diff --git a/.env b/.env index 8f5d52ffd..c2d4e554f 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=4.9.0 -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_VERSION=5.0.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_TAG_REVISION=1 -FILEBEAT_TEMPLATE_BRANCH=4.9.0 +FILEBEAT_TEMPLATE_BRANCH=5.0.0 WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_UI_REVISION=1 diff --git a/.github/.goss.yaml b/.github/.goss.yaml index a2ee17aa7..d78980273 100644 --- a/.github/.goss.yaml +++ b/.github/.goss.yaml @@ -56,7 +56,7 @@ package: wazuh-manager: installed: true versions: - - 4.9.0-1 + - 5.0.0-1 port: tcp:1514: listening: true diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index 0444cba7a..18a71dd2b 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -22,6 +22,7 @@ jobs: docker save wazuh/wazuh-manager:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-manager.tar docker save wazuh/wazuh-indexer:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-indexer.tar docker save wazuh/wazuh-dashboard:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar + docker save wazuh/wazuh-cert-tool:${{env.WAZUH_IMAGE_VERSION}} -o /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar - name: Temporarily save Wazuh manager Docker image uses: actions/upload-artifact@v3 @@ -44,6 +45,13 @@ jobs: path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-dashboard.tar retention-days: 1 + - name: Temporarily save Wazuh Cert Tool Docker image + uses: actions/upload-artifact@v3 + with: + name: docker-artifact-cert-tool + path: /home/runner/work/wazuh-docker/wazuh-docker/docker-images/wazuh-cert-tool.tar + retention-days: 1 + - name: Install Goss uses: e1himself/goss-installation-action@v1.0.3 with: @@ -81,15 +89,22 @@ jobs: with: name: docker-artifact-dashboard + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-cert-tool + - name: Docker load run: | docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create single node certficates - run: docker-compose -f single-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f single-node/generate-certs.yml run --rm generator - name: Start single node stack run: docker-compose -f single-node/docker-compose.yml up -d @@ -212,15 +227,21 @@ jobs: with: name: docker-artifact-indexer + - name: Retrieve saved Wazuh Cert Tool Docker image + uses: actions/download-artifact@v3 + with: + name: docker-artifact-cert-tool + - name: Docker load run: | - docker load --input ./wazuh-manager.tar docker load --input ./wazuh-indexer.tar docker load --input ./wazuh-dashboard.tar - rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar + docker load --input ./wazuh-manager.tar + docker load --input ./wazuh-cert-tool.tar + rm -rf wazuh-manager.tar wazuh-indexer.tar wazuh-dashboard.tar wazuh-cert-tool.tar - name: Create multi node certficates - run: docker-compose -f multi-node/generate-indexer-certs.yml run --rm generator + run: docker-compose -f multi-node/generate-certs.yml run --rm generator - name: Start multi node stack run: docker-compose -f multi-node/docker-compose.yml up -d diff --git a/.whitesource b/.whitesource new file mode 100644 index 000000000..9c7ae90b4 --- /dev/null +++ b/.whitesource @@ -0,0 +1,14 @@ +{ + "scanSettings": { + "baseBranches": [] + }, + "checkRunSettings": { + "vulnerableCheckRunConclusionLevel": "failure", + "displayMode": "diff", + "useMendCheckNames": true + }, + "issueSettings": { + "minSeverityLevel": "LOW", + "issueType": "DEPENDENCY" + } +} \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d704b3b5..04eaf507d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Docker v5.0.0 +### Added + +- Update Wazuh to version [5.0.0](https://github.com/wazuh/wazuh/blob/v5.0.0/CHANGELOG.md#v500) + ## Wazuh Docker v4.9.0 ### Added diff --git a/README.md b/README.md index 7c6c3a3db..34290fc21 100644 --- a/README.md +++ b/README.md @@ -154,7 +154,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   └── wazuh_indexer_ssl_certs │   │   └── certs.yml │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   ├── Migration-to-Wazuh-4.3.md │   └── volume-migrator.sh ├── README.md @@ -181,7 +181,7 @@ WAZUH_MONITORING_REPLICAS=0 ## │   │   ├── wazuh.manager-key.pem │   │   └── wazuh.manager.pem │   ├── docker-compose.yml - │   ├── generate-indexer-certs.yml + │   ├── generate-certs.yml │   └── README.md └── VERSION @@ -196,6 +196,7 @@ WAZUH_MONITORING_REPLICAS=0 ## | Wazuh version | ODFE | XPACK | |---------------|---------|--------| +| v5.0.0 | | | | v4.9.0 | | | | v4.8.2 | | | | v4.8.1 | | | diff --git a/VERSION b/VERSION index a25e5cee2..1c77a838f 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-DOCKER_VERSION="4.9.0" -REVISION="40900" +WAZUH-DOCKER_VERSION="5.0.0" +REVISION="50000" diff --git a/build-docker-images/README.md b/build-docker-images/README.md index d4c5b4ff2..11fde42cd 100644 --- a/build-docker-images/README.md +++ b/build-docker-images/README.md @@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: ``` -$ build-docker-images/build-images.sh -v 4.9.0 +$ build-docker-images/build-images.sh -v 5.0.0 ``` To get all the available script options use the -h or --help option: @@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS] -d, --dev [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. -f, --filebeat-module [Optional] Set Filebeat module version. By default 0.4. -r, --revision [Optional] Package revision. By default 1 - -v, --version [Optional] Set the Wazuh version should be builded. By default, 4.9.0. + -v, --version [Optional] Set the Wazuh version should be builded. By default, 5.0.0. -h, --help Show this help. ``` \ No newline at end of file diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 6d1833a88..6acdb2d38 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,4 +1,4 @@ -WAZUH_IMAGE_VERSION=4.9.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') @@ -12,7 +12,7 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION} # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="4.9.0" +WAZUH_IMAGE_VERSION="5.0.0" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" FILEBEAT_MODULE_VERSION="0.4" @@ -71,6 +71,7 @@ build() { echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env docker-compose -f build-docker-images/build-images.yml --env-file .env build --no-cache + docker build -t wazuh/wazuh-cert-tool:$WAZUH_IMAGE_VERSION build-docker-images/cert-tool-image/ return 0 } diff --git a/indexer-certs-creator/Dockerfile b/build-docker-images/wazuh-cert-tool/Dockerfile similarity index 67% rename from indexer-certs-creator/Dockerfile rename to build-docker-images/wazuh-cert-tool/Dockerfile index 58b2583ff..92c3cbaca 100644 --- a/indexer-certs-creator/Dockerfile +++ b/build-docker-images/wazuh-cert-tool/Dockerfile @@ -1,7 +1,8 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) -FROM ubuntu:focal +FROM amazonlinux:2023 -RUN apt-get update && apt-get install openssl curl -y +RUN yum install curl-minimal openssl -y &&\ +yum clean all WORKDIR / diff --git a/indexer-certs-creator/config/entrypoint.sh b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh similarity index 95% rename from indexer-certs-creator/config/entrypoint.sh rename to build-docker-images/wazuh-cert-tool/config/entrypoint.sh index db6e0e784..758618338 100644 --- a/indexer-certs-creator/config/entrypoint.sh +++ b/build-docker-images/wazuh-cert-tool/config/entrypoint.sh @@ -8,8 +8,8 @@ ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.9/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index 51545c7ca..172c98616 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -26,7 +26,7 @@ RUN chmod 775 /install_wazuh_app.sh RUN bash /install_wazuh_app.sh # Copy and set permissions to config files -COPY config/opensearch_dashboards.yml $INSTALL_DIR/config/ +RUN cp $INSTALL_DIR/etc/opensearch_dashboards.yml $INSTALL_DIR/config/opensearch_dashboards.yml COPY config/wazuh.yml $INSTALL_DIR/data/wazuh/config/ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml @@ -34,6 +34,7 @@ RUN chmod 664 $INSTALL_DIR/config/opensearch_dashboards.yml RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh RUN mkdir -p $INSTALL_DIR/data/wazuh/config && chmod -R 775 $INSTALL_DIR/data/wazuh/config RUN mkdir -p $INSTALL_DIR/data/wazuh/logs && chmod -R 775 $INSTALL_DIR/data/wazuh/logs +RUN mkdir /wazuh-config-mount && chmod -R 775 /wazuh-config-mount ################################################################################ # Build stage 1 (the current Wazuh dashboard image): @@ -108,6 +109,15 @@ COPY --from=builder --chown=1000:1000 $INSTALL_DIR $INSTALL_DIR RUN mkdir -p /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom RUN chown 1000:1000 /usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME=$INSTALL_DIR/jdk +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + # Set workdir and user WORKDIR $INSTALL_DIR USER wazuh-dashboard @@ -116,3 +126,5 @@ USER wazuh-dashboard EXPOSE 443 ENTRYPOINT [ "/entrypoint.sh" ] + +CMD ["opensearch-dashboards"] diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 3f5dd9023..a9c12e103 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -9,8 +9,8 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config ## Variables CERT_TOOL=wazuh-certs-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.9/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') @@ -34,8 +34,8 @@ chmod 755 $CERT_TOOL && bash /$CERT_TOOL -A mkdir -p ${CONFIG_DIR}/certs # Copy Wazuh dashboard certs to install config dir -cp /wazuh-certificates/demo.dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem -cp /wazuh-certificates/demo.dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem +cp /wazuh-certificates/dashboard.pem ${CONFIG_DIR}/certs/dashboard.pem +cp /wazuh-certificates/dashboard-key.pem ${CONFIG_DIR}/certs/dashboard-key.pem cp /wazuh-certificates/root-ca.pem ${CONFIG_DIR}/certs/root-ca.pem chmod -R 500 ${CONFIG_DIR}/certs diff --git a/build-docker-images/wazuh-dashboard/config/config.yml b/build-docker-images/wazuh-dashboard/config/config.yml index 24764d543..8135fcfea 100644 --- a/build-docker-images/wazuh-dashboard/config/config.yml +++ b/build-docker-images/wazuh-dashboard/config/config.yml @@ -1,5 +1,5 @@ nodes: # Wazuh dashboard server nodes dashboard: - - name: demo.dashboard - ip: demo.dashboard \ No newline at end of file + - name: dashboard + ip: wazuh.dashboard diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh index 290f9fa8b..698ebd622 100644 --- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh +++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh @@ -2,6 +2,215 @@ # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) INSTALL_DIR=/usr/share/wazuh-dashboard +export OPENSEARCH_DASHBOARDS_HOME=$INSTALL_DIR +WAZUH_CONFIG_MOUNT=/wazuh-config-mount + +opensearch_dashboards_vars=( + console.enabled + console.proxyConfig + console.proxyFilter + ops.cGroupOverrides.cpuPath + ops.cGroupOverrides.cpuAcctPath + cpu.cgroup.path.override + cpuacct.cgroup.path.override + server.basePath + server.customResponseHeaders + server.compression.enabled + server.compression.referrerWhitelist + server.cors + server.cors.origin + server.defaultRoute + server.host + server.keepAliveTimeout + server.maxPayloadBytes + server.name + server.port + csp.rules + csp.strict + csp.warnLegacyBrowsers + data.search.usageTelemetry.enabled + opensearch.customHeaders + opensearch.hosts + opensearch.logQueries + opensearch.memoryCircuitBreaker.enabled + opensearch.memoryCircuitBreaker.maxPercentage + opensearch.password + opensearch.pingTimeout + opensearch.requestHeadersWhitelist + opensearch.requestHeadersAllowlist + opensearch_security.multitenancy.enabled + opensearch_security.readonly_mode.roles + opensearch.requestTimeout + opensearch.shardTimeout + opensearch.sniffInterval + opensearch.sniffOnConnectionFault + opensearch.sniffOnStart + opensearch.ssl.alwaysPresentCertificate + opensearch.ssl.certificate + opensearch.ssl.key + opensearch.ssl.keyPassphrase + opensearch.ssl.keystore.path + opensearch.ssl.keystore.password + opensearch.ssl.truststore.path + opensearch.ssl.truststore.password + opensearch.ssl.verificationMode + opensearch.username + i18n.locale + interpreter.enableInVisualize + opensearchDashboards.autocompleteTerminateAfter + opensearchDashboards.autocompleteTimeout + opensearchDashboards.defaultAppId + opensearchDashboards.index + logging.dest + logging.json + logging.quiet + logging.rotate.enabled + logging.rotate.everyBytes + logging.rotate.keepFiles + logging.rotate.pollingInterval + logging.rotate.usePolling + logging.silent + logging.useUTC + logging.verbose + map.includeOpenSearchMapsService + map.proxyOpenSearchMapsServiceInMaps + map.regionmap + map.tilemap.options.attribution + map.tilemap.options.maxZoom + map.tilemap.options.minZoom + map.tilemap.options.subdomains + map.tilemap.url + monitoring.cluster_alerts.email_notifications.email_address + monitoring.enabled + monitoring.opensearchDashboards.collection.enabled + monitoring.opensearchDashboards.collection.interval + monitoring.ui.container.opensearch.enabled + monitoring.ui.container.logstash.enabled + monitoring.ui.opensearch.password + monitoring.ui.opensearch.pingTimeout + monitoring.ui.opensearch.hosts + monitoring.ui.opensearch.username + monitoring.ui.opensearch.logFetchCount + monitoring.ui.opensearch.ssl.certificateAuthorities + monitoring.ui.opensearch.ssl.verificationMode + monitoring.ui.enabled + monitoring.ui.max_bucket_size + monitoring.ui.min_interval_seconds + newsfeed.enabled + ops.interval + path.data + pid.file + regionmap + security.showInsecureClusterWarning + server.rewriteBasePath + server.socketTimeout + server.customResponseHeaders + server.ssl.enabled + server.ssl.key + server.ssl.keyPassphrase + server.ssl.keystore.path + server.ssl.keystore.password + server.ssl.truststore.path + server.ssl.truststore.password + server.ssl.cert + server.ssl.certificate + server.ssl.certificateAuthorities + server.ssl.cipherSuites + server.ssl.clientAuthentication + opensearch.ssl.certificateAuthorities + server.ssl.redirectHttpFromPort + server.ssl.supportedProtocols + server.xsrf.disableProtection + server.xsrf.whitelist + status.allowAnonymous + status.v6ApiFormat + tilemap.options.attribution + tilemap.options.maxZoom + tilemap.options.minZoom + tilemap.options.subdomains + tilemap.url + timeline.enabled + vega.enableExternalUrls + apm_oss.apmAgentConfigurationIndex + apm_oss.indexPattern + apm_oss.errorIndices + apm_oss.onboardingIndices + apm_oss.spanIndices + apm_oss.sourcemapIndices + apm_oss.transactionIndices + apm_oss.metricsIndices + telemetry.allowChangingOptInStatus + telemetry.enabled + telemetry.optIn + telemetry.optInStatusUrl + telemetry.sendUsageFrom + vis_builder.enabled + data_source.enabled + data_source.encryption.wrappingKeyName + data_source.encryption.wrappingKeyNamespace + data_source.encryption.wrappingKey + data_source.audit.enabled + data_source.audit.appender.kind + data_source.audit.appender.path + data_source.audit.appender.layout.kind + data_source.audit.appender.layout.highlight + data_source.audit.appender.layout.pattern + ml_commons_dashboards.enabled + assistant.chat.enabled + observability.query_assist.enabled + uiSettings.overrides.defaultRoute +) + +print() { + echo -e $1 +} + +error_and_exit() { + echo "Error executing command: '$1'." + echo 'Exiting.' + exit 1 +} + +exec_cmd() { + eval $1 > /dev/null 2>&1 || error_and_exit "$1" +} + +exec_cmd_stdout() { + eval $1 2>&1 || error_and_exit "$1" +} + +function runOpensearchDashboards { + touch $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do + env_var=$(echo ${opensearch_dashboards_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + longoptfile="${opensearch_dashboards_var}: ${value}" + if grep -q $opensearch_dashboards_var $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml; then + sed -i "/${opensearch_dashboards_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + else + echo $longoptfile >> $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml + fi + fi + done + + umask 0002 + + /usr/share/wazuh-dashboard/bin/opensearch-dashboards -c $OPENSEARCH_DASHBOARDS_HOME/config/opensearch_dashboards.yml \ + --cpu.cgroup.path.override=/ \ + --cpuacct.cgroup.path.override=/ +} + +mount_files() { + if [ -e $WAZUH_CONFIG_MOUNT/* ] + then + print "Identified Wazuh cdashboard onfiguration files to mount..." + exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $INSTALL_DIR" + else + print "No Wazuh dashboard configuration files to mount..." + fi +} + DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}" DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}" @@ -17,4 +226,14 @@ echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add o /wazuh_app_config.sh $WAZUH_UI_REVISION -/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml \ No newline at end of file +mount_files + +if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then + set -- opensearch-dashboards "$@" +fi + +if [ "$1" = "opensearch-dashboards" ]; then + runOpensearchDashboards "$@" +else + exec "$@" +fi diff --git a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml b/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml deleted file mode 100644 index 68e6c85f1..000000000 --- a/build-docker-images/wazuh-dashboard/config/opensearch_dashboards.yml +++ /dev/null @@ -1,13 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh.indexer:9200 -opensearch.ssl.verificationMode: none -opensearch.requestHeadersWhitelist: [ authorization,securitytenant ] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/config/certs/dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/config/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home - diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index d30b67ff6..e9e759729 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -6,20 +6,10 @@ ARG WAZUH_TAG_REVISION RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y -COPY config/opensearch.yml / - COPY config/config.sh . COPY config/config.yml / -COPY config/action_groups.yml / - -COPY config/internal_users.yml / - -COPY config/roles_mapping.yml / - -COPY config/roles.yml / - RUN bash config.sh ################################################################################ @@ -36,6 +26,15 @@ ENV USER="wazuh-indexer" \ NAME="wazuh-indexer" \ INSTALL_DIR="/usr/share/wazuh-indexer" +# Set $JAVA_HOME +RUN echo "export JAVA_HOME=$INSTALL_DIR/jdk" >> /etc/profile.d/java_home.sh && \ + echo "export PATH=\$PATH:\$JAVA_HOME/bin" >> /etc/profile.d/java_home.sh +ENV JAVA_HOME="$INSTALL_DIR/jdk" +ENV PATH=$PATH:$JAVA_HOME/bin:$INSTALL_DIR/bin + +# Add k-NN lib directory to library loading path variable +ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTALL_DIR/plugins/opensearch-knn/lib" + RUN yum install curl-minimal shadow-utils findutils hostname -y RUN getent group $GROUP || groupadd -r -g 1000 $GROUP diff --git a/build-docker-images/wazuh-indexer/config/action_groups.yml b/build-docker-images/wazuh-indexer/config/action_groups.yml deleted file mode 100644 index 04119c8a2..000000000 --- a/build-docker-images/wazuh-indexer/config/action_groups.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -_meta: - type: "actiongroups" - config_version: 2 - -# ISM API permissions group -manage_ism: - reserved: true - hidden: false - allowed_actions: - - "cluster:admin/opendistro/ism/*" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index 67e66fd77..299251f25 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -53,8 +53,8 @@ tar -xf ${INDEXER_FILE} ## Variables CERT_TOOL=wazuh-certs-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh -PACKAGES_URL=https://packages.wazuh.com/4.9/ -PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.9/ +PACKAGES_URL=https://packages.wazuh.com/5.0/ +PACKAGES_DEV_URL=https://packages-dev.wazuh.com/5.0/ ## Check if the cert tool exists in S3 buckets CERT_TOOL_PACKAGES=$(curl --silent -I $PACKAGES_URL$CERT_TOOL | grep -E "^HTTP" | awk '{print $2}') @@ -117,12 +117,6 @@ cp -pr ${BASE_DIR}/* ${TARGET_DIR}${INSTALLATION_DIR} # Copy the security tools cp /$CERT_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ cp /$PASSWORD_TOOL ${TARGET_DIR}${INSTALLATION_DIR}/plugins/opensearch-security/tools/ -# Copy Wazuh's config files for the security plugin -cp -pr /roles_mapping.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /roles.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /action_groups.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /internal_users.yml ${TARGET_DIR}${INSTALLATION_DIR}/opensearch-security/ -cp -pr /opensearch.yml ${TARGET_DIR}${CONFIG_DIR} # Copy Wazuh indexer's certificates cp -pr /wazuh-certificates/demo.indexer.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer.pem cp -pr /wazuh-certificates/demo.indexer-key.pem ${TARGET_DIR}${CONFIG_DIR}/certs/indexer-key.pem diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 2acb4aa09..60ae01d37 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -7,12 +7,272 @@ umask 0002 export USER=wazuh-indexer export INSTALLATION_DIR=/usr/share/wazuh-indexer export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR} -export JAVA_HOME=${INSTALLATION_DIR}/jdk -export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" +opensearch_vars=( + cluster.name + node.name + node.roles + path.data + path.logs + bootstrap.memory_lock + network.host + http.port + transport.port + network.bind_host + network.publish_host + transport.tcp.port + compatibility.override_main_response_version + http.host + http.bind_host + http.publish_host + http.compression + transport.host + transport.bind_host + transport.publish_host + discovery.seed_hosts + discovery.seed_providers + discovery.type + cluster.initial_cluster_manager_nodes + cluster.initial_master_nodes + node.max_local_storage_nodes + gateway.recover_after_nodes + gateway.recover_after_data_nodes + gateway.expected_data_nodes + gateway.recover_after_time + plugins.security.nodes_dn + plugins.security.nodes_dn_dynamic_config_enabled + plugins.security.authcz.admin_dn + plugins.security.roles_mapping_resolution + plugins.security.dls.mode + plugins.security.compliance.salt + config.dynamic.http.anonymous_auth_enabled + plugins.security.restapi.roles_enabled + plugins.security.restapi.password_validation_regex + plugins.security.restapi.password_validation_error_message + plugins.security.restapi.password_min_length + plugins.security.restapi.password_score_based_validation_strength + plugins.security.unsupported.restapi.allow_securityconfig_modification + plugins.security.authcz.impersonation_dn + plugins.security.authcz.rest_impersonation_user + plugins.security.allow_default_init_securityindex + plugins.security.allow_unsafe_democertificates + plugins.security.system_indices.permission.enabled + plugins.security.config_index_name + plugins.security.cert.oid + plugins.security.cert.intercluster_request_evaluator_class + plugins.security.enable_snapshot_restore_privilege + plugins.security.check_snapshot_restore_write_privileges + plugins.security.cache.ttl_minutes + plugins.security.protected_indices.enabled + plugins.security.protected_indices.roles + plugins.security.protected_indices.indices + plugins.security.system_indices.enabled + plugins.security.system_indices.indices + plugins.security.audit.enable_rest + plugins.security.audit.enable_transport + plugins.security.audit.resolve_bulk_requests + plugins.security.audit.config.disabled_categories + plugins.security.audit.ignore_requests + plugins.security.audit.threadpool.size + plugins.security.audit.threadpool.max_queue_len + plugins.security.audit.ignore_users + plugins.security.audit.type + plugins.security.audit.config.http_endpoints + plugins.security.audit.config.index + plugins.security.audit.config.type + plugins.security.audit.config.username + plugins.security.audit.config.password + plugins.security.audit.config.enable_ssl + plugins.security.audit.config.verify_hostnames + plugins.security.audit.config.enable_ssl_client_auth + plugins.security.audit.config.cert_alias + plugins.security.audit.config.pemkey_filepath + plugins.security.audit.config.pemkey_content + plugins.security.audit.config.pemkey_password + plugins.security.audit.config.pemcert_filepath + plugins.security.audit.config.pemcert_content + plugins.security.audit.config.pemtrustedcas_filepath + plugins.security.audit.config.pemtrustedcas_content + plugins.security.audit.config.webhook.url + plugins.security.audit.config.webhook.format + plugins.security.audit.config.webhook.ssl.verify + plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath + plugins.security.audit.config.webhook.ssl.pemtrustedcas_content + plugins.security.audit.config.log4j.logger_name + plugins.security.audit.config.log4j.level + opendistro_security.audit.config.disabled_rest_categories + opendistro_security.audit.config.disabled_transport_categories + plugins.security.ssl.transport.enforce_hostname_verification + plugins.security.ssl.transport.resolve_hostname + plugins.security.ssl.http.clientauth_mode + plugins.security.ssl.http.enabled_ciphers + plugins.security.ssl.http.enabled_protocols + plugins.security.ssl.transport.enabled_ciphers + plugins.security.ssl.transport.enabled_protocols + plugins.security.ssl.transport.keystore_type + plugins.security.ssl.transport.keystore_filepath + plugins.security.ssl.transport.keystore_alias + plugins.security.ssl.transport.keystore_password + plugins.security.ssl.transport.truststore_type + plugins.security.ssl.transport.truststore_filepath + plugins.security.ssl.transport.truststore_alias + plugins.security.ssl.transport.truststore_password + plugins.security.ssl.http.enabled + plugins.security.ssl.http.keystore_type + plugins.security.ssl.http.keystore_filepath + plugins.security.ssl.http.keystore_alias + plugins.security.ssl.http.keystore_password + plugins.security.ssl.http.truststore_type + plugins.security.ssl.http.truststore_filepath + plugins.security.ssl.http.truststore_alias + plugins.security.ssl.http.truststore_password + plugins.security.ssl.transport.enable_openssl_if_available + plugins.security.ssl.http.enable_openssl_if_available + plugins.security.ssl.transport.pemkey_filepath + plugins.security.ssl.transport.pemkey_password + plugins.security.ssl.transport.pemcert_filepath + plugins.security.ssl.transport.pemtrustedcas_filepath + plugins.security.ssl.http.pemkey_filepath + plugins.security.ssl.http.pemkey_password + plugins.security.ssl.http.pemcert_filepath + plugins.security.ssl.http.pemtrustedcas_filepath + plugins.security.ssl.transport.enabled + plugins.security.ssl.transport.client.pemkey_password + plugins.security.ssl.transport.keystore_keypassword + plugins.security.ssl.transport.server.keystore_keypassword + plugins.sercurity.ssl.transport.server.keystore_alias + plugins.sercurity.ssl.transport.client.keystore_alias + plugins.sercurity.ssl.transport.server.truststore_alias + plugins.sercurity.ssl.transport.client.truststore_alias + plugins.security.ssl.client.external_context_id + plugins.secuirty.ssl.transport.principal_extractor_class + plugins.security.ssl.http.crl.file_path + plugins.security.ssl.http.crl.validate + plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp + plugins.security.ssl.http.crl.check_only_end_entitites + plugins.security.ssl.http.crl.disable_ocsp + plugins.security.ssl.http.crl.disable_crldp + plugins.security.ssl.allow_client_initiated_renegotiation + indices.breaker.total.use_real_memory + indices.breaker.total.limit + indices.breaker.fielddata.limit + indices.breaker.fielddata.overhead + indices.breaker.request.limit + indices.breaker.request.overhead + network.breaker.inflight_requests.limit + network.breaker.inflight_requests.overhead + cluster.routing.allocation.enable + cluster.routing.allocation.node_concurrent_incoming_recoveries + cluster.routing.allocation.node_concurrent_outgoing_recoveries + cluster.routing.allocation.node_concurrent_recoveries + cluster.routing.allocation.node_initial_primaries_recoveries + cluster.routing.allocation.same_shard.host + cluster.routing.rebalance.enable + cluster.routing.allocation.allow_rebalance + cluster.routing.allocation.cluster_concurrent_rebalance + cluster.routing.allocation.balance.shard + cluster.routing.allocation.balance.index + cluster.routing.allocation.balance.threshold + cluster.routing.allocation.balance.prefer_primary + cluster.routing.allocation.disk.threshold_enabled + cluster.routing.allocation.disk.watermark.low + cluster.routing.allocation.disk.watermark.high + cluster.routing.allocation.disk.watermark.flood_stage + cluster.info.update.interval + cluster.routing.allocation.shard_movement_strategy + cluster.blocks.read_only + cluster.blocks.read_only_allow_delete + cluster.max_shards_per_node + cluster.persistent_tasks.allocation.enable + cluster.persistent_tasks.allocation.recheck_interval + cluster.search.request.slowlog.threshold.warn + cluster.search.request.slowlog.threshold.info + cluster.search.request.slowlog.threshold.debug + cluster.search.request.slowlog.threshold.trace + cluster.search.request.slowlog.level + cluster.fault_detection.leader_check.timeout + cluster.fault_detection.follower_check.timeout + action.auto_create_index + action.destructive_requires_name + cluster.default.index.refresh_interval + cluster.minimum.index.refresh_interval + cluster.indices.close.enable + indices.recovery.max_bytes_per_sec + indices.recovery.max_concurrent_file_chunks + indices.recovery.max_concurrent_operations + indices.recovery.max_concurrent_remote_store_streams + indices.time_series_index.default_index_merge_policy + indices.fielddata.cache.size + index.number_of_shards + index.number_of_routing_shards + index.shard.check_on_startup + index.codec + index.codec.compression_level + index.routing_partition_size + index.soft_deletes.retention_lease.period + index.load_fixed_bitset_filters_eagerly + index.hidden + index.merge.policy + index.merge_on_flush.enabled + index.merge_on_flush.max_full_flush_merge_wait_time + index.merge_on_flush.policy + index.check_pending_flush.enabled + index.number_of_replicas + index.auto_expand_replicas + index.search.idle.after + index.refresh_interval + index.max_result_window + index.max_inner_result_window + index.max_rescore_window + index.max_docvalue_fields_search + index.max_script_fields + index.max_ngram_diff + index.max_shingle_diff + index.max_refresh_listeners + index.analyze.max_token_count + index.highlight.max_analyzed_offset + index.max_terms_count + index.max_regex_length + index.query.default_field + index.query.max_nested_depth + index.routing.allocation.enable + index.routing.rebalance.enable + index.gc_deletes + index.default_pipeline + index.final_pipeline + index.optimize_doc_id_lookup.fuzzy_set.enabled + index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability + search.max_buckets + search.phase_took_enabled + search.allow_expensive_queries + search.default_allow_partial_results + search.cancel_after_time_interval + search.default_search_timeout + search.default_keep_alive + search.keep_alive_interval + search.max_keep_alive + search.low_level_cancellation + search.max_open_scroll_context + search.request_stats_enabled + search.highlight.term_vector_multi_value + snapshot.max_concurrent_operations + cluster.remote_store.translog.buffer_interval + remote_store.moving_average_window_size + opensearch.notifications.core.allowed_config_types + opensearch.notifications.core.email.minimum_header_length + opensearch.notifications.core.email.size_limit + opensearch.notifications.core.http.connection_timeout + opensearch.notifications.core.http.host_deny_list + opensearch.notifications.core.http.max_connection_per_route + opensearch.notifications.core.http.max_connections + opensearch.notifications.core.http.socket_timeout + opensearch.notifications.core.tooltip_support + opensearch.notifications.general.filter_by_backend_roles +) + run_as_other_user_if_needed() { if [[ "$(id -u)" == "0" ]]; then # If running as root, drop to specified UID and run command @@ -24,6 +284,37 @@ run_as_other_user_if_needed() { fi } +function buildOpensearchConfig { + echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml + for opensearch_var in ${opensearch_vars[*]}; do + env_var=$(echo ${opensearch_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)" + sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + fi + while : + do + case "$charline" in + "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;; + *) break;; + esac + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + done + longoptfile="${opensearch_var}: ${value}" + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml + else + echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml + fi + fi + done +} + +buildOpensearchConfig + # Allow user specify custom CMD, maybe bin/opensearch itself # for example to directly specify `-E` style parameters for opensearch on k8s # or simply to run /bin/bash to check the image @@ -84,10 +375,4 @@ if [[ "$(id -u)" == "0" ]]; then fi -#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then - # run securityadmin.sh for single node with CACERT, CERT and KEY parameter -# nohup /securityadmin.sh & -# touch "/var/lib/wazuh-indexer/.flag" -#fi - run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD" \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/internal_users.yml b/build-docker-images/wazuh-indexer/config/internal_users.yml deleted file mode 100644 index 40fcb9cda..000000000 --- a/build-docker-images/wazuh-indexer/config/internal_users.yml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: "internalusers" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" - reserved: true - backend_roles: - - "admin" - description: "Demo admin user" - -kibanaserver: - hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." - reserved: true - description: "Demo kibanaserver user" - -kibanaro: - hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" - reserved: false - backend_roles: - - "kibanauser" - - "readall" - attributes: - attribute1: "value1" - attribute2: "value2" - attribute3: "value3" - description: "Demo kibanaro user" - -logstash: - hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" - reserved: false - backend_roles: - - "logstash" - description: "Demo logstash user" - -readall: - hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" - reserved: false - backend_roles: - - "readall" - description: "Demo readall user" - -snapshotrestore: - hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" - reserved: false - backend_roles: - - "snapshotrestore" - description: "Demo snapshotrestore user" - -wazuh_admin: - hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false - -wazuh_user: - hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO" - reserved: true - hidden: false - backend_roles: [] - attributes: {} - opendistro_security_roles: [] - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/opensearch.yml b/build-docker-images/wazuh-indexer/config/opensearch.yml deleted file mode 100644 index 1f0a78b36..000000000 --- a/build-docker-images/wazuh-indexer/config/opensearch.yml +++ /dev/null @@ -1,26 +0,0 @@ -network.host: "0.0.0.0" -node.name: "wazuh.indexer" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -discovery.type: single-node -compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/indexer-key.pem -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=demo.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles.yml b/build-docker-images/wazuh-indexer/config/roles.yml deleted file mode 100644 index f8bc557a8..000000000 --- a/build-docker-images/wazuh-indexer/config/roles.yml +++ /dev/null @@ -1,171 +0,0 @@ -_meta: - type: "roles" - config_version: 2 - -# Restrict users so they can only view visualization and dashboards on kibana -kibana_read_only: - reserved: true - -# The security REST API access role is used to assign specific users access to change the security settings through the REST API. -security_rest_api_access: - reserved: true - -# Allows users to view monitors, destinations and alerts -alerting_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/get' - - 'cluster:admin/opendistro/alerting/destination/get' - - 'cluster:admin/opendistro/alerting/monitor/get' - - 'cluster:admin/opendistro/alerting/monitor/search' - -# Allows users to view and acknowledge alerts -alerting_ack_alerts: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/alerting/alerts/*' - -# Allows users to use all alerting functionality -alerting_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/alerting/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allow users to read Anomaly Detection detectors and results -anomaly_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/ad/detector/info' - - 'cluster:admin/opendistro/ad/detector/search' - - 'cluster:admin/opendistro/ad/detectors/get' - - 'cluster:admin/opendistro/ad/result/search' - - 'cluster:admin/opendistro/ad/tasks/search' - -# Allows users to use all Anomaly Detection functionality -anomaly_full_access: - reserved: true - cluster_permissions: - - 'cluster_monitor' - - 'cluster:admin/opendistro/ad/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices_monitor' - - 'indices:admin/aliases/get' - - 'indices:admin/mappings/get' - -# Allows users to read Notebooks -notebooks_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/list' - - 'cluster:admin/opendistro/notebooks/get' - -# Allows users to all Notebooks functionality -notebooks_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/notebooks/create' - - 'cluster:admin/opendistro/notebooks/update' - - 'cluster:admin/opendistro/notebooks/delete' - - 'cluster:admin/opendistro/notebooks/get' - - 'cluster:admin/opendistro/notebooks/list' - -# Allows users to read and download Reports -reports_instances_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to read and download Reports and Report-definitions -reports_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to all Reports functionality -reports_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/reports/definition/create' - - 'cluster:admin/opendistro/reports/definition/update' - - 'cluster:admin/opendistro/reports/definition/on_demand' - - 'cluster:admin/opendistro/reports/definition/delete' - - 'cluster:admin/opendistro/reports/definition/get' - - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - - 'cluster:admin/opendistro/reports/instance/get' - - 'cluster:admin/opendistro/reports/menu/download' - -# Allows users to use all asynchronous-search functionality -asynchronous_search_full_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/*' - index_permissions: - - index_patterns: - - '*' - allowed_actions: - - 'indices:data/read/search*' - -# Allows users to read stored asynchronous-search results -asynchronous_search_read_access: - reserved: true - cluster_permissions: - - 'cluster:admin/opendistro/asynchronous_search/get' - -wazuh_ui_user: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - tenant_permissions: [] - static: false - -wazuh_ui_admin: - reserved: true - hidden: false - cluster_permissions: [] - index_permissions: - - index_patterns: - - "wazuh-*" - dls: "" - fls: [] - masked_fields: [] - allowed_actions: - - "read" - - "delete" - - "manage" - - "index" - tenant_permissions: [] - static: false - -# ISM API permissions role -manage_ism: - reserved: true - hidden: false - cluster_permissions: - - "manage_ism" - static: false \ No newline at end of file diff --git a/build-docker-images/wazuh-indexer/config/roles_mapping.yml b/build-docker-images/wazuh-indexer/config/roles_mapping.yml deleted file mode 100644 index 7fa57a4db..000000000 --- a/build-docker-images/wazuh-indexer/config/roles_mapping.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -# In this file users, backendroles and hosts can be mapped to Wazuh indexer Security roles. -# Permissions for Wazuh indexer roles are configured in roles.yml - -_meta: - type: "rolesmapping" - config_version: 2 - -# Define your roles mapping here - -## Demo roles mapping - -all_access: - reserved: false - backend_roles: - - "admin" - description: "Maps admin to all_access" - -own_index: - reserved: false - users: - - "*" - description: "Allow full access to an index named like the username" - -logstash: - reserved: false - backend_roles: - - "logstash" - -kibana_user: - reserved: false - backend_roles: - - "kibanauser" - users: - - "wazuh_user" - - "wazuh_admin" - description: "Maps kibanauser to kibana_user" - -readall: - reserved: false - backend_roles: - - "readall" - -manage_snapshots: - reserved: false - backend_roles: - - "snapshotrestore" - -kibana_server: - reserved: true - users: - - "kibanaserver" - -wazuh_ui_admin: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_admin" - - "kibanaserver" - and_backend_roles: [] - -wazuh_ui_user: - reserved: true - hidden: false - backend_roles: [] - hosts: [] - users: - - "wazuh_user" - and_backend_roles: [] - -# ISM API permissions role mapping -manage_ism: - reserved: true - hidden: false - users: - - "kibanaserver" \ No newline at end of file diff --git a/indexer-certs-creator/README.md b/indexer-certs-creator/README.md deleted file mode 100644 index b7dbc565e..000000000 --- a/indexer-certs-creator/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# Certificate creation image build - -The dockerfile hosted in this directory is used to build the image used to boot Wazuh's single node and multi node stacks. - -To create the image, the following command must be executed: - -``` -$ docker build -t wazuh/wazuh-certs-generator:0.0.1 . -``` diff --git a/multi-node/Migration-to-Wazuh-4.4.md b/multi-node/Migration-to-Wazuh-4.4.md index 3ff10a844..817dc961e 100644 --- a/multi-node/Migration-to-Wazuh-4.4.md +++ b/multi-node/Migration-to-Wazuh-4.4.md @@ -354,7 +354,7 @@ docker container run --rm -it \ ``` git checkout 4.4 cd multi-node -docker-compose -f generate-indexer-certs.yml run --rm generator +docker-compose -f generate-certs.yml run --rm generator docker-compose up -d ``` diff --git a/multi-node/README.md b/multi-node/README.md index c1e8b9986..64273eb8c 100644 --- a/multi-node/README.md +++ b/multi-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: diff --git a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index 3a53c3f88..000000000 --- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,12 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh1.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml deleted file mode 100644 index 59cbe9bfa..000000000 --- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh1.indexer -node.name: wazuh1.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml deleted file mode 100644 index 478ed1d0b..000000000 --- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh2.indexer -node.name: wazuh2.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml deleted file mode 100644 index 8caa513dc..000000000 --- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh3.indexer -node.name: wazuh3.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index cdc626012..f45a53593 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.master: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.master restart: always ulimits: @@ -18,15 +18,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - master-wazuh-api-configuration:/var/ossec/api/configuration - master-wazuh-etc:/var/ossec/etc @@ -45,7 +45,7 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.worker: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.worker restart: always ulimits: @@ -56,13 +56,13 @@ services: soft: 655360 hard: 655360 environment: - - INDEXER_URL=https://wazuh1.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key + INDEXER_URL: https://wazuh1.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key volumes: - worker-wazuh-api-configuration:/var/ossec/api/configuration - worker-wazuh-etc:/var/ossec/etc @@ -81,14 +81,9 @@ services: - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf wazuh1.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always - ports: - - "9200:9200" - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" ulimits: memlock: soft: -1 @@ -96,6 +91,38 @@ services: nofile: soft: 65536 hard: 65536 + ports: + - "9200:9200" + environment: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh1.indexer + NODE_NAME: wazuh1.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -103,16 +130,13 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh2.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" ulimits: memlock: soft: -1 @@ -120,21 +144,48 @@ services: nofile: soft: 65536 hard: 65536 + environment: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh2.indexer + NODE_NAME: wazuh2.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem - - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh3.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" ulimits: memlock: soft: -1 @@ -142,35 +193,84 @@ services: nofile: soft: 65536 hard: 65536 + environment: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh3.indexer + NODE_NAME: wazuh3.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem - - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" - - WAZUH_API_URL="https://wazuh.master" - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver + OPENSEARCH_HOSTS: "https://wazuh1.indexer:9200" + WAZUH_API_URL: "https://wazuh.master" + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + SERVER_HOST: "0.0.0.0" + SERVER_PORT: "5601" + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml depends_on: - wazuh1.indexer links: diff --git a/single-node/generate-indexer-certs.yml b/multi-node/generate-certs.yml similarity index 66% rename from single-node/generate-indexer-certs.yml rename to multi-node/generate-certs.yml index 3e0eb6fd7..efcd8d87b 100644 --- a/single-node/generate-indexer-certs.yml +++ b/multi-node/generate-certs.yml @@ -3,8 +3,9 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:5.0.0 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/certs.yml:/config/certs.yml diff --git a/single-node/README.md b/single-node/README.md index efd303c71..ba1be707a 100644 --- a/single-node/README.md +++ b/single-node/README.md @@ -8,7 +8,7 @@ $ sysctl -w vm.max_map_count=262144 ``` 2) Run the certificate creation script: ``` -$ docker-compose -f generate-indexer-certs.yml run --rm generator +$ docker-compose -f generate-certs.yml run --rm generator ``` 3) Start the environment with docker-compose: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 799c027aa..cdef5a42d 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -3,7 +3,7 @@ version: '3.7' services: wazuh.manager: - image: wazuh/wazuh-manager:4.9.0 + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.manager restart: always ulimits: @@ -19,15 +19,15 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + INDEXER_URL: https://wazuh.indexer:9200 + INDEXER_USERNAME: admin + INDEXER_PASSWORD: admin + FILEBEAT_SSL_VERIFICATION_MODE: full + SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem + SSL_CERTIFICATE: /etc/ssl/filebeat.pem + SSL_KEY: /etc/ssl/filebeat.key + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- volumes: - wazuh_api_configuration:/var/ossec/api/configuration - wazuh_etc:/var/ossec/etc @@ -46,13 +46,9 @@ services: - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf wazuh.indexer: - image: wazuh/wazuh-indexer:4.9.0 + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always - ports: - - "9200:9200" - environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" ulimits: memlock: soft: -1 @@ -60,6 +56,37 @@ services: nofile: soft: 65536 hard: 65536 + ports: + - "9200:9200" + environment: + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NODE_NAME: "wazuh.indexer" + CLUSTER_INITIAL_MASTER_NODES: "wazuh.indexer" + CLUSTER_NAME: "wazuh-cluster" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + HTTP_PORT: 9200-9299 + TRANSPORT_TCP_PORT: 9300-9399 + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem @@ -67,31 +94,49 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml wazuh.dashboard: - image: wazuh/wazuh-dashboard:4.9.0 + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 ports: - 443:5601 environment: - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - WAZUH_API_URL=https://wazuh.manager - - DASHBOARD_USERNAME=kibanaserver - - DASHBOARD_PASSWORD=kibanaserver - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + WAZUH_API_URL: https://wazuh.manager + DASHBOARD_USERNAME: kibanaserver + DASHBOARD_PASSWORD: kibanaserver + API_USERNAME: wazuh-wui + API_PASSWORD: MyS3cr37P450r.*- + SERVER_HOST: 0.0.0.0 + SERVER_PORT: 5601 + OPENSEARCH_HOSTS: https://wazuh.indexer:9200 + OPENSEARCH_SSL_VERIFICATIONMODE: certificate + OPENSEARCH_REQUESTHEADERSALLOWLIST: '["securitytenant","Authorization"]' + OPENSEARCH_SECURITY_MULTITENANCY_ENABLED: "false" + SERVER_SSL_ENABLED: "true" + OPENSEARCH_SECURITY_READONLY_MODE_ROLES: '["kibana_read_only"]' + SERVER_SSL_KEY: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + SERVER_SSL_CERTIFICATE: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '["/usr/share/wazuh-dashboard/certs/root-ca.pem"]' + UISETTINGS_OVERRIDES_DEFAULTROUTE: /app/wz-home volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml depends_on: - wazuh.indexer links: diff --git a/multi-node/generate-indexer-certs.yml b/single-node/generate-certs.yml similarity index 52% rename from multi-node/generate-indexer-certs.yml rename to single-node/generate-certs.yml index dbf2b079e..6826ed7d4 100644 --- a/multi-node/generate-indexer-certs.yml +++ b/single-node/generate-certs.yml @@ -3,8 +3,10 @@ version: '3' services: generator: - image: wazuh/wazuh-certs-generator:0.0.2 - hostname: wazuh-certs-generator + image: wazuh/wazuh-cert-tool:5.0.0 + hostname: wazuh-cert-tool + container_name: wazuh-cert-tool volumes: - ./config/wazuh_indexer_ssl_certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml \ No newline at end of file + - ./config/certs.yml:/config/certs.yml +