From 1e343cf274fcf53a0c8bc01e8af6ec89ba34f273 Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Sat, 15 Nov 2025 00:04:22 +0700 Subject: [PATCH 01/12] Modify docker deployments --- .../Procedure_push_docker_images.yml | 1 - .gitignore | 16 +- .../wazuh-dashboard/config/entrypoint.sh | 4 + .../wazuh-indexer/config/entrypoint.sh | 32 ++ .../wazuh-manager/config/config.sh | 12 +- multi-node/README.md | 42 ++- multi-node/config/certs.yml | 24 -- .../config/wazuh_cluster/wazuh_manager.conf | 290 ------------------ .../config/wazuh_cluster/wazuh_worker.conf | 290 ------------------ .../wazuh_dashboard/opensearch_dashboards.yml | 16 - multi-node/config/wazuh_dashboard/wazuh.yml | 7 - .../config/wazuh_indexer/internal_users.yml | 56 ---- .../config/wazuh_indexer/wazuh1.indexer.yml | 37 --- .../config/wazuh_indexer/wazuh2.indexer.yml | 37 --- .../config/wazuh_indexer/wazuh3.indexer.yml | 37 --- multi-node/docker-compose.yml | 141 +++++---- multi-node/generate-indexer-certs.yml | 10 - single-node/README.md | 35 ++- single-node/config/certs.yml | 16 - .../config/wazuh_cluster/entrypoint.sh | 85 ----- .../config/wazuh_cluster/wazuh_manager.conf | 288 ----------------- .../wazuh_dashboard/opensearch_dashboards.yml | 16 - single-node/config/wazuh_dashboard/wazuh.yml | 7 - .../config/wazuh_indexer/internal_users.yml | 56 ---- .../config/wazuh_indexer/wazuh.indexer.yml | 30 -- single-node/docker-compose.yml | 63 ++-- single-node/generate-indexer-certs.yml | 10 - 27 files changed, 234 insertions(+), 1424 deletions(-) delete mode 100644 multi-node/config/certs.yml delete mode 100644 multi-node/config/wazuh_cluster/wazuh_manager.conf delete mode 100644 multi-node/config/wazuh_cluster/wazuh_worker.conf delete mode 100644 multi-node/config/wazuh_dashboard/opensearch_dashboards.yml delete mode 100644 multi-node/config/wazuh_dashboard/wazuh.yml delete mode 100644 multi-node/config/wazuh_indexer/internal_users.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh1.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh2.indexer.yml delete mode 100644 multi-node/config/wazuh_indexer/wazuh3.indexer.yml delete mode 100644 multi-node/generate-indexer-certs.yml delete mode 100755 single-node/config/certs.yml delete mode 100755 single-node/config/wazuh_cluster/entrypoint.sh delete mode 100644 single-node/config/wazuh_cluster/wazuh_manager.conf delete mode 100644 single-node/config/wazuh_dashboard/opensearch_dashboards.yml delete mode 100644 single-node/config/wazuh_dashboard/wazuh.yml delete mode 100644 single-node/config/wazuh_indexer/internal_users.yml delete mode 100644 single-node/config/wazuh_indexer/wazuh.indexer.yml delete mode 100644 single-node/generate-indexer-certs.yml diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 49292201..3ec09905 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -85,7 +85,6 @@ jobs: echo "* id: ${{ inputs.id }}" echo "* image_tag: ${{ inputs.image_tag }}" echo "* docker_reference: ${{ inputs.docker_reference }}" - echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}" echo "* revision: ${{ inputs.revision }}" echo "* dev: ${{ inputs.dev }}" echo "* dev reference: ${{ inputs.reference }}" diff --git a/.gitignore b/.gitignore index 269239fd..9e8e4a05 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,13 @@ -single-node/config/wazuh_indexer_ssl_certs/*.pem -single-node/config/wazuh_indexer_ssl_certs/*.key -multi-node/config/wazuh_indexer_ssl_certs/*.pem -multi-node/config/wazuh_indexer_ssl_certs/*.key *.log build-docker-images/packages_env.txt -build-docker-images/packages_url.txt \ No newline at end of file +build-docker-images/packages_url.txt +single-node/wazuh-certificates +single-node/wazuh-certificates/* +single-node/wazuh-certificates-tool.log +single-node/config.yml +single-node/wazuh-certs-tool.sh +multi-node/wazuh-certificates +multi-node/wazuh-certificates/* +multi-node/wazuh-certificates-tool.log +multi-node/config.yml +multi-node/wazuh-certs-tool.sh \ No newline at end of file diff --git a/build-docker-images/wazuh-dashboard/config/entrypoint.sh b/build-docker-images/wazuh-dashboard/config/entrypoint.sh index b4de1fc7..fbefb543 100644 --- a/build-docker-images/wazuh-dashboard/config/entrypoint.sh +++ b/build-docker-images/wazuh-dashboard/config/entrypoint.sh @@ -26,6 +26,10 @@ echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards opensearch_dashboards_vars=( opensearch.hosts + server.port + server.host + opensearch.username + opensearch.password ) function runOpensearchDashboards { diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 8b2c3834..06bb7fc7 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -11,6 +11,7 @@ # Export OpenSearch Home export OPENSEARCH_HOME=/usr/share/wazuh-indexer export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config +export CONFIG_FILE=${OPENSEARCH_PATH_CONF}/opensearch.yml export PATH=$OPENSEARCH_HOME/bin:$PATH @@ -62,8 +63,39 @@ function runOpensearch { } +function configureOpensearch { +# Update opensearch.yml with NODES_DN if set +if [ -n "$NODES_DN" ]; then + + CLEAN_NODES_DN=$(echo "$NODES_DN" | sed 's/^["'\'']//; s/["'\'']$//; s/""/"/g') + NODES_DN_YAML=$(echo $CLEAN_NODES_DN | tr ';' '\n' | sed 's/^/- "/; s/$/"/') + + awk ' + /^plugins\.security\.nodes_dn:/ {in_block=1; print; next} + in_block && /^[^#[:space:]-]/ {in_block=0} + !in_block || /^plugins\.security\.nodes_dn:/ {next} + {print} + ' "$CONFIG_FILE" > "${CONFIG_FILE}.tmp" + + awk -v repl="$NODES_DN_YAML" ' + /^plugins\.security\.nodes_dn:/ { + print "plugins.security.nodes_dn:"; + print repl; + skip=1; next + } + skip && /^[^#[:space:]-]/ {skip=0} + !skip + ' "${CONFIG_FILE}" > "${CONFIG_FILE}.new" + mv "${CONFIG_FILE}.new" "$CONFIG_FILE" + rm -f "${CONFIG_FILE}.tmp" +fi +} + # Prepend "opensearch" command if no argument was provided or if the first # argument looks like a flag (i.e. starts with a dash). + +configureOpensearch + if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then set -- opensearch "$@" fi diff --git a/build-docker-images/wazuh-manager/config/config.sh b/build-docker-images/wazuh-manager/config/config.sh index d5359904..024ae2b8 100644 --- a/build-docker-images/wazuh-manager/config/config.sh +++ b/build-docker-images/wazuh-manager/config/config.sh @@ -4,18 +4,25 @@ # Variables for certificate generation CERT_TOOL="wazuh-certs-tool.sh" CERT_CONFIG_FILE="config.yml" -CERT_DIR=/var/ossec/etc/certs/ +CERT_DIR=/etc/filebeat/certs download_package() { local url=$1 local package=$2 if curl -fsL "$url" -o "$package"; then + echo $url + cat $package echo "Downloaded $package" return 0 else + echo $url + cat $package echo "Error downloading $package from $url" return 1 fi } +echo "pwd" +pwd +mkdir -p $CERT_DIR # Download the tool to create the certificates echo "Downloading the tool to create the certificates..." download_package "$wazuh_cert_tool" $CERT_TOOL @@ -30,6 +37,9 @@ chmod 700 "$CERT_CONFIG_FILE" # Create the certificates chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A +echo "files in pwd" +ls -la + # Copy Wazuh manager certs cp -pr /wazuh-certificates/wazuh-1.pem ${CERT_DIR}/wazuh-1.pem cp -pr /wazuh-certificates/wazuh-1-key.pem ${CERT_DIR}/wazuh-1-key.pem diff --git a/multi-node/README.md b/multi-node/README.md index 678fa782..9a300fc7 100644 --- a/multi-node/README.md +++ b/multi-node/README.md @@ -6,11 +6,47 @@ This deployment is defined in the `docker-compose.yml` file with two Wazuh manag ``` $ sysctl -w vm.max_map_count=262144 ``` -2) Run the certificate creation script: + +2) Download the certificate creation script and config.yml file: ``` -$ docker compose -f generate-indexer-certs.yml run --rm generator +$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh +$ curl -sO https://packages.wazuh.com/5.0/config.yml ``` -3) Start the environment with docker compose: + +3) Edit the config.yml file with the configuration of the Wazuh components to be deployed +``` +nodes: + # Wazuh indexer server nodes + indexer: + - name: wazuh1.indexer + ip: wazuh1.indexer + - name: wazuh2.indexer + ip: wazuh2.indexer + - name: wazuh3.indexer + ip: wazuh3.indexer + + # Wazuh server nodes + # Use node_type only with more than one Wazuh manager + server: + - name: wazuh.master + ip: wazuh.master + node_type: master + - name: wazuh.worker + ip: wazuh.worker + node_type: worker + + # Wazuh dashboard node + dashboard: + - name: wazuh.dashboard + ip: wazuh.dashboard +``` + +4) Run the certificate creation script: +``` +bash ./wazuh-certs-tool.sh -A +``` + +5) Start the environment with docker compose: - In the foregroud: ``` diff --git a/multi-node/config/certs.yml b/multi-node/config/certs.yml deleted file mode 100644 index 5c3f4f1d..00000000 --- a/multi-node/config/certs.yml +++ /dev/null @@ -1,24 +0,0 @@ -nodes: - # Wazuh indexer server nodes - indexer: - - name: wazuh1.indexer - ip: wazuh1.indexer - - name: wazuh2.indexer - ip: wazuh2.indexer - - name: wazuh3.indexer - ip: wazuh3.indexer - - # Wazuh server nodes - # Use node_type only with more than one Wazuh manager - server: - - name: wazuh.master - ip: wazuh.master - node_type: master - - name: wazuh.worker - ip: wazuh.worker - node_type: worker - - # Wazuh dashboard node - dashboard: - - name: wazuh.dashboard - ip: wazuh.dashboard diff --git a/multi-node/config/wazuh_cluster/wazuh_manager.conf b/multi-node/config/wazuh_cluster/wazuh_manager.conf deleted file mode 100644 index 600b3e88..00000000 --- a/multi-node/config/wazuh_cluster/wazuh_manager.conf +++ /dev/null @@ -1,290 +0,0 @@ - - - 15m - 0 - yes - - - - - plain - - - - secure - 1514 - tcp - 131072 - - - - - no - yes - yes - yes - yes - yes - - - 43200 - - yes - - /var/lib/containerd - /var/lib/docker/overlay2 - - - - - no - 1h - yes - yes - yes - yes - yes - yes - yes - yes - yes - yes - yes - - - - yes - 5m - 10 - - - - - yes - yes - 12h - - - - yes - 5m - 10 - - - - - yes - yes - 60m - - - - yes - - https://wazuh1.indexer:9200 - https://wazuh2.indexer:9200 - https://wazuh3.indexer:9200 - - - - /etc/ssl/root-ca.pem - - /etc/ssl/filebeat.pem - /etc/ssl/filebeat.key - - - - - - no - - - 43200 - - - yes - - - no - - - /etc,/usr/bin,/usr/sbin - /bin,/sbin,/boot - - - /etc/mtab - /etc/hosts.deny - /etc/mail/statistics - /etc/random-seed - /etc/random.seed - /etc/adjtime - /etc/httpd/logs - /etc/utmpx - /etc/wtmpx - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - - .log$|.swp$ - - - /etc/ssl/private.key - - yes - yes - yes - yes - - - 10 - - - 50 - - - - yes - 5m - 10 - - - - - - 127.0.0.1 - ^localhost.localdomain$ - - - - disable-account - disable-account - yes - - - - restart-wazuh - restart-wazuh - - - - firewall-drop - firewall-drop - yes - - - - host-deny - host-deny - yes - - - - route-null - route-null - yes - - - - win_route-null - route-null.exe - yes - - - - netsh - netsh.exe - yes - - - - - - - command - df -P - 360 - - - - full_command - netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - netstat listening ports - 360 - - - - full_command - last -n 20 - 360 - - - - - ruleset/decoders - ruleset/rules - 0215-policy_rules.xml - etc/lists/audit-keys - etc/lists/amazon/aws-eventnames - etc/lists/security-eventchannel - etc/lists/malicious-ioc/malicious-ip - etc/lists/malicious-ioc/malicious-domains - etc/lists/malicious-ioc/malware-hashes - - - etc/decoders - etc/rules - - - - - no - 1515 - no - yes - no - HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH - - no - etc/sslmanager.cert - etc/sslmanager.key - no - - - - wazuh - manager - master - c98b6ha9b6169zc5f67rae55ae4z5647 - 1516 - 0.0.0.0 - - wazuh.master - - no - no - - - - - - - journald - journald - - - - audit - /var/log/audit/audit.log - - - - syslog - /var/ossec/logs/active-responses.log - - - \ No newline at end of file diff --git a/multi-node/config/wazuh_cluster/wazuh_worker.conf b/multi-node/config/wazuh_cluster/wazuh_worker.conf deleted file mode 100644 index b85335cd..00000000 --- a/multi-node/config/wazuh_cluster/wazuh_worker.conf +++ /dev/null @@ -1,290 +0,0 @@ - - - 15m - 0 - yes - - - - - plain - - - - secure - 1514 - tcp - 131072 - - - - - no - yes - yes - yes - yes - yes - - - 43200 - - yes - - /var/lib/containerd - /var/lib/docker/overlay2 - - - - - no - 1h - yes - yes - yes - yes - yes - yes - yes - yes - yes - yes - yes - - - - yes - 5m - 10 - - - - - yes - yes - 12h - - - - yes - 5m - 10 - - - - - yes - yes - 60m - - - - yes - - https://wazuh1.indexer:9200 - https://wazuh2.indexer:9200 - https://wazuh3.indexer:9200 - - - - /etc/ssl/root-ca.pem - - /etc/ssl/filebeat.pem - /etc/ssl/filebeat.key - - - - - - no - - - 43200 - - - yes - - - no - - - /etc,/usr/bin,/usr/sbin - /bin,/sbin,/boot - - - /etc/mtab - /etc/hosts.deny - /etc/mail/statistics - /etc/random-seed - /etc/random.seed - /etc/adjtime - /etc/httpd/logs - /etc/utmpx - /etc/wtmpx - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - - .log$|.swp$ - - - /etc/ssl/private.key - - yes - yes - yes - yes - - - 10 - - - 50 - - - - yes - 5m - 10 - - - - - - 127.0.0.1 - ^localhost.localdomain$ - - - - disable-account - disable-account - yes - - - - restart-wazuh - restart-wazuh - - - - firewall-drop - firewall-drop - yes - - - - host-deny - host-deny - yes - - - - route-null - route-null - yes - - - - win_route-null - route-null.exe - yes - - - - netsh - netsh.exe - yes - - - - - - - command - df -P - 360 - - - - full_command - netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - netstat listening ports - 360 - - - - full_command - last -n 20 - 360 - - - - - ruleset/decoders - ruleset/rules - 0215-policy_rules.xml - etc/lists/audit-keys - etc/lists/amazon/aws-eventnames - etc/lists/security-eventchannel - etc/lists/malicious-ioc/malicious-ip - etc/lists/malicious-ioc/malicious-domains - etc/lists/malicious-ioc/malware-hashes - - - etc/decoders - etc/rules - - - - - no - 1515 - no - yes - no - HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH - - no - etc/sslmanager.cert - etc/sslmanager.key - no - - - - wazuh - worker01 - worker - c98b6ha9b6169zc5f67rae55ae4z5647 - 1516 - 0.0.0.0 - - wazuh.master - - no - no - - - - - - - journald - journald - - - - audit - /var/log/audit/audit.log - - - - syslog - /var/ossec/logs/active-responses.log - - - \ No newline at end of file diff --git a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index b59c48c1..00000000 --- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,16 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh1.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home -# Session expiration settings -opensearch_security.cookie.ttl: 900000 -opensearch_security.session.ttl: 900000 -opensearch_security.session.keepalive: true diff --git a/multi-node/config/wazuh_dashboard/wazuh.yml b/multi-node/config/wazuh_dashboard/wazuh.yml deleted file mode 100644 index 59a44de1..00000000 --- a/multi-node/config/wazuh_dashboard/wazuh.yml +++ /dev/null @@ -1,7 +0,0 @@ -hosts: - - 1513629884013: - url: "https://wazuh.master" - port: 55000 - username: wazuh-wui - password: "MyS3cr37P450r.*-" - run_as: false diff --git a/multi-node/config/wazuh_indexer/internal_users.yml b/multi-node/config/wazuh_indexer/internal_users.yml deleted file mode 100644 index d9f05b34..00000000 --- a/multi-node/config/wazuh_indexer/internal_users.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: "internalusers" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO" - reserved: true - backend_roles: - - "admin" - description: "Demo admin user" - -kibanaserver: - hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." - reserved: true - description: "Demo kibanaserver user" - -kibanaro: - hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" - reserved: false - backend_roles: - - "kibanauser" - - "readall" - attributes: - attribute1: "value1" - attribute2: "value2" - attribute3: "value3" - description: "Demo kibanaro user" - -logstash: - hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" - reserved: false - backend_roles: - - "logstash" - description: "Demo logstash user" - -readall: - hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" - reserved: false - backend_roles: - - "readall" - description: "Demo readall user" - -snapshotrestore: - hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" - reserved: false - backend_roles: - - "snapshotrestore" - description: "Demo snapshotrestore user" diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml deleted file mode 100644 index 81fadff6..00000000 --- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml +++ /dev/null @@ -1,37 +0,0 @@ -network.host: wazuh1.indexer -node.name: wazuh1.indexer -cluster.initial_cluster_manager_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml deleted file mode 100644 index 47427bd9..00000000 --- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml +++ /dev/null @@ -1,37 +0,0 @@ -network.host: wazuh2.indexer -node.name: wazuh2.indexer -cluster.initial_cluster_manager_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml deleted file mode 100644 index 0efb8308..00000000 --- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml +++ /dev/null @@ -1,37 +0,0 @@ -network.host: wazuh3.indexer -node.name: wazuh3.indexer -cluster.initial_cluster_manager_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index ddf9c9ed..f080a5c8 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) services: wazuh.master: - image: wazuh/wazuh-manager:5.0.0 + image: wazuh/wazuh-manager:main hostname: wazuh.master restart: always ulimits: @@ -16,13 +16,12 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh1.indexer:9200 + - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200 + - WAZUH_NODE_NAME=wazuh.master + - WAZUH_NODE_TYPE=master + - WAZUH_CLUSTER_NODES=wazuh.master,wazuh.worker - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key + - INDEXER_PASSWORD=admin - API_USERNAME=wazuh-wui - API_PASSWORD=MyS3cr37P450r.*- volumes: @@ -33,15 +32,11 @@ services: - master-wazuh-var-multigroups:/var/ossec/var/multigroups - master-wazuh-active-response:/var/ossec/active-response/bin - master-wazuh-wodles:/var/ossec/wodles - - master-filebeat-etc:/etc/filebeat - - master-filebeat-var:/var/lib/filebeat - - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.master.pem:/etc/ssl/filebeat.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.master-key.pem:/etc/ssl/filebeat.key - - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf - + - ./wazuh-certificates/root-ca.pem:/etc/ssl/root-ca.pem + - ./wazuh-certificates/wazuh.master.pem:/etc/ssl/filebeat.pem + - ./wazuh-certificates/wazuh.master-key.pem:/etc/ssl/filebeat.key wazuh.worker: - image: wazuh/wazuh-manager:5.0.0 + image: wazuh/wazuh-manager:main hostname: wazuh.worker restart: always ulimits: @@ -52,13 +47,14 @@ services: soft: 655360 hard: 655360 environment: - - INDEXER_URL=https://wazuh1.indexer:9200 + - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200 + - WAZUH_NODE_NAME=wazuh.worker + - WAZUH_NODE_TYPE=worker + - WAZUH_CLUSTER_NODES=wazuh.master,wazuh.worker - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key + - INDEXER_PASSWORD=admin + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- volumes: - worker-wazuh-api-configuration:/var/ossec/api/configuration - worker-wazuh-etc:/var/ossec/etc @@ -67,22 +63,26 @@ services: - worker-wazuh-var-multigroups:/var/ossec/var/multigroups - worker-wazuh-active-response:/var/ossec/active-response/bin - worker-wazuh-wodles:/var/ossec/wodles - - worker-filebeat-etc:/etc/filebeat - - worker-filebeat-var:/var/lib/filebeat - - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.worker.pem:/etc/ssl/filebeat.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.worker-key.pem:/etc/ssl/filebeat.key - - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf + - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem + - ./wazuh-certificates/wazuh.worker.pem:/etc/filebeat/certs/filebeat.pem + - ./wazuh-certificates/wazuh.worker-key.pem:/etc/filebeat/certs/filebeat-key.pem wazuh1.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:main hostname: wazuh1.indexer restart: always ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g + - bootstrap.memory_lock=true + - network.host=wazuh1.indexer + - node.name=wazuh1.indexer + - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer + - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer + - node.max_local_storage_nodes=3 + - plugins.security.allow_default_init_securityindex=true + - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US ulimits: memlock: soft: -1 @@ -92,21 +92,26 @@ services: hard: 65536 volumes: - wazuh-indexer-data-1:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem - - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem - - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml + - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./wazuh-certificates/wazuh1.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem + - ./wazuh-certificates/wazuh1.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem + - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem + - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem wazuh2.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:main hostname: wazuh2.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g + - bootstrap.memory_lock=true + - network.host=wazuh2.indexer + - node.name=wazuh2.indexer + - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer + - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer + - node.max_local_storage_nodes=3 + - plugins.security.allow_default_init_securityindex=true + - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US ulimits: memlock: soft: -1 @@ -116,19 +121,24 @@ services: hard: 65536 volumes: - wazuh-indexer-data-2:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh2.indexer.pem - - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml + - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./wazuh-certificates/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem + - ./wazuh-certificates/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem wazuh3.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:main hostname: wazuh3.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g + - bootstrap.memory_lock=true + - network.host=wazuh3.indexer + - node.name=wazuh3.indexer + - cluster.initial_cluster_manager_nodes=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer + - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer + - node.max_local_storage_nodes=3 + - plugins.security.allow_default_init_securityindex=true + - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US ulimits: memlock: soft: -1 @@ -138,35 +148,36 @@ services: hard: 65536 volumes: - wazuh-indexer-data-3:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh3.indexer.pem - - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml + - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./wazuh-certificates/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem + - ./wazuh-certificates/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem wazuh.dashboard: - image: wazuh/wazuh-dashboard:5.0.0 + image: wazuh/wazuh-dashboard:main hostname: wazuh.dashboard restart: always ports: - 443:5601 environment: - - OPENSEARCH_HOSTS="https://wazuh1.indexer:9200" - - WAZUH_API_URL="https://wazuh.master" - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- + - SERVER_PORT=5601 + - SERVER_HOST=0.0.0.0 + - OPENSEARCH_HOSTS=["https://wazuh1.indexer:9200","https://wazuh2.indexer:9200","https://wazuh3.indexer:9200"] + - INDEXER_USERNAME=admin + - INDEXER_PASSWORD=admin + - WAZUH_API_URL=https://wazuh.master - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver + - API_USERNAME=wazuh-wui + - API_PASSWORD=MyS3cr37P450r.*- volumes: - - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard.pem + - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/wazuh-dashboard-key.pem + - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: - wazuh1.indexer + - wazuh.master links: - wazuh1.indexer:wazuh1.indexer - wazuh.master:wazuh.master @@ -196,8 +207,6 @@ volumes: master-wazuh-var-multigroups: master-wazuh-active-response: master-wazuh-wodles: - master-filebeat-etc: - master-filebeat-var: worker-wazuh-api-configuration: worker-wazuh-etc: worker-wazuh-logs: @@ -205,8 +214,6 @@ volumes: worker-wazuh-var-multigroups: worker-wazuh-active-response: worker-wazuh-wodles: - worker-filebeat-etc: - worker-filebeat-var: wazuh-indexer-data-1: wazuh-indexer-data-2: wazuh-indexer-data-3: diff --git a/multi-node/generate-indexer-certs.yml b/multi-node/generate-indexer-certs.yml deleted file mode 100644 index 88927593..00000000 --- a/multi-node/generate-indexer-certs.yml +++ /dev/null @@ -1,10 +0,0 @@ -# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) -services: - generator: - image: wazuh/wazuh-certs-generator:0.0.3 - hostname: wazuh-certs-generator - environment: - - CERT_TOOL_VERSION=4.14 - volumes: - - ./config/wazuh_indexer_ssl_certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml \ No newline at end of file diff --git a/single-node/README.md b/single-node/README.md index 1a93b6c9..fbded2be 100644 --- a/single-node/README.md +++ b/single-node/README.md @@ -6,16 +6,45 @@ This deployment is defined in the `docker-compose.yml` file with one Wazuh manag ``` $ sysctl -w vm.max_map_count=262144 ``` -2) Run the certificate creation script: + +2) Download the certificate creation script and config.yml file: ``` -$ docker compose -f generate-indexer-certs.yml run --rm generator +$ curl -sO https://packages.wazuh.com/5.0/wazuh-certs-tool.sh +$ curl -sO https://packages.wazuh.com/5.0/config.yml ``` -3) Start the environment with docker compose: + +3) Edit the config.yml file with the configuration of the Wazuh components to be deployed +``` +nodes: + # Wazuh indexer server nodes + indexer: + - name: wazuh.indexer + ip: wazuh.indexer + + # Wazuh server nodes + # Use node_type only with more than one Wazuh manager + server: + - name: wazuh.manager + ip: wazuh.manager + + # Wazuh dashboard node + dashboard: + - name: wazuh.dashboard + ip: wazuh.dashboard +``` + +4) Run the certificate creation script: +``` +bash ./wazuh-certs-tool.sh -A +``` + +5) Start the environment with docker compose: - In the foregroud: ``` $ docker compose up ``` + - In the background: ``` $ docker compose up -d diff --git a/single-node/config/certs.yml b/single-node/config/certs.yml deleted file mode 100755 index c3e017be..00000000 --- a/single-node/config/certs.yml +++ /dev/null @@ -1,16 +0,0 @@ -nodes: - # Wazuh indexer server nodes - indexer: - - name: wazuh.indexer - ip: wazuh.indexer - - # Wazuh server nodes - # Use node_type only with more than one Wazuh manager - server: - - name: wazuh.manager - ip: wazuh.manager - - # Wazuh dashboard node - dashboard: - - name: wazuh.dashboard - ip: wazuh.dashboard diff --git a/single-node/config/wazuh_cluster/entrypoint.sh b/single-node/config/wazuh_cluster/entrypoint.sh deleted file mode 100755 index 51f53312..00000000 --- a/single-node/config/wazuh_cluster/entrypoint.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash -set -xe - -OSSEC_CONF="ossec.conf" - -# -------------------------- -# Defaults based on OSSEC_CONF -# -------------------------- -if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then - WAZUH_CLUSTER_KEY=$(sed -n '//,/<\/cluster>/s/.*\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1) -fi - -if [[ -z "$WAZUH_CLUSTER_PORT" ]]; then - WAZUH_CLUSTER_PORT=$(sed -n '//,/<\/cluster>/s/.*\(.*\)<\/port>.*/\1/p' "$OSSEC_CONF" | head -n1) -fi - -# Node type logic -if [[ -z "$WAZUH_NODE_TYPE" ]]; then - if [[ "$HOSTNAME" == "manager" || "$HOSTNAME" == "aio_node" ]]; then - WAZUH_NODE_TYPE="master" - else - WAZUH_NODE_TYPE="worker" - fi -fi - -# Default node name → HOSTNAME if not defined -WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}" - -# -------------------------- -# Replace Indexer Hosts -# -------------------------- -if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then - TMP_HOSTS=$(mktemp) - { - echo " " - for NODE in $WAZUH_INDEXER_HOSTS; do - IP="${NODE%:*}" - PORT="${NODE#*:}" - echo " https://$IP:$PORT" - done - echo " " - } > "$TMP_HOSTS"; - sed -i -e '//,/<\/indexer>/{ //,/<\/hosts>/{ //r '"$TMP_HOSTS" \ - -e 'd }}' "$OSSEC_CONF"; - rm -f "$TMP_HOSTS"; -fi - -# -------------------------- -# Cluster: node_name -# -------------------------- -sed -i "//,/<\/cluster>/ s|.*|$WAZUH_NODE_NAME|" "$OSSEC_CONF" - -# -------------------------- -# Cluster: node_type -# -------------------------- -sed -i "//,/<\/cluster>/ s|.*|$WAZUH_NODE_TYPE|" "$OSSEC_CONF" - -# -------------------------- -# Cluster: key -# -------------------------- -sed -i "//,/<\/cluster>/ s|.*|$WAZUH_CLUSTER_KEY|" "$OSSEC_CONF" - -# -------------------------- -# Cluster: port -# -------------------------- -sed -i "//,/<\/cluster>/ s|.*|$WAZUH_CLUSTER_PORT|" "$OSSEC_CONF" - -# -------------------------- -# Cluster: nodes list -# -------------------------- -if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then - TMP_NODES=$(mktemp) - { - echo " " - for N in $WAZUH_CLUSTER_NODES; do - echo " $N" - done - echo " " - } > "$TMP_NODES"; - sed -i -e '//,/<\/cluster>/{ //,/<\/nodes>/{ //r '"$TMP_NODES" \ - -e 'd }}' "$OSSEC_CONF"; - rm -f "$TMP_NODES"; -fi - -echo "Wazuh manager config modified successfully." diff --git a/single-node/config/wazuh_cluster/wazuh_manager.conf b/single-node/config/wazuh_cluster/wazuh_manager.conf deleted file mode 100644 index 4f00c24d..00000000 --- a/single-node/config/wazuh_cluster/wazuh_manager.conf +++ /dev/null @@ -1,288 +0,0 @@ - - - 15m - 0 - yes - - - - - plain - - - - secure - 1514 - tcp - 131072 - - - - - no - yes - yes - yes - yes - yes - - - 43200 - - yes - - /var/lib/containerd - /var/lib/docker/overlay2 - - - - - no - 1h - yes - yes - yes - yes - yes - yes - yes - yes - yes - yes - yes - - - - yes - 5m - 10 - - - - - yes - yes - 12h - - - - yes - 5m - 10 - - - - - yes - yes - 60m - - - - yes - - https://wazuh.indexer:9200 - - - - /etc/ssl/root-ca.pem - - /etc/ssl/filebeat.pem - /etc/ssl/filebeat.key - - - - - - no - - - 43200 - - - yes - - - no - - - /etc,/usr/bin,/usr/sbin - /bin,/sbin,/boot - - - /etc/mtab - /etc/hosts.deny - /etc/mail/statistics - /etc/random-seed - /etc/random.seed - /etc/adjtime - /etc/httpd/logs - /etc/utmpx - /etc/wtmpx - /etc/cups/certs - /etc/dumpdates - /etc/svc/volatile - - - .log$|.swp$ - - - /etc/ssl/private.key - - yes - yes - yes - yes - - - 10 - - - 50 - - - - yes - 5m - 10 - - - - - - 127.0.0.1 - ^localhost.localdomain$ - - - - disable-account - disable-account - yes - - - - restart-wazuh - restart-wazuh - - - - firewall-drop - firewall-drop - yes - - - - host-deny - host-deny - yes - - - - route-null - route-null - yes - - - - win_route-null - route-null.exe - yes - - - - netsh - netsh.exe - yes - - - - - - - command - df -P - 360 - - - - full_command - netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d - netstat listening ports - 360 - - - - full_command - last -n 20 - 360 - - - - - ruleset/decoders - ruleset/rules - 0215-policy_rules.xml - etc/lists/audit-keys - etc/lists/amazon/aws-eventnames - etc/lists/security-eventchannel - etc/lists/malicious-ioc/malicious-ip - etc/lists/malicious-ioc/malicious-domains - etc/lists/malicious-ioc/malware-hashes - - - etc/decoders - etc/rules - - - - - no - 1515 - no - yes - no - HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH - - no - etc/sslmanager.cert - etc/sslmanager.key - no - - - - wazuh - node01 - master - aa093264ef885029653eea20dfcf51ae - 1516 - 0.0.0.0 - - wazuh.manager - - no - yes - - - - - - - journald - journald - - - - audit - /var/log/audit/audit.log - - - - syslog - /var/ossec/logs/active-responses.log - - - \ No newline at end of file diff --git a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index 07c81abf..00000000 --- a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,16 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home -# Session expiration settings -opensearch_security.cookie.ttl: 900000 -opensearch_security.session.ttl: 900000 -opensearch_security.session.keepalive: true diff --git a/single-node/config/wazuh_dashboard/wazuh.yml b/single-node/config/wazuh_dashboard/wazuh.yml deleted file mode 100644 index ef429153..00000000 --- a/single-node/config/wazuh_dashboard/wazuh.yml +++ /dev/null @@ -1,7 +0,0 @@ -hosts: - - 1513629884013: - url: "https://wazuh.manager" - port: 55000 - username: wazuh-wui - password: "MyS3cr37P450r.*-" - run_as: false diff --git a/single-node/config/wazuh_indexer/internal_users.yml b/single-node/config/wazuh_indexer/internal_users.yml deleted file mode 100644 index d9f05b34..00000000 --- a/single-node/config/wazuh_indexer/internal_users.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# This is the internal user database -# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh - -_meta: - type: "internalusers" - config_version: 2 - -# Define your internal users here - -## Demo users - -admin: - hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO" - reserved: true - backend_roles: - - "admin" - description: "Demo admin user" - -kibanaserver: - hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." - reserved: true - description: "Demo kibanaserver user" - -kibanaro: - hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" - reserved: false - backend_roles: - - "kibanauser" - - "readall" - attributes: - attribute1: "value1" - attribute2: "value2" - attribute3: "value3" - description: "Demo kibanaro user" - -logstash: - hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" - reserved: false - backend_roles: - - "logstash" - description: "Demo logstash user" - -readall: - hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" - reserved: false - backend_roles: - - "readall" - description: "Demo readall user" - -snapshotrestore: - hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" - reserved: false - backend_roles: - - "snapshotrestore" - description: "Demo snapshotrestore user" diff --git a/single-node/config/wazuh_indexer/wazuh.indexer.yml b/single-node/config/wazuh_indexer/wazuh.indexer.yml deleted file mode 100644 index 3fc295a4..00000000 --- a/single-node/config/wazuh_indexer/wazuh.indexer.yml +++ /dev/null @@ -1,30 +0,0 @@ -network.host: "0.0.0.0" -node.name: "wazuh.indexer" -cluster.name: "wazuh-cluster" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -discovery.type: single-node -http.port: 9200-9299 -transport.tcp.port: 9300-9399 -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false \ No newline at end of file diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 365ab29b..14faabb2 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) services: wazuh.manager: - image: wazuh/wazuh-manager:5.0.0 + image: wazuh/wazuh-manager:main hostname: wazuh.manager restart: always ulimits: @@ -17,13 +17,11 @@ services: - "514:514/udp" - "55000:55000" environment: - - INDEXER_URL=https://wazuh.indexer:9200 + - WAZUH_INDEXER_HOSTS=wazuh.indexer:9200 + - WAZUH_NODE_NAME=wazuh.manager + - WAZUH_CLUSTER_NODES=wazuh.manager - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key + - INDEXER_PASSWORD=admin - API_USERNAME=wazuh-wui - API_PASSWORD=MyS3cr37P450r.*- volumes: @@ -34,21 +32,25 @@ services: - wazuh_var_multigroups:/var/ossec/var/multigroups - wazuh_active_response:/var/ossec/active-response/bin - wazuh_wodles:/var/ossec/wodles - - filebeat_etc:/etc/filebeat - - filebeat_var:/var/lib/filebeat - - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf + - ./wazuh-certificates/root-ca.pem:/etc/filebeat/certs/root-ca.pem + - ./wazuh-certificates/wazuh.manager.pem:/etc/filebeat/certs/filebeat.pem + - ./wazuh-certificates/wazuh.manager-key.pem:/etc/filebeat/certs/filebeat-key.pem wazuh.indexer: - image: wazuh/wazuh-indexer:5.0.0 + image: wazuh/wazuh-indexer:main hostname: wazuh.indexer restart: always ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g + - bootstrap.memory_lock=true + - network.host=wazuh.indexer + - node.name=wazuh.indexer + - cluster.initial_cluster_manager_nodes=wazuh.indexer + - node.max_local_storage_nodes=1 + - plugins.security.allow_default_init_securityindex=true + - NODES_DN=CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US ulimits: memlock: soft: -1 @@ -58,34 +60,33 @@ services: hard: 65536 volumes: - wazuh-indexer-data:/var/lib/wazuh-indexer - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.key - - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem - - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem - - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/config/opensearch.yml - - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml + - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem + - ./wazuh-certificates/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/indexer-key.pem + - ./wazuh-certificates/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem + - ./wazuh-certificates/admin.pem:/usr/share/wazuh-indexer/config/certs/admin.pem + - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem wazuh.dashboard: - image: wazuh/wazuh-dashboard:5.0.0 + image: wazuh/wazuh-dashboard:main hostname: wazuh.dashboard restart: always ports: - 443:5601 environment: + - SERVER_PORT=5601 + - SERVER_HOST=0.0.0.0 + - OPENSEARCH_HOSTS=https://wazuh.indexer:9200 - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=SecretPassword + - INDEXER_PASSWORD=admin - WAZUH_API_URL=https://wazuh.manager - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver - API_USERNAME=wazuh-wui - API_PASSWORD=MyS3cr37P450r.*- volumes: - - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml + - ./wazuh-certificates/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/config/certs/dashboard.pem + - ./wazuh-certificates/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/config/certs/dashboard-key.pem + - ./wazuh-certificates/root-ca.pem:/usr/share/wazuh-dashboard/config/certs/root-ca.pem - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom depends_on: @@ -102,8 +103,6 @@ volumes: wazuh_var_multigroups: wazuh_active_response: wazuh_wodles: - filebeat_etc: - filebeat_var: wazuh-indexer-data: wazuh-dashboard-config: - wazuh-dashboard-custom: + wazuh-dashboard-custom: \ No newline at end of file diff --git a/single-node/generate-indexer-certs.yml b/single-node/generate-indexer-certs.yml deleted file mode 100644 index a941280f..00000000 --- a/single-node/generate-indexer-certs.yml +++ /dev/null @@ -1,10 +0,0 @@ -# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) -services: - generator: - image: wazuh/wazuh-certs-generator:0.0.3 - hostname: wazuh-certs-generator - environment: - - CERT_TOOL_VERSION=4.14 - volumes: - - ./config/wazuh_indexer_ssl_certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml From fb6de67a94aadbab253969ecccc3bb2397d544e7 Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Sat, 15 Nov 2025 00:13:49 +0700 Subject: [PATCH 02/12] Delete Filebeat DN --- multi-node/docker-compose.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index f080a5c8..9a76bb7b 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -82,7 +82,7 @@ services: - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer - node.max_local_storage_nodes=3 - plugins.security.allow_default_init_securityindex=true - - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US + - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US ulimits: memlock: soft: -1 @@ -111,7 +111,7 @@ services: - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer - node.max_local_storage_nodes=3 - plugins.security.allow_default_init_securityindex=true - - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US + - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US ulimits: memlock: soft: -1 @@ -138,7 +138,7 @@ services: - discovery.seed_hosts=wazuh1.indexer,wazuh2.indexer,wazuh3.indexer - node.max_local_storage_nodes=3 - plugins.security.allow_default_init_securityindex=true - - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US + - NODES_DN=CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US;CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US ulimits: memlock: soft: -1 From 1c6c1be20a59e7366dca089dcea014ce60343e9b Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Sat, 15 Nov 2025 00:18:57 +0700 Subject: [PATCH 03/12] Add newline --- single-node/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 14faabb2..454d900b 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -105,4 +105,4 @@ volumes: wazuh_wodles: wazuh-indexer-data: wazuh-dashboard-config: - wazuh-dashboard-custom: \ No newline at end of file + wazuh-dashboard-custom: From 0fa0b3186af527cebdff61292bd054afa35f7906 Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Sat, 15 Nov 2025 00:33:26 +0700 Subject: [PATCH 04/12] Add Changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 68f2b745..60236333 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file. ### Changed +- Configure deployment with environment variables ([#2081](https://github.com/wazuh/wazuh-puppet/issues/2081)) - Modify Wazuh components install method ([#2058](https://github.com/wazuh/wazuh-puppet/issues/2058)) - Image builder Workflow Rebuild ([#2054](https://github.com/wazuh/wazuh-puppet/issues/2054)) - Wazuh server clean-up ([#2030](https://github.com/wazuh/wazuh-puppet/issues/2030)) From 1ceb1734e84c7d8116a0c8f7ffdd95c03cb4714f Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Sat, 15 Nov 2025 01:16:01 +0700 Subject: [PATCH 05/12] Modify cluster configuration --- .../wazuh-manager/config/etc/cont-init.d/0-wazuh-init | 5 +++++ multi-node/docker-compose.yml | 10 ++++++---- single-node/docker-compose.yml | 2 +- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init index a91d6b1e..a34ef3d1 100644 --- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init +++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init @@ -204,6 +204,11 @@ sed -i "//,/<\/cluster>/ s|.*|$WAZUH_ # -------------------------- sed -i "//,/<\/cluster>/ s|.*|$WAZUH_CLUSTER_KEY|" "$OSSEC_CONF" +# -------------------------- +# Cluster: bind_addr +# -------------------------- +sed -i "//,/<\/cluster>/ s|.*|$WAZUH_CLUSTER_BIND_ADDR|" "$OSSEC_CONF" + # -------------------------- # Cluster: nodes list # -------------------------- diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 9a76bb7b..7123d62a 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -17,9 +17,10 @@ services: - "55000:55000" environment: - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200 - - WAZUH_NODE_NAME=wazuh.master + - WAZUH_NODE_NAME=master - WAZUH_NODE_TYPE=master - - WAZUH_CLUSTER_NODES=wazuh.master,wazuh.worker + - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0 + - WAZUH_CLUSTER_NODES=wazuh.master - INDEXER_USERNAME=admin - INDEXER_PASSWORD=admin - API_USERNAME=wazuh-wui @@ -48,9 +49,10 @@ services: hard: 655360 environment: - WAZUH_INDEXER_HOSTS=wazuh1.indexer:9200,wazuh2.indexer:9200,wazuh3.indexer:9200 - - WAZUH_NODE_NAME=wazuh.worker + - WAZUH_NODE_NAME=worker01 - WAZUH_NODE_TYPE=worker - - WAZUH_CLUSTER_NODES=wazuh.master,wazuh.worker + - WAZUH_CLUSTER_BIND_ADDR=0.0.0.0 + - WAZUH_CLUSTER_NODES=wazuh.master - INDEXER_USERNAME=admin - INDEXER_PASSWORD=admin - API_USERNAME=wazuh-wui diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 454d900b..d5bf48c5 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -18,7 +18,7 @@ services: - "55000:55000" environment: - WAZUH_INDEXER_HOSTS=wazuh.indexer:9200 - - WAZUH_NODE_NAME=wazuh.manager + - WAZUH_NODE_NAME=manager - WAZUH_CLUSTER_NODES=wazuh.manager - INDEXER_USERNAME=admin - INDEXER_PASSWORD=admin From 8c0b724bd352559f14b3a2f04a10b284a202e8dc Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Sat, 15 Nov 2025 02:02:58 +0700 Subject: [PATCH 06/12] Delete url echo --- build-docker-images/wazuh-manager/config/config.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/build-docker-images/wazuh-manager/config/config.sh b/build-docker-images/wazuh-manager/config/config.sh index 024ae2b8..f71f4815 100644 --- a/build-docker-images/wazuh-manager/config/config.sh +++ b/build-docker-images/wazuh-manager/config/config.sh @@ -9,19 +9,13 @@ download_package() { local url=$1 local package=$2 if curl -fsL "$url" -o "$package"; then - echo $url - cat $package echo "Downloaded $package" return 0 else - echo $url - cat $package echo "Error downloading $package from $url" return 1 fi } -echo "pwd" -pwd mkdir -p $CERT_DIR # Download the tool to create the certificates echo "Downloading the tool to create the certificates..." From 819595a25f2f2c88501442eff1563efe4aa99634 Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Sat, 15 Nov 2025 02:03:33 +0700 Subject: [PATCH 07/12] Delete url echo --- build-docker-images/wazuh-manager/config/config.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/build-docker-images/wazuh-manager/config/config.sh b/build-docker-images/wazuh-manager/config/config.sh index f71f4815..8cf0553e 100644 --- a/build-docker-images/wazuh-manager/config/config.sh +++ b/build-docker-images/wazuh-manager/config/config.sh @@ -31,9 +31,6 @@ chmod 700 "$CERT_CONFIG_FILE" # Create the certificates chmod 755 "$CERT_TOOL" && bash "$CERT_TOOL" -A -echo "files in pwd" -ls -la - # Copy Wazuh manager certs cp -pr /wazuh-certificates/wazuh-1.pem ${CERT_DIR}/wazuh-1.pem cp -pr /wazuh-certificates/wazuh-1-key.pem ${CERT_DIR}/wazuh-1-key.pem From 6e3a11a01c941223fbc779fa65f077ddd83bc8e3 Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Wed, 19 Nov 2025 00:10:29 +0700 Subject: [PATCH 08/12] Change variable name --- .github/workflows/Procedure_push_docker_images.yml | 4 ++-- build-docker-images/build-images.sh | 14 +++++++------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 3ec09905..23be8050 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -122,10 +122,10 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Create packages_url.txt file + - name: Create artifact_urls.yml file if : ${{ inputs.dev == true }} run: | - cat << EOF > packages_url.txt + cat << EOF > artifact_urls.yml wazuh_manager_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)" wazuh_manager_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)" wazuh_manager_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)" diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index 95b23ebd..ad7668da 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -43,22 +43,22 @@ build() { WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}" # Variables - FILE="packages_url.txt" + ARTIFACT_URLS_FILE="artifact_urls.txt" - if [[ -f "$FILE" ]]; then - echo "$FILE exists. Using existing file." + if [[ -f "$ARTIFACT_URLS_FILE" ]]; then + echo "$ARTIFACT_URLS_FILE exists. Using existing file." else TAG="v${WAZUH_VERSION}" REPO="wazuh/wazuh-docker" GH_URL="https://api.github.com/repos/${REPO}/git/refs/tags/${TAG}" if curl -fsSL "$GH_URL" >/dev/null 2>&1; then - curl -fsSL -o "$FILE" "https://packages.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt" + curl -fsSL -o "$ARTIFACT_URLS_FILE" "https://packages.wazuh.com/${WAZUH_MINOR_VERSION}/${ARTIFACT_URLS_FILE}" else - curl -fsSL -o "$FILE" "https://packages-dev.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt" + curl -fsSL -o "$ARTIFACT_URLS_FILE" "https://packages-dev.wazuh.com/${WAZUH_MINOR_VERSION}/${ARTIFACT_URLS_FILE}" fi fi - awk -F':' '{name=$1; val=substr($0,length(name)+3); gsub(/[-.]/,"_",name); print name "=" val}' $FILE > packages_env.txt + awk -F':' '{name=$1; val=substr($0,length(name)+3); gsub(/[-.]/,"_",name); print name "=" val}' $ARTIFACT_URLS_FILE > artifacts_env.txt echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > ../.env echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> ../.env @@ -69,7 +69,7 @@ build() { set -a source ../.env - source ./packages_env.txt + source ./artifacts_env.txt set +a if [ "${MULTIARCH}" ];then From 5b43cf9053e3749dc9c7d5ad1652a5a515d4feb1 Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Wed, 19 Nov 2025 00:15:15 +0700 Subject: [PATCH 09/12] modify gitignore --- .gitignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 9e8e4a05..be72bfa3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ *.log -build-docker-images/packages_env.txt -build-docker-images/packages_url.txt +build-docker-images/artifact_urls.yml +build-docker-images/artifacts_env.txt single-node/wazuh-certificates single-node/wazuh-certificates/* single-node/wazuh-certificates-tool.log From a832d969665a3a55580b7b085bde472013bddb8f Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Wed, 19 Nov 2025 00:17:10 +0700 Subject: [PATCH 10/12] modify file extension --- build-docker-images/build-images.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index ad7668da..e1641a99 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -43,7 +43,7 @@ build() { WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}" # Variables - ARTIFACT_URLS_FILE="artifact_urls.txt" + ARTIFACT_URLS_FILE="artifact_urls.yml" if [[ -f "$ARTIFACT_URLS_FILE" ]]; then echo "$ARTIFACT_URLS_FILE exists. Using existing file." From 51c4751a1de4147f4ab9f6939532927ecaaa5afb Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Wed, 19 Nov 2025 00:24:47 +0700 Subject: [PATCH 11/12] fix wazuh_certs_tool parameter --- .github/workflows/Procedure_push_docker_images.yml | 2 +- build-docker-images/build-images.yml | 6 +++--- build-docker-images/wazuh-dashboard/Dockerfile | 2 +- build-docker-images/wazuh-dashboard/config/config.sh | 2 +- build-docker-images/wazuh-indexer/Dockerfile | 2 +- build-docker-images/wazuh-indexer/config/config.sh | 2 +- build-docker-images/wazuh-manager/Dockerfile | 2 +- build-docker-images/wazuh-manager/config/config.sh | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/Procedure_push_docker_images.yml b/.github/workflows/Procedure_push_docker_images.yml index 23be8050..e9735cdd 100644 --- a/.github/workflows/Procedure_push_docker_images.yml +++ b/.github/workflows/Procedure_push_docker_images.yml @@ -145,7 +145,7 @@ jobs: wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)" wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)" wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)" - wazuh_cert_tool: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/wazuh-certs-tool.sh --expires-in 3600 --region us-west-1)" + wazuh_certs_tool: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/wazuh-certs-tool.sh --expires-in 3600 --region us-west-1)" wazuh_config_yml: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/secondary/installation-assistant/5.0.0/config.yml --expires-in 3600 --region us-west-1)" EOF working-directory: ./build-docker-images diff --git a/build-docker-images/build-images.yml b/build-docker-images/build-images.yml index a6478b17..15397156 100644 --- a/build-docker-images/build-images.yml +++ b/build-docker-images/build-images.yml @@ -8,7 +8,7 @@ services: WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm} wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm} - wazuh_cert_tool: ${wazuh_cert_tool} + wazuh_certs_tool: ${wazuh_certs_tool} wazuh_config_yml: ${wazuh_config_yml} image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG} hostname: wazuh.manager @@ -51,7 +51,7 @@ services: WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm} wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm} - wazuh_cert_tool: ${wazuh_cert_tool} + wazuh_certs_tool: ${wazuh_certs_tool} wazuh_config_yml: ${wazuh_config_yml} image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG} hostname: wazuh.indexer @@ -77,7 +77,7 @@ services: WAZUH_UI_REVISION: ${WAZUH_UI_REVISION} wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm} wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm} - wazuh_cert_tool: ${wazuh_cert_tool} + wazuh_certs_tool: ${wazuh_certs_tool} wazuh_config_yml: ${wazuh_config_yml} image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG} hostname: wazuh.dashboard diff --git a/build-docker-images/wazuh-dashboard/Dockerfile b/build-docker-images/wazuh-dashboard/Dockerfile index 8184853f..483dc0c8 100644 --- a/build-docker-images/wazuh-dashboard/Dockerfile +++ b/build-docker-images/wazuh-dashboard/Dockerfile @@ -8,7 +8,7 @@ ARG INSTALL_DIR=/usr/share/wazuh-dashboard ARG TARGETARCH ARG wazuh_dashboard_url_amd64_rpm ARG wazuh_dashboard_url_arm64_rpm -ARG wazuh_cert_tool +ARG wazuh_certs_tool ARG wazuh_config_yml # Update and install dependencies diff --git a/build-docker-images/wazuh-dashboard/config/config.sh b/build-docker-images/wazuh-dashboard/config/config.sh index 2d1d0ee4..b6c3b32c 100644 --- a/build-docker-images/wazuh-dashboard/config/config.sh +++ b/build-docker-images/wazuh-dashboard/config/config.sh @@ -26,7 +26,7 @@ download_package() { } # Download the tool to create the certificates echo "Downloading the tool to create the certificates..." -download_package "$wazuh_cert_tool" $CERT_TOOL +download_package "$wazuh_certs_tool" $CERT_TOOL # Download the config file for the certificate tool echo "Downloading the config file for the certificate tool..." download_package "$wazuh_config_yml" $CERT_CONFIG_FILE diff --git a/build-docker-images/wazuh-indexer/Dockerfile b/build-docker-images/wazuh-indexer/Dockerfile index 51ca78d0..5e8c44e2 100644 --- a/build-docker-images/wazuh-indexer/Dockerfile +++ b/build-docker-images/wazuh-indexer/Dockerfile @@ -6,7 +6,7 @@ ARG WAZUH_TAG_REVISION ARG TARGETARCH ARG wazuh_indexer_url_amd64_rpm ARG wazuh_indexer_url_arm64_rpm -ARG wazuh_cert_tool +ARG wazuh_certs_tool ARG wazuh_config_yml COPY config/config.sh . diff --git a/build-docker-images/wazuh-indexer/config/config.sh b/build-docker-images/wazuh-indexer/config/config.sh index abcf257b..f2dd1bbd 100644 --- a/build-docker-images/wazuh-indexer/config/config.sh +++ b/build-docker-images/wazuh-indexer/config/config.sh @@ -34,7 +34,7 @@ download_package() { } # Download the tool to create the certificates echo "Downloading the tool to create the certificates..." -download_package "$wazuh_cert_tool" $CERT_TOOL +download_package "$wazuh_certs_tool" $CERT_TOOL # Download the config file for the certificate tool echo "Downloading the config file for the certificate tool..." download_package "$wazuh_config_yml" $CERT_CONFIG_FILE diff --git a/build-docker-images/wazuh-manager/Dockerfile b/build-docker-images/wazuh-manager/Dockerfile index d7969b15..09ce7a8b 100644 --- a/build-docker-images/wazuh-manager/Dockerfile +++ b/build-docker-images/wazuh-manager/Dockerfile @@ -9,7 +9,7 @@ ARG S6_VERSION="v2.2.0.3" ARG TARGETARCH ARG wazuh_manager_url_amd64_rpm ARG wazuh_manager_url_arm64_rpm -ARG wazuh_cert_tool +ARG wazuh_certs_tool ARG wazuh_config_yml COPY config/config.sh . diff --git a/build-docker-images/wazuh-manager/config/config.sh b/build-docker-images/wazuh-manager/config/config.sh index 8cf0553e..d220151e 100644 --- a/build-docker-images/wazuh-manager/config/config.sh +++ b/build-docker-images/wazuh-manager/config/config.sh @@ -19,7 +19,7 @@ download_package() { mkdir -p $CERT_DIR # Download the tool to create the certificates echo "Downloading the tool to create the certificates..." -download_package "$wazuh_cert_tool" $CERT_TOOL +download_package "$wazuh_certs_tool" $CERT_TOOL # Download the config file for the certificate tool echo "Downloading the config file for the certificate tool..." download_package "$wazuh_config_yml" $CERT_CONFIG_FILE From f3f8471496eaa02f87335719fc95c18c0a4363bd Mon Sep 17 00:00:00 2001 From: Victor Carlos Erenu Date: Wed, 19 Nov 2025 01:30:36 +0700 Subject: [PATCH 12/12] Modify image tag and version --- .env | 6 +++--- build-docker-images/build-images.sh | 6 +++--- multi-node/docker-compose.yml | 12 ++++++------ single-node/docker-compose.yml | 6 +++--- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.env b/.env index a8180776..2146280d 100755 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ -WAZUH_VERSION=main -WAZUH_IMAGE_VERSION=main +WAZUH_VERSION=5.0.0 +WAZUH_IMAGE_VERSION=5.0.0 WAZUH_TAG_REVISION=1 WAZUH_UI_REVISION=1 WAZUH_REGISTRY=docker.io -IMAGE_TAG=main +IMAGE_TAG=5.0.0 diff --git a/build-docker-images/build-images.sh b/build-docker-images/build-images.sh index e1641a99..f6895666 100755 --- a/build-docker-images/build-images.sh +++ b/build-docker-images/build-images.sh @@ -1,5 +1,5 @@ -WAZUH_IMAGE_VERSION=main -IMAGE_TAG=main +WAZUH_IMAGE_VERSION=5.0.0 +IMAGE_TAG=5.0.0 WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_TAG_REVISION=1 WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') @@ -14,7 +14,7 @@ WAZUH_REGISTRY=docker.io # License (version 2) as published by the FSF - Free Software # Foundation. -WAZUH_IMAGE_VERSION="main" +WAZUH_IMAGE_VERSION="5.0.0" WAZUH_TAG_REVISION="1" WAZUH_DEV_STAGE="" WAZUH_TAG_REFERENCE="" diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index 7123d62a..aa079f8d 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) services: wazuh.master: - image: wazuh/wazuh-manager:main + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.master restart: always ulimits: @@ -37,7 +37,7 @@ services: - ./wazuh-certificates/wazuh.master.pem:/etc/ssl/filebeat.pem - ./wazuh-certificates/wazuh.master-key.pem:/etc/ssl/filebeat.key wazuh.worker: - image: wazuh/wazuh-manager:main + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.worker restart: always ulimits: @@ -70,7 +70,7 @@ services: - ./wazuh-certificates/wazuh.worker-key.pem:/etc/filebeat/certs/filebeat-key.pem wazuh1.indexer: - image: wazuh/wazuh-indexer:main + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh1.indexer restart: always ports: @@ -101,7 +101,7 @@ services: - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem wazuh2.indexer: - image: wazuh/wazuh-indexer:main + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh2.indexer restart: always environment: @@ -128,7 +128,7 @@ services: - ./wazuh-certificates/wazuh2.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem wazuh3.indexer: - image: wazuh/wazuh-indexer:main + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh3.indexer restart: always environment: @@ -155,7 +155,7 @@ services: - ./wazuh-certificates/wazuh3.indexer.pem:/usr/share/wazuh-indexer/config/certs/indexer.pem wazuh.dashboard: - image: wazuh/wazuh-dashboard:main + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index d5bf48c5..5b107f72 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) services: wazuh.manager: - image: wazuh/wazuh-manager:main + image: wazuh/wazuh-manager:5.0.0 hostname: wazuh.manager restart: always ulimits: @@ -37,7 +37,7 @@ services: - ./wazuh-certificates/wazuh.manager-key.pem:/etc/filebeat/certs/filebeat-key.pem wazuh.indexer: - image: wazuh/wazuh-indexer:main + image: wazuh/wazuh-indexer:5.0.0 hostname: wazuh.indexer restart: always ports: @@ -67,7 +67,7 @@ services: - ./wazuh-certificates/admin-key.pem:/usr/share/wazuh-indexer/config/certs/admin-key.pem wazuh.dashboard: - image: wazuh/wazuh-dashboard:main + image: wazuh/wazuh-dashboard:5.0.0 hostname: wazuh.dashboard restart: always ports: