diff --git a/build-docker-images/wazuh-indexer/config/entrypoint.sh b/build-docker-images/wazuh-indexer/config/entrypoint.sh index 2acb4aa0..24d00fae 100644 --- a/build-docker-images/wazuh-indexer/config/entrypoint.sh +++ b/build-docker-images/wazuh-indexer/config/entrypoint.sh @@ -7,12 +7,272 @@ umask 0002 export USER=wazuh-indexer export INSTALLATION_DIR=/usr/share/wazuh-indexer export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR} -export JAVA_HOME=${INSTALLATION_DIR}/jdk -export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml) export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem" export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem" +opensearch_vars=( + cluster.name + node.name + node.roles + path.data + path.logs + bootstrap.memory_lock + network.host + http.port + transport.port + network.bind_host + network.publish_host + transport.tcp.port + compatibility.override_main_response_version + http.host + http.bind_host + http.publish_host + http.compression + transport.host + transport.bind_host + transport.publish_host + discovery.seed_hosts + discovery.seed_providers + discovery.type + cluster.initial_cluster_manager_nodes + cluster.initial_master_nodes + node.max_local_storage_nodes + gateway.recover_after_nodes + gateway.recover_after_data_nodes + gateway.expected_data_nodes + gateway.recover_after_time + plugins.security.nodes_dn + plugins.security.nodes_dn_dynamic_config_enabled + plugins.security.authcz.admin_dn + plugins.security.roles_mapping_resolution + plugins.security.dls.mode + plugins.security.compliance.salt + config.dynamic.http.anonymous_auth_enabled + plugins.security.restapi.roles_enabled + plugins.security.restapi.password_validation_regex + plugins.security.restapi.password_validation_error_message + plugins.security.restapi.password_min_length + plugins.security.restapi.password_score_based_validation_strength + plugins.security.unsupported.restapi.allow_securityconfig_modification + plugins.security.authcz.impersonation_dn + plugins.security.authcz.rest_impersonation_user + plugins.security.allow_default_init_securityindex + plugins.security.allow_unsafe_democertificates + plugins.security.system_indices.permission.enabled + plugins.security.config_index_name + plugins.security.cert.oid + plugins.security.cert.intercluster_request_evaluator_class + plugins.security.enable_snapshot_restore_privilege + plugins.security.check_snapshot_restore_write_privileges + plugins.security.cache.ttl_minutes + plugins.security.protected_indices.enabled + plugins.security.protected_indices.roles + plugins.security.protected_indices.indices + plugins.security.system_indices.enabled + plugins.security.system_indices.indices + plugins.security.audit.enable_rest + plugins.security.audit.enable_transport + plugins.security.audit.resolve_bulk_requests + plugins.security.audit.config.disabled_categories + plugins.security.audit.ignore_requests + plugins.security.audit.threadpool.size + plugins.security.audit.threadpool.max_queue_len + plugins.security.audit.ignore_users + plugins.security.audit.type + plugins.security.audit.config.http_endpoints + plugins.security.audit.config.index + plugins.security.audit.config.type + plugins.security.audit.config.username + plugins.security.audit.config.password + plugins.security.audit.config.enable_ssl + plugins.security.audit.config.verify_hostnames + plugins.security.audit.config.enable_ssl_client_auth + plugins.security.audit.config.cert_alias + plugins.security.audit.config.pemkey_filepath + plugins.security.audit.config.pemkey_content + plugins.security.audit.config.pemkey_password + plugins.security.audit.config.pemcert_filepath + plugins.security.audit.config.pemcert_content + plugins.security.audit.config.pemtrustedcas_filepath + plugins.security.audit.config.pemtrustedcas_content + plugins.security.audit.config.webhook.url + plugins.security.audit.config.webhook.format + plugins.security.audit.config.webhook.ssl.verify + plugins.security.audit.config.webhook.ssl.pemtrustedcas_filepath + plugins.security.audit.config.webhook.ssl.pemtrustedcas_content + plugins.security.audit.config.log4j.logger_name + plugins.security.audit.config.log4j.level + opendistro_security.audit.config.disabled_rest_categories + opendistro_security.audit.config.disabled_transport_categories + plugins.security.ssl.transport.enforce_hostname_verification + plugins.security.ssl.transport.resolve_hostname + plugins.security.ssl.http.clientauth_mode + plugins.security.ssl.http.enabled_ciphers + plugins.security.ssl.http.enabled_protocols + plugins.security.ssl.transport.enabled_ciphers + plugins.security.ssl.transport.enabled_protocols + plugins.security.ssl.transport.keystore_type + plugins.security.ssl.transport.keystore_filepath + plugins.security.ssl.transport.keystore_alias + plugins.security.ssl.transport.keystore_password + plugins.security.ssl.transport.truststore_type + plugins.security.ssl.transport.truststore_filepath + plugins.security.ssl.transport.truststore_alias + plugins.security.ssl.transport.truststore_password + plugins.security.ssl.http.enabled + plugins.security.ssl.http.keystore_type + plugins.security.ssl.http.keystore_filepath + plugins.security.ssl.http.keystore_alias + plugins.security.ssl.http.keystore_password + plugins.security.ssl.http.truststore_type + plugins.security.ssl.http.truststore_filepath + plugins.security.ssl.http.truststore_alias + plugins.security.ssl.http.truststore_password + plugins.security.ssl.transport.enable_openssl_if_available + plugins.security.ssl.http.enable_openssl_if_available + plugins.security.ssl.transport.pemkey_filepath + plugins.security.ssl.transport.pemkey_password + plugins.security.ssl.transport.pemcert_filepath + plugins.security.ssl.transport.pemtrustedcas_filepath + plugins.security.ssl.http.pemkey_filepath + plugins.security.ssl.http.pemkey_password + plugins.security.ssl.http.pemcert_filepath + plugins.security.ssl.http.pemtrustedcas_filepath + plugins.security.ssl.transport.enabled + plugins.security.ssl.transport.client.pemkey_password + plugins.security.ssl.transport.keystore_keypassword + plugins.security.ssl.transport.server.keystore_keypassword + plugins.sercurity.ssl.transport.server.keystore_alias + plugins.sercurity.ssl.transport.client.keystore_alias + plugins.sercurity.ssl.transport.server.truststore_alias + plugins.sercurity.ssl.transport.client.truststore_alias + plugins.security.ssl.client.external_context_id + plugins.secuirty.ssl.transport.principal_extractor_class + plugins.security.ssl.http.crl.file_path + plugins.security.ssl.http.crl.validate + plugins.security.ssl.http.crl.prefer_crlfile_over_ocsp + plugins.security.ssl.http.crl.check_only_end_entitites + plugins.security.ssl.http.crl.disable_ocsp + plugins.security.ssl.http.crl.disable_crldp + plugins.security.ssl.allow_client_initiated_renegotiation + indices.breaker.total.use_real_memory + indices.breaker.total.limit + indices.breaker.fielddata.limit + indices.breaker.fielddata.overhead + indices.breaker.request.limit + indices.breaker.request.overhead + network.breaker.inflight_requests.limit + network.breaker.inflight_requests.overhead + cluster.routing.allocation.enable + cluster.routing.allocation.node_concurrent_incoming_recoveries + cluster.routing.allocation.node_concurrent_outgoing_recoveries + cluster.routing.allocation.node_concurrent_recoveries + cluster.routing.allocation.node_initial_primaries_recoveries + cluster.routing.allocation.same_shard.host + cluster.routing.rebalance.enable + cluster.routing.allocation.allow_rebalance + cluster.routing.allocation.cluster_concurrent_rebalance + cluster.routing.allocation.balance.shard + cluster.routing.allocation.balance.index + cluster.routing.allocation.balance.threshold + cluster.routing.allocation.balance.prefer_primary + cluster.routing.allocation.disk.threshold_enabled + cluster.routing.allocation.disk.watermark.low + cluster.routing.allocation.disk.watermark.high + cluster.routing.allocation.disk.watermark.flood_stage + cluster.info.update.interval + cluster.routing.allocation.shard_movement_strategy + cluster.blocks.read_only + cluster.blocks.read_only_allow_delete + cluster.max_shards_per_node + cluster.persistent_tasks.allocation.enable + cluster.persistent_tasks.allocation.recheck_interval + cluster.search.request.slowlog.threshold.warn + cluster.search.request.slowlog.threshold.info + cluster.search.request.slowlog.threshold.debug + cluster.search.request.slowlog.threshold.trace + cluster.search.request.slowlog.level + cluster.fault_detection.leader_check.timeout + cluster.fault_detection.follower_check.timeout + action.auto_create_index + action.destructive_requires_name + cluster.default.index.refresh_interval + cluster.minimum.index.refresh_interval + cluster.indices.close.enable + indices.recovery.max_bytes_per_sec + indices.recovery.max_concurrent_file_chunks + indices.recovery.max_concurrent_operations + indices.recovery.max_concurrent_remote_store_streams + indices.time_series_index.default_index_merge_policy + indices.fielddata.cache.size + index.number_of_shards + index.number_of_routing_shards + index.shard.check_on_startup + index.codec + index.codec.compression_level + index.routing_partition_size + index.soft_deletes.retention_lease.period + index.load_fixed_bitset_filters_eagerly + index.hidden + index.merge.policy + index.merge_on_flush.enabled + index.merge_on_flush.max_full_flush_merge_wait_time + index.merge_on_flush.policy + index.check_pending_flush.enabled + index.number_of_replicas + index.auto_expand_replicas + index.search.idle.after + index.refresh_interval + index.max_result_window + index.max_inner_result_window + index.max_rescore_window + index.max_docvalue_fields_search + index.max_script_fields + index.max_ngram_diff + index.max_shingle_diff + index.max_refresh_listeners + index.analyze.max_token_count + index.highlight.max_analyzed_offset + index.max_terms_count + index.max_regex_length + index.query.default_field + index.query.max_nested_depth + index.routing.allocation.enable + index.routing.rebalance.enable + index.gc_deletes + index.default_pipeline + index.final_pipeline + index.optimize_doc_id_lookup.fuzzy_set.enabled + index.optimize_doc_id_lookup.fuzzy_set.false_positive_probability + search.max_buckets + search.phase_took_enabled + search.allow_expensive_queries + search.default_allow_partial_results + search.cancel_after_time_interval + search.default_search_timeout + search.default_keep_alive + search.keep_alive_interval + search.max_keep_alive + search.low_level_cancellation + search.max_open_scroll_context + search.request_stats_enabled + search.highlight.term_vector_multi_value + snapshot.max_concurrent_operations + cluster.remote_store.translog.buffer_interval + remote_store.moving_average_window_size + opensearch.notifications.core.allowed_config_types + opensearch.notifications.core.email.minimum_header_length + opensearch.notifications.core.email.size_limit + opensearch.notifications.core.http.connection_timeout + opensearch.notifications.core.http.host_deny_list + opensearch.notifications.core.http.max_connection_per_route + opensearch.notifications.core.http.max_connections + opensearch.notifications.core.http.socket_timeout + opensearch.notifications.core.tooltip_support + opensearch.notifications.general.filter_by_backend_roles +) + run_as_other_user_if_needed() { if [[ "$(id -u)" == "0" ]]; then # If running as root, drop to specified UID and run command @@ -24,6 +284,37 @@ run_as_other_user_if_needed() { fi } +function buildOpensearchConfig { + echo "" >> $OPENSEARCH_PATH_CONF/opensearch.yml + for opensearch_var in ${opensearch_vars[*]}; do + env_var=$(echo ${opensearch_var^^} | tr . _) + value=${!env_var} + if [[ -n $value ]]; then + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + lineNum="$(grep -n "$opensearch_var" $OPENSEARCH_PATH_CONF/opensearch.yml | head -n 1 | cut -d: -f1)" + sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + fi + while : + do + case "$charline" in + "-"| "#" |" ") sed -i "${lineNum}d" $OPENSEARCH_PATH_CONF/opensearch.yml;; + *) break;; + esac + charline=$(awk "NR == ${lineNum}" $OPENSEARCH_PATH_CONF/opensearch.yml | head -c 1) + done + longoptfile="${opensearch_var}: ${value}" + if grep -q $opensearch_var $OPENSEARCH_PATH_CONF/opensearch.yml; then + sed -i "/${opensearch_var}/ s|^.*$|${longoptfile}|" $OPENSEARCH_PATH_CONF/opensearch.yml + else + echo $longoptfile >> $OPENSEARCH_PATH_CONF/opensearch.yml + fi + fi + done +} + +buildOpensearchConfig + # Allow user specify custom CMD, maybe bin/opensearch itself # for example to directly specify `-E` style parameters for opensearch on k8s # or simply to run /bin/bash to check the image @@ -83,8 +374,7 @@ if [[ "$(id -u)" == "0" ]]; then fi fi - -#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then +#if [[ "$DISCOVERY_TYPE" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then # run securityadmin.sh for single node with CACERT, CERT and KEY parameter # nohup /securityadmin.sh & # touch "/var/lib/wazuh-indexer/.flag" diff --git a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml b/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index 3a53c3f8..00000000 --- a/multi-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,12 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh1.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml b/multi-node/config/wazuh_indexer/wazuh1.indexer.yml deleted file mode 100644 index 59cbe9bf..00000000 --- a/multi-node/config/wazuh_indexer/wazuh1.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh1.indexer -node.name: wazuh1.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh1.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true diff --git a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml b/multi-node/config/wazuh_indexer/wazuh2.indexer.yml deleted file mode 100644 index 478ed1d0..00000000 --- a/multi-node/config/wazuh_indexer/wazuh2.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh2.indexer -node.name: wazuh2.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh2.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml b/multi-node/config/wazuh_indexer/wazuh3.indexer.yml deleted file mode 100644 index 8caa513d..00000000 --- a/multi-node/config/wazuh_indexer/wazuh3.indexer.yml +++ /dev/null @@ -1,38 +0,0 @@ -network.host: wazuh3.indexer -node.name: wazuh3.indexer -cluster.initial_master_nodes: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -cluster.name: "wazuh-cluster" -discovery.seed_hosts: - - wazuh1.indexer - - wazuh2.indexer - - wazuh3.indexer -node.max_local_storage_nodes: "3" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh3.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -- "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false -compatibility.override_main_response_version: true \ No newline at end of file diff --git a/multi-node/docker-compose.yml b/multi-node/docker-compose.yml index a72fd4f5..596a7c26 100644 --- a/multi-node/docker-compose.yml +++ b/multi-node/docker-compose.yml @@ -87,8 +87,35 @@ services: ports: - "9200:9200" environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh1.indexer + NODE_NAME: wazuh1.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh1.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -103,7 +130,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh1.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh1.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh2.indexer: @@ -111,8 +139,35 @@ services: hostname: wazuh2.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh2.indexer + NODE_NAME: wazuh2.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh2.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -125,7 +180,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh2.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh2.indexer.pem - - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh2.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh3.indexer: @@ -133,8 +189,35 @@ services: hostname: wazuh3.indexer restart: always environment: - - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - - "bootstrap.memory_lock=true" + OPENSEARCH_JAVA_OPTS: "-Xms1g -Xmx1g" + bootstrap.memory_lock: "true" + NETWORK_HOST: wazuh3.indexer + NODE_NAME: wazuh3.indexer + CLUSTER_INITIAL_MASTER_NODES: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + CLUSTER_NAME: "wazuh-cluster" + DISCOVERY_SEED_HOSTS: '["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' + NODE_MAX_LOCAL_STORAGE_NODES: "3" + PATH_DATA: /var/lib/wazuh-indexer + PATH_LOGS: /var/log/wazuh-indexer + PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.pem + PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH: /usr/share/wazuh-indexer/certs/wazuh3.indexer.key + PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH: /usr/share/wazuh-indexer/certs/root-ca.pem + PLUGINS_SECURITY_SSL_HTTP_ENABLED: "true" + PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION: "false" + PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME: "false" + PLUGINS_SECURITY_AUTHCZ_ADMIN_DN: "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES: "true" + PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE: "true" + PLUGINS_SECURITY_NODES_DN: '["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US"]' + PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED: '["all_access", "security_rest_api_access"]' + PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED: "true" + PLUGINS_SECURITY_SYSTEM_INDICES_INDICES: '[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX: "true" + CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED: "false" + COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION: "true" ulimits: memlock: soft: -1 @@ -147,7 +230,8 @@ services: - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.key - ./config/wazuh_indexer_ssl_certs/wazuh3.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh3.indexer.pem - - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh3.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -163,11 +247,24 @@ services: - API_PASSWORD=MyS3cr37P450r.*- - DASHBOARD_USERNAME=kibanaserver - DASHBOARD_PASSWORD=kibanaserver + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=https://wazuh1.indexer:9200 + - OPENSEARCH_SSL_VERIFICATIONMODE=certificate + - OPENSEARCH_REQUESTHEADERSALLOWLIST=["securitytenant","Authorization"] + - OPENSEARCH_SECURITY_MULTITENANCY_ENABLED=false + - SERVER_SSL_ENABLED=true + - OPENSEARCH_SECURITY_READONLY_MODE_ROLES=["kibana_read_only"] + - SERVER_SSL_KEY="/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" + - SERVER_SSL_CERTIFICATE="/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" + - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES=["/usr/share/wazuh-dashboard/certs/root-ca.pem"] + - UISETTINGS_OVERRIDES_DEFAULTROUTE=/app/wz-home volumes: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom diff --git a/multi-node/env-wazuh1.indexer b/multi-node/env-wazuh1.indexer new file mode 100644 index 00000000..dc99eb39 --- /dev/null +++ b/multi-node/env-wazuh1.indexer @@ -0,0 +1,27 @@ +NETWORK_HOST="wazuh1.indexer" +NODE_NAME="wazuh1.indexer" +CLUSTER_INITIAL_MASTER_NODES='["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' +CLUSTER_NAME="wazuh-cluster" +DISCOVERY_SEED_HOSTS='["wazuh1.indexer", "wazuh2.indexer", "wazuh3.indexer"]' +PATH_DATA=/var/lib/wazuh-indexer +PATH_LOGS=/var/log/wazuh-indexer +COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true +NODE_MAX_LOCAL_STORAGE_NODES="3" +PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem +PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh1.indexer.key +PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem +PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh1.indexer.pem +PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh1.indexer.key +PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem +PLUGINS_SECURITY_SSL_HTTP_ENABLED=true +PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false +PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false +PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" +PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true +PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true +PLUGINS_SECURITY_NODES_DN='["CN=wazuh1.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh2.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=wazuh3.indexer,OU=Wazuh,O=Wazuh,L=California,C=US", "CN=filebeat,OU=Wazuh,O=Wazuh,L=California,C=US""]' +PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' +PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true +PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' +PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true +CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false \ No newline at end of file diff --git a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml b/single-node/config/wazuh_dashboard/opensearch_dashboards.yml deleted file mode 100644 index ccaec070..00000000 --- a/single-node/config/wazuh_dashboard/opensearch_dashboards.yml +++ /dev/null @@ -1,12 +0,0 @@ -server.host: 0.0.0.0 -server.port: 5601 -opensearch.hosts: https://wazuh.indexer:9200 -opensearch.ssl.verificationMode: certificate -opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opensearch_security.multitenancy.enabled: false -opensearch_security.readonly_mode.roles: ["kibana_read_only"] -server.ssl.enabled: true -server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" -server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem" -opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"] -uiSettings.overrides.defaultRoute: /app/wz-home diff --git a/single-node/config/wazuh_indexer/wazuh.indexer.yml b/single-node/config/wazuh_indexer/wazuh.indexer.yml deleted file mode 100644 index 84c3dbf9..00000000 --- a/single-node/config/wazuh_indexer/wazuh.indexer.yml +++ /dev/null @@ -1,30 +0,0 @@ -network.host: "0.0.0.0" -node.name: "wazuh.indexer" -path.data: /var/lib/wazuh-indexer -path.logs: /var/log/wazuh-indexer -discovery.type: single-node -http.port: 9200-9299 -transport.tcp.port: 9300-9399 -compatibility.override_main_response_version: true -plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem -plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key -plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem -plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key -plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem -plugins.security.ssl.http.enabled: true -plugins.security.ssl.transport.enforce_hostname_verification: false -plugins.security.ssl.transport.resolve_hostname: false -plugins.security.authcz.admin_dn: -- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.check_snapshot_restore_write_privileges: true -plugins.security.enable_snapshot_restore_privilege: true -plugins.security.nodes_dn: -- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" -plugins.security.restapi.roles_enabled: -- "all_access" -- "security_rest_api_access" -plugins.security.system_indices.enabled: true -plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] -plugins.security.allow_default_init_securityindex: true -cluster.routing.allocation.disk.threshold_enabled: false \ No newline at end of file diff --git a/single-node/docker-compose.yml b/single-node/docker-compose.yml index 6eaaf11c..e74a5551 100644 --- a/single-node/docker-compose.yml +++ b/single-node/docker-compose.yml @@ -53,6 +53,33 @@ services: - "9200:9200" environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - NETWORK_HOST="0.0.0.0" + - NODE_NAME="wazuh.indexer" + - CLUSTER_INITIAL_MASTER_NODES="wazuh.indexer" + - CLUSTER_NAME="wazuh-cluster" + - PATH_DATA=/var/lib/wazuh-indexer + - PATH_LOGS=/var/log/wazuh-indexer + - HTTP_PORT=9200-9299 + - TRANSPORT_TCP_PORT=9300-9399 + - COMPATIBILITY_OVERRIDE_MAIN_RESPONSE_VERSION=true + - PLUGINS_SECURITY_SSL_HTTP_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_HTTP_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.pem + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH=/usr/share/wazuh-indexer/certs/wazuh.indexer.key + - PLUGINS_SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH=/usr/share/wazuh-indexer/certs/root-ca.pem + - PLUGINS_SECURITY_SSL_HTTP_ENABLED=true + - PLUGINS_SECURITY_SSL_TRANSPORT_ENFORCE_HOSTNAME_VERIFICATION=false + - PLUGINS_SECURITY_SSL_TRANSPORT_RESOLVE_HOSTNAME=false + - PLUGINS_SECURITY_AUTHCZ_ADMIN_DN="CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES= true + - PLUGINS_SECURITY_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE= true + - PLUGINS_SECURITY_NODES_DN="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US" + - PLUGINS_SECURITY_RESTAPI_ROLES_ENABLED='["all_access", "security_rest_api_access"]' + - PLUGINS_SECURITY_SYSTEM_INDICES_ENABLED=true + - PLUGINS_SECURITY_SYSTEM_INDICES_INDICES='[".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]' + - PLUGINS_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX=true + - CLUSTER_ROUTING_ALLOCATION_DISK_THRESHOLD_ENABLED=false ulimits: memlock: soft: -1 @@ -67,7 +94,8 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem - - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml + # if you need mount a custom opensearch.yml, uncomment the next line and delete the environment variables + # - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml wazuh.dashboard: @@ -100,7 +128,7 @@ services: - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem - # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the + # if you need mount a custom opensearch-dashboards.yml, uncomment the next line and delete the environment variables # - ./config/wazuh_dashboard/opensearch_dashboards.yml:/wazuh-config-mount/config/opensearch_dashboards.yml - ./config/wazuh_dashboard/wazuh.yml:/wazuh-config-mount/data/wazuh/config/wazuh.yml - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config