From d3d2ae7b8687125e331c22de850e4cbb3d2b62bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 13 Feb 2024 10:32:58 +0100 Subject: [PATCH 1/5] Bump version to 5.0.0 --- .env | 6 +++--- .github/.goss.yaml | 2 +- CHANGELOG.md | 5 +++++ README.md | 1 + VERSION | 4 ++-- build-docker-images/README.md | 4 ++-- build-docker-images/build-images.sh | 4 ++-- multi-node/docker-compose.yml | 12 ++++++------ single-node/docker-compose.yml | 6 +++--- 9 files changed, 25 insertions(+), 19 deletions(-) diff --git a/.env b/.env index 8f5d52ffd..c2d4e554f 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=4.9.0 -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_VERSION=5.0.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_TAG_REVISION=1 -FILEBEAT_TEMPLATE_BRANCH=4.9.0 +FILEBEAT_TEMPLATE_BRANCH=5.0.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_UI_REVISION=1 diff --git a/.github/.goss.yaml b/.github/.goss.yaml index a2ee17aa7..d78980273 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 4.9.0-1 + - 5.0.0-1 port: tcp:1514: listening: true diff --git a/CHANGELOG.md b/CHANGELOG.md index a7bf88628..ef39d81d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Docker v5.0.0 +### Added + +- Update Wazuh to version [5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#v500) + ## Wazuh Docker v4.9.0 ### Added diff --git a/README.md b/README.md index 3bd8d37a1..f06a456cb 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,7 @@ WAZUH_MONITORING_REPLICAS=0 ## | Wazuh version | ODFE | XPACK | |---------------|---------|--------| +| v5.0.0 | | | | v4.9.0 | | | | v4.8.2 | | | | v4.8.1 | | | diff --git a/VERSION b/VERSION index a25e5cee2..1c77a838f 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-DOCKER_VERSION="4.9.0" -REVISION="40900" +WAZUH-DOCKER_VERSION="5.0.0" +REVISION="50000" diff --git a/build-docker-images/README.md b/build-docker-images/README.md index d4c5b4ff2..11fde42cd 100644 --- a/build-docker-images/README.md +++ b/build-docker-images/README.md @@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: ``` -$ build-docker-images/build-images.sh -v 4.9.0 +$ build-docker-images/build-images.sh -v 5.0.0 ``` To get all the available script options use the -h or --help option: @@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS] -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.4. -r, --revision [Optional] Package revision. By default 1 - -v, --version [Optional] Set the Wazuh version should be builded. By default, 4.9.0. + -v, --version [Optional] Set the Wazuh version should be builded. By default, 5.0.0. -h, --help Show this help. ``` \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index f8ba8a569..343dda87e 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,4 +1,4 @@ -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '\"tag_name\":' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') @@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="4.9.0" +WAZUH_IMAGE_VERSION="5.0.0" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" FILEBEAT_MODULE_VERSION="0.4" diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 95de74c59..02c657554 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.master restart: always ulimits: @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.worker restart: always ulimits: @@ -81,7 +81,7 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always ports: @@ -108,7 +108,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always environment: @@ -130,7 +130,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always environment: @@ -152,7 +152,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index dd697a705..8a918738e 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.manager restart: always ulimits: @@ -46,7 +46,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always ports: @@ -72,7 +72,7 @@ services: - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: From 935aee6d2acf279dc8986fc4e192344a13c98ea6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20Correa=20Rodr=C3=ADguez?= Date: Tue, 19 Mar 2024 11:39:01 +0100 Subject: [PATCH 2/5] Fixed references to 4.8 in `master` --- build-docker-images/wazuh-dashboard/config/config.sh | 4 ++-- build-docker-images/wazuh-indexer/config/config.sh | 4 ++-- indexer-certs-creator/config/entrypoint.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 793067216..b2cbfea47 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 2768f157e..ed4fff5cd 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE} ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/indexer-certs-creator/config/entrypoint.sh b/indexer-certs-creator/config/entrypoint.sh index d3e0534e9..3884ba640 100644 --- a/indexer-certs-creator/config/entrypoint.sh +++ b/indexer-certs-creator/config/entrypoint.sh @@ -8,8 +8,8 @@ ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.8/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.8/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') From f4ccd4b0a6e311aed44d55fec6e33220333fc6ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Anguita=20L=C3=B3pez?= Date: Tue, 9 Apr 2024 09:26:47 +0200 Subject: [PATCH 3/5] Removed commented lines 87 to 91 --- build-docker-images/wazuh-indexer/config/entrypoint.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 2acb4aa09..649d610d1 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -84,10 +84,4 @@ if [[ "$(id -u)" == "0" ]]; then fi -#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then - # run securityadmin.sh for single node with CACERT, CERT and KEY parameter -# nohup /securityadmin.sh & -# touch "/var/lib/wazuh-indexer/.flag" -#fi - run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file From 10f278cadb94f1033378a77a811edafa5728e551 Mon Sep 17 00:00:00 2001 From: vcerenu Date: Tue, 23 Apr 2024 11:43:29 -0300 Subject: [PATCH 4/5] add environment variables for configure wazuh indexer and dashboard files --- .../wazuh-dashboard/Dockerfile | 14 +- .../wazuh-dashboard/config/config.sh | 4 +- .../wazuh-dashboard/config/config.yml | 4 +- .../wazuh-dashboard/config/entrypoint.sh | 221 ++++++++++++- .../config/opensearch_dashboards.yml | 13 - build-docker-images/wazuh-indexer/Dockerfile | 19 +- .../wazuh-indexer/config/action_groups.yml | 12 - .../wazuh-indexer/config/config.sh | 6 - .../wazuh-indexer/config/entrypoint.sh | 295 +++++++++++++++++- .../wazuh-indexer/config/internal_users.yml | 74 ----- .../wazuh-indexer/config/opensearch.yml | 26 -- .../wazuh-indexer/config/roles.yml | 171 ---------- .../wazuh-indexer/config/roles_mapping.yml | 78 ----- .../wazuh_dashboard/opensearch_dashboards.yml | 12 - .../config/wazuh_indexer/wazuh1.indexer.yml | 38 --- .../config/wazuh_indexer/wazuh2.indexer.yml | 38 --- .../config/wazuh_indexer/wazuh3.indexer.yml | 38 --- multi-node/docker-compose.yml | 117 ++++++- single-node/docker-compose.yml | 47 ++- 19 files changed, 690 insertions(+), 537 deletions(-) delete mode 100644 build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml delete mode 100644 build-docker-images/wazuh-indexer/config/action_groups.yml delete mode 100644 build-docker-images/wazuh-indexer/config/internal_users.yml delete mode 100644 build-docker-images/wazuh-indexer/config/opensearch.yml delete mode 100644 build-docker-images/wazuh-indexer/config/roles.yml delete mode 100644 build-docker-images/wazuh-indexer/config/roles_mapping.yml delete mode 100644 multi-node/config/wazuh_dashboard/opensearch_dashboards.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh1.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh2.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh3.indexer.yml diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index e2e0bfd78..786bea0a0 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -26,7 +26,7 @@ RUN chmod 775 /install_wazuh_app.sh RUN bash /install_wazuh_app.sh # Copy and set permissions to config files -COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/ +RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml @@ -34,6 +34,7 @@ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs +RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount ################################################################################ # Build stage 1 (the current Wazuh dashboard image): @@ -108,6 +109,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME=$INSTALL_DIR/jdk +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + # Set workdir and user WORKDIR $INSTALL_DIR USER wazuh-dashboard @@ -116,3 +126,5 @@ USER wazuh-dashboard EXPOSE 443 ENTRYPOINT [ "/entrypoint.sh" ] + +CMD ["opensearch-dashboards"] diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index b2cbfea47..a9c12e103 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A mkdir -p ${CONFIG_DIR}/certs # Copy Wazuh dashboard certs to install config dir -cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem -cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem +cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem +cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem chmod -R 500 ${CONFIG_DIR}/certs diff --git a/build-docker-images/wazuh-dashboard/config/config.yml b/build-docker-images/wazuh-dashboard/config/config.yml index 24764d543..8135fcfea 100644 --- a/build-docker-images/wazuh-dashboard/config/config.yml +++ b/build-docker-images/wazuh-dashboard/config/config.yml @@ -1,5 +1,5 @@ nodes: # Wazuh dashboard server nodes dashboard: - - name: demo.dashboard - ip: demo.dashboard \ No newline at end of file + - name: dashboard + ip: wazuh.dashboard diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh index 290f9fa8b..698ebd622 100644 --- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh +++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh @@ -2,6 +2,215 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) INSTALL_DIR=/usr/share/wazuh-dashboard +export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR +WAZUH_CONFIG_MOUNT=/wazuh-config-mount + +opensearch_dashboards_vars=( + console.enabled + console.proxyConfig + console.proxyFilter + ops.cGroupOverrides.cpuPath + ops.cGroupOverrides.cpuAcctPath + cpu.cgroup.path.override + cpuacct.cgroup.path.override + server.basePath + server.customResponseHeaders + server.compression.enabled + server.compression.referrerWhitelist + server.cors + server.cors.origin + server.defaultRoute + server.host + server.keepAliveTimeout + server.maxPayloadBytes + server.name + server.port + csp.rules + csp.strict + csp.warnLegacyBrowsers + data.search.usageTelemetry.enabled + opensearch.customHeaders + opensearch.hosts + opensearch.logQueries + opensearch.memoryCircuitBreaker.enabled + opensearch.memoryCircuitBreaker.maxPercentage + opensearch.password + opensearch.pingTimeout + opensearch.requestHeadersWhitelist + opensearch.requestHeadersAllowlist + opensearch_security.multitenancy.enabled + opensearch_security.readonly_mode.roles + opensearch.requestTimeout + opensearch.shardTimeout + opensearch.sniffInterval + opensearch.sniffOnConnectionFault + opensearch.sniffOnStart + opensearch.ssl.alwaysPresentCertificate + opensearch.ssl.certificate + opensearch.ssl.key + opensearch.ssl.keyPassphrase + opensearch.ssl.keystore.path + opensearch.ssl.keystore.password + opensearch.ssl.truststore.path + opensearch.ssl.truststore.password + opensearch.ssl.verificationMode + opensearch.username + i18n.locale + interpreter.enableInVisualize + opensearchDashboards.autocompleteTerminateAfter + opensearchDashboards.autocompleteTimeout + opensearchDashboards.defaultAppId + opensearchDashboards.index + logging.dest + logging.json + logging.quiet + logging.rotate.enabled + logging.rotate.everyBytes + logging.rotate.keepFiles + logging.rotate.pollingInterval + logging.rotate.usePolling + logging.silent + logging.useUTC + logging.verbose + map.includeOpenSearchMapsService + map.proxyOpenSearchMapsServiceInMaps + map.regionmap + map.tilemap.options.attribution + map.tilemap.options.maxZoom + map.tilemap.options.minZoom + map.tilemap.options.subdomains + map.tilemap.url + monitoring.cluster_alerts.email_notifications.email_address + monitoring.enabled + monitoring.opensearchDashboards.collection.enabled + monitoring.opensearchDashboards.collection.interval + monitoring.ui.container.opensearch.enabled + monitoring.ui.container.logstash.enabled + monitoring.ui.opensearch.password + monitoring.ui.opensearch.pingTimeout + monitoring.ui.opensearch.hosts + monitoring.ui.opensearch.username + monitoring.ui.opensearch.logFetchCount + monitoring.ui.opensearch.ssl.certificateAuthorities + monitoring.ui.opensearch.ssl.verificationMode + monitoring.ui.enabled + monitoring.ui.max_bucket_size + monitoring.ui.min_interval_seconds + newsfeed.enabled + ops.interval + path.data + pid.file + regionmap + security.showInsecureClusterWarning + server.rewriteBasePath + server.socketTimeout + server.customResponseHeaders + server.ssl.enabled + server.ssl.key + server.ssl.keyPassphrase + server.ssl.keystore.path + server.ssl.keystore.password + server.ssl.truststore.path + server.ssl.truststore.password + server.ssl.cert + server.ssl.certificate + server.ssl.certificateAuthorities + server.ssl.cipherSuites + server.ssl.clientAuthentication + opensearch.ssl.certificateAuthorities + server.ssl.redirectHttpFromPort + server.ssl.supportedProtocols + server.xsrf.disableProtection + server.xsrf.whitelist + status.allowAnonymous + status.v6ApiFormat + tilemap.options.attribution + tilemap.options.maxZoom + tilemap.options.minZoom + tilemap.options.subdomains + tilemap.url + timeline.enabled + vega.enableExternalUrls + apm_oss.apmAgentConfigurationIndex + apm_oss.indexPattern + apm_oss.errorIndices + apm_oss.onboardingIndices + apm_oss.spanIndices + apm_oss.sourcemapIndices + apm_oss.transactionIndices + apm_oss.metricsIndices + telemetry.allowChangingOptInStatus + telemetry.enabled + telemetry.optIn + telemetry.optInStatusUrl + telemetry.sendUsageFrom + vis_builder.enabled + data_source.enabled + data_source.encryption.wrappingKeyName + data_source.encryption.wrappingKeyNamespace + data_source.encryption.wrappingKey + data_source.audit.enabled + data_source.audit.appender.kind + data_source.audit.appender.path + data_source.audit.appender.layout.kind + data_source.audit.appender.layout.highlight + data_source.audit.appender.layout.pattern + ml_commons_dashboards.enabled + assistant.chat.enabled + observability.query_assist.enabled + uiSettings.overrides.defaultRoute +) + +print() { + echo -e $1 +} + +error_and_exit() { + echo "Error executing command: '$1'." + echo 'Exiting.' + exit 1 +} + +exec_cmd() { + eval $1 > /dev/null 2>&1 || error_and_exit "$1" +} + +exec_cmd_stdout() { + eval $1 2>&1 || error_and_exit "$1" +} + +function runOpensearchDashboards { + touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + longoptfile="${opensearch_dashboards_var}: ${value}" + if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then + sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + else + echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + fi + fi + done + + umask 0002 + + /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \ + --cpu.cgroup.path.override=/ \ + --cpuacct.cgroup.path.override=/ +} + +mount_files() { + if [ -e $WAZUH_CONFIG_MOUNT/* ] + then + print "Identified Wazuh cdashboard onfiguration files to mount..." + exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR" + else + print "No Wazuh dashboard configuration files to mount..." + fi +} + DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}" DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}" @@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o /wazuh_app_config.sh $WAZUH_UI_REVISION -/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml \ No newline at end of file +mount_files + +if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then + set -- opensearch-dashboards "$@" +fi + +if [ "$1" = "opensearch-dashboards" ]; then + runOpensearchDashboards "$@" +else + exec "$@" +fi diff --git a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml b/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml deleted file mode 100644 index 68e6c85f1..000000000 --- a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml +++ /dev/null @@ -1,13 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh.indexer:9200 -opensearch.ssl.verificationMode: none -opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home - diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index bd579225b..8d1ae4512 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -6,20 +6,10 @@ ARG WAZUH_TAG_REVISION RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y -COPY config/opensearch.yml / - COPY config/config.sh . COPY config/config.yml / -COPY config/action_groups.yml / - -COPY config/internal_users.yml / - -COPY config/roles_mapping.yml / - -COPY config/roles.yml / - RUN bash config.sh ################################################################################ @@ -36,6 +26,15 @@ ENV USER="wazuh-indexer" \ NAME="wazuh-indexer" \ INSTALL_DIR="/usr/share/wazuh-indexer" +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME="$INSTALL_DIR/jdk" +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + RUN yum install curl-minimal shadow-utils findutils hostname -y RUN getent group $GROUP || groupadd -r -g 1000 $GROUP diff --git a/build-docker-images/wazuh-indexer/config/action_groups.yml b/build-docker-images/wazuh-indexer/config/action_groups.yml deleted file mode 100644 index 04119c8a2..000000000 --- a/build-docker-images/wazuh-indexer/config/action_groups.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -_meta: - type: "actiongroups" - config_version: 2 - -# ISM API permissions group -manage_ism: - reserved: true - hidden: false - allowed_actions: - - "cluster:admin/opendistro/ism/*" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index ed4fff5cd..299251f25 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -117,12 +117,6 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR} # Copy the security tools cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ -# Copy Wazuh's config files for the security plugin -cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 649d610d1..60ae01d37 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -7,12 +7,272 @@ umask 0002 export USER=wazuh-indexer export INSTALLATION_DIR=/usr/share/wazuh-indexer export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR} -export JAVA_HOME=${INSTALLATION_DIR}/jdk -export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" +opensearch_vars=( + cluster.name + node.name + node.roles + path.data + path.logs + bootstrap.memory_lock + network.host + http.port + transport.port + network.bind_host + network.publish_host + transport.tcp.port + compatibility.override_main_response_version + http.host + http.bind_host + http.publish_host + http.compression + transport.host + transport.bind_host + transport.publish_host + discovery.seed_hosts + discovery.seed_providers + discovery.type + cluster.initial_cluster_manager_nodes + cluster.initial_master_nodes + node.max_local_storage_nodes + gateway.recover_after_nodes + gateway.recover_after_data_nodes + gateway.expected_data_nodes + gateway.recover_after_time + plugins.security.nodes_dn + plugins.security.nodes_dn_dynamic_config_enabled + plugins.security.authcz.admin_dn + plugins.security.roles_mapping_resolution + plugins.security.dls.mode + plugins.security.compliance.salt + config.dynamic.http.anonymous_auth_enabled + plugins.security.restapi.roles_enabled + plugins.security.restapi.password_validation_regex + plugins.security.restapi.password_validation_error_message + plugins.security.restapi.password_min_length + plugins.security.restapi.password_score_based_validation_strength + plugins.security.unsupported.restapi.allow_securityconfig_modification + plugins.security.authcz.impersonation_dn + plugins.security.authcz.rest_impersonation_user + plugins.security.allow_default_init_securityindex + plugins.security.allow_unsafe_democertificates + plugins.security.system_indices.permission.enabled + plugins.security.config_index_name + plugins.security.cert.oid + plugins.security.cert.intercluster_request_evaluator_class + plugins.security.enable_snapshot_restore_privilege + plugins.security.check_snapshot_restore_write_privileges + plugins.security.cache.ttl_minutes + plugins.security.protected_indices.enabled + plugins.security.protected_indices.roles + plugins.security.protected_indices.indices + plugins.security.system_indices.enabled + plugins.security.system_indices.indices + plugins.security.audit.enable_rest + plugins.security.audit.enable_transport + plugins.security.audit.resolve_bulk_requests + plugins.security.audit.config.disabled_categories + plugins.security.audit.ignore_requests + plugins.security.audit.threadpool.size + plugins.security.audit.threadpool.max_queue_len + plugins.security.audit.ignore_users + plugins.security.audit.type + plugins.security.audit.config.http_endpoints + plugins.security.audit.config.index + plugins.security.audit.config.type + plugins.security.audit.config.username + plugins.security.audit.config.password + plugins.security.audit.config.enable_ssl + plugins.security.audit.config.verify_hostnames + plugins.security.audit.config.enable_ssl_client_auth + plugins.security.audit.config.cert_alias + plugins.security.audit.config.pemkey_filepath + plugins.security.audit.config.pemkey_content + plugins.security.audit.config.pemkey_password + plugins.security.audit.config.pemcert_filepath + plugins.security.audit.config.pemcert_content + plugins.security.audit.config.pemtrustedcas_filepath + plugins.security.audit.config.pemtrustedcas_content + plugins.security.audit.config.webhook.url + plugins.security.audit.config.webhook.format + plugins.security.audit.config.webhook.ssl.verify + plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath + plugins.security.audit.config.webhook.ssl.pemtrustedcas_content + plugins.security.audit.config.log4j.logger_name + plugins.security.audit.config.log4j.level + opendistro_security.audit.config.disabled_rest_categories + opendistro_security.audit.config.disabled_transport_categories + plugins.security.ssl.transport.enforce_hostname_verification + plugins.security.ssl.transport.resolve_hostname + plugins.security.ssl.http.clientauth_mode + plugins.security.ssl.http.enabled_ciphers + plugins.security.ssl.http.enabled_protocols + plugins.security.ssl.transport.enabled_ciphers + plugins.security.ssl.transport.enabled_protocols + plugins.security.ssl.transport.keystore_type + plugins.security.ssl.transport.keystore_filepath + plugins.security.ssl.transport.keystore_alias + plugins.security.ssl.transport.keystore_password + plugins.security.ssl.transport.truststore_type + plugins.security.ssl.transport.truststore_filepath + plugins.security.ssl.transport.truststore_alias + plugins.security.ssl.transport.truststore_password + plugins.security.ssl.http.enabled + plugins.security.ssl.http.keystore_type + plugins.security.ssl.http.keystore_filepath + plugins.security.ssl.http.keystore_alias + plugins.security.ssl.http.keystore_password + plugins.security.ssl.http.truststore_type + plugins.security.ssl.http.truststore_filepath + plugins.security.ssl.http.truststore_alias + plugins.security.ssl.http.truststore_password + plugins.security.ssl.transport.enable_openssl_if_available + plugins.security.ssl.http.enable_openssl_if_available + plugins.security.ssl.transport.pemkey_filepath + plugins.security.ssl.transport.pemkey_password + plugins.security.ssl.transport.pemcert_filepath + plugins.security.ssl.transport.pemtrustedcas_filepath + plugins.security.ssl.http.pemkey_filepath + plugins.security.ssl.http.pemkey_password + plugins.security.ssl.http.pemcert_filepath + plugins.security.ssl.http.pemtrustedcas_filepath + plugins.security.ssl.transport.enabled + plugins.security.ssl.transport.client.pemkey_password + plugins.security.ssl.transport.keystore_keypassword + plugins.security.ssl.transport.server.keystore_keypassword + plugins.sercurity.ssl.transport.server.keystore_alias + plugins.sercurity.ssl.transport.client.keystore_alias + plugins.sercurity.ssl.transport.server.truststore_alias + plugins.sercurity.ssl.transport.client.truststore_alias + plugins.security.ssl.client.external_context_id + plugins.secuirty.ssl.transport.principal_extractor_class + plugins.security.ssl.http.crl.file_path + plugins.security.ssl.http.crl.validate + plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp + plugins.security.ssl.http.crl.check_only_end_entitites + plugins.security.ssl.http.crl.disable_ocsp + plugins.security.ssl.http.crl.disable_crldp + plugins.security.ssl.allow_client_initiated_renegotiation + indices.breaker.total.use_real_memory + indices.breaker.total.limit + indices.breaker.fielddata.limit + indices.breaker.fielddata.overhead + indices.breaker.request.limit + indices.breaker.request.overhead + network.breaker.inflight_requests.limit + network.breaker.inflight_requests.overhead + cluster.routing.allocation.enable + cluster.routing.allocation.node_concurrent_incoming_recoveries + cluster.routing.allocation.node_concurrent_outgoing_recoveries + cluster.routing.allocation.node_concurrent_recoveries + cluster.routing.allocation.node_initial_primaries_recoveries + cluster.routing.allocation.same_shard.host + cluster.routing.rebalance.enable + cluster.routing.allocation.allow_rebalance + cluster.routing.allocation.cluster_concurrent_rebalance + cluster.routing.allocation.balance.shard + cluster.routing.allocation.balance.index + cluster.routing.allocation.balance.threshold + cluster.routing.allocation.balance.prefer_primary + cluster.routing.allocation.disk.threshold_enabled + cluster.routing.allocation.disk.watermark.low + cluster.routing.allocation.disk.watermark.high + cluster.routing.allocation.disk.watermark.flood_stage + cluster.info.update.interval + cluster.routing.allocation.shard_movement_strategy + cluster.blocks.read_only + cluster.blocks.read_only_allow_delete + cluster.max_shards_per_node + cluster.persistent_tasks.allocation.enable + cluster.persistent_tasks.allocation.recheck_interval + cluster.search.request.slowlog.threshold.warn + cluster.search.request.slowlog.threshold.info + cluster.search.request.slowlog.threshold.debug + cluster.search.request.slowlog.threshold.trace + cluster.search.request.slowlog.level + cluster.fault_detection.leader_check.timeout + cluster.fault_detection.follower_check.timeout + action.auto_create_index + action.destructive_requires_name + cluster.default.index.refresh_interval + cluster.minimum.index.refresh_interval + cluster.indices.close.enable + indices.recovery.max_bytes_per_sec + indices.recovery.max_concurrent_file_chunks + indices.recovery.max_concurrent_operations + indices.recovery.max_concurrent_remote_store_streams + indices.time_series_index.default_index_merge_policy + indices.fielddata.cache.size + index.number_of_shards + index.number_of_routing_shards + index.shard.check_on_startup + index.codec + index.codec.compression_level + index.routing_partition_size + index.soft_deletes.retention_lease.period + index.load_fixed_bitset_filters_eagerly + index.hidden + index.merge.policy + index.merge_on_flush.enabled + index.merge_on_flush.max_full_flush_merge_wait_time + index.merge_on_flush.policy + index.check_pending_flush.enabled + index.number_of_replicas + index.auto_expand_replicas + index.search.idle.after + index.refresh_interval + index.max_result_window + index.max_inner_result_window + index.max_rescore_window + index.max_docvalue_fields_search + index.max_script_fields + index.max_ngram_diff + index.max_shingle_diff + index.max_refresh_listeners + index.analyze.max_token_count + index.highlight.max_analyzed_offset + index.max_terms_count + index.max_regex_length + index.query.default_field + index.query.max_nested_depth + index.routing.allocation.enable + index.routing.rebalance.enable + index.gc_deletes + index.default_pipeline + index.final_pipeline + index.optimize_doc_id_lookup.fuzzy_set.enabled + index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability + search.max_buckets + search.phase_took_enabled + search.allow_expensive_queries + search.default_allow_partial_results + search.cancel_after_time_interval + search.default_search_timeout + search.default_keep_alive + search.keep_alive_interval + search.max_keep_alive + search.low_level_cancellation + search.max_open_scroll_context + search.request_stats_enabled + search.highlight.term_vector_multi_value + snapshot.max_concurrent_operations + cluster.remote_store.translog.buffer_interval + remote_store.moving_average_window_size + opensearch.notifications.core.allowed_config_types + opensearch.notifications.core.email.minimum_header_length + opensearch.notifications.core.email.size_limit + opensearch.notifications.core.http.connection_timeout + opensearch.notifications.core.http.host_deny_list + opensearch.notifications.core.http.max_connection_per_route + opensearch.notifications.core.http.max_connections + opensearch.notifications.core.http.socket_timeout + opensearch.notifications.core.tooltip_support + opensearch.notifications.general.filter_by_backend_roles +) + run_as_other_user_if_needed() { if [[ "$(id -u)" == "0" ]]; then # If running as root, drop to specified UID and run command @@ -24,6 +284,37 @@ run_as_other_user_if_needed() { fi } +function buildOpensearchConfig { + echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml + for opensearch_var in ${opensearch_vars[*]}; do + env_var=$(echo ${opensearch_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)" + sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + fi + while : + do + case "$charline" in + "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;; + *) break;; + esac + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + done + longoptfile="${opensearch_var}: ${value}" + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml + else + echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml + fi + fi + done +} + +buildOpensearchConfig + # Allow user specify custom CMD, maybe bin/opensearch itself # for example to directly specify `-E` style parameters for opensearch on k8s # or simply to run /bin/bash to check the image diff --git a/build-docker-images/wazuh-indexer/config/internal_users.yml b/build-docker-images/wazuh-indexer/config/internal_users.yml deleted file mode 100644 index 40fcb9cda..000000000 --- a/build-docker-images/wazuh-indexer/config/internal_users.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: "internalusers" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" - reserved: true - backend_roles: - - "admin" - description: "Demo admin user" - -kibanaserver: - hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." - reserved: true - description: "Demo kibanaserver user" - -kibanaro: - hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" - reserved: false - backend_roles: - - "kibanauser" - - "readall" - attributes: - attribute1: "value1" - attribute2: "value2" - attribute3: "value3" - description: "Demo kibanaro user" - -logstash: - hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" - reserved: false - backend_roles: - - "logstash" - description: "Demo logstash user" - -readall: - hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" - reserved: false - backend_roles: - - "readall" - description: "Demo readall user" - -snapshotrestore: - hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" - reserved: false - backend_roles: - - "snapshotrestore" - description: "Demo snapshotrestore user" - -wazuh_admin: - hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false - -wazuh_user: - hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/opensearch.yml b/build-docker-images/wazuh-indexer/config/opensearch.yml deleted file mode 100644 index 1f0a78b36..000000000 --- a/build-docker-images/wazuh-indexer/config/opensearch.yml +++ /dev/null @@ -1,26 +0,0 @@ -network.host: "0.0.0.0" -node.name: "wazuh.indexer" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -discovery.type: single-node -compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml deleted file mode 100644 index f8bc557a8..000000000 --- a/build-docker-images/wazuh-indexer/config/roles.yml +++ /dev/null @@ -1,171 +0,0 @@ -_meta: - type: "roles" - config_version: 2 - -# Restrict users so they can only view visualization and dashboards on kibana -kibana_read_only: - reserved: true - -# The security REST API access role is used to assign specific users access to change the security settings through the REST API. -security_rest_api_access: - reserved: true - -# Allows users to view monitors, destinations and alerts -alerting_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/get' - - 'cluster:admin/opendistro/alerting/destination/get' - - 'cluster:admin/opendistro/alerting/monitor/get' - - 'cluster:admin/opendistro/alerting/monitor/search' - -# Allows users to view and acknowledge alerts -alerting_ack_alerts: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/*' - -# Allows users to use all alerting functionality -alerting_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/alerting/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allow users to read Anomaly Detection detectors and results -anomaly_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/ad/detector/info' - - 'cluster:admin/opendistro/ad/detector/search' - - 'cluster:admin/opendistro/ad/detectors/get' - - 'cluster:admin/opendistro/ad/result/search' - - 'cluster:admin/opendistro/ad/tasks/search' - -# Allows users to use all Anomaly Detection functionality -anomaly_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/ad/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allows users to read Notebooks -notebooks_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/list' - - 'cluster:admin/opendistro/notebooks/get' - -# Allows users to all Notebooks functionality -notebooks_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/create' - - 'cluster:admin/opendistro/notebooks/update' - - 'cluster:admin/opendistro/notebooks/delete' - - 'cluster:admin/opendistro/notebooks/get' - - 'cluster:admin/opendistro/notebooks/list' - -# Allows users to read and download Reports -reports_instances_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to read and download Reports and Report-definitions -reports_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to all Reports functionality -reports_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/create' - - 'cluster:admin/opendistro/reports/definition/update' - - 'cluster:admin/opendistro/reports/definition/on_demand' - - 'cluster:admin/opendistro/reports/definition/delete' - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to use all asynchronous-search functionality -asynchronous_search_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices:data/read/search*' - -# Allows users to read stored asynchronous-search results -asynchronous_search_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/get' - -wazuh_ui_user: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - tenant_permissions: [] - static: false - -wazuh_ui_admin: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - - "delete" - - "manage" - - "index" - tenant_permissions: [] - static: false - -# ISM API permissions role -manage_ism: - reserved: true - hidden: false - cluster_permissions: - - "manage_ism" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml deleted file mode 100644 index 7fa57a4db..000000000 --- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles. -# Permissions for Wazuh indexer roles are configured in roles.yml - -_meta: - type: "rolesmapping" - config_version: 2 - -# Define your roles mapping here - -## Demo roles mapping - -all_access: - reserved: false - backend_roles: - - "admin" - description: "Maps admin to all_access" - -own_index: - reserved: false - users: - - "*" - description: "Allow full access to an index named like the username" - -logstash: - reserved: false - backend_roles: - - "logstash" - -kibana_user: - reserved: false - backend_roles: - - "kibanauser" - users: - - "wazuh_user" - - "wazuh_admin" - description: "Maps kibanauser to kibana_user" - -readall: - reserved: false - backend_roles: - - "readall" - -manage_snapshots: - reserved: false - backend_roles: - - "snapshotrestore" - -kibana_server: - reserved: true - users: - - "kibanaserver" - -wazuh_ui_admin: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_admin" - - "kibanaserver" - and_backend_roles: [] - -wazuh_ui_user: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_user" - and_backend_roles: [] - -# ISM API permissions role mapping -manage_ism: - reserved: true - hidden: false - users: - - "kibanaserver" \ No newline at end of file diff --git a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index 3a53c3f88..000000000 --- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,12 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh1.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml deleted file mode 100644 index 59cbe9bfa..000000000 --- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh1.indexer -node.name: wazuh1.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml deleted file mode 100644 index 478ed1d0b..000000000 --- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh2.indexer -node.name: wazuh2.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml deleted file mode 100644 index 8caa513dc..000000000 --- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh3.indexer -node.name: wazuh3.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index f7be620af..d9e535e32 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -87,8 +87,35 @@ services: ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh1.indexer + NODE_NAME: wazuh1.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -103,7 +130,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: @@ -111,8 +139,35 @@ services: hostname: wazuh2.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh2.indexer + NODE_NAME: wazuh2.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -125,7 +180,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem - - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: @@ -133,8 +189,35 @@ services: hostname: wazuh3.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh3.indexer + NODE_NAME: wazuh3.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -147,7 +230,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem - - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -163,11 +247,24 @@ services: - API_PASSWORD=MyS3cr37P450r.*- - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 + - OPENSEARCH_SSL_VERIFICATIONMODE=certificate + - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] + - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false + - SERVER_SSL_ENABLED=true + - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] + - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] + - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 6ae87391e..2c1dd7a51 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -53,6 +53,33 @@ services: - "9200:9200" environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - NETWORK_HOST="0.0.0.0" + - NODE_NAME="wazuh.indexer" + - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer" + - CLUSTER_NAME="wazuh-cluster" + - PATH_DATA=/var/lib/wazuh-indexer + - PATH_LOGS=/var/log/wazuh-indexer + - HTTP_PORT=9200-9299 + - TRANSPORT_TCP_PORT=9300-9399 + - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true + - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true + - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false + - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false + - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true + - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true + - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' + - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true + - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true + - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false ulimits: memlock: soft: -1 @@ -67,7 +94,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -84,12 +112,25 @@ services: - DASHBOARD_PASSWORD=kibanaserver - API_USERNAME=wazuh-wui - API_PASSWORD=MyS3cr37P450r.*- + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=https://wazuh.indexer:9200 + - OPENSEARCH_SSL_VERIFICATIONMODE=certificate + - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] + - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false + - SERVER_SSL_ENABLED=true + - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] + - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] + - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml + - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: From 7ec98fedf9d58bf29a7deb0077003f750e6e72fe Mon Sep 17 00:00:00 2001 From: vcerenu Date: Wed, 24 Apr 2024 05:57:27 -0300 Subject: [PATCH 5/5] correct environment settings in services --- multi-node/docker-compose.yml | 125 ++++++++++++++++--------------- single-node/docker-compose.yml | 132 +++++++++++++++++---------------- 2 files changed, 132 insertions(+), 125 deletions(-) diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index d9e535e32..f45a53593 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -18,15 +18,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - master-wazuh-api-configuration:/var/ossec/api/configuration - master-wazuh-etc:/var/ossec/etc @@ -56,13 +56,13 @@ services: soft: 655360 hard: 655360 environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key volumes: - worker-wazuh-api-configuration:/var/ossec/api/configuration - worker-wazuh-etc:/var/ossec/etc @@ -84,6 +84,13 @@ services: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - "9200:9200" environment: @@ -116,13 +123,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -132,12 +132,18 @@ services: - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" @@ -168,13 +174,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -182,12 +181,18 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 environment: OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" bootstrap.memory_lock: "true" @@ -218,13 +223,6 @@ services: PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -232,42 +230,47 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" - - WAZUH_API_URL="https://wazuh.master" - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - SERVER_HOST=0.0.0.0 - - SERVER_PORT=5601 - - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 - - OPENSEARCH_SSL_VERIFICATIONMODE=certificate - - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] - - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false - - SERVER_SSL_ENABLED=true - - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] - - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" - - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" - - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] - - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home + OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200" + WAZUH_API_URL: "https://wazuh.master" + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + SERVER_HOST: "0.0.0.0" + SERVER_PORT: "5601" + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem + - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: - wazuh1.indexer links: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 2c1dd7a51..cdef5a42d 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -19,15 +19,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - wazuh_api_configuration:/var/ossec/api/configuration - wazuh_etc:/var/ossec/etc @@ -49,37 +49,6 @@ services: image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always - ports: - - "9200:9200" - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - NETWORK_HOST="0.0.0.0" - - NODE_NAME="wazuh.indexer" - - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer" - - CLUSTER_NAME="wazuh-cluster" - - PATH_DATA=/var/lib/wazuh-indexer - - PATH_LOGS=/var/log/wazuh-indexer - - HTTP_PORT=9200-9299 - - TRANSPORT_TCP_PORT=9300-9399 - - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true - - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key - - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key - - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem - - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true - - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false - - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false - - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" - - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true - - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true - - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" - - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' - - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true - - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' - - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true - - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false ulimits: memlock: soft: -1 @@ -87,6 +56,37 @@ services: nofile: soft: 65536 hard: 65536 + ports: + - "9200:9200" + environment: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NODE_NAME: "wazuh.indexer" + CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer" + CLUSTER_NAME: "wazuh-cluster" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + HTTP_PORT: 9200-9299 + TRANSPORT_TCP_PORT: 9300-9399 + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -96,43 +96,47 @@ services: - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - WAZUH_API_URL=https://wazuh.manager - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - SERVER_HOST=0.0.0.0 - - SERVER_PORT=5601 - - OPENSEARCH_HOSTS=https://wazuh.indexer:9200 - - OPENSEARCH_SSL_VERIFICATIONMODE=certificate - - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] - - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false - - SERVER_SSL_ENABLED=true - - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] - - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" - - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" - - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] - - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home + WAZUH_API_URL: https://wazuh.manager + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + SERVER_HOST: 0.0.0.0 + SERVER_PORT: 5601 + OPENSEARCH_HOSTS: https://wazuh.indexer:9200 + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables - # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml depends_on: - wazuh.indexer links: