Compare commits

...

194 Commits

Author SHA1 Message Date
David Correa Rodríguez
829e43511e Merge pull request #1384 from wazuh/enhancement/revert-image-tag
Reverted image tag for 4.8.0-rc4
2024-06-06 09:36:01 +02:00
David Correa Rodríguez
e759449ca2 Reverted image tag for 4.8.0-rc4 2024-06-06 09:23:18 +02:00
David Correa Rodríguez
86845841c7 Merge pull request #1383 from wazuh/enhancement/change-image-tag
Changed image tag for 4.8.0-rc4
2024-06-06 09:20:19 +02:00
David Correa Rodríguez
b9c6d1b0dc Changed image tag for 4.8.0-rc4 2024-06-06 09:17:46 +02:00
David Correa Rodríguez
7974ed0e04 Merge pull request #1382 from wazuh/enhancement/bump-revision-40812
Bumped revision to 40812
2024-06-06 09:13:30 +02:00
David Correa Rodríguez
d7d12521d2 Bumped revision to 40812 2024-06-06 09:04:49 +02:00
Gonzalo Acuña
53d1ad8e3e Merge pull request #1373 from wazuh/merge-4.7.5-into-4.8.0
Merge 4.7.5 into 4.8.0
2024-05-31 10:34:38 -03:00
vcerenu
f63c34d73b merge 4.7.5 into 4.8.0 2024-05-31 10:08:21 -03:00
Carlos Bordon
e60187803c Merge pull request #1366 from wazuh/1363-rollback-image-version
Rollback image version rc2
2024-05-29 12:30:57 -03:00
vcerenu
842180baa6 rollback image version 2024-05-29 12:22:43 -03:00
Carlos Bordon
f0488805a4 Merge pull request #1365 from wazuh/1363-commit-image-version
Commit image version rc2
2024-05-29 12:15:40 -03:00
vcerenu
ac6d9e576c commit image version 2024-05-29 12:02:50 -03:00
Carlos Bordon
2b44780605 Merge pull request #1364 from wazuh/1363-bump-revision
Bump revision rc2
2024-05-29 11:55:12 -03:00
vcerenu
c6b38e3de9 bump revision 2024-05-29 11:39:04 -03:00
David Correa Rodríguez
cfa0a220d6 Merge pull request #1360 from wazuh/1357-rollback-image-version
Rollback image version rc3
2024-05-24 09:53:14 +02:00
vcerenu
2125b08544 rollback image version 2024-05-24 04:46:12 -03:00
David Correa Rodríguez
98c0431498 Merge pull request #1359 from wazuh/1357-commit-image-version 2024-05-24 09:39:17 +02:00
vcerenu
e95dd33a89 commit image version 2024-05-24 04:36:20 -03:00
David Correa Rodríguez
817e864977 Merge pull request #1358 from wazuh/1357-bump-revision 2024-05-24 09:29:43 +02:00
vcerenu
78048b6a65 bump revision 2024-05-24 04:23:46 -03:00
Carlos Bordon
169d24af64 Merge pull request #1355 from wazuh/merge-4.7.5-into-4.8.0
Merge 4.7.5 into 4.8.0
2024-05-22 15:02:29 -03:00
Gonzalo Acuña
042d0bf075 Merge branch '4.8.0' into merge-4.7.5-into-4.8.0 2024-05-22 14:58:27 -03:00
Carlos Bordon
bac9daa337 Merge pull request #1354 from wazuh/1348-revert-tag
Revert docker image tag
2024-05-22 14:40:41 -03:00
Gonzalo Acuña
2c39ce5303 Revert docker image tag 2024-05-22 14:31:10 -03:00
Carlos Bordon
9487dd592e Merge pull request #1353 from wazuh/1348-change-tag
Change docker image tag
2024-05-22 14:19:29 -03:00
Gonzalo Acuña
a55eb7f14a Change docker image tag 2024-05-22 14:15:51 -03:00
Carlos Bordon
b0d14dca28 Merge pull request #1352 from wazuh/1348-bump-revision
Bump revision
2024-05-22 14:05:38 -03:00
Gonzalo Acuña
f96b340074 Bump revision 2024-05-22 13:57:22 -03:00
Gonzalo Acuña
2b25f362fd Merge pull request #1351 from wazuh/1348-rollback-image-version
Rollback rc1 image version
2024-05-22 12:05:17 -03:00
vcerenu
2e18b6a873 Rollback image version 2024-05-22 11:55:43 -03:00
Gonzalo Acuña
2bd7c0d6f1 Merge pull request #1350 from wazuh/1348-commit-image-version
Commit rc1 image version
2024-05-22 11:50:36 -03:00
vcerenu
ec69c20413 commit image version 2024-05-22 11:44:13 -03:00
Gonzalo Acuña
7df0ee2a22 Merge pull request #1345 from wazuh/bump-4.7.5-version
Bump 4.7.5 version
2024-05-15 07:27:47 -03:00
vcerenu
db89d2154f bump 4.7.5 version 2024-05-15 07:04:04 -03:00
David Correa Rodríguez
824265943f Merge pull request #1342 from wazuh/rollback-image-tag
Rollback image tag
2024-05-14 11:16:20 +02:00
vcerenu
de2f3995ec rollback image tag 2024-05-14 06:09:28 -03:00
David Correa Rodríguez
52eae12790 Merge pull request #1341 from wazuh/commit-image-tag
Commit image tag to rc2
2024-05-14 11:01:15 +02:00
vcerenu
efa179698e commit image tag 2024-05-14 05:57:49 -03:00
David Correa Rodríguez
5963054220 Merge pull request #1340 from wazuh/bump-revision-number
Bump revision number
2024-05-14 10:49:57 +02:00
vcerenu
902b165719 bump revision number 2024-05-14 05:39:47 -03:00
Victor Ereñú
7d2d8fe1c9 Merge pull request #1333 from wazuh/rollback-image-tag
rollback image tag
2024-05-03 05:32:16 -03:00
vcerenu
317643eabf rollback image tag 2024-05-03 05:27:47 -03:00
Victor Ereñú
d57ce6b432 Merge pull request #1332 from wazuh/change-image-tag
Change image tag for rc1
2024-05-03 05:20:40 -03:00
vcerenu
ef98a5dd83 change image tag for rc1 2024-05-03 05:13:12 -03:00
Victor Ereñú
c00960f7b4 Merge pull request #1331 from wazuh/bump-revision
Bump revision
2024-05-03 05:06:23 -03:00
vcerenu
097af398df bump revision 2024-05-03 04:50:08 -03:00
Victor Ereñú
7063480f1f Merge pull request #1324 from wazuh/merge-4.7.4-into-4.8.0
Merge 4.7.4 into 4.8.0
2024-04-30 06:57:18 -03:00
vcerenu
4c74ebfc80 resolving conflicts 2024-04-30 05:39:50 -03:00
David Correa Rodríguez
ec76ea8d92 Merge pull request #1318 from wazuh/rollback-image-version 2024-04-25 10:32:50 +02:00
vcerenu
ce0a855c3d rollback image name 2024-04-25 05:25:17 -03:00
David Correa Rodríguez
d10af3b669 Merge pull request #1317 from wazuh/change-image-rc2 2024-04-25 10:19:01 +02:00
vcerenu
b7609311dc change image version 2024-04-25 05:12:59 -03:00
Victor Ereñú
81c42d02b1 Merge pull request #1316 from wazuh/bump-revision-474
Bump revision 40717
2024-04-25 05:09:32 -03:00
vcerenu
ee3159b225 bump revision 2024-04-25 04:58:29 -03:00
David Correa Rodríguez
3bed3a3a31 Merge pull request #1311 from wazuh/revert-tag-4.7.4-rc1
Reverted tag for 4.7.4 RC1
2024-04-23 09:51:10 +02:00
David Correa Rodríguez
9109104af2 Reverted tag for 4.7.4 RC1 2024-04-23 09:46:03 +02:00
David Correa Rodríguez
2efc6c56fa Merge pull request #1310 from wazuh/change-tag-4.7.4-rc1
Updated tag for 4.7.4 RC1
2024-04-23 09:41:01 +02:00
David Correa Rodríguez
daf1e837a1 Updated tag for 4.7.4 RC1 2024-04-23 09:32:02 +02:00
David Correa Rodríguez
9881957f86 Merge pull request #1309 from wazuh/bump-revision-40716
Bumped revision to 40716
2024-04-23 09:24:55 +02:00
David Correa Rodríguez
8c874235bf Bumped revision to 40716 2024-04-23 09:20:23 +02:00
Victor Ereñú
1e7d1c62ec Merge pull request #1305 from wazuh/revert-beta6
Rename docker image for 4.8.0
2024-04-19 05:57:31 -03:00
vcerenu
72421d608a revert beta6 changes 2024-04-19 05:50:57 -03:00
Victor Ereñú
a9efe64d33 Merge pull request #1304 from wazuh/beta6-tag
Rename docker image for beta6
2024-04-19 05:36:15 -03:00
vcerenu
650d2936c4 add beta6 tag 2024-04-19 05:19:41 -03:00
Victor Ereñú
c9cf940a19 Merge pull request #1303 from wazuh/bump-revision-40808
Bumped revision to 40808
2024-04-19 05:16:42 -03:00
David Correa Rodríguez
353ea5976a Bumped revision to 40808 2024-04-19 09:56:27 +02:00
Gonzalo Acuña
d2181f78cd Merge pull request #1300 from wazuh/bump-version-4.7.4
Bumped version to 4.7.4
2024-04-18 10:24:02 -03:00
David Correa Rodríguez
d904595787 Bumped version to 4.7.4 2024-04-18 15:16:32 +02:00
Gonzalo Acuña
b62a1d5c94 Merge pull request #1294 from wazuh/1293-fix-480-beta5-al2023-vulnerabilities
Fix 4.8.0 beta-5 AL2023 Vulnerabilities
2024-04-10 12:04:40 -03:00
Carlos Anguita López
92d6f87091 Changed Docker base image ocurrences from amazonlinux:2023.3.20240304.0 to amazonlinux:2023 2024-04-10 13:18:01 +02:00
David Correa Rodríguez
74e30e89f8 Merge pull request #1288 from wazuh/bump-revision-40807
Bumped revision to 40807
2024-04-05 12:33:43 +02:00
David Correa Rodríguez
cbeb18c13f Bumped revision to 40807 2024-04-05 12:09:39 +02:00
Gonzalo Acuña
fc1bc7796a Merge pull request #1279 from wazuh/1253-fix-pr-test-multi
Fix PR test
2024-03-27 16:04:57 -03:00
vcerenu
cbdc152dda clean disk and change way to wait Cluster start 2024-03-27 14:25:31 -03:00
Gonzalo Acuña
e866a8d013 Merge pull request #1271 from wazuh/22511-delete-syslog-and-dpkg-configuration
Delete syslog and dpkg log configuration
2024-03-22 09:42:32 -03:00
vcerenu
866ee48871 delete syslog and dpkg log configuration 2024-03-21 07:00:57 -03:00
Gonzalo Acuña
b1fec6690b Merge pull request #1266 from wazuh/1265-cert-creator-update
Update query about Wazuh manager cont names
2024-03-15 12:39:36 -03:00
vcerenu
a8754c54bc update query about Wazuh manager cont names 2024-03-15 11:29:46 -03:00
Gonzalo Acuña
b0c5fb3559 Merge pull request #1261 from wazuh/update-AL2023-20240304
Update AL2023 20240304
2024-03-14 08:56:51 -03:00
vcerenu
02ee94f312 update al2024 version 2024-03-13 11:58:52 -03:00
David Correa Rodríguez
69f9ab8de2 Merge pull request #1258 from wazuh/bump-version-40806
Bumped version to 40806
2024-03-12 11:06:52 +01:00
David Correa Rodríguez
89f3b0d600 Bumped version to 40806 2024-03-12 11:01:41 +01:00
Gonzalo Acuña
51e17d2dac Merge pull request #1247 from wazuh/1220-modify-uid
Modify uid and gid
2024-03-11 11:26:11 -03:00
vcerenu
031db43568 rollback root-ca filename 2024-03-11 10:17:49 -03:00
vcerenu
387727d496 rollback uid and gid for Wazuh indexer and dashboard owner 2024-03-11 10:05:53 -03:00
Gonzalo Acuña
781fa76384 Merge pull request #1254 from wazuh/814-add-exceptions
Add file exceptions
2024-03-06 09:47:42 -03:00
vcerenu
73650d79b3 add exceptions 2024-03-06 06:24:26 -03:00
vcerenu
b4af946000 delete chmod for upgrade 2024-03-05 11:41:43 -03:00
vcerenu
a733046471 change cert creator version 2024-03-05 10:08:25 -03:00
vcerenu
a826212051 add upgrade functions into entrypoints 2024-03-04 12:14:20 -03:00
vcerenu
6e7e8525bb modify uid and giufor indexer and dashboard user and file permissions 2024-03-04 07:51:00 -03:00
Gonzalo Acuña
1564b2d4cd Merge pull request #1241 from wazuh/fix-readme
Fix readme 4.7.3
2024-03-01 14:30:42 -03:00
Gonzalo Acuña
96048c7bf3 Fix readme 4.7.3 2024-03-01 14:25:28 -03:00
Gonzalo Acuña
401673e743 Merge pull request #1239 from wazuh/1237-bump-revision
Bump revision `4.8.0-beta3`
2024-03-01 10:20:26 -03:00
Gonzalo Acuña
d8780f0e37 Revision bump (4.8.0-beta3) 2024-03-01 10:14:50 -03:00
Gonzalo Acuña
8c44d566df Merge pull request #1236 from wazuh/merge-4.7.3-into-4.8.0
Merge 4.7.3 into 4.8.0
2024-03-01 08:23:28 -03:00
David Correa Rodríguez
d0b02cf15c Merge branch '4.7.3' into merge-4.7.3-into-4.8.0 2024-03-01 12:14:19 +01:00
Gonzalo Acuña
b274806f60 Merge pull request #1234 from wazuh/596-filebeat-fix
Modify Dockerfile for Pod restart in Kubernetes
2024-02-29 13:43:27 -03:00
vcerenu
2e8c7f99b5 fix goss test 2024-02-29 13:03:50 -03:00
vcerenu
992fa82f6d update base and fix wazuh manager build 2024-02-29 11:11:59 -03:00
Gonzalo Acuña
0de952d1b3 Merge pull request #1230 from wazuh/bump-revision
Bump revision to 40804
2024-02-23 11:58:04 -03:00
David Correa Rodríguez
8a574da9ec Bump revision to 40804 2024-02-23 15:50:57 +01:00
David Correa Rodríguez
6b35c9d4bc Merge pull request #1226 from wazuh/merge-4.7.3-into-4.8.0
Merge 4.7.3 into 4.8.0
2024-02-23 10:58:28 +01:00
David Correa Rodríguez
f7e7a5a5fb Added 4.7.3 to CHANGELOG.md 2024-02-23 10:41:54 +01:00
David Correa Rodríguez
7835e6a678 Merge branch '4.7.3' into merge-4.7.3-into-4.8.0 2024-02-23 10:41:17 +01:00
Gonzalo Acuña
23900dbcc1 Merge pull request #1224 from wazuh/change/1210-change-the-base-image-to-amazon-linux-2023
Changed the base image to Amazon Linux 2023
2024-02-22 16:12:48 -03:00
David Correa Rodríguez
0bb7a00125 Merge branch '4.8.0' into change/1210-change-the-base-image-to-amazon-linux-2023 2024-02-22 17:58:40 +01:00
David Correa Rodríguez
467a405754 Upgraded ownership files for Wazuh files 2024-02-22 17:51:47 +01:00
Gonzalo Acuña
1046a3a13e Merge pull request #1223 from wazuh/1216-aws-data-excp
Review Wazuh docker permanent data exceptions for the AWS wodle
2024-02-22 13:21:51 -03:00
vcerenu
6fef542ee2 add aws wodle files for permanent data excp 2024-02-22 10:12:02 -03:00
David Correa Rodríguez
55f9fe3ded Added procps to Manager dockerfile 2024-02-21 17:51:36 +01:00
Gonzalo Acuña
d538e47eef Merge pull request #1217 from wazuh/770-add-maltiverse-except
Add maltiverse files into permanent exceptions
2024-02-21 13:45:51 -03:00
vcerenu
0d628f20cc move pagerduty exception 2024-02-21 11:57:29 -03:00
vcerenu
53b9d71c23 add maltiverse files into permanent exceptions 2024-02-21 11:43:23 -03:00
Gonzalo Acuña
1b3251852c Merge pull request #1215 from wazuh/1214-rollback-ism-changes
Rollback ISM changes
2024-02-20 14:49:57 -03:00
David Correa Rodríguez
4ba6e124b1 Updated dependencies 2024-02-20 17:37:40 +01:00
vcerenu
33a55344d3 rollback ISM 2024-02-20 12:01:22 -03:00
David Correa Rodríguez
a4a9207dec Added findutils dependency to indexer 2024-02-20 12:23:41 +01:00
David Correa Rodríguez
98037bf25c Commands and dependencies adapted 2024-02-20 10:33:29 +01:00
Gonzalo Acuña
ec9076261f Merge pull request #1209 from wazuh/21806-dashboard-does-not-displays-alerts-while-alertlog-file-does-in-docker-deployments
Add filebeat parameters to inject wazuh template
2024-02-19 09:16:19 -03:00
vcerenu
d6cefe7288 add filebeat parameters for inyect template 2024-02-14 11:52:50 -03:00
Gonzalo Acuña
0296f59f8c Merge pull request #1208 from wazuh/1198-reduce-sizze-of-wazuh-manager
Merge layers into Wazuh manager Dockerfile
2024-02-14 08:28:09 -03:00
vcerenu
057752d7bc merge layers into Wazuh manager Dockerfile 2024-02-14 07:06:40 -03:00
David Correa Rodríguez
db7596ca03 Merge pull request #1200 from wazuh/1199-support-new-stage-beta-1-for-480-in-wazuh-docker-repository
Bump revision
2024-02-05 09:19:01 +01:00
vcerenu
174ae3d14c bump revision 2024-02-05 04:55:41 -03:00
Gonzalo Acuña
52a9479e48 Merge pull request #1196 from wazuh/1195-adapt-vd-to-wazuh-keystore-for-indexer-configuration
VD keystore changes
2024-02-02 08:53:12 -03:00
Gonzalo Acuña
ec63264545 Changed user for username in the wazuh-keystore command 2024-01-31 09:23:50 -03:00
Gonzalo Acuña
114d6edff2 Indexer tag and wazuh-keystore updates 2024-01-29 15:48:48 -03:00
Gonzalo Acuña
eb894d868d Merge pull request #1188 from wazuh/666-pre-install-xz-utils-in-projects-installing-wazuh-manager
Add xz-utils install
2024-01-17 11:30:17 -03:00
vcerenu
adba797c54 add xz-utils install 2024-01-16 12:40:17 -03:00
Gonzalo Acuña
d820c63982 Merge pull request #1181 from wazuh/1180-bump-revision
Bump revision for 4.8.0-alpha2
2024-01-09 10:55:45 -03:00
Gonzalo Acuña
b2ef887f66 Bump revision for 4.8.0-alpha2 2024-01-09 10:47:19 -03:00
Gonzalo Acuña
d98ef7a8be Merge pull request #1171 from wazuh/change/1503-update-ISM-script-execution-to4.8.0
Updated indexer-ism-init.sh execution and removed wazuh-template push…
2024-01-05 16:47:55 -03:00
Gonzalo Acuña
daa122f14b Merge pull request #1174 from wazuh/merge-4.7.2-into-4.8.0
Merge 4.7.2 into 4.8.0
2024-01-04 14:38:03 -03:00
Gonzalo Acuña
297cf50c27 Merge branch '4.8.0' into merge-4.7.2-into-4.8.0 2024-01-04 14:37:22 -03:00
c-bordon
caddf2893a Testing with sleep 2024-01-04 13:02:39 -03:00
c-bordon
892822fe29 Update check test 2024-01-04 12:34:10 -03:00
c-bordon
99e708c1a9 Updated indexer-ism-init.sh execution and removed wazuh-template push from Filebeat 2024-01-04 11:48:27 -03:00
Gonzalo Acuña
d744287776 Merge pull request #1158 from wazuh/540-vd-update
Changed configuration to new VD and indexer config
2023-12-20 15:06:36 -03:00
Gonzalo Acuña
b2e30894da Merge pull request #1160 from wazuh/merge-4.7.2-into-4.8.0
Merge 4.7.2 into 4.8.0
2023-12-20 14:43:22 -03:00
David Correa Rodríguez
eba8b9172f Merge branch '4.7.2' into merge-4.7.2-into-4.8.0 2023-12-20 18:23:15 +01:00
David Correa Rodríguez
9b1ba35383 Changed Filebeat module version to 0.4 2023-12-20 16:29:00 +01:00
vcerenu
2258605ec2 delete single quotes for configurate vuln detection 2023-12-20 04:28:33 -03:00
Gonzalo Acuña
74546d0cab Merge pull request #1157 from wazuh/change/599-resource-description-adapt-the-devops-repositories-to-use-the-new-filebeat-module-packages-to4.8.0
Updated Filebeat module version
2023-12-19 10:48:54 -03:00
Gonzalo Acuña
09aeb68b14 New VD config update 2023-12-19 10:45:21 -03:00
c-bordon
10008a792b Updated Filebeat module version 2023-12-19 09:27:17 -03:00
Gonzalo Acuña
86dd284368 Merge pull request #1136 from wazuh/merge-4.7.1-into-4.8.0
Merge 4.7.1 into 4.8.0
2023-11-27 13:46:10 -03:00
David Correa Rodríguez
94c6a1b446 Merge branch '4.7.1' into merge-4.7.1-into-4.8.0 2023-11-27 17:03:09 +01:00
Carlos Bordon
717a897c11 Merge pull request #1121 from wazuh/change/1099-adapt-process-to-install-multiple-wazuh-dashboards-plugins
Adapted docker build to multiple Wazuh Dashboards plugins
2023-11-16 12:04:16 -03:00
David Correa Rodríguez
37d38ecf92 Fixed identation 2023-11-16 15:59:44 +01:00
David Correa Rodríguez
573090edcb Added variables in validations for different repositories 2023-11-16 15:54:25 +01:00
David Correa Rodríguez
c38a25224c Adapted docker build to multiple Wazuh Dashboards plugins 2023-11-16 13:52:41 +01:00
Carlos Bordon
351c6b319c Merge pull request #1118 from wazuh/1115-ism-rollover-update-the-ism-checksh-script-to-accept-all-parameters
[ISM Rollover] Update the ism-check.sh script to accept all parameters
2023-11-15 12:57:25 -03:00
vcerenu
9f58e6f21f add more optionsfor ism policies deploy 2023-11-15 05:00:31 -03:00
Victor Ereñú
6b910bc636 Merge pull request #1113 from wazuh/test-sign-old-commits
Merge 4.8.0 last commits into 4.8.0 branch
2023-11-14 08:02:13 -03:00
vcerenu
95bd43c7e5 change revision tag 2023-11-14 05:50:13 -03:00
vcerenu
ff5e59982b change hostname from apply ism policy 2023-11-14 05:50:08 -03:00
vcerenu
ed136c994e change apt-key add command 2023-11-14 05:50:02 -03:00
vcerenu
b55cfaa9a0 add ism policies 2023-11-14 05:49:35 -03:00
Carlos Bordon
a68da465d3 Merge pull request #1098 from wazuh/change/updateIndexerFiles-to4.8.0
Updated security config files
2023-11-09 09:15:01 -03:00
c-bordon
486c41e3f9 Updated security config files 2023-11-09 09:09:08 -03:00
Carlos Bordon
4863d54c99 Merge pull request #1092 from wazuh/merge-4.7.1-into-4.8.0
Merge 4.7.1 into 4.8.0
2023-10-31 13:52:40 -03:00
David Correa Rodríguez
7c814de638 Merge pull request #1082 from wazuh/merge-4.7.1-into-4.8.0
Merge 4.7.1 into 4.8.0
2023-10-24 10:00:25 +02:00
David Correa Rodríguez
1ee77e40ce Merge branch '4.7.1' into merge-4.7.1-into-4.8.0 2023-10-24 09:54:35 +02:00
Gonzalo Acuña
2cd1ca79e6 Merge pull request #1074 from wazuh/idr-394-defRoute
Dashboard default route update
2023-10-23 13:53:46 -03:00
Gonzalo Acuña
4c2582952f Dashboard default route update 2023-10-23 13:28:22 -03:00
Victor Ereñú
40618586a9 Merge pull request #1068 from wazuh/merge-4.7.1-into-4.8.0
Merge 4.7.1 into 4.8.0
2023-10-23 05:43:06 -03:00
vcerenu
274c0bc692 resolving conflicts 2023-10-23 05:39:31 -03:00
Victor Ereñú
7474e836b6 Merge pull request #1048 from wazuh/merge-4.7.1-into-master
Merge 4.7.1 into master
2023-10-11 06:00:37 -03:00
vcerenu
acb3688346 resolving conflicts 2023-10-11 05:47:56 -03:00
vcerenu
4d153f6705 bump new builder script 2023-10-11 05:44:48 -03:00
Victor Ereñú
85ba8cb9b0 Merge pull request #1036 from wazuh/merge-4.7.1-into-master
Merge 4.7.1 into master
2023-10-09 06:52:26 -03:00
vcerenu
5aaeb0d944 Updated version in new builder script 2023-10-09 11:45:24 +02:00
David Correa Rodríguez
6b89644918 Merge branch '4.7.1' into merge-4.7.1-into-master 2023-10-09 11:07:47 +02:00
Gonzalo Acuña
69868c0c70 Merge pull request #1011 from wazuh/merge-4.7.1-into-master
Merge 4.7.1 into master
2023-09-22 07:48:54 -03:00
David Correa Rodríguez
d8f7fd6767 Merge remote-tracking branch 'origin/4.7.1' into merge-4.7.1-into-master 2023-09-22 12:47:11 +02:00
Gonzalo Acuña
8fbda5afd3 Merge pull request #1005 from wazuh/idr-263-security-policy
Create SECURITY.md
2023-09-20 08:43:39 -03:00
Gonzalo Acuña
b40e90d19c Create SECURITY.md
Wazuh security policy added.
2023-09-20 08:29:53 -03:00
Gonzalo Acuña
dcef9834b4 Merge pull request #986 from wazuh/merge-4.7.0-into-master
Merge `4.7.0` into `master`
2023-09-07 11:28:04 -03:00
David Correa Rodríguez
9253127ce8 Merge branch '4.7.0' into merge-4.7.0-into-master 2023-09-07 16:21:42 +02:00
Gonzalo Acuña
3434070c06 Merge pull request #948 from wazuh/modify_scan_version
Change repository checkout
2023-08-24 15:38:41 -03:00
Gonzalo Acuña
8169e95107 Merge pull request #963 from wazuh/merge-4.7.0-into-master
Merge 4.7.0 into master
2023-08-24 13:34:29 -03:00
vcerenu
1d8332725f add fetch 2023-08-18 15:23:12 -03:00
vcerenu
a2f50192b6 add new step 2023-08-18 15:21:07 -03:00
vcerenu
bd513e80cc add new step 2023-08-18 15:18:56 -03:00
vcerenu
6a4dc3c3eb change repository checkout 2023-08-18 15:11:21 -03:00
Gonzalo Acuña
8b8a28167e Merge pull request #942 from wazuh/904-docker-base-image-update-to-jammy
Docker base image update to Jammy
2023-08-15 13:51:04 -03:00
vcerenu
d0eaae482c modify base for Wazuh Docker images 2023-08-11 12:15:28 -03:00
Gonzalo Acuña
e67b7eae70 Merge pull request #938 from wazuh/merge-4.7.0-into-master
Merge `4.7.0` into `master`
2023-08-11 08:37:34 -03:00
Gonzalo Acuña
2cd9262bab Merge pull request #901 from wazuh/bump-trivy-scan
Bump branch for trivy scan
2023-07-21 15:27:57 -03:00
vcerenu
7db3d0d278 Bump branch for trivy scan 2023-07-21 15:22:22 -03:00
Gonzalo Acuña
fc4cef1072 Merge pull request #900 from wazuh/merge-4.7.0-into-master
Merge `4.7.0` into `master`
2023-07-21 10:23:53 -03:00
Gonzalo Acuña
5b23d48e46 Merge pull request #890 from wazuh/bump-master-to-4.8.0
Bump master to 4.8.0
2023-07-17 08:59:41 -03:00
vcerenu
919500bd74 bump master to 4.8.0 2023-07-14 16:22:52 -03:00
39 changed files with 352 additions and 368 deletions

7
.env
View File

@@ -1,3 +1,6 @@
WAZUH_VERSION=4.7.3
WAZUH_IMAGE_VERSION=4.7.3
WAZUH_VERSION=4.8.0
WAZUH_IMAGE_VERSION=4.8.0
WAZUH_TAG_REVISION=1
FILEBEAT_TEMPLATE_BRANCH=4.8.0
WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
WAZUH_UI_REVISION=1

2
.github/.goss.yaml vendored
View File

@@ -56,7 +56,7 @@ package:
wazuh-manager:
installed: true
versions:
- 4.7.3-1
- 4.8.0-1
port:
tcp:1514:
listening: true

View File

@@ -126,8 +126,9 @@ jobs:
- name: Check documents into wazuh-alerts index
run: |
sleep 120
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 100 ]]; then
if [[ $docs -gt 0 ]]; then
echo "wazuh-alerts index documents: ${docs}"
else
echo "wazuh-alerts index documents: ${docs}"
@@ -138,7 +139,7 @@ jobs:
run: |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics" | wc -l`"
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep -P "wazuh|wazuh-agent|wazuh-statistics"`"
if [[ $qty_templates -eq 3 ]]; then
if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:"
echo "${templates}"
else
@@ -161,10 +162,6 @@ jobs:
env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
- name: Check errors in ossec.log
run: ./.github/single-node-log-check.sh
- name: Check filebeat output
run: ./.github/single-node-filebeat-check.sh
@@ -178,8 +175,8 @@ jobs:
exit 1
fi
- name: Stop single node stack
run: docker-compose -f single-node/docker-compose.yml down
- name: Check errors in ossec.log
run: ./.github/single-node-log-check.sh
check-multi-node:
runs-on: ubuntu-latest
@@ -192,6 +189,14 @@ jobs:
- name: Create enviroment variables
run: cat .env > $GITHUB_ENV
- name: free disk space
run: |
sudo swapoff -a
sudo rm -f /swapfile
sudo apt clean
docker rmi $(docker image ls -aq)
df -h
- name: Retrieve saved Wazuh dashboard Docker image
uses: actions/download-artifact@v3
with:
@@ -212,6 +217,7 @@ jobs:
docker load --input ./wazuh-manager.tar
docker load --input ./wazuh-indexer.tar
docker load --input ./wazuh-dashboard.tar
rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar
- name: Create multi node certficates
run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator
@@ -221,7 +227,13 @@ jobs:
- name: Check Wazuh indexer start
run: |
sleep 120
until [[ `curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l` -eq 1 ]]
do
echo 'Waiting for Wazuh indexer start'
free -m
df -h
sleep 10
done
status_green="`curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s | grep green | wc -l`"
if [[ $status_green -eq 1 ]]; then
curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
@@ -250,8 +262,15 @@ jobs:
- name: Check documents into wazuh-alerts index
run: |
until [[ $(``curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"``) -gt 0 ]]
do
echo 'Waiting for Wazuh indexer events'
free -m
df -h
sleep 10
done
docs="`curl -XGET "https://0.0.0.0:9200/wazuh-alerts*/_count" -u admin:SecretPassword -k -s | jq -r ".count"`"
if [[ $docs -gt 100 ]]; then
if [[ $docs -gt 1 ]]; then
echo "wazuh-alerts index documents: ${docs}"
else
echo "wazuh-alerts index documents: ${docs}"
@@ -262,7 +281,7 @@ jobs:
run: |
qty_templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh" | wc -l`"
templates="`curl -XGET "https://0.0.0.0:9200/_cat/templates" -u admin:SecretPassword -k -s | grep "wazuh"`"
if [[ $qty_templates -eq 3 ]]; then
if [[ $qty_templates -gt 3 ]]; then
echo "wazuh templates:"
echo "${templates}"
else
@@ -292,10 +311,6 @@ jobs:
env:
TOKEN: $(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
- name: Check errors in ossec.log
run: ./.github/multi-node-log-check.sh
- name: Check filebeat output
run: ./.github/multi-node-filebeat-check.sh
@@ -307,4 +322,7 @@ jobs:
else
echo "Wazuh dashboard status: ${status}"
exit 1
fi
fi
- name: Check errors in ossec.log
run: ./.github/multi-node-log-check.sh

View File

@@ -31,12 +31,18 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with: { ref: 4.4 }
- name: Installing dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq
- name: Checkout latest tag
run: |
latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
git fetch origin
git checkout $latest
- name: Build Wazuh images
run: build-docker-images/build-images.sh

View File

@@ -31,12 +31,18 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with: { ref: 4.4 }
- name: Installing dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq
- name: Checkout latest tag
run: |
latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
git fetch origin
git checkout $latest
- name: Build Wazuh images
run: build-docker-images/build-images.sh

View File

@@ -31,12 +31,18 @@ jobs:
steps:
- name: Checkout code
uses: actions/checkout@v3
with: { ref: 4.4 }
- name: Installing dependencies
run: |
sudo apt-get update
sudo apt-get install -y jq
- name: Checkout latest tag
run: |
latest=$(curl -s "https://api.github.com/repos/wazuh/wazuh-docker/releases/latest" | jq -r '.tag_name')
git fetch origin
git checkout $latest
- name: Build Wazuh images
run: build-docker-images/build-images.sh

View File

@@ -1,6 +1,21 @@
# Change Log
All notable changes to this project will be documented in this file.
## Wazuh Docker v4.8.0
### Added
- Update Wazuh to version [4.8.0](https://github.com/wazuh/wazuh/blob/v4.8.0/CHANGELOG.md#v480)
## Wazuh Docker v4.7.5
### Added
- Update Wazuh to version [4.7.5](https://github.com/wazuh/wazuh/blob/v4.7.5/CHANGELOG.md#v475)
## Wazuh Docker v4.7.4
### Added
- Update Wazuh to version [4.7.4](https://github.com/wazuh/wazuh/blob/v4.7.4/CHANGELOG.md#v474)
## Wazuh Docker v4.7.3
### Added

View File

@@ -101,6 +101,7 @@ WAZUH_MONITORING_REPLICAS=0 ##
│   │   └── Dockerfile
│   ├── wazuh-indexer
│   │   ├── config
│ │ │ ├── action_groups.yml
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
@@ -195,6 +196,9 @@ WAZUH_MONITORING_REPLICAS=0 ##
| Wazuh version | ODFE | XPACK |
|---------------|---------|--------|
| v4.8.0 | | |
| v4.7.5 | | |
| v4.7.4 | | |
| v4.7.3 | | |
| v4.7.2 | | |
| v4.7.1 | | |

45
SECURITY.md Normal file
View File

@@ -0,0 +1,45 @@
# Wazuh Open Source Project Security Policy
Version: 2023-06-12
## Introduction
This document outlines the Security Policy for Wazuh's open source projects. It emphasizes our commitment to maintain a secure environment for our users and contributors, and reflects our belief in the power of collaboration to identify and resolve security vulnerabilities.
## Scope
This policy applies to all open source projects developed, maintained, or hosted by Wazuh.
## Reporting Security Vulnerabilities
If you believe you've discovered a potential security vulnerability in one of our open source projects, we strongly encourage you to report it to us responsibly.
Please submit your findings as security advisories under the "Security" tab in the relevant GitHub repository. Alternatively, you may send the details of your findings to [security@wazuh.com](mailto:security@wazuh.com).
## Vulnerability Disclosure Policy
Upon receiving a report of a potential vulnerability, our team will initiate an investigation. If the reported issue is confirmed as a vulnerability, we will take the following steps:
- Acknowledgment: We will acknowledge the receipt of your vulnerability report and begin our investigation.
- Validation: We will validate the issue and work on reproducing it in our environment.
- Remediation: We will work on a fix and thoroughly test it
- Release & Disclosure: After 90 days from the discovery of the vulnerability, or as soon as a fix is ready and thoroughly tested (whichever comes first), we will release a security update for the affected project. We will also publicly disclose the vulnerability by publishing a CVE (Common Vulnerabilities and Exposures) and acknowledging the discovering party.
- Exceptions: In order to preserve the security of the Wazuh community at large, we might extend the disclosure period to allow users to patch their deployments.
This 90-day period allows for end-users to update their systems and minimizes the risk of widespread exploitation of the vulnerability.
## Automatic Scanning
We leverage GitHub Actions to perform automated scans of our supply chain. These scans assist us in identifying vulnerabilities and outdated dependencies in a proactive and timely manner.
## Credit
We believe in giving credit where credit is due. If you report a security vulnerability to us, and we determine that it is a valid vulnerability, we will publicly credit you for the discovery when we disclose the vulnerability. If you wish to remain anonymous, please indicate so in your initial report.
We do appreciate and encourage feedback from our community, but currently we do not have a bounty program. We might start bounty programs in the future.
## Compliance with this Policy
We consider the discovery and reporting of security vulnerabilities an important public service. We encourage responsible reporting of any vulnerabilities that may be found in our site or applications.
Furthermore, we will not take legal action against or suspend or terminate access to the site or services of those who discover and report security vulnerabilities in accordance with this policy because of the fact.
We ask that all users and contributors respect this policy and the security of our community's users by disclosing vulnerabilities to us in accordance with this policy.
## Changes to this Security Policy
This policy may be revised from time to time. Each version of the policy will be identified at the top of the page by its effective date.
If you have any questions about this Security Policy, please contact us at [security@wazuh.com](mailto:security@wazuh.com).

View File

@@ -1,2 +1,2 @@
WAZUH-DOCKER_VERSION="4.7.3"
REVISION="40713"
WAZUH-DOCKER_VERSION="4.8.0"
REVISION="40812"

View File

@@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
```
$ build-docker-images/build-images.sh -v 4.5.2
$ build-docker-images/build-images.sh -v 4.8.0
```
To get all the available script options use the -h or --help option:
@@ -24,9 +24,9 @@ $ build-docker-images/build-images.sh -h
Usage: build-docker-images/build-images.sh [OPTIONS]
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.3.
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
-r, --revision <rev> [Optional] Package revision. By default 1
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.7.3.
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.8.0.
-h, --help Show this help.
```

View File

@@ -1,7 +1,7 @@
WAZUH_IMAGE_VERSION=4.7.3
WAZUH_IMAGE_VERSION=4.8.0
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
WAZUH_TAG_REVISION=1
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
# Wazuh package generator
@@ -12,10 +12,10 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
# License (version 2) as published by the FSF - Free Software
# Foundation.
WAZUH_IMAGE_VERSION="4.7.3"
WAZUH_IMAGE_VERSION="4.8.0"
WAZUH_TAG_REVISION="1"
WAZUH_DEV_STAGE=""
FILEBEAT_MODULE_VERSION="0.3"
FILEBEAT_MODULE_VERSION="0.4"
# -----------------------------------------------------------------------------

View File

@@ -1,5 +1,5 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal AS builder
FROM amazonlinux:2023 AS builder
ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION
@@ -7,7 +7,7 @@ ARG INSTALL_DIR=/usr/share/wazuh-dashboard
ARG WAZUH_UI_REVISION
# Update and install dependencies
RUN apt-get update && apt install curl libcap2-bin xz-utils -y
RUN yum install curl-minimal libcap xz tar openssl -y
# Create Install dir
RUN mkdir -p $INSTALL_DIR
@@ -28,12 +28,12 @@ RUN bash /install_wazuh_app.sh
# Copy and set permissions to config files
COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/
COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/
RUN chown 101:101 $INSTALL_DIR/config/opensearch_dashboards.yml && chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml
# Create and set permissions to data directories
RUN mkdir -p $INSTALL_DIR/data/wazuh && chown -R 101:101 $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chown -R 101:101 $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh
RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config
RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs
################################################################################
# Build stage 1 (the current Wazuh dashboard image):
@@ -42,7 +42,7 @@ RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chown -R 101:101 $INSTALL_DIR/data/
# Add entrypoint
# Add wazuh_app_config
################################################################################
FROM ubuntu:focal
FROM amazonlinux:2023
# Set environment variables
ENV USER="wazuh-dashboard" \
@@ -80,6 +80,9 @@ ENV PATTERN="" \
WAZUH_MONITORING_SHARDS="" \
WAZUH_MONITORING_REPLICAS=""
# Update and install dependencies
RUN yum install shadow-utils -y
# Create wazuh-dashboard user and group
RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
RUN useradd --system \

View File

@@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PACKAGES_URL=https://packages.wazuh.com/4.7/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
PACKAGES_URL=https://packages.wazuh.com/4.8/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')

View File

@@ -1,5 +1,5 @@
REPOSITORY="packages.wazuh.com/4.x"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)

View File

@@ -1,6 +1,8 @@
## variables
WAZUH_APP=https://packages.wazuh.com/4.x/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CHECK_UPDATES=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages.wazuh.com/4.x/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -11,15 +13,23 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
## check version to use the correct repository
if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
WAZUH_APP=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuh-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CHECK_UPDATES=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCheckUpdates-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
WAZUH_CORE=https://packages-dev.wazuh.com/pre-release/ui/dashboard/wazuhCore-${WAZUH_VERSION}-${WAZUH_UI_REVISION}.zip
fi
fi
fi
# Install Wazuh App
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_APP --allow-root
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CHECK_UPDATES --allow-root
$INSTALL_DIR/bin/opensearch-dashboards-plugin install $WAZUH_CORE --allow-root

View File

@@ -9,5 +9,5 @@ server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
uiSettings.overrides.defaultRoute: /app/wz-home

View File

@@ -1,10 +1,10 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal AS builder
FROM amazonlinux:2023 AS builder
ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION
RUN apt-get update -y && apt-get install curl openssl xz-utils -y
RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y
COPY config/opensearch.yml /
@@ -12,6 +12,8 @@ COPY config/config.sh .
COPY config/config.yml /
COPY config/action_groups.yml /
COPY config/internal_users.yml /
COPY config/roles_mapping.yml /
@@ -25,14 +27,17 @@ RUN bash config.sh
#
# Copy wazuh-indexer from stage 0
# Add entrypoint
################################################################################
FROM ubuntu:focal
FROM amazonlinux:2023
ENV USER="wazuh-indexer" \
GROUP="wazuh-indexer" \
NAME="wazuh-indexer" \
INSTALL_DIR="/usr/share/wazuh-indexer"
RUN yum install curl-minimal shadow-utils findutils hostname -y
RUN getent group $GROUP || groupadd -r -g 1000 $GROUP
RUN useradd --system \

View File

@@ -0,0 +1,12 @@
---
_meta:
type: "actiongroups"
config_version: 2
# ISM API permissions group
manage_ism:
reserved: true
hidden: false
allowed_actions:
- "cluster:admin/opendistro/ism/*"
static: false

View File

@@ -23,7 +23,7 @@ rm -rf ${INSTALLATION_DIR}/
## variables
REPOSITORY="packages.wazuh.com/4.x"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE}
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PASSWORD_TOOL=wazuh-passwords-tool.sh
PACKAGES_URL=https://packages.wazuh.com/4.7/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
PACKAGES_URL=https://packages.wazuh.com/4.8/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
@@ -120,6 +120,7 @@ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/
# Copy Wazuh's config files for the security plugin
cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/
cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR}
# Copy Wazuh indexer's certificates

View File

@@ -142,7 +142,7 @@ wazuh_ui_user:
allowed_actions:
- "read"
tenant_permissions: []
static: false
static: false
wazuh_ui_admin:
reserved: true
@@ -160,4 +160,12 @@ wazuh_ui_admin:
- "manage"
- "index"
tenant_permissions: []
static: false
static: false
# ISM API permissions role
manage_ism:
reserved: true
hidden: false
cluster_permissions:
- "manage_ism"
static: false

View File

@@ -33,7 +33,7 @@ kibana_user:
- "kibanauser"
users:
- "wazuh_user"
- "wazuh_admin"
- "wazuh_admin"
description: "Maps kibanauser to kibana_user"
readall:
@@ -68,4 +68,11 @@ wazuh_ui_user:
hosts: []
users:
- "wazuh_user"
and_backend_roles: []
and_backend_roles: []
# ISM API permissions role mapping
manage_ism:
reserved: true
hidden: false
users:
- "kibanaserver"

View File

@@ -1,5 +1,5 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal
FROM amazonlinux:2023
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
@@ -9,22 +9,24 @@ ARG FILEBEAT_TEMPLATE_BRANCH
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.2
ARG WAZUH_FILEBEAT_MODULE
ARG S6_VERSION="v2.2.0.3"
RUN apt-get update && apt install curl apt-transport-https lsb-release gnupg -y
RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
yum clean all
COPY config/check_repository.sh /
COPY config/filebeat_module.sh /
COPY config/permanent_data.env config/permanent_data.sh /
RUN chmod 775 /check_repository.sh
RUN source /check_repository.sh
RUN apt-get update && \
apt-get install wazuh-manager=${WAZUH_VERSION}-${WAZUH_TAG_REVISION}
COPY config/filebeat_module.sh /
RUN chmod 775 /filebeat_module.sh
RUN source /filebeat_module.sh
ARG S6_VERSION="v2.2.0.3"
RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
yum clean all && \
chmod 775 /filebeat_module.sh && \
source /filebeat_module.sh && \
rm /filebeat_module.sh && \
curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-o /tmp/s6-overlay-amd64.tar.gz && \
tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
@@ -43,11 +45,6 @@ RUN chmod go-w /etc/filebeat/wazuh-template.json
# Prepare permanent data
# Sync calls are due to https://github.com/docker/docker/issues/9547
COPY config/permanent_data.env config/permanent_data.sh /
RUN chmod 755 /permanent_data.sh && \
sync && /permanent_data.sh && \
sync && rm /permanent_data.sh
#Make mount directories for keep permissions
RUN mkdir -p /var/ossec/var/multigroups && \
@@ -58,7 +55,10 @@ RUN mkdir -p /var/ossec/var/multigroups && \
chmod 770 /var/ossec/agentless && \
mkdir -p /var/ossec/active-response/bin && \
chown root:wazuh /var/ossec/active-response/bin && \
chmod 770 /var/ossec/active-response/bin
chmod 770 /var/ossec/active-response/bin && \
chmod 755 /permanent_data.sh && \
sync && /permanent_data.sh && \
sync && rm /permanent_data.sh
# Services ports
EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp

View File

@@ -1,7 +1,8 @@
## variables
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages.wazuh.com/4.x/apt/ stable main"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -12,18 +13,18 @@ MINOR_CURRENT=$(echo $WAZUH_CURRENT_VERSION | cut -d. -f3)
## check version to use the correct repository
if [ "$MAJOR_BUILD" -gt "$MAJOR_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
if [ "$MID_BUILD" -gt "$MID_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
elif [ "$MID_BUILD" -eq "$MID_CURRENT" ]; then
if [ "$MINOR_BUILD" -gt "$MINOR_CURRENT" ]; then
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
REPOSITORY="deb https://packages-dev.wazuh.com/pre-release/apt/ unstable main"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
fi
fi
fi
apt-key adv --fetch-keys ${APT_KEY}
echo ${REPOSITORY} | tee -a /etc/apt/sources.list.d/wazuh.list
rpm --import "${APT_KEY}"
echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

View File

@@ -184,8 +184,9 @@ set_rids_owner() {
##############################################################################
set_correct_permOwner() {
find / -group 997 -exec chown :101 {} +;
find / -user 999 -exec chown 101 {} +;
find / -group 997 -exec chown :999 {} +;
find / -group 101 -exec chown :999 {} +;
find / -user 101 -exec chown 999 {} +;
}
##############################################################################

View File

@@ -112,6 +112,13 @@ function_entrypoint_scripts() {
fi
}
function_configure_vulnerability_detection() {
if [ "$INDEXER_PASSWORD" != "" ]; then
>&2 echo "Configuring password."
/var/ossec/bin/wazuh-keystore -f indexer -k username -v $INDEXER_USERNAME
/var/ossec/bin/wazuh-keystore -f indexer -k password -v $INDEXER_PASSWORD
fi
}
# Migrate data from /wazuh-migration volume
function_wazuh_migration
@@ -119,6 +126,9 @@ function_wazuh_migration
# create API custom user
function_create_custom_user
# configure Vulnerabilty detection
function_configure_vulnerability_detection
# run entrypoint scripts
function_entrypoint_scripts

View File

@@ -8,9 +8,9 @@ filebeat.modules:
enabled: false
setup.template.json.enabled: true
setup.template.overwrite: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.template.overwrite: true
setup.ilm.enabled: false
output.elasticsearch:
hosts: ['https://wazuh.indexer:9200']

View File

@@ -1,5 +1,5 @@
REPOSITORY="packages.wazuh.com/4.x"
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2-)
MAJOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f1)
MID_BUILD=$(echo $WAZUH_VERSION | cut -d. -f2)
MINOR_BUILD=$(echo $WAZUH_VERSION | cut -d. -f3)
@@ -20,6 +20,6 @@ elif [ "$MAJOR_BUILD" -eq "$MAJOR_CURRENT" ]; then
fi
fi
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb &&\
dpkg -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-amd64.deb && \
curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
yum install -y ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && \
curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module

View File

@@ -16,13 +16,16 @@ export PERMANENT_DATA
# Files mounted in a volume that should not be permanent
i=0
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
@@ -53,14 +56,37 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws_tools.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/wazuh_integration.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/aws_bucket.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/cloudtrail.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/config.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/guardduty.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/load_balancers.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/server_access.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/umbrella.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/vpcflow.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/buckets_s3/waf.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/aws_service.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/cloudwatchlogs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/services/inspector.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/__init__.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/s3_log_handler.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_message_processor.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/subscribers/sqs_queue.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/orm.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
export PERMANENT_DATA_EXCP
# Files mounted in a volume that should be deleted

View File

@@ -8,8 +8,8 @@
## Variables
CERT_TOOL=wazuh-certs-tool.sh
PASSWORD_TOOL=wazuh-passwords-tool.sh
PACKAGES_URL=https://packages.wazuh.com/4.7/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.7/
PACKAGES_URL=https://packages.wazuh.com/4.8/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/
## Check if the cert tool exists in S3 buckets
CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}')
@@ -38,7 +38,7 @@ chmod 700 /$CERT_TOOL
## Execute cert tool and parsin cert.yml to set UID permissions
source /$CERT_TOOL -A
nodes_server=$( cert_parseYaml /config.yml | grep nodes_server__name | sed 's/nodes_server__name=//' )
nodes_server=$( cert_parseYaml /config.yml | grep -E "nodes[_]+server[_]+[0-9]+=" | sed -e 's/nodes__server__[0-9]=//' | sed 's/"//g' )
node_names=($nodes_server)
echo "Moving created certificates to the destination directory"
@@ -51,11 +51,12 @@ chown 1000:1000 /certificates/*
echo "Setting UID for wazuh manager and worker"
cp /certificates/root-ca.pem /certificates/root-ca-manager.pem
cp /certificates/root-ca.key /certificates/root-ca-manager.key
chown 101:101 /certificates/root-ca-manager.pem
chown 101:101 /certificates/root-ca-manager.key
chown 999:999 /certificates/root-ca-manager.pem
chown 999:999 /certificates/root-ca-manager.key
for i in ${node_names[@]};
do
chown 101:101 "/certificates/${i}.pem"
chown 101:101 "/certificates/${i}-key.pem"
chown 999:999 "/certificates/${i}.pem"
chown 999:999 "/certificates/${i}-key.pem"
done

View File

@@ -95,91 +95,27 @@
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<os>jammy</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>buster</os>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://wazuh1.indexer:9200</host>
<host>https://wazuh2.indexer:9200</host>
<host>https://wazuh3.indexer:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/ssl/filebeat.pem</certificate>
<key>/etc/ssl/filebeat.key</key>
</ssl>
</indexer>
<!-- File integrity monitoring -->
<syscheck>
@@ -371,9 +307,4 @@
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</ossec_config>

View File

@@ -95,91 +95,27 @@
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<os>jammy</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>buster</os>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://wazuh1.indexer:9200</host>
<host>https://wazuh2.indexer:9200</host>
<host>https://wazuh3.indexer:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/ssl/filebeat.pem</certificate>
<key>/etc/ssl/filebeat.key</key>
</ssl>
</indexer>
<!-- File integrity monitoring -->
<syscheck>
@@ -371,9 +307,4 @@
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
</ossec_config>

View File

@@ -9,4 +9,4 @@ server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
uiSettings.overrides.defaultRoute: /app/wz-home

View File

@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh.master:
image: wazuh/wazuh-manager:4.7.3
image: wazuh/wazuh-manager:4.8.0
hostname: wazuh.master
restart: always
ulimits:
@@ -45,7 +45,7 @@ services:
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.worker:
image: wazuh/wazuh-manager:4.7.3
image: wazuh/wazuh-manager:4.8.0
hostname: wazuh.worker
restart: always
ulimits:
@@ -81,7 +81,7 @@ services:
- ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
wazuh1.indexer:
image: wazuh/wazuh-indexer:4.7.3
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh1.indexer
restart: always
ports:
@@ -107,7 +107,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh2.indexer:
image: wazuh/wazuh-indexer:4.7.3
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh2.indexer
restart: always
environment:
@@ -129,7 +129,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh3.indexer:
image: wazuh/wazuh-indexer:4.7.3
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh3.indexer
restart: always
environment:
@@ -151,7 +151,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.3
image: wazuh/wazuh-dashboard:4.8.0
hostname: wazuh.dashboard
restart: always
ports:

View File

@@ -3,7 +3,7 @@ version: '3'
services:
generator:
image: wazuh/wazuh-certs-generator:0.0.1
image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/

View File

@@ -95,91 +95,25 @@
<skip_nfs>yes</skip_nfs>
</sca>
<vulnerability-detector>
<enabled>no</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>no</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<os>jammy</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>no</enabled>
<os>buster</os>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>no</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>no</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE Linux Enterprise OS vulnerabilities -->
<provider name="suse">
<enabled>no</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>no</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>no</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://wazuh.indexer:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/ssl/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/ssl/filebeat.pem</certificate>
<key>/etc/ssl/filebeat.key</key>
</ssl>
</indexer>
<!-- File integrity monitoring -->
<syscheck>

View File

@@ -9,4 +9,4 @@ server.ssl.enabled: true
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
uiSettings.overrides.defaultRoute: /app/wazuh
uiSettings.overrides.defaultRoute: /app/wz-home

View File

@@ -3,7 +3,7 @@ version: '3.7'
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.7.3
image: wazuh/wazuh-manager:4.8.0
hostname: wazuh.manager
restart: always
ulimits:
@@ -46,13 +46,13 @@ services:
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.indexer:
image: wazuh/wazuh-indexer:4.7.3
image: wazuh/wazuh-indexer:4.8.0
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
ulimits:
memlock:
soft: -1
@@ -71,7 +71,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.3
image: wazuh/wazuh-dashboard:4.8.0
hostname: wazuh.dashboard
restart: always
ports:

View File

@@ -3,7 +3,7 @@ version: '3'
services:
generator:
image: wazuh/wazuh-certs-generator:0.0.1
image: wazuh/wazuh-certs-generator:0.0.2
hostname: wazuh-certs-generator
volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/