Wazuh redeployment (v4.12.0).
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 5m22s
Gitea Branch PR & Ansible Deployment / Ansible Dry Run (push) Successful in 16m9s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Failing after 1m15s
Gitea Branch PR & Ansible Deployment / Ansible Config Deployment (push) Has been skipped
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Successful in 48s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Generate list of added/modified/deleted services (push) Successful in 2m13s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Dry Run (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README & Generate List of Modified Services (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Deployment (push) Has been cancelled
Gitea Branch PR & Ansible Deployment / Check and Create PR (push) Successful in 5m22s
Gitea Branch PR & Ansible Deployment / Ansible Dry Run (push) Successful in 16m9s
Gitea Branch PR & Ansible Deployment / PR Merge (push) Failing after 1m15s
Gitea Branch PR & Ansible Deployment / Ansible Config Deployment (push) Has been skipped
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Check and Create PR (push) Successful in 48s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Generate list of added/modified/deleted services (push) Successful in 2m13s
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Cloudflare DNS Setup (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Dry Run (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Update README & Generate List of Modified Services (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / PR Merge (push) Has been cancelled
Gitea Branch PR, Cloudflare DNS, README generation, & Docker Deployment / Docker Compose Deployment (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,12 @@
|
|||||||
|
server.host: 0.0.0.0
|
||||||
|
server.port: 5601
|
||||||
|
opensearch.hosts: https://wazuh.indexer:9200
|
||||||
|
opensearch.ssl.verificationMode: certificate
|
||||||
|
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
|
||||||
|
opensearch_security.multitenancy.enabled: false
|
||||||
|
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
|
||||||
|
server.ssl.enabled: true
|
||||||
|
server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
|
||||||
|
server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem"
|
||||||
|
opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
|
||||||
|
uiSettings.overrides.defaultRoute: /app/wz-home
|
||||||
@@ -0,0 +1,311 @@
|
|||||||
|
<ossec_config>
|
||||||
|
<global>
|
||||||
|
<jsonout_output>yes</jsonout_output>
|
||||||
|
<alerts_log>yes</alerts_log>
|
||||||
|
<logall>no</logall>
|
||||||
|
<logall_json>no</logall_json>
|
||||||
|
<email_notification>no</email_notification>
|
||||||
|
<smtp_server>smtp.example.wazuh.com</smtp_server>
|
||||||
|
<email_from>wazuh@example.wazuh.com</email_from>
|
||||||
|
<email_to>recipient@example.wazuh.com</email_to>
|
||||||
|
<email_maxperhour>12</email_maxperhour>
|
||||||
|
<email_log_source>alerts.log</email_log_source>
|
||||||
|
<agents_disconnection_time>10m</agents_disconnection_time>
|
||||||
|
<agents_disconnection_alert_time>0</agents_disconnection_alert_time>
|
||||||
|
</global>
|
||||||
|
|
||||||
|
<alerts>
|
||||||
|
<log_alert_level>3</log_alert_level>
|
||||||
|
<email_alert_level>12</email_alert_level>
|
||||||
|
</alerts>
|
||||||
|
|
||||||
|
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
|
||||||
|
<logging>
|
||||||
|
<log_format>plain</log_format>
|
||||||
|
</logging>
|
||||||
|
|
||||||
|
<remote>
|
||||||
|
<connection>secure</connection>
|
||||||
|
<port>1514</port>
|
||||||
|
<protocol>tcp</protocol>
|
||||||
|
<queue_size>131072</queue_size>
|
||||||
|
</remote>
|
||||||
|
|
||||||
|
<!-- Policy monitoring -->
|
||||||
|
<rootcheck>
|
||||||
|
<disabled>no</disabled>
|
||||||
|
<check_files>yes</check_files>
|
||||||
|
<check_trojans>yes</check_trojans>
|
||||||
|
<check_dev>yes</check_dev>
|
||||||
|
<check_sys>yes</check_sys>
|
||||||
|
<check_pids>yes</check_pids>
|
||||||
|
<check_ports>yes</check_ports>
|
||||||
|
<check_if>yes</check_if>
|
||||||
|
|
||||||
|
<!-- Frequency that rootcheck is executed - every 12 hours -->
|
||||||
|
<frequency>43200</frequency>
|
||||||
|
|
||||||
|
<rootkit_files>etc/rootcheck/rootkit_files.txt</rootkit_files>
|
||||||
|
<rootkit_trojans>etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
|
||||||
|
|
||||||
|
<skip_nfs>yes</skip_nfs>
|
||||||
|
</rootcheck>
|
||||||
|
|
||||||
|
<wodle name="cis-cat">
|
||||||
|
<disabled>yes</disabled>
|
||||||
|
<timeout>1800</timeout>
|
||||||
|
<interval>1d</interval>
|
||||||
|
<scan-on-start>yes</scan-on-start>
|
||||||
|
|
||||||
|
<java_path>wodles/java</java_path>
|
||||||
|
<ciscat_path>wodles/ciscat</ciscat_path>
|
||||||
|
</wodle>
|
||||||
|
|
||||||
|
<!-- Osquery integration -->
|
||||||
|
<wodle name="osquery">
|
||||||
|
<disabled>yes</disabled>
|
||||||
|
<run_daemon>yes</run_daemon>
|
||||||
|
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
|
||||||
|
<config_path>/etc/osquery/osquery.conf</config_path>
|
||||||
|
<add_labels>yes</add_labels>
|
||||||
|
</wodle>
|
||||||
|
|
||||||
|
<!-- System inventory -->
|
||||||
|
<wodle name="syscollector">
|
||||||
|
<disabled>no</disabled>
|
||||||
|
<interval>1h</interval>
|
||||||
|
<scan_on_start>yes</scan_on_start>
|
||||||
|
<hardware>yes</hardware>
|
||||||
|
<os>yes</os>
|
||||||
|
<network>yes</network>
|
||||||
|
<packages>yes</packages>
|
||||||
|
<ports all="no">yes</ports>
|
||||||
|
<processes>yes</processes>
|
||||||
|
|
||||||
|
<!-- Database synchronization settings -->
|
||||||
|
<synchronization>
|
||||||
|
<max_eps>10</max_eps>
|
||||||
|
</synchronization>
|
||||||
|
</wodle>
|
||||||
|
|
||||||
|
<sca>
|
||||||
|
<enabled>yes</enabled>
|
||||||
|
<scan_on_start>yes</scan_on_start>
|
||||||
|
<interval>12h</interval>
|
||||||
|
<skip_nfs>yes</skip_nfs>
|
||||||
|
</sca>
|
||||||
|
|
||||||
|
<vulnerability-detection>
|
||||||
|
<enabled>yes</enabled>
|
||||||
|
<index-status>yes</index-status>
|
||||||
|
<feed-update-interval>60m</feed-update-interval>
|
||||||
|
</vulnerability-detection>
|
||||||
|
|
||||||
|
<indexer>
|
||||||
|
<enabled>yes</enabled>
|
||||||
|
<hosts>
|
||||||
|
<host>https://wazuh.indexer:9200</host>
|
||||||
|
</hosts>
|
||||||
|
<ssl>
|
||||||
|
<certificate_authorities>
|
||||||
|
<ca>/etc/ssl/root-ca.pem</ca>
|
||||||
|
</certificate_authorities>
|
||||||
|
<certificate>/etc/ssl/filebeat.pem</certificate>
|
||||||
|
<key>/etc/ssl/filebeat.key</key>
|
||||||
|
</ssl>
|
||||||
|
</indexer>
|
||||||
|
|
||||||
|
<!-- File integrity monitoring -->
|
||||||
|
<syscheck>
|
||||||
|
<disabled>no</disabled>
|
||||||
|
|
||||||
|
<!-- Frequency that syscheck is executed default every 12 hours -->
|
||||||
|
<frequency>43200</frequency>
|
||||||
|
|
||||||
|
<scan_on_start>yes</scan_on_start>
|
||||||
|
|
||||||
|
<!-- Generate alert when new file detected -->
|
||||||
|
<alert_new_files>yes</alert_new_files>
|
||||||
|
|
||||||
|
<!-- Don't ignore files that change more than 'frequency' times -->
|
||||||
|
<auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
|
||||||
|
|
||||||
|
<!-- Directories to check (perform all possible verifications) -->
|
||||||
|
<directories>/etc,/usr/bin,/usr/sbin</directories>
|
||||||
|
<directories>/bin,/sbin,/boot</directories>
|
||||||
|
|
||||||
|
<!-- Files/directories to ignore -->
|
||||||
|
<ignore>/etc/mtab</ignore>
|
||||||
|
<ignore>/etc/hosts.deny</ignore>
|
||||||
|
<ignore>/etc/mail/statistics</ignore>
|
||||||
|
<ignore>/etc/random-seed</ignore>
|
||||||
|
<ignore>/etc/random.seed</ignore>
|
||||||
|
<ignore>/etc/adjtime</ignore>
|
||||||
|
<ignore>/etc/httpd/logs</ignore>
|
||||||
|
<ignore>/etc/utmpx</ignore>
|
||||||
|
<ignore>/etc/wtmpx</ignore>
|
||||||
|
<ignore>/etc/cups/certs</ignore>
|
||||||
|
<ignore>/etc/dumpdates</ignore>
|
||||||
|
<ignore>/etc/svc/volatile</ignore>
|
||||||
|
|
||||||
|
<!-- File types to ignore -->
|
||||||
|
<ignore type="sregex">.log$|.swp$</ignore>
|
||||||
|
|
||||||
|
<!-- Check the file, but never compute the diff -->
|
||||||
|
<nodiff>/etc/ssl/private.key</nodiff>
|
||||||
|
|
||||||
|
<skip_nfs>yes</skip_nfs>
|
||||||
|
<skip_dev>yes</skip_dev>
|
||||||
|
<skip_proc>yes</skip_proc>
|
||||||
|
<skip_sys>yes</skip_sys>
|
||||||
|
|
||||||
|
<!-- Nice value for Syscheck process -->
|
||||||
|
<process_priority>10</process_priority>
|
||||||
|
|
||||||
|
<!-- Maximum output throughput -->
|
||||||
|
<max_eps>100</max_eps>
|
||||||
|
|
||||||
|
<!-- Database synchronization settings -->
|
||||||
|
<synchronization>
|
||||||
|
<enabled>yes</enabled>
|
||||||
|
<interval>5m</interval>
|
||||||
|
<max_interval>1h</max_interval>
|
||||||
|
<max_eps>10</max_eps>
|
||||||
|
</synchronization>
|
||||||
|
</syscheck>
|
||||||
|
|
||||||
|
<!-- Active response -->
|
||||||
|
<global>
|
||||||
|
<white_list>127.0.0.1</white_list>
|
||||||
|
<white_list>^localhost.localdomain$</white_list>
|
||||||
|
</global>
|
||||||
|
|
||||||
|
<command>
|
||||||
|
<name>disable-account</name>
|
||||||
|
<executable>disable-account</executable>
|
||||||
|
<timeout_allowed>yes</timeout_allowed>
|
||||||
|
</command>
|
||||||
|
|
||||||
|
<command>
|
||||||
|
<name>restart-wazuh</name>
|
||||||
|
<executable>restart-wazuh</executable>
|
||||||
|
</command>
|
||||||
|
|
||||||
|
<command>
|
||||||
|
<name>firewall-drop</name>
|
||||||
|
<executable>firewall-drop</executable>
|
||||||
|
<timeout_allowed>yes</timeout_allowed>
|
||||||
|
</command>
|
||||||
|
|
||||||
|
<command>
|
||||||
|
<name>host-deny</name>
|
||||||
|
<executable>host-deny</executable>
|
||||||
|
<timeout_allowed>yes</timeout_allowed>
|
||||||
|
</command>
|
||||||
|
|
||||||
|
<command>
|
||||||
|
<name>route-null</name>
|
||||||
|
<executable>route-null</executable>
|
||||||
|
<timeout_allowed>yes</timeout_allowed>
|
||||||
|
</command>
|
||||||
|
|
||||||
|
<command>
|
||||||
|
<name>win_route-null</name>
|
||||||
|
<executable>route-null.exe</executable>
|
||||||
|
<timeout_allowed>yes</timeout_allowed>
|
||||||
|
</command>
|
||||||
|
|
||||||
|
<command>
|
||||||
|
<name>netsh</name>
|
||||||
|
<executable>netsh.exe</executable>
|
||||||
|
<timeout_allowed>yes</timeout_allowed>
|
||||||
|
</command>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
<active-response>
|
||||||
|
active-response options here
|
||||||
|
</active-response>
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- Log analysis -->
|
||||||
|
<localfile>
|
||||||
|
<log_format>command</log_format>
|
||||||
|
<command>df -P</command>
|
||||||
|
<frequency>360</frequency>
|
||||||
|
</localfile>
|
||||||
|
|
||||||
|
<localfile>
|
||||||
|
<log_format>full_command</log_format>
|
||||||
|
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
|
||||||
|
<alias>netstat listening ports</alias>
|
||||||
|
<frequency>360</frequency>
|
||||||
|
</localfile>
|
||||||
|
|
||||||
|
<localfile>
|
||||||
|
<log_format>full_command</log_format>
|
||||||
|
<command>last -n 20</command>
|
||||||
|
<frequency>360</frequency>
|
||||||
|
</localfile>
|
||||||
|
|
||||||
|
<ruleset>
|
||||||
|
<!-- Default ruleset -->
|
||||||
|
<decoder_dir>ruleset/decoders</decoder_dir>
|
||||||
|
<rule_dir>ruleset/rules</rule_dir>
|
||||||
|
<rule_exclude>0215-policy_rules.xml</rule_exclude>
|
||||||
|
<list>etc/lists/audit-keys</list>
|
||||||
|
<list>etc/lists/amazon/aws-eventnames</list>
|
||||||
|
<list>etc/lists/security-eventchannel</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-ip</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malicious-domains</list>
|
||||||
|
<list>etc/lists/malicious-ioc/malware-hashes</list>
|
||||||
|
|
||||||
|
<!-- User-defined ruleset -->
|
||||||
|
<decoder_dir>etc/decoders</decoder_dir>
|
||||||
|
<rule_dir>etc/rules</rule_dir>
|
||||||
|
</ruleset>
|
||||||
|
|
||||||
|
<rule_test>
|
||||||
|
<enabled>yes</enabled>
|
||||||
|
<threads>1</threads>
|
||||||
|
<max_sessions>64</max_sessions>
|
||||||
|
<session_timeout>15m</session_timeout>
|
||||||
|
</rule_test>
|
||||||
|
|
||||||
|
<!-- Configuration for wazuh-authd -->
|
||||||
|
<auth>
|
||||||
|
<disabled>no</disabled>
|
||||||
|
<port>1515</port>
|
||||||
|
<use_source_ip>no</use_source_ip>
|
||||||
|
<purge>yes</purge>
|
||||||
|
<use_password>no</use_password>
|
||||||
|
<ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
|
||||||
|
<!-- <ssl_agent_ca></ssl_agent_ca> -->
|
||||||
|
<ssl_verify_host>no</ssl_verify_host>
|
||||||
|
<ssl_manager_cert>etc/sslmanager.cert</ssl_manager_cert>
|
||||||
|
<ssl_manager_key>etc/sslmanager.key</ssl_manager_key>
|
||||||
|
<ssl_auto_negotiate>no</ssl_auto_negotiate>
|
||||||
|
</auth>
|
||||||
|
|
||||||
|
<cluster>
|
||||||
|
<name>wazuh</name>
|
||||||
|
<node_name>node01</node_name>
|
||||||
|
<node_type>master</node_type>
|
||||||
|
<key>aa093264ef885029653eea20dfcf51ae</key>
|
||||||
|
<port>1516</port>
|
||||||
|
<bind_addr>0.0.0.0</bind_addr>
|
||||||
|
<nodes>
|
||||||
|
<node>wazuh.manager</node>
|
||||||
|
</nodes>
|
||||||
|
<hidden>no</hidden>
|
||||||
|
<disabled>yes</disabled>
|
||||||
|
</cluster>
|
||||||
|
|
||||||
|
</ossec_config>
|
||||||
|
|
||||||
|
<ossec_config>
|
||||||
|
<localfile>
|
||||||
|
<log_format>syslog</log_format>
|
||||||
|
<location>/var/ossec/logs/active-responses.log</location>
|
||||||
|
</localfile>
|
||||||
|
|
||||||
|
</ossec_config>
|
||||||
+172
-4
@@ -1231,12 +1231,12 @@ services:
|
|||||||
swag.uptime-kuma.monitor.interval: 300
|
swag.uptime-kuma.monitor.interval: 300
|
||||||
### EXAMPLE CF TUNNEL LABELS ###
|
### EXAMPLE CF TUNNEL LABELS ###
|
||||||
# Enable DockFlare management for this container
|
# Enable DockFlare management for this container
|
||||||
# - "cloudflare.tunnel.enable=true"
|
# - "cloudflare.tunnel.enable=true"
|
||||||
# The public hostname to expose
|
# The public hostname to expose
|
||||||
# - "cloudflare.tunnel.hostname=my-service.example.com"
|
# - "cloudflare.tunnel.hostname=my-service.example.com"
|
||||||
# The internal service address (protocol://container_name_or_ip:port)
|
# The internal service address (protocol://container_name_or_ip:port)
|
||||||
# Service type (http, https, tcp, ssh, rdp, http_status) is inferred from the prefix.
|
# Service type (http, https, tcp, ssh, rdp, http_status) is inferred from the prefix.
|
||||||
# - "cloudflare.tunnel.service=http://my-service:80"
|
# - "cloudflare.tunnel.service=http://my-service:80"
|
||||||
# Optional: Specify a URL path. Only requests to hostname/path will match.
|
# Optional: Specify a URL path. Only requests to hostname/path will match.
|
||||||
# - "cloudflare.tunnel.path=/app"
|
# - "cloudflare.tunnel.path=/app"
|
||||||
# Optional: Specify a different Cloudflare Zone for this hostname
|
# Optional: Specify a different Cloudflare Zone for this hostname
|
||||||
@@ -4827,7 +4827,7 @@ services:
|
|||||||
# REDIS_PASSWORD: # [Optional] Support for secured redis
|
# REDIS_PASSWORD: # [Optional] Support for secured redis
|
||||||
# [Optional] Will enable asynchronous tasks (all disabled by default)
|
# [Optional] Will enable asynchronous tasks (all disabled by default)
|
||||||
# Important: Do NOT wrap the cron expression in quotes
|
# Important: Do NOT wrap the cron expression in quotes
|
||||||
ENABLE_RESCAN_ON_FILESYSTEM_CHANGE: true # Runs a quick scan on the library when a file is added or removed
|
ENABLE_RESCAN_ON_FILESYSTEM_CHANGE: true # Runs a quick scan on the library when a file is added or removed
|
||||||
RESCAN_ON_FILESYSTEM_CHANGE_DELAY: 5 # Delay in seconds before running the quick scan (default: 5)
|
RESCAN_ON_FILESYSTEM_CHANGE_DELAY: 5 # Delay in seconds before running the quick scan (default: 5)
|
||||||
ENABLE_SCHEDULED_RESCAN: true # Runs a quick scan on the library at a given time
|
ENABLE_SCHEDULED_RESCAN: true # Runs a quick scan on the library at a given time
|
||||||
SCHEDULED_RESCAN_CRON: 0 3 * * * # Cron expression for the scheduled scan (default: 0 3 * * * At 3:00 AM every day)
|
SCHEDULED_RESCAN_CRON: 0 3 * * * # Cron expression for the scheduled scan (default: 0 3 * * * At 3:00 AM every day)
|
||||||
@@ -5904,6 +5904,146 @@ services:
|
|||||||
source: /var/run/docker.sock
|
source: /var/run/docker.sock
|
||||||
target: /var/run/docker.sock
|
target: /var/run/docker.sock
|
||||||
type: bind
|
type: bind
|
||||||
|
# wazuh-certs-generator:
|
||||||
|
# container_name: wazuh-certs-generator
|
||||||
|
# environment:
|
||||||
|
# HTTP_PROXY: wazuh.trez.wtf
|
||||||
|
# image: wazuh/wazuh-certs-generator:0.0.2
|
||||||
|
# hostname: wazuh-certs-generator
|
||||||
|
# volumes:
|
||||||
|
# - ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/:/certificates/
|
||||||
|
# - ${DOCKER_VOLUME_CONFIG}/wazuh/certs.yml:/config/certs.yml
|
||||||
|
# wazuh-agent:
|
||||||
|
# container_name: wazuh.agent
|
||||||
|
# environment:
|
||||||
|
# JOIN_MANAGER_PROTOCOL: https
|
||||||
|
# JOIN_MANAGER_MASTER_HOST: wazuh.manager
|
||||||
|
# JOIN_MANAGER_WORKER_HOST: wazuh.manager
|
||||||
|
# JOIN_MANAGER_USER: wazuh-wui
|
||||||
|
# JOIN_MANAGER_PASSWORD: ${WAZUH_API_PASSWORD}
|
||||||
|
# JOIN_MANAGER_API_PORT: 55000
|
||||||
|
# JOIN_MANAGER_PORT: 1514
|
||||||
|
# VIRUS_TOTAL_KEY: ${VIRUS_TOTAL_API_KEY}
|
||||||
|
# DOCKER_HOST: tcp://dockerproxy:2375
|
||||||
|
# hostname: wazuh.agent
|
||||||
|
# image: kennyopennix/wazuh-agent:4.11.1
|
||||||
|
# networks:
|
||||||
|
# default: null
|
||||||
|
# restart: unless-stopped
|
||||||
|
wazuh-dashboard:
|
||||||
|
container_name: wazuh-dashboard
|
||||||
|
depends_on:
|
||||||
|
wazuh-indexer:
|
||||||
|
condition: service_started
|
||||||
|
required: true
|
||||||
|
wazuh-manager:
|
||||||
|
condition: service_started
|
||||||
|
required: true
|
||||||
|
restart: true
|
||||||
|
environment:
|
||||||
|
INDEXER_USERNAME: admin
|
||||||
|
INDEXER_PASSWORD: ${WAZUH_INDEXER_PASSWORD}
|
||||||
|
WAZUH_API_URL: https://wazuh.manager
|
||||||
|
DASHBOARD_USERNAME: kibanaserver
|
||||||
|
DASHBOARD_PASSWORD: ${WAZUH_KIBANA_PASSWORD}
|
||||||
|
API_USERNAME: wazuh-wui
|
||||||
|
API_PASSWORD: ${WAZUH_API_PASSWORD}
|
||||||
|
hostname: wazuh-dashboard
|
||||||
|
image: wazuh/wazuh-dashboard:4.12.0
|
||||||
|
labels:
|
||||||
|
swag: enable
|
||||||
|
swag_proto: https
|
||||||
|
swag_port: 5601
|
||||||
|
swag_url: wsec.${MY_TLD}
|
||||||
|
swag.uptime-kuma.enabled: true
|
||||||
|
swag.uptime-kuma.monitor.url: https://wazuh.${MY_TLD}
|
||||||
|
homepage.group: Privacy/Security
|
||||||
|
homepage.name: Wazuh
|
||||||
|
homepage.href: https://wazuh.${MY_TLD}
|
||||||
|
homepage.icon: wazuh.svg
|
||||||
|
homepage.description: OSS Security Platform for XDR/SIEM
|
||||||
|
links:
|
||||||
|
- wazuh-indexer:wazuh-indexer
|
||||||
|
- wazuh-manager:wazuh-manager
|
||||||
|
ports:
|
||||||
|
- 5601:5601/tcp
|
||||||
|
restart: always
|
||||||
|
volumes:
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
|
||||||
|
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
|
||||||
|
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
|
||||||
|
wazuh-indexer:
|
||||||
|
container_name: wazuh-indexer
|
||||||
|
environment:
|
||||||
|
OPENSEARCH_JAVA_OPTS: -Xms512m -Xmx512m
|
||||||
|
hostname: wazuh-indexer
|
||||||
|
image: wazuh/wazuh-indexer:4.12.0
|
||||||
|
ports:
|
||||||
|
- 19186:9200/tcp
|
||||||
|
restart: always
|
||||||
|
ulimits:
|
||||||
|
memlock:
|
||||||
|
hard: -1
|
||||||
|
soft: -1
|
||||||
|
nofile:
|
||||||
|
hard: 65536
|
||||||
|
soft: 65536
|
||||||
|
volumes:
|
||||||
|
- wazuh-indexer-data:/var/lib/wazuh-indexer
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
|
||||||
|
wazuh-manager:
|
||||||
|
container_name: wazuh-manager
|
||||||
|
environment:
|
||||||
|
INDEXER_URL: https://wazuh.indexer:9200
|
||||||
|
INDEXER_USERNAME: admin
|
||||||
|
INDEXER_PASSWORD: ${WAZUH_INDEXER_PASSWORD}
|
||||||
|
FILEBEAT_SSL_VERIFICATION_MODE: full
|
||||||
|
SSL_CERTIFICATE_AUTHORITIES: /etc/ssl/root-ca.pem
|
||||||
|
SSL_CERTIFICATE: /etc/ssl/filebeat.pem
|
||||||
|
SSL_KEY: /etc/ssl/filebeat.key
|
||||||
|
API_USERNAME: wazuh-wui
|
||||||
|
API_PASSWORD: ${WAZUH_API_PASSWORD}
|
||||||
|
hostname: wazuh-manager
|
||||||
|
image: wazuh/wazuh-manager:4.12.0
|
||||||
|
ports:
|
||||||
|
- 1514:1514/tcp
|
||||||
|
- 1515:1515/tcp
|
||||||
|
- 514:514/udp
|
||||||
|
- 55000:55000/tcp
|
||||||
|
restart: always
|
||||||
|
ulimits:
|
||||||
|
memlock:
|
||||||
|
hard: -1
|
||||||
|
soft: -1
|
||||||
|
nofile:
|
||||||
|
hard: 655360
|
||||||
|
soft: 655360
|
||||||
|
volumes:
|
||||||
|
- wazuh_api_configuration:/var/ossec/api/configuration
|
||||||
|
- wazuh_etc:/var/ossec/etc
|
||||||
|
- wazuh_logs:/var/ossec/logs
|
||||||
|
- wazuh_queue:/var/ossec/queue
|
||||||
|
- wazuh_var_multigroups:/var/ossec/var/multigroups
|
||||||
|
- wazuh_integrations:/var/ossec/integrations
|
||||||
|
- wazuh_active_response:/var/ossec/active-response/bin
|
||||||
|
- wazuh_agentless:/var/ossec/agentless
|
||||||
|
- wazuh_wodles:/var/ossec/wodles
|
||||||
|
- wazuh_filebeat_etc:/etc/filebeat
|
||||||
|
- wazuh_filebeat_var:/var/lib/filebeat
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
|
||||||
|
- ${DOCKER_VOLUME_CONFIG}/wazuh/manager/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
|
||||||
web-check:
|
web-check:
|
||||||
container_name: web-check
|
container_name: web-check
|
||||||
image: lissy93/web-check
|
image: lissy93/web-check
|
||||||
@@ -6314,4 +6454,32 @@ volumes:
|
|||||||
wallos-db:
|
wallos-db:
|
||||||
name: wallos-db
|
name: wallos-db
|
||||||
wallos-logos:
|
wallos-logos:
|
||||||
name: wallos-logos
|
name: wallos-logos
|
||||||
|
wazuh-dashboard-config:
|
||||||
|
name: wazuh-dashboard-config
|
||||||
|
wazuh-dashboard-custom:
|
||||||
|
name: wazuh-dashboard-custom
|
||||||
|
wazuh-indexer-data:
|
||||||
|
name: wazuh-indexer-data
|
||||||
|
wazuh_active_response:
|
||||||
|
name: wazuh_active_response
|
||||||
|
wazuh_filebeat_etc:
|
||||||
|
name: wazuh_filebeat_etc
|
||||||
|
wazuh_filebeat_var:
|
||||||
|
name: wazuh_filebeat_var
|
||||||
|
wazuh_agentless:
|
||||||
|
name: wazuh_agentless
|
||||||
|
wazuh_api_configuration:
|
||||||
|
name: wazuh_api_configuration
|
||||||
|
wazuh_etc:
|
||||||
|
name: wazuh_etc
|
||||||
|
wazuh_integrations:
|
||||||
|
name: wazuh_integrations
|
||||||
|
wazuh_logs:
|
||||||
|
name: wazuh_logs
|
||||||
|
wazuh_queue:
|
||||||
|
name: wazuh_queue
|
||||||
|
wazuh_var_multigroups:
|
||||||
|
name: wazuh_var_multigroups
|
||||||
|
wazuh_wodles:
|
||||||
|
name: wazuh_wodles
|
||||||
Reference in New Issue
Block a user