diff --git a/plugins/main/public/templates/agents-prev/agents-prev.html b/plugins/main/public/templates/agents-prev/agents-prev.html
index 573720fea4..a62bbe07ef 100644
--- a/plugins/main/public/templates/agents-prev/agents-prev.html
+++ b/plugins/main/public/templates/agents-prev/agents-prev.html
@@ -59,7 +59,7 @@
layout="column"
layout-align="start space-around"
>
-
+
Date: Mon, 11 Dec 2023 14:02:18 +0100
Subject: [PATCH 05/12] Add hostname board serial fields to agent inventory
(#6191)
* Add hostname and board_serial to agent inventory
* Remove Camelcase from Board Serial
* test snap fixed
* Fix format
* Added snaps and changelod
* Edit hostname to host name in dashboard and changelog
---
CHANGELOG.md | 1 +
.../__snapshots__/inventory.test.tsx.snap | 78 ++++++++++++++++++-
.../components/syscollector-metrics.tsx | 26 ++++++-
3 files changed, 101 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e28398fb5d..83a69ecb03 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ All notable changes to the Wazuh app project will be documented in this file.
### Added
- Support for Wazuh 4.7.2
+- Added host name and board serial information to Agents > Inventory data [#6191](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6191)
### Fixed
diff --git a/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap b/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap
index 539eeb3f55..d34d24e8f6 100644
--- a/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap
+++ b/plugins/main/public/components/agents/syscollector/__snapshots__/inventory.test.tsx.snap
@@ -67,7 +67,7 @@ exports[`Inventory component A Apple agent should be well rendered. 1`] = `
@@ -2096,7 +2120,7 @@ exports[`Inventory component A Linux agent should be well rendered. 1`] = `
+
+
@@ -4199,7 +4247,7 @@ exports[`Inventory component A Windows agent should be well rendered. 1`] = `
+
+
diff --git a/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx b/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx
index 449f823dbc..bdd08b5322 100644
--- a/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx
+++ b/plugins/main/public/components/agents/syscollector/components/syscollector-metrics.tsx
@@ -93,7 +93,7 @@ export function InventoryMetrics({ agent }) {
)}
-
+
CPU:{' '}
{syscollector.isLoading ? (
@@ -105,6 +105,30 @@ export function InventoryMetrics({ agent }) {
)}
+
+
+ Host name:{' '}
+ {syscollector.isLoading ? (
+
+ ) : syscollector.data.os.hostname ? (
+ {syscollector.data.os.hostname}
+ ) : (
+ -
+ )}
+
+
+
+
+ Board serial:{' '}
+ {syscollector.isLoading ? (
+
+ ) : syscollector.data.hardware.board_serial ? (
+ {syscollector.data.hardware.board_serial}
+ ) : (
+ -
+ )}
+
+
Last scan:{' '}
From bc56ba904a7b67ad43a151419d25475230d9a328 Mon Sep 17 00:00:00 2001
From: Federico Rodriguez
Date: Wed, 13 Dec 2023 11:55:13 +0100
Subject: [PATCH 06/12] Change the endpoint to get Wazuh manager auth
configuration (#6206)
* Change the auth configuration endpoint request
* Add changelog
---
CHANGELOG.md | 1 +
.../security/policies/create-policy.tsx | 72 ++++++++++---------
.../security/policies/edit-policy.tsx | 72 ++++++++++---------
.../security/policies/policies-table.tsx | 2 +-
.../register-agent/register-agent.tsx | 39 ++++------
.../services/register-agent-services.tsx | 48 +++++++++----
6 files changed, 127 insertions(+), 107 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 83a69ecb03..4d2a06e2cc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ All notable changes to the Wazuh app project will be documented in this file.
### Fixed
- Fixed Agents preview page load when there are no registered agents [#6185](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6185)
+- Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206)
## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01
diff --git a/plugins/main/public/components/security/policies/create-policy.tsx b/plugins/main/public/components/security/policies/create-policy.tsx
index 2bf87b539c..58fc60a897 100644
--- a/plugins/main/public/components/security/policies/create-policy.tsx
+++ b/plugins/main/public/components/security/policies/create-policy.tsx
@@ -110,23 +110,25 @@ export const CreatePolicyFlyout = ({ closeFlyout }) => {
const actionsData = actionsRequest?.data?.data || {};
setAvailableActions(actionsData);
- const actions = Object.keys(actionsData).map((x, idx) => {
- return {
- id: idx,
- value: x,
- inputDisplay: x,
- dropdownDisplay: (
- <>
- {x}
-
-
- {actionsData[x].description}
-
-
-
- ),
- };
- });
+ const actions = Object.keys(actionsData)
+ .map((x, idx) => {
+ return {
+ id: idx,
+ value: x,
+ inputDisplay: x,
+ dropdownDisplay: (
+ <>
+ {x}
+
+
+ {actionsData[x].description}
+
+
+
+ ),
+ };
+ })
+ .sort((a, b) => a.value.localeCompare(b.value));
setActions(actions);
}
@@ -137,23 +139,25 @@ export const CreatePolicyFlyout = ({ closeFlyout }) => {
allResources = allResources.concat(res);
});
const allResourcesSet = new Set(allResources);
- const resources = Array.from(allResourcesSet).map((x, idx) => {
- return {
- id: idx,
- value: x,
- inputDisplay: x,
- dropdownDisplay: (
- <>
- {x}
-
-
- {availableResources[x].description}
-
-
-
- ),
- };
- });
+ const resources = Array.from(allResourcesSet)
+ .map((x, idx) => {
+ return {
+ id: idx,
+ value: x,
+ inputDisplay: x,
+ dropdownDisplay: (
+ <>
+ {x}
+
+
+ {availableResources[x].description}
+
+
+
+ ),
+ };
+ })
+ .sort((a, b) => a.value.localeCompare(b.value));
setResources(resources);
};
diff --git a/plugins/main/public/components/security/policies/edit-policy.tsx b/plugins/main/public/components/security/policies/edit-policy.tsx
index b2935bb611..17485f96d3 100644
--- a/plugins/main/public/components/security/policies/edit-policy.tsx
+++ b/plugins/main/public/components/security/policies/edit-policy.tsx
@@ -112,23 +112,25 @@ export const EditPolicyFlyout = ({ policy, closeFlyout }) => {
const actionsData = actionsRequest?.data?.data || {};
setAvailableActions(actionsData);
- const actions = Object.keys(actionsData).map((x, idx) => {
- return {
- id: idx,
- value: x,
- inputDisplay: x,
- dropdownDisplay: (
- <>
- {x}
-
-
- {actionsData[x].description}
-
-
-
- ),
- };
- });
+ const actions = Object.keys(actionsData)
+ .map((x, idx) => {
+ return {
+ id: idx,
+ value: x,
+ inputDisplay: x,
+ dropdownDisplay: (
+ <>
+ {x}
+
+
+ {actionsData[x].description}
+
+
+
+ ),
+ };
+ })
+ .sort((a, b) => a.value.localeCompare(b.value));
setActions(actions);
}
@@ -139,23 +141,25 @@ export const EditPolicyFlyout = ({ policy, closeFlyout }) => {
allResources = allResources.concat(res);
});
const allResourcesSet = new Set(allResources);
- const resources = Array.from(allResourcesSet).map((x, idx) => {
- return {
- id: idx,
- value: x,
- inputDisplay: x,
- dropdownDisplay: (
- <>
- {x}
-
-
- {(availableResources[x] || {}).description}
-
-
-
- ),
- };
- });
+ const resources = Array.from(allResourcesSet)
+ .map((x, idx) => {
+ return {
+ id: idx,
+ value: x,
+ inputDisplay: x,
+ dropdownDisplay: (
+ <>
+ {x}
+
+
+ {(availableResources[x] || {}).description}
+
+
+
+ ),
+ };
+ })
+ .sort((a, b) => a.value.localeCompare(b.value));
setResources(resources);
};
diff --git a/plugins/main/public/components/security/policies/policies-table.tsx b/plugins/main/public/components/security/policies/policies-table.tsx
index 866d0a34d0..4e2d9b376d 100644
--- a/plugins/main/public/components/security/policies/policies-table.tsx
+++ b/plugins/main/public/components/security/policies/policies-table.tsx
@@ -87,7 +87,7 @@ export const PoliciesTable = ({
name: 'Actions',
sortable: true,
render: actions => {
- return (actions || []).join(', ');
+ return (actions || []).sort((a, b) => a.localeCompare(b)).join(', ');
},
truncateText: true,
},
diff --git a/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx b/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx
index 8ae23213cd..7d110bfa2d 100644
--- a/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx
+++ b/plugins/main/public/controllers/register-agent/containers/register-agent/register-agent.tsx
@@ -11,15 +11,17 @@ import {
EuiProgress,
EuiButton,
} from '@elastic/eui';
-import { WzRequest } from '../../../../react-services/wz-request';
+
import { UI_LOGGER_LEVELS } from '../../../../../common/constants';
import { UI_ERROR_SEVERITIES } from '../../../../react-services/error-orchestrator/types';
import { ErrorHandler } from '../../../../react-services/error-management';
-import { getMasterRemoteConfiguration } from '../../../agent/components/register-agent-service';
import './register-agent.scss';
import { Steps } from '../steps/steps';
import { InputForm } from '../../../../components/common/form';
-import { getGroups } from '../../services/register-agent-services';
+import {
+ getGroups,
+ getMasterConfiguration,
+} from '../../services/register-agent-services';
import { useForm } from '../../../../components/common/form/hooks';
import { FormConfiguration } from '../../../../components/common/form/types';
import { useSelector } from 'react-redux';
@@ -93,39 +95,26 @@ export const RegisterAgent = withReduxProvider(
const form = useForm(initialFields);
- const getRemoteConfig = async () => {
- const remoteConfig = await getMasterRemoteConfiguration();
- if (remoteConfig) {
- setHaveUdpProtocol(remoteConfig.isUdp);
- }
- };
-
- const getAuthInfo = async () => {
- try {
- const result = await WzRequest.apiReq(
- 'GET',
- '/agents/000/config/auth/auth',
- {},
- );
- return (result.data || {}).data || {};
- } catch (error) {
- ErrorHandler.handleError(error);
+ const getMasterConfig = async () => {
+ const masterConfig = await getMasterConfiguration();
+ if (masterConfig?.remote) {
+ setHaveUdpProtocol(masterConfig.remote.isUdp);
}
+ return masterConfig;
};
useEffect(() => {
const fetchData = async () => {
try {
const wazuhVersion = await getWazuhVersion();
- await getRemoteConfig();
- const authInfo = await getAuthInfo();
+ const { auth: authConfig } = await getMasterConfig();
// get wazuh password configuration
let wazuhPassword = '';
- const needsPassword = (authInfo.auth || {}).use_password === 'yes';
+ const needsPassword = authConfig?.auth?.use_password === 'yes';
if (needsPassword) {
wazuhPassword =
- configuration['enrollment.password'] ||
- authInfo['authd.pass'] ||
+ configuration?.['enrollment.password'] ||
+ authConfig?.['authd.pass'] ||
'';
}
const groups = await getGroups();
diff --git a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx
index 8200224bb2..71c3b1dc15 100644
--- a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx
+++ b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx
@@ -92,6 +92,19 @@ async function getRemoteConfiguration(nodeName: string): Promise {
return config;
}
}
+/**
+ * Get the manager/cluster auth configuration from Wazuh API
+ * @param node
+ * @returns
+ */
+async function getAuthConfiguration(node?: string) {
+ const authConfigUrl = node
+ ? `/cluster/${node}/configuration/auth/auth`
+ : '/manager/configuration/auth/auth';
+ const result = await WzRequest.apiReq('GET', authConfigUrl, {});
+ const auth = result?.data?.data?.affected_items?.[0];
+ return auth;
+}
/**
* Get the remote protocol available from list of protocols
@@ -213,13 +226,18 @@ export const getMasterNode = (nodeIps: any[]): any[] => {
};
/**
- * Get the remote configuration from manager
+ * Get the remote and the auth configuration from manager
* This function get the config from manager mode or cluster mode
*/
-export const getMasterRemoteConfiguration = async () => {
+export const getMasterConfiguration = async () => {
const nodes = await fetchClusterNodesOptions();
const masterNode = getMasterNode(nodes);
- return await getRemoteConfiguration(masterNode[0].label);
+ const remote = await getRemoteConfiguration(masterNode[0].label);
+ const auth = await getAuthConfiguration(masterNode[0].label);
+ return {
+ remote,
+ auth,
+ };
};
export { getConnectionConfig, getRemoteConfiguration };
@@ -260,16 +278,18 @@ export interface IParseRegisterFormValues {
export const parseRegisterAgentFormValues = (
formValues: { name: keyof UseFormReturn['fields']; value: any }[],
OSOptionsDefined: RegisterAgentData[],
- initialValues?: IParseRegisterFormValues
+ initialValues?: IParseRegisterFormValues,
) => {
// return the values form the formFields and the value property
- const parsedForm = initialValues || {
- operatingSystem: {
- architecture: '',
- name: '',
- },
- optionalParams: {},
- } as IParseRegisterFormValues;
+ const parsedForm =
+ initialValues ||
+ ({
+ operatingSystem: {
+ architecture: '',
+ name: '',
+ },
+ optionalParams: {},
+ } as IParseRegisterFormValues);
formValues.forEach(field => {
if (field.name === 'operatingSystemSelection') {
// search the architecture defined in architecture array and get the os name defined in title array in the same index
@@ -284,7 +304,9 @@ export const parseRegisterAgentFormValues = (
}
} else {
if (field.name === 'agentGroups') {
- parsedForm.optionalParams[field.name as any] = field.value.map(item => item.id)
+ parsedForm.optionalParams[field.name as any] = field.value.map(
+ item => item.id,
+ );
} else {
parsedForm.optionalParams[field.name as any] = field.value;
}
@@ -292,4 +314,4 @@ export const parseRegisterAgentFormValues = (
});
return parsedForm;
-};
\ No newline at end of file
+};
From 6e84a16f0761c3af7c468fe8284d7731bae4ff23 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Ruiz?=
Date: Wed, 13 Dec 2023 12:32:15 +0100
Subject: [PATCH 07/12] Add Docker envs for 4.6.x and 4.7.x pre-release and
release and add server to osd-dev environment (#6132)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* Add Docker envs for 4.6-production
* feat(environments): remove logging and add dev environments for 4.7.0
* feat(environments): add server to dev environments
- Add real server to osd-dev environments that is enbled through the
server profile
- Fix pre-release and release environments for 4.6.x
- Add pre-release and release environments for 4.7.x
* Fix network name and agent register command
* feat(docker): replace Wazuh server on dev environments
* fix(docker): fix agent version in dev environment
* fix(docker): remove unused files in dev environment
---------
Co-authored-by: Antonio David GutiƩrrez
Co-authored-by: Federico Rodriguez
---
docker/osd-dev/config/1.x/osd/wazuh.yml | 6 +-
docker/osd-dev/config/2.x/osd/wazuh.yml | 6 +-
.../config/wazuh_cluster/wazuh_manager.conf | 353 ++++++++++++++++++
docker/osd-dev/dev.sh | 41 +-
docker/osd-dev/dev.yml | 64 +++-
docker/wazuh-4.6/README.md | 142 +++++++
docker/wazuh-4.6/config/certs/ca.json | 15 +
docker/wazuh-4.6/config/certs/cfssl.json | 58 +++
docker/wazuh-4.6/config/certs/host.json | 19 +
docker/wazuh-4.6/config/filebeat/filebeat.yml | 22 ++
.../wazuh-4.6/config/imposter/api_info.json | 12 +
docker/wazuh-4.6/config/imposter/login.js | 42 +++
.../config/imposter/wazuh-config.yml | 16 +
.../config/wazuh_cluster/wazuh_manager.conf | 353 ++++++++++++++++++
.../config/wazuh_dashboard/wazuh.yml | 14 +
.../wazuh_dashboard/wazuh_dashboard.yml | 15 +
.../wazuh_dashboard/wazuh_dashboard_saml.yml | 16 +
.../config/wazuh_indexer/config-saml.yml | 40 ++
.../wazuh-4.6/config/wazuh_indexer/config.yml | 40 ++
.../config/wazuh_indexer/internal_users.yml | 56 +++
.../config/wazuh_indexer/opensearch.yml | 42 +++
.../wazuh-4.6/config/wazuh_indexer/roles.yml | 149 ++++++++
.../config/wazuh_indexer/roles_mapping.yml | 88 +++++
.../config/wazuh_indexer/wazuh.indexer.yml | 28 ++
docker/wazuh-4.6/enable_saml.sh | 165 ++++++++
docker/wazuh-4.6/pre.sh | 109 ++++++
docker/wazuh-4.6/pre.yml | 212 +++++++++++
docker/wazuh-4.6/rel.sh | 69 ++++
docker/wazuh-4.6/rel.yml | 325 ++++++++++++++++
docker/wazuh-4.7/README.md | 142 +++++++
docker/wazuh-4.7/config/certs/ca.json | 15 +
docker/wazuh-4.7/config/certs/cfssl.json | 58 +++
docker/wazuh-4.7/config/certs/host.json | 19 +
docker/wazuh-4.7/config/filebeat/filebeat.yml | 22 ++
.../wazuh-4.7/config/imposter/api_info.json | 12 +
docker/wazuh-4.7/config/imposter/login.js | 42 +++
.../config/imposter/wazuh-config.yml | 16 +
.../config/wazuh_cluster/wazuh_manager.conf | 353 ++++++++++++++++++
.../config/wazuh_dashboard/wazuh.yml | 14 +
.../wazuh_dashboard/wazuh_dashboard.yml | 15 +
.../wazuh_dashboard/wazuh_dashboard_saml.yml | 16 +
.../config/wazuh_indexer/config-saml.yml | 40 ++
.../wazuh-4.7/config/wazuh_indexer/config.yml | 40 ++
.../config/wazuh_indexer/internal_users.yml | 56 +++
.../config/wazuh_indexer/opensearch.yml | 42 +++
.../wazuh-4.7/config/wazuh_indexer/roles.yml | 149 ++++++++
.../config/wazuh_indexer/roles_mapping.yml | 88 +++++
.../config/wazuh_indexer/wazuh.indexer.yml | 28 ++
docker/wazuh-4.7/enable_saml.sh | 165 ++++++++
docker/wazuh-4.7/pre.sh | 111 ++++++
docker/wazuh-4.7/pre.yml | 212 +++++++++++
docker/wazuh-4.7/rel.sh | 71 ++++
docker/wazuh-4.7/rel.yml | 325 ++++++++++++++++
53 files changed, 4548 insertions(+), 20 deletions(-)
create mode 100755 docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf
create mode 100644 docker/wazuh-4.6/README.md
create mode 100644 docker/wazuh-4.6/config/certs/ca.json
create mode 100644 docker/wazuh-4.6/config/certs/cfssl.json
create mode 100644 docker/wazuh-4.6/config/certs/host.json
create mode 100644 docker/wazuh-4.6/config/filebeat/filebeat.yml
create mode 100644 docker/wazuh-4.6/config/imposter/api_info.json
create mode 100755 docker/wazuh-4.6/config/imposter/login.js
create mode 100755 docker/wazuh-4.6/config/imposter/wazuh-config.yml
create mode 100755 docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf
create mode 100755 docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml
create mode 100755 docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml
create mode 100755 docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml
create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml
create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/config.yml
create mode 100755 docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml
create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml
create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/roles.yml
create mode 100644 docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml
create mode 100755 docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml
create mode 100755 docker/wazuh-4.6/enable_saml.sh
create mode 100755 docker/wazuh-4.6/pre.sh
create mode 100755 docker/wazuh-4.6/pre.yml
create mode 100755 docker/wazuh-4.6/rel.sh
create mode 100755 docker/wazuh-4.6/rel.yml
create mode 100644 docker/wazuh-4.7/README.md
create mode 100644 docker/wazuh-4.7/config/certs/ca.json
create mode 100644 docker/wazuh-4.7/config/certs/cfssl.json
create mode 100644 docker/wazuh-4.7/config/certs/host.json
create mode 100644 docker/wazuh-4.7/config/filebeat/filebeat.yml
create mode 100644 docker/wazuh-4.7/config/imposter/api_info.json
create mode 100755 docker/wazuh-4.7/config/imposter/login.js
create mode 100755 docker/wazuh-4.7/config/imposter/wazuh-config.yml
create mode 100755 docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf
create mode 100755 docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml
create mode 100755 docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml
create mode 100755 docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml
create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml
create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/config.yml
create mode 100755 docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml
create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml
create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/roles.yml
create mode 100644 docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml
create mode 100755 docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml
create mode 100755 docker/wazuh-4.7/enable_saml.sh
create mode 100755 docker/wazuh-4.7/pre.sh
create mode 100755 docker/wazuh-4.7/pre.yml
create mode 100755 docker/wazuh-4.7/rel.sh
create mode 100755 docker/wazuh-4.7/rel.yml
diff --git a/docker/osd-dev/config/1.x/osd/wazuh.yml b/docker/osd-dev/config/1.x/osd/wazuh.yml
index 76c3a973ab..3f3bc90bbb 100755
--- a/docker/osd-dev/config/1.x/osd/wazuh.yml
+++ b/docker/osd-dev/config/1.x/osd/wazuh.yml
@@ -1,18 +1,18 @@
hosts:
- manager:
- url: "https://wazuh.manager"
+ url: 'https://wazuh.manager'
port: 55000
username: wazuh-wui
password: MyS3cr37P450r.*-
run_as: false
- imposter:
- url: "http://imposter"
+ url: 'http://imposter'
port: 8080
username: wazuh-wui
password: MyS3cr37P450r.*-
run_as: false
- imposter-cli:
- url: "http://"
+ url: 'http://'
port: 8080
username: wazuh-wui
password: MyS3cr37P450r.*-
diff --git a/docker/osd-dev/config/2.x/osd/wazuh.yml b/docker/osd-dev/config/2.x/osd/wazuh.yml
index 76c3a973ab..3f3bc90bbb 100755
--- a/docker/osd-dev/config/2.x/osd/wazuh.yml
+++ b/docker/osd-dev/config/2.x/osd/wazuh.yml
@@ -1,18 +1,18 @@
hosts:
- manager:
- url: "https://wazuh.manager"
+ url: 'https://wazuh.manager'
port: 55000
username: wazuh-wui
password: MyS3cr37P450r.*-
run_as: false
- imposter:
- url: "http://imposter"
+ url: 'http://imposter'
port: 8080
username: wazuh-wui
password: MyS3cr37P450r.*-
run_as: false
- imposter-cli:
- url: "http://"
+ url: 'http://'
port: 8080
username: wazuh-wui
password: MyS3cr37P450r.*-
diff --git a/docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf b/docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf
new file mode 100755
index 0000000000..aff1af9d6c
--- /dev/null
+++ b/docker/osd-dev/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,353 @@
+
+
+ yes
+ yes
+ no
+ no
+ no
+ smtp.example.wazuh.com
+ wazuh@example.wazuh.com
+ recipient@example.wazuh.com
+ 12
+ alerts.log
+ 10m
+ 0
+
+
+
+ 3
+ 12
+
+
+
+
+ plain
+
+
+
+ secure
+ 1514
+ tcp
+ 131072
+
+
+
+
+ no
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+ 43200
+
+ etc/rootcheck/rootkit_files.txt
+ etc/rootcheck/rootkit_trojans.txt
+
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
+
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+
+ 10
+
+
+
+
+ yes
+ yes
+ 12h
+ yes
+
+
+
+ no
+ 5m
+ 6h
+ yes
+
+
+
+ no
+ trusty
+ xenial
+ bionic
+ focal
+ 1h
+
+
+
+
+ no
+ stretch
+ buster
+ bullseye
+ 1h
+
+
+
+
+ no
+ 5
+ 6
+ 7
+ 8
+ 1h
+
+
+
+
+ no
+ amazon-linux
+ amazon-linux-2
+ 1h
+
+
+
+
+ no
+ 1h
+
+
+
+
+ yes
+ 1h
+
+
+
+
+ yes
+ 2010
+ 1h
+
+
+
+
+
+
+ no
+
+
+ 43200
+
+ yes
+
+
+ yes
+
+
+ no
+
+
+ /etc,/usr/bin,/usr/sbin
+ /bin,/sbin,/boot
+
+
+ /etc/mtab
+ /etc/hosts.deny
+ /etc/mail/statistics
+ /etc/random-seed
+ /etc/random.seed
+ /etc/adjtime
+ /etc/httpd/logs
+ /etc/utmpx
+ /etc/wtmpx
+ /etc/cups/certs
+ /etc/dumpdates
+ /etc/svc/volatile
+
+
+ .log$|.swp$
+
+
+ /etc/ssl/private.key
+
+ yes
+ yes
+ yes
+ yes
+
+
+ 10
+
+
+ 100
+
+
+
+ yes
+ 5m
+ 1h
+ 10
+
+
+
+
+
+ 127.0.0.1
+ ^localhost.localdomain$
+ 10.0.0.106
+
+
+
+ disable-account
+ disable-account
+ yes
+
+
+
+ restart-wazuh
+ restart-wazuh
+
+
+
+ firewall-drop
+ firewall-drop
+ yes
+
+
+
+ host-deny
+ host-deny
+ yes
+
+
+
+ route-null
+ route-null
+ yes
+
+
+
+ win_route-null
+ route-null.exe
+ yes
+
+
+
+ netsh
+ netsh.exe
+ yes
+
+
+
+
+
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+
+
+
+ ruleset/decoders
+ ruleset/rules
+ 0215-policy_rules.xml
+ etc/lists/audit-keys
+ etc/lists/amazon/aws-eventnames
+ etc/lists/security-eventchannel
+
+
+ etc/decoders
+ etc/rules
+
+
+
+ yes
+ 1
+ 64
+ 15m
+
+
+
+
+ no
+ 1515
+ no
+ yes
+ no
+ HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
+ no
+ etc/sslmanager.cert
+ etc/sslmanager.key
+ no
+
+
+
+ wazuh
+ node01
+ master
+
+ 1516
+ 0.0.0.0
+
+ NODE_IP
+
+ no
+ yes
+
+
+
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
diff --git a/docker/osd-dev/dev.sh b/docker/osd-dev/dev.sh
index 426eade63a..123a2baf66 100755
--- a/docker/osd-dev/dev.sh
+++ b/docker/osd-dev/dev.sh
@@ -22,13 +22,20 @@ osd_versions=(
'2.4.0'
'2.4.1'
'2.6.0'
+ '2.8.0'
'4.6.0'
'4.7.0'
)
+wzs_version=(
+ '4.7.0'
+ '4.7.1'
+ '4.7.2'
+)
+
usage() {
echo
- echo "./dev.sh os_version osd_version /wazuh_app_src action [saml]"
+ echo "./dev.sh os_version osd_version /wazuh_app_src action [saml/server] [server_version]"
echo
echo "where"
echo " os_version is one of " ${os_versions[*]}
@@ -36,6 +43,7 @@ usage() {
echo " wazuh_app_src is the path to the wazuh application source code"
echo " action is one of up | down | stop"
echo " saml to deploy a saml enabled environment"
+ echo " server to deploy a real server enabled environment"
exit -1
}
@@ -96,6 +104,16 @@ if [[ "$5" =~ "saml" ]]; then
export SEC_CONFIG_FILE=./config/${OSD_MAJOR}/os/config-saml.yml
fi
+if [[ "$5" =~ "server" ]]; then
+ profile="server"
+ if [[ ! " ${wzs_version[*]} " =~ " ${6} " ]]; then
+ echo "Wazuh server version ${6} not found in ${wzs_version[*]}"
+ echo
+ exit -1
+ fi
+ export WAZUH_STACK="${6}"
+fi
+
export SEC_CONFIG_PATH=/usr/share/opensearch/plugins/opensearch-security/securityconfig
if [[ "$OSD_MAJOR" == "2.x" ]]; then
export SEC_CONFIG_PATH=/usr/share/opensearch/config/opensearch-security
@@ -105,6 +123,27 @@ case "$4" in
up)
/bin/bash ../scripts/create_docker_networks.sh
docker compose --profile $profile -f dev.yml up -Vd
+
+ # Display a command to deploy an agent when using the real server
+ if [[ "$5" =~ "server" ]]; then
+ echo
+ echo "**************WARNING**************"
+ echo "The agent version must be a published one. This uses only released versions."
+ echo "If you need to change de version, edit the command as you see fit."
+ echo "***********************************"
+ echo "1. (Optional) Enroll an agent (Ubuntu 20.04):"
+ echo "docker run --name ${COMPOSE_PROJECT_NAME}-agent-\$(date +%s) --network os-dev-${OS_VERSION} --label com.docker.compose.project=${COMPOSE_PROJECT_NAME} --env WAZUH_AGENT_VERSION=${WAZUH_STACK} -d ubuntu:20.04 bash -c '"
+ echo " apt update -y"
+ echo " apt install -y curl lsb-release"
+ echo " curl -so \wazuh-agent-\${WAZUH_AGENT_VERSION}.deb \\"
+ echo " https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_\${WAZUH_AGENT_VERSION}-1_amd64.deb \\"
+ echo " && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-\${WAZUH_AGENT_VERSION}.deb"
+ echo
+ echo " /etc/init.d/wazuh-agent start"
+ echo " tail -f /var/ossec/logs/ossec.log"
+ echo "'"
+ echo
+ fi
;;
down)
docker compose --profile $profile -f dev.yml down -v --remove-orphans
diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml
index 0906bf2bc7..19aa36da43 100755
--- a/docker/osd-dev/dev.yml
+++ b/docker/osd-dev/dev.yml
@@ -1,17 +1,18 @@
version: '2.2'
-x-logging: &logging
- logging:
- driver: loki
- options:
- loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
+# x-logging: &logging
+# logging:
+# driver: loki
+# options:
+# loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
- <<: *logging
+ #<<: *logging
hostname: exporter-osd-${OS_VERSION}
profiles:
+ - 'server'
- 'saml'
- 'standard'
networks:
@@ -24,7 +25,7 @@ services:
imposter:
image: outofcoffee/imposter
- <<: *logging
+ #<<: *logging
hostname: imposter-osd-${OS_VERSION}
networks:
- os-dev
@@ -37,8 +38,9 @@ services:
generator:
image: cfssl/cfssl
- <<: *logging
+ #<<: *logging
profiles:
+ - 'server'
- 'saml'
- 'standard'
volumes:
@@ -128,8 +130,9 @@ services:
condition: service_completed_successfully
required: false
image: opensearchproject/opensearch:${OS_VERSION}
- <<: *logging
+ #<<: *logging
profiles:
+ - 'server'
- 'saml'
- 'standard'
environment:
@@ -157,6 +160,9 @@ services:
- os_logs:/var/log/os1
- os_data:/var/lib/os1
+ ports:
+ - 9200:9200
+ - 9300:9300
networks:
- os-dev
- mon
@@ -183,7 +189,7 @@ services:
networks:
- os-dev
- mon
- <<: *logging
+ #<<: *logging
# restart: always
entrypoint:
- '/bin/bash'
@@ -212,6 +218,7 @@ services:
condition: service_healthy
image: quay.io/wazuh/osd-dev:${OSD_VERSION}
profiles:
+ - 'server'
- 'saml'
- 'standard'
hostname: osd
@@ -220,7 +227,7 @@ services:
- devel
- mon
user: '1000:1000'
- <<: *logging
+ #<<: *logging
ports:
- ${OSD_PORT}:5601
environment:
@@ -272,7 +279,7 @@ services:
profiles:
- 'saml'
hostname: idp
- <<: *logging
+ #<<: *logging
networks:
- os-dev
- mon
@@ -301,7 +308,7 @@ services:
profiles:
- 'saml'
hostname: idpsetup
- <<: *logging
+ #<<: *logging
networks:
- os-dev
- mon
@@ -315,6 +322,37 @@ services:
bash /enable_saml.sh
exit 0
'
+ wazuh.manager:
+ depends_on:
+ os1:
+ condition: service_healthy
+ image: wazuh/wazuh-manager:${WAZUH_STACK}
+ profiles:
+ - 'server'
+ hostname: wazuh.manager
+ # <<: *logging
+ networks:
+ - os-dev
+ - mon
+ environment:
+ - INDEXER_URL=https://os1:9200
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=admin
+ - FILEBEAT_SSL_VERIFICATION_MODE=full
+ - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/wazuh/ca.pem
+ - SSL_CERTIFICATE=/etc/ssl/wazuh/filebeat.pem
+ - SSL_KEY=/etc/ssl/wazuh/filebeat.key
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wm_certs:/etc/ssl/wazuh
+ - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+ ports:
+ - '514:514'
+ - '1514:1514'
+ - '1515:1515'
+ - '1516:1516'
+ - '55000:55000'
networks:
os-dev:
diff --git a/docker/wazuh-4.6/README.md b/docker/wazuh-4.6/README.md
new file mode 100644
index 0000000000..e76e582ec1
--- /dev/null
+++ b/docker/wazuh-4.6/README.md
@@ -0,0 +1,142 @@
+# Wazuh Stack 4.6.x
+
+On this folder, we can find two types of environments:
+
+- release environment, managed by the `rel.sh` script
+- prerelease environment managed by the `pre.sh` script
+
+### UI Credentials
+
+The default user and password to access the UI at https://0.0.0.0:5601/ are:
+
+```
+admin:SecretPassword
+```
+
+## Release environment
+
+This environment will start a working deployment with:
+
+- Wazuh Manager
+- Wazuh Indexer
+- Wazuh Dashboard
+
+Check the scripts for a list of the supported Wazuh versions.
+
+The environment expect the network `mon` to exists, either bring up the
+`mon` stack or execute the following command:
+
+```bash
+docker network create mon
+```
+
+The images used here are generated by the CI/CD team and uploaded into
+the official Docker Hub organization. No Wazuh Agent image is provided yet,
+so you'll need to deploy an agent in Docker manually, by following the
+instructions below.
+
+### Image certificates
+
+Certificates are created automatically by the docker-compose, but if
+it fails to create them with the appropriate permissions, we might need
+to adjust them.
+
+This is related to the way the official Wazuh docker images are
+prepared.
+
+### Registering agents using Docker
+
+To register an agent, we need to get the enrollment command from the
+UI and then execute:
+
+- For `CentOS/8` images:
+
+ ```bash
+ docker run --name wz-rel-agent-4.6.0 --rm --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d centos:8 bash -c '
+ sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
+ sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
+
+ # Change this command by the one the UI suggests. Add the -y flag and remove the `sudo`.
+ WAZUH_MANAGER='wazuh.manager' yum install -y https://packages.wazuh.com/4.x/yum5/x86_64/wazuh-agent-4.6.0-1.el5.x86_64.rpm
+
+ /etc/init.d/wazuh-agent start
+ tail -f /var/ossec/logs/ossec.log
+ '
+ ```
+
+- For `Ubuntu` images
+
+ ```bash
+ docker run --name wz-rel-agent-4.6.0 --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d ubuntu:20.04 bash -c '
+ apt update -y
+ apt install -y curl lsb-release
+
+ # Change this command by the one the UI suggests to use. Remove the `sudo`.
+ curl -so wazuh-agent-4.6.0.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.6.0-1_amd64.deb && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.6.0.deb
+
+ /etc/init.d/wazuh-agent start
+ tail -f /var/ossec/logs/ossec.log
+ '
+ ```
+
+- For `non-Linux` agents:
+
+ We need to provision virtual machines.
+
+## Prerelease environment
+
+The prerelease environment helps us test app releases while the rest of
+Wazuh packages haven't been generated yet.
+
+This environment will bring up:
+
+- Wazuh Indexer
+- Wazuh Dashboard
+- Filebeat
+- Imposter
+
+### Usage
+
+The way to use this environment is to bring up a published Wazuh version to
+later on upgrade the app with our pre-release package.
+
+While bring up the environment with the `pre.sh` script, specify the published
+version of Wazuh with the `wazuh_version` argument, the new patch version of
+Wazuh with `wazuh_api_version` and finally follow the steps provided by the
+scripts.
+
+Example: test a package for Wazuh 4.6.0
+
+```bash
+./pre.sh 4.6.0 0 up
+```
+
+```bash
+./pre.sh wazuh_version wazuh_api_version action
+
+where
+ wazuh_version is one of
+ wazuh_api_version is the minor version of wazuh 4.6, for example 5 17
+ action is one of up | down
+
+In a minor release, the API should not change the version here bumps the API
+ string returned for testing. This script generates the file
+
+ config/imposter/api_info.json
+
+used by the mock server
+```
+
+Please take into account that the API version for this environment will
+always be a 4.6.x version. Also consider that our application version
+must be the same as the one selected here.
+
+### App upgrade
+
+Follow the instructions provided by the `pre.sh` script.
+
+### Agent enrollment
+
+Because we're not using a real Wazuh Manager, we cannot register new agents.
+Instead, Imposter (the mock server) will provide mocked responds to valid API
+requests, as if it were the real Wazuh server.
diff --git a/docker/wazuh-4.6/config/certs/ca.json b/docker/wazuh-4.6/config/certs/ca.json
new file mode 100644
index 0000000000..8a96a70a42
--- /dev/null
+++ b/docker/wazuh-4.6/config/certs/ca.json
@@ -0,0 +1,15 @@
+{
+ "CN": "Wazuh",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [
+ {
+ "C": "US",
+ "L": "San Francisco",
+ "O": "Wazuh",
+ "OU": "Wazuh Root CA"
+ }
+ ]
+}
diff --git a/docker/wazuh-4.6/config/certs/cfssl.json b/docker/wazuh-4.6/config/certs/cfssl.json
new file mode 100644
index 0000000000..d23daf7621
--- /dev/null
+++ b/docker/wazuh-4.6/config/certs/cfssl.json
@@ -0,0 +1,58 @@
+{
+ "signing": {
+ "default": {
+ "expiry": "8760h"
+ },
+ "profiles": {
+ "intermediate_ca": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "cert sign",
+ "crl sign",
+ "server auth",
+ "client auth"
+ ],
+ "expiry": "8760h",
+ "ca_constraint": {
+ "is_ca": true,
+ "max_path_len": 0,
+ "max_path_len_zero": true
+ }
+ },
+ "peer": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "data encipherment",
+ "client auth",
+ "server auth"
+ ],
+ "expiry": "8760h"
+ },
+ "server": {
+ "usages": [
+ "signing",
+ "digital signing",
+ "key encipherment",
+ "data encipherment",
+ "server auth"
+ ],
+ "expiry": "8760h"
+ },
+ "client": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "data encipherment",
+ "client auth"
+ ],
+ "expiry": "8760h"
+ }
+ }
+ }
+}
+
diff --git a/docker/wazuh-4.6/config/certs/host.json b/docker/wazuh-4.6/config/certs/host.json
new file mode 100644
index 0000000000..27805da58e
--- /dev/null
+++ b/docker/wazuh-4.6/config/certs/host.json
@@ -0,0 +1,19 @@
+{
+ "CN": "HOST",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [
+ {
+ "C": "US",
+ "L": "California",
+ "O": "Wazuh",
+ "OU": "Wazuh"
+ }
+ ],
+ "hosts": [
+ "HOST",
+ "localhost"
+ ]
+}
diff --git a/docker/wazuh-4.6/config/filebeat/filebeat.yml b/docker/wazuh-4.6/config/filebeat/filebeat.yml
new file mode 100644
index 0000000000..e22b1f97ca
--- /dev/null
+++ b/docker/wazuh-4.6/config/filebeat/filebeat.yml
@@ -0,0 +1,22 @@
+
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+ - module: wazuh
+ alerts:
+ enabled: true
+ archives:
+ enabled: false
+
+setup.template.json.enabled: true
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
+setup.template.overwrite: true
+setup.ilm.enabled: false
+output.elasticsearch:
+ hosts: ['https://wazuh.indexer:9200']
+ username: 'admin'
+ password: 'SecretPassword'
+ ssl.verification_mode: full
+ ssl.certificate_authorities: ['/etc/ssl/wazuh/ca.pem']
+ ssl.certificate: '/etc/ssl/wazuh/filebeat.pem'
+ ssl.key: '/etc/ssl/wazuh/filebeat-key.pem'
diff --git a/docker/wazuh-4.6/config/imposter/api_info.json b/docker/wazuh-4.6/config/imposter/api_info.json
new file mode 100644
index 0000000000..126f87cfe7
--- /dev/null
+++ b/docker/wazuh-4.6/config/imposter/api_info.json
@@ -0,0 +1,12 @@
+{
+ "data": {
+ "title": "Wazuh API REST",
+ "api_version": "4.6.0",
+ "revision": 40316,
+ "license_name": "GPL 2.0",
+ "license_url": "https://github.com/wazuh/wazuh/blob/4.6/LICENSE",
+ "hostname": "imposter",
+ "timestamp": "2022-06-13T17:20:03Z"
+ },
+ "error": 0
+}
diff --git a/docker/wazuh-4.6/config/imposter/login.js b/docker/wazuh-4.6/config/imposter/login.js
new file mode 100755
index 0000000000..86c2eb4180
--- /dev/null
+++ b/docker/wazuh-4.6/config/imposter/login.js
@@ -0,0 +1,42 @@
+exports = {};
+
+load('https://raw.githubusercontent.com/kjur/jsrsasign/master/npm/lib/jsrsasign.js', exports);
+header = {
+ "alg": "HS256",
+ "typ": "JWT",
+ "kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910"
+};
+
+// The second part of the token is the payload, which contains the claims.
+// Claims are statements about an entity (typically, the user) and
+// additional data. There are three types of claims:
+// registered, public, and private claims.
+nbf = Date.now()-1000;
+
+claims = {
+ "iss": "wazuh",
+ "aud": "Wazuh API REST",
+ "nbf": nbf,
+ "exp": nbf+3600000,
+ "sub": "wazuh",
+ "rbac_roles": [
+ 1
+ ],
+ "rbac_mode": "white"
+};
+
+
+jwt = KJUR.jws.JWS.sign("HS256", JSON.stringify(header), JSON.stringify(claims), "616161");
+
+resp = {
+ "data": {
+ "token": jwt,
+ "error": 0
+ }
+};
+
+respond()
+ .withStatusCode(200)
+ .withData(JSON.stringify(resp));
+
+
diff --git a/docker/wazuh-4.6/config/imposter/wazuh-config.yml b/docker/wazuh-4.6/config/imposter/wazuh-config.yml
new file mode 100755
index 0000000000..ace39bf4a0
--- /dev/null
+++ b/docker/wazuh-4.6/config/imposter/wazuh-config.yml
@@ -0,0 +1,16 @@
+---
+plugin: openapi
+specFile: https://raw.githubusercontent.com/wazuh/wazuh/v4.4.0/api/api/spec/spec.yaml
+
+resources:
+ - path: /security/user/authenticate
+ method: POST
+ response:
+ statusCode: 200
+ scriptFile: login.js
+ - path: /
+ method: get
+ response:
+ statusCode: 200
+ staticFile: api_info.json
+
diff --git a/docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf b/docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf
new file mode 100755
index 0000000000..aff1af9d6c
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,353 @@
+
+
+ yes
+ yes
+ no
+ no
+ no
+ smtp.example.wazuh.com
+ wazuh@example.wazuh.com
+ recipient@example.wazuh.com
+ 12
+ alerts.log
+ 10m
+ 0
+
+
+
+ 3
+ 12
+
+
+
+
+ plain
+
+
+
+ secure
+ 1514
+ tcp
+ 131072
+
+
+
+
+ no
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+ 43200
+
+ etc/rootcheck/rootkit_files.txt
+ etc/rootcheck/rootkit_trojans.txt
+
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
+
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+
+ 10
+
+
+
+
+ yes
+ yes
+ 12h
+ yes
+
+
+
+ no
+ 5m
+ 6h
+ yes
+
+
+
+ no
+ trusty
+ xenial
+ bionic
+ focal
+ 1h
+
+
+
+
+ no
+ stretch
+ buster
+ bullseye
+ 1h
+
+
+
+
+ no
+ 5
+ 6
+ 7
+ 8
+ 1h
+
+
+
+
+ no
+ amazon-linux
+ amazon-linux-2
+ 1h
+
+
+
+
+ no
+ 1h
+
+
+
+
+ yes
+ 1h
+
+
+
+
+ yes
+ 2010
+ 1h
+
+
+
+
+
+
+ no
+
+
+ 43200
+
+ yes
+
+
+ yes
+
+
+ no
+
+
+ /etc,/usr/bin,/usr/sbin
+ /bin,/sbin,/boot
+
+
+ /etc/mtab
+ /etc/hosts.deny
+ /etc/mail/statistics
+ /etc/random-seed
+ /etc/random.seed
+ /etc/adjtime
+ /etc/httpd/logs
+ /etc/utmpx
+ /etc/wtmpx
+ /etc/cups/certs
+ /etc/dumpdates
+ /etc/svc/volatile
+
+
+ .log$|.swp$
+
+
+ /etc/ssl/private.key
+
+ yes
+ yes
+ yes
+ yes
+
+
+ 10
+
+
+ 100
+
+
+
+ yes
+ 5m
+ 1h
+ 10
+
+
+
+
+
+ 127.0.0.1
+ ^localhost.localdomain$
+ 10.0.0.106
+
+
+
+ disable-account
+ disable-account
+ yes
+
+
+
+ restart-wazuh
+ restart-wazuh
+
+
+
+ firewall-drop
+ firewall-drop
+ yes
+
+
+
+ host-deny
+ host-deny
+ yes
+
+
+
+ route-null
+ route-null
+ yes
+
+
+
+ win_route-null
+ route-null.exe
+ yes
+
+
+
+ netsh
+ netsh.exe
+ yes
+
+
+
+
+
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+
+
+
+ ruleset/decoders
+ ruleset/rules
+ 0215-policy_rules.xml
+ etc/lists/audit-keys
+ etc/lists/amazon/aws-eventnames
+ etc/lists/security-eventchannel
+
+
+ etc/decoders
+ etc/rules
+
+
+
+ yes
+ 1
+ 64
+ 15m
+
+
+
+
+ no
+ 1515
+ no
+ yes
+ no
+ HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
+ no
+ etc/sslmanager.cert
+ etc/sslmanager.key
+ no
+
+
+
+ wazuh
+ node01
+ master
+
+ 1516
+ 0.0.0.0
+
+ NODE_IP
+
+ no
+ yes
+
+
+
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
diff --git a/docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml
new file mode 100755
index 0000000000..dca5610652
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh.yml
@@ -0,0 +1,14 @@
+hosts:
+ - imposter:
+ url: "http://imposter"
+ port: 8080
+ username: wazuh-wui
+ password: MyS3cr37P450r.*-
+ run_as: false
+
+ - 1513629884013:
+ url: https://wazuh.manager
+ port: 55000
+ username: wazuh-wui
+ password: MyS3cr37P450r.*-
+ run_as: false
diff --git a/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml
new file mode 100755
index 0000000000..741fa3c019
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard.yml
@@ -0,0 +1,15 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersAllowlist: ['securitytenant', 'Authorization']
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ['kibana_read_only']
+server.ssl.enabled: true
+server.ssl.key: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key'
+server.ssl.certificate: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem'
+opensearch.ssl.certificateAuthorities:
+ ['/usr/share/wazuh-dashboard/certs/ca.pem']
+uiSettings.overrides.defaultRoute: /app/wazuh
+opensearch.username: 'kibanaserver'
+opensearch.password: 'kibanaserver'
diff --git a/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml
new file mode 100755
index 0000000000..ce5d198300
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_dashboard/wazuh_dashboard_saml.yml
@@ -0,0 +1,16 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh
+opensearch.username: "kibanaserver"
+opensearch.password: "kibanaserver"
+opensearch_security.auth.type: "saml"
+server.xsrf.whitelist: [/_plugins/_security/saml/acs,/_opendistro/_security/saml/acs,/_plugins/_security/saml/acs/idpinitiated,/_opendistro/_security/saml/acs/idpinitiated,/_plugins/_security/saml/logout,/_opendistro/_security/saml/logout]
diff --git a/docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml b/docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml
new file mode 100644
index 0000000000..74fc91c8c4
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_indexer/config-saml.yml
@@ -0,0 +1,40 @@
+---
+_meta:
+ type: "config"
+ config_version: 2
+
+config:
+ dynamic:
+ http:
+ anonymous_auth_enabled: false
+ authc:
+ internal_auth:
+ order: 0
+ description: "HTTP basic authentication using the internal user database"
+ http_enabled: true
+ transport_enabled: true
+ http_authenticator:
+ type: basic
+ challenge: false
+ authentication_backend:
+ type: internal
+ saml_auth:
+ order: 1
+ description: "Keycloack SAML provider"
+ http_enabled: true
+ transport_enabled: false
+ http_authenticator:
+ type: saml
+ challenge: true
+ config:
+ idp:
+ metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor
+ entity_id: http://idp:8080/realms/wazuh
+ sp:
+ entity_id: wazuh
+ signature_private_key_filepath: "certs/admin-key.pem"
+ kibana_url: https://localhost:5601
+ roles_key: Role
+ exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b
+ authentication_backend:
+ type: noop
diff --git a/docker/wazuh-4.6/config/wazuh_indexer/config.yml b/docker/wazuh-4.6/config/wazuh_indexer/config.yml
new file mode 100644
index 0000000000..74fc91c8c4
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_indexer/config.yml
@@ -0,0 +1,40 @@
+---
+_meta:
+ type: "config"
+ config_version: 2
+
+config:
+ dynamic:
+ http:
+ anonymous_auth_enabled: false
+ authc:
+ internal_auth:
+ order: 0
+ description: "HTTP basic authentication using the internal user database"
+ http_enabled: true
+ transport_enabled: true
+ http_authenticator:
+ type: basic
+ challenge: false
+ authentication_backend:
+ type: internal
+ saml_auth:
+ order: 1
+ description: "Keycloack SAML provider"
+ http_enabled: true
+ transport_enabled: false
+ http_authenticator:
+ type: saml
+ challenge: true
+ config:
+ idp:
+ metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor
+ entity_id: http://idp:8080/realms/wazuh
+ sp:
+ entity_id: wazuh
+ signature_private_key_filepath: "certs/admin-key.pem"
+ kibana_url: https://localhost:5601
+ roles_key: Role
+ exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b
+ authentication_backend:
+ type: noop
diff --git a/docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml b/docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml
new file mode 100755
index 0000000000..d9f05b343b
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_indexer/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+ type: "internalusers"
+ config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+ hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+ reserved: true
+ backend_roles:
+ - "admin"
+ description: "Demo admin user"
+
+kibanaserver:
+ hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+ reserved: true
+ description: "Demo kibanaserver user"
+
+kibanaro:
+ hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+ reserved: false
+ backend_roles:
+ - "kibanauser"
+ - "readall"
+ attributes:
+ attribute1: "value1"
+ attribute2: "value2"
+ attribute3: "value3"
+ description: "Demo kibanaro user"
+
+logstash:
+ hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+ reserved: false
+ backend_roles:
+ - "logstash"
+ description: "Demo logstash user"
+
+readall:
+ hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+ reserved: false
+ backend_roles:
+ - "readall"
+ description: "Demo readall user"
+
+snapshotrestore:
+ hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+ reserved: false
+ backend_roles:
+ - "snapshotrestore"
+ description: "Demo snapshotrestore user"
diff --git a/docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml b/docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml
new file mode 100644
index 0000000000..ee1dbf59d5
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_indexer/opensearch.yml
@@ -0,0 +1,42 @@
+network.host: "0.0.0.0"
+node.name: "os1"
+path.data: /var/lib/os1
+path.logs: /var/log/os1
+# comment compatibility.override_main_response_version for 2.0.0
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+ - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+ - "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+ - "all_access"
+ - "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices:
+ [
+ ".opendistro-alerting-config",
+ ".opendistro-alerting-alert*",
+ ".opendistro-anomaly-results*",
+ ".opendistro-anomaly-detector*",
+ ".opendistro-anomaly-checkpoints",
+ ".opendistro-anomaly-detection-state",
+ ".opendistro-reports-*",
+ ".opendistro-notifications-*",
+ ".opendistro-notebooks",
+ ".opensearch-observability",
+ ".opendistro-asynchronous-search-response*",
+ ".replication-metadata-store",
+ ]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
diff --git a/docker/wazuh-4.6/config/wazuh_indexer/roles.yml b/docker/wazuh-4.6/config/wazuh_indexer/roles.yml
new file mode 100644
index 0000000000..5b35df448b
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_indexer/roles.yml
@@ -0,0 +1,149 @@
+_meta:
+ type: "roles"
+ config_version: 2
+
+# Restrict users so they can only view visualization and dashboard on kibana
+kibana_read_only:
+ reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+ reserved: true
+
+# Allows users to view monitors, destinations and alerts
+alerting_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/alerting/alerts/get"
+ - "cluster:admin/opendistro/alerting/destination/get"
+ - "cluster:admin/opendistro/alerting/monitor/get"
+ - "cluster:admin/opendistro/alerting/monitor/search"
+
+# Allows users to view and acknowledge alerts
+alerting_ack_alerts:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/alerting/alerts/*"
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster_monitor"
+ - "cluster:admin/opendistro/alerting/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices_monitor"
+ - "indices:admin/aliases/get"
+ - "indices:admin/mappings/get"
+
+# Allow users to read Anomaly Detection detectors and results
+anomaly_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/ad/detector/info"
+ - "cluster:admin/opendistro/ad/detector/search"
+ - "cluster:admin/opendistro/ad/detectors/get"
+ - "cluster:admin/opendistro/ad/result/search"
+ - "cluster:admin/opendistro/ad/tasks/search"
+
+# Allows users to use all Anomaly Detection functionality
+anomaly_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster_monitor"
+ - "cluster:admin/opendistro/ad/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices_monitor"
+ - "indices:admin/aliases/get"
+ - "indices:admin/mappings/get"
+
+# Allows users to read Notebooks
+notebooks_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/notebooks/list"
+ - "cluster:admin/opendistro/notebooks/get"
+
+# Allows users to all Notebooks functionality
+notebooks_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/notebooks/create"
+ - "cluster:admin/opendistro/notebooks/update"
+ - "cluster:admin/opendistro/notebooks/delete"
+ - "cluster:admin/opendistro/notebooks/get"
+ - "cluster:admin/opendistro/notebooks/list"
+
+# Allows users to read and download Reports
+reports_instances_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to read and download Reports and Report-definitions
+reports_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/definition/get"
+ - "cluster:admin/opendistro/reports/definition/list"
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to all Reports functionality
+reports_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/definition/create"
+ - "cluster:admin/opendistro/reports/definition/update"
+ - "cluster:admin/opendistro/reports/definition/on_demand"
+ - "cluster:admin/opendistro/reports/definition/delete"
+ - "cluster:admin/opendistro/reports/definition/get"
+ - "cluster:admin/opendistro/reports/definition/list"
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to use all asynchronous-search functionality
+asynchronous_search_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/asynchronous_search/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices:data/read/search*"
+
+# Allows users to read stored asynchronous-search results
+asynchronous_search_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/asynchronous_search/get"
+
+# Wazuh monitoring and statistics index permissions
+manage_wazuh_index:
+ reserved: true
+ hidden: false
+ cluster_permissions: []
+ index_permissions:
+ - index_patterns:
+ - "wazuh-*"
+ dls: ""
+ fls: []
+ masked_fields: []
+ allowed_actions:
+ - "read"
+ - "delete"
+ - "manage"
+ - "index"
+ tenant_permissions: []
+ static: false
diff --git a/docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml b/docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml
new file mode 100644
index 0000000000..94c2b46613
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_indexer/roles_mapping.yml
@@ -0,0 +1,88 @@
+---
+# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
+# Permissions for Opendistro roles are configured in roles.yml
+
+_meta:
+ type: "rolesmapping"
+ config_version: 2
+
+# Define your roles mapping here
+
+## Default roles mapping
+
+all_access:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "admin"
+ hosts: []
+ users: []
+ and_backend_roles: []
+ description: "Maps admin to all_access"
+
+own_index:
+ reserved: false
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "*"
+ and_backend_roles: []
+ description: "Allow full access to an index named like the username"
+
+logstash:
+ reserved: false
+ hidden: false
+ backend_roles:
+ - "logstash"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+readall:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "readall"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+manage_snapshots:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "snapshotrestore"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+kibana_server:
+ reserved: true
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "kibanaserver"
+ and_backend_roles: []
+
+kibana_user:
+ reserved: false
+ hidden: false
+ backend_roles:
+ - "kibanauser"
+ hosts: []
+ users: []
+ and_backend_roles: []
+ description: "Maps kibanauser to kibana_user"
+
+ # Wazuh monitoring and statistics index permissions
+manage_wazuh_index:
+ reserved: true
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "kibanaserver"
+ - "admin"
+ and_backend_roles: []
diff --git a/docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml b/docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml
new file mode 100755
index 0000000000..3b31ac37d0
--- /dev/null
+++ b/docker/wazuh-4.6/config/wazuh_indexer/wazuh.indexer.yml
@@ -0,0 +1,28 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+discovery.type: single-node
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
\ No newline at end of file
diff --git a/docker/wazuh-4.6/enable_saml.sh b/docker/wazuh-4.6/enable_saml.sh
new file mode 100755
index 0000000000..41d3fb8a22
--- /dev/null
+++ b/docker/wazuh-4.6/enable_saml.sh
@@ -0,0 +1,165 @@
+#!/bin/bash
+
+# idp container launches and docker-compose returns too quickly, do not wait for container to
+# be healthy as it has no dependencies, so we wait before continuing
+sleep 7
+
+
+indexer="$1-wazuh.indexer-1"
+dashboard="$1-wazuh.dashboard-1"
+
+# Setup keycloack to be used with wazuh-dashboards
+
+# Connection
+U="admin"
+P="admin"
+B="http://idp:8080"
+
+# Realm
+REALM="master"
+
+# Get ACCESS_TOKEN from default install
+ACCESS_TOKEN=$(curl -sS \
+ -d 'client_id=admin-cli' \
+ -d 'username=admin' \
+ -d 'password=admin' \
+ -d 'grant_type=password' \
+ "${B}/realms/master/protocol/openid-connect/token" | jq -r '.access_token')
+
+H=('-H' 'Content-Type: application/json' '-H' "Authorization: Bearer $ACCESS_TOKEN")
+
+# Create new REALM
+REALM="wazuh"
+P='{
+ "id": "wazuh",
+ "realm": "wazuh",
+ "enabled": true
+}'
+
+curl -sS -L -X POST "${B}/admin/realms" "${H[@]}" -d "$P" | grep -v "Conflict detected"
+
+
+# Add admin certificates to keycloak as these are used by indexer to sign saml
+# messages. These should be uploaded to keycloak if we want it to verify indexer messages.
+key=$(cat /certs/wi/admin-key.pem | grep -v "PRIVATE KEY" | tr -d "\n")
+cert=$(cat /certs/wi/admin.pem | grep -v CERTIFICATE | tr -d "\n")
+
+
+# Create client
+# By default the client does not verify the client signature on saml messages
+# but it could be enabled for testing purposes
+PC="{
+ \"protocol\": \"saml\",
+ \"name\": \"wazuh\",
+ \"clientId\": \"wazuh\",
+ \"description\": \"wazuh saml integration\",
+ \"baseUrl\": \"https://localhost:5601\",
+ \"rootUrl\": \"https://localhost:5601\",
+ \"redirectUris\": [\"https://localhost:5601/*\"],
+ \"attributes\" : {
+ \"saml_single_logout_service_url_redirect\": \"https://localhost:5601/_opendistro/_security/saml/logout\",
+ \"saml_assertion_consumer_url_post\": \"https://localhost:5601/_opendistro/_security/saml/acs/idpinitiated\",
+ \"saml_single_logout_service_url_post\": \"https://wazuh.dashboard:5601/_opendistro/_security/saml/logout\",
+ \"saml.force.post.binding\": \"false\",
+ \"saml.signing.certificate\": \"$cert\",
+ \"saml.signing.private.key\": \"$key\",
+ \"saml.client.signature\": \"true\",
+ \"saml_single_logout_service_url_redirect\": \"https://localhost:5601\",
+ \"post.logout.redirect.uris\": \"https://localhost:5601*\"
+ }
+}"
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/clients" "${H[@]}" -d "$PC" | grep -v "Client wazuh already exists"
+
+# Get a client json representation
+CLIENT=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/clients" "${H[@]}" -G -d 'clientId=wazuh' |jq '.[] | select(.clientId=="wazuh")')
+
+# Get client id
+CID=$(echo $CLIENT | jq -r '.id' )
+
+# Generate all-access and admin role for the realm
+PR1='{
+ "name":"all-access"
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR1" | grep -v "Role with name all-access already exists"
+
+PR2='{
+ "name":"admin"
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" | grep -v "Role with name admin already exists"
+
+
+## create new user
+PU='{
+ "username": "wazuh",
+ "email": "hello@wazuh.com",
+ "firstName": "Wazuh",
+ "lastName": "Wazuh",
+ "emailVerified": true,
+ "enabled": true,
+ "credentials": [{"temporary":false,"type":"password","value":"wazuh"}],
+ "realmRoles": ["admin", "all-access"]
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/users" "${H[@]}" -d "$PU" | grep -v "User exists with same username"
+
+## Get a user json representation
+USER=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/users" "${H[@]}" -G -d 'username=wazuh' |jq '.[] | select(.username=="wazuh")')
+
+### Get user id
+USERID=$(echo $USER | jq -r '.id' )
+
+# Get roles
+ROLES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" )
+
+## Assign role
+ADMINID=$(echo $ROLES | jq -r '.[] | select(.name=="admin").id')
+ALLACCESSID=$(echo $ROLES | jq -r '.[] | select(.name=="all-access").id')
+
+PA1="[
+ {
+ \"id\": \"$ADMINID\",
+ \"name\": \"admin\",
+ \"composite\": false,
+ \"clientRole\": false,
+ \"containerId\": \"wazuh\"
+ },
+ {
+ \"id\": \"$ALLACCESSID\",
+ \"name\": \"all-access\",
+ \"description\": \"\",
+ \"composite\": false,
+ \"clientRole\": false,
+ \"containerId\": \"wazuh\"
+ }
+]"
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/users/${USERID}/role-mappings/realm" "${H[@]}" -d "$PA1"
+
+# Get list of client scopes
+CSCOPES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/client-scopes" "${H[@]}")
+CSID=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list").id ')
+CSR=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list") ')
+
+
+# Set single to true, so opensearch works
+UPDATE=$(echo $CSR | jq '.protocolMappers[] | select(.name=="role list").config.single |= "true" ')
+PMID=$(echo $CSR | jq -r '.protocolMappers[] | select(.name=="role list").id')
+
+curl -sS -L -X PUT "${B}/admin/realms/${REALM}/client-scopes/$CSID/protocol-mappers/models/$PMID" "${H[@]}" -d "$UPDATE"
+
+# Set up auth realm on opensearch
+certs="/usr/share/wazuh-indexer/certs"
+ca="$certs/ca.pem"
+cert="$certs/admin.pem"
+key="$certs/admin-key.pem"
+
+securityadmin="bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh"
+config_path="/usr/share/wazuh-indexer/opensearch-security/"
+
+echo "To update configuration in indexer, you can run:"
+echo docker exec -e JAVA_HOME=/usr/share/wazuh-indexer/jdk $indexer $securityadmin -cacert $ca -cert $cert -key $key -cd $config_path
+
+
diff --git a/docker/wazuh-4.6/pre.sh b/docker/wazuh-4.6/pre.sh
new file mode 100755
index 0000000000..fbf7297c91
--- /dev/null
+++ b/docker/wazuh-4.6/pre.sh
@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+
+versions=(
+ "4.6.0"
+)
+
+wazuh_api_version=(
+ "0"
+)
+
+usage() {
+ echo
+ echo "./pre.sh wazuh_version wazuh_api_version action "
+ echo
+ echo "where"
+ echo " wazuh_version is one of ${versions[*]}"
+ echo " wazuh_api_version is the patch version of wazuh 4.6, for example " ${wazuh_api_version[*]}
+ echo " action is one of up | down | stop"
+ echo
+ echo "In a minor release, the API should not change the version here bumps the API"
+ echo " string returned for testing. This script generates the file "
+ echo
+ echo " config/imposter/api_info.json"
+ echo
+ echo "used by the mock server"
+ exit -1
+}
+
+if [ $# -ne 3 ]; then
+ echo "Incorrect number of arguments " $#
+ usage
+fi
+
+if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then
+ echo "Version ${1} not found in ${versions[*]}"
+ exit -1
+fi
+
+[ -n "$2" ] && [ "$2" -eq "$2" ] 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "$2 is not number"
+ exit -1
+fi
+
+patch_version=$2
+cat <config/imposter/api_info.json
+{
+ "data": {
+ "title": "Wazuh API REST",
+ "api_version": "4.6.${patch_version}",
+ "revision": 40316,
+ "license_name": "GPL 2.0",
+ "license_url": "https://github.com/wazuh/wazuh/blob/4.6/LICENSE",
+ "hostname": "imposter",
+ "timestamp": "2022-06-13T17:20:03Z"
+ },
+ "error": 0
+}
+EOF
+
+export WAZUH_STACK=${1}
+export KIBANA_PORT=5601
+export KIBANA_PASSWORD=${PASSWORD:-SecretPassword}
+export COMPOSE_PROJECT_NAME=wz-pre-${WAZUH_STACK//./}
+
+case "$3" in
+up)
+ # recreate volumes
+ docker compose -f pre.yml up -Vd
+
+ # This installs Wazuh and integrates with a default Wazuh stack
+ # v=$( echo -n $WAZUH_STACK | sed 's/\.//g' )
+ echo
+ echo "Install the pre-release package manually with:"
+ echo
+ echo "1. Uninstall current version of the Wazuh app:"
+ echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin remove wazuh"
+ echo
+ echo "2. Restart Wazuh Dashboard:"
+ echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1"
+ echo
+ echo "3. Copy the pre-release package to the running Wazuh Dashboard container:"
+ echo docker cp wazuh-4.6.${patch_version}-1.zip ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/tmp
+ echo
+ echo "4. Install the package we have just uploaded:"
+ echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install file:///tmp/wazuh-4.6.${patch_version}-1.zip"
+ echo
+ echo "5. Restart the Wazuh Dashboard container:"
+ echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1"
+ echo
+ echo "6. Upload the Wazuh app configuration:"
+ echo "docker cp ./config/wazuh_dashboard/wazuh.yml ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/usr/share/wazuh-dashboard/data/wazuh/config/"
+ echo
+ echo "7. Access the running instance in:"
+ echo "https://localhost:${KIBANA_PORT}"
+ echo
+ ;;
+down)
+ # delete volumes
+ docker compose -f pre.yml down -v --remove-orphans
+ ;;
+stop)
+ docker compose -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop
+ ;;
+*)
+ echo "Action must be either up or down"
+ usage
+ ;;
+esac
diff --git a/docker/wazuh-4.6/pre.yml b/docker/wazuh-4.6/pre.yml
new file mode 100755
index 0000000000..7f22362cd1
--- /dev/null
+++ b/docker/wazuh-4.6/pre.yml
@@ -0,0 +1,212 @@
+# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+version: '3.9'
+
+# x-logging: &logging
+# logging:
+# driver: loki
+# options:
+# loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+
+services:
+ exporter:
+ image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
+ # <<: *logging
+ hostname: 'exporter-kbn-${WAZUH_STACK}'
+ networks:
+ - wzd-pre
+ - mon
+ command:
+ - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh.indexer:9200'
+ - '--es.ssl-skip-verify'
+ - '--es.all'
+
+ imposter:
+ image: outofcoffee/imposter
+ hostname: 'imposter-kbn-${WAZUH_STACK}'
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ environment:
+ - JAVA_OPTS="-Xmx512m -Xss512k -Dfile.encoding=UTF-8 -XX:MaxRAM=800m -XX:MaxRAMPercentage=95 -XX:MinRAMPercentage=60A"
+ - MALLOC_ARENA_MAX=1
+ volumes:
+ - ./config/imposter:/opt/imposter/config
+
+ generator:
+ image: cfssl/cfssl
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - ./config/certs:/conf
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Setting up permissions"
+
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 30
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ filebeat:
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ image: elastic/filebeat:7.10.2
+ hostname: filebeat
+ user: '0:0'
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ entrypoint:
+ - '/bin/bash'
+ command: >
+ -c '
+ mkdir -p /etc/filebeat
+ echo admin | filebeat keystore add username --stdin --force
+ echo SecretPassword| filebeat keystore add password --stdin --force
+ curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ # copy filebeat to preserve correct permissions without
+ # affecting host filesystem
+ cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
+ chown root.root /usr/share/filebeat/filebeat.yml
+ chmod go-w /usr/share/filebeat/filebeat.yml
+ filebeat setup -e
+ filebeat
+ '
+ volumes:
+ - wm_certs:/etc/ssl/wazuh
+ - ./config/filebeat/filebeat.yml:/tmp/filebeat.yml
+
+ wazuh.indexer:
+ depends_on:
+ generator:
+ condition: service_healthy
+ image: wazuh/wazuh-indexer:${WAZUH_STACK}
+ hostname: wazuh.indexer
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ environment:
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ nofile:
+ soft: 65536
+ hard: 65536
+ volumes:
+ - wazuh-indexer-data:/var/lib/wazuh-indexer
+ - wi_certs:/usr/share/wazuh-indexer/certs/
+ - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+ - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+ - ./config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml
+ - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml
+ - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
+ healthcheck:
+ test:
+ [
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
+ ]
+ interval: 10s
+ timeout: 10s
+ retries: 120
+
+ wazuh.dashboard:
+ image: wazuh/wazuh-dashboard:${WAZUH_STACK}
+ hostname: wazuh.dashboard
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ ports:
+ - ${KIBANA_PORT}:5601
+ environment:
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - WAZUH_API_URL=http://imposter:8080
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wd_certs:/usr/share/wazuh-dashboard/certs
+ - ./config/wazuh_dashboard/wazuh_dashboards.yml:/usr/share/wazuh-dashboard/config/wazuh_dashboards.yml
+ - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+
+networks:
+ networks:
+ wzd-pre:
+ name: wzd-pre-${WAZUH_STACK}
+ driver: bridge
+ mon:
+ external: true
+
+volumes:
+ wazuh-indexer-data:
+ wi_certs:
+ wd_certs:
+ wm_certs:
diff --git a/docker/wazuh-4.6/rel.sh b/docker/wazuh-4.6/rel.sh
new file mode 100755
index 0000000000..d3b3d18270
--- /dev/null
+++ b/docker/wazuh-4.6/rel.sh
@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+versions=(
+ "4.6.0"
+)
+
+usage() {
+ echo
+ echo "$0 version action [saml]"
+ echo
+ echo "where version is one of ${versions[*]}"
+ echo "action is one of up | down | stop"
+ echo "saml to deploy a saml enabled environment"
+ exit -1
+}
+
+if [ $# -lt 2 ]; then
+ echo "Incorrect number of arguments " $#
+ usage
+fi
+
+if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then
+ echo "Version ${1} not found in ${versions[*]}"
+ exit -1
+fi
+
+export WAZUH_STACK=${1}
+export KIBANA_PORT=5601
+export KIBANA_PASSWORD=${PASSWORD:-SecretPassword}
+export COMPOSE_PROJECT_NAME=wz-rel-${WAZUH_STACK//./}
+
+profile="standard"
+export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard.yml
+export SEC_CONFIG_FILE=./config/wazuh_indexer/config.yml
+
+if [[ "$3" =~ "saml" ]]; then
+ profile="saml"
+ export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard_saml.yml
+ export SEC_CONFIG_FILE=./config/wazuh_indexer/config-saml.yml
+fi
+
+case "$2" in
+up)
+ docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" up -Vd
+ echo
+ echo "1. (Optional) Enroll an agent (Ubuntu 20.04):"
+ echo "docker run --name ${COMPOSE_PROJECT_NAME}-agent --network ${COMPOSE_PROJECT_NAME} --label com.docker.compose.project=${COMPOSE_PROJECT_NAME} -d ubuntu:20.04 bash -c '"
+ echo " apt update -y"
+ echo " apt install -y curl lsb-release"
+ echo " curl -so \wazuh-agent-${WAZUH_STACK}.deb \\"
+ echo " https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_${WAZUH_STACK}-1_amd64.deb \\"
+ echo " && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-${WAZUH_STACK}.deb"
+ echo
+ echo " /etc/init.d/wazuh-agent start"
+ echo " tail -f /var/ossec/logs/ossec.log"
+ echo "'"
+ echo
+ ;;
+down)
+ docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" down -v --remove-orphans
+ ;;
+stop)
+ docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop
+ ;;
+*)
+ echo "Action must be either up or down"
+ usage
+ ;;
+esac
diff --git a/docker/wazuh-4.6/rel.yml b/docker/wazuh-4.6/rel.yml
new file mode 100755
index 0000000000..fd5b1a3a08
--- /dev/null
+++ b/docker/wazuh-4.6/rel.yml
@@ -0,0 +1,325 @@
+# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+version: '3.9'
+
+# x-logging: &logging
+# logging:
+# driver: loki
+# options:
+# loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
+
+services:
+ generator:
+ image: cfssl/cfssl
+ profiles:
+ - 'saml'
+ - 'standard'
+ # <<: *logging
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - idp_certs:/certs/idp
+ - ./config/certs:/conf
+ # Included to avoid docker from creating duplicated networks
+ networks:
+ - wz-rel
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin saml filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Setting up permissions"
+
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/saml* /certs/idp
+ mv /certs/idp/saml.key /certs/idp/saml-key.pem
+ cp $$certs/*ca* /certs/idp
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 300
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ idpsec:
+ image: quay.io/keycloak/keycloak:19.0.1
+ depends_on:
+ generator:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - idp_certs:/certs/idp
+ networks:
+ - wz-rel
+ - mon
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ # trust store
+ for i in /certs/idp/ca.pem /certs/wd/wazuh.dashboard.pem /certs/wi/wazuh.indexer.pem
+ do
+ keytool -import -alias $$(basename $$i .pem) -file $$i -keystore /certs/idp/truststore.jks -storepass SecretPassword -trustcacerts -noprompt
+ done
+ sleep 300
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/idp/truststore.jks ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ wazuh.manager:
+ depends_on:
+ generator:
+ condition: service_healthy
+ image: wazuh/wazuh-manager:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.manager
+ networks:
+ - wz-rel
+ - mon
+ # <<: *logging
+ environment:
+ - INDEXER_URL=https://wazuh.indexer:9200
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - FILEBEAT_SSL_VERIFICATION_MODE=full
+ - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/wazuh/ca.pem
+ - SSL_CERTIFICATE=/etc/ssl/wazuh/filebeat.pem
+ - SSL_KEY=/etc/ssl/wazuh/filebeat.key
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wazuh_api_configuration:/var/ossec/api/configuration
+ - wazuh_etc:/var/ossec/etc
+ - wazuh_logs:/var/ossec/logs
+ - wazuh_queue:/var/ossec/queue
+ - wazuh_var_multigroups:/var/ossec/var/multigroups
+ - wazuh_integrations:/var/ossec/integrations
+ - wazuh_active_response:/var/ossec/active-response/bin
+ - wazuh_agentless:/var/ossec/agentless
+ - wazuh_wodles:/var/ossec/wodles
+ - filebeat_etc:/etc/filebeat
+ - filebeat_var:/var/lib/filebeat
+ - wm_certs:/etc/ssl/wazuh
+ - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+
+ wazuh.indexer:
+ depends_on:
+ generator:
+ condition: service_healthy
+ idpsetup:
+ condition: service_completed_successfully
+ required: false
+ image: wazuh/wazuh-indexer:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.indexer
+ networks:
+ - wz-rel
+ - mon
+ # <<: *logging
+ environment:
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ nofile:
+ soft: 65536
+ hard: 65536
+ volumes:
+ - wazuh-indexer-data:/var/lib/wazuh-indexer
+ - wi_certs:/usr/share/wazuh-indexer/certs/
+ - idp_certs:/usr/share/wazuh-indexer/idp/
+ - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+ - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+ - ${SEC_CONFIG_FILE}:/usr/share/wazuh-indexer/opensearch-security/config.yml
+ - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml
+ - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
+ healthcheck:
+ test:
+ [
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
+ ]
+ interval: 10s
+ timeout: 10s
+ retries: 120
+
+ wazuh.dashboard:
+ image: wazuh/wazuh-dashboard:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.dashboard
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ networks:
+ - wz-rel
+ - mon
+ # <<: *logging
+ ports:
+ - ${KIBANA_PORT}:5601
+ environment:
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - WAZUH_API_URL=https://wazuh.manager
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wd_certs:/usr/share/wazuh-dashboard/certs
+ - ${WAZUH_DASHBOARD_CONF}:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+ - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+
+ exporter:
+ image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
+ profiles:
+ - 'saml'
+ - 'standard'
+ # <<: *logging
+ hostname: 'exporter'
+ networks:
+ - wz-rel
+ - mon
+ command:
+ - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh-indexer:9200'
+ - '--es.ssl-skip-verify'
+ - '--es.all'
+
+ idp:
+ image: quay.io/keycloak/keycloak:19.0.1
+ depends_on:
+ idpsec:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ hostname: idp
+ # <<: *logging
+ networks:
+ - wz-rel
+ - mon
+ ports:
+ - '8080:8080'
+ environment:
+ - KEYCLOAK_ADMIN=admin
+ - KEYCLOAK_ADMIN_PASSWORD=admin
+ - KC_SPI_TRUSTSTORE_FILE_PASSWORD=SecretPassword
+ - KC_SPI_TRUSTSTORE_FILE_FILE=/certs/truststore.jks
+ volumes:
+ - keycloak-data:/var/lib/keycloak/data
+ - idp_certs:/certs
+ command: start-dev
+ healthcheck:
+ test: curl -f http://idp:8080/realms/master || exit 1
+ interval: 10s
+ timeout: 5s
+ retries: 6
+
+ idpsetup:
+ image: badouralix/curl-jq
+ depends_on:
+ idp:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ hostname: idpsetup
+ # <<: *logging
+ networks:
+ - wz-rel
+ - mon
+ volumes:
+ - wi_certs:/certs/wi
+ - ./enable_saml.sh:/enable_saml.sh
+ entrypoint: /bin/sh
+ command: >
+ -c '
+ apk add bash
+ bash /enable_saml.sh
+ exit 0
+ '
+
+networks:
+ wz-rel:
+ name: ${COMPOSE_PROJECT_NAME}
+ driver: bridge
+ mon:
+ external: true
+
+volumes:
+ wi_certs:
+ wd_certs:
+ wm_certs:
+ idp_certs:
+ wazuh_api_configuration:
+ wazuh_etc:
+ wazuh_logs:
+ wazuh_queue:
+ wazuh_var_multigroups:
+ wazuh_integrations:
+ wazuh_active_response:
+ wazuh_agentless:
+ wazuh_wodles:
+ filebeat_etc:
+ filebeat_var:
+ wazuh-indexer-data:
+ keycloak-data:
diff --git a/docker/wazuh-4.7/README.md b/docker/wazuh-4.7/README.md
new file mode 100644
index 0000000000..20d90784da
--- /dev/null
+++ b/docker/wazuh-4.7/README.md
@@ -0,0 +1,142 @@
+# Wazuh Stack 4.7.x
+
+On this folder, we can find two types of environments:
+
+- release environment, managed by the `rel.sh` script
+- prerelease environment managed by the `pre.sh` script
+
+### UI Credentials
+
+The default user and password to access the UI at https://0.0.0.0:5601/ are:
+
+```
+admin:SecretPassword
+```
+
+## Release environment
+
+This environment will start a working deployment with:
+
+- Wazuh Manager
+- Wazuh Indexer
+- Wazuh Dashboard
+
+Check the scripts for a list of the supported Wazuh versions.
+
+The environment expect the network `mon` to exists, either bring up the
+`mon` stack or execute the following command:
+
+```bash
+docker network create mon
+```
+
+The images used here are generated by the CI/CD team and uploaded into
+the official Docker Hub organization. No Wazuh Agent image is provided yet,
+so you'll need to deploy an agent in Docker manually, by following the
+instructions below.
+
+### Image certificates
+
+Certificates are created automatically by the docker-compose, but if
+it fails to create them with the appropriate permissions, we might need
+to adjust them.
+
+This is related to the way the official Wazuh docker images are
+prepared.
+
+### Registering agents using Docker
+
+To register an agent, we need to get the enrollment command from the
+UI and then execute:
+
+- For `CentOS/8` images:
+
+ ```bash
+ docker run --name wz-rel-agent-4.7.0 --rm --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d centos:8 bash -c '
+ sed -i -e "s|mirrorlist=|#mirrorlist=|g" /etc/yum.repos.d/CentOS-*
+ sed -i -e "s|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g" /etc/yum.repos.d/CentOS-*
+
+ # Change this command by the one the UI suggests. Add the -y flag and remove the `sudo`.
+ WAZUH_MANAGER='wazuh.manager' yum install -y https://packages.wazuh.com/4.x/yum5/x86_64/wazuh-agent-4.7.0-1.el5.x86_64.rpm
+
+ /etc/init.d/wazuh-agent start
+ tail -f /var/ossec/logs/ossec.log
+ '
+ ```
+
+- For `Ubuntu` images
+
+ ```bash
+ docker run --name wz-rel-agent-4.7.0 --network wz-rel-450 --label com.docker.compose.project=wz-rel-450 -d ubuntu:20.04 bash -c '
+ apt update -y
+ apt install -y curl lsb-release
+
+ # Change this command by the one the UI suggests to use. Remove the `sudo`.
+ curl -so wazuh-agent-4.7.0.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.7.0-1_amd64.deb && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.7.0.deb
+
+ /etc/init.d/wazuh-agent start
+ tail -f /var/ossec/logs/ossec.log
+ '
+ ```
+
+- For `non-Linux` agents:
+
+ We need to provision virtual machines.
+
+## Prerelease environment
+
+The prerelease environment helps us test app releases while the rest of
+Wazuh packages haven't been generated yet.
+
+This environment will bring up:
+
+- Wazuh Indexer
+- Wazuh Dashboard
+- Filebeat
+- Imposter
+
+### Usage
+
+The way to use this environment is to bring up a published Wazuh version to
+later on upgrade the app with our pre-release package.
+
+While bring up the environment with the `pre.sh` script, specify the published
+version of Wazuh with the `wazuh_version` argument, the new patch version of
+Wazuh with `wazuh_api_version` and finally follow the steps provided by the
+scripts.
+
+Example: test a package for Wazuh 4.7.0
+
+```bash
+./pre.sh 4.7.0 0 up
+```
+
+```bash
+./pre.sh wazuh_version wazuh_api_version action
+
+where
+ wazuh_version is one of
+ wazuh_api_version is the minor version of wazuh 4.7, for example 5 17
+ action is one of up | down
+
+In a minor release, the API should not change the version here bumps the API
+ string returned for testing. This script generates the file
+
+ config/imposter/api_info.json
+
+used by the mock server
+```
+
+Please take into account that the API version for this environment will
+always be a 4.7.x version. Also consider that our application version
+must be the same as the one selected here.
+
+### App upgrade
+
+Follow the instructions provided by the `pre.sh` script.
+
+### Agent enrollment
+
+Because we're not using a real Wazuh Manager, we cannot register new agents.
+Instead, Imposter (the mock server) will provide mocked responds to valid API
+requests, as if it were the real Wazuh server.
diff --git a/docker/wazuh-4.7/config/certs/ca.json b/docker/wazuh-4.7/config/certs/ca.json
new file mode 100644
index 0000000000..8a96a70a42
--- /dev/null
+++ b/docker/wazuh-4.7/config/certs/ca.json
@@ -0,0 +1,15 @@
+{
+ "CN": "Wazuh",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [
+ {
+ "C": "US",
+ "L": "San Francisco",
+ "O": "Wazuh",
+ "OU": "Wazuh Root CA"
+ }
+ ]
+}
diff --git a/docker/wazuh-4.7/config/certs/cfssl.json b/docker/wazuh-4.7/config/certs/cfssl.json
new file mode 100644
index 0000000000..d23daf7621
--- /dev/null
+++ b/docker/wazuh-4.7/config/certs/cfssl.json
@@ -0,0 +1,58 @@
+{
+ "signing": {
+ "default": {
+ "expiry": "8760h"
+ },
+ "profiles": {
+ "intermediate_ca": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "cert sign",
+ "crl sign",
+ "server auth",
+ "client auth"
+ ],
+ "expiry": "8760h",
+ "ca_constraint": {
+ "is_ca": true,
+ "max_path_len": 0,
+ "max_path_len_zero": true
+ }
+ },
+ "peer": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "data encipherment",
+ "client auth",
+ "server auth"
+ ],
+ "expiry": "8760h"
+ },
+ "server": {
+ "usages": [
+ "signing",
+ "digital signing",
+ "key encipherment",
+ "data encipherment",
+ "server auth"
+ ],
+ "expiry": "8760h"
+ },
+ "client": {
+ "usages": [
+ "signing",
+ "digital signature",
+ "key encipherment",
+ "data encipherment",
+ "client auth"
+ ],
+ "expiry": "8760h"
+ }
+ }
+ }
+}
+
diff --git a/docker/wazuh-4.7/config/certs/host.json b/docker/wazuh-4.7/config/certs/host.json
new file mode 100644
index 0000000000..27805da58e
--- /dev/null
+++ b/docker/wazuh-4.7/config/certs/host.json
@@ -0,0 +1,19 @@
+{
+ "CN": "HOST",
+ "key": {
+ "algo": "rsa",
+ "size": 2048
+ },
+ "names": [
+ {
+ "C": "US",
+ "L": "California",
+ "O": "Wazuh",
+ "OU": "Wazuh"
+ }
+ ],
+ "hosts": [
+ "HOST",
+ "localhost"
+ ]
+}
diff --git a/docker/wazuh-4.7/config/filebeat/filebeat.yml b/docker/wazuh-4.7/config/filebeat/filebeat.yml
new file mode 100644
index 0000000000..e22b1f97ca
--- /dev/null
+++ b/docker/wazuh-4.7/config/filebeat/filebeat.yml
@@ -0,0 +1,22 @@
+
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+ - module: wazuh
+ alerts:
+ enabled: true
+ archives:
+ enabled: false
+
+setup.template.json.enabled: true
+setup.template.json.path: '/etc/filebeat/wazuh-template.json'
+setup.template.json.name: 'wazuh'
+setup.template.overwrite: true
+setup.ilm.enabled: false
+output.elasticsearch:
+ hosts: ['https://wazuh.indexer:9200']
+ username: 'admin'
+ password: 'SecretPassword'
+ ssl.verification_mode: full
+ ssl.certificate_authorities: ['/etc/ssl/wazuh/ca.pem']
+ ssl.certificate: '/etc/ssl/wazuh/filebeat.pem'
+ ssl.key: '/etc/ssl/wazuh/filebeat-key.pem'
diff --git a/docker/wazuh-4.7/config/imposter/api_info.json b/docker/wazuh-4.7/config/imposter/api_info.json
new file mode 100644
index 0000000000..6bd2244ded
--- /dev/null
+++ b/docker/wazuh-4.7/config/imposter/api_info.json
@@ -0,0 +1,12 @@
+{
+ "data": {
+ "title": "Wazuh API REST",
+ "api_version": "4.7.0",
+ "revision": 40316,
+ "license_name": "GPL 2.0",
+ "license_url": "https://github.com/wazuh/wazuh/blob/4.7/LICENSE",
+ "hostname": "imposter",
+ "timestamp": "2022-06-13T17:20:03Z"
+ },
+ "error": 0
+}
diff --git a/docker/wazuh-4.7/config/imposter/login.js b/docker/wazuh-4.7/config/imposter/login.js
new file mode 100755
index 0000000000..86c2eb4180
--- /dev/null
+++ b/docker/wazuh-4.7/config/imposter/login.js
@@ -0,0 +1,42 @@
+exports = {};
+
+load('https://raw.githubusercontent.com/kjur/jsrsasign/master/npm/lib/jsrsasign.js', exports);
+header = {
+ "alg": "HS256",
+ "typ": "JWT",
+ "kid": "vpaas-magic-cookie-1fc542a3e4414a44b2611668195e2bfe/4f4910"
+};
+
+// The second part of the token is the payload, which contains the claims.
+// Claims are statements about an entity (typically, the user) and
+// additional data. There are three types of claims:
+// registered, public, and private claims.
+nbf = Date.now()-1000;
+
+claims = {
+ "iss": "wazuh",
+ "aud": "Wazuh API REST",
+ "nbf": nbf,
+ "exp": nbf+3600000,
+ "sub": "wazuh",
+ "rbac_roles": [
+ 1
+ ],
+ "rbac_mode": "white"
+};
+
+
+jwt = KJUR.jws.JWS.sign("HS256", JSON.stringify(header), JSON.stringify(claims), "616161");
+
+resp = {
+ "data": {
+ "token": jwt,
+ "error": 0
+ }
+};
+
+respond()
+ .withStatusCode(200)
+ .withData(JSON.stringify(resp));
+
+
diff --git a/docker/wazuh-4.7/config/imposter/wazuh-config.yml b/docker/wazuh-4.7/config/imposter/wazuh-config.yml
new file mode 100755
index 0000000000..ace39bf4a0
--- /dev/null
+++ b/docker/wazuh-4.7/config/imposter/wazuh-config.yml
@@ -0,0 +1,16 @@
+---
+plugin: openapi
+specFile: https://raw.githubusercontent.com/wazuh/wazuh/v4.4.0/api/api/spec/spec.yaml
+
+resources:
+ - path: /security/user/authenticate
+ method: POST
+ response:
+ statusCode: 200
+ scriptFile: login.js
+ - path: /
+ method: get
+ response:
+ statusCode: 200
+ staticFile: api_info.json
+
diff --git a/docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf b/docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf
new file mode 100755
index 0000000000..aff1af9d6c
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_cluster/wazuh_manager.conf
@@ -0,0 +1,353 @@
+
+
+ yes
+ yes
+ no
+ no
+ no
+ smtp.example.wazuh.com
+ wazuh@example.wazuh.com
+ recipient@example.wazuh.com
+ 12
+ alerts.log
+ 10m
+ 0
+
+
+
+ 3
+ 12
+
+
+
+
+ plain
+
+
+
+ secure
+ 1514
+ tcp
+ 131072
+
+
+
+
+ no
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+ 43200
+
+ etc/rootcheck/rootkit_files.txt
+ etc/rootcheck/rootkit_trojans.txt
+
+ yes
+
+
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
+
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
+
+ 10
+
+
+
+
+ yes
+ yes
+ 12h
+ yes
+
+
+
+ no
+ 5m
+ 6h
+ yes
+
+
+
+ no
+ trusty
+ xenial
+ bionic
+ focal
+ 1h
+
+
+
+
+ no
+ stretch
+ buster
+ bullseye
+ 1h
+
+
+
+
+ no
+ 5
+ 6
+ 7
+ 8
+ 1h
+
+
+
+
+ no
+ amazon-linux
+ amazon-linux-2
+ 1h
+
+
+
+
+ no
+ 1h
+
+
+
+
+ yes
+ 1h
+
+
+
+
+ yes
+ 2010
+ 1h
+
+
+
+
+
+
+ no
+
+
+ 43200
+
+ yes
+
+
+ yes
+
+
+ no
+
+
+ /etc,/usr/bin,/usr/sbin
+ /bin,/sbin,/boot
+
+
+ /etc/mtab
+ /etc/hosts.deny
+ /etc/mail/statistics
+ /etc/random-seed
+ /etc/random.seed
+ /etc/adjtime
+ /etc/httpd/logs
+ /etc/utmpx
+ /etc/wtmpx
+ /etc/cups/certs
+ /etc/dumpdates
+ /etc/svc/volatile
+
+
+ .log$|.swp$
+
+
+ /etc/ssl/private.key
+
+ yes
+ yes
+ yes
+ yes
+
+
+ 10
+
+
+ 100
+
+
+
+ yes
+ 5m
+ 1h
+ 10
+
+
+
+
+
+ 127.0.0.1
+ ^localhost.localdomain$
+ 10.0.0.106
+
+
+
+ disable-account
+ disable-account
+ yes
+
+
+
+ restart-wazuh
+ restart-wazuh
+
+
+
+ firewall-drop
+ firewall-drop
+ yes
+
+
+
+ host-deny
+ host-deny
+ yes
+
+
+
+ route-null
+ route-null
+ yes
+
+
+
+ win_route-null
+ route-null.exe
+ yes
+
+
+
+ netsh
+ netsh.exe
+ yes
+
+
+
+
+
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+
+
+
+ ruleset/decoders
+ ruleset/rules
+ 0215-policy_rules.xml
+ etc/lists/audit-keys
+ etc/lists/amazon/aws-eventnames
+ etc/lists/security-eventchannel
+
+
+ etc/decoders
+ etc/rules
+
+
+
+ yes
+ 1
+ 64
+ 15m
+
+
+
+
+ no
+ 1515
+ no
+ yes
+ no
+ HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH
+
+ no
+ etc/sslmanager.cert
+ etc/sslmanager.key
+ no
+
+
+
+ wazuh
+ node01
+ master
+
+ 1516
+ 0.0.0.0
+
+ NODE_IP
+
+ no
+ yes
+
+
+
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
diff --git a/docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml
new file mode 100755
index 0000000000..dca5610652
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh.yml
@@ -0,0 +1,14 @@
+hosts:
+ - imposter:
+ url: "http://imposter"
+ port: 8080
+ username: wazuh-wui
+ password: MyS3cr37P450r.*-
+ run_as: false
+
+ - 1513629884013:
+ url: https://wazuh.manager
+ port: 55000
+ username: wazuh-wui
+ password: MyS3cr37P450r.*-
+ run_as: false
diff --git a/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml
new file mode 100755
index 0000000000..741fa3c019
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard.yml
@@ -0,0 +1,15 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersAllowlist: ['securitytenant', 'Authorization']
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ['kibana_read_only']
+server.ssl.enabled: true
+server.ssl.key: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key'
+server.ssl.certificate: '/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem'
+opensearch.ssl.certificateAuthorities:
+ ['/usr/share/wazuh-dashboard/certs/ca.pem']
+uiSettings.overrides.defaultRoute: /app/wazuh
+opensearch.username: 'kibanaserver'
+opensearch.password: 'kibanaserver'
diff --git a/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml
new file mode 100755
index 0000000000..ce5d198300
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_dashboard/wazuh_dashboard_saml.yml
@@ -0,0 +1,16 @@
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh.indexer:9200
+opensearch.ssl.verificationMode: certificate
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.key"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/wazuh.dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh
+opensearch.username: "kibanaserver"
+opensearch.password: "kibanaserver"
+opensearch_security.auth.type: "saml"
+server.xsrf.whitelist: [/_plugins/_security/saml/acs,/_opendistro/_security/saml/acs,/_plugins/_security/saml/acs/idpinitiated,/_opendistro/_security/saml/acs/idpinitiated,/_plugins/_security/saml/logout,/_opendistro/_security/saml/logout]
diff --git a/docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml b/docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml
new file mode 100644
index 0000000000..74fc91c8c4
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_indexer/config-saml.yml
@@ -0,0 +1,40 @@
+---
+_meta:
+ type: "config"
+ config_version: 2
+
+config:
+ dynamic:
+ http:
+ anonymous_auth_enabled: false
+ authc:
+ internal_auth:
+ order: 0
+ description: "HTTP basic authentication using the internal user database"
+ http_enabled: true
+ transport_enabled: true
+ http_authenticator:
+ type: basic
+ challenge: false
+ authentication_backend:
+ type: internal
+ saml_auth:
+ order: 1
+ description: "Keycloack SAML provider"
+ http_enabled: true
+ transport_enabled: false
+ http_authenticator:
+ type: saml
+ challenge: true
+ config:
+ idp:
+ metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor
+ entity_id: http://idp:8080/realms/wazuh
+ sp:
+ entity_id: wazuh
+ signature_private_key_filepath: "certs/admin-key.pem"
+ kibana_url: https://localhost:5601
+ roles_key: Role
+ exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b
+ authentication_backend:
+ type: noop
diff --git a/docker/wazuh-4.7/config/wazuh_indexer/config.yml b/docker/wazuh-4.7/config/wazuh_indexer/config.yml
new file mode 100644
index 0000000000..74fc91c8c4
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_indexer/config.yml
@@ -0,0 +1,40 @@
+---
+_meta:
+ type: "config"
+ config_version: 2
+
+config:
+ dynamic:
+ http:
+ anonymous_auth_enabled: false
+ authc:
+ internal_auth:
+ order: 0
+ description: "HTTP basic authentication using the internal user database"
+ http_enabled: true
+ transport_enabled: true
+ http_authenticator:
+ type: basic
+ challenge: false
+ authentication_backend:
+ type: internal
+ saml_auth:
+ order: 1
+ description: "Keycloack SAML provider"
+ http_enabled: true
+ transport_enabled: false
+ http_authenticator:
+ type: saml
+ challenge: true
+ config:
+ idp:
+ metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor
+ entity_id: http://idp:8080/realms/wazuh
+ sp:
+ entity_id: wazuh
+ signature_private_key_filepath: "certs/admin-key.pem"
+ kibana_url: https://localhost:5601
+ roles_key: Role
+ exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b
+ authentication_backend:
+ type: noop
diff --git a/docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml b/docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml
new file mode 100755
index 0000000000..d9f05b343b
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_indexer/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+ type: "internalusers"
+ config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+ hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+ reserved: true
+ backend_roles:
+ - "admin"
+ description: "Demo admin user"
+
+kibanaserver:
+ hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+ reserved: true
+ description: "Demo kibanaserver user"
+
+kibanaro:
+ hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+ reserved: false
+ backend_roles:
+ - "kibanauser"
+ - "readall"
+ attributes:
+ attribute1: "value1"
+ attribute2: "value2"
+ attribute3: "value3"
+ description: "Demo kibanaro user"
+
+logstash:
+ hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+ reserved: false
+ backend_roles:
+ - "logstash"
+ description: "Demo logstash user"
+
+readall:
+ hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+ reserved: false
+ backend_roles:
+ - "readall"
+ description: "Demo readall user"
+
+snapshotrestore:
+ hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+ reserved: false
+ backend_roles:
+ - "snapshotrestore"
+ description: "Demo snapshotrestore user"
diff --git a/docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml b/docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml
new file mode 100644
index 0000000000..ee1dbf59d5
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_indexer/opensearch.yml
@@ -0,0 +1,42 @@
+network.host: "0.0.0.0"
+node.name: "os1"
+path.data: /var/lib/os1
+path.logs: /var/log/os1
+# comment compatibility.override_main_response_version for 2.0.0
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+ - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+ - "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+ - "all_access"
+ - "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices:
+ [
+ ".opendistro-alerting-config",
+ ".opendistro-alerting-alert*",
+ ".opendistro-anomaly-results*",
+ ".opendistro-anomaly-detector*",
+ ".opendistro-anomaly-checkpoints",
+ ".opendistro-anomaly-detection-state",
+ ".opendistro-reports-*",
+ ".opendistro-notifications-*",
+ ".opendistro-notebooks",
+ ".opensearch-observability",
+ ".opendistro-asynchronous-search-response*",
+ ".replication-metadata-store",
+ ]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
diff --git a/docker/wazuh-4.7/config/wazuh_indexer/roles.yml b/docker/wazuh-4.7/config/wazuh_indexer/roles.yml
new file mode 100644
index 0000000000..5b35df448b
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_indexer/roles.yml
@@ -0,0 +1,149 @@
+_meta:
+ type: "roles"
+ config_version: 2
+
+# Restrict users so they can only view visualization and dashboard on kibana
+kibana_read_only:
+ reserved: true
+
+# The security REST API access role is used to assign specific users access to change the security settings through the REST API.
+security_rest_api_access:
+ reserved: true
+
+# Allows users to view monitors, destinations and alerts
+alerting_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/alerting/alerts/get"
+ - "cluster:admin/opendistro/alerting/destination/get"
+ - "cluster:admin/opendistro/alerting/monitor/get"
+ - "cluster:admin/opendistro/alerting/monitor/search"
+
+# Allows users to view and acknowledge alerts
+alerting_ack_alerts:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/alerting/alerts/*"
+
+# Allows users to use all alerting functionality
+alerting_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster_monitor"
+ - "cluster:admin/opendistro/alerting/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices_monitor"
+ - "indices:admin/aliases/get"
+ - "indices:admin/mappings/get"
+
+# Allow users to read Anomaly Detection detectors and results
+anomaly_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/ad/detector/info"
+ - "cluster:admin/opendistro/ad/detector/search"
+ - "cluster:admin/opendistro/ad/detectors/get"
+ - "cluster:admin/opendistro/ad/result/search"
+ - "cluster:admin/opendistro/ad/tasks/search"
+
+# Allows users to use all Anomaly Detection functionality
+anomaly_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster_monitor"
+ - "cluster:admin/opendistro/ad/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices_monitor"
+ - "indices:admin/aliases/get"
+ - "indices:admin/mappings/get"
+
+# Allows users to read Notebooks
+notebooks_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/notebooks/list"
+ - "cluster:admin/opendistro/notebooks/get"
+
+# Allows users to all Notebooks functionality
+notebooks_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/notebooks/create"
+ - "cluster:admin/opendistro/notebooks/update"
+ - "cluster:admin/opendistro/notebooks/delete"
+ - "cluster:admin/opendistro/notebooks/get"
+ - "cluster:admin/opendistro/notebooks/list"
+
+# Allows users to read and download Reports
+reports_instances_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to read and download Reports and Report-definitions
+reports_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/definition/get"
+ - "cluster:admin/opendistro/reports/definition/list"
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to all Reports functionality
+reports_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/reports/definition/create"
+ - "cluster:admin/opendistro/reports/definition/update"
+ - "cluster:admin/opendistro/reports/definition/on_demand"
+ - "cluster:admin/opendistro/reports/definition/delete"
+ - "cluster:admin/opendistro/reports/definition/get"
+ - "cluster:admin/opendistro/reports/definition/list"
+ - "cluster:admin/opendistro/reports/instance/list"
+ - "cluster:admin/opendistro/reports/instance/get"
+ - "cluster:admin/opendistro/reports/menu/download"
+
+# Allows users to use all asynchronous-search functionality
+asynchronous_search_full_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/asynchronous_search/*"
+ index_permissions:
+ - index_patterns:
+ - "*"
+ allowed_actions:
+ - "indices:data/read/search*"
+
+# Allows users to read stored asynchronous-search results
+asynchronous_search_read_access:
+ reserved: true
+ cluster_permissions:
+ - "cluster:admin/opendistro/asynchronous_search/get"
+
+# Wazuh monitoring and statistics index permissions
+manage_wazuh_index:
+ reserved: true
+ hidden: false
+ cluster_permissions: []
+ index_permissions:
+ - index_patterns:
+ - "wazuh-*"
+ dls: ""
+ fls: []
+ masked_fields: []
+ allowed_actions:
+ - "read"
+ - "delete"
+ - "manage"
+ - "index"
+ tenant_permissions: []
+ static: false
diff --git a/docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml b/docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml
new file mode 100644
index 0000000000..94c2b46613
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_indexer/roles_mapping.yml
@@ -0,0 +1,88 @@
+---
+# In this file users, backendroles and hosts can be mapped to Open Distro Security roles.
+# Permissions for Opendistro roles are configured in roles.yml
+
+_meta:
+ type: "rolesmapping"
+ config_version: 2
+
+# Define your roles mapping here
+
+## Default roles mapping
+
+all_access:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "admin"
+ hosts: []
+ users: []
+ and_backend_roles: []
+ description: "Maps admin to all_access"
+
+own_index:
+ reserved: false
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "*"
+ and_backend_roles: []
+ description: "Allow full access to an index named like the username"
+
+logstash:
+ reserved: false
+ hidden: false
+ backend_roles:
+ - "logstash"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+readall:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "readall"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+manage_snapshots:
+ reserved: true
+ hidden: false
+ backend_roles:
+ - "snapshotrestore"
+ hosts: []
+ users: []
+ and_backend_roles: []
+
+kibana_server:
+ reserved: true
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "kibanaserver"
+ and_backend_roles: []
+
+kibana_user:
+ reserved: false
+ hidden: false
+ backend_roles:
+ - "kibanauser"
+ hosts: []
+ users: []
+ and_backend_roles: []
+ description: "Maps kibanauser to kibana_user"
+
+ # Wazuh monitoring and statistics index permissions
+manage_wazuh_index:
+ reserved: true
+ hidden: false
+ backend_roles: []
+ hosts: []
+ users:
+ - "kibanaserver"
+ - "admin"
+ and_backend_roles: []
diff --git a/docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml b/docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml
new file mode 100755
index 0000000000..3b31ac37d0
--- /dev/null
+++ b/docker/wazuh-4.7/config/wazuh_indexer/wazuh.indexer.yml
@@ -0,0 +1,28 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+discovery.type: single-node
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/wazuh.indexer.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
\ No newline at end of file
diff --git a/docker/wazuh-4.7/enable_saml.sh b/docker/wazuh-4.7/enable_saml.sh
new file mode 100755
index 0000000000..41d3fb8a22
--- /dev/null
+++ b/docker/wazuh-4.7/enable_saml.sh
@@ -0,0 +1,165 @@
+#!/bin/bash
+
+# idp container launches and docker-compose returns too quickly, do not wait for container to
+# be healthy as it has no dependencies, so we wait before continuing
+sleep 7
+
+
+indexer="$1-wazuh.indexer-1"
+dashboard="$1-wazuh.dashboard-1"
+
+# Setup keycloack to be used with wazuh-dashboards
+
+# Connection
+U="admin"
+P="admin"
+B="http://idp:8080"
+
+# Realm
+REALM="master"
+
+# Get ACCESS_TOKEN from default install
+ACCESS_TOKEN=$(curl -sS \
+ -d 'client_id=admin-cli' \
+ -d 'username=admin' \
+ -d 'password=admin' \
+ -d 'grant_type=password' \
+ "${B}/realms/master/protocol/openid-connect/token" | jq -r '.access_token')
+
+H=('-H' 'Content-Type: application/json' '-H' "Authorization: Bearer $ACCESS_TOKEN")
+
+# Create new REALM
+REALM="wazuh"
+P='{
+ "id": "wazuh",
+ "realm": "wazuh",
+ "enabled": true
+}'
+
+curl -sS -L -X POST "${B}/admin/realms" "${H[@]}" -d "$P" | grep -v "Conflict detected"
+
+
+# Add admin certificates to keycloak as these are used by indexer to sign saml
+# messages. These should be uploaded to keycloak if we want it to verify indexer messages.
+key=$(cat /certs/wi/admin-key.pem | grep -v "PRIVATE KEY" | tr -d "\n")
+cert=$(cat /certs/wi/admin.pem | grep -v CERTIFICATE | tr -d "\n")
+
+
+# Create client
+# By default the client does not verify the client signature on saml messages
+# but it could be enabled for testing purposes
+PC="{
+ \"protocol\": \"saml\",
+ \"name\": \"wazuh\",
+ \"clientId\": \"wazuh\",
+ \"description\": \"wazuh saml integration\",
+ \"baseUrl\": \"https://localhost:5601\",
+ \"rootUrl\": \"https://localhost:5601\",
+ \"redirectUris\": [\"https://localhost:5601/*\"],
+ \"attributes\" : {
+ \"saml_single_logout_service_url_redirect\": \"https://localhost:5601/_opendistro/_security/saml/logout\",
+ \"saml_assertion_consumer_url_post\": \"https://localhost:5601/_opendistro/_security/saml/acs/idpinitiated\",
+ \"saml_single_logout_service_url_post\": \"https://wazuh.dashboard:5601/_opendistro/_security/saml/logout\",
+ \"saml.force.post.binding\": \"false\",
+ \"saml.signing.certificate\": \"$cert\",
+ \"saml.signing.private.key\": \"$key\",
+ \"saml.client.signature\": \"true\",
+ \"saml_single_logout_service_url_redirect\": \"https://localhost:5601\",
+ \"post.logout.redirect.uris\": \"https://localhost:5601*\"
+ }
+}"
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/clients" "${H[@]}" -d "$PC" | grep -v "Client wazuh already exists"
+
+# Get a client json representation
+CLIENT=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/clients" "${H[@]}" -G -d 'clientId=wazuh' |jq '.[] | select(.clientId=="wazuh")')
+
+# Get client id
+CID=$(echo $CLIENT | jq -r '.id' )
+
+# Generate all-access and admin role for the realm
+PR1='{
+ "name":"all-access"
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR1" | grep -v "Role with name all-access already exists"
+
+PR2='{
+ "name":"admin"
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" | grep -v "Role with name admin already exists"
+
+
+## create new user
+PU='{
+ "username": "wazuh",
+ "email": "hello@wazuh.com",
+ "firstName": "Wazuh",
+ "lastName": "Wazuh",
+ "emailVerified": true,
+ "enabled": true,
+ "credentials": [{"temporary":false,"type":"password","value":"wazuh"}],
+ "realmRoles": ["admin", "all-access"]
+}'
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/users" "${H[@]}" -d "$PU" | grep -v "User exists with same username"
+
+## Get a user json representation
+USER=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/users" "${H[@]}" -G -d 'username=wazuh' |jq '.[] | select(.username=="wazuh")')
+
+### Get user id
+USERID=$(echo $USER | jq -r '.id' )
+
+# Get roles
+ROLES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/roles" "${H[@]}" -d "$PR2" )
+
+## Assign role
+ADMINID=$(echo $ROLES | jq -r '.[] | select(.name=="admin").id')
+ALLACCESSID=$(echo $ROLES | jq -r '.[] | select(.name=="all-access").id')
+
+PA1="[
+ {
+ \"id\": \"$ADMINID\",
+ \"name\": \"admin\",
+ \"composite\": false,
+ \"clientRole\": false,
+ \"containerId\": \"wazuh\"
+ },
+ {
+ \"id\": \"$ALLACCESSID\",
+ \"name\": \"all-access\",
+ \"description\": \"\",
+ \"composite\": false,
+ \"clientRole\": false,
+ \"containerId\": \"wazuh\"
+ }
+]"
+
+curl -sS -L -X POST "${B}/admin/realms/${REALM}/users/${USERID}/role-mappings/realm" "${H[@]}" -d "$PA1"
+
+# Get list of client scopes
+CSCOPES=$(curl -sS -L -X GET "${B}/admin/realms/${REALM}/client-scopes" "${H[@]}")
+CSID=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list").id ')
+CSR=$(echo $CSCOPES | jq -r '.[] | select(.name=="role_list") ')
+
+
+# Set single to true, so opensearch works
+UPDATE=$(echo $CSR | jq '.protocolMappers[] | select(.name=="role list").config.single |= "true" ')
+PMID=$(echo $CSR | jq -r '.protocolMappers[] | select(.name=="role list").id')
+
+curl -sS -L -X PUT "${B}/admin/realms/${REALM}/client-scopes/$CSID/protocol-mappers/models/$PMID" "${H[@]}" -d "$UPDATE"
+
+# Set up auth realm on opensearch
+certs="/usr/share/wazuh-indexer/certs"
+ca="$certs/ca.pem"
+cert="$certs/admin.pem"
+key="$certs/admin-key.pem"
+
+securityadmin="bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh"
+config_path="/usr/share/wazuh-indexer/opensearch-security/"
+
+echo "To update configuration in indexer, you can run:"
+echo docker exec -e JAVA_HOME=/usr/share/wazuh-indexer/jdk $indexer $securityadmin -cacert $ca -cert $cert -key $key -cd $config_path
+
+
diff --git a/docker/wazuh-4.7/pre.sh b/docker/wazuh-4.7/pre.sh
new file mode 100755
index 0000000000..a3baf6bffe
--- /dev/null
+++ b/docker/wazuh-4.7/pre.sh
@@ -0,0 +1,111 @@
+#!/usr/bin/env bash
+
+versions=(
+ "4.7.0"
+ "4.7.1"
+ "4.7.2"
+)
+
+wazuh_api_version=(
+ "0"
+)
+
+usage() {
+ echo
+ echo "./pre.sh wazuh_version wazuh_api_version action "
+ echo
+ echo "where"
+ echo " wazuh_version is one of ${versions[*]}"
+ echo " wazuh_api_version is the patch version of wazuh 4.7, for example " ${wazuh_api_version[*]}
+ echo " action is one of up | down | stop"
+ echo
+ echo "In a minor release, the API should not change the version here bumps the API"
+ echo " string returned for testing. This script generates the file "
+ echo
+ echo " config/imposter/api_info.json"
+ echo
+ echo "used by the mock server"
+ exit -1
+}
+
+if [ $# -ne 3 ]; then
+ echo "Incorrect number of arguments " $#
+ usage
+fi
+
+if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then
+ echo "Version ${1} not found in ${versions[*]}"
+ exit -1
+fi
+
+[ -n "$2" ] && [ "$2" -eq "$2" ] 2>/dev/null
+if [ $? -ne 0 ]; then
+ echo "$2 is not number"
+ exit -1
+fi
+
+patch_version=$2
+cat <config/imposter/api_info.json
+{
+ "data": {
+ "title": "Wazuh API REST",
+ "api_version": "4.7.${patch_version}",
+ "revision": 40316,
+ "license_name": "GPL 2.0",
+ "license_url": "https://github.com/wazuh/wazuh/blob/4.7/LICENSE",
+ "hostname": "imposter",
+ "timestamp": "2022-06-13T17:20:03Z"
+ },
+ "error": 0
+}
+EOF
+
+export WAZUH_STACK=${1}
+export KIBANA_PORT=5601
+export KIBANA_PASSWORD=${PASSWORD:-SecretPassword}
+export COMPOSE_PROJECT_NAME=wz-pre-${WAZUH_STACK//./}
+
+case "$3" in
+up)
+ # recreate volumes
+ docker compose -f pre.yml up -Vd
+
+ # This installs Wazuh and integrates with a default Wazuh stack
+ # v=$( echo -n $WAZUH_STACK | sed 's/\.//g' )
+ echo
+ echo "Install the pre-release package manually with:"
+ echo
+ echo "1. Uninstall current version of the Wazuh app:"
+ echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin remove wazuh"
+ echo
+ echo "2. Restart Wazuh Dashboard:"
+ echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1"
+ echo
+ echo "3. Copy the pre-release package to the running Wazuh Dashboard container:"
+ echo docker cp wazuh-4.7.${patch_version}-1.zip ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/tmp
+ echo
+ echo "4. Install the package we have just uploaded:"
+ echo "docker exec -ti ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1 /usr/share/wazuh-dashboard/bin/opensearch-dashboards-plugin install file:///tmp/wazuh-4.7.${patch_version}-1.zip"
+ echo
+ echo "5. Restart the Wazuh Dashboard container:"
+ echo "docker restart ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1"
+ echo
+ echo "6. Upload the Wazuh app configuration:"
+ echo "docker cp ./config/wazuh_dashboard/wazuh.yml ${COMPOSE_PROJECT_NAME}-wazuh.dashboard-1:/usr/share/wazuh-dashboard/data/wazuh/config/"
+ echo
+ echo "7. Access the running instance in:"
+ echo "https://localhost:${KIBANA_PORT}"
+ echo
+ ;;
+down)
+ # delete volumes
+ docker compose -f pre.yml down -v --remove-orphans
+ ;;
+stop)
+ docker compose -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop
+ ;;
+*)
+ echo "Action must be either up or down"
+ usage
+ ;;
+esac
diff --git a/docker/wazuh-4.7/pre.yml b/docker/wazuh-4.7/pre.yml
new file mode 100755
index 0000000000..7f22362cd1
--- /dev/null
+++ b/docker/wazuh-4.7/pre.yml
@@ -0,0 +1,212 @@
+# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+version: '3.9'
+
+# x-logging: &logging
+# logging:
+# driver: loki
+# options:
+# loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+
+services:
+ exporter:
+ image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
+ # <<: *logging
+ hostname: 'exporter-kbn-${WAZUH_STACK}'
+ networks:
+ - wzd-pre
+ - mon
+ command:
+ - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh.indexer:9200'
+ - '--es.ssl-skip-verify'
+ - '--es.all'
+
+ imposter:
+ image: outofcoffee/imposter
+ hostname: 'imposter-kbn-${WAZUH_STACK}'
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ environment:
+ - JAVA_OPTS="-Xmx512m -Xss512k -Dfile.encoding=UTF-8 -XX:MaxRAM=800m -XX:MaxRAMPercentage=95 -XX:MinRAMPercentage=60A"
+ - MALLOC_ARENA_MAX=1
+ volumes:
+ - ./config/imposter:/opt/imposter/config
+
+ generator:
+ image: cfssl/cfssl
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - ./config/certs:/conf
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Setting up permissions"
+
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 30
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ filebeat:
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ image: elastic/filebeat:7.10.2
+ hostname: filebeat
+ user: '0:0'
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ entrypoint:
+ - '/bin/bash'
+ command: >
+ -c '
+ mkdir -p /etc/filebeat
+ echo admin | filebeat keystore add username --stdin --force
+ echo SecretPassword| filebeat keystore add password --stdin --force
+ curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ # copy filebeat to preserve correct permissions without
+ # affecting host filesystem
+ cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
+ chown root.root /usr/share/filebeat/filebeat.yml
+ chmod go-w /usr/share/filebeat/filebeat.yml
+ filebeat setup -e
+ filebeat
+ '
+ volumes:
+ - wm_certs:/etc/ssl/wazuh
+ - ./config/filebeat/filebeat.yml:/tmp/filebeat.yml
+
+ wazuh.indexer:
+ depends_on:
+ generator:
+ condition: service_healthy
+ image: wazuh/wazuh-indexer:${WAZUH_STACK}
+ hostname: wazuh.indexer
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ environment:
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ nofile:
+ soft: 65536
+ hard: 65536
+ volumes:
+ - wazuh-indexer-data:/var/lib/wazuh-indexer
+ - wi_certs:/usr/share/wazuh-indexer/certs/
+ - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+ - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+ - ./config/wazuh_indexer/config.yml:/usr/share/wazuh-indexer/opensearch-security/config.yml
+ - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml
+ - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
+ healthcheck:
+ test:
+ [
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
+ ]
+ interval: 10s
+ timeout: 10s
+ retries: 120
+
+ wazuh.dashboard:
+ image: wazuh/wazuh-dashboard:${WAZUH_STACK}
+ hostname: wazuh.dashboard
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ networks:
+ - wzd-pre
+ - mon
+ # <<: *logging
+ ports:
+ - ${KIBANA_PORT}:5601
+ environment:
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - WAZUH_API_URL=http://imposter:8080
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wd_certs:/usr/share/wazuh-dashboard/certs
+ - ./config/wazuh_dashboard/wazuh_dashboards.yml:/usr/share/wazuh-dashboard/config/wazuh_dashboards.yml
+ - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+
+networks:
+ networks:
+ wzd-pre:
+ name: wzd-pre-${WAZUH_STACK}
+ driver: bridge
+ mon:
+ external: true
+
+volumes:
+ wazuh-indexer-data:
+ wi_certs:
+ wd_certs:
+ wm_certs:
diff --git a/docker/wazuh-4.7/rel.sh b/docker/wazuh-4.7/rel.sh
new file mode 100755
index 0000000000..0e639bdd46
--- /dev/null
+++ b/docker/wazuh-4.7/rel.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+
+versions=(
+ "4.7.0"
+ "4.7.1"
+ "4.7.2"
+)
+
+usage() {
+ echo
+ echo "$0 version action [saml]"
+ echo
+ echo "where version is one of ${versions[*]}"
+ echo "action is one of up | down | stop"
+ echo "saml to deploy a saml enabled environment"
+ exit -1
+}
+
+if [ $# -lt 2 ]; then
+ echo "Incorrect number of arguments " $#
+ usage
+fi
+
+if [[ ! " ${versions[*]} " =~ " ${1} " ]]; then
+ echo "Version ${1} not found in ${versions[*]}"
+ exit -1
+fi
+
+export WAZUH_STACK=${1}
+export KIBANA_PORT=5601
+export KIBANA_PASSWORD=${PASSWORD:-SecretPassword}
+export COMPOSE_PROJECT_NAME=wz-rel-${WAZUH_STACK//./}
+
+profile="standard"
+export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard.yml
+export SEC_CONFIG_FILE=./config/wazuh_indexer/config.yml
+
+if [[ "$3" =~ "saml" ]]; then
+ profile="saml"
+ export WAZUH_DASHBOARD_CONF=./config/wazuh_dashboard/wazuh_dashboard_saml.yml
+ export SEC_CONFIG_FILE=./config/wazuh_indexer/config-saml.yml
+fi
+
+case "$2" in
+up)
+ docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" up -Vd
+ echo
+ echo "1. (Optional) Enroll an agent (Ubuntu 20.04):"
+ echo "docker run --name ${COMPOSE_PROJECT_NAME}-agent --network ${COMPOSE_PROJECT_NAME} --label com.docker.compose.project=${COMPOSE_PROJECT_NAME} -d ubuntu:20.04 bash -c '"
+ echo " apt update -y"
+ echo " apt install -y curl lsb-release"
+ echo " curl -so \wazuh-agent-${WAZUH_STACK}.deb \\"
+ echo " https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_${WAZUH_STACK}-1_amd64.deb \\"
+ echo " && WAZUH_MANAGER='wazuh.manager' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-${WAZUH_STACK}.deb"
+ echo
+ echo " /etc/init.d/wazuh-agent start"
+ echo " tail -f /var/ossec/logs/ossec.log"
+ echo "'"
+ echo
+ ;;
+down)
+ docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" down -v --remove-orphans
+ ;;
+stop)
+ docker compose --profile $profile -f rel.yml -p "${COMPOSE_PROJECT_NAME}" stop
+ ;;
+*)
+ echo "Action must be either up or down"
+ usage
+ ;;
+esac
diff --git a/docker/wazuh-4.7/rel.yml b/docker/wazuh-4.7/rel.yml
new file mode 100755
index 0000000000..fd5b1a3a08
--- /dev/null
+++ b/docker/wazuh-4.7/rel.yml
@@ -0,0 +1,325 @@
+# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
+version: '3.9'
+
+# x-logging: &logging
+# logging:
+# driver: loki
+# options:
+# loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
+
+services:
+ generator:
+ image: cfssl/cfssl
+ profiles:
+ - 'saml'
+ - 'standard'
+ # <<: *logging
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - idp_certs:/certs/idp
+ - ./config/certs:/conf
+ # Included to avoid docker from creating duplicated networks
+ networks:
+ - wz-rel
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin saml filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Setting up permissions"
+
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/saml* /certs/idp
+ mv /certs/idp/saml.key /certs/idp/saml-key.pem
+ cp $$certs/*ca* /certs/idp
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 300
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ idpsec:
+ image: quay.io/keycloak/keycloak:19.0.1
+ depends_on:
+ generator:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ volumes:
+ - wi_certs:/certs/wi
+ - wd_certs:/certs/wd
+ - wm_certs:/certs/wm
+ - idp_certs:/certs/idp
+ networks:
+ - wz-rel
+ - mon
+ entrypoint: /bin/bash
+ command: >
+ -c '
+ # trust store
+ for i in /certs/idp/ca.pem /certs/wd/wazuh.dashboard.pem /certs/wi/wazuh.indexer.pem
+ do
+ keytool -import -alias $$(basename $$i .pem) -file $$i -keystore /certs/idp/truststore.jks -storepass SecretPassword -trustcacerts -noprompt
+ done
+ sleep 300
+ '
+ healthcheck:
+ test: ['CMD-SHELL', '[ -r /certs/idp/truststore.jks ]']
+ interval: 2s
+ timeout: 5s
+ retries: 10
+
+ wazuh.manager:
+ depends_on:
+ generator:
+ condition: service_healthy
+ image: wazuh/wazuh-manager:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.manager
+ networks:
+ - wz-rel
+ - mon
+ # <<: *logging
+ environment:
+ - INDEXER_URL=https://wazuh.indexer:9200
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - FILEBEAT_SSL_VERIFICATION_MODE=full
+ - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/wazuh/ca.pem
+ - SSL_CERTIFICATE=/etc/ssl/wazuh/filebeat.pem
+ - SSL_KEY=/etc/ssl/wazuh/filebeat.key
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wazuh_api_configuration:/var/ossec/api/configuration
+ - wazuh_etc:/var/ossec/etc
+ - wazuh_logs:/var/ossec/logs
+ - wazuh_queue:/var/ossec/queue
+ - wazuh_var_multigroups:/var/ossec/var/multigroups
+ - wazuh_integrations:/var/ossec/integrations
+ - wazuh_active_response:/var/ossec/active-response/bin
+ - wazuh_agentless:/var/ossec/agentless
+ - wazuh_wodles:/var/ossec/wodles
+ - filebeat_etc:/etc/filebeat
+ - filebeat_var:/var/lib/filebeat
+ - wm_certs:/etc/ssl/wazuh
+ - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
+
+ wazuh.indexer:
+ depends_on:
+ generator:
+ condition: service_healthy
+ idpsetup:
+ condition: service_completed_successfully
+ required: false
+ image: wazuh/wazuh-indexer:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.indexer
+ networks:
+ - wz-rel
+ - mon
+ # <<: *logging
+ environment:
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
+ ulimits:
+ memlock:
+ soft: -1
+ hard: -1
+ nofile:
+ soft: 65536
+ hard: 65536
+ volumes:
+ - wazuh-indexer-data:/var/lib/wazuh-indexer
+ - wi_certs:/usr/share/wazuh-indexer/certs/
+ - idp_certs:/usr/share/wazuh-indexer/idp/
+ - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
+ - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+ - ${SEC_CONFIG_FILE}:/usr/share/wazuh-indexer/opensearch-security/config.yml
+ - ./config/wazuh_indexer/roles.yml:/usr/share/wazuh-indexer/opensearch-security/roles.yml
+ - ./config/wazuh_indexer/roles_mapping.yml:/usr/share/wazuh-indexer/opensearch-security/roles_mapping.yml
+ healthcheck:
+ test:
+ [
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
+ ]
+ interval: 10s
+ timeout: 10s
+ retries: 120
+
+ wazuh.dashboard:
+ image: wazuh/wazuh-dashboard:${WAZUH_STACK}
+ profiles:
+ - 'saml'
+ - 'standard'
+ hostname: wazuh.dashboard
+ depends_on:
+ wazuh.indexer:
+ condition: service_healthy
+ networks:
+ - wz-rel
+ - mon
+ # <<: *logging
+ ports:
+ - ${KIBANA_PORT}:5601
+ environment:
+ - INDEXER_USERNAME=admin
+ - INDEXER_PASSWORD=SecretPassword
+ - WAZUH_API_URL=https://wazuh.manager
+ - API_USERNAME=wazuh-wui
+ - API_PASSWORD=MyS3cr37P450r.*-
+ volumes:
+ - wd_certs:/usr/share/wazuh-dashboard/certs
+ - ${WAZUH_DASHBOARD_CONF}:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+ - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
+
+ exporter:
+ image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
+ profiles:
+ - 'saml'
+ - 'standard'
+ # <<: *logging
+ hostname: 'exporter'
+ networks:
+ - wz-rel
+ - mon
+ command:
+ - '--es.uri=https://admin:${KIBANA_PASSWORD}@wazuh-indexer:9200'
+ - '--es.ssl-skip-verify'
+ - '--es.all'
+
+ idp:
+ image: quay.io/keycloak/keycloak:19.0.1
+ depends_on:
+ idpsec:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ hostname: idp
+ # <<: *logging
+ networks:
+ - wz-rel
+ - mon
+ ports:
+ - '8080:8080'
+ environment:
+ - KEYCLOAK_ADMIN=admin
+ - KEYCLOAK_ADMIN_PASSWORD=admin
+ - KC_SPI_TRUSTSTORE_FILE_PASSWORD=SecretPassword
+ - KC_SPI_TRUSTSTORE_FILE_FILE=/certs/truststore.jks
+ volumes:
+ - keycloak-data:/var/lib/keycloak/data
+ - idp_certs:/certs
+ command: start-dev
+ healthcheck:
+ test: curl -f http://idp:8080/realms/master || exit 1
+ interval: 10s
+ timeout: 5s
+ retries: 6
+
+ idpsetup:
+ image: badouralix/curl-jq
+ depends_on:
+ idp:
+ condition: service_healthy
+ profiles:
+ - 'saml'
+ hostname: idpsetup
+ # <<: *logging
+ networks:
+ - wz-rel
+ - mon
+ volumes:
+ - wi_certs:/certs/wi
+ - ./enable_saml.sh:/enable_saml.sh
+ entrypoint: /bin/sh
+ command: >
+ -c '
+ apk add bash
+ bash /enable_saml.sh
+ exit 0
+ '
+
+networks:
+ wz-rel:
+ name: ${COMPOSE_PROJECT_NAME}
+ driver: bridge
+ mon:
+ external: true
+
+volumes:
+ wi_certs:
+ wd_certs:
+ wm_certs:
+ idp_certs:
+ wazuh_api_configuration:
+ wazuh_etc:
+ wazuh_logs:
+ wazuh_queue:
+ wazuh_var_multigroups:
+ wazuh_integrations:
+ wazuh_active_response:
+ wazuh_agentless:
+ wazuh_wodles:
+ filebeat_etc:
+ filebeat_var:
+ wazuh-indexer-data:
+ keycloak-data:
From f871edea6f35c427e73250239c09dcc3a565821a Mon Sep 17 00:00:00 2001
From: JuanGarriuz
Date: Wed, 13 Dec 2023 19:23:27 +0100
Subject: [PATCH 08/12] Standardize titles and subtitles in the register agent
wizard (#6208)
* Standardize titles and subtitles in the register agent wizard
* Add changelod
* remove one of the alerts
* Fix overlay styles in codeblock
---------
Co-authored-by: Federico Rodriguez
---
CHANGELOG.md | 1 +
.../agent/components/agents-preview.scss | 2 +-
.../command-output/command-output.tsx | 2 +-
.../components/command-output/os-warning.tsx | 69 +++++++++++++++++++
.../components/group-input/group-input.tsx | 2 +-
.../optionals-inputs/optionals-inputs.tsx | 19 +++--
.../server-address/server-address.tsx | 2 +-
.../containers/steps/steps.scss | 4 --
.../register-agent/containers/steps/steps.tsx | 31 +++++----
.../utils/register-agent-data.tsx | 4 +-
10 files changed, 106 insertions(+), 30 deletions(-)
create mode 100644 plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4d2a06e2cc..dbb1b0707e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@ All notable changes to the Wazuh app project will be documented in this file.
### Added
+- Added contextual information in the register agent commands [#6208](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6208)
- Support for Wazuh 4.7.2
- Added host name and board serial information to Agents > Inventory data [#6191](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6191)
diff --git a/plugins/main/public/controllers/agent/components/agents-preview.scss b/plugins/main/public/controllers/agent/components/agents-preview.scss
index 04f94f4f6f..e420ca4e33 100644
--- a/plugins/main/public/controllers/agent/components/agents-preview.scss
+++ b/plugins/main/public/controllers/agent/components/agents-preview.scss
@@ -57,7 +57,7 @@
position: absolute;
top: 0;
width: 100%;
- height: 90%;
+ height: 100%;
display: flex;
flex-direction: column;
justify-content: center;
diff --git a/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx b/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx
index 31064c60fe..1a8f604ccf 100644
--- a/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx
+++ b/plugins/main/public/controllers/register-agent/components/command-output/command-output.tsx
@@ -55,7 +55,6 @@ export default function CommandOutput(props: ICommandSectionProps) {
const onChangeShowPassword = (event: EuiSwitchEvent) => {
setShowPassword(event.target.checked);
};
-
return (
@@ -64,6 +63,7 @@ export default function CommandOutput(props: ICommandSectionProps) {
diff --git a/plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx b/plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx
new file mode 100644
index 0000000000..e9e17e0e65
--- /dev/null
+++ b/plugins/main/public/controllers/register-agent/components/command-output/os-warning.tsx
@@ -0,0 +1,69 @@
+import React from 'react';
+import { EuiCallOut } from '@elastic/eui';
+import { tOperatingSystem } from '../../core/config/os-commands-definitions';
+
+interface OsWarningProps {
+ os?: tOperatingSystem['name'];
+}
+
+export default function OsCommandWarning(props: OsWarningProps) {
+ const osSelector = {
+ WINDOWS: (
+
+
+ -
+
+ You will need administrator privileges to perform this
+ installation.
+
+
+ -
+ PowerShell 3.0 or greater is required.
+
+
+
+ Keep in mind you need to run this command in a Windows PowerShell
+ terminal.
+
+
+ ),
+ LINUX: (
+
+
+ -
+
+ You will need administrator privileges to perform this
+ installation.
+
+
+ -
+ Shell Bash is required.
+
+
+
+ Keep in mind you need to run this command in a Shell Bash terminal.
+
+
+ ),
+ macOS: (
+
+
+ -
+
+ You will need administrator privileges to perform this
+ installation.
+
+
+ -
+ Shell Bash is required.
+
+
+
+ Keep in mind you need to run this command in a Shell Bash terminal.
+
+
+ ),
+ };
+
+ return osSelector[props?.os] || null;
+}
diff --git a/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx b/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx
index e12c301850..afeab1b86e 100644
--- a/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx
+++ b/plugins/main/public/controllers/register-agent/components/group-input/group-input.tsx
@@ -45,7 +45,7 @@ const GroupInput = ({ value, options, onChange }) => {
>
- Select one or more existing groups
+ Select one or more existing groups:
diff --git a/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx b/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx
index 317e3b6c41..8a0364ed9c 100644
--- a/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx
+++ b/plugins/main/public/controllers/register-agent/components/optionals-inputs/optionals-inputs.tsx
@@ -27,7 +27,7 @@ const OptionalsInputs = (props: OptionalsInputsProps) => {
const agentNameDocLink = webDocumentationLink(
'user-manual/reference/ossec-conf/client.html#enrollment-agent-name',
PLUGIN_VERSION_SHORT,
- )
+ );
const popoverAgentName = (
Learn about{' '}
@@ -64,7 +64,7 @@ const OptionalsInputs = (props: OptionalsInputsProps) => {
gutterSize='s'
>
- Assign an agent name
+ Assign an agent name:
{
/>
{warningForAgentName}}
+ title={
+
+ {warningForAgentName}
+
+
+ }
iconType='iInCircle'
className='warningForAgentName'
/>
diff --git a/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx b/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx
index d8f1cd1c31..92369162aa 100644
--- a/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx
+++ b/plugins/main/public/controllers/register-agent/components/server-address/server-address.tsx
@@ -66,7 +66,7 @@ const ServerAddressInput = (props: ServerAddressInputProps) => {
>
- Assign a server address
+ Assign a server address:
diff --git a/plugins/main/public/controllers/register-agent/containers/steps/steps.scss b/plugins/main/public/controllers/register-agent/containers/steps/steps.scss
index 17bdbef44c..5ea8024f31 100644
--- a/plugins/main/public/controllers/register-agent/containers/steps/steps.scss
+++ b/plugins/main/public/controllers/register-agent/containers/steps/steps.scss
@@ -32,10 +32,6 @@
margin-top: 10px;
}
- .euiToolTipAnchor {
- margin-left: 7px;
- }
-
.subtitleAgentName {
flex-direction: 'row';
font-style: 'normal';
diff --git a/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx b/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx
index 2c0dec80e2..6bfc6ff282 100644
--- a/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx
+++ b/plugins/main/public/controllers/register-agent/containers/steps/steps.tsx
@@ -33,6 +33,7 @@ import {
tFormStepsLabel,
} from '../../services/register-agent-steps-status-services';
import { webDocumentationLink } from '../../../../../common/services/web_documentation';
+import OsCommandWarning from '../../components/command-output/os-warning';
interface IStepsProps {
needsPassword: boolean;
@@ -141,14 +142,14 @@ export const Steps = ({
status: getOSSelectorStepStatus(form.fields),
},
{
- title: 'Server address',
+ title: 'Server address:',
children: ,
status: getServerAddressStepStatus(form.fields),
},
...(needsPassword && !wazuhPassword
? [
{
- title: 'Wazuh password',
+ title: 'Wazuh password:',
children: (
,
status: getOptionalParameterStepStatus(
form.fields,
@@ -184,8 +185,7 @@ export const Steps = ({
),
},
{
- title:
- 'Run the following commands to download and install the Wazuh agent:',
+ title: 'Run the following commands to download and install the agent:',
children: (
<>
{missingStepsName?.length ? (
@@ -208,20 +208,25 @@ export const Steps = ({
/>
) : null}
{!missingStepsName?.length && !invalidFieldsName?.length ? (
- setInstallCommandWasCopied(true)}
- password={registerAgentFormValues.optionalParams.wazuhPassword}
- />
+ <>
+ setInstallCommandWasCopied(true)}
+ password={registerAgentFormValues.optionalParams.wazuhPassword}
+ />
+
+
) : null}
),
status: installCommandStepStatus,
},
{
- title: 'Start the Wazuh agent:',
+ title: 'Start the agent:',
children: (
<>
{missingStepsName?.length ? (
diff --git a/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx b/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx
index 378bf61d33..39d39d19bf 100644
--- a/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx
+++ b/plugins/main/public/controllers/register-agent/utils/register-agent-data.tsx
@@ -34,7 +34,7 @@ export const SERVER_ADDRESS_TEXTS = [
{
title: 'Server address',
subtitle:
- 'This is the address the agent uses to communicate with the Wazuh server. Enter an IP address or a fully qualified domain name (FDQN).',
+ 'This is the address the agent uses to communicate with the server. Enter an IP address or a fully qualified domain name (FDQN).',
},
];
@@ -42,6 +42,6 @@ export const OPTIONAL_PARAMETERS_TEXT = [
{
title: 'Optional settings',
subtitle:
- 'The deployment sets the endpoint hostname as the agent name by default. Optionally, you can set your own name in the field below.',
+ 'By default, the deployment uses the hostname as the agent name. Optionally, you can use a different agent name in the field below.',
},
];
From 192c10738d96fd3ef662684f3fb736b328ad2b34 Mon Sep 17 00:00:00 2001
From: Federico Rodriguez
Date: Wed, 13 Dec 2023 20:41:51 +0100
Subject: [PATCH 09/12] Fix the register agent selected cluster/manager config
endpoint (#6213)
* Fix the cluster conditional to choose the endpoints
* Add changelog
---
CHANGELOG.md | 4 ++--
.../services/register-agent-services.tsx | 24 +++++++++++++------
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbb1b0707e..127e4c8580 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,14 +6,14 @@ All notable changes to the Wazuh app project will be documented in this file.
### Added
-- Added contextual information in the register agent commands [#6208](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6208)
- Support for Wazuh 4.7.2
+- Added contextual information in the register agent commands [#6208](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6208)
- Added host name and board serial information to Agents > Inventory data [#6191](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6191)
### Fixed
- Fixed Agents preview page load when there are no registered agents [#6185](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6185)
-- Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206)
+- Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206) [#6213](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6213)
## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01
diff --git a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx
index 71c3b1dc15..82377255e8 100644
--- a/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx
+++ b/plugins/main/public/controllers/register-agent/services/register-agent-services.tsx
@@ -42,7 +42,10 @@ export const clusterStatusResponse = async (): Promise => {
/**
* Get the remote configuration from api
*/
-async function getRemoteConfiguration(nodeName: string): Promise {
+async function getRemoteConfiguration(
+ nodeName: string,
+ clusterStatus: boolean,
+): Promise {
let config: RemoteConfig = {
name: nodeName,
isUdp: false,
@@ -50,7 +53,6 @@ async function getRemoteConfiguration(nodeName: string): Promise {
};
try {
- const clusterStatus = await clusterStatusResponse();
let result;
if (clusterStatus) {
result = await WzRequest.apiReq(
@@ -97,8 +99,8 @@ async function getRemoteConfiguration(nodeName: string): Promise {
* @param node
* @returns
*/
-async function getAuthConfiguration(node?: string) {
- const authConfigUrl = node
+async function getAuthConfiguration(node: string, clusterStatus: boolean) {
+ const authConfigUrl = clusterStatus
? `/cluster/${node}/configuration/auth/auth`
: '/manager/configuration/auth/auth';
const result = await WzRequest.apiReq('GET', authConfigUrl, {});
@@ -131,7 +133,11 @@ async function getConnectionConfig(
const nodeIp = nodeSelected?.value;
if (!defaultServerAddress) {
if (nodeSelected.nodetype !== 'custom') {
- const remoteConfig = await getRemoteConfiguration(nodeName);
+ const clusterStatus = await clusterStatusResponse();
+ const remoteConfig = await getRemoteConfiguration(
+ nodeName,
+ clusterStatus,
+ );
return {
serverAddress: nodeIp,
udpProtocol: remoteConfig.isUdp,
@@ -232,8 +238,12 @@ export const getMasterNode = (nodeIps: any[]): any[] => {
export const getMasterConfiguration = async () => {
const nodes = await fetchClusterNodesOptions();
const masterNode = getMasterNode(nodes);
- const remote = await getRemoteConfiguration(masterNode[0].label);
- const auth = await getAuthConfiguration(masterNode[0].label);
+ const clusterStatus = await clusterStatusResponse();
+ const remote = await getRemoteConfiguration(
+ masterNode[0].label,
+ clusterStatus,
+ );
+ const auth = await getAuthConfiguration(masterNode[0].label, clusterStatus);
return {
remote,
auth,
From 9a92c375cb44a6b7894cff81768e8cab1ce5b091 Mon Sep 17 00:00:00 2001
From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com>
Date: Fri, 15 Dec 2023 11:08:22 -0300
Subject: [PATCH 10/12] Fix error navigating back to agent (#6224)
* Fix error in agents preview
* Modify changelog
---
CHANGELOG.md | 1 +
.../agent/components/agents-preview.js | 21 +++++++++++++------
2 files changed, 16 insertions(+), 6 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 127e4c8580..64e990aae6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ All notable changes to the Wazuh app project will be documented in this file.
- Fixed Agents preview page load when there are no registered agents [#6185](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6185)
- Fixed the endpoint to get Wazuh server auth configuration [#6206](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6206) [#6213](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6213)
+- Fixed error navigating back to agent in some scenarios [#6224](https://github.com/wazuh/wazuh-dashboard-plugins/pull/6224)
## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 01
diff --git a/plugins/main/public/controllers/agent/components/agents-preview.js b/plugins/main/public/controllers/agent/components/agents-preview.js
index d9a7dbd0ba..de0c36135b 100644
--- a/plugins/main/public/controllers/agent/components/agents-preview.js
+++ b/plugins/main/public/controllers/agent/components/agents-preview.js
@@ -54,6 +54,7 @@ import {
agentStatusColorByAgentStatus,
agentStatusLabelByAgentStatus,
} from '../../../../common/services/wz_agent_status';
+import { AppNavigate } from '../../../react-services/app-navigate.js';
export const AgentsPreview = compose(
withErrorBoundary,
@@ -319,10 +320,13 @@ export const AgentsPreview = compose(
content='View agent details'
>
- this.showAgent(
- this.state.lastRegisteredAgent,
- )
+ onClick={ev => {
+ ev.stopPropagation();
+ AppNavigate.navigateToModule(ev, 'agents', {
+ tab: 'welcome',
+ agent: this.state.lastRegisteredAgent?.id,
+ });
+ }
}
>
{this.state.lastRegisteredAgent?.name || '-'}
@@ -349,8 +353,13 @@ export const AgentsPreview = compose(
content='View agent details'
>
- this.showAgent(this.state.agentMostActive)
+ onClick={ev => {
+ ev.stopPropagation();
+ AppNavigate.navigateToModule(ev, 'agents', {
+ tab: 'welcome',
+ agent: this.state.agentMostActive?.id,
+ });
+ }
}
>
{this.state.agentMostActive?.name || '-'}
From beac211f993c5066927c77cb37c4b2cbae78d200 Mon Sep 17 00:00:00 2001
From: Nicolas Agustin Guevara Pihen <42900763+Tostti@users.noreply.github.com>
Date: Fri, 15 Dec 2023 13:29:34 -0300
Subject: [PATCH 11/12] Bump revision 03 for 4.7.1-RC3 (#6229)
bump revision 03 for 4.7.1-RC3
---
CHANGELOG.md | 2 +-
plugins/main/opensearch_dashboards.json | 2 +-
plugins/main/package.json | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 09168716cc..2ce32ece55 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@
All notable changes to the Wazuh app project will be documented in this file.
-## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 02
+## Wazuh v4.7.1 - OpenSearch Dashboards 2.8.0 - Revision 03
### Added
diff --git a/plugins/main/opensearch_dashboards.json b/plugins/main/opensearch_dashboards.json
index 6ec5775a2a..4fa76eb5d9 100644
--- a/plugins/main/opensearch_dashboards.json
+++ b/plugins/main/opensearch_dashboards.json
@@ -1,6 +1,6 @@
{
"id": "wazuh",
- "version": "4.7.1-02",
+ "version": "4.7.1-03",
"opensearchDashboardsVersion": "opensearchDashboards",
"configPath": [
"wazuh"
diff --git a/plugins/main/package.json b/plugins/main/package.json
index 0897f8c945..b784c08d6e 100644
--- a/plugins/main/package.json
+++ b/plugins/main/package.json
@@ -1,7 +1,7 @@
{
"name": "wazuh",
"version": "4.7.1",
- "revision": "02",
+ "revision": "03",
"pluginPlatform": {
"version": "2.8.0"
},
From 3e200d2b9c28a6668b303a6d9fbb416331d0ac5f Mon Sep 17 00:00:00 2001
From: JuanGarriuz
Date: Wed, 20 Dec 2023 18:50:33 +0100
Subject: [PATCH 12/12] Ugrade filebeat version to 0.4 (#6239)
change filebeat version to 0.4
---
.../wazuh-build-push-docker-action.yml | 90 ++++++------
docker/kbn-dev/dev.yml | 26 ++--
docker/osd-dev/dev.yml | 2 +-
docker/wazuh-4.2-es/pre.yml | 24 ++--
docker/wazuh-4.3-wz/pre.yml | 131 +++++++++---------
docker/wazuh-4.4-wz/pre.yml | 131 +++++++++---------
docker/wazuh-4.5-wz/pre.yml | 131 +++++++++---------
docker/wazuh-4.x-es/pre.yml | 24 ++--
.../Dockerfile | 2 +-
9 files changed, 276 insertions(+), 285 deletions(-)
diff --git a/.github/workflows/wazuh-build-push-docker-action.yml b/.github/workflows/wazuh-build-push-docker-action.yml
index 74c233c965..74be8e29e1 100644
--- a/.github/workflows/wazuh-build-push-docker-action.yml
+++ b/.github/workflows/wazuh-build-push-docker-action.yml
@@ -55,63 +55,63 @@ jobs:
name: Run build and push manager image
runs-on: ubuntu-latest
steps:
- - name: Step 01 - Download wazuh-kibana-app
- uses: actions/checkout@v2
- with:
+ - name: Step 01 - Download wazuh-kibana-app
+ uses: actions/checkout@v2
+ with:
path: wazuh-kibana-app
- - name: Step 02 - Login to quay.io
- run: |
- docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
- - name: Step 03 - Build image
- run: |
- cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_manager_filebeat_sources_cmake
- docker build -t quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} \
- --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \
- --build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \
- --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \
- --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz .
- - name: Step 04 - Push image to quay.io
- run: |
- docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }}
+ - name: Step 02 - Login to quay.io
+ run: |
+ docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+ - name: Step 03 - Build image
+ run: |
+ cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_manager_filebeat_sources_cmake
+ docker build -t quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }} \
+ --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-manager-version }} \
+ --build-arg FILEBEAT_VERSION=${{ github.event.inputs.elastic-manager-version }} \
+ --build-arg FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json \
+ --build-arg FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz .
+ - name: Step 04 - Push image to quay.io
+ run: |
+ docker push quay.io/wazuh/wazuh-manager-image:${{ github.event.inputs.wazuh-manager-version }}-${{ github.event.inputs.elastic-manager-version }}
job-build-agent-image:
if: ${{ github.event.inputs.build-agent-image == 'true' }}
name: Run build and push agent image
runs-on: ubuntu-latest
steps:
- - name: Step 01 - Download wazuh-kibana-app
- uses: actions/checkout@v2
- with:
+ - name: Step 01 - Download wazuh-kibana-app
+ uses: actions/checkout@v2
+ with:
path: wazuh-kibana-app
- - name: Step 02 - Login to quay.io
- run: |
- docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
- - name: Step 03 - Build image
- run: |
- cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_agent_ubuntu_sources_cmake
- docker build -t quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} \
- --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-agent-version }} .
- - name: Step 04 - Push image to quay.io
- run: |
- docker push quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }}
+ - name: Step 02 - Login to quay.io
+ run: |
+ docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+ - name: Step 03 - Build image
+ run: |
+ cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/wazuh_agent_ubuntu_sources_cmake
+ docker build -t quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }} \
+ --build-arg WAZUH_VERSION=${{ github.event.inputs.wazuh-agent-version }} .
+ - name: Step 04 - Push image to quay.io
+ run: |
+ docker push quay.io/wazuh/wazuh-agent-image:${{ github.event.inputs.wazuh-agent-version }}
job-build-cypress-image:
if: ${{ github.event.inputs.build-cypress-image == 'true' }}
name: Run build and push cypress image
runs-on: ubuntu-latest
steps:
- - name: Step 01 - Download wazuh-kibana-app
- uses: actions/checkout@v2
- with:
+ - name: Step 01 - Download wazuh-kibana-app
+ uses: actions/checkout@v2
+ with:
path: wazuh-kibana-app
- - name: Step 02 - Login to quay.io
- run: |
- docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
- - name: Step 03 - Build image
- run: |
- cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/ubuntu-cypress
- docker build -t quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} \
- --build-arg UBUNTU_CYPRESS_BRANCH=${{ github.event.inputs.ubuntu-cypress-branch }} .
- - name: Step 04 - Push image to quay.io
- run: |
- docker push quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }}
+ - name: Step 02 - Login to quay.io
+ run: |
+ docker login -u=${{ secrets.QUAYIO_USERNAME }} -p=${{ secrets.QUAYIO_TOKEN }} quay.io
+ - name: Step 03 - Build image
+ run: |
+ cd ${{ github.workspace }}/wazuh-kibana-app/test/cypress/images/ubuntu-cypress
+ docker build -t quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }} \
+ --build-arg UBUNTU_CYPRESS_BRANCH=${{ github.event.inputs.ubuntu-cypress-branch }} .
+ - name: Step 04 - Push image to quay.io
+ run: |
+ docker push quay.io/wazuh/wazuh-ubuntu-cypress:${{ github.event.inputs.image-cypress-version }}
diff --git a/docker/kbn-dev/dev.yml b/docker/kbn-dev/dev.yml
index f01c481224..c6abeb041b 100755
--- a/docker/kbn-dev/dev.yml
+++ b/docker/kbn-dev/dev.yml
@@ -1,16 +1,16 @@
-version: "2.2"
+version: '2.2'
x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
<<: *logging
- hostname: "exporter-kbn-${ES_VERSION}"
+ hostname: 'exporter-kbn-${ES_VERSION}'
networks:
- es-dev
- mon
@@ -21,7 +21,7 @@ services:
imposter:
image: outofcoffee/imposter
- hostname: "imposter-kbn-${ES_VERSION}"
+ hostname: 'imposter-kbn-${ES_VERSION}'
networks:
- es-dev
- mon
@@ -32,7 +32,7 @@ services:
volumes:
- ../imposter:/opt/imposter/config
ports:
- - ${IMPOSTER_PORT}:8080
+ - ${IMPOSTER_PORT}:8080
filebeat:
depends_on:
@@ -40,7 +40,7 @@ services:
condition: service_healthy
image: elastic/filebeat:7.10.2
hostname: filebeat
- user: "0:0"
+ user: '0:0'
networks:
- es-dev
- mon
@@ -54,7 +54,7 @@ services:
echo admin | filebeat keystore add username --stdin --force
echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
- curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
# copy filebeat to preserve correct permissions without
# affecting host filesystem
cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -69,7 +69,7 @@ services:
setup:
hostname: setup
- user: "0"
+ user: '0'
image: docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION}
volumes:
- certs:/usr/share/elasticsearch/config/certs
@@ -120,7 +120,7 @@ services:
echo "All done!";
'
healthcheck:
- test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
+ test: ['CMD-SHELL', '[ -f config/certs/es01/es01.crt ]']
interval: 1s
timeout: 5s
retries: 120
@@ -140,7 +140,7 @@ services:
- certs:/usr/share/elasticsearch/config/certs
- esdata01:/usr/share/elasticsearch/data
environment:
- - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+ - 'ES_JAVA_OPTS=-Xms512m -Xmx512m'
- node.name=es01
- discovery.type=single-node
- discovery.seed_hosts=es01
@@ -166,7 +166,7 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
+ 'CMD-SHELL',
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
@@ -186,7 +186,7 @@ services:
- mon
<<: *logging
volumes:
- - "${SRC}:/home/node/kbn/plugins/wazuh"
+ - '${SRC}:/home/node/kbn/plugins/wazuh'
- certs:/home/node/kbn/config/certs
- kibana_cache:/home/node/.cache
- ./config/kibana/kibana.yml:/home/node/kbn/config/kibana.yml
@@ -198,7 +198,7 @@ services:
# Kibana configuration is in the mounted config file, as the entrypoint
# does not generate the config file from the envirtonment
- LOGS=/proc/1/fd/1
- entrypoint: ["tail", "-f", "/dev/null"]
+ entrypoint: ['tail', '-f', '/dev/null']
healthcheck:
test: sh /home/node/setup_permissions.sh es01
interval: 5s
diff --git a/docker/osd-dev/dev.yml b/docker/osd-dev/dev.yml
index 0360a8c55f..11f37f04af 100755
--- a/docker/osd-dev/dev.yml
+++ b/docker/osd-dev/dev.yml
@@ -205,7 +205,7 @@ services:
echo admin | filebeat keystore add username --stdin --force
echo ${PASSWORD}| filebeat keystore add password --stdin --force
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
- curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
# copy filebeat to preserve correct permissions without
# affecting host filesystem
cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
diff --git a/docker/wazuh-4.2-es/pre.yml b/docker/wazuh-4.2-es/pre.yml
index 273e304c95..26a2e7a6bb 100755
--- a/docker/wazuh-4.2-es/pre.yml
+++ b/docker/wazuh-4.2-es/pre.yml
@@ -1,16 +1,16 @@
-version: "2.2"
+version: '2.2'
x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
<<: *logging
- hostname: "exporter-kbn-${ES_VERSION}"
+ hostname: 'exporter-kbn-${ES_VERSION}'
networks:
- es-pre
- mon
@@ -21,7 +21,7 @@ services:
imposter:
image: outofcoffee/imposter
- hostname: "imposter-kbn-${ES_VERSION}"
+ hostname: 'imposter-kbn-${ES_VERSION}'
networks:
- es-pre
- mon
@@ -38,7 +38,7 @@ services:
condition: service_healthy
image: elastic/filebeat:7.10.2
hostname: filebeat
- user: "0:0"
+ user: '0:0'
networks:
- es-pre
<<: *logging
@@ -51,7 +51,7 @@ services:
echo admin | filebeat keystore add username --stdin --force
echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.2/extensions/elasticsearch/7.x/wazuh-template.json
- curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
# copy filebeat to preserve correct permissions without
# affecting host filesystem
cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -72,7 +72,7 @@ services:
- certs:/usr/share/elasticsearch/config/certs
- ./config/wazuh_indexer_ssl_certs/:/tmp/certs
- ./config/setup_permissions.sh:/tmp/setup_permissions.sh
- user: "0"
+ user: '0'
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
@@ -134,7 +134,7 @@ services:
echo "All done!";
'
healthcheck:
- test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
+ test: ['CMD-SHELL', '[ -f config/certs/es01/es01.crt ]']
interval: 1s
timeout: 5s
retries: 120
@@ -152,7 +152,7 @@ services:
- certs:/usr/share/elasticsearch/config/certs
- esdata01:/usr/share/elasticsearch/data
environment:
- - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+ - 'ES_JAVA_OPTS=-Xms512m -Xmx512m'
- node.name=es01
- cluster.name=${CLUSTER_NAME}
# - cluster.initial_master_nodes=es01,es02,es03
@@ -180,7 +180,7 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
+ 'CMD-SHELL',
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
@@ -303,7 +303,7 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
+ 'CMD-SHELL',
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
@@ -312,7 +312,7 @@ services:
networks:
es-pre:
- name: "es-pre-${ES_VERSION}"
+ name: 'es-pre-${ES_VERSION}'
driver: bridge
mon:
external: true
diff --git a/docker/wazuh-4.3-wz/pre.yml b/docker/wazuh-4.3-wz/pre.yml
index b203c39355..4757912bb6 100755
--- a/docker/wazuh-4.3-wz/pre.yml
+++ b/docker/wazuh-4.3-wz/pre.yml
@@ -5,13 +5,13 @@ x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
<<: *logging
- hostname: "exporter-kbn-${WAZUH_STACK}"
+ hostname: 'exporter-kbn-${WAZUH_STACK}'
networks:
- wzd-pre
- mon
@@ -22,7 +22,7 @@ services:
imposter:
image: outofcoffee/imposter
- hostname: "imposter-kbn-${WAZUH_STACK}"
+ hostname: 'imposter-kbn-${WAZUH_STACK}'
networks:
- wzd-pre
- mon
@@ -42,64 +42,64 @@ services:
- ./config/certs:/conf
entrypoint: /bin/bash
command: >
- -c '
- export certs=/tmp/certs
- mkdir $$certs
- cd $$certs
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
- echo "Generating CA"
- cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+ echo "Setting up permissions"
- echo "Generating servers certificates"
- for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=server - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
-
- echo "Generating clients certificates"
- for i in admin filebeat; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=client - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
-
- echo "Setting up permissions"
-
- rm /certs/wi/* /certs/wd/* /certs/wm/*
-
- mv $$certs/wazuh.indexer* /certs/wi
- mv $$certs/admin* /certs/wi
- mv /certs/wi/admin.key /certs/wi/admin-key.pem
- cp $$certs/*ca* /certs/wi
-
- mv $$certs/wazuh.dashboard* /certs/wd
- cp $$certs/*ca* /certs/wd
-
- mv $$certs/*.* /certs/wm
-
- chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
- chown -R 1000:1000 /certs/*
- ls -alR /certs/
-
- sleep 30
- '
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 30
+ '
healthcheck:
- test: ["CMD-SHELL", "[ -r /certs/wm/wazuh.manager.pem ]"]
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
interval: 2s
timeout: 5s
retries: 10
@@ -110,7 +110,7 @@ services:
condition: service_healthy
image: elastic/filebeat:7.10.2
hostname: filebeat
- user: "0:0"
+ user: '0:0'
networks:
- wzd-pre
- mon
@@ -123,7 +123,7 @@ services:
echo admin | filebeat keystore add username --stdin --force
echo SecretPassword| filebeat keystore add password --stdin --force
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
- curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
# copy filebeat to preserve correct permissions without
# affecting host filesystem
cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -136,7 +136,6 @@ services:
- wm_certs:/etc/ssl/wazuh
- ./config/filebeat/filebeat.yml:/tmp/filebeat.yml
-
wazuh.indexer:
depends_on:
generator:
@@ -148,8 +147,8 @@ services:
- mon
<<: *logging
environment:
- - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- - "OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config"
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
ulimits:
memlock:
soft: -1
@@ -165,15 +164,13 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
- "/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security",
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
]
interval: 10s
timeout: 10s
retries: 120
-
-
wazuh.dashboard:
image: wazuh/wazuh-dashboard:${WAZUH_STACK}
hostname: wazuh.dashboard
diff --git a/docker/wazuh-4.4-wz/pre.yml b/docker/wazuh-4.4-wz/pre.yml
index 632a56405a..f724f3b902 100755
--- a/docker/wazuh-4.4-wz/pre.yml
+++ b/docker/wazuh-4.4-wz/pre.yml
@@ -5,13 +5,13 @@ x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
<<: *logging
- hostname: "exporter-kbn-${WAZUH_STACK}"
+ hostname: 'exporter-kbn-${WAZUH_STACK}'
networks:
- wzd-pre
- mon
@@ -22,7 +22,7 @@ services:
imposter:
image: outofcoffee/imposter
- hostname: "imposter-kbn-${WAZUH_STACK}"
+ hostname: 'imposter-kbn-${WAZUH_STACK}'
networks:
- wzd-pre
- mon
@@ -42,64 +42,64 @@ services:
- ./config/certs:/conf
entrypoint: /bin/bash
command: >
- -c '
- export certs=/tmp/certs
- mkdir $$certs
- cd $$certs
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
- echo "Generating CA"
- cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+ echo "Setting up permissions"
- echo "Generating servers certificates"
- for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=server - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
-
- echo "Generating clients certificates"
- for i in admin filebeat; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=client - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
-
- echo "Setting up permissions"
-
- rm /certs/wi/* /certs/wd/* /certs/wm/*
-
- mv $$certs/wazuh.indexer* /certs/wi
- mv $$certs/admin* /certs/wi
- mv /certs/wi/admin.key /certs/wi/admin-key.pem
- cp $$certs/*ca* /certs/wi
-
- mv $$certs/wazuh.dashboard* /certs/wd
- cp $$certs/*ca* /certs/wd
-
- mv $$certs/*.* /certs/wm
-
- chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
- chown -R 1000:1000 /certs/*
- ls -alR /certs/
-
- sleep 30
- '
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 30
+ '
healthcheck:
- test: ["CMD-SHELL", "[ -r /certs/wm/wazuh.manager.pem ]"]
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
interval: 2s
timeout: 5s
retries: 10
@@ -110,7 +110,7 @@ services:
condition: service_healthy
image: elastic/filebeat:7.10.2
hostname: filebeat
- user: "0:0"
+ user: '0:0'
networks:
- wzd-pre
- mon
@@ -123,7 +123,7 @@ services:
echo admin | filebeat keystore add username --stdin --force
echo SecretPassword| filebeat keystore add password --stdin --force
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
- curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
# copy filebeat to preserve correct permissions without
# affecting host filesystem
cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -136,7 +136,6 @@ services:
- wm_certs:/etc/ssl/wazuh
- ./config/filebeat/filebeat.yml:/tmp/filebeat.yml
-
wazuh.indexer:
depends_on:
generator:
@@ -148,8 +147,8 @@ services:
- mon
<<: *logging
environment:
- - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- - "OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config"
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
ulimits:
memlock:
soft: -1
@@ -168,15 +167,13 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
- "/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security",
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
]
interval: 10s
timeout: 10s
retries: 120
-
-
wazuh.dashboard:
image: wazuh/wazuh-dashboard:${WAZUH_STACK}
hostname: wazuh.dashboard
diff --git a/docker/wazuh-4.5-wz/pre.yml b/docker/wazuh-4.5-wz/pre.yml
index 632a56405a..f724f3b902 100755
--- a/docker/wazuh-4.5-wz/pre.yml
+++ b/docker/wazuh-4.5-wz/pre.yml
@@ -5,13 +5,13 @@ x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
<<: *logging
- hostname: "exporter-kbn-${WAZUH_STACK}"
+ hostname: 'exporter-kbn-${WAZUH_STACK}'
networks:
- wzd-pre
- mon
@@ -22,7 +22,7 @@ services:
imposter:
image: outofcoffee/imposter
- hostname: "imposter-kbn-${WAZUH_STACK}"
+ hostname: 'imposter-kbn-${WAZUH_STACK}'
networks:
- wzd-pre
- mon
@@ -42,64 +42,64 @@ services:
- ./config/certs:/conf
entrypoint: /bin/bash
command: >
- -c '
- export certs=/tmp/certs
- mkdir $$certs
- cd $$certs
+ -c '
+ export certs=/tmp/certs
+ mkdir $$certs
+ cd $$certs
+
+ echo "Generating CA"
+ cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+
+ echo "Generating servers certificates"
+ for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=server - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
+
+ echo "Generating clients certificates"
+ for i in admin filebeat; do
+ echo "Generating cert for $$i"
+ cat /conf/host.json | \
+ sed "s/HOST/$$i/g" | \
+ cfssl gencert \
+ -ca $$certs/ca.pem \
+ -ca-key $$certs/ca-key.pem \
+ -config /conf/cfssl.json \
+ -profile=client - | \
+ cfssljson -bare $$i
+ openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
+ done
- echo "Generating CA"
- cfssl gencert -initca /conf/ca.json | cfssljson -bare ca
+ echo "Setting up permissions"
- echo "Generating servers certificates"
- for i in wazuh.indexer wazuh.dashboard wazuh.manager; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=server - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
-
- echo "Generating clients certificates"
- for i in admin filebeat; do
- echo "Generating cert for $$i"
- cat /conf/host.json | \
- sed "s/HOST/$$i/g" | \
- cfssl gencert \
- -ca $$certs/ca.pem \
- -ca-key $$certs/ca-key.pem \
- -config /conf/cfssl.json \
- -profile=client - | \
- cfssljson -bare $$i
- openssl pkcs8 -topk8 -inform pem -in $$i-key.pem -outform pem -nocrypt -out $$i.key
- done
-
- echo "Setting up permissions"
-
- rm /certs/wi/* /certs/wd/* /certs/wm/*
-
- mv $$certs/wazuh.indexer* /certs/wi
- mv $$certs/admin* /certs/wi
- mv /certs/wi/admin.key /certs/wi/admin-key.pem
- cp $$certs/*ca* /certs/wi
-
- mv $$certs/wazuh.dashboard* /certs/wd
- cp $$certs/*ca* /certs/wd
-
- mv $$certs/*.* /certs/wm
-
- chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
- chown -R 1000:1000 /certs/*
- ls -alR /certs/
-
- sleep 30
- '
+ rm /certs/wi/* /certs/wd/* /certs/wm/*
+
+ mv $$certs/wazuh.indexer* /certs/wi
+ mv $$certs/admin* /certs/wi
+ mv /certs/wi/admin.key /certs/wi/admin-key.pem
+ cp $$certs/*ca* /certs/wi
+
+ mv $$certs/wazuh.dashboard* /certs/wd
+ cp $$certs/*ca* /certs/wd
+
+ mv $$certs/*.* /certs/wm
+
+ chmod 640 /certs/wi/* /certs/wd/* /certs/wm/*
+ chown -R 1000:1000 /certs/*
+ ls -alR /certs/
+
+ sleep 30
+ '
healthcheck:
- test: ["CMD-SHELL", "[ -r /certs/wm/wazuh.manager.pem ]"]
+ test: ['CMD-SHELL', '[ -r /certs/wm/wazuh.manager.pem ]']
interval: 2s
timeout: 5s
retries: 10
@@ -110,7 +110,7 @@ services:
condition: service_healthy
image: elastic/filebeat:7.10.2
hostname: filebeat
- user: "0:0"
+ user: '0:0'
networks:
- wzd-pre
- mon
@@ -123,7 +123,7 @@ services:
echo admin | filebeat keystore add username --stdin --force
echo SecretPassword| filebeat keystore add password --stdin --force
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
- curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
# copy filebeat to preserve correct permissions without
# affecting host filesystem
cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -136,7 +136,6 @@ services:
- wm_certs:/etc/ssl/wazuh
- ./config/filebeat/filebeat.yml:/tmp/filebeat.yml
-
wazuh.indexer:
depends_on:
generator:
@@ -148,8 +147,8 @@ services:
- mon
<<: *logging
environment:
- - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
- - "OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config"
+ - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
+ - 'OPENSEARCH_PATH_CONF=/usr/share/wazuh-indexer/config'
ulimits:
memlock:
soft: -1
@@ -168,15 +167,13 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
- "/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security",
+ 'CMD-SHELL',
+ '/usr/share/wazuh-indexer/bin/opensearch-plugin list | grep -q security',
]
interval: 10s
timeout: 10s
retries: 120
-
-
wazuh.dashboard:
image: wazuh/wazuh-dashboard:${WAZUH_STACK}
hostname: wazuh.dashboard
diff --git a/docker/wazuh-4.x-es/pre.yml b/docker/wazuh-4.x-es/pre.yml
index fa1202432c..60d31a1df3 100755
--- a/docker/wazuh-4.x-es/pre.yml
+++ b/docker/wazuh-4.x-es/pre.yml
@@ -1,16 +1,16 @@
-version: "2.2"
+version: '2.2'
x-logging: &logging
logging:
driver: loki
options:
- loki-url: "http://host.docker.internal:3100/loki/api/v1/push"
+ loki-url: 'http://host.docker.internal:3100/loki/api/v1/push'
services:
exporter:
image: quay.io/prometheuscommunity/elasticsearch-exporter:latest
<<: *logging
- hostname: "exporter-kbn-${ES_VERSION}"
+ hostname: 'exporter-kbn-${ES_VERSION}'
networks:
- es-pre
- mon
@@ -21,7 +21,7 @@ services:
imposter:
image: outofcoffee/imposter
- hostname: "imposter-kbn-${ES_VERSION}"
+ hostname: 'imposter-kbn-${ES_VERSION}'
networks:
- es-pre
- mon
@@ -38,7 +38,7 @@ services:
condition: service_healthy
image: elastic/filebeat:7.10.2
hostname: filebeat
- user: "0:0"
+ user: '0:0'
networks:
- es-pre
<<: *logging
@@ -51,7 +51,7 @@ services:
echo admin | filebeat keystore add username --stdin --force
echo ${ELASTIC_PASSWORD}| filebeat keystore add password --stdin --force
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.3/extensions/elasticsearch/7.x/wazuh-template.json
- curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz | tar -xvz -C /usr/share/filebeat/module
+ curl -s https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz | tar -xvz -C /usr/share/filebeat/module
# copy filebeat to preserve correct permissions without
# affecting host filesystem
cp /tmp/filebeat.yml /usr/share/filebeat/filebeat.yml
@@ -72,7 +72,7 @@ services:
- certs:/usr/share/elasticsearch/config/certs
- ./config/wazuh_indexer_ssl_certs/:/tmp/certs
- ./config/setup_permissions.sh:/tmp/setup_permissions.sh
- user: "0"
+ user: '0'
command: >
bash -c '
if [ x${ELASTIC_PASSWORD} == x ]; then
@@ -134,7 +134,7 @@ services:
echo "All done!";
'
healthcheck:
- test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
+ test: ['CMD-SHELL', '[ -f config/certs/es01/es01.crt ]']
interval: 1s
timeout: 5s
retries: 120
@@ -152,7 +152,7 @@ services:
- certs:/usr/share/elasticsearch/config/certs
- esdata01:/usr/share/elasticsearch/data
environment:
- - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+ - 'ES_JAVA_OPTS=-Xms512m -Xmx512m'
- node.name=es01
- cluster.name=${CLUSTER_NAME}
# - cluster.initial_master_nodes=es01,es02,es03
@@ -180,7 +180,7 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
+ 'CMD-SHELL',
"curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
]
interval: 10s
@@ -303,7 +303,7 @@ services:
healthcheck:
test:
[
- "CMD-SHELL",
+ 'CMD-SHELL',
"curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
]
interval: 10s
@@ -312,7 +312,7 @@ services:
networks:
es-pre:
- name: "es-pre-${ES_VERSION}"
+ name: 'es-pre-${ES_VERSION}'
driver: bridge
mon:
external: true
diff --git a/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile b/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile
index 1dddbbf285..9aeaafc8fa 100755
--- a/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile
+++ b/plugins/main/test/cypress/images/wazuh_manager_filebeat_sources_cmake/Dockerfile
@@ -44,4 +44,4 @@ EXPOSE 55000
# WAZUH_VERSION - Define the Wazuh branch/tag to install. [WAZUH_VERSION=4.1.0]
# FILEBEAT_VERSION - Filebeat Version
# FILEBEAT_WAZUH_TEMPLATE_URL - Link with the Wazuh template. [FILEBEAT_WAZUH_TEMPLATE_URL=https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json]
-# FILEBEAT_WAZUH_MODULE_URL - Link with the Wazuh Filebeat module. [FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.3.tar.gz]
+# FILEBEAT_WAZUH_MODULE_URL - Link with the Wazuh Filebeat module. [FILEBEAT_WAZUH_MODULE_URL=https://packages.wazuh.com/4.x/filebeat/wazuh-filebeat-0.4.tar.gz]