wazuh/wazuh-docker
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-12-11 03:35:35 -06:00
Code Issues Packages Projects Releases 118 Wiki Activity

merge main branch

Browse Source
This commit is contained in:
Victor Carlos Erenu 2025-11-05 20:13:33 +07:00
commit 5e97ddb2d6
No known key found for this signature in database
GPG Key ID: B199E04BCF80C99A
55 changed files with 414 additions and 716 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.env
View File

@ -1,6 +1,11 @@
WAZUH_VERSION=4.14.0 WAZUH_VERSION=main
WAZUH_IMAGE_VERSION=4.14.0 WAZUH_IMAGE_VERSION=main
WAZUH_TAG_REVISION=1 WAZUH_TAG_REVISION=1
<<<<<<< HEAD
FILEBEAT_TEMPLATE_BRANCH=v4.14.0 FILEBEAT_TEMPLATE_BRANCH=v4.14.0
WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz WAZUH_FILEBEAT_MODULE=wazuh-filebeat-0.4.tar.gz
=======
>>>>>>> 1e55bb13cadad97053c52747cdb7f57d54eee70b
WAZUH_UI_REVISION=1 WAZUH_UI_REVISION=1
WAZUH_REGISTRY=docker.io
IMAGE_TAG=main

2
.github/.goss.yaml vendored
View File

@ -56,7 +56,7 @@ package:
wazuh-manager: wazuh-manager:
installed: true installed: true
versions: versions:
- 4.14.0 - 5.0.0
port: port:
tcp:1514: tcp:1514:
listening: true listening: true

129
.github/workflows/Procedure_push_docker_images.yml vendored
View File

@ -6,28 +6,19 @@ on:
inputs: inputs:
image_tag: image_tag:
description: 'Docker image tag' description: 'Docker image tag'
default: '4.14.0' default: '5.0.0'
required: true required: true
docker_reference: docker_reference:
description: 'wazuh-docker reference' description: 'wazuh-docker reference'
required: true required: true
products:
description: 'Comma-separated list of the image names to build and push'
default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
required: true
filebeat_module_version:
description: 'Filebeat module version'
default: '0.4'
required: true
revision: revision:
description: 'Package revision' description: 'Package revision'
default: '1' default: '1'
required: true required: true
push_images: reference:
description: 'Push images' description: 'Dev reference'
type: boolean type: string
default: true default: latest
required: true
id: id:
description: "ID used to identify the workflow uniquely." description: "ID used to identify the workflow uniquely."
type: string type: string
@ -41,33 +32,22 @@ on:
inputs: inputs:
image_tag: image_tag:
description: 'Docker image tag' description: 'Docker image tag'
default: '4.14.0' default: '5.0.0'
required: true required: true
type: string type: string
docker_reference: docker_reference:
description: 'wazuh-docker reference' description: 'wazuh-docker reference'
required: false required: false
type: string type: string
products:
description: 'Comma-separated list of the image names to build and push'
default: 'wazuh-manager,wazuh-dashboard,wazuh-indexer,wazuh-agent'
required: true
type: string
filebeat_module_version:
description: 'Filebeat module version'
default: '0.4'
required: true
type: string
revision: revision:
description: 'Package revision' description: 'Package revision'
default: '1' default: '1'
required: true required: true
type: string type: string
push_images: reference:
description: 'Push images' description: 'Dev reference'
type: boolean type: string
default: true default: latest
required: true
id: id:
description: "ID used to identify the workflow uniquely." description: "ID used to identify the workflow uniquely."
type: string type: string
@ -82,6 +62,15 @@ jobs:
build-and-push: build-and-push:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
env:
IMAGE_REGISTRY: ${{ inputs.dev && vars.IMAGE_REGISTRY_DEV || vars.IMAGE_REGISTRY_PROD }}
IMAGE_TAG: ${{ inputs.image_tag }}
REVISION: ${{ inputs.revision }}
steps: steps:
- name: Print inputs - name: Print inputs
run: | run: |
@ -96,11 +85,10 @@ jobs:
echo "* id: ${{ inputs.id }}" echo "* id: ${{ inputs.id }}"
echo "* image_tag: ${{ inputs.image_tag }}" echo "* image_tag: ${{ inputs.image_tag }}"
echo "* docker_reference: ${{ inputs.docker_reference }}" echo "* docker_reference: ${{ inputs.docker_reference }}"
echo "* products: ${{ inputs.products }}"
echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}" echo "* filebeat_module_version: ${{ inputs.filebeat_module_version }}"
echo "* revision: ${{ inputs.revision }}" echo "* revision: ${{ inputs.revision }}"
echo "* push_images: ${{ inputs.push_images }}"
echo "* dev: ${{ inputs.dev }}" echo "* dev: ${{ inputs.dev }}"
echo "* dev reference: ${{ inputs.reference }}"
echo "---------------------------------------------" echo "---------------------------------------------"
- name: Checkout repository - name: Checkout repository
@ -108,18 +96,65 @@ jobs:
with: with:
ref: ${{ inputs.docker_reference }} ref: ${{ inputs.docker_reference }}
- name: free disk space
uses: ./.github/free-disk-space
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure aws credentials
if: ${{ inputs.dev == true }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_DOCKER_ROLE }}
aws-region: "${{ secrets.AWS_REGION }}"
- name: Log in to Amazon ECR
if: ${{ inputs.dev == true }}
uses: aws-actions/amazon-ecr-login@v2
- name: Log in to Docker Hub - name: Log in to Docker Hub
if: ${{ inputs.dev == false }}
uses: docker/login-action@v3 uses: docker/login-action@v3
with: with:
username: ${{ secrets.DOCKERHUB_USERNAME }} username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }} password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Create packages_url.txt file
if : ${{ inputs.dev == true }}
run: |
cat << EOF > packages_url.txt
wazuh_manager_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
wazuh_manager_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
wazuh_manager_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
wazuh_manager_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-manager-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
wazuh_indexer_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
wazuh_indexer_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
wazuh_indexer_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
wazuh_indexer_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-indexer-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
wazuh_dashboard_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
wazuh_dashboard_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
wazuh_dashboard_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
wazuh_dashboard_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-dashboard-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
wazuh_agent_url_amd64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_amd64.deb --expires-in 3600 --region us-west-1)"
wazuh_agent_url_arm64_deb: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent_5.0.0-${{ inputs.reference }}_arm64.deb --expires-in 3600 --region us-west-1)"
wazuh_agent_url_x86_64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.x86_64.rpm --expires-in 3600 --region us-west-1)"
wazuh_agent_url_aarch64_rpm: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.aarch64.rpm --expires-in 3600 --region us-west-1)"
wazuh_agent_url_i386_msi: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.i386.msi --expires-in 3600 --region us-west-1)"
wazuh_agent_url_intel64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.intel64.pkg --expires-in 3600 --region us-west-1)"
wazuh_agent_url_arm64_pkg: "$(aws s3 presign s3://${{ vars.AWS_S3_BUCKET_DEV }}/development/wazuh/5.x/main/packages/wazuh-agent-5.0.0-${{ inputs.reference }}.arm64.pkg --expires-in 3600 --region us-west-1)"
EOF
working-directory: ./build-docker-images
- name: Build Wazuh images - name: Build Wazuh images
run: | run: |
IMAGE_TAG=${{ inputs.image_tag }} if [ "${{ inputs.dev }}" = true ]; then
FILEBEAT_MODULE_VERSION=${{ inputs.filebeat_module_version }} IMAGE_TAG="${{ inputs.image_tag }}-${{ inputs.reference }}"
REVISION=${{ inputs.revision }} ./build-images.sh -v ${{ inputs.image_tag }} -r $REVISION -d "dev" -rg $IMAGE_REGISTRY -m -ref ${{ inputs.reference }}
else
if [[ "$IMAGE_TAG" == *"-"* ]]; then if [[ "$IMAGE_TAG" == *"-"* ]]; then
IFS='-' read -r -a tokens <<< "$IMAGE_TAG" IFS='-' read -r -a tokens <<< "$IMAGE_TAG"
if [ -z "${tokens[1]}" ]; then if [ -z "${tokens[1]}" ]; then
@ -128,13 +163,13 @@ jobs:
fi fi
DEV_STAGE=${tokens[1]} DEV_STAGE=${tokens[1]}
WAZUH_VER=${tokens[0]} WAZUH_VER=${tokens[0]}
./build-docker-images/build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -f $FILEBEAT_MODULE_VERSION ./build-images.sh -v $WAZUH_VER -r $REVISION -d $DEV_STAGE -rg $IMAGE_REGISTRY -m
else else
./build-docker-images/build-images.sh -v $IMAGE_TAG -r $REVISION -f $FILEBEAT_MODULE_VERSION ./build-images.sh -v $IMAGE_TAG -r $REVISION -rg $IMAGE_REGISTRY -m
fi
fi fi
# Save .env file (generated by build-images.sh) contents to $GITHUB_ENV # Save .env file (generated by build-images.sh) contents to $GITHUB_ENV
ENV_FILE_PATH=".env" ENV_FILE_PATH="../.env"
if [ -f $ENV_FILE_PATH ]; then if [ -f $ENV_FILE_PATH ]; then
while IFS= read -r line || [ -n "$line" ]; do while IFS= read -r line || [ -n "$line" ]; do
@ -144,16 +179,4 @@ jobs:
echo "The environment file $ENV_FILE_PATH does not exist!" echo "The environment file $ENV_FILE_PATH does not exist!"
exit 1 exit 1
fi fi
working-directory: ./build-docker-images
- name: Tag and Push Wazuh images
if: ${{ inputs.push_images }}
run: |
IMAGE_TAG="${{ inputs.image_tag }}$( [ "${{ inputs.dev }}" == "true" ] && echo '-dev' || true )"
IMAGE_NAMES=${{ inputs.products }}
IFS=',' read -r -a images <<< "$IMAGE_NAMES"
for image in "${images[@]}"; do
echo "Tagging and pushing wazuh/$image:${WAZUH_VERSION} to wazuh/$image:$IMAGE_TAG"
docker tag wazuh/$image:${WAZUH_VERSION} wazuh/$image:$IMAGE_TAG
echo "Pushing wazuh/$image:$IMAGE_TAG ..."
docker push wazuh/$image:$IMAGE_TAG
done

2
.gitignore vendored
View File

@ -3,3 +3,5 @@ single-node/config/wazuh_indexer_ssl_certs/*.key
multi-node/config/wazuh_indexer_ssl_certs/*.pem multi-node/config/wazuh_indexer_ssl_certs/*.pem
multi-node/config/wazuh_indexer_ssl_certs/*.key multi-node/config/wazuh_indexer_ssl_certs/*.key
*.log *.log
build-docker-images/packages_env.txt
build-docker-images/packages_url.txt

39
CHANGELOG.md
View File

@ -1,6 +1,45 @@
# Change Log # Change Log
All notable changes to this project will be documented in this file. All notable changes to this project will be documented in this file.
## [5.0.0]
### Added
- None
### Changed
- Modify Wazuh components install method ([#2058](https://github.com/wazuh/wazuh-puppet/issues/2058))
- Image builder Workflow Rebuild ([#2054](https://github.com/wazuh/wazuh-puppet/issues/2054))
- Wazuh server clean-up ([#2030](https://github.com/wazuh/wazuh-puppet/issues/2030))
- Fix OpenSearch deprecated settings ([#1366](https://github.com/wazuh/wazuh-puppet/issues/1366))
### Fixed
- None
### Deleted
- None
## [4.14.1]
### Added
- None
### Changed
- Wazuh cert tool generator improvements ([#2027](https://github.com/wazuh/wazuh-docker/pull/2027))
### Fixed
- None
### Deleted
- None
## [4.14.0] ## [4.14.0]
### Added ### Added

2
README.md
View File

@ -18,7 +18,7 @@ The `wazuh/wazuh-docker` repository provides resources to deploy the Wazuh cyber
## Branch Convention ## Branch Convention
- `main`: Developing and testing of new features. - `main`: Developing and testing of new features.
- `X.Y.Z`: Version-specific branches (e.g., `4.14.0`, `4.13.0`, etc.). - `X.Y.Z`: Version-specific branches (e.g., `5.0.0`, `4.14.0`, etc.).
## Documentation ## Documentation

4
VERSION.json
View File

@ -1,4 +1,4 @@
{ {
"version": "4.14.0", "version": "5.0.0",
"stage": "rc2" "stage": "alpha0"
} }

4
build-docker-images/README.md
View File

@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
``` ```
$ build-docker-images/build-images.sh -v 4.14.0 $ build-docker-images/build-images.sh -v 5.0.0
``` ```
To get all the available script options use the -h or --help option: To get all the available script options use the -h or --help option:
@ -26,7 +26,7 @@ Usage: build-docker-images/build-images.sh [OPTIONS]
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default. -d, --dev <ref> [Optional] Set the development stage you want to build, example rc1 or beta1, not used by default.
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4. -f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
-r, --revision <rev> [Optional] Package revision. By default 1 -r, --revision <rev> [Optional] Package revision. By default 1
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.14.0. -v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
-h, --help Show this help. -h, --help Show this help.
``` ```

82
build-docker-images/build-images.sh
View File

@ -1,8 +1,10 @@
WAZUH_IMAGE_VERSION=4.14.0 WAZUH_IMAGE_VERSION=main
IMAGE_TAG=main
WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g') WAZUH_VERSION=$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')
WAZUH_TAG_REVISION=1 WAZUH_TAG_REVISION=1
WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g') WAZUH_CURRENT_VERSION=$(curl --silent https://api.github.com/repos/wazuh/wazuh/releases/latest | grep '["]tag_name["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 2- | sed -e 's/\.//g')
IMAGE_VERSION=${WAZUH_IMAGE_VERSION} IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
WAZUH_REGISTRY=docker.io
# Wazuh package generator # Wazuh package generator
# Copyright (C) 2023, Wazuh Inc. # Copyright (C) 2023, Wazuh Inc.
@ -12,10 +14,10 @@ IMAGE_VERSION=${WAZUH_IMAGE_VERSION}
# License (version 2) as published by the FSF - Free Software # License (version 2) as published by the FSF - Free Software
# Foundation. # Foundation.
WAZUH_IMAGE_VERSION="4.14.0" WAZUH_IMAGE_VERSION="main"
WAZUH_TAG_REVISION="1" WAZUH_TAG_REVISION="1"
WAZUH_DEV_STAGE="" WAZUH_DEV_STAGE=""
FILEBEAT_MODULE_VERSION="0.4" WAZUH_TAG_REFERENCE=""
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
@ -37,36 +39,44 @@ ctrl_c() {
build() { build() {
WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')" WAZUH_VERSION="$(echo $WAZUH_IMAGE_VERSION | sed -e 's/\.//g')"
FILEBEAT_TEMPLATE_BRANCH="${WAZUH_IMAGE_VERSION}" WAZUH_MINOR_VERSION="${WAZUH_IMAGE_VERSION%.*}"
WAZUH_FILEBEAT_MODULE="wazuh-filebeat-${FILEBEAT_MODULE_VERSION}.tar.gz"
WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}" WAZUH_UI_REVISION="${WAZUH_TAG_REVISION}"
if [ "${WAZUH_DEV_STAGE}" ];then # Variables
FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}-${WAZUH_DEV_STAGE,,}" FILE="packages_url.txt"
if ! curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then
echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" if [[ -f "$FILE" ]]; then
clean 1 echo "$FILE exists. Using existing file."
fi
else else
if curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/v${FILEBEAT_TEMPLATE_BRANCH}"; then TAG="v${WAZUH_VERSION}"
FILEBEAT_TEMPLATE_BRANCH="v${FILEBEAT_TEMPLATE_BRANCH}" REPO="wazuh/wazuh-docker"
elif curl --output /dev/null --silent --head --fail "https://github.com/wazuh/wazuh/tree/${FILEBEAT_TEMPLATE_BRANCH}"; then GH_URL="https://api.github.com/repos/${REPO}/git/refs/tags/${TAG}"
FILEBEAT_TEMPLATE_BRANCH="${FILEBEAT_TEMPLATE_BRANCH}"
if curl -fsSL "$GH_URL" >/dev/null 2>&1; then
curl -fsSL -o "$FILE" "https://packages.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt"
else else
echo "The indicated branch does not exist in the wazuh/wazuh repository: ${FILEBEAT_TEMPLATE_BRANCH}" curl -fsSL -o "$FILE" "https://packages-dev.wazuh.com/${WAZUH_MINOR_VERSION}/packages_url.txt"
clean 1
fi fi
fi fi
awk -F':' '{name=$1; val=substr($0,length(name)+3); gsub(/[-.]/,"_",name); print name "=" val}' $FILE > packages_env.txt
echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > .env echo WAZUH_VERSION=$WAZUH_IMAGE_VERSION > ../.env
echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> .env echo WAZUH_IMAGE_VERSION=$WAZUH_IMAGE_VERSION >> ../.env
echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> .env echo WAZUH_TAG_REVISION=$WAZUH_TAG_REVISION >> ../.env
echo FILEBEAT_TEMPLATE_BRANCH=$FILEBEAT_TEMPLATE_BRANCH >> .env echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> ../.env
echo WAZUH_FILEBEAT_MODULE=$WAZUH_FILEBEAT_MODULE >> .env echo WAZUH_REGISTRY=$WAZUH_REGISTRY >> ../.env
echo WAZUH_UI_REVISION=$WAZUH_UI_REVISION >> .env echo IMAGE_TAG=$IMAGE_TAG >> ../.env
docker compose -f build-docker-images/build-images.yml --env-file .env build --no-cache || clean 1 set -a
source ../.env
source ./packages_env.txt
set +a
if [ "${MULTIARCH}" ];then
docker buildx bake --file build-images.yml --push --set *.platform=linux/amd64,linux/arm64 --no-cache|| clean 1
else
docker buildx bake --file build-images.yml --no-cache|| clean 1
fi
return 0 return 0
} }
@ -77,9 +87,11 @@ help() {
echo "Usage: $0 [OPTIONS]" echo "Usage: $0 [OPTIONS]"
echo echo
echo " -d, --dev <ref> [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default." echo " -d, --dev <ref> [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default."
echo " -f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default ${FILEBEAT_MODULE_VERSION}."
echo " -r, --revision <rev> [Optional] Package revision. By default ${WAZUH_TAG_REVISION}" echo " -r, --revision <rev> [Optional] Package revision. By default ${WAZUH_TAG_REVISION}"
echo " -ref, --reference <ref> [Optional] Set the Wazuh reference to build development images. By default, the latest stable release."
echo " -rg, --registry <reg> [Optional] Set the Docker registry to push the images."
echo " -v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}." echo " -v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, ${WAZUH_IMAGE_VERSION}."
echo " -m, --multiarch [Optional] Enable multi-architecture builds."
echo " -h, --help Show this help." echo " -h, --help Show this help."
echo echo
exit $1 exit $1
@ -102,17 +114,29 @@ main() {
help 1 help 1
fi fi
;; ;;
"-f"|"--filebeat-module") "-m"|"--multiarch")
MULTIARCH="true"
shift
;;
"-r"|"--revision")
if [ -n "${2}" ]; then if [ -n "${2}" ]; then
FILEBEAT_MODULE_VERSION="${2}" WAZUH_TAG_REVISION="${2}"
shift 2 shift 2
else else
help 1 help 1
fi fi
;; ;;
"-r"|"--revision") "-ref"|"--reference")
if [ -n "${2}" ]; then if [ -n "${2}" ]; then
WAZUH_TAG_REVISION="${2}" WAZUH_TAG_REFERENCE="${2}"
shift 2
else
help 1
fi
;;
"-rg"|"--registry")
if [ -n "${2}" ]; then
WAZUH_REGISTRY="${2}"
shift 2 shift 2
else else
help 1 help 1

28
build-docker-images/build-images.yml
View File

@ -6,9 +6,9 @@ services:
args: args:
WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_VERSION: ${WAZUH_VERSION}
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
FILEBEAT_TEMPLATE_BRANCH: ${FILEBEAT_TEMPLATE_BRANCH} wazuh_manager_url_amd64_rpm: ${wazuh_manager_url_x86_64_rpm}
WAZUH_FILEBEAT_MODULE: ${WAZUH_FILEBEAT_MODULE} wazuh_manager_url_arm64_rpm: ${wazuh_manager_url_aarch64_rpm}
image: wazuh/wazuh-manager:${WAZUH_IMAGE_VERSION} image: ${WAZUH_REGISTRY}/wazuh/wazuh-manager:${IMAGE_TAG}
hostname: wazuh.manager hostname: wazuh.manager
restart: always restart: always
ports: ports:
@ -20,19 +20,14 @@ services:
- INDEXER_URL=https://wazuh.indexer:9200 - INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin - INDEXER_USERNAME=admin
- INDEXER_PASSWORD=admin - INDEXER_PASSWORD=admin
- FILEBEAT_SSL_VERIFICATION_MODE=none
volumes: volumes:
- wazuh_api_configuration:/var/ossec/api/configuration - wazuh_api_configuration:/var/ossec/api/configuration
- wazuh_etc:/var/ossec/etc - wazuh_etc:/var/ossec/etc
- wazuh_logs:/var/ossec/logs - wazuh_logs:/var/ossec/logs
- wazuh_queue:/var/ossec/queue - wazuh_queue:/var/ossec/queue
- wazuh_var_multigroups:/var/ossec/var/multigroups - wazuh_var_multigroups:/var/ossec/var/multigroups
- wazuh_integrations:/var/ossec/integrations
- wazuh_active_response:/var/ossec/active-response/bin - wazuh_active_response:/var/ossec/active-response/bin
- wazuh_agentless:/var/ossec/agentless
- wazuh_wodles:/var/ossec/wodles - wazuh_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
wazuh.agent: wazuh.agent:
build: build:
@ -40,7 +35,9 @@ services:
args: args:
WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_VERSION: ${WAZUH_VERSION}
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
image: wazuh/wazuh-agent:${WAZUH_IMAGE_VERSION} wazuh_agent_url_amd64_rpm: ${wazuh_agent_url_x86_64_rpm}
wazuh_agent_url_arm64_rpm: ${wazuh_agent_url_aarch64_rpm}
image: ${WAZUH_REGISTRY}/wazuh/wazuh-agent:${IMAGE_TAG}
hostname: wazuh.agent hostname: wazuh.agent
restart: always restart: always
@ -50,7 +47,9 @@ services:
args: args:
WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_VERSION: ${WAZUH_VERSION}
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
image: wazuh/wazuh-indexer:${WAZUH_IMAGE_VERSION} wazuh_indexer_url_amd64_rpm: ${wazuh_indexer_url_x86_64_rpm}
wazuh_indexer_url_arm64_rpm: ${wazuh_indexer_url_aarch64_rpm}
image: ${WAZUH_REGISTRY}/wazuh/wazuh-indexer:${IMAGE_TAG}
hostname: wazuh.indexer hostname: wazuh.indexer
restart: always restart: always
ports: ports:
@ -72,7 +71,9 @@ services:
WAZUH_VERSION: ${WAZUH_VERSION} WAZUH_VERSION: ${WAZUH_VERSION}
WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION} WAZUH_TAG_REVISION: ${WAZUH_TAG_REVISION}
WAZUH_UI_REVISION: ${WAZUH_UI_REVISION} WAZUH_UI_REVISION: ${WAZUH_UI_REVISION}
image: wazuh/wazuh-dashboard:${WAZUH_IMAGE_VERSION} wazuh_dashboard_url_amd64_rpm: ${wazuh_dashboard_url_x86_64_rpm}
wazuh_dashboard_url_arm64_rpm: ${wazuh_dashboard_url_aarch64_rpm}
image: ${WAZUH_REGISTRY}/wazuh/wazuh-dashboard:${IMAGE_TAG}
hostname: wazuh.dashboard hostname: wazuh.dashboard
restart: always restart: always
ports: ports:
@ -94,9 +95,6 @@ volumes:
wazuh_logs: wazuh_logs:
wazuh_queue: wazuh_queue:
wazuh_var_multigroups: wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response: wazuh_active_response:
wazuh_agentless:
wazuh_wodles: wazuh_wodles:
filebeat_etc:
filebeat_var:

23
build-docker-images/wazuh-agent/Dockerfile
View File

@ -10,18 +10,17 @@ ARG WAZUH_MANAGER='CHANGE_MANAGER_IP'
ARG WAZUH_MANAGER_PORT='CHANGE_MANAGER_PORT' ARG WAZUH_MANAGER_PORT='CHANGE_MANAGER_PORT'
ARG WAZUH_REGISTRATION_SERVER='CHANGE_ENROLL_IP' ARG WAZUH_REGISTRATION_SERVER='CHANGE_ENROLL_IP'
ARG WAZUH_REGISTRATION_PORT='CHANGE_ENROLL_PORT' ARG WAZUH_REGISTRATION_PORT='CHANGE_ENROLL_PORT'
ARG WAZUH_AGENT_NAME='CHANGEE_AGENT_NAME' ARG WAZUH_AGENT_NAME='CHANGE_AGENT_NAME'
ARG TARGETARCH
ARG wazuh_agent_url_amd64_rpm
ARG wazuh_agent_url_arm64_rpm
COPY config/check_repository.sh / RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
agent_url="${!URL_VAR}" && \
RUN yum install curl-minimal tar gzip procps -y &&\ dnf install curl-minimal tar gzip procps -y &&\
yum clean all curl -o /wazuh-agent.rpm "${agent_url}" && \
dnf install /wazuh-agent.rpm -y && \
RUN chmod 775 /check_repository.sh dnf clean all && \
RUN source /check_repository.sh
RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
yum clean all && \
sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \ sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \
curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-o /tmp/s6-overlay-amd64.tar.gz && \ -o /tmp/s6-overlay-amd64.tar.gz && \
@ -31,6 +30,4 @@ RUN yum install wazuh-agent-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
COPY config/etc/ /etc/ COPY config/etc/ /etc/
RUN rm /etc/yum.repos.d/wazuh.repo
ENTRYPOINT [ "/init" ] ENTRYPOINT [ "/init" ]

15
build-docker-images/wazuh-agent/config/check_repository.sh
View File

@ -1,15 +0,0 @@
## variables
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$)
## check tag to use the correct repository
if [[ -n "${WAZUH_TAG}" ]]; then
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
fi
rpm --import "${APT_KEY}"
echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

17
build-docker-images/wazuh-dashboard/Dockerfile
View File

@ -5,16 +5,17 @@ ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION ARG WAZUH_TAG_REVISION
ARG WAZUH_UI_REVISION ARG WAZUH_UI_REVISION
ARG INSTALL_DIR=/usr/share/wazuh-dashboard ARG INSTALL_DIR=/usr/share/wazuh-dashboard
ARG TARGETARCH
ARG wazuh_dashboard_url_amd64_rpm
ARG wazuh_dashboard_url_arm64_rpm
# Update and install dependencies # Update and install dependencies
RUN yum install curl-minimal libcap openssl -y RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
dashboard_url="${!URL_VAR}" && \
COPY config/check_repository.sh / dnf install curl-minimal libcap openssl -y && \
RUN chmod 775 /check_repository.sh && \ curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \
source /check_repository.sh dnf install /wazuh-dashboard.rpm -y && \
dnf clean all
RUN yum install wazuh-dashboard-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
yum clean all
# Create and set permissions to data directories # Create and set permissions to data directories
RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh RUN mkdir -p $INSTALL_DIR/data/wazuh && chmod -R 775 $INSTALL_DIR/data/wazuh

15
build-docker-images/wazuh-dashboard/config/check_repository.sh
View File

@ -1,15 +0,0 @@
## variables
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$)
## check tag to use the correct repository
if [[ -n "${WAZUH_TAG}" ]]; then
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
fi
rpm --import "${APT_KEY}"
echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

20
build-docker-images/wazuh-indexer/Dockerfile
View File

@ -3,19 +3,19 @@ FROM amazonlinux:2023 AS builder
ARG WAZUH_VERSION ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION ARG WAZUH_TAG_REVISION
ARG TARGETARCH
RUN yum install curl-minimal openssl xz tar findutils shadow-utils -y ARG wazuh_indexer_url_amd64_rpm
ARG wazuh_indexer_url_arm64_rpm
COPY config/check_repository.sh /
RUN chmod 775 /check_repository.sh && \
source /check_repository.sh
RUN yum install wazuh-indexer-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
yum clean all
COPY config/config.sh . COPY config/config.sh .
RUN bash config.sh RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
indexer_url="${!URL_VAR}" && \
dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\
curl -o /wazuh-indexer.rpm "${indexer_url}" && \
dnf install /wazuh-indexer.rpm -y && \
dnf clean all && \
bash config.sh
################################################################################ ################################################################################
# Build stage 1 (the actual Wazuh indexer image): # Build stage 1 (the actual Wazuh indexer image):

15
build-docker-images/wazuh-indexer/config/check_repository.sh
View File

@ -1,15 +0,0 @@
## variables
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$)
## check tag to use the correct repository
if [[ -n "${WAZUH_TAG}" ]]; then
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
fi
rpm --import "${APT_KEY}"
echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

44
build-docker-images/wazuh-manager/Dockerfile
View File

@ -5,28 +5,18 @@ RUN rm /bin/sh && ln -s /bin/bash /bin/sh
ARG WAZUH_VERSION ARG WAZUH_VERSION
ARG WAZUH_TAG_REVISION ARG WAZUH_TAG_REVISION
ARG FILEBEAT_TEMPLATE_BRANCH
ARG FILEBEAT_CHANNEL=filebeat-oss
ARG FILEBEAT_VERSION=7.10.2
ARG FILEBEAT_REVISION=2
ARG WAZUH_FILEBEAT_MODULE
ARG S6_VERSION="v2.2.0.3" ARG S6_VERSION="v2.2.0.3"
ARG TARGETARCH
ARG wazuh_manager_url_amd64_rpm
ARG wazuh_manager_url_arm64_rpm
RUN yum install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
yum clean all manager_url="${!URL_VAR}" && \
dnf install curl-minimal xz gnupg tar gzip openssl findutils procps -y &&\
COPY config/check_repository.sh / dnf clean all && \
COPY config/filebeat_module.sh / curl -o /wazuh-manager.rpm "${manager_url}" && \
COPY config/permanent_data.env config/permanent_data.sh / dnf install /wazuh-manager.rpm -y && \
dnf clean all && \
RUN chmod 775 /check_repository.sh
RUN source /check_repository.sh
RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
yum clean all && \
chmod 775 /filebeat_module.sh && \
source /filebeat_module.sh && \
rm /filebeat_module.sh && \
curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \ curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-o /tmp/s6-overlay-amd64.tar.gz && \ -o /tmp/s6-overlay-amd64.tar.gz && \
tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \ tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
@ -36,24 +26,16 @@ RUN yum install wazuh-manager-${WAZUH_VERSION}-${WAZUH_TAG_REVISION} -y && \
COPY config/etc/ /etc/ COPY config/etc/ /etc/
COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
COPY config/filebeat.yml /etc/filebeat/
RUN chmod go-w /etc/filebeat/filebeat.yml
ADD https://raw.githubusercontent.com/wazuh/wazuh/$FILEBEAT_TEMPLATE_BRANCH/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
RUN chmod go-w /etc/filebeat/wazuh-template.json
# Prepare permanent data # Prepare permanent data
# Sync calls are due to https://github.com/docker/docker/issues/9547 # Sync calls are due to https://github.com/docker/docker/issues/9547
COPY config/permanent_data.env config/permanent_data.sh /
#Make mount directories for keep permissions #Make mount directories for keep permissions
RUN mkdir -p /var/ossec/var/multigroups && \ RUN mkdir -p /var/ossec/var/multigroups && \
chown root:wazuh /var/ossec/var/multigroups && \ chown root:wazuh /var/ossec/var/multigroups && \
chmod 770 /var/ossec/var/multigroups && \ chmod 770 /var/ossec/var/multigroups && \
mkdir -p /var/ossec/agentless && \
chown root:wazuh /var/ossec/agentless && \
chmod 770 /var/ossec/agentless && \
mkdir -p /var/ossec/active-response/bin && \ mkdir -p /var/ossec/active-response/bin && \
chown root:wazuh /var/ossec/active-response/bin && \ chown root:wazuh /var/ossec/active-response/bin && \
chmod 770 /var/ossec/active-response/bin && \ chmod 770 /var/ossec/active-response/bin && \
@ -61,8 +43,6 @@ RUN mkdir -p /var/ossec/var/multigroups && \
sync && /permanent_data.sh && \ sync && /permanent_data.sh && \
sync && rm /permanent_data.sh sync && rm /permanent_data.sh
RUN rm /etc/yum.repos.d/wazuh.repo
# Services ports # Services ports
EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp

15
build-docker-images/wazuh-manager/config/check_repository.sh
View File

@ -1,15 +0,0 @@
## variables
APT_KEY=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1"
WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$)
## check tag to use the correct repository
if [[ -n "${WAZUH_TAG}" ]]; then
APT_KEY=https://packages.wazuh.com/key/GPG-KEY-WAZUH
GPG_SIGN="gpgcheck=1\ngpgkey=${APT_KEY}]"
REPOSITORY="[wazuh]\n${GPG_SIGN}\nenabled=1\nname=EL-\$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1"
fi
rpm --import "${APT_KEY}"
echo -e "${REPOSITORY}" | tee /etc/yum.repos.d/wazuh.repo

51
build-docker-images/wazuh-manager/config/etc/cont-init.d/1-config-filebeat
View File

@ -1,51 +0,0 @@
#!/usr/bin/with-contenv bash
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
set -e
if [ "$INDEXER_URL" != "" ]; then
>&2 echo "Customize Elasticsearch output IP"
sed -i "s|hosts:.*|hosts: ['$INDEXER_URL']|g" /etc/filebeat/filebeat.yml
fi
# Configure filebeat.yml security settings
if [ "$INDEXER_USERNAME" != "" ]; then
>&2 echo "Configuring username."
sed -i "s|#username:.*|username:|g" /etc/filebeat/filebeat.yml
sed -i "s|username:.*|username: '$INDEXER_USERNAME'|g" /etc/filebeat/filebeat.yml
fi
if [ "$INDEXER_PASSWORD" != "" ]; then
>&2 echo "Configuring password."
sed -i "s|#password:.*|password:|g" /etc/filebeat/filebeat.yml
sed -i "s|password:.*|password: '$INDEXER_PASSWORD'|g" /etc/filebeat/filebeat.yml
fi
if [ "$FILEBEAT_SSL_VERIFICATION_MODE" != "" ]; then
>&2 echo "Configuring SSL verification mode."
sed -i "s|#ssl.verification_mode:.*|ssl.verification_mode:|g" /etc/filebeat/filebeat.yml
sed -i "s|ssl.verification_mode:.*|ssl.verification_mode: '$FILEBEAT_SSL_VERIFICATION_MODE'|g" /etc/filebeat/filebeat.yml
fi
if [ "$SSL_CERTIFICATE_AUTHORITIES" != "" ]; then
>&2 echo "Configuring Certificate Authorities."
sed -i "s|#ssl.certificate_authorities:.*|ssl.certificate_authorities:|g" /etc/filebeat/filebeat.yml
sed -i "s|ssl.certificate_authorities:.*|ssl.certificate_authorities: ['$SSL_CERTIFICATE_AUTHORITIES']|g" /etc/filebeat/filebeat.yml
fi
if [ "$SSL_CERTIFICATE" != "" ]; then
>&2 echo "Configuring SSL Certificate."
sed -i "s|#ssl.certificate:.*|ssl.certificate:|g" /etc/filebeat/filebeat.yml
sed -i "s|ssl.certificate:.*|ssl.certificate: '$SSL_CERTIFICATE'|g" /etc/filebeat/filebeat.yml
fi
if [ "$SSL_KEY" != "" ]; then
>&2 echo "Configuring SSL Key."
sed -i "s|#ssl.key:.*|ssl.key:|g" /etc/filebeat/filebeat.yml
sed -i "s|ssl.key:.*|ssl.key: '$SSL_KEY'|g" /etc/filebeat/filebeat.yml
fi
chmod go-w /etc/filebeat/filebeat.yml || true
chown root: /etc/filebeat/filebeat.yml || true

6
build-docker-images/wazuh-manager/config/etc/cont-init.d/2-manager → build-docker-images/wazuh-manager/config/etc/cont-init.d/1-manager
View File

@ -60,12 +60,6 @@ function_wazuh_migration(){
chown wazuh:wazuh /var/ossec/etc/rules/* chown wazuh:wazuh /var/ossec/etc/rules/*
chmod 660 /var/ossec/etc/rules/* chmod 660 /var/ossec/etc/rules/*
if [ -e /wazuh-migration/data/agentless/.passlist ]; then
\cp -f /wazuh-migration/data/agentless/.passlist /var/ossec/agentless/.passlist
chown root:wazuh /var/ossec/agentless/.passlist
chmod 640 /var/ossec/agentless/.passlist
fi
\cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db \cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db
chown wazuh:wazuh /var/ossec/queue/db/global.db chown wazuh:wazuh /var/ossec/queue/db/global.db
chmod 640 /var/ossec/queue/db/global.db chmod 640 /var/ossec/queue/db/global.db

6
build-docker-images/wazuh-manager/config/etc/services.d/filebeat/finish
View File

@ -1,6 +0,0 @@
#!/usr/bin/env sh
echo >&2 "Filebeat exited. code=${1}"
# terminate other services to exit from the container
exec s6-svscanctl -t /var/run/s6/services

4
build-docker-images/wazuh-manager/config/etc/services.d/filebeat/run
View File

@ -1,4 +0,0 @@
#!/usr/bin/with-contenv sh
echo >&2 "starting Filebeat"
exec /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat

31
build-docker-images/wazuh-manager/config/filebeat.yml
View File

@ -1,31 +0,0 @@
# Wazuh - Filebeat configuration file
filebeat.modules:
- module: wazuh
alerts:
enabled: true
archives:
enabled: false
setup.template.json.enabled: true
setup.template.overwrite: true
setup.template.json.path: '/etc/filebeat/wazuh-template.json'
setup.template.json.name: 'wazuh'
setup.ilm.enabled: false
output.elasticsearch:
hosts: ['https://wazuh.indexer:9200']
#username:
#password:
#ssl.verification_mode:
#ssl.certificate_authorities:
#ssl.certificate:
#ssl.key:
logging.metrics.enabled: false
seccomp:
default_action: allow
syscalls:
- action: allow
names:
- rseq

11
build-docker-images/wazuh-manager/config/filebeat_module.sh
View File

@ -1,11 +0,0 @@
## variables
REPOSITORY="packages-dev.wazuh.com/pre-release"
WAZUH_TAG=$(curl --silent https://api.github.com/repos/wazuh/wazuh/git/refs/tags | grep '["]ref["]:' | sed -E 's/.*\"([^\"]+)\".*/\1/' | cut -c 11- | grep ^v${WAZUH_VERSION}$)
## check tag to use the correct repository
if [[ -n "${WAZUH_TAG}" ]]; then
REPOSITORY="packages.wazuh.com/4.x"
fi
yum install filebeat-${FILEBEAT_VERSION}-${FILEBEAT_REVISION} -y && \
curl -s https://${REPOSITORY}/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module

30
build-docker-images/wazuh-manager/config/permanent_data.env
View File

@ -4,28 +4,15 @@ PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
PERMANENT_DATA[((i++))]="/var/ossec/etc" PERMANENT_DATA[((i++))]="/var/ossec/etc"
PERMANENT_DATA[((i++))]="/var/ossec/logs" PERMANENT_DATA[((i++))]="/var/ossec/logs"
PERMANENT_DATA[((i++))]="/var/ossec/queue" PERMANENT_DATA[((i++))]="/var/ossec/queue"
PERMANENT_DATA[((i++))]="/var/ossec/agentless"
PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups" PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
PERMANENT_DATA[((i++))]="/var/ossec/integrations"
PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin" PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
PERMANENT_DATA[((i++))]="/var/ossec/wodles" PERMANENT_DATA[((i++))]="/var/ossec/wodles"
PERMANENT_DATA[((i++))]="/etc/filebeat"
export PERMANENT_DATA export PERMANENT_DATA
# Files mounted in a volume that should not be permanent # Files mounted in a volume that should not be permanent
i=0 i=0
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/shuffle.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/maltiverse.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
@ -41,18 +28,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_bsd"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/main.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/su.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_linux"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/register_host.sh"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_generic_diff"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_foundry_diff"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_nopass.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
@ -97,11 +72,6 @@ PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/exceptions.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/bucket.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/buckets/access_logs.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py" PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/pubsub/subscriber.py"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-ip"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malicious-domains"
PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/lists/malicious-ioc/malware-hashes"
PERMANENT_DATA_EXCP[((i++))]="/etc/filebeat/wazuh-template.json"
PERMANENT_DATA_EXCP[((i++))]="/etc/filebeat/filebeat.yml"
export PERMANENT_DATA_EXCP export PERMANENT_DATA_EXCP
# Files mounted in a volume that should be deleted # Files mounted in a volume that should be deleted

5
docs/dev/build-image.md
View File

@ -13,7 +13,7 @@ This script initializes the environment variables needed to build each of the im
The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument: The script allows you to build images from other versions of Wazuh, to do this you must use the -v or --version argument:
``` ```
$ build-docker-images/build-images.sh -v 4.14.0 $ build-docker-images/build-images.sh -v 5.0.0
``` ```
To get all the available script options use the -h or --help option: To get all the available script options use the -h or --help option:
@ -24,9 +24,8 @@ $ build-docker-images/build-images.sh -h
Usage: build-docker-images/build-images.sh [OPTIONS] Usage: build-docker-images/build-images.sh [OPTIONS]
-d, --dev <ref> [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default. -d, --dev <ref> [Optional] Set the development stage you want to build, example rc2 or beta1, not used by default.
-f, --filebeat-module <ref> [Optional] Set Filebeat module version. By default 0.4.
-r, --revision <rev> [Optional] Package revision. By default 1 -r, --revision <rev> [Optional] Package revision. By default 1
-v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 4.14.0. -v, --version <ver> [Optional] Set the Wazuh version should be builded. By default, 5.0.0.
-h, --help Show this help. -h, --help Show this help.
``` ```

2
docs/dev/introduction.md
View File

@ -1,6 +1,6 @@
# Development Guide - Introduction # Development Guide - Introduction
Welcome to the Development Guide for Wazuh-docker version 4.14.0. This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development. Welcome to the Development Guide for Wazuh-docker version 5.0.0 This guide is intended for developers, contributors, and advanced users who wish to understand the development aspects of the Wazuh-Docker project, build custom Docker images, or contribute to its development.
## Purpose of This Guide ## Purpose of This Guide

6
docs/dev/setup.md
View File

@ -1,6 +1,6 @@
# Development Guide - Setup Environment # Development Guide - Setup Environment
This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 4.14.0). A proper setup is crucial for building images, running tests, and contributing effectively. This section outlines the steps required to set up your local development environment for working with the Wazuh-Docker project (version 5.0.0). A proper setup is crucial for building images, running tests, and contributing effectively.
## Prerequisites ## Prerequisites
@ -26,12 +26,12 @@ Before you begin, ensure your system meets the following requirements:
Follow these steps to prepare your development environment: Follow these steps to prepare your development environment:
1. **Clone the Repository**: 1. **Clone the Repository**:
Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `4.14.0`. Clone the `wazuh-docker` repository from GitHub. It's important to check out the specific branch you intend to work with, in this case, `5.0.0`.
```bash ```bash
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git) git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
cd wazuh-docker cd wazuh-docker
git checkout v4.14.0 git checkout v5.0.0
``` ```
2. **Verify Docker Installation**: 2. **Verify Docker Installation**:

6
docs/ref/Introduction/description.md
View File

@ -1,6 +1,6 @@
# Reference Manual - Description # Reference Manual - Description
This section provides a detailed description of Wazuh-docker (version 4.14.0), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment. This section provides a detailed description of Wazuh-docker (version 5.0.0), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.
## What is Wazuh? ## What is Wazuh?
@ -18,7 +18,7 @@ Wazuh-docker is a project that provides Docker images and `docker compose` confi
## Core Components in Wazuh-Docker ## Core Components in Wazuh-Docker
The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 4.14.0: The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 5.0.0:
1. **Wazuh Manager**: 1. **Wazuh Manager**:
- The central component that collects and analyzes data from deployed Wazuh agents. - The central component that collects and analyzes data from deployed Wazuh agents.
@ -28,7 +28,7 @@ The Wazuh-Docker project typically provides images for the following core Wazuh
2. **Wazuh Indexer**: 2. **Wazuh Indexer**:
- A highly scalable, full-text search and analytics engine. - A highly scalable, full-text search and analytics engine.
- Based on OpenSearch (or historically Elasticsearch), it stores and indexes alerts and monitoring data generated by the Wazuh manager. - Based on OpenSearch (or historically Elasticsearch), it stores and indexes alerts and monitoring data generated by the Wazuh manager.
- The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 4.14.0, this is typically an OpenSearch-based component. - The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 5.0.0, this is typically an OpenSearch-based component.
3. **Wazuh Dashboard**: 3. **Wazuh Dashboard**:
- A flexible visualization tool based on OpenSearch Dashboards (or historically Kibana). - A flexible visualization tool based on OpenSearch Dashboards (or historically Kibana).

4
docs/ref/Introduction/introduction.md
View File

@ -1,6 +1,6 @@
# Reference Manual - Introduction # Reference Manual - Introduction
Welcome to the Reference Manual for Wazuh-Docker, version 4.14.0. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker. Welcome to the Reference Manual for Wazuh-Docker, version 5.0.0. This manual provides comprehensive information about deploying, configuring, and managing your Wazuh environment using Docker.
## Purpose of This Manual ## Purpose of This Manual
@ -44,4 +44,4 @@ This manual is structured to help you find information efficiently:
- If you need to customize your deployment, refer to the [Configuration](configuration/configuration.md) section. - If you need to customize your deployment, refer to the [Configuration](configuration/configuration.md) section.
- For specific terms or concepts, consult the [Glossary](glossary.md). - For specific terms or concepts, consult the [Glossary](glossary.md).
This manual refers to version 4.14.0 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version. This manual refers to version 5.0.0 of Wazuh-Docker. Ensure you are using the documentation that corresponds to your deployed version.

4
docs/ref/configuration/configuration-files.md
View File

@ -2,7 +2,7 @@
### 1. Wazuh Manager Configuration ### 1. Wazuh Manager Configuration
* **`ossec.conf`**: The main configuration file for the Wazuh manager. It controls rules, decoders, agent enrollment, active responses, integrations, clustering, and more. * **`ossec.conf`**: The main configuration file for the Wazuh manager. It controls rules, decoders, agent enrollment, active responses, clustering, and more.
* **Customization**: Mount a custom `ossec.conf` or specific configuration snippets (e.g., local rules in `local_rules.xml`) into the manager container at `/wazuh-mount-point/`, which will be copied to the path `/var/ossec` (e.g., the file `/var/ossec/etc/ossec.conf` must be mounted at `/wazuh-mount-point/etc/ossec.conf`) . * **Customization**: Mount a custom `ossec.conf` or specific configuration snippets (e.g., local rules in `local_rules.xml`) into the manager container at `/wazuh-mount-point/`, which will be copied to the path `/var/ossec` (e.g., the file `/var/ossec/etc/ossec.conf` must be mounted at `/wazuh-mount-point/etc/ossec.conf`) .
### 2. Wazuh Indexer Configuration ### 2. Wazuh Indexer Configuration
@ -29,4 +29,4 @@
``` ```
Consult the official Wazuh documentation for version 4.14.0 for detailed information on all possible configuration parameters for each component. Consult the official Wazuh documentation for version 5.0.0 for detailed information on all possible configuration parameters for each component.

2
docs/ref/configuration/configuration.md
View File

@ -1,6 +1,6 @@
# Reference Manual - Configuration # Reference Manual - Configuration
This section details how to configure your Wazuh-Docker deployment (version 4.14.0). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment. This section details how to configure your Wazuh-Docker deployment (version 5.0.0). Proper configuration is key to tailoring the Wazuh stack to your specific needs, managing data persistence, and integrating with your environment.
## Overview of Configuration Methods ## Overview of Configuration Methods

6
docs/ref/getting-started/deployment/deployment.md
View File

@ -1,6 +1,6 @@
# Reference Manual - Deployment # Reference Manual - Deployment
This section provides detailed instructions for deploying Wazuh-Docker (version 4.14.0) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments. This section provides detailed instructions for deploying Wazuh-Docker (version 5.0.0) in various configurations. Choose the deployment model that best suits your needs, from simple single-node setups for testing to more robust multi-node configurations for production environments.
## Overview of Deployment Options ## Overview of Deployment Options
@ -24,11 +24,11 @@ Ensure you have:
- Met all the [System Requirements](ref/getting-started/requirements.md). - Met all the [System Requirements](ref/getting-started/requirements.md).
- Installed Docker and Docker Compose on your host(s). - Installed Docker and Docker Compose on your host(s).
- Cloned the `wazuh-docker` repository (version `4.14.0`) or downloaded the necessary deployment files. - Cloned the `wazuh-docker` repository (version `5.0.0`) or downloaded the necessary deployment files.
```bash ```bash
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git) git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
cd wazuh-docker cd wazuh-docker
git checkout v4.14.0 git checkout v5.0.0
``` ```
- Made a backup of any existing Wazuh data if you are migrating or upgrading. - Made a backup of any existing Wazuh data if you are migrating or upgrading.

6
docs/ref/getting-started/getting-started.md
View File

@ -1,6 +1,6 @@
# Reference Manual - Getting Started # Reference Manual - Getting Started
This section guides you through the initial steps to get your Wazuh-docker (version 4.14.0) environment up and running. We will cover the prerequisites and point you to the deployment instructions. This section guides you through the initial steps to get your Wazuh-docker (version 5.0.0) environment up and running. We will cover the prerequisites and point you to the deployment instructions.
## Overview ## Overview
@ -27,11 +27,11 @@ Before diving into the deployment, please ensure you have reviewed:
Verify that your host system has sufficient RAM, CPU, and disk space. Ensure Docker and Docker Compose are installed and functioning correctly. Verify that your host system has sufficient RAM, CPU, and disk space. Ensure Docker and Docker Compose are installed and functioning correctly.
2. **Obtain Wazuh-docker Configuration**: 2. **Obtain Wazuh-docker Configuration**:
You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 4.14.0. You'll need the Docker Compose files and any associated configuration files from the `wazuh-docker` repository for version 5.0.0.
```bash ```bash
git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git) git clone [https://github.com/wazuh/wazuh-docker.git](https://github.com/wazuh/wazuh-docker.git)
cd wazuh-docker cd wazuh-docker
git checkout v4.14.0 git checkout v5.0.0
# Navigate to the specific docker-compose directory, e.g., single-node or multi-node # Navigate to the specific docker-compose directory, e.g., single-node or multi-node
# cd docker-compose/single-node/ (example path) # cd docker-compose/single-node/ (example path)
``` ```

2
docs/ref/getting-started/requirements.md
View File

@ -1,6 +1,6 @@
# Reference Manual - Requirements # Reference Manual - Requirements
Before deploying Wazuh-Docker (version 4.14.0), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment. Before deploying Wazuh-Docker (version 5.0.0), it's essential to ensure your environment meets the necessary hardware and software requirements. Meeting these prerequisites will help ensure a stable and performant Wazuh deployment.
## Host System Requirements ## Host System Requirements

6
docs/ref/glossary.md
View File

@ -1,6 +1,6 @@
# Reference Manual - Glossary # Reference Manual - Glossary
This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 4.14.0). This glossary defines key terms and concepts related to Wazuh, Docker, and their use together in the Wazuh-Docker project (version 5.0.0).
--- ---
@ -22,7 +22,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
**D** **D**
- **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 4.14.0, this is typically OpenSearch Dashboards. - **Dashboard (Wazuh Dashboard / OpenSearch Dashboards / Kibana)**: A web-based visualization tool used to explore, analyze, and visualize data stored in the Wazuh Indexer. It provides dashboards, visualizations, and a query interface for security events and alerts. For Wazuh 5.0.0, this is typically OpenSearch Dashboards.
- **Decoder**: A component in the Wazuh Manager that parses and extracts relevant information (fields) from raw log messages or event data. - **Decoder**: A component in the Wazuh Manager that parses and extracts relevant information (fields) from raw log messages or event data.
- **Docker**: An open platform for developing, shipping, and running applications inside containers. - **Docker**: An open platform for developing, shipping, and running applications inside containers.
- **Docker Compose**: A tool for defining and running multi-container Docker applications. It uses a YAML file (`docker-compose.yml`) to configure the application's services, networks, and volumes. - **Docker Compose**: A tool for defining and running multi-container Docker applications. It uses a YAML file (`docker-compose.yml`) to configure the application's services, networks, and volumes.
@ -42,7 +42,7 @@ This glossary defines key terms and concepts related to Wazuh, Docker, and their
**I** **I**
- **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 4.14.0, this is typically OpenSearch. - **Indexer (Wazuh Indexer / OpenSearch / Elasticsearch)**: The component responsible for storing, indexing, and making searchable the alerts and event data generated by the Wazuh Manager. For Wazuh 5.0.0, this is typically OpenSearch.
**L** **L**

4
indexer-certs-creator/Dockerfile
View File

@ -1,7 +1,7 @@
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
FROM ubuntu:focal FROM amazonlinux:2023
RUN apt-get update && apt-get install openssl curl -y RUN yum update -y && yum install openssl curl-minimal -y
WORKDIR / WORKDIR /

2
indexer-certs-creator/README.md
View File

@ -5,5 +5,5 @@ The dockerfile hosted in this directory is used to build the image used to boot
To create the image, the following command must be executed: To create the image, the following command must be executed:
``` ```
$ docker build -t wazuh/wazuh-certs-generator:0.0.2 . $ docker build -t wazuh/wazuh-certs-generator:0.0.3 .
``` ```

34
indexer-certs-creator/config/entrypoint.sh
View File

@ -8,20 +8,27 @@
## Variables ## Variables
CERT_TOOL=wazuh-certs-tool.sh CERT_TOOL=wazuh-certs-tool.sh
PASSWORD_TOOL=wazuh-passwords-tool.sh PASSWORD_TOOL=wazuh-passwords-tool.sh
PACKAGES_URL=https://packages.wazuh.com/4.14/ PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/4.14/ PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/
## Check if the cert tool exists in S3 buckets OUTPUT_FILE="/$CERT_TOOL"
CERT_TOOL_PACKAGES=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_URL$CERT_TOOL")
CERT_TOOL_PACKAGES_DEV=$(curl --silent --head --location --output /dev/null --write-out "%{http_code}" "$PACKAGES_DEV_URL$CERT_TOOL")
## If cert tool exists in some bucket, download it, if not exit 1 download_package() {
if [ "$CERT_TOOL_PACKAGES" = "200" ]; then local url=$1
curl -o $CERT_TOOL $PACKAGES_URL$CERT_TOOL -s echo "Checking $url$CERT_TOOL ..."
echo "The tool to create the certificates exists in the in Packages bucket" if curl -fsL "$url$CERT_TOOL" -o "$OUTPUT_FILE"; then
elif [ "$CERT_TOOL_PACKAGES_DEV" = "200" ]; then echo "Downloaded $CERT_TOOL from $url"
curl -o $CERT_TOOL $PACKAGES_DEV_URL$CERT_TOOL -s return 0
echo "The tool to create the certificates exists in Packages-dev bucket" else
return 1
fi
}
# Try first the prod URL, if it fails try the dev URL
if download_package "$PACKAGES_URL"; then
:
elif download_package "$PACKAGES_DEV_URL"; then
:
else else
echo "The tool to create the certificates does not exist in any bucket" echo "The tool to create the certificates does not exist in any bucket"
echo "ERROR: certificates were not created" echo "ERROR: certificates were not created"
@ -29,8 +36,7 @@ else
fi fi
cp /config/certs.yml /config.yml cp /config/certs.yml /config.yml
chmod 700 "$OUTPUT_FILE"
chmod 700 /$CERT_TOOL
############################################################################## ##############################################################################
# Creating Cluster certificates # Creating Cluster certificates

52
multi-node/Migration-to-Wazuh-4.4.md
View File

@ -80,13 +80,6 @@ docker volume create \
multi-node_master-wazuh-var-multigroups multi-node_master-wazuh-var-multigroups
``` ```
``` ```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-integrations \
multi-node_master-wazuh-integrations
```
```
docker volume create \ docker volume create \
--label com.docker.compose.project=multi-node \ --label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \ --label com.docker.compose.version=1.25.0 \
@ -94,13 +87,6 @@ docker volume create \
multi-node_master-wazuh-active-response multi-node_master-wazuh-active-response
``` ```
``` ```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=master-wazuh-agentless \
multi-node_master-wazuh-agentless
```
```
docker volume create \ docker volume create \
--label com.docker.compose.project=multi-node \ --label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \ --label com.docker.compose.version=1.25.0 \
@ -157,13 +143,6 @@ docker volume create \
multi-node_worker-wazuh-var-multigroups multi-node_worker-wazuh-var-multigroups
``` ```
``` ```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-integrations \
multi-node_worker-wazuh-integrations
```
```
docker volume create \ docker volume create \
--label com.docker.compose.project=multi-node \ --label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \ --label com.docker.compose.version=1.25.0 \
@ -171,13 +150,6 @@ docker volume create \
multi-node_worker-wazuh-active-response multi-node_worker-wazuh-active-response
``` ```
``` ```
docker volume create \
--label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \
--label com.docker.compose.volume=worker-wazuh-agentless \
multi-node_worker-wazuh-agentless
```
```
docker volume create \ docker volume create \
--label com.docker.compose.project=multi-node \ --label com.docker.compose.project=multi-node \
--label com.docker.compose.version=1.25.0 \ --label com.docker.compose.version=1.25.0 \
@ -248,24 +220,12 @@ docker container run --rm -it \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
``` ```
``` ```
docker container run --rm -it \
-v wazuh-docker_ossec-integrations:/from \
-v multi-node_master-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_ossec-active-response:/from \ -v wazuh-docker_ossec-active-response:/from \
-v multi-node_master-wazuh-active-response:/to \ -v multi-node_master-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
``` ```
``` ```
docker container run --rm -it \
-v wazuh-docker_ossec-agentless:/from \
-v multi-node_master-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_ossec-wodles:/from \ -v wazuh-docker_ossec-wodles:/from \
-v multi-node_master-wazuh-wodles:/to \ -v multi-node_master-wazuh-wodles:/to \
@ -314,24 +274,12 @@ docker container run --rm -it \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
``` ```
``` ```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-integrations:/from \
-v multi-node_worker-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_worker-ossec-active-response:/from \ -v wazuh-docker_worker-ossec-active-response:/from \
-v multi-node_worker-wazuh-active-response:/to \ -v multi-node_worker-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
``` ```
``` ```
docker container run --rm -it \
-v wazuh-docker_worker-ossec-agentless:/from \
-v multi-node_worker-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
```
```
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_worker-ossec-wodles:/from \ -v wazuh-docker_worker-ossec-wodles:/from \
-v multi-node_worker-wazuh-wodles:/to \ -v multi-node_worker-wazuh-wodles:/to \

81
multi-node/config/wazuh_cluster/wazuh_manager.conf
View File

@ -1,24 +1,10 @@
<ossec_config> <ossec_config>
<global> <global>
<jsonout_output>yes</jsonout_output> <agents_disconnection_time>15m</agents_disconnection_time>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>no</email_notification>
<smtp_server>smtp.example.wazuh.com</smtp_server>
<email_from>wazuh@example.wazuh.com</email_from>
<email_to>recipient@example.wazuh.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time> <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
<update_check>yes</update_check>
</global> </global>
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs --> <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging> <logging>
<log_format>plain</log_format> <log_format>plain</log_format>
@ -34,8 +20,6 @@
<!-- Policy monitoring --> <!-- Policy monitoring -->
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev> <check_dev>yes</check_dev>
<check_sys>yes</check_sys> <check_sys>yes</check_sys>
<check_pids>yes</check_pids> <check_pids>yes</check_pids>
@ -45,31 +29,12 @@
<!-- Frequency that rootcheck is executed - every 12 hours --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency> <frequency>43200</frequency>
<rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
<rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
<ignore>/var/lib/containerd</ignore>
<ignore>/var/lib/docker/overlay2</ignore>
</rootcheck> </rootcheck>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<!-- System inventory --> <!-- System inventory -->
<wodle name="syscollector"> <wodle name="syscollector">
<disabled>no</disabled> <disabled>no</disabled>
@ -81,9 +46,15 @@
<packages>yes</packages> <packages>yes</packages>
<ports all="yes">yes</ports> <ports all="yes">yes</ports>
<processes>yes</processes> <processes>yes</processes>
<users>yes</users>
<groups>yes</groups>
<services>yes</services>
<browser_extensions>yes</browser_extensions>
<!-- Database synchronization settings --> <!-- Database synchronization settings -->
<synchronization> <synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_eps>10</max_eps> <max_eps>10</max_eps>
</synchronization> </synchronization>
</wodle> </wodle>
@ -92,7 +63,13 @@
<enabled>yes</enabled> <enabled>yes</enabled>
<scan_on_start>yes</scan_on_start> <scan_on_start>yes</scan_on_start>
<interval>12h</interval> <interval>12h</interval>
<skip_nfs>yes</skip_nfs>
<!-- Database synchronization settings -->
<synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_eps>10</max_eps>
</synchronization>
</sca> </sca>
<vulnerability-detection> <vulnerability-detection>
@ -124,8 +101,6 @@
<!-- Frequency that syscheck is executed default every 12 hours --> <!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency> <frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Generate alert when new file detected --> <!-- Generate alert when new file detected -->
<alert_new_files>yes</alert_new_files> <alert_new_files>yes</alert_new_files>
@ -165,13 +140,12 @@
<process_priority>10</process_priority> <process_priority>10</process_priority>
<!-- Maximum output throughput --> <!-- Maximum output throughput -->
<max_eps>100</max_eps> <max_eps>50</max_eps>
<!-- Database synchronization settings --> <!-- Database synchronization settings -->
<synchronization> <synchronization>
<enabled>yes</enabled> <enabled>yes</enabled>
<interval>5m</interval> <interval>5m</interval>
<max_interval>1h</max_interval>
<max_eps>10</max_eps> <max_eps>10</max_eps>
</synchronization> </synchronization>
</syscheck> </syscheck>
@ -266,13 +240,6 @@
<rule_dir>etc/rules</rule_dir> <rule_dir>etc/rules</rule_dir>
</ruleset> </ruleset>
<rule_test>
<enabled>yes</enabled>
<threads>1</threads>
<max_sessions>64</max_sessions>
<session_timeout>15m</session_timeout>
</rule_test>
<!-- Configuration for wazuh-authd --> <!-- Configuration for wazuh-authd -->
<auth> <auth>
<disabled>no</disabled> <disabled>no</disabled>
@ -305,6 +272,16 @@
</ossec_config> </ossec_config>
<ossec_config> <ossec_config>
<localfile>
<log_format>journald</log_format>
<location>journald</location>
</localfile>
<localfile>
<log_format>audit</log_format>
<location>/var/log/audit/audit.log</location>
</localfile>
<localfile> <localfile>
<log_format>syslog</log_format> <log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location> <location>/var/ossec/logs/active-responses.log</location>

81
multi-node/config/wazuh_cluster/wazuh_worker.conf
View File

@ -1,24 +1,10 @@
<ossec_config> <ossec_config>
<global> <global>
<jsonout_output>yes</jsonout_output> <agents_disconnection_time>15m</agents_disconnection_time>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>no</email_notification>
<smtp_server>smtp.example.wazuh.com</smtp_server>
<email_from>wazuh@example.wazuh.com</email_from>
<email_to>recipient@example.wazuh.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time> <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
<update_check>yes</update_check>
</global> </global>
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs --> <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging> <logging>
<log_format>plain</log_format> <log_format>plain</log_format>
@ -34,8 +20,6 @@
<!-- Policy monitoring --> <!-- Policy monitoring -->
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev> <check_dev>yes</check_dev>
<check_sys>yes</check_sys> <check_sys>yes</check_sys>
<check_pids>yes</check_pids> <check_pids>yes</check_pids>
@ -45,31 +29,12 @@
<!-- Frequency that rootcheck is executed - every 12 hours --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency> <frequency>43200</frequency>
<rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
<rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
<ignore>/var/lib/containerd</ignore>
<ignore>/var/lib/docker/overlay2</ignore>
</rootcheck> </rootcheck>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<!-- System inventory --> <!-- System inventory -->
<wodle name="syscollector"> <wodle name="syscollector">
<disabled>no</disabled> <disabled>no</disabled>
@ -81,9 +46,15 @@
<packages>yes</packages> <packages>yes</packages>
<ports all="yes">yes</ports> <ports all="yes">yes</ports>
<processes>yes</processes> <processes>yes</processes>
<users>yes</users>
<groups>yes</groups>
<services>yes</services>
<browser_extensions>yes</browser_extensions>
<!-- Database synchronization settings --> <!-- Database synchronization settings -->
<synchronization> <synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_eps>10</max_eps> <max_eps>10</max_eps>
</synchronization> </synchronization>
</wodle> </wodle>
@ -92,7 +63,13 @@
<enabled>yes</enabled> <enabled>yes</enabled>
<scan_on_start>yes</scan_on_start> <scan_on_start>yes</scan_on_start>
<interval>12h</interval> <interval>12h</interval>
<skip_nfs>yes</skip_nfs>
<!-- Database synchronization settings -->
<synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_eps>10</max_eps>
</synchronization>
</sca> </sca>
<vulnerability-detection> <vulnerability-detection>
@ -124,8 +101,6 @@
<!-- Frequency that syscheck is executed default every 12 hours --> <!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency> <frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Generate alert when new file detected --> <!-- Generate alert when new file detected -->
<alert_new_files>yes</alert_new_files> <alert_new_files>yes</alert_new_files>
@ -165,13 +140,12 @@
<process_priority>10</process_priority> <process_priority>10</process_priority>
<!-- Maximum output throughput --> <!-- Maximum output throughput -->
<max_eps>100</max_eps> <max_eps>50</max_eps>
<!-- Database synchronization settings --> <!-- Database synchronization settings -->
<synchronization> <synchronization>
<enabled>yes</enabled> <enabled>yes</enabled>
<interval>5m</interval> <interval>5m</interval>
<max_interval>1h</max_interval>
<max_eps>10</max_eps> <max_eps>10</max_eps>
</synchronization> </synchronization>
</syscheck> </syscheck>
@ -266,13 +240,6 @@
<rule_dir>etc/rules</rule_dir> <rule_dir>etc/rules</rule_dir>
</ruleset> </ruleset>
<rule_test>
<enabled>yes</enabled>
<threads>1</threads>
<max_sessions>64</max_sessions>
<session_timeout>15m</session_timeout>
</rule_test>
<!-- Configuration for wazuh-authd --> <!-- Configuration for wazuh-authd -->
<auth> <auth>
<disabled>no</disabled> <disabled>no</disabled>
@ -305,6 +272,16 @@
</ossec_config> </ossec_config>
<ossec_config> <ossec_config>
<localfile>
<log_format>journald</log_format>
<location>journald</location>
</localfile>
<localfile>
<log_format>audit</log_format>
<location>/var/log/audit/audit.log</location>
</localfile>
<localfile> <localfile>
<log_format>syslog</log_format> <log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location> <location>/var/ossec/logs/active-responses.log</location>

2
multi-node/config/wazuh_dashboard/opensearch_dashboards.yml
View File

@ -2,7 +2,7 @@ server.host: 0.0.0.0
server.port: 5601 server.port: 5601
opensearch.hosts: https://wazuh1.indexer:9200 opensearch.hosts: https://wazuh1.indexer:9200
opensearch.ssl.verificationMode: certificate opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"] opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true server.ssl.enabled: true

3
multi-node/config/wazuh_indexer/wazuh1.indexer.yml
View File

@ -1,6 +1,6 @@
network.host: wazuh1.indexer network.host: wazuh1.indexer
node.name: wazuh1.indexer node.name: wazuh1.indexer
cluster.initial_master_nodes: cluster.initial_cluster_manager_nodes:
- wazuh1.indexer - wazuh1.indexer
- wazuh2.indexer - wazuh2.indexer
- wazuh3.indexer - wazuh3.indexer
@ -35,4 +35,3 @@ plugins.security.restapi.roles_enabled:
- "security_rest_api_access" - "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false cluster.routing.allocation.disk.threshold_enabled: false
compatibility.override_main_response_version: true

3
multi-node/config/wazuh_indexer/wazuh2.indexer.yml
View File

@ -1,6 +1,6 @@
network.host: wazuh2.indexer network.host: wazuh2.indexer
node.name: wazuh2.indexer node.name: wazuh2.indexer
cluster.initial_master_nodes: cluster.initial_cluster_manager_nodes:
- wazuh1.indexer - wazuh1.indexer
- wazuh2.indexer - wazuh2.indexer
- wazuh3.indexer - wazuh3.indexer
@ -35,4 +35,3 @@ plugins.security.restapi.roles_enabled:
- "security_rest_api_access" - "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false cluster.routing.allocation.disk.threshold_enabled: false
compatibility.override_main_response_version: true

3
multi-node/config/wazuh_indexer/wazuh3.indexer.yml
View File

@ -1,6 +1,6 @@
network.host: wazuh3.indexer network.host: wazuh3.indexer
node.name: wazuh3.indexer node.name: wazuh3.indexer
cluster.initial_master_nodes: cluster.initial_cluster_manager_nodes:
- wazuh1.indexer - wazuh1.indexer
- wazuh2.indexer - wazuh2.indexer
- wazuh3.indexer - wazuh3.indexer
@ -35,4 +35,3 @@ plugins.security.restapi.roles_enabled:
- "security_rest_api_access" - "security_rest_api_access"
plugins.security.allow_default_init_securityindex: true plugins.security.allow_default_init_securityindex: true
cluster.routing.allocation.disk.threshold_enabled: false cluster.routing.allocation.disk.threshold_enabled: false
compatibility.override_main_response_version: true

20
multi-node/docker-compose.yml
View File

@ -1,7 +1,7 @@
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services: services:
wazuh.master: wazuh.master:
image: wazuh/wazuh-manager:4.14.0 image: wazuh/wazuh-manager:5.0.0
hostname: wazuh.master hostname: wazuh.master
restart: always restart: always
ulimits: ulimits:
@ -31,9 +31,7 @@ services:
- master-wazuh-logs:/var/ossec/logs - master-wazuh-logs:/var/ossec/logs
- master-wazuh-queue:/var/ossec/queue - master-wazuh-queue:/var/ossec/queue
- master-wazuh-var-multigroups:/var/ossec/var/multigroups - master-wazuh-var-multigroups:/var/ossec/var/multigroups
- master-wazuh-integrations:/var/ossec/integrations
- master-wazuh-active-response:/var/ossec/active-response/bin - master-wazuh-active-response:/var/ossec/active-response/bin
- master-wazuh-agentless:/var/ossec/agentless
- master-wazuh-wodles:/var/ossec/wodles - master-wazuh-wodles:/var/ossec/wodles
- master-filebeat-etc:/etc/filebeat - master-filebeat-etc:/etc/filebeat
- master-filebeat-var:/var/lib/filebeat - master-filebeat-var:/var/lib/filebeat
@ -43,7 +41,7 @@ services:
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.worker: wazuh.worker:
image: wazuh/wazuh-manager:4.14.0 image: wazuh/wazuh-manager:5.0.0
hostname: wazuh.worker hostname: wazuh.worker
restart: always restart: always
ulimits: ulimits:
@ -67,9 +65,7 @@ services:
- worker-wazuh-logs:/var/ossec/logs - worker-wazuh-logs:/var/ossec/logs
- worker-wazuh-queue:/var/ossec/queue - worker-wazuh-queue:/var/ossec/queue
- worker-wazuh-var-multigroups:/var/ossec/var/multigroups - worker-wazuh-var-multigroups:/var/ossec/var/multigroups
- worker-wazuh-integrations:/var/ossec/integrations
- worker-wazuh-active-response:/var/ossec/active-response/bin - worker-wazuh-active-response:/var/ossec/active-response/bin
- worker-wazuh-agentless:/var/ossec/agentless
- worker-wazuh-wodles:/var/ossec/wodles - worker-wazuh-wodles:/var/ossec/wodles
- worker-filebeat-etc:/etc/filebeat - worker-filebeat-etc:/etc/filebeat
- worker-filebeat-var:/var/lib/filebeat - worker-filebeat-var:/var/lib/filebeat
@ -79,7 +75,7 @@ services:
- ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf - ./config/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
wazuh1.indexer: wazuh1.indexer:
image: wazuh/wazuh-indexer:4.14.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh1.indexer hostname: wazuh1.indexer
restart: always restart: always
ports: ports:
@ -105,7 +101,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
wazuh2.indexer: wazuh2.indexer:
image: wazuh/wazuh-indexer:4.14.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh2.indexer hostname: wazuh2.indexer
restart: always restart: always
environment: environment:
@ -127,7 +123,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
wazuh3.indexer: wazuh3.indexer:
image: wazuh/wazuh-indexer:4.14.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh3.indexer hostname: wazuh3.indexer
restart: always restart: always
environment: environment:
@ -149,7 +145,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
wazuh.dashboard: wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.14.0 image: wazuh/wazuh-dashboard:5.0.0
hostname: wazuh.dashboard hostname: wazuh.dashboard
restart: always restart: always
ports: ports:
@ -198,9 +194,7 @@ volumes:
master-wazuh-logs: master-wazuh-logs:
master-wazuh-queue: master-wazuh-queue:
master-wazuh-var-multigroups: master-wazuh-var-multigroups:
master-wazuh-integrations:
master-wazuh-active-response: master-wazuh-active-response:
master-wazuh-agentless:
master-wazuh-wodles: master-wazuh-wodles:
master-filebeat-etc: master-filebeat-etc:
master-filebeat-var: master-filebeat-var:
@ -209,9 +203,7 @@ volumes:
worker-wazuh-logs: worker-wazuh-logs:
worker-wazuh-queue: worker-wazuh-queue:
worker-wazuh-var-multigroups: worker-wazuh-var-multigroups:
worker-wazuh-integrations:
worker-wazuh-active-response: worker-wazuh-active-response:
worker-wazuh-agentless:
worker-wazuh-wodles: worker-wazuh-wodles:
worker-filebeat-etc: worker-filebeat-etc:
worker-filebeat-var: worker-filebeat-var:

4
multi-node/generate-indexer-certs.yml
View File

@ -1,8 +1,10 @@
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services: services:
generator: generator:
image: wazuh/wazuh-certs-generator:0.0.2 image: wazuh/wazuh-certs-generator:0.0.3
hostname: wazuh-certs-generator hostname: wazuh-certs-generator
environment:
- CERT_TOOL_VERSION=4.14
volumes: volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/wazuh_indexer_ssl_certs/:/certificates/
- ./config/certs.yml:/config/certs.yml - ./config/certs.yml:/config/certs.yml

44
multi-node/volume-migrator.sh
View File

@ -46,24 +46,12 @@ docker volume create \
--label com.docker.compose.volume=master-wazuh-var-multigroups \ --label com.docker.compose.volume=master-wazuh-var-multigroups \
$2_master-wazuh-var-multigroups $2_master-wazuh-var-multigroups
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-integrations \
$2_master-wazuh-integrations
docker volume create \ docker volume create \
--label com.docker.compose.project=$2 \ --label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \ --label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-active-response \ --label com.docker.compose.volume=master-wazuh-active-response \
$2_master-wazuh-active-response $2_master-wazuh-active-response
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=master-wazuh-agentless \
$2_master-wazuh-agentless
docker volume create \ docker volume create \
--label com.docker.compose.project=$2 \ --label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \ --label com.docker.compose.version=$1 \
@ -112,24 +100,12 @@ docker volume create \
--label com.docker.compose.volume=worker-wazuh-var-multigroups \ --label com.docker.compose.volume=worker-wazuh-var-multigroups \
$2_worker-wazuh-var-multigroups $2_worker-wazuh-var-multigroups
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-integrations \
$2_worker-wazuh-integrations
docker volume create \ docker volume create \
--label com.docker.compose.project=$2 \ --label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \ --label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-active-response \ --label com.docker.compose.volume=worker-wazuh-active-response \
$2_worker-wazuh-active-response $2_worker-wazuh-active-response
docker volume create \
--label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \
--label com.docker.compose.volume=worker-wazuh-agentless \
$2_worker-wazuh-agentless
docker volume create \ docker volume create \
--label com.docker.compose.project=$2 \ --label com.docker.compose.project=$2 \
--label com.docker.compose.version=$1 \ --label com.docker.compose.version=$1 \
@ -193,21 +169,11 @@ docker container run --rm -it \
-v $2_master-wazuh-var-multigroups:/to \ -v $2_master-wazuh-var-multigroups:/to \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-integrations:/from \
-v $2_master-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_ossec-active-response:/from \ -v wazuh-docker_ossec-active-response:/from \
-v $2_master-wazuh-active-response:/to \ -v $2_master-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_ossec-agentless:/from \
-v $2_master-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_ossec-wodles:/from \ -v wazuh-docker_ossec-wodles:/from \
-v $2_master-wazuh-wodles:/to \ -v $2_master-wazuh-wodles:/to \
@ -248,21 +214,11 @@ docker container run --rm -it \
-v $2_worker-wazuh-var-multigroups:/to \ -v $2_worker-wazuh-var-multigroups:/to \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-integrations:/from \
-v $2_worker-wazuh-integrations:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_worker-ossec-active-response:/from \ -v wazuh-docker_worker-ossec-active-response:/from \
-v $2_worker-wazuh-active-response:/to \ -v $2_worker-wazuh-active-response:/to \
alpine ash -c "cd /from ; cp -avp . /to" alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \
-v wazuh-docker_worker-ossec-agentless:/from \
-v $2_worker-wazuh-agentless:/to \
alpine ash -c "cd /from ; cp -avp . /to"
docker container run --rm -it \ docker container run --rm -it \
-v wazuh-docker_worker-ossec-wodles:/from \ -v wazuh-docker_worker-ossec-wodles:/from \
-v $2_worker-wazuh-wodles:/to \ -v $2_worker-wazuh-wodles:/to \

81
single-node/config/wazuh_cluster/wazuh_manager.conf
View File

@ -1,24 +1,10 @@
<ossec_config> <ossec_config>
<global> <global>
<jsonout_output>yes</jsonout_output> <agents_disconnection_time>15m</agents_disconnection_time>
<alerts_log>yes</alerts_log>
<logall>no</logall>
<logall_json>no</logall_json>
<email_notification>no</email_notification>
<smtp_server>smtp.example.wazuh.com</smtp_server>
<email_from>wazuh@example.wazuh.com</email_from>
<email_to>recipient@example.wazuh.com</email_to>
<email_maxperhour>12</email_maxperhour>
<email_log_source>alerts.log</email_log_source>
<agents_disconnection_time>10m</agents_disconnection_time>
<agents_disconnection_alert_time>0</agents_disconnection_alert_time> <agents_disconnection_alert_time>0</agents_disconnection_alert_time>
<update_check>yes</update_check>
</global> </global>
<alerts>
<log_alert_level>3</log_alert_level>
<email_alert_level>12</email_alert_level>
</alerts>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs --> <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging> <logging>
<log_format>plain</log_format> <log_format>plain</log_format>
@ -34,8 +20,6 @@
<!-- Policy monitoring --> <!-- Policy monitoring -->
<rootcheck> <rootcheck>
<disabled>no</disabled> <disabled>no</disabled>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev> <check_dev>yes</check_dev>
<check_sys>yes</check_sys> <check_sys>yes</check_sys>
<check_pids>yes</check_pids> <check_pids>yes</check_pids>
@ -45,31 +29,12 @@
<!-- Frequency that rootcheck is executed - every 12 hours --> <!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency> <frequency>43200</frequency>
<rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
<rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
<skip_nfs>yes</skip_nfs> <skip_nfs>yes</skip_nfs>
<ignore>/var/lib/containerd</ignore>
<ignore>/var/lib/docker/overlay2</ignore>
</rootcheck> </rootcheck>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<!-- System inventory --> <!-- System inventory -->
<wodle name="syscollector"> <wodle name="syscollector">
<disabled>no</disabled> <disabled>no</disabled>
@ -81,9 +46,15 @@
<packages>yes</packages> <packages>yes</packages>
<ports all="yes">yes</ports> <ports all="yes">yes</ports>
<processes>yes</processes> <processes>yes</processes>
<users>yes</users>
<groups>yes</groups>
<services>yes</services>
<browser_extensions>yes</browser_extensions>
<!-- Database synchronization settings --> <!-- Database synchronization settings -->
<synchronization> <synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_eps>10</max_eps> <max_eps>10</max_eps>
</synchronization> </synchronization>
</wodle> </wodle>
@ -92,7 +63,13 @@
<enabled>yes</enabled> <enabled>yes</enabled>
<scan_on_start>yes</scan_on_start> <scan_on_start>yes</scan_on_start>
<interval>12h</interval> <interval>12h</interval>
<skip_nfs>yes</skip_nfs>
<!-- Database synchronization settings -->
<synchronization>
<enabled>yes</enabled>
<interval>5m</interval>
<max_eps>10</max_eps>
</synchronization>
</sca> </sca>
<vulnerability-detection> <vulnerability-detection>
@ -122,8 +99,6 @@
<!-- Frequency that syscheck is executed default every 12 hours --> <!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency> <frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Generate alert when new file detected --> <!-- Generate alert when new file detected -->
<alert_new_files>yes</alert_new_files> <alert_new_files>yes</alert_new_files>
@ -163,13 +138,12 @@
<process_priority>10</process_priority> <process_priority>10</process_priority>
<!-- Maximum output throughput --> <!-- Maximum output throughput -->
<max_eps>100</max_eps> <max_eps>50</max_eps>
<!-- Database synchronization settings --> <!-- Database synchronization settings -->
<synchronization> <synchronization>
<enabled>yes</enabled> <enabled>yes</enabled>
<interval>5m</interval> <interval>5m</interval>
<max_interval>1h</max_interval>
<max_eps>10</max_eps> <max_eps>10</max_eps>
</synchronization> </synchronization>
</syscheck> </syscheck>
@ -264,13 +238,6 @@
<rule_dir>etc/rules</rule_dir> <rule_dir>etc/rules</rule_dir>
</ruleset> </ruleset>
<rule_test>
<enabled>yes</enabled>
<threads>1</threads>
<max_sessions>64</max_sessions>
<session_timeout>15m</session_timeout>
</rule_test>
<!-- Configuration for wazuh-authd --> <!-- Configuration for wazuh-authd -->
<auth> <auth>
<disabled>no</disabled> <disabled>no</disabled>
@ -303,6 +270,16 @@
</ossec_config> </ossec_config>
<ossec_config> <ossec_config>
<localfile>
<log_format>journald</log_format>
<location>journald</location>
</localfile>
<localfile>
<log_format>audit</log_format>
<location>/var/log/audit/audit.log</location>
</localfile>
<localfile> <localfile>
<log_format>syslog</log_format> <log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location> <location>/var/ossec/logs/active-responses.log</location>

2
single-node/config/wazuh_dashboard/opensearch_dashboards.yml
View File

@ -2,7 +2,7 @@ server.host: 0.0.0.0
server.port: 5601 server.port: 5601
opensearch.hosts: https://wazuh.indexer:9200 opensearch.hosts: https://wazuh.indexer:9200
opensearch.ssl.verificationMode: certificate opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"] opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true server.ssl.enabled: true

13
single-node/config/wazuh_indexer/wazuh.indexer.yml
View File

@ -6,13 +6,12 @@ path.logs: /var/log/wazuh-indexer
discovery.type: single-node discovery.type: single-node
http.port: 9200-9299 http.port: 9200-9299
transport.tcp.port: 9300-9399 transport.tcp.port: 9300-9399
compatibility.override_main_response_version: true plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
plugins.security.ssl.http.enabled: true plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false plugins.security.ssl.transport.resolve_hostname: false

10
single-node/docker-compose.yml
View File

@ -1,7 +1,7 @@
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services: services:
wazuh.manager: wazuh.manager:
image: wazuh/wazuh-manager:4.14.0 image: wazuh/wazuh-manager:5.0.0
hostname: wazuh.manager hostname: wazuh.manager
restart: always restart: always
ulimits: ulimits:
@ -32,9 +32,7 @@ services:
- wazuh_logs:/var/ossec/logs - wazuh_logs:/var/ossec/logs
- wazuh_queue:/var/ossec/queue - wazuh_queue:/var/ossec/queue
- wazuh_var_multigroups:/var/ossec/var/multigroups - wazuh_var_multigroups:/var/ossec/var/multigroups
- wazuh_integrations:/var/ossec/integrations
- wazuh_active_response:/var/ossec/active-response/bin - wazuh_active_response:/var/ossec/active-response/bin
- wazuh_agentless:/var/ossec/agentless
- wazuh_wodles:/var/ossec/wodles - wazuh_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat - filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat - filebeat_var:/var/lib/filebeat
@ -44,7 +42,7 @@ services:
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.indexer: wazuh.indexer:
image: wazuh/wazuh-indexer:4.14.0 image: wazuh/wazuh-indexer:5.0.0
hostname: wazuh.indexer hostname: wazuh.indexer
restart: always restart: always
ports: ports:
@ -69,7 +67,7 @@ services:
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/config/opensearch-security/internal_users.yml
wazuh.dashboard: wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.14.0 image: wazuh/wazuh-dashboard:5.0.0
hostname: wazuh.dashboard hostname: wazuh.dashboard
restart: always restart: always
ports: ports:
@ -102,9 +100,7 @@ volumes:
wazuh_logs: wazuh_logs:
wazuh_queue: wazuh_queue:
wazuh_var_multigroups: wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response: wazuh_active_response:
wazuh_agentless:
wazuh_wodles: wazuh_wodles:
filebeat_etc: filebeat_etc:
filebeat_var: filebeat_var:

4
single-node/generate-indexer-certs.yml
View File

@ -1,8 +1,10 @@
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services: services:
generator: generator:
image: wazuh/wazuh-certs-generator:0.0.2 image: wazuh/wazuh-certs-generator:0.0.3
hostname: wazuh-certs-generator hostname: wazuh-certs-generator
environment:
- CERT_TOOL_VERSION=4.14
volumes: volumes:
- ./config/wazuh_indexer_ssl_certs/:/certificates/ - ./config/wazuh_indexer_ssl_certs/:/certificates/
- ./config/certs.yml:/config/certs.yml - ./config/certs.yml:/config/certs.yml

2
wazuh-agent/docker-compose.yml
View File

@ -1,7 +1,7 @@
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
services: services:
wazuh.agent: wazuh.agent:
image: wazuh/wazuh-agent:4.14.0 image: wazuh/wazuh-agent:5.0.0
restart: always restart: always
environment: environment:
- WAZUH_MANAGER_SERVER=<WAZUH_MANAGER_IP> - WAZUH_MANAGER_SERVER=<WAZUH_MANAGER_IP>