Removing Wazuh service and used configs.
Auto-Unseal for Vault / Unseal Vault (push) Failing after 12m53s
Auto-Unseal for Vault / Unseal Vault (push) Failing after 12m53s
This commit is contained in:
@@ -1,159 +0,0 @@
|
|||||||
'use strict';
|
|
||||||
|
|
||||||
const packageJson = require('../../package.json');
|
|
||||||
|
|
||||||
module.exports = {
|
|
||||||
// Branding and customizations require a license: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
|
|
||||||
brand: {
|
|
||||||
app: {
|
|
||||||
language: 'en', // https://en.wikipedia.org/wiki/List_of_ISO_639_language_codes
|
|
||||||
name: 'MiroTalk',
|
|
||||||
title: '<h1>MiroTalk</h1/>Free browser based Real-time video calls.<br />Simple, Secure, Fast.',
|
|
||||||
description:
|
|
||||||
'Start your next video call with a single click. No download, plug-in, or login is required. Just get straight to talking, messaging, and sharing your screen.',
|
|
||||||
joinDescription: 'Pick a room name.<br />How about this one?',
|
|
||||||
joinButtonLabel: 'JOIN ROOM',
|
|
||||||
joinLastLabel: 'Your recent room:',
|
|
||||||
},
|
|
||||||
og: {
|
|
||||||
type: 'app-webrtc',
|
|
||||||
siteName: 'MiroTalk',
|
|
||||||
title: 'Click the link to make a call.',
|
|
||||||
description:
|
|
||||||
'MiroTalk calling provides real-time HD quality and latency simply not available with traditional technology.',
|
|
||||||
image: 'https://p2p.mirotalk.com/images/preview.png',
|
|
||||||
url: 'https://p2p.mirotalk.com',
|
|
||||||
},
|
|
||||||
site: {
|
|
||||||
shortcutIcon: '../images/logo.svg',
|
|
||||||
appleTouchIcon: '../images/logo.svg',
|
|
||||||
landingTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
|
|
||||||
newCallTitle: 'MiroTalk a Free Secure Video Calls, Chat & Screen Sharing.',
|
|
||||||
newCallRoomTitle: 'Pick name. <br />Share URL. <br />Start conference.',
|
|
||||||
newCallRoomDescription:
|
|
||||||
"Each room has its disposable URL. Just pick a room name and share your custom URL. It's that easy.",
|
|
||||||
loginTitle: 'MiroTalk - Host Protected login required.',
|
|
||||||
clientTitle: 'MiroTalk WebRTC Video call, Chat Room & Screen Sharing.',
|
|
||||||
privacyPolicyTitle: 'MiroTalk - privacy and policy.',
|
|
||||||
stunTurnTitle: 'Test Stun/Turn Servers.',
|
|
||||||
notFoundTitle: 'MiroTalk - 404 Page not found.',
|
|
||||||
},
|
|
||||||
html: {
|
|
||||||
features: true,
|
|
||||||
browsers: true,
|
|
||||||
teams: true, // please keep me always true ;)
|
|
||||||
tryEasier: true,
|
|
||||||
poweredBy: true,
|
|
||||||
sponsors: true,
|
|
||||||
advertisers: true,
|
|
||||||
footer: true,
|
|
||||||
},
|
|
||||||
about: {
|
|
||||||
imageUrl: '../images/mirotalk-logo.gif',
|
|
||||||
title: `WebRTC P2P v${packageJson.version}`,
|
|
||||||
html: `
|
|
||||||
<button
|
|
||||||
id="support-button"
|
|
||||||
data-umami-event="Support button"
|
|
||||||
onclick="window.open('https://codecanyon.net/user/miroslavpejic85')">
|
|
||||||
<i class="fas fa-heart" ></i> Support
|
|
||||||
</button>
|
|
||||||
<br /><br /><br />
|
|
||||||
Author:<a
|
|
||||||
id="linkedin-button"
|
|
||||||
data-umami-event="Linkedin button"
|
|
||||||
href="https://www.linkedin.com/in/miroslav-pejic-976a07101/" target="_blank">
|
|
||||||
Miroslav Pejic
|
|
||||||
</a>
|
|
||||||
<br /><br />
|
|
||||||
Email:<a
|
|
||||||
id="email-button"
|
|
||||||
data-umami-event="Email button"
|
|
||||||
href="mailto:miroslav.pejic.85@gmail.com?subject=MiroTalk P2P info">
|
|
||||||
miroslav.pejic.85@gmail.com
|
|
||||||
</a>
|
|
||||||
<br /><br />
|
|
||||||
<hr />
|
|
||||||
<span>© 2025 MiroTalk P2P, all rights reserved</span>
|
|
||||||
<hr />
|
|
||||||
`,
|
|
||||||
},
|
|
||||||
//...
|
|
||||||
},
|
|
||||||
/**
|
|
||||||
* Configuration for controlling the visibility of buttons in the MiroTalk P2P client.
|
|
||||||
* Set properties to true to show the corresponding buttons, or false to hide them.
|
|
||||||
* captionBtn, showSwapCameraBtn, showScreenShareBtn, showFullScreenBtn, showVideoPipBtn, showDocumentPipBtn -> (auto-detected).
|
|
||||||
*/
|
|
||||||
buttons: {
|
|
||||||
main: {
|
|
||||||
showShareQr: true,
|
|
||||||
showShareRoomBtn: true, // For guests
|
|
||||||
showHideMeBtn: true,
|
|
||||||
showAudioBtn: true,
|
|
||||||
showVideoBtn: true,
|
|
||||||
showScreenBtn: true, // autodetected
|
|
||||||
showRecordStreamBtn: true,
|
|
||||||
showChatRoomBtn: true,
|
|
||||||
showCaptionRoomBtn: true,
|
|
||||||
showRoomEmojiPickerBtn: true,
|
|
||||||
showMyHandBtn: true,
|
|
||||||
showWhiteboardBtn: true,
|
|
||||||
showSnapshotRoomBtn: true,
|
|
||||||
showFileShareBtn: true,
|
|
||||||
showDocumentPipBtn: true,
|
|
||||||
showMySettingsBtn: true,
|
|
||||||
showAboutBtn: true, // Please keep me always true, Thank you!
|
|
||||||
},
|
|
||||||
chat: {
|
|
||||||
showTogglePinBtn: true,
|
|
||||||
showMaxBtn: true,
|
|
||||||
showSaveMessageBtn: true,
|
|
||||||
showMarkDownBtn: true,
|
|
||||||
showChatGPTBtn: true,
|
|
||||||
showFileShareBtn: true,
|
|
||||||
showShareVideoAudioBtn: true,
|
|
||||||
showParticipantsBtn: true,
|
|
||||||
},
|
|
||||||
caption: {
|
|
||||||
showTogglePinBtn: true,
|
|
||||||
showMaxBtn: true,
|
|
||||||
},
|
|
||||||
settings: {
|
|
||||||
showMicOptionsBtn: true,
|
|
||||||
showTabRoomPeerName: true,
|
|
||||||
showTabRoomParticipants: true,
|
|
||||||
showTabRoomSecurity: true,
|
|
||||||
showTabEmailInvitation: true,
|
|
||||||
showCaptionEveryoneBtn: true,
|
|
||||||
showMuteEveryoneBtn: true,
|
|
||||||
showHideEveryoneBtn: true,
|
|
||||||
showEjectEveryoneBtn: true,
|
|
||||||
showLockRoomBtn: true,
|
|
||||||
showUnlockRoomBtn: true,
|
|
||||||
showShortcutsBtn: true,
|
|
||||||
},
|
|
||||||
remote: {
|
|
||||||
showAudioVolume: true,
|
|
||||||
audioBtnClickAllowed: true,
|
|
||||||
videoBtnClickAllowed: true,
|
|
||||||
showVideoPipBtn: true,
|
|
||||||
showKickOutBtn: true,
|
|
||||||
showSnapShotBtn: true,
|
|
||||||
showFileShareBtn: true,
|
|
||||||
showShareVideoAudioBtn: true,
|
|
||||||
showPrivateMessageBtn: true,
|
|
||||||
showZoomInOutBtn: false,
|
|
||||||
showVideoFocusBtn: true,
|
|
||||||
},
|
|
||||||
local: {
|
|
||||||
showVideoPipBtn: true,
|
|
||||||
showSnapShotBtn: true,
|
|
||||||
showVideoCircleBtn: true,
|
|
||||||
showZoomInOutBtn: false,
|
|
||||||
},
|
|
||||||
whiteboard: {
|
|
||||||
whiteboardLockBtn: false,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
};
|
|
||||||
@@ -1,76 +0,0 @@
|
|||||||
{
|
|
||||||
"Stuns": [
|
|
||||||
{
|
|
||||||
"Proto": "udp",
|
|
||||||
"URI": "stun:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
|
||||||
"Username": "",
|
|
||||||
"Password": null
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"TURNConfig": {
|
|
||||||
"Turns": [
|
|
||||||
{
|
|
||||||
"Proto": "udp",
|
|
||||||
"URI": "turn:netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:3478",
|
|
||||||
"Username": "self",
|
|
||||||
"Password": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"CredentialsTTL": "12h",
|
|
||||||
"Secret": "secret",
|
|
||||||
"TimeBasedCredentials": false
|
|
||||||
},
|
|
||||||
"Relay": {
|
|
||||||
"Addresses": [
|
|
||||||
"rel://netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:33080"
|
|
||||||
],
|
|
||||||
"CredentialsTTL": "24h",
|
|
||||||
"Secret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_RELAY_AUTH_SECRET'] }}"
|
|
||||||
},
|
|
||||||
"Signal": {
|
|
||||||
"Proto": "https",
|
|
||||||
"URI": "netbird.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}:10001",
|
|
||||||
"Username": "",
|
|
||||||
"Password": null
|
|
||||||
},
|
|
||||||
"ReverseProxy": {
|
|
||||||
"TrustedHTTPProxies": [],
|
|
||||||
"TrustedHTTPProxiesCount": 0,
|
|
||||||
"TrustedPeers": [
|
|
||||||
"0.0.0.0/0"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"Datadir": "",
|
|
||||||
"DataStoreEncryptionKey": "",
|
|
||||||
"StoreConfig": {
|
|
||||||
"Engine": "sqlite"
|
|
||||||
},
|
|
||||||
"HttpConfig": {
|
|
||||||
"Address": "0.0.0.0:33073",
|
|
||||||
"AuthIssuer": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}",
|
|
||||||
"AuthAudience": "netbird",
|
|
||||||
"AuthKeysLocation": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/jwks.json",
|
|
||||||
"AuthUserIDClaim": "",
|
|
||||||
"CertFile": "",
|
|
||||||
"CertKey": "",
|
|
||||||
"IdpSignKeyRefreshEnabled": true,
|
|
||||||
"OIDCConfigEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/.well-known/openid-configuration"
|
|
||||||
},
|
|
||||||
"IdpManagerConfig": {},
|
|
||||||
"DeviceAuthorizationFlow": {},
|
|
||||||
"PKCEAuthorizationFlow": {
|
|
||||||
"ProviderConfig": {
|
|
||||||
"Audience": "netbird",
|
|
||||||
"ClientID": "netbird",
|
|
||||||
"ClientSecret": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['AUTHELIA_NETBIRD_CLIENT_SECRET'] }}",
|
|
||||||
"Domain": "",
|
|
||||||
"AuthorizationEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/authorization",
|
|
||||||
"TokenEndpoint": "https://auth.{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['MY_TLD'] }}/api/oidc/token",
|
|
||||||
"Scope": "openid profile email offline_access api",
|
|
||||||
"RedirectURLs": [
|
|
||||||
"http://localhost:53000"
|
|
||||||
],
|
|
||||||
"UseIDToken": true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -1,122 +0,0 @@
|
|||||||
{
|
|
||||||
"issuer": "https://id.trez.wtf",
|
|
||||||
"authorization_endpoint": "https://id.trez.wtf/oauth/v2/authorize",
|
|
||||||
"token_endpoint": "https://id.trez.wtf/oauth/v2/token",
|
|
||||||
"introspection_endpoint": "https://id.trez.wtf/oauth/v2/introspect",
|
|
||||||
"userinfo_endpoint": "https://id.trez.wtf/oidc/v1/userinfo",
|
|
||||||
"revocation_endpoint": "https://id.trez.wtf/oauth/v2/revoke",
|
|
||||||
"end_session_endpoint": "https://id.trez.wtf/oidc/v1/end_session",
|
|
||||||
"device_authorization_endpoint": "https://id.trez.wtf/oauth/v2/device_authorization",
|
|
||||||
"jwks_uri": "https://id.trez.wtf/oauth/v2/keys",
|
|
||||||
"scopes_supported": [
|
|
||||||
"openid",
|
|
||||||
"profile",
|
|
||||||
"email",
|
|
||||||
"phone",
|
|
||||||
"address",
|
|
||||||
"offline_access"
|
|
||||||
],
|
|
||||||
"response_types_supported": [
|
|
||||||
"code",
|
|
||||||
"id_token",
|
|
||||||
"id_token token"
|
|
||||||
],
|
|
||||||
"response_modes_supported": [
|
|
||||||
"query",
|
|
||||||
"fragment",
|
|
||||||
"form_post"
|
|
||||||
],
|
|
||||||
"grant_types_supported": [
|
|
||||||
"authorization_code",
|
|
||||||
"implicit",
|
|
||||||
"refresh_token",
|
|
||||||
"client_credentials",
|
|
||||||
"urn:ietf:params:oauth:grant-type:jwt-bearer",
|
|
||||||
"urn:ietf:params:oauth:grant-type:device_code"
|
|
||||||
],
|
|
||||||
"subject_types_supported": [
|
|
||||||
"public"
|
|
||||||
],
|
|
||||||
"id_token_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"request_object_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"token_endpoint_auth_methods_supported": [
|
|
||||||
"none",
|
|
||||||
"client_secret_basic",
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt"
|
|
||||||
],
|
|
||||||
"token_endpoint_auth_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"revocation_endpoint_auth_methods_supported": [
|
|
||||||
"none",
|
|
||||||
"client_secret_basic",
|
|
||||||
"client_secret_post",
|
|
||||||
"private_key_jwt"
|
|
||||||
],
|
|
||||||
"revocation_endpoint_auth_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"introspection_endpoint_auth_methods_supported": [
|
|
||||||
"client_secret_basic",
|
|
||||||
"private_key_jwt"
|
|
||||||
],
|
|
||||||
"introspection_endpoint_auth_signing_alg_values_supported": [
|
|
||||||
"RS256"
|
|
||||||
],
|
|
||||||
"claims_supported": [
|
|
||||||
"sub",
|
|
||||||
"aud",
|
|
||||||
"exp",
|
|
||||||
"iat",
|
|
||||||
"iss",
|
|
||||||
"auth_time",
|
|
||||||
"nonce",
|
|
||||||
"acr",
|
|
||||||
"amr",
|
|
||||||
"c_hash",
|
|
||||||
"at_hash",
|
|
||||||
"act",
|
|
||||||
"scopes",
|
|
||||||
"client_id",
|
|
||||||
"azp",
|
|
||||||
"preferred_username",
|
|
||||||
"name",
|
|
||||||
"family_name",
|
|
||||||
"given_name",
|
|
||||||
"locale",
|
|
||||||
"email",
|
|
||||||
"email_verified",
|
|
||||||
"phone_number",
|
|
||||||
"phone_number_verified"
|
|
||||||
],
|
|
||||||
"code_challenge_methods_supported": [
|
|
||||||
"S256"
|
|
||||||
],
|
|
||||||
"ui_locales_supported": [
|
|
||||||
"bg",
|
|
||||||
"cs",
|
|
||||||
"de",
|
|
||||||
"en",
|
|
||||||
"es",
|
|
||||||
"fr",
|
|
||||||
"hu",
|
|
||||||
"id",
|
|
||||||
"it",
|
|
||||||
"ja",
|
|
||||||
"ko",
|
|
||||||
"mk",
|
|
||||||
"nl",
|
|
||||||
"pl",
|
|
||||||
"pt",
|
|
||||||
"ru",
|
|
||||||
"sv",
|
|
||||||
"zh"
|
|
||||||
],
|
|
||||||
"request_parameter_supported": true,
|
|
||||||
"request_uri_parameter_supported": false
|
|
||||||
}
|
|
||||||
@@ -1,725 +0,0 @@
|
|||||||
# Coturn TURN SERVER configuration file
|
|
||||||
#
|
|
||||||
# Boolean values note: where a boolean value is supposed to be used,
|
|
||||||
# you can use '0', 'off', 'no', 'false', or 'f' as 'false,
|
|
||||||
# and you can use '1', 'on', 'yes', 'true', or 't' as 'true'
|
|
||||||
# If the value is missing, then it means 'true' by default.
|
|
||||||
#
|
|
||||||
|
|
||||||
# Listener interface device (optional, Linux only).
|
|
||||||
# NOT RECOMMENDED.
|
|
||||||
#
|
|
||||||
#listening-device=eth0
|
|
||||||
|
|
||||||
# TURN listener port for UDP and TCP (Default: 3478).
|
|
||||||
# Note: actually, TLS & DTLS sessions can connect to the
|
|
||||||
# "plain" TCP & UDP port(s), too - if allowed by configuration.
|
|
||||||
#
|
|
||||||
listening-port=3478
|
|
||||||
|
|
||||||
# TURN listener port for TLS (Default: 5349).
|
|
||||||
# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
|
|
||||||
# port(s), too - if allowed by configuration. The TURN server
|
|
||||||
# "automatically" recognizes the type of traffic. Actually, two listening
|
|
||||||
# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
|
|
||||||
# functionality; but Coturn keeps both endpoints to satisfy the RFC 5766 specs.
|
|
||||||
# For secure TCP connections, Coturn currently supports SSL version 3 and
|
|
||||||
# TLS version 1.0, 1.1 and 1.2.
|
|
||||||
# For secure UDP connections, Coturn supports DTLS version 1.
|
|
||||||
#
|
|
||||||
tls-listening-port=5349
|
|
||||||
|
|
||||||
# Alternative listening port for UDP and TCP listeners;
|
|
||||||
# default (or zero) value means "listening port plus one".
|
|
||||||
# This is needed for RFC 5780 support
|
|
||||||
# (STUN extension specs, NAT behavior discovery). The TURN Server
|
|
||||||
# supports RFC 5780 only if it is started with more than one
|
|
||||||
# listening IP address of the same family (IPv4 or IPv6).
|
|
||||||
# RFC 5780 is supported only by UDP protocol, other protocols
|
|
||||||
# are listening to that endpoint only for "symmetry".
|
|
||||||
#
|
|
||||||
#alt-listening-port=0
|
|
||||||
|
|
||||||
# Alternative listening port for TLS and DTLS protocols.
|
|
||||||
# Default (or zero) value means "TLS listening port plus one".
|
|
||||||
#
|
|
||||||
#alt-tls-listening-port=0
|
|
||||||
|
|
||||||
# Some network setups will require using a TCP reverse proxy in front
|
|
||||||
# of the STUN server. If the proxy port option is set a single listener
|
|
||||||
# is started on the given port that accepts connections using the
|
|
||||||
# haproxy proxy protocol v2.
|
|
||||||
# (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt)
|
|
||||||
#
|
|
||||||
#tcp-proxy-port=5555
|
|
||||||
|
|
||||||
# Listener IP address of relay server. Multiple listeners can be specified.
|
|
||||||
# If no IP(s) specified in the config file or in the command line options,
|
|
||||||
# then all IPv4 and IPv6 system IPs will be used for listening.
|
|
||||||
#
|
|
||||||
#listening-ip=172.17.19.101
|
|
||||||
#listening-ip=10.207.21.238
|
|
||||||
#listening-ip=2607:f0d0:1002:51::4
|
|
||||||
|
|
||||||
# Auxiliary STUN/TURN server listening endpoint.
|
|
||||||
# Aux servers have almost full TURN and STUN functionality.
|
|
||||||
# The (minor) limitations are:
|
|
||||||
#
|
|
||||||
# 1) Auxiliary servers do not have alternative ports and
|
|
||||||
# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
|
|
||||||
#
|
|
||||||
# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
|
|
||||||
#
|
|
||||||
# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
|
|
||||||
#
|
|
||||||
# There may be multiple aux-server options, each will be used for listening
|
|
||||||
# to client requests.
|
|
||||||
#
|
|
||||||
#aux-server=172.17.19.110:33478
|
|
||||||
#aux-server=[2607:f0d0:1002:51::4]:33478
|
|
||||||
|
|
||||||
# (recommended for older Linuxes only)
|
|
||||||
# Automatically balance UDP traffic over auxiliary servers (if configured).
|
|
||||||
# The load balancing is using the ALTERNATE-SERVER mechanism.
|
|
||||||
# The TURN client must support 300 ALTERNATE-SERVER response for this
|
|
||||||
# functionality.
|
|
||||||
#
|
|
||||||
#udp-self-balance
|
|
||||||
|
|
||||||
# Relay interface device for relay sockets (optional, Linux only).
|
|
||||||
# NOT RECOMMENDED.
|
|
||||||
#
|
|
||||||
#relay-device=eth1
|
|
||||||
|
|
||||||
# Relay address (the local IP address that will be used to relay the
|
|
||||||
# packets to the peer).
|
|
||||||
# Multiple relay addresses may be used.
|
|
||||||
# The same IP(s) can be used as both listening IP(s) and relay IP(s).
|
|
||||||
#
|
|
||||||
# If no relay IP(s) specified, then the turnserver will apply the default
|
|
||||||
# policy: it will decide itself which relay addresses to be used, and it
|
|
||||||
# will always be using the client socket IP address as the relay IP address
|
|
||||||
# of the TURN session (if the requested relay address family is the same
|
|
||||||
# as the family of the client socket).
|
|
||||||
#
|
|
||||||
#relay-ip=172.17.19.105
|
|
||||||
#relay-ip=2607:f0d0:1002:51::5
|
|
||||||
|
|
||||||
# For Amazon EC2 users:
|
|
||||||
#
|
|
||||||
# TURN Server public/private address mapping, if the server is behind NAT.
|
|
||||||
# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
|
|
||||||
# as relay IP address of all allocations. This scenario works only in a simple case
|
|
||||||
# when one single relay address is be used, and no RFC5780 functionality is required.
|
|
||||||
# That single relay address must be mapped by NAT to the 'external' IP.
|
|
||||||
# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
|
|
||||||
# For that 'external' IP, NAT must forward ports directly (relayed port 12345
|
|
||||||
# must be always mapped to the same 'external' port 12345).
|
|
||||||
#
|
|
||||||
# In more complex case when more than one IP address is involved,
|
|
||||||
# that option must be used several times, each entry must
|
|
||||||
# have form "-X <public-ip/private-ip>", to map all involved addresses.
|
|
||||||
# RFC5780 NAT discovery STUN functionality will work correctly,
|
|
||||||
# if the addresses are mapped properly, even when the TURN server itself
|
|
||||||
# is behind A NAT.
|
|
||||||
#
|
|
||||||
# By default, this value is empty, and no address mapping is used.
|
|
||||||
#
|
|
||||||
# external-ip=193.224.22.37
|
|
||||||
#
|
|
||||||
#OR:
|
|
||||||
#
|
|
||||||
#external-ip=60.70.80.91/172.17.19.101
|
|
||||||
#external-ip=60.70.80.92/172.17.19.102
|
|
||||||
|
|
||||||
external-ip=108.29.206.17
|
|
||||||
|
|
||||||
# Number of the relay threads to handle the established connections
|
|
||||||
# (in addition to authentication thread and the listener thread).
|
|
||||||
# If explicitly set to 0 then application runs relay process in a
|
|
||||||
# single thread, in the same thread with the listener process
|
|
||||||
# (the authentication thread will still be a separate thread).
|
|
||||||
#
|
|
||||||
# If this parameter is not set, then the default OS-dependent
|
|
||||||
# thread pattern algorithm will be employed. Usually the default
|
|
||||||
# algorithm is optimal, so you have to change this option
|
|
||||||
# if you want to make some fine tweaks.
|
|
||||||
#
|
|
||||||
# In the older systems (Linux kernel before 3.9),
|
|
||||||
# the number of UDP threads is always one thread per network listening
|
|
||||||
# endpoint - including the auxiliary endpoints - unless 0 (zero) or
|
|
||||||
# 1 (one) value is set.
|
|
||||||
#
|
|
||||||
#relay-threads=0
|
|
||||||
|
|
||||||
# Lower and upper bounds of the UDP relay endpoints:
|
|
||||||
# (default values are 49152 and 65535)
|
|
||||||
#
|
|
||||||
min-port=49152
|
|
||||||
max-port=65535
|
|
||||||
|
|
||||||
# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
|
|
||||||
# By default the verbose mode is off.
|
|
||||||
#verbose
|
|
||||||
|
|
||||||
# Uncomment to run TURN server in 'extra' verbose mode.
|
|
||||||
# This mode is very annoying and produces lots of output.
|
|
||||||
# Not recommended under normal circumstances.
|
|
||||||
#
|
|
||||||
#Verbose
|
|
||||||
|
|
||||||
# Uncomment to use fingerprints in the TURN messages.
|
|
||||||
# By default the fingerprints are off.
|
|
||||||
#
|
|
||||||
fingerprint
|
|
||||||
|
|
||||||
# Uncomment to use long-term credential mechanism.
|
|
||||||
# By default no credentials mechanism is used (any user allowed).
|
|
||||||
#
|
|
||||||
lt-cred-mech
|
|
||||||
|
|
||||||
# This option is the opposite of lt-cred-mech.
|
|
||||||
# (TURN Server with no-auth option allows anonymous access).
|
|
||||||
# If neither option is defined, and no users are defined,
|
|
||||||
# then no-auth is default. If at least one user is defined,
|
|
||||||
# in this file, in command line or in usersdb file, then
|
|
||||||
# lt-cred-mech is default.
|
|
||||||
#
|
|
||||||
#no-auth
|
|
||||||
|
|
||||||
# TURN REST API flag.
|
|
||||||
# (Time Limited Long Term Credential)
|
|
||||||
# Flag that sets a special authorization option that is based upon authentication secret.
|
|
||||||
#
|
|
||||||
# This feature's purpose is to support "TURN Server REST API", see
|
|
||||||
# "TURN REST API" link in the project's page
|
|
||||||
# https://github.com/coturn/coturn/
|
|
||||||
#
|
|
||||||
# This option is used with timestamp:
|
|
||||||
#
|
|
||||||
# usercombo -> "timestamp:userid"
|
|
||||||
# turn user -> usercombo
|
|
||||||
# turn password -> base64(hmac(secret key, usercombo))
|
|
||||||
#
|
|
||||||
# This allows TURN credentials to be accounted for a specific user id.
|
|
||||||
# If you don't have a suitable id, then the timestamp alone can be used.
|
|
||||||
# This option is enabled by turning on secret-based authentication.
|
|
||||||
# The actual value of the secret is defined either by the option static-auth-secret,
|
|
||||||
# or can be found in the turn_secret table in the database (see below).
|
|
||||||
#
|
|
||||||
# Read more about it:
|
|
||||||
# - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
|
|
||||||
# - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
|
|
||||||
#
|
|
||||||
# Be aware that use-auth-secret overrides some parts of lt-cred-mech.
|
|
||||||
# The use-auth-secret feature depends internally on lt-cred-mech, so if you set
|
|
||||||
# this option then it automatically enables lt-cred-mech internally
|
|
||||||
# as if you had enabled both.
|
|
||||||
#
|
|
||||||
# Note that you can use only one auth mechanism at the same time! This is because,
|
|
||||||
# both mechanisms conduct username and password validation in different ways.
|
|
||||||
#
|
|
||||||
# Use either lt-cred-mech or use-auth-secret in the conf
|
|
||||||
# to avoid any confusion.
|
|
||||||
#
|
|
||||||
#use-auth-secret
|
|
||||||
|
|
||||||
# 'Static' authentication secret value (a string) for TURN REST API only.
|
|
||||||
# If not set, then the turn server
|
|
||||||
# will try to use the 'dynamic' value in the turn_secret table
|
|
||||||
# in the user database (if present). The database-stored value can be changed on-the-fly
|
|
||||||
# by a separate program, so this is why that mode is considered 'dynamic'.
|
|
||||||
#
|
|
||||||
#static-auth-secret=north
|
|
||||||
|
|
||||||
# Server name used for
|
|
||||||
# the oAuth authentication purposes.
|
|
||||||
# The default value is the realm name.
|
|
||||||
#
|
|
||||||
# server-name=stun.wiretrustee.com
|
|
||||||
|
|
||||||
# Flag that allows oAuth authentication.
|
|
||||||
#
|
|
||||||
#oauth
|
|
||||||
|
|
||||||
# 'Static' user accounts for the long term credentials mechanism, only.
|
|
||||||
# This option cannot be used with TURN REST API.
|
|
||||||
# 'Static' user accounts are NOT dynamically checked by the turnserver process,
|
|
||||||
# so they can NOT be changed while the turnserver is running.
|
|
||||||
#
|
|
||||||
#user=username1:key1
|
|
||||||
#user=username2:key2
|
|
||||||
# OR:
|
|
||||||
user=self:{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['NETBIRD_TURN_PASSWORD'] }}
|
|
||||||
#user=username2:password2
|
|
||||||
#
|
|
||||||
# Keys must be generated by turnadmin utility. The key value depends
|
|
||||||
# on user name, realm, and password:
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
|
|
||||||
# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
|
|
||||||
# ('0x' in the beginning of the key is what differentiates the key from
|
|
||||||
# password. If it has 0x then it is a key, otherwise it is a password).
|
|
||||||
#
|
|
||||||
# The corresponding user account entry in the config file will be:
|
|
||||||
#
|
|
||||||
#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
|
|
||||||
# Or, equivalently, with open clear password (less secure):
|
|
||||||
#user=ninefingers:youhavetoberealistic
|
|
||||||
#
|
|
||||||
|
|
||||||
# SQLite database file name.
|
|
||||||
#
|
|
||||||
# The default file name is /var/db/turndb or /usr/local/var/db/turndb or
|
|
||||||
# /var/lib/turn/turndb.
|
|
||||||
#
|
|
||||||
#userdb=/var/db/turndb
|
|
||||||
|
|
||||||
# PostgreSQL database connection string in the case that you are using PostgreSQL
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for the long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
|
|
||||||
# versions connection string format, see
|
|
||||||
# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
|
|
||||||
# for 9.x and newer connection string formats.
|
|
||||||
#
|
|
||||||
#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
|
|
||||||
|
|
||||||
# MySQL database connection string in the case that you are using MySQL
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for the long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
#
|
|
||||||
# Optional connection string parameters for the secure communications (SSL):
|
|
||||||
# ca, capath, cert, key, cipher
|
|
||||||
# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
|
|
||||||
# command options description).
|
|
||||||
#
|
|
||||||
# Use the string format below (space separated parameters, all optional):
|
|
||||||
#
|
|
||||||
# mysql-userdb="host=mysql dbname=coturn user=coturn password=CHANGE_ME port=3306 connect_timeout=10 read_timeout=10"
|
|
||||||
|
|
||||||
# If you want to use an encrypted password in the MySQL connection string,
|
|
||||||
# then set the MySQL password encryption secret key file with this option.
|
|
||||||
#
|
|
||||||
# Warning: If this option is set, then the mysql password must be set in "mysql-userdb" in an encrypted format!
|
|
||||||
# If you want to use a cleartext password then do not set this option!
|
|
||||||
#
|
|
||||||
# This is the file path for the aes encrypted secret key used for password encryption.
|
|
||||||
#
|
|
||||||
#secret-key-file=/path/
|
|
||||||
|
|
||||||
# MongoDB database connection string in the case that you are using MongoDB
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
# Use the string format described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
|
|
||||||
#
|
|
||||||
#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
|
|
||||||
|
|
||||||
# Redis database connection string in the case that you are using Redis
|
|
||||||
# as the user database.
|
|
||||||
# This database can be used for long-term credential mechanism
|
|
||||||
# and it can store the secret value for secret-based timed authentication in TURN REST API.
|
|
||||||
# Use the string format below (space separated parameters, all optional):
|
|
||||||
#
|
|
||||||
#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
|
||||||
|
|
||||||
# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
|
|
||||||
# This database keeps allocations status information, and it can be also used for publishing
|
|
||||||
# and delivering traffic and allocation event notifications.
|
|
||||||
# The connection string has the same parameters as redis-userdb connection string.
|
|
||||||
# Use the string format below (space separated parameters, all optional):
|
|
||||||
#
|
|
||||||
#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
|
|
||||||
|
|
||||||
# The default realm to be used for the users when no explicit
|
|
||||||
# origin/realm relationship is found in the database, or if the TURN
|
|
||||||
# server is not using any database (just the commands-line settings
|
|
||||||
# and the userdb file). Must be used with long-term credentials
|
|
||||||
# mechanism or with TURN REST API.
|
|
||||||
#
|
|
||||||
# Note: If the default realm is not specified, then realm falls back to the host domain name.
|
|
||||||
# If the domain name string is empty, or set to '(None)', then it is initialized as an empty string.
|
|
||||||
#
|
|
||||||
# realm=wiretrustee.com
|
|
||||||
# This flag sets the origin consistency
|
|
||||||
# check. Across the session, all requests must have the same
|
|
||||||
# main ORIGIN attribute value (if the ORIGIN was
|
|
||||||
# initially used by the session).
|
|
||||||
#
|
|
||||||
#check-origin-consistency
|
|
||||||
|
|
||||||
# Per-user allocation quota.
|
|
||||||
# default value is 0 (no quota, unlimited number of sessions per user).
|
|
||||||
# This option can also be set through the database, for a particular realm.
|
|
||||||
#
|
|
||||||
#user-quota=0
|
|
||||||
|
|
||||||
# Total allocation quota.
|
|
||||||
# default value is 0 (no quota).
|
|
||||||
# This option can also be set through the database, for a particular realm.
|
|
||||||
#
|
|
||||||
#total-quota=0
|
|
||||||
|
|
||||||
# Max bytes-per-second bandwidth a TURN session is allowed to handle
|
|
||||||
# (input and output network streams are treated separately). Anything above
|
|
||||||
# that limit will be dropped or temporarily suppressed (within
|
|
||||||
# the available buffer limits).
|
|
||||||
# This option can also be set through the database, for a particular realm.
|
|
||||||
#
|
|
||||||
#max-bps=0
|
|
||||||
|
|
||||||
#
|
|
||||||
# Maximum server capacity.
|
|
||||||
# Total bytes-per-second bandwidth the TURN server is allowed to allocate
|
|
||||||
# for the sessions, combined (input and output network streams are treated separately).
|
|
||||||
#
|
|
||||||
# bps-capacity=0
|
|
||||||
|
|
||||||
# Uncomment if no UDP client listener is desired.
|
|
||||||
# By default UDP client listener is always started.
|
|
||||||
#
|
|
||||||
#no-udp
|
|
||||||
|
|
||||||
# Uncomment if no TCP client listener is desired.
|
|
||||||
# By default TCP client listener is always started.
|
|
||||||
#
|
|
||||||
#no-tcp
|
|
||||||
|
|
||||||
# Uncomment if no TLS client listener is desired.
|
|
||||||
# By default TLS client listener is always started.
|
|
||||||
#
|
|
||||||
#no-tls
|
|
||||||
|
|
||||||
# Uncomment if no DTLS client listener is desired.
|
|
||||||
# By default DTLS client listener is always started.
|
|
||||||
#
|
|
||||||
#no-dtls
|
|
||||||
|
|
||||||
# Uncomment if no UDP relay endpoints are allowed.
|
|
||||||
# By default UDP relay endpoints are enabled (like in RFC 5766).
|
|
||||||
#
|
|
||||||
#no-udp-relay
|
|
||||||
|
|
||||||
# Uncomment if no TCP relay endpoints are allowed.
|
|
||||||
# By default TCP relay endpoints are enabled (like in RFC 6062).
|
|
||||||
#
|
|
||||||
#no-tcp-relay
|
|
||||||
|
|
||||||
# Uncomment if extra security is desired,
|
|
||||||
# with nonce value having a limited lifetime.
|
|
||||||
# The nonce value is unique for a session.
|
|
||||||
# Set this option to limit the nonce lifetime.
|
|
||||||
# Set it to 0 for unlimited lifetime.
|
|
||||||
# It defaults to 600 secs (10 min) if no value is provided. After that delay,
|
|
||||||
# the client will get 438 error and will have to re-authenticate itself.
|
|
||||||
#
|
|
||||||
#stale-nonce=600
|
|
||||||
|
|
||||||
# Uncomment if you want to set the maximum allocation
|
|
||||||
# time before it has to be refreshed.
|
|
||||||
# Default is 3600s.
|
|
||||||
#
|
|
||||||
#max-allocate-lifetime=3600
|
|
||||||
|
|
||||||
|
|
||||||
# Uncomment to set the lifetime for the channel.
|
|
||||||
# Default value is 600 secs (10 minutes).
|
|
||||||
# This value MUST not be changed for production purposes.
|
|
||||||
#
|
|
||||||
#channel-lifetime=600
|
|
||||||
|
|
||||||
# Uncomment to set the permission lifetime.
|
|
||||||
# Default to 300 secs (5 minutes).
|
|
||||||
# In production this value MUST not be changed,
|
|
||||||
# however it can be useful for test purposes.
|
|
||||||
#
|
|
||||||
#permission-lifetime=300
|
|
||||||
|
|
||||||
# Certificate file.
|
|
||||||
# Use an absolute path or path relative to the
|
|
||||||
# configuration file.
|
|
||||||
# Use PEM file format.
|
|
||||||
#
|
|
||||||
cert=/etc/coturn/certs/cert.pem
|
|
||||||
|
|
||||||
# Private key file.
|
|
||||||
# Use an absolute path or path relative to the
|
|
||||||
# configuration file.
|
|
||||||
# Use PEM file format.
|
|
||||||
#
|
|
||||||
pkey=/etc/coturn/private/privkey.pem
|
|
||||||
|
|
||||||
# Private key file password, if it is in encoded format.
|
|
||||||
# This option has no default value.
|
|
||||||
#
|
|
||||||
#pkey-pwd=...
|
|
||||||
|
|
||||||
# Allowed OpenSSL cipher list for TLS/DTLS connections.
|
|
||||||
# Default value is "DEFAULT".
|
|
||||||
#
|
|
||||||
#cipher-list="DEFAULT"
|
|
||||||
|
|
||||||
# CA file in OpenSSL format.
|
|
||||||
# Forces TURN server to verify the client SSL certificates.
|
|
||||||
# By default this is not set: there is no default value and the client
|
|
||||||
# certificate is not checked.
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
#CA-file=/etc/ssh/id_rsa.cert
|
|
||||||
|
|
||||||
# Curve name for EC ciphers, if supported by OpenSSL
|
|
||||||
# library (TLS and DTLS). The default value is prime256v1,
|
|
||||||
# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
|
|
||||||
# an optimal curve will be automatically calculated, if not defined
|
|
||||||
# by this option.
|
|
||||||
#
|
|
||||||
#ec-curve-name=prime256v1
|
|
||||||
|
|
||||||
# Use 566 bits predefined DH TLS key. Default size of the key is 2066.
|
|
||||||
#
|
|
||||||
#dh566
|
|
||||||
|
|
||||||
# Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
|
|
||||||
#
|
|
||||||
#dh1066
|
|
||||||
|
|
||||||
# Use custom DH TLS key, stored in PEM format in the file.
|
|
||||||
# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
|
|
||||||
#
|
|
||||||
#dh-file=<DH-PEM-file-name>
|
|
||||||
|
|
||||||
# Flag to prevent stdout log messages.
|
|
||||||
# By default, all log messages go to both stdout and to
|
|
||||||
# the configured log file. With this option everything will
|
|
||||||
# go to the configured log only (unless the log file itself is stdout).
|
|
||||||
#
|
|
||||||
#no-stdout-log
|
|
||||||
|
|
||||||
# Option to set the log file name.
|
|
||||||
# By default, the turnserver tries to open a log file in
|
|
||||||
# /var/log, /var/tmp, /tmp and the current directory
|
|
||||||
# (Whichever file open operation succeeds first will be used).
|
|
||||||
# With this option you can set the definite log file name.
|
|
||||||
# The special names are "stdout" and "-" - they will force everything
|
|
||||||
# to the stdout. Also, the "syslog" name will force everything to
|
|
||||||
# the system log (syslog).
|
|
||||||
# In the runtime, the logfile can be reset with the SIGHUP signal
|
|
||||||
# to the turnserver process.
|
|
||||||
#
|
|
||||||
log-file=stdout
|
|
||||||
|
|
||||||
# Option to redirect all log output into system log (syslog).
|
|
||||||
#
|
|
||||||
# syslog
|
|
||||||
|
|
||||||
# This flag means that no log file rollover will be used, and the log file
|
|
||||||
# name will be constructed as-is, without PID and date appendage.
|
|
||||||
# This option can be used, for example, together with the logrotate tool.
|
|
||||||
#
|
|
||||||
#simple-log
|
|
||||||
|
|
||||||
# Option to set the "redirection" mode. The value of this option
|
|
||||||
# will be the address of the alternate server for UDP & TCP service in the form of
|
|
||||||
# <ip>[:<port>]. The server will send this value in the attribute
|
|
||||||
# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
|
|
||||||
# Client will receive only values with the same address family
|
|
||||||
# as the client network endpoint address family.
|
|
||||||
# See RFC 5389 and RFC 5766 for the description of ALTERNATE-SERVER functionality.
|
|
||||||
# The client must use the obtained value for subsequent TURN communications.
|
|
||||||
# If more than one --alternate-server option is provided, then the functionality
|
|
||||||
# can be more accurately described as "load-balancing" than a mere "redirection".
|
|
||||||
# If the port number is omitted, then the default port
|
|
||||||
# number 3478 for the UDP/TCP protocols will be used.
|
|
||||||
# Colon (:) characters in IPv6 addresses may conflict with the syntax of
|
|
||||||
# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
|
|
||||||
# in square brackets in such resource identifiers, for example:
|
|
||||||
# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
|
|
||||||
# Multiple alternate servers can be set. They will be used in the
|
|
||||||
# round-robin manner. All servers in the pool are considered of equal weight and
|
|
||||||
# the load will be distributed equally. For example, if you have 4 alternate servers,
|
|
||||||
# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
|
|
||||||
# address can be used more than one time with the alternate-server option, so this
|
|
||||||
# can emulate "weighting" of the servers.
|
|
||||||
#
|
|
||||||
# Examples:
|
|
||||||
#alternate-server=1.2.3.4:5678
|
|
||||||
#alternate-server=11.22.33.44:56789
|
|
||||||
#alternate-server=5.6.7.8
|
|
||||||
#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
|
||||||
|
|
||||||
# Option to set alternative server for TLS & DTLS services in form of
|
|
||||||
# <ip>:<port>. If the port number is omitted, then the default port
|
|
||||||
# number 5349 for the TLS/DTLS protocols will be used. See the previous
|
|
||||||
# option for the functionality description.
|
|
||||||
#
|
|
||||||
# Examples:
|
|
||||||
#tls-alternate-server=1.2.3.4:5678
|
|
||||||
#tls-alternate-server=11.22.33.44:56789
|
|
||||||
#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
|
|
||||||
|
|
||||||
# Option to suppress TURN functionality, only STUN requests will be processed.
|
|
||||||
# Run as STUN server only, all TURN requests will be ignored.
|
|
||||||
# By default, this option is NOT set.
|
|
||||||
#
|
|
||||||
#stun-only
|
|
||||||
|
|
||||||
# Option to hide software version. Enhance security when used in production.
|
|
||||||
# Revealing the specific software version of the agent through the
|
|
||||||
# SOFTWARE attribute might allow them to become more vulnerable to
|
|
||||||
# attacks against software that is known to contain security holes.
|
|
||||||
# Implementers SHOULD make usage of the SOFTWARE attribute a
|
|
||||||
# configurable option (https://tools.ietf.org/html/rfc5389#section-16.1.2)
|
|
||||||
#
|
|
||||||
no-software-attribute
|
|
||||||
|
|
||||||
# Option to suppress STUN functionality, only TURN requests will be processed.
|
|
||||||
# Run as TURN server only, all STUN requests will be ignored.
|
|
||||||
# By default, this option is NOT set.
|
|
||||||
#
|
|
||||||
#no-stun
|
|
||||||
|
|
||||||
# This is the timestamp/username separator symbol (character) in TURN REST API.
|
|
||||||
# The default value is ':'.
|
|
||||||
# rest-api-separator=:
|
|
||||||
|
|
||||||
# Flag that can be used to allow peers on the loopback addresses (127.x.x.x and ::1).
|
|
||||||
# This is an extra security measure.
|
|
||||||
#
|
|
||||||
# (To avoid any security issue that allowing loopback access may raise,
|
|
||||||
# the no-loopback-peers option is replaced by allow-loopback-peers.)
|
|
||||||
#
|
|
||||||
# Allow it only for testing in a development environment!
|
|
||||||
# In production it adds a possible security vulnerability, so for security reasons
|
|
||||||
# it is not allowed using it together with empty cli-password.
|
|
||||||
#
|
|
||||||
#allow-loopback-peers
|
|
||||||
|
|
||||||
# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
|
|
||||||
# This is an extra security measure.
|
|
||||||
#
|
|
||||||
#no-multicast-peers
|
|
||||||
|
|
||||||
# Option to set the max time, in seconds, allowed for full allocation establishment.
|
|
||||||
# Default is 60 seconds.
|
|
||||||
#
|
|
||||||
#max-allocate-timeout=60
|
|
||||||
|
|
||||||
# Option to allow or ban specific ip addresses or ranges of ip addresses.
|
|
||||||
# If an ip address is specified as both allowed and denied, then the ip address is
|
|
||||||
# considered to be allowed. This is useful when you wish to ban a range of ip
|
|
||||||
# addresses, except for a few specific ips within that range.
|
|
||||||
#
|
|
||||||
# This can be used when you do not want users of the turn server to be able to access
|
|
||||||
# machines reachable by the turn server, but would otherwise be unreachable from the
|
|
||||||
# internet (e.g. when the turn server is sitting behind a NAT)
|
|
||||||
#
|
|
||||||
# Examples:
|
|
||||||
# denied-peer-ip=83.166.64.0-83.166.95.255
|
|
||||||
# allowed-peer-ip=83.166.68.45
|
|
||||||
|
|
||||||
# File name to store the pid of the process.
|
|
||||||
# Default is /var/run/turnserver.pid (if superuser account is used) or
|
|
||||||
# /var/tmp/turnserver.pid .
|
|
||||||
#
|
|
||||||
pidfile="/var/tmp/turnserver.pid"
|
|
||||||
|
|
||||||
# Require authentication of the STUN Binding request.
|
|
||||||
# By default, the clients are allowed anonymous access to the STUN Binding functionality.
|
|
||||||
#
|
|
||||||
#secure-stun
|
|
||||||
|
|
||||||
# Mobility with ICE (MICE) specs support.
|
|
||||||
#
|
|
||||||
#mobility
|
|
||||||
|
|
||||||
# Allocate Address Family according
|
|
||||||
# If enabled then TURN server allocates address family according the TURN
|
|
||||||
# Client <=> Server communication address family.
|
|
||||||
# (By default Coturn works according RFC 6156.)
|
|
||||||
# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
|
|
||||||
#
|
|
||||||
#keep-address-family
|
|
||||||
|
|
||||||
|
|
||||||
# User name to run the process. After the initialization, the turnserver process
|
|
||||||
# will attempt to change the current user ID to that user.
|
|
||||||
#
|
|
||||||
#proc-user=<user-name>
|
|
||||||
|
|
||||||
# Group name to run the process. After the initialization, the turnserver process
|
|
||||||
# will attempt to change the current group ID to that group.
|
|
||||||
#
|
|
||||||
#proc-group=<group-name>
|
|
||||||
|
|
||||||
# Turn OFF the CLI support.
|
|
||||||
# By default it is always ON.
|
|
||||||
# See also options cli-ip and cli-port.
|
|
||||||
#
|
|
||||||
no-cli
|
|
||||||
|
|
||||||
#Local system IP address to be used for CLI server endpoint. Default value
|
|
||||||
# is 127.0.0.1.
|
|
||||||
#
|
|
||||||
# cli-ip=127.0.0.1
|
|
||||||
|
|
||||||
# CLI server port. Default is 5766.
|
|
||||||
#
|
|
||||||
# cli-port=5766
|
|
||||||
|
|
||||||
# CLI access password. Default is empty (no password).
|
|
||||||
# For the security reasons, it is recommended that you use the encrypted
|
|
||||||
# form of the password (see the -P command in the turnadmin utility).
|
|
||||||
#
|
|
||||||
# Secure form for password 'qwerty':
|
|
||||||
#
|
|
||||||
#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
|
|
||||||
#
|
|
||||||
# Or insecure form for the same password:
|
|
||||||
#
|
|
||||||
# cli-password=CHANGE_ME
|
|
||||||
|
|
||||||
# Enable Web-admin support on https. By default it is Disabled.
|
|
||||||
# If it is enabled it also enables a http a simple static banner page
|
|
||||||
# with a small reminder that the admin page is available only on https.
|
|
||||||
#
|
|
||||||
#web-admin
|
|
||||||
|
|
||||||
# Local system IP address to be used for Web-admin server endpoint. Default value is 127.0.0.1.
|
|
||||||
#
|
|
||||||
#web-admin-ip=127.0.0.1
|
|
||||||
|
|
||||||
# Web-admin server port. Default is 8080.
|
|
||||||
#
|
|
||||||
#web-admin-port=8080
|
|
||||||
|
|
||||||
# Web-admin server listen on STUN/TURN worker threads
|
|
||||||
# By default it is disabled for security reasons! (Not recommended in any production environment!)
|
|
||||||
#
|
|
||||||
#web-admin-listen-on-workers
|
|
||||||
|
|
||||||
# Server relay. NON-STANDARD AND DANGEROUS OPTION.
|
|
||||||
# Only for those applications when you want to run
|
|
||||||
# server applications on the relay endpoints.
|
|
||||||
# This option eliminates the IP permissions check on
|
|
||||||
# the packets incoming to the relay endpoints.
|
|
||||||
#
|
|
||||||
#server-relay
|
|
||||||
|
|
||||||
# Maximum number of output sessions in ps CLI command.
|
|
||||||
# This value can be changed on-the-fly in CLI. The default value is 256.
|
|
||||||
#
|
|
||||||
#cli-max-output-sessions
|
|
||||||
|
|
||||||
# Set network engine type for the process (for internal purposes).
|
|
||||||
#
|
|
||||||
#ne=[1|2|3]
|
|
||||||
|
|
||||||
# Do not allow an TLS/DTLS version of protocol
|
|
||||||
#
|
|
||||||
#no-tlsv1
|
|
||||||
#no-tlsv1_1
|
|
||||||
#no-tlsv1_2
|
|
||||||
@@ -1,11 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<clickhouse>
|
|
||||||
<profiles>
|
|
||||||
<default>
|
|
||||||
<log_queries>0</log_queries>
|
|
||||||
<log_query_threads>0</log_query_threads>
|
|
||||||
</default>
|
|
||||||
</profiles>
|
|
||||||
</clickhouse>
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
{
|
|
||||||
"$schema": "../schemas/v2/index.json",
|
|
||||||
"repos": [
|
|
||||||
{
|
|
||||||
"type": "gitea",
|
|
||||||
"token": "{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['GITEA_SONARQUBE_BOT_GITEA_TOKEN'] }}",
|
|
||||||
"url": "https://git.trez.wtf",
|
|
||||||
"revisions": {
|
|
||||||
"branches": [
|
|
||||||
"main",
|
|
||||||
"*"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
<?xml version='1.0' encoding='UTF-8'?>
|
|
||||||
|
|
||||||
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
|
|
||||||
|
|
||||||
<properties>
|
|
||||||
|
|
||||||
<entry key='config.default'>./conf/default.xml</entry>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
|
|
||||||
This is the main configuration file. All your configuration parameters should be placed in this file.
|
|
||||||
|
|
||||||
Default configuration parameters are located in the "default.xml" file. You should not modify it to avoid issues
|
|
||||||
with upgrading to a new version. Parameters in the main config file override values in the default file. Do not
|
|
||||||
remove "config.default" parameter from this file unless you know what you are doing.
|
|
||||||
|
|
||||||
For list of available parameters see following page: https://www.traccar.org/configuration-file/
|
|
||||||
|
|
||||||
-->
|
|
||||||
|
|
||||||
<entry key='database.driver'>org.postgresql.Driver</entry>
|
|
||||||
<entry key='database.url'>jdbc:postgresql://traccar-pg:5432/traccar-db</entry>
|
|
||||||
<entry key='database.user'>traccar</entry>
|
|
||||||
<entry key='database.password'>{{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}</entry>
|
|
||||||
|
|
||||||
</properties>
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
sources:
|
|
||||||
rinoa_docker_logs:
|
|
||||||
type: docker_logs
|
|
||||||
exclude_containers:
|
|
||||||
- vector
|
|
||||||
|
|
||||||
sinks:
|
|
||||||
parseable:
|
|
||||||
type: http
|
|
||||||
method: post
|
|
||||||
batch:
|
|
||||||
max_bytes: 10485760
|
|
||||||
max_events: 1000
|
|
||||||
timeout_secs: 10
|
|
||||||
compression: gzip
|
|
||||||
inputs:
|
|
||||||
- rinoa_docker_logs
|
|
||||||
encoding:
|
|
||||||
codec: json
|
|
||||||
uri: http://parseable:8000/api/v1/ingest'
|
|
||||||
auth:
|
|
||||||
strategy: basic
|
|
||||||
user: admin
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['PARSEABLE_PASSWORD'] }}
|
|
||||||
request:
|
|
||||||
headers:
|
|
||||||
X-P-Stream: rinoa-docker-logs
|
|
||||||
healthcheck:
|
|
||||||
enabled: true
|
|
||||||
path: 'http://parseable:8000/api/v1/liveness'
|
|
||||||
port: 80
|
|
||||||
@@ -1,19 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
nodes:
|
|
||||||
# Wazuh indexer server nodes
|
|
||||||
indexer:
|
|
||||||
- name: wazuh.indexer
|
|
||||||
ip: wazuh.indexer
|
|
||||||
|
|
||||||
# Wazuh server nodes
|
|
||||||
# Use node_type only with more than one Wazuh manager
|
|
||||||
server:
|
|
||||||
- name: wazuh.manager
|
|
||||||
ip: wazuh.manager
|
|
||||||
|
|
||||||
# Wazuh dashboard node
|
|
||||||
dashboard:
|
|
||||||
- name: wazuh.dashboard
|
|
||||||
ip: wazuh.dashboard
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
server.host: 0.0.0.0
|
|
||||||
server.port: 5601
|
|
||||||
opensearch.hosts: https://wazuh.indexer:9200
|
|
||||||
opensearch.ssl.verificationMode: certificate
|
|
||||||
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
|
|
||||||
opensearch_security.multitenancy.enabled: false
|
|
||||||
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
|
|
||||||
server.ssl.enabled: true
|
|
||||||
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
|
|
||||||
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
|
|
||||||
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
|
||||||
uiSettings.overrides.defaultRoute: /app/wz-home
|
|
||||||
@@ -1,9 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
hosts:
|
|
||||||
- 1513629884013:
|
|
||||||
url: "https://wazuh.manager"
|
|
||||||
port: 55000
|
|
||||||
username: wazuh-wui
|
|
||||||
password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['WAZUH_API_PASSWORD'] }}
|
|
||||||
run_as: false
|
|
||||||
@@ -1,32 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
network.host: "0.0.0.0"
|
|
||||||
node.name: "wazuh.indexer"
|
|
||||||
path.data: /var/lib/wazuh-indexer
|
|
||||||
path.logs: /var/log/wazuh-indexer
|
|
||||||
discovery.type: single-node
|
|
||||||
http.port: 9200-9299
|
|
||||||
transport.tcp.port: 9300-9399
|
|
||||||
compatibility.override_main_response_version: true
|
|
||||||
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
|
||||||
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
|
||||||
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
|
||||||
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
|
||||||
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
|
||||||
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
|
|
||||||
plugins.security.ssl.http.enabled: true
|
|
||||||
plugins.security.ssl.transport.enforce_hostname_verification: false
|
|
||||||
plugins.security.ssl.transport.resolve_hostname: false
|
|
||||||
plugins.security.authcz.admin_dn:
|
|
||||||
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
|
|
||||||
plugins.security.check_snapshot_restore_write_privileges: true
|
|
||||||
plugins.security.enable_snapshot_restore_privilege: true
|
|
||||||
plugins.security.nodes_dn:
|
|
||||||
- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
|
|
||||||
plugins.security.restapi.roles_enabled:
|
|
||||||
- "all_access"
|
|
||||||
- "security_rest_api_access"
|
|
||||||
plugins.security.system_indices.enabled: true
|
|
||||||
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
|
|
||||||
plugins.security.allow_default_init_securityindex: true
|
|
||||||
cluster.routing.allocation.disk.threshold_enabled: false
|
|
||||||
@@ -1,311 +0,0 @@
|
|||||||
<ossec_config>
|
|
||||||
<global>
|
|
||||||
<jsonout_output>yes</jsonout_output>
|
|
||||||
<alerts_log>yes</alerts_log>
|
|
||||||
<logall>no</logall>
|
|
||||||
<logall_json>no</logall_json>
|
|
||||||
<email_notification>no</email_notification>
|
|
||||||
<smtp_server>smtp.example.wazuh.com</smtp_server>
|
|
||||||
<email_from>wazuh@example.wazuh.com</email_from>
|
|
||||||
<email_to>recipient@example.wazuh.com</email_to>
|
|
||||||
<email_maxperhour>12</email_maxperhour>
|
|
||||||
<email_log_source>alerts.log</email_log_source>
|
|
||||||
<agents_disconnection_time>10m</agents_disconnection_time>
|
|
||||||
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
|
|
||||||
</global>
|
|
||||||
|
|
||||||
<alerts>
|
|
||||||
<log_alert_level>3</log_alert_level>
|
|
||||||
<email_alert_level>12</email_alert_level>
|
|
||||||
</alerts>
|
|
||||||
|
|
||||||
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
|
|
||||||
<logging>
|
|
||||||
<log_format>plain</log_format>
|
|
||||||
</logging>
|
|
||||||
|
|
||||||
<remote>
|
|
||||||
<connection>secure</connection>
|
|
||||||
<port>1514</port>
|
|
||||||
<protocol>tcp</protocol>
|
|
||||||
<queue_size>131072</queue_size>
|
|
||||||
</remote>
|
|
||||||
|
|
||||||
<!-- Policy monitoring -->
|
|
||||||
<rootcheck>
|
|
||||||
<disabled>no</disabled>
|
|
||||||
<check_files>yes</check_files>
|
|
||||||
<check_trojans>yes</check_trojans>
|
|
||||||
<check_dev>yes</check_dev>
|
|
||||||
<check_sys>yes</check_sys>
|
|
||||||
<check_pids>yes</check_pids>
|
|
||||||
<check_ports>yes</check_ports>
|
|
||||||
<check_if>yes</check_if>
|
|
||||||
|
|
||||||
<!-- Frequency that rootcheck is executed - every 12 hours -->
|
|
||||||
<frequency>43200</frequency>
|
|
||||||
|
|
||||||
<rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
|
|
||||||
<rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
|
|
||||||
|
|
||||||
<skip_nfs>yes</skip_nfs>
|
|
||||||
</rootcheck>
|
|
||||||
|
|
||||||
<wodle name="cis-cat">
|
|
||||||
<disabled>yes</disabled>
|
|
||||||
<timeout>1800</timeout>
|
|
||||||
<interval>1d</interval>
|
|
||||||
<scan-on-start>yes</scan-on-start>
|
|
||||||
|
|
||||||
<java_path>wodles/java</java_path>
|
|
||||||
<ciscat_path>wodles/ciscat</ciscat_path>
|
|
||||||
</wodle>
|
|
||||||
|
|
||||||
<!-- Osquery integration -->
|
|
||||||
<wodle name="osquery">
|
|
||||||
<disabled>yes</disabled>
|
|
||||||
<run_daemon>yes</run_daemon>
|
|
||||||
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
|
|
||||||
<config_path>/etc/osquery/osquery.conf</config_path>
|
|
||||||
<add_labels>yes</add_labels>
|
|
||||||
</wodle>
|
|
||||||
|
|
||||||
<!-- System inventory -->
|
|
||||||
<wodle name="syscollector">
|
|
||||||
<disabled>no</disabled>
|
|
||||||
<interval>1h</interval>
|
|
||||||
<scan_on_start>yes</scan_on_start>
|
|
||||||
<hardware>yes</hardware>
|
|
||||||
<os>yes</os>
|
|
||||||
<network>yes</network>
|
|
||||||
<packages>yes</packages>
|
|
||||||
<ports all="no">yes</ports>
|
|
||||||
<processes>yes</processes>
|
|
||||||
|
|
||||||
<!-- Database synchronization settings -->
|
|
||||||
<synchronization>
|
|
||||||
<max_eps>10</max_eps>
|
|
||||||
</synchronization>
|
|
||||||
</wodle>
|
|
||||||
|
|
||||||
<sca>
|
|
||||||
<enabled>yes</enabled>
|
|
||||||
<scan_on_start>yes</scan_on_start>
|
|
||||||
<interval>12h</interval>
|
|
||||||
<skip_nfs>yes</skip_nfs>
|
|
||||||
</sca>
|
|
||||||
|
|
||||||
<vulnerability-detection>
|
|
||||||
<enabled>yes</enabled>
|
|
||||||
<index-status>yes</index-status>
|
|
||||||
<feed-update-interval>60m</feed-update-interval>
|
|
||||||
</vulnerability-detection>
|
|
||||||
|
|
||||||
<indexer>
|
|
||||||
<enabled>yes</enabled>
|
|
||||||
<hosts>
|
|
||||||
<host>https://wazuh.indexer:9200</host>
|
|
||||||
</hosts>
|
|
||||||
<ssl>
|
|
||||||
<certificate_authorities>
|
|
||||||
<ca>/etc/ssl/root-ca.pem</ca>
|
|
||||||
</certificate_authorities>
|
|
||||||
<certificate>/etc/ssl/filebeat.pem</certificate>
|
|
||||||
<key>/etc/ssl/filebeat.key</key>
|
|
||||||
</ssl>
|
|
||||||
</indexer>
|
|
||||||
|
|
||||||
<!-- File integrity monitoring -->
|
|
||||||
<syscheck>
|
|
||||||
<disabled>no</disabled>
|
|
||||||
|
|
||||||
<!-- Frequency that syscheck is executed default every 12 hours -->
|
|
||||||
<frequency>43200</frequency>
|
|
||||||
|
|
||||||
<scan_on_start>yes</scan_on_start>
|
|
||||||
|
|
||||||
<!-- Generate alert when new file detected -->
|
|
||||||
<alert_new_files>yes</alert_new_files>
|
|
||||||
|
|
||||||
<!-- Don't ignore files that change more than 'frequency' times -->
|
|
||||||
<auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
|
|
||||||
|
|
||||||
<!-- Directories to check (perform all possible verifications) -->
|
|
||||||
<directories>/etc,/usr/bin,/usr/sbin</directories>
|
|
||||||
<directories>/bin,/sbin,/boot</directories>
|
|
||||||
|
|
||||||
<!-- Files/directories to ignore -->
|
|
||||||
<ignore>/etc/mtab</ignore>
|
|
||||||
<ignore>/etc/hosts.deny</ignore>
|
|
||||||
<ignore>/etc/mail/statistics</ignore>
|
|
||||||
<ignore>/etc/random-seed</ignore>
|
|
||||||
<ignore>/etc/random.seed</ignore>
|
|
||||||
<ignore>/etc/adjtime</ignore>
|
|
||||||
<ignore>/etc/httpd/logs</ignore>
|
|
||||||
<ignore>/etc/utmpx</ignore>
|
|
||||||
<ignore>/etc/wtmpx</ignore>
|
|
||||||
<ignore>/etc/cups/certs</ignore>
|
|
||||||
<ignore>/etc/dumpdates</ignore>
|
|
||||||
<ignore>/etc/svc/volatile</ignore>
|
|
||||||
|
|
||||||
<!-- File types to ignore -->
|
|
||||||
<ignore type="sregex">.log$|.swp$</ignore>
|
|
||||||
|
|
||||||
<!-- Check the file, but never compute the diff -->
|
|
||||||
<nodiff>/etc/ssl/private.key</nodiff>
|
|
||||||
|
|
||||||
<skip_nfs>yes</skip_nfs>
|
|
||||||
<skip_dev>yes</skip_dev>
|
|
||||||
<skip_proc>yes</skip_proc>
|
|
||||||
<skip_sys>yes</skip_sys>
|
|
||||||
|
|
||||||
<!-- Nice value for Syscheck process -->
|
|
||||||
<process_priority>10</process_priority>
|
|
||||||
|
|
||||||
<!-- Maximum output throughput -->
|
|
||||||
<max_eps>100</max_eps>
|
|
||||||
|
|
||||||
<!-- Database synchronization settings -->
|
|
||||||
<synchronization>
|
|
||||||
<enabled>yes</enabled>
|
|
||||||
<interval>5m</interval>
|
|
||||||
<max_interval>1h</max_interval>
|
|
||||||
<max_eps>10</max_eps>
|
|
||||||
</synchronization>
|
|
||||||
</syscheck>
|
|
||||||
|
|
||||||
<!-- Active response -->
|
|
||||||
<global>
|
|
||||||
<white_list>127.0.0.1</white_list>
|
|
||||||
<white_list>^localhost.localdomain$</white_list>
|
|
||||||
</global>
|
|
||||||
|
|
||||||
<command>
|
|
||||||
<name>disable-account</name>
|
|
||||||
<executable>disable-account</executable>
|
|
||||||
<timeout_allowed>yes</timeout_allowed>
|
|
||||||
</command>
|
|
||||||
|
|
||||||
<command>
|
|
||||||
<name>restart-wazuh</name>
|
|
||||||
<executable>restart-wazuh</executable>
|
|
||||||
</command>
|
|
||||||
|
|
||||||
<command>
|
|
||||||
<name>firewall-drop</name>
|
|
||||||
<executable>firewall-drop</executable>
|
|
||||||
<timeout_allowed>yes</timeout_allowed>
|
|
||||||
</command>
|
|
||||||
|
|
||||||
<command>
|
|
||||||
<name>host-deny</name>
|
|
||||||
<executable>host-deny</executable>
|
|
||||||
<timeout_allowed>yes</timeout_allowed>
|
|
||||||
</command>
|
|
||||||
|
|
||||||
<command>
|
|
||||||
<name>route-null</name>
|
|
||||||
<executable>route-null</executable>
|
|
||||||
<timeout_allowed>yes</timeout_allowed>
|
|
||||||
</command>
|
|
||||||
|
|
||||||
<command>
|
|
||||||
<name>win_route-null</name>
|
|
||||||
<executable>route-null.exe</executable>
|
|
||||||
<timeout_allowed>yes</timeout_allowed>
|
|
||||||
</command>
|
|
||||||
|
|
||||||
<command>
|
|
||||||
<name>netsh</name>
|
|
||||||
<executable>netsh.exe</executable>
|
|
||||||
<timeout_allowed>yes</timeout_allowed>
|
|
||||||
</command>
|
|
||||||
|
|
||||||
<!--
|
|
||||||
<active-response>
|
|
||||||
active-response options here
|
|
||||||
</active-response>
|
|
||||||
-->
|
|
||||||
|
|
||||||
<!-- Log analysis -->
|
|
||||||
<localfile>
|
|
||||||
<log_format>command</log_format>
|
|
||||||
<command>df -P</command>
|
|
||||||
<frequency>360</frequency>
|
|
||||||
</localfile>
|
|
||||||
|
|
||||||
<localfile>
|
|
||||||
<log_format>full_command</log_format>
|
|
||||||
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
|
|
||||||
<alias>netstat listening ports</alias>
|
|
||||||
<frequency>360</frequency>
|
|
||||||
</localfile>
|
|
||||||
|
|
||||||
<localfile>
|
|
||||||
<log_format>full_command</log_format>
|
|
||||||
<command>last -n 20</command>
|
|
||||||
<frequency>360</frequency>
|
|
||||||
</localfile>
|
|
||||||
|
|
||||||
<ruleset>
|
|
||||||
<!-- Default ruleset -->
|
|
||||||
<decoder_dir>ruleset/decoders</decoder_dir>
|
|
||||||
<rule_dir>ruleset/rules</rule_dir>
|
|
||||||
<rule_exclude>0215-policy_rules.xml</rule_exclude>
|
|
||||||
<list>etc/lists/audit-keys</list>
|
|
||||||
<list>etc/lists/amazon/aws-eventnames</list>
|
|
||||||
<list>etc/lists/security-eventchannel</list>
|
|
||||||
<list>etc/lists/malicious-ioc/malicious-ip</list>
|
|
||||||
<list>etc/lists/malicious-ioc/malicious-domains</list>
|
|
||||||
<list>etc/lists/malicious-ioc/malware-hashes</list>
|
|
||||||
|
|
||||||
<!-- User-defined ruleset -->
|
|
||||||
<decoder_dir>etc/decoders</decoder_dir>
|
|
||||||
<rule_dir>etc/rules</rule_dir>
|
|
||||||
</ruleset>
|
|
||||||
|
|
||||||
<rule_test>
|
|
||||||
<enabled>yes</enabled>
|
|
||||||
<threads>1</threads>
|
|
||||||
<max_sessions>64</max_sessions>
|
|
||||||
<session_timeout>15m</session_timeout>
|
|
||||||
</rule_test>
|
|
||||||
|
|
||||||
<!-- Configuration for wazuh-authd -->
|
|
||||||
<auth>
|
|
||||||
<disabled>no</disabled>
|
|
||||||
<port>1515</port>
|
|
||||||
<use_source_ip>no</use_source_ip>
|
|
||||||
<purge>yes</purge>
|
|
||||||
<use_password>no</use_password>
|
|
||||||
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
|
|
||||||
<!-- <ssl_agent_ca></ssl_agent_ca> -->
|
|
||||||
<ssl_verify_host>no</ssl_verify_host>
|
|
||||||
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
|
|
||||||
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
|
|
||||||
<ssl_auto_negotiate>no</ssl_auto_negotiate>
|
|
||||||
</auth>
|
|
||||||
|
|
||||||
<cluster>
|
|
||||||
<name>wazuh</name>
|
|
||||||
<node_name>node01</node_name>
|
|
||||||
<node_type>master</node_type>
|
|
||||||
<key>aa093264ef885029653eea20dfcf51ae</key>
|
|
||||||
<port>1516</port>
|
|
||||||
<bind_addr>0.0.0.0</bind_addr>
|
|
||||||
<nodes>
|
|
||||||
<node>wazuh.manager</node>
|
|
||||||
</nodes>
|
|
||||||
<hidden>no</hidden>
|
|
||||||
<disabled>yes</disabled>
|
|
||||||
</cluster>
|
|
||||||
|
|
||||||
</ossec_config>
|
|
||||||
|
|
||||||
<ossec_config>
|
|
||||||
<localfile>
|
|
||||||
<log_format>syslog</log_format>
|
|
||||||
<location>/var/ossec/logs/active-responses.log</location>
|
|
||||||
</localfile>
|
|
||||||
|
|
||||||
</ossec_config>
|
|
||||||
@@ -1,43 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/defaults.yaml
|
|
||||||
Log:
|
|
||||||
Level: 'debug'
|
|
||||||
|
|
||||||
# Make ZITADEL accessible over HTTPs, not HTTP
|
|
||||||
ExternalSecure: true
|
|
||||||
ExternalDomain: 'id.trez.wtf'
|
|
||||||
ExternalPort: 443
|
|
||||||
|
|
||||||
# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
|
|
||||||
Database:
|
|
||||||
postgres:
|
|
||||||
Host: 'zitadel-pg-db'
|
|
||||||
Port: 5432
|
|
||||||
Database: zitadel
|
|
||||||
User:
|
|
||||||
SSL:
|
|
||||||
Mode: 'disable'
|
|
||||||
Admin:
|
|
||||||
SSL:
|
|
||||||
Mode: 'disable'
|
|
||||||
|
|
||||||
DefaultInstance:
|
|
||||||
DomainPolicy:
|
|
||||||
UserLoginMustBeDomain: false
|
|
||||||
|
|
||||||
LogStore:
|
|
||||||
Access:
|
|
||||||
Stdout:
|
|
||||||
Enabled: true
|
|
||||||
|
|
||||||
SMTPConfiguration:
|
|
||||||
# Configuration of the host
|
|
||||||
SMTP:
|
|
||||||
# must include the port, like smtp.mailtrap.io:2525. IPv6 is also supported, like [2001:db8::1]:2525
|
|
||||||
Host: 'postal-smtp:25'
|
|
||||||
User: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_USER'] }}
|
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['POSTAL_SMTP_AUTH_PASSWORD'] }}
|
|
||||||
From: 'noreply@trez.wtf'
|
|
||||||
FromName: 'Zitadel @ Rinoa'
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# All possible options and their defaults: https://github.com/zitadel/zitadel/blob/main/cmd/setup/steps.yaml
|
|
||||||
FirstInstance:
|
|
||||||
Org:
|
|
||||||
Human:
|
|
||||||
# use the loginname root@my-org.my.domain
|
|
||||||
Username: 'root'
|
|
||||||
Password: 'RootPassword1!'
|
|
||||||
Email:
|
|
||||||
Address: 'charish.patel@trez.wtf'
|
|
||||||
Verified: true
|
|
||||||
@@ -1,13 +0,0 @@
|
|||||||
{% set vault_addr = 'https://vault.trez.wtf' %}
|
|
||||||
{% set secrets_path = 'rinoa-docker/env' %}
|
|
||||||
|
|
||||||
# If not using the docker compose example, adjust these values for connecting ZITADEL to your PostgreSQL
|
|
||||||
Database:
|
|
||||||
postgres:
|
|
||||||
User:
|
|
||||||
# If the user doesn't exist already, it is created
|
|
||||||
Username: 'zitadel'
|
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_PASSWORD'] }}
|
|
||||||
Admin:
|
|
||||||
Username: 'root'
|
|
||||||
Password: {{ lookup('community.hashi_vault.vault_kv2_get', 'env', engine_mount_point='rinoa-docker', url=vault_addr, token=vault_token_cleaned)['secret']['ZITADEL_DB_ADMIN_PASSWORD'] }}
|
|
||||||
+1
-169
@@ -5904,146 +5904,6 @@ services:
|
|||||||
source: /var/run/docker.sock
|
source: /var/run/docker.sock
|
||||||
target: /var/run/docker.sock
|
target: /var/run/docker.sock
|
||||||
type: bind
|
type: bind
|
||||||
# wazuh-certs-generator:
|
|
||||||
# container_name: wazuh-certs-generator
|
|
||||||
# environment:
|
|
||||||
# HTTP_PROXY: wazuh.trez.wtf
|
|
||||||
# image: wazuh/wazuh-certs-generator:0.0.2
|
|
||||||
# hostname: wazuh-certs-generator
|
|
||||||
# volumes:
|
|
||||||
# - ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/:/certificates/
|
|
||||||
# - ${DOCKER_VOLUME_CONFIG}/wazuh/certs.yml:/config/certs.yml
|
|
||||||
# wazuh-agent:
|
|
||||||
# container_name: wazuh.agent
|
|
||||||
# environment:
|
|
||||||
# JOIN_MANAGER_PROTOCOL: https
|
|
||||||
# JOIN_MANAGER_MASTER_HOST: wazuh.manager
|
|
||||||
# JOIN_MANAGER_WORKER_HOST: wazuh.manager
|
|
||||||
# JOIN_MANAGER_USER: wazuh-wui
|
|
||||||
# JOIN_MANAGER_PASSWORD: ${WAZUH_API_PASSWORD}
|
|
||||||
# JOIN_MANAGER_API_PORT: 55000
|
|
||||||
# JOIN_MANAGER_PORT: 1514
|
|
||||||
# VIRUS_TOTAL_KEY: ${VIRUS_TOTAL_API_KEY}
|
|
||||||
# DOCKER_HOST: tcp://dockerproxy:2375
|
|
||||||
# hostname: wazuh.agent
|
|
||||||
# image: kennyopennix/wazuh-agent:4.11.1
|
|
||||||
# networks:
|
|
||||||
# default: null
|
|
||||||
# restart: unless-stopped
|
|
||||||
wazuh-dashboard:
|
|
||||||
container_name: wazuh-dashboard
|
|
||||||
depends_on:
|
|
||||||
wazuh-indexer:
|
|
||||||
condition: service_started
|
|
||||||
required: true
|
|
||||||
wazuh-manager:
|
|
||||||
condition: service_started
|
|
||||||
required: true
|
|
||||||
restart: true
|
|
||||||
environment:
|
|
||||||
INDEXER_USERNAME: admin
|
|
||||||
INDEXER_PASSWORD: ${WAZUH_INDEXER_PASSWORD}
|
|
||||||
WAZUH_API_URL: https://wazuh-manager
|
|
||||||
DASHBOARD_USERNAME: kibanaserver
|
|
||||||
DASHBOARD_PASSWORD: ${WAZUH_KIBANA_PASSWORD}
|
|
||||||
API_USERNAME: wazuh-wui
|
|
||||||
API_PASSWORD: ${WAZUH_API_PASSWORD}
|
|
||||||
hostname: wazuh-dashboard
|
|
||||||
image: wazuh/wazuh-dashboard:4.12.0
|
|
||||||
labels:
|
|
||||||
swag: enable
|
|
||||||
swag_proto: https
|
|
||||||
swag_port: 5601
|
|
||||||
swag_url: wsec.${MY_TLD}
|
|
||||||
swag.uptime-kuma.enabled: true
|
|
||||||
swag.uptime-kuma.monitor.url: https://wazuh.${MY_TLD}
|
|
||||||
homepage.group: Privacy/Security
|
|
||||||
homepage.name: Wazuh
|
|
||||||
homepage.href: https://wazuh.${MY_TLD}
|
|
||||||
homepage.icon: wazuh.svg
|
|
||||||
homepage.description: OSS Security Platform for XDR/SIEM
|
|
||||||
links:
|
|
||||||
- wazuh-indexer:wazuh-indexer
|
|
||||||
- wazuh-manager:wazuh-manager
|
|
||||||
ports:
|
|
||||||
- 5601:5601/tcp
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
|
|
||||||
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
|
|
||||||
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
|
|
||||||
wazuh-indexer:
|
|
||||||
container_name: wazuh-indexer
|
|
||||||
environment:
|
|
||||||
OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m
|
|
||||||
hostname: wazuh-indexer
|
|
||||||
image: wazuh/wazuh-indexer:4.12.0
|
|
||||||
ports:
|
|
||||||
- 19186:9200/tcp
|
|
||||||
restart: always
|
|
||||||
ulimits:
|
|
||||||
memlock:
|
|
||||||
hard: -1
|
|
||||||
soft: -1
|
|
||||||
nofile:
|
|
||||||
hard: 65536
|
|
||||||
soft: 65536
|
|
||||||
volumes:
|
|
||||||
- wazuh-indexer-data:/var/lib/wazuh-indexer
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
|
||||||
wazuh-manager:
|
|
||||||
container_name: wazuh-manager
|
|
||||||
environment:
|
|
||||||
INDEXER_URL: https://wazuh-indexer:9200
|
|
||||||
INDEXER_USERNAME: admin
|
|
||||||
INDEXER_PASSWORD: ${WAZUH_INDEXER_PASSWORD}
|
|
||||||
FILEBEAT_SSL_VERIFICATION_MODE: full
|
|
||||||
SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
|
|
||||||
SSL_CERTIFICATE: /etc/ssl/filebeat.pem
|
|
||||||
SSL_KEY: /etc/ssl/filebeat.key
|
|
||||||
API_USERNAME: wazuh-wui
|
|
||||||
API_PASSWORD: ${WAZUH_API_PASSWORD}
|
|
||||||
hostname: wazuh-manager
|
|
||||||
image: wazuh/wazuh-manager:4.12.0
|
|
||||||
ports:
|
|
||||||
- 1514:1514/tcp
|
|
||||||
- 1515:1515/tcp
|
|
||||||
- 514:514/udp
|
|
||||||
- 55000:55000/tcp
|
|
||||||
restart: always
|
|
||||||
ulimits:
|
|
||||||
memlock:
|
|
||||||
hard: -1
|
|
||||||
soft: -1
|
|
||||||
nofile:
|
|
||||||
hard: 655360
|
|
||||||
soft: 655360
|
|
||||||
volumes:
|
|
||||||
- wazuh_api_configuration:/var/ossec/api/configuration
|
|
||||||
- wazuh_etc:/var/ossec/etc
|
|
||||||
- wazuh_logs:/var/ossec/logs
|
|
||||||
- wazuh_queue:/var/ossec/queue
|
|
||||||
- wazuh_var_multigroups:/var/ossec/var/multigroups
|
|
||||||
- wazuh_integrations:/var/ossec/integrations
|
|
||||||
- wazuh_active_response:/var/ossec/active-response/bin
|
|
||||||
- wazuh_agentless:/var/ossec/agentless
|
|
||||||
- wazuh_wodles:/var/ossec/wodles
|
|
||||||
- wazuh_filebeat_etc:/etc/filebeat
|
|
||||||
- wazuh_filebeat_var:/var/lib/filebeat
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
|
|
||||||
- ${DOCKER_VOLUME_CONFIG}/wazuh/manager/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
|
||||||
web-check:
|
web-check:
|
||||||
container_name: web-check
|
container_name: web-check
|
||||||
image: lissy93/web-check
|
image: lissy93/web-check
|
||||||
@@ -6454,32 +6314,4 @@ volumes:
|
|||||||
wallos-db:
|
wallos-db:
|
||||||
name: wallos-db
|
name: wallos-db
|
||||||
wallos-logos:
|
wallos-logos:
|
||||||
name: wallos-logos
|
name: wallos-logos
|
||||||
wazuh-dashboard-config:
|
|
||||||
name: wazuh-dashboard-config
|
|
||||||
wazuh-dashboard-custom:
|
|
||||||
name: wazuh-dashboard-custom
|
|
||||||
wazuh-indexer-data:
|
|
||||||
name: wazuh-indexer-data
|
|
||||||
wazuh_active_response:
|
|
||||||
name: wazuh_active_response
|
|
||||||
wazuh_filebeat_etc:
|
|
||||||
name: wazuh_filebeat_etc
|
|
||||||
wazuh_filebeat_var:
|
|
||||||
name: wazuh_filebeat_var
|
|
||||||
wazuh_agentless:
|
|
||||||
name: wazuh_agentless
|
|
||||||
wazuh_api_configuration:
|
|
||||||
name: wazuh_api_configuration
|
|
||||||
wazuh_etc:
|
|
||||||
name: wazuh_etc
|
|
||||||
wazuh_integrations:
|
|
||||||
name: wazuh_integrations
|
|
||||||
wazuh_logs:
|
|
||||||
name: wazuh_logs
|
|
||||||
wazuh_queue:
|
|
||||||
name: wazuh_queue
|
|
||||||
wazuh_var_multigroups:
|
|
||||||
name: wazuh_var_multigroups
|
|
||||||
wazuh_wodles:
|
|
||||||
name: wazuh_wodles
|
|
||||||
Reference in New Issue
Block a user