wazuh/wazuh-docker
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-12-10 00:38:27 -06:00
Code Issues Packages Projects Releases 118 Wiki Activity

Add Wazuh dashboard ad manager entrypoint configuration

Browse Source
This commit is contained in:
Victor Carlos Erenu 2025-11-11 00:13:46 +07:00
parent 9f12a03bfc
commit e104803267
No known key found for this signature in database
GPG Key ID: B199E04BCF80C99A
12 changed files with 425 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build-docker-images/wazuh-agent/Dockerfile
View File

@ -20,6 +20,7 @@ RUN URL_VAR="wazuh_agent_url_${TARGETARCH}_rpm" && \
dnf install curl-minimal tar gzip procps -y &&\
curl -o /wazuh-agent.rpm "${agent_url}" && \
dnf install /wazuh-agent.rpm -y && \
rm -rf /wazuh-agent.rpm && \
dnf clean all && \
sed -i '/<authorization_pass_path>/d' /var/ossec/etc/ossec.conf && \
curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \

1
build-docker-images/wazuh-dashboard/Dockerfile
View File

@ -15,6 +15,7 @@ RUN URL_VAR="wazuh_dashboard_url_${TARGETARCH}_rpm" && \
dnf install curl-minimal libcap openssl -y && \
curl -o /wazuh-dashboard.rpm "${dashboard_url}" && \
dnf install /wazuh-dashboard.rpm -y && \
rm -rf /wazuh-dashboard.rpm && \
dnf clean all
# Create and set permissions to data directories

2
build-docker-images/wazuh-dashboard/config/config.sh
View File

@ -10,7 +10,7 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
## Variables
CERT_TOOL=wazuh-certs-tool.sh
CERT_CONFIG_FILE=config.yml
CERT_TOOL_VERSION="${WAZUH_VERSION%.*}"
CERT_TOOL_VERSION=5.0 #"${WAZUH_VERSION%.*}"
PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/

179
build-docker-images/wazuh-dashboard/config/entrypoint.sh
View File

@ -1,20 +1,181 @@
#!/bin/bash
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
INSTALL_DIR=/usr/share/wazuh-dashboard
# Run Wazuh dashboard, using environment variables to
# set longopts defining Wazuh dashboard's configuration.
#
# eg. Setting the environment variable:
#
# OPENSEARCH_STARTUPTIMEOUT=60
#
# will cause OpenSearch-Dashboards to be invoked with:
#
# --opensearch.startupTimeout=60
# Setup Home Directory
export OPENSEARCH_DASHBOARDS_HOME=/usr/share/wazuh-dashboard
export PATH=$OPENSEARCH_DASHBOARDS_HOME/bin:$PATH
DASHBOARD_USERNAME="${DASHBOARD_USERNAME:-kibanaserver}"
DASHBOARD_PASSWORD="${DASHBOARD_PASSWORD:-kibanaserver}"
# Create and configure Wazuh dashboard keystore
yes | $INSTALL_DIR/bin/opensearch-dashboards-keystore create --allow-root && \
echo $DASHBOARD_USERNAME | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
echo $DASHBOARD_PASSWORD | $INSTALL_DIR/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
yes | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore create --allow-root && \
echo $DASHBOARD_USERNAME | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.username --stdin --allow-root && \
echo $DASHBOARD_PASSWORD | $OPENSEARCH_DASHBOARDS_HOME/bin/opensearch-dashboards-keystore add opensearch.password --stdin --allow-root
##############################################################################
# Start Wazuh dashboard
##############################################################################
opensearch_dashboards_vars=(
console.enabled
console.proxyConfig
console.proxyFilter
ops.cGroupOverrides.cpuPath
ops.cGroupOverrides.cpuAcctPath
cpu.cgroup.path.override
cpuacct.cgroup.path.override
csp.rules
csp.strict
csp.warnLegacyBrowsers
data.search.usageTelemetry.enabled
opensearch.customHeaders
opensearch.hosts
opensearch.logQueries
opensearch.memoryCircuitBreaker.enabled
opensearch.memoryCircuitBreaker.maxPercentage
opensearch.password
opensearch.pingTimeout
opensearch.requestHeadersWhitelist
opensearch.requestTimeout
opensearch.shardTimeout
opensearch.sniffInterval
opensearch.sniffOnConnectionFault
opensearch.sniffOnStart
opensearch.ssl.alwaysPresentCertificate
opensearch.ssl.certificate
opensearch.ssl.certificateAuthorities
opensearch.ssl.key
opensearch.ssl.keyPassphrase
opensearch.ssl.keystore.path
opensearch.ssl.keystore.password
opensearch.ssl.truststore.path
opensearch.ssl.truststore.password
opensearch.ssl.verificationMode
opensearch.username
i18n.locale
interpreter.enableInVisualize
opensearchDashboards.autocompleteTerminateAfter
opensearchDashboards.autocompleteTimeout
opensearchDashboards.defaultAppI
server.rewriteBasePath
server.socketTimeout
server.ssl.cert
server.ssl.certificate
server.ssl.certificateAuthorities
server.ssl.cipherSuites
server.ssl.clientAuthentication
server.customResponseHeaders
server.ssl.enabled
server.ssl.key
server.ssl.keyPassphrase
server.ssl.keystore.path
server.ssl.keystore.password
server.ssl.truststore.path
server.ssl.truststore.password
server.ssl.redirectHttpFromPort
server.ssl.supportedProtocols
server.xsrf.disableProtection
server.xsrf.whitelist
status.allowAnonymous
status.v6ApiFormat
tilemap.options.attribution
tilemap.options.maxZoom
tilemap.options.minZoom
tilemap.options.subdomains
tilemap.url
timeline.enabled
vega.enableExternalUrls
apm_oss.apmAgentConfigurationIndex
apm_oss.indexPattern
apm_oss.errorIndices
apm_oss.onboardingIndices
apm_oss.spanIndices
apm_oss.sourcemapIndices
apm_oss.transactionIndices
apm_oss.metricsIndices
telemetry.allowChangingOptInStatus
telemetry.enabled
telemetry.optIn
telemetry.optInStatusUrl
telemetry.sendUsageFrom
vis_builder.enabled
data_source.enabled
data_source.encryption.wrappingKeyName
data_source.encryption.wrappingKeyNamespace
data_source.encryption.wrappingKey
data_source.audit.enabled
data_source.audit.appender.kind
data_source.audit.appender.path
data_source.audit.appender.layout.kind
data_source.audit.appender.layout.highlight
data_source.audit.appender.layout.pattern
ml_commons_dashboards.enabled
observability.query_assist.enabled
usageCollection.uiMetric.enabled
workspace.enabled
assistant.chat.enabled
assistant.alertInsight.enabled
assistant.smartAnomalyDetector.enabled
assistant.text2viz.enabled
queryEnhancements.queryAssist.summary.enabled
)
/wazuh_app_config.sh $WAZUH_UI_REVISION
function runOpensearchDashboards {
longopts=()
for opensearch_dashboards_var in ${opensearch_dashboards_vars[*]}; do
# 'opensearch.hosts' -> 'OPENSEARCH_URL'
env_var=$(echo ${opensearch_dashboards_var^^} | tr . _)
/usr/share/wazuh-dashboard/bin/opensearch-dashboards -c /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
# Indirectly lookup env var values via the name of the var.
# REF: http://tldp.org/LDP/abs/html/bashver2.html#EX78
value=${!env_var}
if [[ -n $value ]]; then
longopt="--${opensearch_dashboards_var}=${value}"
longopts+=("${longopt}")
fi
done
# Files created at run-time should be group-writable, for Openshift's sake.
umask 0002
# TO DO:
# Confirm with Mihir if this is necessary
# The virtual file /proc/self/cgroup should list the current cgroup
# membership. For each hierarchy, you can follow the cgroup path from
# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
# introspect the statistics for the cgroup for the given
# hierarchy. Alas, Docker breaks this by mounting the container
# statistics at the root while leaving the cgroup paths as the actual
# paths. Therefore, OpenSearch-Dashboards provides a mechanism to override
# reading the cgroup path from /proc/self/cgroup and instead uses the
# cgroup path defined the configuration properties
# cpu.cgroup.path.override and cpuacct.cgroup.path.override.
# Therefore, we set this value here so that cgroup statistics are
# available for the container this process will run in.
exec "$@" \
--ops.cGroupOverrides.cpuPath=/ \
--ops.cGroupOverrides.cpuAcctPath=/ \
"${longopts[@]}"
}
# Prepend "opensearch-dashboards" command if no argument was provided or if the
# first argument looks like a flag (i.e. starts with a dash).
if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
set -- opensearch-dashboards "$@"
fi
if [ "$1" = "opensearch-dashboards" ]; then
runOpensearchDashboards "$@"
else
exec "$@"
fi

14
build-docker-images/wazuh-dashboard/config/wazuh_app_config.sh
View File

@ -32,13 +32,19 @@ do
fi
done
cat << EOF >> $dashboard_config_file
hosts:
grep -q 1513629884013 $dashboard_config_file
_config_exists=$?
if [[ $_config_exists -ne 0 ]]; then
cat << EOF >> $dashboard_config_file
hosts:
- 1513629884013:
url: $wazuh_url
port: $wazuh_port
username: $api_username
password: $api_password
run_as: $api_run_as
EOF
EOF
else
echo "Wazuh APP already configured"
fi

3
build-docker-images/wazuh-indexer/Dockerfile
View File

@ -14,6 +14,7 @@ RUN URL_VAR="wazuh_indexer_url_${TARGETARCH}_rpm" && \
dnf install curl-minimal openssl xz tar findutils shadow-utils -y &&\
curl -o /wazuh-indexer.rpm "${indexer_url}" && \
dnf install /wazuh-indexer.rpm -y && \
rm -rf /wazuh-indexer.rpm && \
dnf clean all && \
bash config.sh
@ -69,4 +70,4 @@ EXPOSE 9200
ENTRYPOINT ["/entrypoint.sh"]
# Dummy overridable parameter parsed by entrypoint
CMD ["opensearchwrapper"]
CMD ["opensearch"]

2
build-docker-images/wazuh-indexer/config/config.sh
View File

@ -22,7 +22,7 @@ export CONFIG_DIR=${INSTALLATION_DIR}/config
## Variables
CERT_TOOL=wazuh-certs-tool.sh
CERT_CONFIG_FILE=config.yml
CERT_TOOL_VERSION="${WAZUH_VERSION%.*}"
CERT_TOOL_VERSION=5.0 #"${WAZUH_VERSION%.*}"
PACKAGES_URL=https://packages.wazuh.com/$CERT_TOOL_VERSION/
PACKAGES_DEV_URL=https://packages-dev.wazuh.com/$CERT_TOOL_VERSION/

152
build-docker-images/wazuh-indexer/config/entrypoint.sh
View File

@ -1,93 +1,77 @@
#!/usr/bin/env bash
# Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)
set -e
#!/bin/bash
umask 0002
# Copyright OpenSearch Contributors
# SPDX-License-Identifier: Apache-2.0
export USER=wazuh-indexer
export INSTALLATION_DIR=/usr/share/wazuh-indexer
export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
export JAVA_HOME=${INSTALLATION_DIR}/jdk
export DISCOVERY=$(grep -oP "(?<=discovery.type: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
export CACERT=$(grep -oP "(?<=plugins.security.ssl.transport.pemtrustedcas_filepath: ).*" ${OPENSEARCH_PATH_CONF}/opensearch.yml)
export CERT="${OPENSEARCH_PATH_CONF}/certs/admin.pem"
export KEY="${OPENSEARCH_PATH_CONF}/certs/admin-key.pem"
# This script specify the entrypoint startup actions for opensearch
# It will start both opensearch and performance analyzer plugin cli
# If either process failed, the entire docker container will be removed
# in favor of a newly started container
# Export OpenSearch Home
export OPENSEARCH_HOME=/usr/share/wazuh-indexer
export OPENSEARCH_PATH_CONF=$OPENSEARCH_HOME/config
export PATH=$OPENSEARCH_HOME/bin:$PATH
# The virtual file /proc/self/cgroup should list the current cgroup
# membership. For each hierarchy, you can follow the cgroup path from
# this file to the cgroup filesystem (usually /sys/fs/cgroup/) and
# introspect the statistics for the cgroup for the given
# hierarchy. Alas, Docker breaks this by mounting the container
# statistics at the root while leaving the cgroup paths as the actual
# paths. Therefore, OpenSearch provides a mechanism to override
# reading the cgroup path from /proc/self/cgroup and instead uses the
# cgroup path defined the JVM system property
# opensearch.cgroups.hierarchy.override. Therefore, we set this value here so
# that cgroup statistics are available for the container this process
# will run in.
export OPENSEARCH_JAVA_OPTS="-Dopensearch.cgroups.hierarchy.override=/ $OPENSEARCH_JAVA_OPTS"
# Start up the opensearch and performance analyzer agent processes.
# When either of them halts, this script exits, or we receive a SIGTERM or SIGINT signal then we want to kill both these processes.
function runOpensearch {
# Files created by OpenSearch should always be group writable too
umask 0002
run_as_other_user_if_needed() {
if [[ "$(id -u)" == "0" ]]; then
# If running as root, drop to specified UID and run command
exec chroot --userspec=1000:0 / "${@}"
else
# Either we are running in Openshift with random uid and are a member of the root group
# or with a custom --user
exec "${@}"
echo "Wazuh indexer cannot run as root. Please start your container as another user."
exit 1
fi
# Parse Docker env vars to customize Wazuh indexer / OpenSearch configuration
#
# e.g. Setting the env var cluster.name=testcluster
# will cause Wazuh indexer to be invoked with -Ecluster.name=testcluster
opensearch_opts=()
while IFS='=' read -r envvar_key envvar_value
do
# OpenSearch settings need to have at least two dot separated lowercase
# words, e.g. `cluster.name`, except for `processors` which we handle
# specially
if [[ "$envvar_key" =~ ^[a-z0-9_]+\.[a-z0-9_]+ || "$envvar_key" == "processors" ]]; then
if [[ ! -z $envvar_value ]]; then
opensearch_opt="-E${envvar_key}=${envvar_value}"
opensearch_opts+=("${opensearch_opt}")
fi
fi
done < <(env)
# Start opensearch
exec "$@" "${opensearch_opts[@]}"
}
# Allow user specify custom CMD, maybe bin/opensearch itself
# for example to directly specify `-E` style parameters for opensearch on k8s
# or simply to run /bin/bash to check the image
if [[ "$1" != "opensearchwrapper" ]]; then
if [[ "$(id -u)" == "0" && $(basename "$1") == "opensearch" ]]; then
# Rewrite CMD args to replace $1 with `opensearch` explicitly,
# Without this, user could specify `opensearch -E x.y=z` but
# `bin/opensearch -E x.y=z` would not work.
set -- "opensearch" "${@:2}"
# Use chroot to switch to UID 1000 / GID 0
exec chroot --userspec=1000:0 / "$@"
else
# User probably wants to run something else, like /bin/bash, with another uid forced (Openshift?)
# Prepend "opensearch" command if no argument was provided or if the first
# argument looks like a flag (i.e. starts with a dash).
if [ $# -eq 0 ] || [ "${1:0:1}" = '-' ]; then
set -- opensearch "$@"
fi
if [ "$1" = "opensearch" ]; then
# If the first argument is opensearch, then run the setup script.
runOpensearch "$@"
else
# Otherwise, just exec the command.
exec "$@"
fi
fi
# Allow environment variables to be set by creating a file with the
# contents, and setting an environment variable with the suffix _FILE to
# point to it. This can be used to provide secrets to a container, without
# the values being specified explicitly when running the container.
#
# This is also sourced in opensearch-env, and is only needed here
# as well because we use INDEXER_PASSWORD below. Sourcing this script
# is idempotent.
source /usr/share/wazuh-indexer/bin/opensearch-env-from-file
if [[ -f bin/opensearch-users ]]; then
# Check for the INDEXER_PASSWORD environment variable to set the
# bootstrap password for Security.
#
# This is only required for the first node in a cluster with Security
# enabled, but we have no way of knowing which node we are yet. We'll just
# honor the variable if it's present.
if [[ -n "$INDEXER_PASSWORD" ]]; then
[[ -f /usr/share/wazuh-indexer/opensearch.keystore ]] || (run_as_other_user_if_needed opensearch-keystore create)
if ! (run_as_other_user_if_needed opensearch-keystore has-passwd --silent) ; then
# keystore is unencrypted
if ! (run_as_other_user_if_needed opensearch-keystore list | grep -q '^bootstrap.password$'); then
(run_as_other_user_if_needed echo "$INDEXER_PASSWORD" | opensearch-keystore add -x 'bootstrap.password')
fi
else
# keystore requires password
if ! (run_as_other_user_if_needed echo "$KEYSTORE_PASSWORD" \
| opensearch-keystore list | grep -q '^bootstrap.password$') ; then
COMMANDS="$(printf "%s\n%s" "$KEYSTORE_PASSWORD" "$INDEXER_PASSWORD")"
(run_as_other_user_if_needed echo "$COMMANDS" | opensearch-keystore add -x 'bootstrap.password')
fi
fi
fi
fi
if [[ "$(id -u)" == "0" ]]; then
# If requested and running as root, mutate the ownership of bind-mounts
if [[ -n "$TAKE_FILE_OWNERSHIP" ]]; then
chown -R 1000:0 /usr/share/wazuh-indexer/{data,logs}
fi
fi
#if [[ "$DISCOVERY" == "single-node" ]] && [[ ! -f "/var/lib/wazuh-indexer/.flag" ]]; then
# run securityadmin.sh for single node with CACERT, CERT and KEY parameter
# nohup /securityadmin.sh &
# touch "/var/lib/wazuh-indexer/.flag"
#fi
run_as_other_user_if_needed /usr/share/wazuh-indexer/bin/opensearch <<<"$KEYSTORE_PASSWORD"

1
build-docker-images/wazuh-manager/Dockerfile
View File

@ -16,6 +16,7 @@ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
dnf clean all && \
curl -o /wazuh-manager.rpm "${manager_url}" && \
dnf install /wazuh-manager.rpm -y && \
rm -rf /wazuh-manager.rpm && \
dnf clean all && \
curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-o /tmp/s6-overlay-amd64.tar.gz && \

84
build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
View File

@ -152,18 +152,76 @@ set_custom_hostname() {
sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
}
##############################################################################
# Allow users to set the container cluster key dynamically on
# container start.
#
# To use this:
# 1. Create your own ossec.conf file
# 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key
# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
##############################################################################
function_configure_ossec_conf() {
OSSEC_CONF="${WAZUH_INSTALL_PATH}/etc/ossec.conf"
set_custom_cluster_key() {
sed -i 's/<key>to_be_replaced_by_cluster_key<\/key>/<key>'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
# --------------------------
# Defaults based on OSSEC_CONF
# --------------------------
if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
fi
# Node type logic
if [[ "$WAZUH_NODE_TYPE" != "worker" ]]; then
WAZUH_NODE_TYPE="master"
fi
# Default node name → HOSTNAME if not defined
WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
# --------------------------
# Replace Indexer Hosts
# --------------------------
if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
TMP_HOSTS=$(mktemp)
{
echo " <hosts>"
for NODE in $WAZUH_INDEXER_HOSTS; do
IP="${NODE%:*}"
PORT="${NODE#*:}"
echo " <host>https://$IP:$PORT</host>"
done
echo " </hosts>"
} > "$TMP_HOSTS";
sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
-e 'd }}' "$OSSEC_CONF";
rm -f "$TMP_HOSTS";
fi
# --------------------------
# Cluster: node_name
# --------------------------
sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
# --------------------------
# Cluster: node_type
# --------------------------
sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
# --------------------------
# Cluster: key
# --------------------------
sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
# --------------------------
# Cluster: nodes list
# --------------------------
if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
TMP_NODES=$(mktemp)
{
echo " <nodes>"
for N in $WAZUH_CLUSTER_NODES; do
echo " <node>$N</node>"
done
echo " </nodes>"
} > "$TMP_NODES";
sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
-e 'd }}' "$OSSEC_CONF";
rm -f "$TMP_NODES";
fi
echo "Wazuh manager config modified successfully."
}
##############################################################################
@ -221,8 +279,8 @@ main() {
# Allow setting custom hostname
set_custom_hostname
# Allow setting custom cluster key
set_custom_cluster_key
# Configure ossec.conf based on environment variables
function_configure_ossec_conf
# Delete temporary data folder
rm -rf ${WAZUH_INSTALL_PATH}/data_tmp

85
single-node/config/wazuh_cluster/entrypoint.sh Executable file
View File

@ -0,0 +1,85 @@
#!/bin/bash
set -xe
OSSEC_CONF="ossec.conf"
# --------------------------
# Defaults based on OSSEC_CONF
# --------------------------
if [[ -z "$WAZUH_CLUSTER_KEY" ]]; then
WAZUH_CLUSTER_KEY=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<key>\(.*\)<\/key>.*/\1/p' "$OSSEC_CONF" | head -n1)
fi
if [[ -z "$WAZUH_CLUSTER_PORT" ]]; then
WAZUH_CLUSTER_PORT=$(sed -n '/<cluster>/,/<\/cluster>/s/.*<port>\(.*\)<\/port>.*/\1/p' "$OSSEC_CONF" | head -n1)
fi
# Node type logic
if [[ -z "$WAZUH_NODE_TYPE" ]]; then
if [[ "$HOSTNAME" == "manager" || "$HOSTNAME" == "aio_node" ]]; then
WAZUH_NODE_TYPE="master"
else
WAZUH_NODE_TYPE="worker"
fi
fi
# Default node name → HOSTNAME if not defined
WAZUH_NODE_NAME="${WAZUH_NODE_NAME:-$HOSTNAME}"
# --------------------------
# Replace Indexer Hosts
# --------------------------
if [[ -n "$WAZUH_INDEXER_HOSTS" ]]; then
TMP_HOSTS=$(mktemp)
{
echo " <hosts>"
for NODE in $WAZUH_INDEXER_HOSTS; do
IP="${NODE%:*}"
PORT="${NODE#*:}"
echo " <host>https://$IP:$PORT</host>"
done
echo " </hosts>"
} > "$TMP_HOSTS";
sed -i -e '/<indexer>/,/<\/indexer>/{ /<hosts>/,/<\/hosts>/{ /<hosts>/r '"$TMP_HOSTS" \
-e 'd }}' "$OSSEC_CONF";
rm -f "$TMP_HOSTS";
fi
# --------------------------
# Cluster: node_name
# --------------------------
sed -i "/<cluster>/,/<\/cluster>/ s|<node_name>.*</node_name>|<node_name>$WAZUH_NODE_NAME</node_name>|" "$OSSEC_CONF"
# --------------------------
# Cluster: node_type
# --------------------------
sed -i "/<cluster>/,/<\/cluster>/ s|<node_type>.*</node_type>|<node_type>$WAZUH_NODE_TYPE</node_type>|" "$OSSEC_CONF"
# --------------------------
# Cluster: key
# --------------------------
sed -i "/<cluster>/,/<\/cluster>/ s|<key>.*</key>|<key>$WAZUH_CLUSTER_KEY</key>|" "$OSSEC_CONF"
# --------------------------
# Cluster: port
# --------------------------
sed -i "/<cluster>/,/<\/cluster>/ s|<port>.*</port>|<port>$WAZUH_CLUSTER_PORT</port>|" "$OSSEC_CONF"
# --------------------------
# Cluster: nodes list
# --------------------------
if [[ -n "$WAZUH_CLUSTER_NODES" ]]; then
TMP_NODES=$(mktemp)
{
echo " <nodes>"
for N in $WAZUH_CLUSTER_NODES; do
echo " <node>$N</node>"
done
echo " </nodes>"
} > "$TMP_NODES";
sed -i -e '/<cluster>/,/<\/cluster>/{ /<nodes>/,/<\/nodes>/{ /<nodes>/r '"$TMP_NODES" \
-e 'd }}' "$OSSEC_CONF";
rm -f "$TMP_NODES";
fi
echo "Wazuh manager config modified successfully."

12
single-node/config/wazuh_indexer/wazuh.indexer.yml
View File

@ -6,12 +6,12 @@ path.logs: /var/log/wazuh-indexer
discovery.type: single-node
http.port: 9200-9299
transport.tcp.port: 9300-9399
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
plugins.security.ssl.http.enabled: true
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.transport.resolve_hostname: false