /usr/local/bin/docker-compose | ||||
|       uses: actions/checkout@v3 | ||||
|  | ||||
|     - name: Create enviroment variables | ||||
|       run: cat .env > $GITHUB_ENV | ||||
| @@ -213,32 +213,38 @@ jobs: | ||||
|         df -h | ||||
|  | ||||
|     - name: Retrieve saved Wazuh dashboard Docker image | ||||
|       uses: actions/download-artifact@v4 | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-dashboard | ||||
|  | ||||
|     - name: Retrieve saved Wazuh manager Docker image | ||||
|       uses: actions/download-artifact@v4 | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-manager | ||||
|  | ||||
|     - name: Retrieve saved Wazuh indexer Docker image | ||||
|       uses: actions/download-artifact@v4 | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-indexer | ||||
|  | ||||
|     - name: Retrieve saved Wazuh Cert Tool Docker image | ||||
|       uses: actions/download-artifact@v3 | ||||
|       with: | ||||
|         name: docker-artifact-cert-tool | ||||
|  | ||||
|     - name: Docker load | ||||
|       run: | | ||||
|         docker load --input ./wazuh-manager.tar | ||||
|         docker load --input ./wazuh-indexer.tar | ||||
|         docker load --input ./wazuh-dashboard.tar | ||||
|         rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar | ||||
|         docker load --input ./wazuh-manager.tar | ||||
|         docker load --input ./wazuh-cert-tool.tar | ||||
|         rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar | ||||
|  | ||||
|     - name: Create multi node certficates | ||||
|       run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator | ||||
|       run: docker compose -f multi-node/generate-certs.yml run --rm generator | ||||
|  | ||||
|     - name: Start multi node stack | ||||
|       run: docker-compose -f multi-node/docker-compose.yml up -d | ||||
|       run: docker compose -f multi-node/docker-compose.yml up -d | ||||
|  | ||||
|     - name: Check Wazuh indexer start | ||||
|       run: | | ||||
|   | ||||
							
								
								
									
										2
									
								
								.github/workflows/trivy-dashboard.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/trivy-dashboard.yml
									
									
									
									
										vendored
									
									
								
							| @@ -30,7 +30,7 @@ jobs: | ||||
|     runs-on: "ubuntu-latest" | ||||
|     steps: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@v4 | ||||
|         uses: actions/checkout@v3 | ||||
|  | ||||
|       - name: Installing dependencies | ||||
|         run: | | ||||
|   | ||||
							
								
								
									
										2
									
								
								.github/workflows/trivy-indexer.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/trivy-indexer.yml
									
									
									
									
										vendored
									
									
								
							| @@ -30,7 +30,7 @@ jobs: | ||||
|     runs-on: "ubuntu-latest" | ||||
|     steps: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@v4 | ||||
|         uses: actions/checkout@v3 | ||||
|  | ||||
|       - name: Installing dependencies | ||||
|         run: | | ||||
|   | ||||
							
								
								
									
										2
									
								
								.github/workflows/trivy-manager.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								.github/workflows/trivy-manager.yml
									
									
									
									
										vendored
									
									
								
							| @@ -30,7 +30,7 @@ jobs: | ||||
|     runs-on: "ubuntu-latest" | ||||
|     steps: | ||||
|       - name: Checkout code | ||||
|         uses: actions/checkout@v4 | ||||
|         uses: actions/checkout@v3 | ||||
|  | ||||
|       - name: Installing dependencies | ||||
|         run: | | ||||
|   | ||||
							
								
								
									
										32
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										32
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,11 +1,30 @@ | ||||
| # Change Log | ||||
| All notable changes to this project will be documented in this file. | ||||
|  | ||||
| ## [5.0.0] | ||||
|  | ||||
| ### Added | ||||
|  | ||||
| - none | ||||
|  | ||||
| ### Changed | ||||
|  | ||||
| - Delete service tag and modifiy docker-compose execution for a new version ([#1632](https://github.com/wazuh/wazuh-docker/pull/1632)) | ||||
| - Remove deprecated attribute version in docker-compose.yml ([#1595](https://github.com/wazuh/wazuh-docker/pull/1595)) by https://github.com/h3ssan | ||||
|  | ||||
| ### Fixed | ||||
|  | ||||
| - None | ||||
|  | ||||
| ### Deleted | ||||
|  | ||||
| - None | ||||
|  | ||||
| ## [4.10.2] | ||||
|  | ||||
| ### Added | ||||
|  | ||||
| - None | ||||
| - none | ||||
|  | ||||
| ### Changed | ||||
|  | ||||
| @@ -13,7 +32,7 @@ All notable changes to this project will be documented in this file. | ||||
|  | ||||
| ### Fixed | ||||
|  | ||||
| - Updated docker/login-action module ([#1837](https://github.com/wazuh/wazuh-docker/pull/1837)) | ||||
| - None | ||||
|  | ||||
| ### Deleted | ||||
|  | ||||
| @@ -23,7 +42,7 @@ All notable changes to this project will be documented in this file. | ||||
|  | ||||
| ### Added | ||||
|  | ||||
| - None | ||||
| - none | ||||
|  | ||||
| ### Changed | ||||
|  | ||||
| @@ -41,9 +60,7 @@ All notable changes to this project will be documented in this file. | ||||
|  | ||||
| ### Added | ||||
|  | ||||
| - Improve the push docker images workflow ([#1551](https://github.com/wazuh/wazuh-docker/pull/1551)) | ||||
| - Update the Procedure push docker images workflow file ([#1524](https://github.com/wazuh/wazuh-docker/pull/1524)) | ||||
| - Add the push_docker_images procedure workflow file ([#1518](https://github.com/wazuh/wazuh-docker/pull/1518)) | ||||
| - Migrate the push docker images procedure to GitHub Actions ([#5651](https://github.com/wazuh/wazuh-qa/issues/5651)) | ||||
|  | ||||
| ### Changed | ||||
|  | ||||
| @@ -51,8 +68,7 @@ All notable changes to this project will be documented in this file. | ||||
|  | ||||
| ### Fixed | ||||
|  | ||||
| - Add unset capabilities. ([#1619](https://github.com/wazuh/wazuh-docker/pull/1619)) | ||||
| - Removed references to module enabling because they are now enabled by default. ([#1416](https://github.com/wazuh/wazuh-docker/pull/1416)) | ||||
| - None | ||||
|  | ||||
| ### Deleted | ||||
|  | ||||
|   | ||||
| @@ -168,7 +168,6 @@ WAZUH_MONITORING_REPLICAS=0         ## | ||||
|     └── VERSION | ||||
|  | ||||
|  | ||||
|  | ||||
| ## Branches | ||||
|  | ||||
| * `master` branch contains the latest code, be aware of possible bugs on this branch. | ||||
| @@ -178,6 +177,7 @@ WAZUH_MONITORING_REPLICAS=0         ## | ||||
|  | ||||
| | Wazuh version | ODFE    | XPACK  | | ||||
| |---------------|---------|--------| | ||||
| | v5.0.0        |         |        | | ||||
| | v4.10.2       |         |        | | ||||
| | v4.10.1       |         |        | | ||||
| | v4.10.0       |         |        | | ||||
|   | ||||
							
								
								
									
										4
									
								
								VERSION
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								VERSION
									
									
									
									
									
								
							| @@ -1,2 +1,2 @@ | ||||
| WAZUH-DOCKER_VERSION="4.10.2" | ||||
| REVISION="41021" | ||||
| WAZUH-DOCKER_VERSION="5.0.0" | ||||
| REVISION="50000" | ||||
|   | ||||
| @@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im | ||||
| The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: | ||||
|  | ||||
| ``` | ||||
| $ build-docker-images/build-images.sh -v 4.10.2 | ||||
| $ build-docker-images/build-images.sh -v 5.0.0 | ||||
| ``` | ||||
|  | ||||
| To get all the available script options use the -h or --help option: | ||||
| @@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS] | ||||
|     -d, --dev <ref>              [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. | ||||
|     -f, --filebeat-module <ref>  [Optional] Set Filebeat module version. By default 0.4. | ||||
|     -r, --revision <rev>         [Optional] Package revision. By default 1 | ||||
|     -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 4.10.2. | ||||
|     -v, --version <ver>          [Optional] Set the Wazuh version should be builded. By default, 5.0.0. | ||||
|     -h, --help                   Show this help. | ||||
|  | ||||
| ``` | ||||
| @@ -1,4 +1,4 @@ | ||||
| WAZUH_IMAGE_VERSION=4.10.2 | ||||
| WAZUH_IMAGE_VERSION=5.0.0 | ||||
| WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') | ||||
| WAZUH_TAG_REVISION=1 | ||||
| WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') | ||||
| @@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} | ||||
| # License (version 2) as published by the FSF - Free Software | ||||
| # Foundation. | ||||
|  | ||||
| WAZUH_IMAGE_VERSION="4.10.2" | ||||
| WAZUH_IMAGE_VERSION="5.0.0" | ||||
| WAZUH_TAG_REVISION="1" | ||||
| WAZUH_DEV_STAGE="" | ||||
| FILEBEAT_MODULE_VERSION="0.4" | ||||
| @@ -70,7 +70,8 @@ build() { | ||||
|     echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env | ||||
|     echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env | ||||
|  | ||||
|     docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1 | ||||
|     docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache | ||||
|     docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/ | ||||
|  | ||||
|     return 0 | ||||
| } | ||||
|   | ||||
| @@ -1,6 +1,4 @@ | ||||
| # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) | ||||
| version: '3.7' | ||||
|  | ||||
| services: | ||||
|   wazuh.manager: | ||||
|     build: | ||||
|   | ||||
| @@ -1,7 +1,8 @@ | ||||
| # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) | ||||
| FROM ubuntu:focal | ||||
| FROM amazonlinux:2023 | ||||
| 
 | ||||
| RUN apt-get update && apt-get install openssl curl -y | ||||
| RUN yum install curl-minimal openssl -y &&\ | ||||
| yum clean all | ||||
| 
 | ||||
| WORKDIR / | ||||
| 
 | ||||
| @@ -8,8 +8,8 @@ | ||||
| ## Variables | ||||
| CERT_TOOL=wazuh-certs-tool.sh | ||||
| PASSWORD_TOOL=wazuh-passwords-tool.sh | ||||
| PACKAGES_URL=https://packages.wazuh.com/4.10/ | ||||
| PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/ | ||||
| PACKAGES_URL=https://packages.wazuh.com/5.0/ | ||||
| PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ | ||||
| 
 | ||||
| ## Check if the cert tool exists in S3 buckets | ||||
| CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}') | ||||
| @@ -21,8 +21,6 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh | ||||
| RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config | ||||
| RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs | ||||
| COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ | ||||
| RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/bin/node | ||||
| RUN setcap 'cap_net_bind_service=-ep' /usr/share/wazuh-dashboard/node/fallback/bin/node | ||||
|  | ||||
| # Generate certificates | ||||
| COPY config/config.sh . | ||||
| @@ -87,6 +85,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR | ||||
| RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom | ||||
| RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom | ||||
|  | ||||
| # Set $JAVA_HOME | ||||
| RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ | ||||
|     echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh | ||||
| ENV JAVA_HOME=$INSTALL_DIR/jdk | ||||
| ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin | ||||
|  | ||||
| # Add k-NN lib directory to library loading path variable | ||||
| ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" | ||||
|  | ||||
| # Set workdir and user | ||||
| WORKDIR $INSTALL_DIR | ||||
| USER wazuh-dashboard | ||||
| @@ -95,3 +102,5 @@ USER wazuh-dashboard | ||||
| EXPOSE 443 | ||||
|  | ||||
| ENTRYPOINT [ "/entrypoint.sh" ] | ||||
|  | ||||
| CMD ["opensearch-dashboards"] | ||||
|   | ||||
| @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config | ||||
|  | ||||
| ## Variables | ||||
| CERT_TOOL=wazuh-certs-tool.sh | ||||
| PACKAGES_URL=https://packages.wazuh.com/4.10/ | ||||
| PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/ | ||||
| PACKAGES_URL=https://packages.wazuh.com/5.0/ | ||||
| PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ | ||||
|  | ||||
| ## Check if the cert tool exists in S3 buckets | ||||
| CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}') | ||||
| @@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A | ||||
| mkdir -p ${CONFIG_DIR}/certs | ||||
|  | ||||
| # Copy Wazuh dashboard certs to install config dir | ||||
| cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem | ||||
| cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem | ||||
| cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem | ||||
| cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem | ||||
| cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem | ||||
|  | ||||
| chmod -R 500 ${CONFIG_DIR}/certs | ||||
|   | ||||
| @@ -1,5 +1,5 @@ | ||||
| nodes: | ||||
|   # Wazuh dashboard server nodes | ||||
|   dashboard: | ||||
|     - name: demo.dashboard | ||||
|       ip: demo.dashboard | ||||
|     - name: dashboard | ||||
|       ip: wazuh.dashboard | ||||
|   | ||||
| @@ -2,6 +2,215 @@ | ||||
| # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) | ||||
|  | ||||
| INSTALL_DIR=/usr/share/wazuh-dashboard | ||||
| export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR | ||||
| WAZUH_CONFIG_MOUNT=/wazuh-config-mount | ||||
|  | ||||
| opensearch_dashboards_vars=( | ||||
|     console.enabled | ||||
|     console.proxyConfig | ||||
|     console.proxyFilter | ||||
|     ops.cGroupOverrides.cpuPath | ||||
|     ops.cGroupOverrides.cpuAcctPath | ||||
|     cpu.cgroup.path.override | ||||
|     cpuacct.cgroup.path.override | ||||
|     server.basePath | ||||
|     server.customResponseHeaders | ||||
|     server.compression.enabled | ||||
|     server.compression.referrerWhitelist | ||||
|     server.cors | ||||
|     server.cors.origin | ||||
|     server.defaultRoute | ||||
|     server.host | ||||
|     server.keepAliveTimeout | ||||
|     server.maxPayloadBytes | ||||
|     server.name | ||||
|     server.port | ||||
|     csp.rules | ||||
|     csp.strict | ||||
|     csp.warnLegacyBrowsers | ||||
|     data.search.usageTelemetry.enabled | ||||
|     opensearch.customHeaders | ||||
|     opensearch.hosts | ||||
|     opensearch.logQueries | ||||
|     opensearch.memoryCircuitBreaker.enabled | ||||
|     opensearch.memoryCircuitBreaker.maxPercentage | ||||
|     opensearch.password | ||||
|     opensearch.pingTimeout | ||||
|     opensearch.requestHeadersWhitelist | ||||
|     opensearch.requestHeadersAllowlist | ||||
|     opensearch_security.multitenancy.enabled | ||||
|     opensearch_security.readonly_mode.roles | ||||
|     opensearch.requestTimeout | ||||
|     opensearch.shardTimeout | ||||
|     opensearch.sniffInterval | ||||
|     opensearch.sniffOnConnectionFault | ||||
|     opensearch.sniffOnStart | ||||
|     opensearch.ssl.alwaysPresentCertificate | ||||
|     opensearch.ssl.certificate | ||||
|     opensearch.ssl.key | ||||
|     opensearch.ssl.keyPassphrase | ||||
|     opensearch.ssl.keystore.path | ||||
|     opensearch.ssl.keystore.password | ||||
|     opensearch.ssl.truststore.path | ||||
|     opensearch.ssl.truststore.password | ||||
|     opensearch.ssl.verificationMode | ||||
|     opensearch.username | ||||
|     i18n.locale | ||||
|     interpreter.enableInVisualize | ||||
|     opensearchDashboards.autocompleteTerminateAfter | ||||
|     opensearchDashboards.autocompleteTimeout | ||||
|     opensearchDashboards.defaultAppId | ||||
|     opensearchDashboards.index | ||||
|     logging.dest | ||||
|     logging.json | ||||
|     logging.quiet | ||||
|     logging.rotate.enabled | ||||
|     logging.rotate.everyBytes | ||||
|     logging.rotate.keepFiles | ||||
|     logging.rotate.pollingInterval | ||||
|     logging.rotate.usePolling | ||||
|     logging.silent | ||||
|     logging.useUTC | ||||
|     logging.verbose | ||||
|     map.includeOpenSearchMapsService | ||||
|     map.proxyOpenSearchMapsServiceInMaps | ||||
|     map.regionmap | ||||
|     map.tilemap.options.attribution | ||||
|     map.tilemap.options.maxZoom | ||||
|     map.tilemap.options.minZoom | ||||
|     map.tilemap.options.subdomains | ||||
|     map.tilemap.url | ||||
|     monitoring.cluster_alerts.email_notifications.email_address | ||||
|     monitoring.enabled | ||||
|     monitoring.opensearchDashboards.collection.enabled | ||||
|     monitoring.opensearchDashboards.collection.interval | ||||
|     monitoring.ui.container.opensearch.enabled | ||||
|     monitoring.ui.container.logstash.enabled | ||||
|     monitoring.ui.opensearch.password | ||||
|     monitoring.ui.opensearch.pingTimeout | ||||
|     monitoring.ui.opensearch.hosts | ||||
|     monitoring.ui.opensearch.username | ||||
|     monitoring.ui.opensearch.logFetchCount | ||||
|     monitoring.ui.opensearch.ssl.certificateAuthorities | ||||
|     monitoring.ui.opensearch.ssl.verificationMode | ||||
|     monitoring.ui.enabled | ||||
|     monitoring.ui.max_bucket_size | ||||
|     monitoring.ui.min_interval_seconds | ||||
|     newsfeed.enabled | ||||
|     ops.interval | ||||
|     path.data | ||||
|     pid.file | ||||
|     regionmap | ||||
|     security.showInsecureClusterWarning | ||||
|     server.rewriteBasePath | ||||
|     server.socketTimeout | ||||
|     server.customResponseHeaders | ||||
|     server.ssl.enabled | ||||
|     server.ssl.key | ||||
|     server.ssl.keyPassphrase | ||||
|     server.ssl.keystore.path | ||||
|     server.ssl.keystore.password | ||||
|     server.ssl.truststore.path | ||||
|     server.ssl.truststore.password | ||||
|     server.ssl.cert | ||||
|     server.ssl.certificate | ||||
|     server.ssl.certificateAuthorities | ||||
|     server.ssl.cipherSuites | ||||
|     server.ssl.clientAuthentication | ||||
|     opensearch.ssl.certificateAuthorities | ||||
|     server.ssl.redirectHttpFromPort | ||||
|     server.ssl.supportedProtocols | ||||
|     server.xsrf.disableProtection | ||||
|     server.xsrf.whitelist | ||||
|     status.allowAnonymous | ||||
|     status.v6ApiFormat | ||||
|     tilemap.options.attribution | ||||
|     tilemap.options.maxZoom | ||||
|     tilemap.options.minZoom | ||||
|     tilemap.options.subdomains | ||||
|     tilemap.url | ||||
|     timeline.enabled | ||||
|     vega.enableExternalUrls | ||||
|     apm_oss.apmAgentConfigurationIndex | ||||
|     apm_oss.indexPattern | ||||
|     apm_oss.errorIndices | ||||
|     apm_oss.onboardingIndices | ||||
|     apm_oss.spanIndices | ||||
|     apm_oss.sourcemapIndices | ||||
|     apm_oss.transactionIndices | ||||
|     apm_oss.metricsIndices | ||||
|     telemetry.allowChangingOptInStatus | ||||
|     telemetry.enabled | ||||
|     telemetry.optIn | ||||
|     telemetry.optInStatusUrl | ||||
|     telemetry.sendUsageFrom | ||||
|     vis_builder.enabled | ||||
|     data_source.enabled | ||||
|     data_source.encryption.wrappingKeyName | ||||
|     data_source.encryption.wrappingKeyNamespace | ||||
|     data_source.encryption.wrappingKey | ||||
|     data_source.audit.enabled | ||||
|     data_source.audit.appender.kind | ||||
|     data_source.audit.appender.path | ||||
|     data_source.audit.appender.layout.kind | ||||
|     data_source.audit.appender.layout.highlight | ||||
|     data_source.audit.appender.layout.pattern | ||||
|     ml_commons_dashboards.enabled | ||||
|     assistant.chat.enabled | ||||
|     observability.query_assist.enabled | ||||
|     uiSettings.overrides.defaultRoute | ||||
| ) | ||||
|  | ||||
| print() { | ||||
|   echo -e $1 | ||||
| } | ||||
|  | ||||
| error_and_exit() { | ||||
|   echo "Error executing command: '$1'." | ||||
|   echo 'Exiting.' | ||||
|   exit 1 | ||||
| } | ||||
|  | ||||
| exec_cmd() { | ||||
|   eval $1 > /dev/null 2>&1 || error_and_exit "$1" | ||||
| } | ||||
|  | ||||
| exec_cmd_stdout() { | ||||
|   eval $1 2>&1 || error_and_exit "$1" | ||||
| } | ||||
|  | ||||
| function runOpensearchDashboards { | ||||
|     touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml | ||||
|       for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do | ||||
|         env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) | ||||
|         value=${!env_var} | ||||
|         if [[ -n $value ]]; then | ||||
|           longoptfile="${opensearch_dashboards_var}: ${value}" | ||||
|           if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then | ||||
|             sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml | ||||
|           else | ||||
|             echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml | ||||
|           fi | ||||
|         fi | ||||
|       done | ||||
|  | ||||
|     umask 0002 | ||||
|  | ||||
|     /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \ | ||||
|         --cpu.cgroup.path.override=/ \ | ||||
|         --cpuacct.cgroup.path.override=/ | ||||
| } | ||||
|  | ||||
| mount_files() { | ||||
|   if [ -e $WAZUH_CONFIG_MOUNT/* ] | ||||
|   then | ||||
|     print "Identified Wazuh cdashboard onfiguration files to mount..." | ||||
|     exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR" | ||||
|   else | ||||
|     print "No Wazuh dashboard configuration files to mount..." | ||||
|   fi | ||||
| } | ||||
|  | ||||
| DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}" | ||||
| DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}" | ||||
|  | ||||
| @@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o | ||||
|  | ||||
| /wazuh_app_config.sh $WAZUH_UI_REVISION | ||||
|  | ||||
| /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml | ||||
| mount_files | ||||
|  | ||||
| if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then | ||||
|     set -- opensearch-dashboards "$@" | ||||
| fi | ||||
|  | ||||
| if [ "$1" = "opensearch-dashboards" ]; then | ||||
|     runOpensearchDashboards "$@" | ||||
| else | ||||
|     exec "$@" | ||||
| fi | ||||
|   | ||||
| @@ -19,14 +19,6 @@ COPY config/config.sh . | ||||
|  | ||||
| COPY config/config.yml / | ||||
|  | ||||
| COPY config/action_groups.yml / | ||||
|  | ||||
| COPY config/internal_users.yml / | ||||
|  | ||||
| COPY config/roles_mapping.yml / | ||||
|  | ||||
| COPY config/roles.yml / | ||||
|  | ||||
| RUN bash config.sh | ||||
|  | ||||
| ################################################################################ | ||||
| @@ -43,6 +35,15 @@ ENV USER="wazuh-indexer" \ | ||||
|     NAME="wazuh-indexer" \ | ||||
|     INSTALL_DIR="/usr/share/wazuh-indexer" | ||||
|  | ||||
| # Set $JAVA_HOME | ||||
| RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ | ||||
|     echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh | ||||
| ENV JAVA_HOME="$INSTALL_DIR/jdk" | ||||
| ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin | ||||
|  | ||||
| # Add k-NN lib directory to library loading path variable | ||||
| ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" | ||||
|  | ||||
| RUN yum install curl-minimal shadow-utils findutils hostname -y | ||||
|  | ||||
| RUN getent group $GROUP || groupadd -r -g 1000 $GROUP | ||||
|   | ||||
| @@ -1,12 +0,0 @@ | ||||
| --- | ||||
| _meta: | ||||
|   type: "actiongroups" | ||||
|   config_version: 2 | ||||
|  | ||||
| # ISM API permissions group | ||||
| manage_ism: | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   allowed_actions: | ||||
|   - "cluster:admin/opendistro/ism/*" | ||||
|   static: false | ||||
| @@ -22,8 +22,8 @@ export REPO_DIR=/unattended_installer | ||||
| ## Variables | ||||
| CERT_TOOL=wazuh-certs-tool.sh | ||||
| PASSWORD_TOOL=wazuh-passwords-tool.sh | ||||
| PACKAGES_URL=https://packages.wazuh.com/4.10/ | ||||
| PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.10/ | ||||
| PACKAGES_URL=https://packages.wazuh.com/5.0/ | ||||
| PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ | ||||
|  | ||||
| ## Check if the cert tool exists in S3 buckets | ||||
| CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk  '{print $2}') | ||||
|   | ||||
| @@ -7,12 +7,272 @@ umask 0002 | ||||
| export USER=wazuh-indexer | ||||
| export INSTALLATION_DIR=/usr/share/wazuh-indexer | ||||
| export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR} | ||||
| export JAVA_HOME=${INSTALLATION_DIR}/jdk | ||||
| export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) | ||||
| export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) | ||||
| export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" | ||||
| export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" | ||||
|  | ||||
| opensearch_vars=( | ||||
|     cluster.name | ||||
|     node.name | ||||
|     node.roles | ||||
|     path.data | ||||
|     path.logs | ||||
|     bootstrap.memory_lock | ||||
|     network.host | ||||
|     http.port | ||||
|     transport.port | ||||
|     network.bind_host | ||||
|     network.publish_host | ||||
|     transport.tcp.port | ||||
|     compatibility.override_main_response_version | ||||
|     http.host | ||||
|     http.bind_host | ||||
|     http.publish_host | ||||
|     http.compression | ||||
|     transport.host | ||||
|     transport.bind_host | ||||
|     transport.publish_host | ||||
|     discovery.seed_hosts | ||||
|     discovery.seed_providers | ||||
|     discovery.type | ||||
|     cluster.initial_cluster_manager_nodes | ||||
|     cluster.initial_master_nodes | ||||
|     node.max_local_storage_nodes | ||||
|     gateway.recover_after_nodes | ||||
|     gateway.recover_after_data_nodes | ||||
|     gateway.expected_data_nodes | ||||
|     gateway.recover_after_time | ||||
|     plugins.security.nodes_dn | ||||
|     plugins.security.nodes_dn_dynamic_config_enabled | ||||
|     plugins.security.authcz.admin_dn | ||||
|     plugins.security.roles_mapping_resolution | ||||
|     plugins.security.dls.mode | ||||
|     plugins.security.compliance.salt | ||||
|     config.dynamic.http.anonymous_auth_enabled | ||||
|     plugins.security.restapi.roles_enabled | ||||
|     plugins.security.restapi.password_validation_regex | ||||
|     plugins.security.restapi.password_validation_error_message | ||||
|     plugins.security.restapi.password_min_length | ||||
|     plugins.security.restapi.password_score_based_validation_strength | ||||
|     plugins.security.unsupported.restapi.allow_securityconfig_modification | ||||
|     plugins.security.authcz.impersonation_dn | ||||
|     plugins.security.authcz.rest_impersonation_user | ||||
|     plugins.security.allow_default_init_securityindex | ||||
|     plugins.security.allow_unsafe_democertificates | ||||
|     plugins.security.system_indices.permission.enabled | ||||
|     plugins.security.config_index_name | ||||
|     plugins.security.cert.oid | ||||
|     plugins.security.cert.intercluster_request_evaluator_class | ||||
|     plugins.security.enable_snapshot_restore_privilege | ||||
|     plugins.security.check_snapshot_restore_write_privileges | ||||
|     plugins.security.cache.ttl_minutes | ||||
|     plugins.security.protected_indices.enabled | ||||
|     plugins.security.protected_indices.roles | ||||
|     plugins.security.protected_indices.indices | ||||
|     plugins.security.system_indices.enabled | ||||
|     plugins.security.system_indices.indices | ||||
|     plugins.security.audit.enable_rest | ||||
|     plugins.security.audit.enable_transport | ||||
|     plugins.security.audit.resolve_bulk_requests | ||||
|     plugins.security.audit.config.disabled_categories | ||||
|     plugins.security.audit.ignore_requests | ||||
|     plugins.security.audit.threadpool.size | ||||
|     plugins.security.audit.threadpool.max_queue_len | ||||
|     plugins.security.audit.ignore_users | ||||
|     plugins.security.audit.type | ||||
|     plugins.security.audit.config.http_endpoints | ||||
|     plugins.security.audit.config.index | ||||
|     plugins.security.audit.config.type | ||||
|     plugins.security.audit.config.username | ||||
|     plugins.security.audit.config.password | ||||
|     plugins.security.audit.config.enable_ssl | ||||
|     plugins.security.audit.config.verify_hostnames | ||||
|     plugins.security.audit.config.enable_ssl_client_auth | ||||
|     plugins.security.audit.config.cert_alias | ||||
|     plugins.security.audit.config.pemkey_filepath | ||||
|     plugins.security.audit.config.pemkey_content | ||||
|     plugins.security.audit.config.pemkey_password | ||||
|     plugins.security.audit.config.pemcert_filepath | ||||
|     plugins.security.audit.config.pemcert_content | ||||
|     plugins.security.audit.config.pemtrustedcas_filepath | ||||
|     plugins.security.audit.config.pemtrustedcas_content | ||||
|     plugins.security.audit.config.webhook.url | ||||
|     plugins.security.audit.config.webhook.format | ||||
|     plugins.security.audit.config.webhook.ssl.verify | ||||
|     plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath | ||||
|     plugins.security.audit.config.webhook.ssl.pemtrustedcas_content | ||||
|     plugins.security.audit.config.log4j.logger_name | ||||
|     plugins.security.audit.config.log4j.level | ||||
|     opendistro_security.audit.config.disabled_rest_categories | ||||
|     opendistro_security.audit.config.disabled_transport_categories | ||||
|     plugins.security.ssl.transport.enforce_hostname_verification | ||||
|     plugins.security.ssl.transport.resolve_hostname | ||||
|     plugins.security.ssl.http.clientauth_mode | ||||
|     plugins.security.ssl.http.enabled_ciphers | ||||
|     plugins.security.ssl.http.enabled_protocols | ||||
|     plugins.security.ssl.transport.enabled_ciphers | ||||
|     plugins.security.ssl.transport.enabled_protocols | ||||
|     plugins.security.ssl.transport.keystore_type | ||||
|     plugins.security.ssl.transport.keystore_filepath | ||||
|     plugins.security.ssl.transport.keystore_alias | ||||
|     plugins.security.ssl.transport.keystore_password | ||||
|     plugins.security.ssl.transport.truststore_type | ||||
|     plugins.security.ssl.transport.truststore_filepath | ||||
|     plugins.security.ssl.transport.truststore_alias | ||||
|     plugins.security.ssl.transport.truststore_password | ||||
|     plugins.security.ssl.http.enabled | ||||
|     plugins.security.ssl.http.keystore_type | ||||
|     plugins.security.ssl.http.keystore_filepath | ||||
|     plugins.security.ssl.http.keystore_alias | ||||
|     plugins.security.ssl.http.keystore_password | ||||
|     plugins.security.ssl.http.truststore_type | ||||
|     plugins.security.ssl.http.truststore_filepath | ||||
|     plugins.security.ssl.http.truststore_alias | ||||
|     plugins.security.ssl.http.truststore_password | ||||
|     plugins.security.ssl.transport.enable_openssl_if_available | ||||
|     plugins.security.ssl.http.enable_openssl_if_available | ||||
|     plugins.security.ssl.transport.pemkey_filepath | ||||
|     plugins.security.ssl.transport.pemkey_password | ||||
|     plugins.security.ssl.transport.pemcert_filepath | ||||
|     plugins.security.ssl.transport.pemtrustedcas_filepath | ||||
|     plugins.security.ssl.http.pemkey_filepath | ||||
|     plugins.security.ssl.http.pemkey_password | ||||
|     plugins.security.ssl.http.pemcert_filepath | ||||
|     plugins.security.ssl.http.pemtrustedcas_filepath | ||||
|     plugins.security.ssl.transport.enabled | ||||
|     plugins.security.ssl.transport.client.pemkey_password | ||||
|     plugins.security.ssl.transport.keystore_keypassword | ||||
|     plugins.security.ssl.transport.server.keystore_keypassword | ||||
|     plugins.sercurity.ssl.transport.server.keystore_alias | ||||
|     plugins.sercurity.ssl.transport.client.keystore_alias | ||||
|     plugins.sercurity.ssl.transport.server.truststore_alias | ||||
|     plugins.sercurity.ssl.transport.client.truststore_alias | ||||
|     plugins.security.ssl.client.external_context_id | ||||
|     plugins.secuirty.ssl.transport.principal_extractor_class | ||||
|     plugins.security.ssl.http.crl.file_path | ||||
|     plugins.security.ssl.http.crl.validate | ||||
|     plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp | ||||
|     plugins.security.ssl.http.crl.check_only_end_entitites | ||||
|     plugins.security.ssl.http.crl.disable_ocsp | ||||
|     plugins.security.ssl.http.crl.disable_crldp | ||||
|     plugins.security.ssl.allow_client_initiated_renegotiation | ||||
|     indices.breaker.total.use_real_memory | ||||
|     indices.breaker.total.limit | ||||
|     indices.breaker.fielddata.limit | ||||
|     indices.breaker.fielddata.overhead | ||||
|     indices.breaker.request.limit | ||||
|     indices.breaker.request.overhead | ||||
|     network.breaker.inflight_requests.limit | ||||
|     network.breaker.inflight_requests.overhead | ||||
|     cluster.routing.allocation.enable | ||||
|     cluster.routing.allocation.node_concurrent_incoming_recoveries | ||||
|     cluster.routing.allocation.node_concurrent_outgoing_recoveries | ||||
|     cluster.routing.allocation.node_concurrent_recoveries | ||||
|     cluster.routing.allocation.node_initial_primaries_recoveries | ||||
|     cluster.routing.allocation.same_shard.host | ||||
|     cluster.routing.rebalance.enable | ||||
|     cluster.routing.allocation.allow_rebalance | ||||
|     cluster.routing.allocation.cluster_concurrent_rebalance | ||||
|     cluster.routing.allocation.balance.shard | ||||
|     cluster.routing.allocation.balance.index | ||||
|     cluster.routing.allocation.balance.threshold | ||||
|     cluster.routing.allocation.balance.prefer_primary | ||||
|     cluster.routing.allocation.disk.threshold_enabled | ||||
|     cluster.routing.allocation.disk.watermark.low | ||||
|     cluster.routing.allocation.disk.watermark.high | ||||
|     cluster.routing.allocation.disk.watermark.flood_stage | ||||
|     cluster.info.update.interval | ||||
|     cluster.routing.allocation.shard_movement_strategy | ||||
|     cluster.blocks.read_only | ||||
|     cluster.blocks.read_only_allow_delete | ||||
|     cluster.max_shards_per_node | ||||
|     cluster.persistent_tasks.allocation.enable | ||||
|     cluster.persistent_tasks.allocation.recheck_interval | ||||
|     cluster.search.request.slowlog.threshold.warn | ||||
|     cluster.search.request.slowlog.threshold.info | ||||
|     cluster.search.request.slowlog.threshold.debug | ||||
|     cluster.search.request.slowlog.threshold.trace | ||||
|     cluster.search.request.slowlog.level | ||||
|     cluster.fault_detection.leader_check.timeout | ||||
|     cluster.fault_detection.follower_check.timeout | ||||
|     action.auto_create_index | ||||
|     action.destructive_requires_name | ||||
|     cluster.default.index.refresh_interval | ||||
|     cluster.minimum.index.refresh_interval | ||||
|     cluster.indices.close.enable | ||||
|     indices.recovery.max_bytes_per_sec | ||||
|     indices.recovery.max_concurrent_file_chunks | ||||
|     indices.recovery.max_concurrent_operations | ||||
|     indices.recovery.max_concurrent_remote_store_streams | ||||
|     indices.time_series_index.default_index_merge_policy | ||||
|     indices.fielddata.cache.size | ||||
|     index.number_of_shards | ||||
|     index.number_of_routing_shards | ||||
|     index.shard.check_on_startup | ||||
|     index.codec | ||||
|     index.codec.compression_level | ||||
|     index.routing_partition_size | ||||
|     index.soft_deletes.retention_lease.period | ||||
|     index.load_fixed_bitset_filters_eagerly | ||||
|     index.hidden | ||||
|     index.merge.policy | ||||
|     index.merge_on_flush.enabled | ||||
|     index.merge_on_flush.max_full_flush_merge_wait_time | ||||
|     index.merge_on_flush.policy | ||||
|     index.check_pending_flush.enabled | ||||
|     index.number_of_replicas | ||||
|     index.auto_expand_replicas | ||||
|     index.search.idle.after | ||||
|     index.refresh_interval | ||||
|     index.max_result_window | ||||
|     index.max_inner_result_window | ||||
|     index.max_rescore_window | ||||
|     index.max_docvalue_fields_search | ||||
|     index.max_script_fields | ||||
|     index.max_ngram_diff | ||||
|     index.max_shingle_diff | ||||
|     index.max_refresh_listeners | ||||
|     index.analyze.max_token_count | ||||
|     index.highlight.max_analyzed_offset | ||||
|     index.max_terms_count | ||||
|     index.max_regex_length | ||||
|     index.query.default_field | ||||
|     index.query.max_nested_depth | ||||
|     index.routing.allocation.enable | ||||
|     index.routing.rebalance.enable | ||||
|     index.gc_deletes | ||||
|     index.default_pipeline | ||||
|     index.final_pipeline | ||||
|     index.optimize_doc_id_lookup.fuzzy_set.enabled | ||||
|     index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability | ||||
|     search.max_buckets | ||||
|     search.phase_took_enabled | ||||
|     search.allow_expensive_queries | ||||
|     search.default_allow_partial_results | ||||
|     search.cancel_after_time_interval | ||||
|     search.default_search_timeout | ||||
|     search.default_keep_alive | ||||
|     search.keep_alive_interval | ||||
|     search.max_keep_alive | ||||
|     search.low_level_cancellation | ||||
|     search.max_open_scroll_context | ||||
|     search.request_stats_enabled | ||||
|     search.highlight.term_vector_multi_value | ||||
|     snapshot.max_concurrent_operations | ||||
|     cluster.remote_store.translog.buffer_interval | ||||
|     remote_store.moving_average_window_size | ||||
|     opensearch.notifications.core.allowed_config_types | ||||
|     opensearch.notifications.core.email.minimum_header_length | ||||
|     opensearch.notifications.core.email.size_limit | ||||
|     opensearch.notifications.core.http.connection_timeout | ||||
|     opensearch.notifications.core.http.host_deny_list | ||||
|     opensearch.notifications.core.http.max_connection_per_route | ||||
|     opensearch.notifications.core.http.max_connections | ||||
|     opensearch.notifications.core.http.socket_timeout | ||||
|     opensearch.notifications.core.tooltip_support | ||||
|     opensearch.notifications.general.filter_by_backend_roles | ||||
| ) | ||||
|  | ||||
| run_as_other_user_if_needed() { | ||||
|   if [[ "$(id -u)" == "0" ]]; then | ||||
|     # If running as root, drop to specified UID and run command | ||||
| @@ -24,6 +284,37 @@ run_as_other_user_if_needed() { | ||||
|   fi | ||||
| } | ||||
|  | ||||
| function buildOpensearchConfig { | ||||
|     echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml | ||||
|       for opensearch_var in ${opensearch_vars[*]}; do | ||||
|         env_var=$(echo ${opensearch_var^^} | tr . _) | ||||
|         value=${!env_var} | ||||
|         if [[ -n $value ]]; then | ||||
|           if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then | ||||
|             lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)" | ||||
|             sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml | ||||
|             charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) | ||||
|           fi | ||||
|           while : | ||||
|           do | ||||
|             case "$charline" in | ||||
|               "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;; | ||||
|               *) break;; | ||||
|             esac | ||||
|             charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) | ||||
|           done | ||||
|           longoptfile="${opensearch_var}: ${value}" | ||||
|           if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then | ||||
|             sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml | ||||
|           else | ||||
|             echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml | ||||
|           fi | ||||
|         fi | ||||
|       done | ||||
| } | ||||
|  | ||||
| buildOpensearchConfig | ||||
|  | ||||
| # Allow user specify custom CMD, maybe bin/opensearch itself | ||||
| # for example to directly specify `-E` style parameters for opensearch on k8s | ||||
| # or simply to run /bin/bash to check the image | ||||
| @@ -84,10 +375,4 @@ if [[ "$(id -u)" == "0" ]]; then | ||||
| fi | ||||
|  | ||||
|  | ||||
| #if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then | ||||
|   # run securityadmin.sh for single node with CACERT, CERT and KEY parameter | ||||
| #  nohup /securityadmin.sh & | ||||
| #  touch "/var/lib/wazuh-indexer/.flag" | ||||
| #fi | ||||
|  | ||||
| run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" | ||||
| @@ -1,74 +0,0 @@ | ||||
| --- | ||||
| # This is the internal user database | ||||
| # The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh | ||||
|  | ||||
| _meta: | ||||
|   type: "internalusers" | ||||
|   config_version: 2 | ||||
|  | ||||
| # Define your internal users here | ||||
|  | ||||
| ## Demo users | ||||
|  | ||||
| admin: | ||||
|   hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" | ||||
|   reserved: true | ||||
|   backend_roles: | ||||
|   - "admin" | ||||
|   description: "Demo admin user" | ||||
|  | ||||
| kibanaserver: | ||||
|   hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." | ||||
|   reserved: true | ||||
|   description: "Demo kibanaserver user" | ||||
|  | ||||
| kibanaro: | ||||
|   hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "kibanauser" | ||||
|   - "readall" | ||||
|   attributes: | ||||
|     attribute1: "value1" | ||||
|     attribute2: "value2" | ||||
|     attribute3: "value3" | ||||
|   description: "Demo kibanaro user" | ||||
|  | ||||
| logstash: | ||||
|   hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "logstash" | ||||
|   description: "Demo logstash user" | ||||
|  | ||||
| readall: | ||||
|   hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "readall" | ||||
|   description: "Demo readall user" | ||||
|  | ||||
| snapshotrestore: | ||||
|   hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "snapshotrestore" | ||||
|   description: "Demo snapshotrestore user" | ||||
|  | ||||
| wazuh_admin: | ||||
|   hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu" | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   backend_roles: [] | ||||
|   attributes: {} | ||||
|   opendistro_security_roles: [] | ||||
|   static: false | ||||
|    | ||||
| wazuh_user: | ||||
|   hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO" | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   backend_roles: [] | ||||
|   attributes: {} | ||||
|   opendistro_security_roles: [] | ||||
|   static: false   | ||||
| @@ -1,26 +0,0 @@ | ||||
| network.host: "0.0.0.0" | ||||
| node.name: "wazuh.indexer" | ||||
| path.data: /var/lib/wazuh-indexer | ||||
| path.logs: /var/log/wazuh-indexer | ||||
| discovery.type: single-node | ||||
| compatibility.override_main_response_version: true | ||||
| plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem | ||||
| plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem | ||||
| plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
| plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem | ||||
| plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem | ||||
| plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
| plugins.security.ssl.http.enabled: true | ||||
| plugins.security.ssl.transport.enforce_hostname_verification: false | ||||
| plugins.security.ssl.transport.resolve_hostname: false | ||||
| plugins.security.authcz.admin_dn: | ||||
| - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.check_snapshot_restore_write_privileges: true | ||||
| plugins.security.enable_snapshot_restore_privilege: true | ||||
| plugins.security.nodes_dn: | ||||
| - "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.restapi.roles_enabled: | ||||
| - "all_access" | ||||
| - "security_rest_api_access" | ||||
| plugins.security.system_indices.enabled: true | ||||
| plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] | ||||
| @@ -1,171 +0,0 @@ | ||||
| _meta: | ||||
|   type: "roles" | ||||
|   config_version: 2 | ||||
|  | ||||
| # Restrict users so they can only view visualization and dashboards on kibana | ||||
| kibana_read_only: | ||||
|   reserved: true | ||||
|  | ||||
| # The security REST API access role is used to assign specific users access to change the security settings through the REST API. | ||||
| security_rest_api_access: | ||||
|   reserved: true | ||||
|  | ||||
| # Allows users to view monitors, destinations and alerts | ||||
| alerting_read_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/alerting/alerts/get' | ||||
|     - 'cluster:admin/opendistro/alerting/destination/get' | ||||
|     - 'cluster:admin/opendistro/alerting/monitor/get' | ||||
|     - 'cluster:admin/opendistro/alerting/monitor/search' | ||||
|  | ||||
| # Allows users to view and acknowledge alerts | ||||
| alerting_ack_alerts: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/alerting/alerts/*' | ||||
|  | ||||
| # Allows users to use all alerting functionality | ||||
| alerting_full_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster_monitor' | ||||
|     - 'cluster:admin/opendistro/alerting/*' | ||||
|   index_permissions: | ||||
|     - index_patterns: | ||||
|         - '*' | ||||
|       allowed_actions: | ||||
|         - 'indices_monitor' | ||||
|         - 'indices:admin/aliases/get' | ||||
|         - 'indices:admin/mappings/get' | ||||
|  | ||||
| # Allow users to read Anomaly Detection detectors and results | ||||
| anomaly_read_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/ad/detector/info' | ||||
|     - 'cluster:admin/opendistro/ad/detector/search' | ||||
|     - 'cluster:admin/opendistro/ad/detectors/get' | ||||
|     - 'cluster:admin/opendistro/ad/result/search' | ||||
|     - 'cluster:admin/opendistro/ad/tasks/search' | ||||
|  | ||||
| # Allows users to use all Anomaly Detection functionality | ||||
| anomaly_full_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster_monitor' | ||||
|     - 'cluster:admin/opendistro/ad/*' | ||||
|   index_permissions: | ||||
|     - index_patterns: | ||||
|         - '*' | ||||
|       allowed_actions: | ||||
|         - 'indices_monitor' | ||||
|         - 'indices:admin/aliases/get' | ||||
|         - 'indices:admin/mappings/get' | ||||
|  | ||||
| # Allows users to read Notebooks | ||||
| notebooks_read_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/notebooks/list' | ||||
|     - 'cluster:admin/opendistro/notebooks/get' | ||||
|  | ||||
| # Allows users to all Notebooks functionality | ||||
| notebooks_full_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/notebooks/create' | ||||
|     - 'cluster:admin/opendistro/notebooks/update' | ||||
|     - 'cluster:admin/opendistro/notebooks/delete' | ||||
|     - 'cluster:admin/opendistro/notebooks/get' | ||||
|     - 'cluster:admin/opendistro/notebooks/list' | ||||
|  | ||||
| # Allows users to read and download Reports | ||||
| reports_instances_read_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/reports/instance/list' | ||||
|     - 'cluster:admin/opendistro/reports/instance/get' | ||||
|     - 'cluster:admin/opendistro/reports/menu/download' | ||||
|  | ||||
| # Allows users to read and download Reports and Report-definitions | ||||
| reports_read_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/reports/definition/get' | ||||
|     - 'cluster:admin/opendistro/reports/definition/list' | ||||
|     - 'cluster:admin/opendistro/reports/instance/list' | ||||
|     - 'cluster:admin/opendistro/reports/instance/get' | ||||
|     - 'cluster:admin/opendistro/reports/menu/download' | ||||
|  | ||||
| # Allows users to all Reports functionality | ||||
| reports_full_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/reports/definition/create' | ||||
|     - 'cluster:admin/opendistro/reports/definition/update' | ||||
|     - 'cluster:admin/opendistro/reports/definition/on_demand' | ||||
|     - 'cluster:admin/opendistro/reports/definition/delete' | ||||
|     - 'cluster:admin/opendistro/reports/definition/get' | ||||
|     - 'cluster:admin/opendistro/reports/definition/list' | ||||
|     - 'cluster:admin/opendistro/reports/instance/list' | ||||
|     - 'cluster:admin/opendistro/reports/instance/get' | ||||
|     - 'cluster:admin/opendistro/reports/menu/download' | ||||
|  | ||||
| # Allows users to use all asynchronous-search functionality | ||||
| asynchronous_search_full_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/asynchronous_search/*' | ||||
|   index_permissions: | ||||
|     - index_patterns: | ||||
|         - '*' | ||||
|       allowed_actions: | ||||
|         - 'indices:data/read/search*' | ||||
|  | ||||
| # Allows users to read stored asynchronous-search results | ||||
| asynchronous_search_read_access: | ||||
|   reserved: true | ||||
|   cluster_permissions: | ||||
|     - 'cluster:admin/opendistro/asynchronous_search/get' | ||||
|  | ||||
| wazuh_ui_user: | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   cluster_permissions: [] | ||||
|   index_permissions: | ||||
|   - index_patterns: | ||||
|     - "wazuh-*" | ||||
|     dls: "" | ||||
|     fls: [] | ||||
|     masked_fields: [] | ||||
|     allowed_actions: | ||||
|     - "read" | ||||
|   tenant_permissions: [] | ||||
|   static: false | ||||
|  | ||||
| wazuh_ui_admin: | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   cluster_permissions: [] | ||||
|   index_permissions: | ||||
|   - index_patterns: | ||||
|     - "wazuh-*" | ||||
|     dls: "" | ||||
|     fls: [] | ||||
|     masked_fields: [] | ||||
|     allowed_actions: | ||||
|     - "read" | ||||
|     - "delete" | ||||
|     - "manage" | ||||
|     - "index" | ||||
|   tenant_permissions: [] | ||||
|   static: false | ||||
|  | ||||
| # ISM API permissions role | ||||
| manage_ism: | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   cluster_permissions: | ||||
|   - "manage_ism" | ||||
|   static: false | ||||
| @@ -1,78 +0,0 @@ | ||||
| --- | ||||
| # In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles. | ||||
| # Permissions for Wazuh indexer roles are configured in roles.yml | ||||
|  | ||||
| _meta: | ||||
|   type: "rolesmapping" | ||||
|   config_version: 2 | ||||
|  | ||||
| # Define your roles mapping here | ||||
|  | ||||
| ## Demo roles mapping | ||||
|  | ||||
| all_access: | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "admin" | ||||
|   description: "Maps admin to all_access" | ||||
|  | ||||
| own_index: | ||||
|   reserved: false | ||||
|   users: | ||||
|   - "*" | ||||
|   description: "Allow full access to an index named like the username" | ||||
|  | ||||
| logstash: | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "logstash" | ||||
|  | ||||
| kibana_user: | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "kibanauser" | ||||
|   users: | ||||
|   - "wazuh_user" | ||||
|   - "wazuh_admin" | ||||
|   description: "Maps kibanauser to kibana_user" | ||||
|  | ||||
| readall: | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "readall" | ||||
|  | ||||
| manage_snapshots: | ||||
|   reserved: false | ||||
|   backend_roles: | ||||
|   - "snapshotrestore" | ||||
|  | ||||
| kibana_server: | ||||
|   reserved: true | ||||
|   users: | ||||
|   - "kibanaserver" | ||||
|  | ||||
| wazuh_ui_admin: | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   backend_roles: [] | ||||
|   hosts: [] | ||||
|   users: | ||||
|   - "wazuh_admin" | ||||
|   - "kibanaserver" | ||||
|   and_backend_roles: [] | ||||
|  | ||||
| wazuh_ui_user: | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   backend_roles: [] | ||||
|   hosts: [] | ||||
|   users: | ||||
|   - "wazuh_user" | ||||
|   and_backend_roles: [] | ||||
|  | ||||
| # ISM API permissions role mapping | ||||
| manage_ism: | ||||
|   reserved: true | ||||
|   hidden: false | ||||
|   users: | ||||
|   - "kibanaserver" | ||||
| @@ -82,11 +82,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/orm.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/utils.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/db/__init__.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_utils.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/__init__.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/analytics.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/graph.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure_services/storage.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud" | ||||
| @@ -94,9 +89,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py" | ||||
| PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py" | ||||
| export PERMANENT_DATA_EXCP | ||||
|  | ||||
| # Files mounted in a volume that should be deleted | ||||
|   | ||||
| @@ -1,9 +0,0 @@ | ||||
| # Certificate creation image build | ||||
|  | ||||
| The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks. | ||||
|  | ||||
| To create the image, the following command must be executed: | ||||
|  | ||||
| ``` | ||||
| $ docker build -t wazuh/wazuh-certs-generator:0.0.1 . | ||||
| ``` | ||||
| @@ -354,7 +354,7 @@ docker container run --rm -it \ | ||||
| ``` | ||||
| git checkout 4.4 | ||||
| cd multi-node | ||||
| docker-compose -f generate-indexer-certs.yml run --rm generator | ||||
| docker-compose -f generate-certs.yml run --rm generator | ||||
| docker-compose up -d | ||||
| ``` | ||||
|  | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| # Deploy Wazuh Docker in multi node configuration | ||||
|  | ||||
| This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps:  | ||||
| This deployment is defined in the `docker-compose.yml` file with two Wazuh manager containers, three Wazuh indexer containers, and one Wazuh dashboard container. It can be deployed by following these steps: | ||||
|  | ||||
| 1) Increase max_map_count on your host (Linux). This command must be run with root permissions: | ||||
| ``` | ||||
| @@ -8,18 +8,18 @@ $ sysctl -w vm.max_map_count=262144 | ||||
| ``` | ||||
| 2) Run the certificate creation script: | ||||
| ``` | ||||
| $ docker-compose -f generate-indexer-certs.yml run --rm generator | ||||
| $ docker compose -f generate-certs.yml run --rm generator | ||||
| ``` | ||||
| 3) Start the environment with docker-compose: | ||||
| 3) Start the environment with docker compose: | ||||
|  | ||||
| - In the foregroud: | ||||
| ``` | ||||
| $ docker-compose up | ||||
| $ docker compose up | ||||
| ``` | ||||
|  | ||||
| - In the background: | ||||
| ``` | ||||
| $ docker-compose up -d | ||||
| $ docker compose up -d | ||||
| ``` | ||||
|  | ||||
|  | ||||
|   | ||||
| @@ -1,12 +0,0 @@ | ||||
| server.host: 0.0.0.0 | ||||
| server.port: 5601 | ||||
| opensearch.hosts: https://wazuh1.indexer:9200 | ||||
| opensearch.ssl.verificationMode: certificate | ||||
| opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] | ||||
| opensearch_security.multitenancy.enabled: false | ||||
| opensearch_security.readonly_mode.roles: ["kibana_read_only"] | ||||
| server.ssl.enabled: true | ||||
| server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" | ||||
| server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" | ||||
| opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] | ||||
| uiSettings.overrides.defaultRoute: /app/wz-home | ||||
| @@ -1,38 +0,0 @@ | ||||
| network.host: wazuh1.indexer | ||||
| node.name: wazuh1.indexer | ||||
| cluster.initial_master_nodes: | ||||
|         - wazuh1.indexer | ||||
|         - wazuh2.indexer | ||||
|         - wazuh3.indexer | ||||
| cluster.name: "wazuh-cluster" | ||||
| discovery.seed_hosts: | ||||
|         - wazuh1.indexer | ||||
|         - wazuh2.indexer | ||||
|         - wazuh3.indexer | ||||
| node.max_local_storage_nodes: "3" | ||||
| path.data: /var/lib/wazuh-indexer | ||||
| path.logs: /var/log/wazuh-indexer | ||||
| plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem | ||||
| plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key | ||||
| plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem | ||||
| plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem | ||||
| plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key | ||||
| plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem | ||||
| plugins.security.ssl.http.enabled: true | ||||
| plugins.security.ssl.transport.enforce_hostname_verification: false | ||||
| plugins.security.ssl.transport.resolve_hostname: false | ||||
| plugins.security.authcz.admin_dn: | ||||
| - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.check_snapshot_restore_write_privileges: true | ||||
| plugins.security.enable_snapshot_restore_privilege: true | ||||
| plugins.security.nodes_dn: | ||||
| - "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.restapi.roles_enabled: | ||||
| - "all_access" | ||||
| - "security_rest_api_access" | ||||
| plugins.security.allow_default_init_securityindex: true | ||||
| cluster.routing.allocation.disk.threshold_enabled: false | ||||
| compatibility.override_main_response_version: true | ||||
| @@ -1,38 +0,0 @@ | ||||
| network.host: wazuh2.indexer | ||||
| node.name: wazuh2.indexer | ||||
| cluster.initial_master_nodes: | ||||
|         - wazuh1.indexer | ||||
|         - wazuh2.indexer | ||||
|         - wazuh3.indexer | ||||
| cluster.name: "wazuh-cluster" | ||||
| discovery.seed_hosts: | ||||
|         - wazuh1.indexer | ||||
|         - wazuh2.indexer | ||||
|         - wazuh3.indexer | ||||
| node.max_local_storage_nodes: "3" | ||||
| path.data: /var/lib/wazuh-indexer | ||||
| path.logs: /var/log/wazuh-indexer | ||||
| plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem | ||||
| plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key | ||||
| plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem | ||||
| plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem | ||||
| plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key | ||||
| plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem | ||||
| plugins.security.ssl.http.enabled: true | ||||
| plugins.security.ssl.transport.enforce_hostname_verification: false | ||||
| plugins.security.ssl.transport.resolve_hostname: false | ||||
| plugins.security.authcz.admin_dn: | ||||
| - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.check_snapshot_restore_write_privileges: true | ||||
| plugins.security.enable_snapshot_restore_privilege: true | ||||
| plugins.security.nodes_dn: | ||||
| - "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.restapi.roles_enabled: | ||||
| - "all_access" | ||||
| - "security_rest_api_access" | ||||
| plugins.security.allow_default_init_securityindex: true | ||||
| cluster.routing.allocation.disk.threshold_enabled: false | ||||
| compatibility.override_main_response_version: true | ||||
| @@ -1,38 +0,0 @@ | ||||
| network.host: wazuh3.indexer | ||||
| node.name: wazuh3.indexer | ||||
| cluster.initial_master_nodes: | ||||
|         - wazuh1.indexer | ||||
|         - wazuh2.indexer | ||||
|         - wazuh3.indexer | ||||
| cluster.name: "wazuh-cluster" | ||||
| discovery.seed_hosts: | ||||
|         - wazuh1.indexer | ||||
|         - wazuh2.indexer | ||||
|         - wazuh3.indexer | ||||
| node.max_local_storage_nodes: "3" | ||||
| path.data: /var/lib/wazuh-indexer | ||||
| path.logs: /var/log/wazuh-indexer | ||||
| plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem | ||||
| plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key | ||||
| plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem | ||||
| plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem | ||||
| plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key | ||||
| plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem | ||||
| plugins.security.ssl.http.enabled: true | ||||
| plugins.security.ssl.transport.enforce_hostname_verification: false | ||||
| plugins.security.ssl.transport.resolve_hostname: false | ||||
| plugins.security.authcz.admin_dn: | ||||
| - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.check_snapshot_restore_write_privileges: true | ||||
| plugins.security.enable_snapshot_restore_privilege: true | ||||
| plugins.security.nodes_dn: | ||||
| - "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| - "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
| plugins.security.restapi.roles_enabled: | ||||
| - "all_access" | ||||
| - "security_rest_api_access" | ||||
| plugins.security.allow_default_init_securityindex: true | ||||
| cluster.routing.allocation.disk.threshold_enabled: false | ||||
| compatibility.override_main_response_version: true | ||||
| @@ -3,7 +3,7 @@ version: '3.7' | ||||
|  | ||||
| services: | ||||
|   wazuh.master: | ||||
|     image: wazuh/wazuh-manager:4.10.2 | ||||
|     image: wazuh/wazuh-manager:5.0.0 | ||||
|     hostname: wazuh.master | ||||
|     restart: always | ||||
|     ulimits: | ||||
| @@ -18,15 +18,15 @@ services: | ||||
|       - "514:514/udp" | ||||
|       - "55000:55000" | ||||
|     environment: | ||||
|       - INDEXER_URL=https://wazuh1.indexer:9200 | ||||
|       - INDEXER_USERNAME=admin | ||||
|       - INDEXER_PASSWORD=SecretPassword | ||||
|       - FILEBEAT_SSL_VERIFICATION_MODE=full | ||||
|       - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem | ||||
|       - SSL_CERTIFICATE=/etc/ssl/filebeat.pem | ||||
|       - SSL_KEY=/etc/ssl/filebeat.key | ||||
|       - API_USERNAME=wazuh-wui | ||||
|       - API_PASSWORD=MyS3cr37P450r.*- | ||||
|       INDEXER_URL: https://wazuh1.indexer:9200 | ||||
|       INDEXER_USERNAME: admin | ||||
|       INDEXER_PASSWORD: admin | ||||
|       FILEBEAT_SSL_VERIFICATION_MODE: full | ||||
|       SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem | ||||
|       SSL_CERTIFICATE: /etc/ssl/filebeat.pem | ||||
|       SSL_KEY: /etc/ssl/filebeat.key | ||||
|       API_USERNAME: wazuh-wui | ||||
|       API_PASSWORD: MyS3cr37P450r.*- | ||||
|     volumes: | ||||
|       - master-wazuh-api-configuration:/var/ossec/api/configuration | ||||
|       - master-wazuh-etc:/var/ossec/etc | ||||
| @@ -45,7 +45,7 @@ services: | ||||
|       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf | ||||
|  | ||||
|   wazuh.worker: | ||||
|     image: wazuh/wazuh-manager:4.10.2 | ||||
|     image: wazuh/wazuh-manager:5.0.0 | ||||
|     hostname: wazuh.worker | ||||
|     restart: always | ||||
|     ulimits: | ||||
| @@ -56,13 +56,13 @@ services: | ||||
|         soft: 655360 | ||||
|         hard: 655360 | ||||
|     environment: | ||||
|       - INDEXER_URL=https://wazuh1.indexer:9200 | ||||
|       - INDEXER_USERNAME=admin | ||||
|       - INDEXER_PASSWORD=SecretPassword | ||||
|       - FILEBEAT_SSL_VERIFICATION_MODE=full | ||||
|       - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem | ||||
|       - SSL_CERTIFICATE=/etc/ssl/filebeat.pem | ||||
|       - SSL_KEY=/etc/ssl/filebeat.key | ||||
|       INDEXER_URL: https://wazuh1.indexer:9200 | ||||
|       INDEXER_USERNAME: admin | ||||
|       INDEXER_PASSWORD: admin | ||||
|       FILEBEAT_SSL_VERIFICATION_MODE: full | ||||
|       SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem | ||||
|       SSL_CERTIFICATE: /etc/ssl/filebeat.pem | ||||
|       SSL_KEY: /etc/ssl/filebeat.key | ||||
|     volumes: | ||||
|       - worker-wazuh-api-configuration:/var/ossec/api/configuration | ||||
|       - worker-wazuh-etc:/var/ossec/etc | ||||
| @@ -81,14 +81,9 @@ services: | ||||
|       - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf | ||||
|  | ||||
|   wazuh1.indexer: | ||||
|     image: wazuh/wazuh-indexer:4.10.2 | ||||
|     image: wazuh/wazuh-indexer:5.0.0 | ||||
|     hostname: wazuh1.indexer | ||||
|     restart: always | ||||
|     ports: | ||||
|       - "9200:9200" | ||||
|     environment: | ||||
|       - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" | ||||
|       - "bootstrap.memory_lock=true" | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
| @@ -96,6 +91,38 @@ services: | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     ports: | ||||
|       - "9200:9200" | ||||
|     environment: | ||||
|       OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" | ||||
|       bootstrap.memory_lock: "true" | ||||
|       NETWORK_HOST: wazuh1.indexer | ||||
|       NODE_NAME: wazuh1.indexer | ||||
|       CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' | ||||
|       CLUSTER_NAME: "wazuh-cluster" | ||||
|       DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' | ||||
|       NODE_MAX_LOCAL_STORAGE_NODES: "3" | ||||
|       PATH_DATA: /var/lib/wazuh-indexer | ||||
|       PATH_LOGS: /var/log/wazuh-indexer | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" | ||||
|       PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
|       PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" | ||||
|       PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" | ||||
|       PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' | ||||
|       PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' | ||||
|       PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" | ||||
|       CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" | ||||
|       COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" | ||||
|     volumes: | ||||
|       - wazuh-indexer-data-1:/var/lib/wazuh-indexer | ||||
|       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem | ||||
| @@ -103,16 +130,13 @@ services: | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem | ||||
|       - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml | ||||
|       #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables | ||||
|       # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|  | ||||
|   wazuh2.indexer: | ||||
|     image: wazuh/wazuh-indexer:4.10.2 | ||||
|     image: wazuh/wazuh-indexer:5.0.0 | ||||
|     hostname: wazuh2.indexer | ||||
|     restart: always | ||||
|     environment: | ||||
|       - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" | ||||
|       - "bootstrap.memory_lock=true" | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
| @@ -120,21 +144,48 @@ services: | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     environment: | ||||
|       OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" | ||||
|       bootstrap.memory_lock: "true" | ||||
|       NETWORK_HOST: wazuh2.indexer | ||||
|       NODE_NAME: wazuh2.indexer | ||||
|       CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' | ||||
|       CLUSTER_NAME: "wazuh-cluster" | ||||
|       DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' | ||||
|       NODE_MAX_LOCAL_STORAGE_NODES: "3" | ||||
|       PATH_DATA: /var/lib/wazuh-indexer | ||||
|       PATH_LOGS: /var/log/wazuh-indexer | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" | ||||
|       PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
|       PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" | ||||
|       PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" | ||||
|       PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' | ||||
|       PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' | ||||
|       PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" | ||||
|       CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" | ||||
|       COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" | ||||
|     volumes: | ||||
|       - wazuh-indexer-data-2:/var/lib/wazuh-indexer | ||||
|       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem | ||||
|       - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml | ||||
|       #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables | ||||
|       # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|  | ||||
|   wazuh3.indexer: | ||||
|     image: wazuh/wazuh-indexer:4.10.2 | ||||
|     image: wazuh/wazuh-indexer:5.0.0 | ||||
|     hostname: wazuh3.indexer | ||||
|     restart: always | ||||
|     environment: | ||||
|       - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" | ||||
|       - "bootstrap.memory_lock=true" | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
| @@ -142,35 +193,84 @@ services: | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     environment: | ||||
|       OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" | ||||
|       bootstrap.memory_lock: "true" | ||||
|       NETWORK_HOST: wazuh3.indexer | ||||
|       NODE_NAME: wazuh3.indexer | ||||
|       CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' | ||||
|       CLUSTER_NAME: "wazuh-cluster" | ||||
|       DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' | ||||
|       NODE_MAX_LOCAL_STORAGE_NODES: "3" | ||||
|       PATH_DATA: /var/lib/wazuh-indexer | ||||
|       PATH_LOGS: /var/log/wazuh-indexer | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" | ||||
|       PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
|       PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" | ||||
|       PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" | ||||
|       PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' | ||||
|       PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' | ||||
|       PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" | ||||
|       CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" | ||||
|       COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" | ||||
|     volumes: | ||||
|       - wazuh-indexer-data-3:/var/lib/wazuh-indexer | ||||
|       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem | ||||
|       - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml | ||||
|       #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables | ||||
|       # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|  | ||||
|   wazuh.dashboard: | ||||
|     image: wazuh/wazuh-dashboard:4.10.2 | ||||
|     image: wazuh/wazuh-dashboard:5.0.0 | ||||
|     hostname: wazuh.dashboard | ||||
|     restart: always | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     ports: | ||||
|       - 443:5601 | ||||
|     environment: | ||||
|       - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" | ||||
|       - WAZUH_API_URL="https://wazuh.master" | ||||
|       - API_USERNAME=wazuh-wui | ||||
|       - API_PASSWORD=MyS3cr37P450r.*- | ||||
|       - DASHBOARD_USERNAME=kibanaserver | ||||
|       - DASHBOARD_PASSWORD=kibanaserver | ||||
|       OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200" | ||||
|       WAZUH_API_URL: "https://wazuh.master" | ||||
|       API_USERNAME: wazuh-wui | ||||
|       API_PASSWORD: MyS3cr37P450r.*- | ||||
|       DASHBOARD_USERNAME: kibanaserver | ||||
|       DASHBOARD_PASSWORD: kibanaserver | ||||
|       SERVER_HOST: "0.0.0.0" | ||||
|       SERVER_PORT: "5601" | ||||
|       OPENSEARCH_SSL_VERIFICATIONMODE: certificate | ||||
|       OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' | ||||
|       OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" | ||||
|       SERVER_SSL_ENABLED: "true" | ||||
|       OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' | ||||
|       SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" | ||||
|       SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" | ||||
|       OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' | ||||
|       UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home | ||||
|     volumes: | ||||
|       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config | ||||
|       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem | ||||
|       - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml | ||||
|       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml | ||||
|       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config | ||||
|       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom | ||||
|       #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables | ||||
|       # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml | ||||
|     depends_on: | ||||
|       - wazuh1.indexer | ||||
|     links: | ||||
|   | ||||
| @@ -1,10 +1,9 @@ | ||||
| # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) | ||||
| version: '3' | ||||
| 
 | ||||
| services: | ||||
|   generator: | ||||
|     image: wazuh/wazuh-certs-generator:0.0.2 | ||||
|     hostname: wazuh-certs-generator | ||||
|     image: wazuh/wazuh-cert-tool:5.0.0 | ||||
|     hostname: wazuh-cert-tool | ||||
|     container_name: wazuh-cert-tool | ||||
|     volumes: | ||||
|       - ./config/wazuh_indexer_ssl_certs/:/certificates/ | ||||
|       - ./config/certs.yml:/config/certs.yml | ||||
|       - ./config/certs.yml:/config/certs.yml | ||||
| @@ -8,17 +8,17 @@ $ sysctl -w vm.max_map_count=262144 | ||||
| ``` | ||||
| 2) Run the certificate creation script: | ||||
| ``` | ||||
| $ docker-compose -f generate-indexer-certs.yml run --rm generator | ||||
| $ docker compose -f generate-certs.yml run --rm generator | ||||
| ``` | ||||
| 3) Start the environment with docker-compose: | ||||
| 3) Start the environment with docker compose: | ||||
|  | ||||
| - In the foregroud: | ||||
| ``` | ||||
| $ docker-compose up | ||||
| $ docker compose up | ||||
| ``` | ||||
| - In the background: | ||||
| ``` | ||||
| $ docker-compose up -d | ||||
| $ docker compose up -d | ||||
| ``` | ||||
|  | ||||
| The environment takes about 1 minute to get up (depending on your Docker host) for the first time since Wazuh Indexer must be started for the first time and the indexes and index patterns must be generated. | ||||
|   | ||||
| @@ -3,7 +3,7 @@ version: '3.7' | ||||
|  | ||||
| services: | ||||
|   wazuh.manager: | ||||
|     image: wazuh/wazuh-manager:4.10.2 | ||||
|     image: wazuh/wazuh-manager:5.0.0 | ||||
|     hostname: wazuh.manager | ||||
|     restart: always | ||||
|     ulimits: | ||||
| @@ -19,15 +19,15 @@ services: | ||||
|       - "514:514/udp" | ||||
|       - "55000:55000" | ||||
|     environment: | ||||
|       - INDEXER_URL=https://wazuh.indexer:9200 | ||||
|       - INDEXER_USERNAME=admin | ||||
|       - INDEXER_PASSWORD=SecretPassword | ||||
|       - FILEBEAT_SSL_VERIFICATION_MODE=full | ||||
|       - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem | ||||
|       - SSL_CERTIFICATE=/etc/ssl/filebeat.pem | ||||
|       - SSL_KEY=/etc/ssl/filebeat.key | ||||
|       - API_USERNAME=wazuh-wui | ||||
|       - API_PASSWORD=MyS3cr37P450r.*- | ||||
|       INDEXER_URL: https://wazuh.indexer:9200 | ||||
|       INDEXER_USERNAME: admin | ||||
|       INDEXER_PASSWORD: admin | ||||
|       FILEBEAT_SSL_VERIFICATION_MODE: full | ||||
|       SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem | ||||
|       SSL_CERTIFICATE: /etc/ssl/filebeat.pem | ||||
|       SSL_KEY: /etc/ssl/filebeat.key | ||||
|       API_USERNAME: wazuh-wui | ||||
|       API_PASSWORD: MyS3cr37P450r.*- | ||||
|     volumes: | ||||
|       - wazuh_api_configuration:/var/ossec/api/configuration | ||||
|       - wazuh_etc:/var/ossec/etc | ||||
| @@ -46,13 +46,9 @@ services: | ||||
|       - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf | ||||
|  | ||||
|   wazuh.indexer: | ||||
|     image: wazuh/wazuh-indexer:4.10.2 | ||||
|     image: wazuh/wazuh-indexer:5.0.0 | ||||
|     hostname: wazuh.indexer | ||||
|     restart: always | ||||
|     ports: | ||||
|       - "9200:9200" | ||||
|     environment: | ||||
|       - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
| @@ -60,6 +56,37 @@ services: | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     ports: | ||||
|       - "9200:9200" | ||||
|     environment: | ||||
|       OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" | ||||
|       bootstrap.memory_lock: "true" | ||||
|       NODE_NAME: "wazuh.indexer" | ||||
|       CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer" | ||||
|       CLUSTER_NAME: "wazuh-cluster" | ||||
|       PATH_DATA: /var/lib/wazuh-indexer | ||||
|       PATH_LOGS: /var/log/wazuh-indexer | ||||
|       HTTP_PORT: 9200-9299 | ||||
|       TRANSPORT_TCP_PORT: 9300-9399 | ||||
|       COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem | ||||
|       PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" | ||||
|       PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" | ||||
|       PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
|       PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" | ||||
|       PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" | ||||
|       PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" | ||||
|       PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" | ||||
|       PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' | ||||
|       PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" | ||||
|       CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" | ||||
|     volumes: | ||||
|       - wazuh-indexer-data:/var/lib/wazuh-indexer | ||||
|       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem | ||||
| @@ -67,31 +94,49 @@ services: | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem | ||||
|       - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|       - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml | ||||
|       #  if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables | ||||
|       # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml | ||||
|  | ||||
|   wazuh.dashboard: | ||||
|     image: wazuh/wazuh-dashboard:4.10.2 | ||||
|     image: wazuh/wazuh-dashboard:5.0.0 | ||||
|     hostname: wazuh.dashboard | ||||
|     restart: always | ||||
|     ulimits: | ||||
|       memlock: | ||||
|         soft: -1 | ||||
|         hard: -1 | ||||
|       nofile: | ||||
|         soft: 65536 | ||||
|         hard: 65536 | ||||
|     ports: | ||||
|       - 443:5601 | ||||
|     environment: | ||||
|       - INDEXER_USERNAME=admin | ||||
|       - INDEXER_PASSWORD=SecretPassword | ||||
|       - WAZUH_API_URL=https://wazuh.manager | ||||
|       - DASHBOARD_USERNAME=kibanaserver | ||||
|       - DASHBOARD_PASSWORD=kibanaserver | ||||
|       - API_USERNAME=wazuh-wui | ||||
|       - API_PASSWORD=MyS3cr37P450r.*- | ||||
|       WAZUH_API_URL: https://wazuh.manager | ||||
|       DASHBOARD_USERNAME: kibanaserver | ||||
|       DASHBOARD_PASSWORD: kibanaserver | ||||
|       API_USERNAME: wazuh-wui | ||||
|       API_PASSWORD: MyS3cr37P450r.*- | ||||
|       SERVER_HOST: 0.0.0.0 | ||||
|       SERVER_PORT: 5601 | ||||
|       OPENSEARCH_HOSTS: https://wazuh.indexer:9200 | ||||
|       OPENSEARCH_SSL_VERIFICATIONMODE: certificate | ||||
|       OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' | ||||
|       OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" | ||||
|       SERVER_SSL_ENABLED: "true" | ||||
|       OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' | ||||
|       SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" | ||||
|       SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" | ||||
|       OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' | ||||
|       UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home | ||||
|     volumes: | ||||
|       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config | ||||
|       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem | ||||
|       - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem | ||||
|       - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml | ||||
|       - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml | ||||
|       - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config | ||||
|       - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom | ||||
|       - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml | ||||
|       #  if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables | ||||
|       # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml | ||||
|     depends_on: | ||||
|       - wazuh.indexer | ||||
|     links: | ||||
|   | ||||
| @@ -1,10 +1,10 @@ | ||||
| # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) | ||||
| version: '3' | ||||
| 
 | ||||
| services: | ||||
|   generator: | ||||
|     image: wazuh/wazuh-certs-generator:0.0.2 | ||||
|     hostname: wazuh-certs-generator | ||||
|     image: wazuh/wazuh-cert-tool:5.0.0 | ||||
|     hostname: wazuh-cert-tool | ||||
|     container_name: wazuh-cert-tool | ||||
|     volumes: | ||||
|       - ./config/wazuh_indexer_ssl_certs/:/certificates/ | ||||
|       - ./config/certs.yml:/config/certs.yml | ||||
| 
 | ||||
		Reference in New Issue
	
	Block a user