-
Notifications
You must be signed in to change notification settings - Fork 409
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add :z
option to mounted files
#1259
Comments
New PR: #1262 |
TestsUbuntu 22 with :z option:$ cat docker-compose.yml
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.7.4
hostname: wazuh.manager
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 655360
hard: 655360
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration:z
- wazuh_etc:/var/ossec/etc:z
- wazuh_logs:/var/ossec/logs:z
- wazuh_queue:/var/ossec/queue:z
- wazuh_var_multigroups:/var/ossec/var/multigroups:z
- wazuh_integrations:/var/ossec/integrations:z
- wazuh_active_response:/var/ossec/active-response/bin:z
- wazuh_agentless:/var/ossec/agentless:z
- wazuh_wodles:/var/ossec/wodles:z
- filebeat_etc:/etc/filebeat:z
- filebeat_var:/var/lib/filebeat:z
- ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key:z
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf:z
wazuh.indexer:
image: wazuh/wazuh-indexer:4.7.4
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer:z
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key:z
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem:z
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem:z
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem:z
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml:z
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml:z
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.4
hostname: wazuh.dashboard
restart: always
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem:z
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem:z
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml:z
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:z
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config:z
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom:z
depends_on:
- wazuh.indexer
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager
volumes:
wazuh_api_configuration:
wazuh_etc:
wazuh_logs:
wazuh_queue:
wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response:
wazuh_agentless:
wazuh_wodles:
filebeat_etc:
filebeat_var:
wazuh-indexer-data:
wazuh-dashboard-config:
wazuh-dashboard-custom:
$ docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
698764428d41 wazuh/wazuh-dashboard:4.7.4 "/entrypoint.sh" 6 seconds ago Up 5 seconds 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node_wazuh.dashboard_1
9749a4c56520 wazuh/wazuh-manager:4.7.4 "/init" 7 seconds ago Up 5 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node_wazuh.manager_1
a5cd60b7ac0e wazuh/wazuh-indexer:4.7.4 "/entrypoint.sh open…" 7 seconds ago Up 5 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node_wazuh.indexer_1
$ curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**b491aee535c66d2b73b666a8e442701d8124a560c5cb020f2367ea37aefb56dc*tpjbzMb8lqvfwAiU0Rq5tg*iP2k0TZ6IXavMy-GDepntvsbtjRpjwnTg3Azg0IBrtLqlP9h4472OZdiEN4wL6gxXxOfr8fB1qRE05uhtcDpS91hlDzaepIREMxCRAfiEtVDjh2P5PNN6susxJXlSbUAOP8ftkSPQC_xSVcHLfVZkzNqSKBnG5OAWf95gUlxUuNb31PVK5ef_zgMdxz-5oBT**a1478c98c8e97da5ce8164bf6ae2fa9dea04faee56b7f8a56ec80631a5bea24c*uGYiSjVWArUCnvWgiLQe-rse0c4FlNnFMpmsPg2Ulc4; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Tue, 14 May 2024 13:59:19 GMT
Connection: keep-alive
Keep-Alive: timeout=120
$ curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
$ TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
$ curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
$ docker exec -it single-node_wazuh.manager_1 filebeat test output
elasticsearch: https://wazuh.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.22.0.3
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
$ |
RHEL 9 without :z option[root@ip-172-31-34-188 single-node]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
[root@ip-172-31-34-188 single-node]# cat docker-compose.yml
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.7.4
hostname: wazuh.manager
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 655360
hard: 655360
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration
- wazuh_etc:/var/ossec/etc
- wazuh_logs:/var/ossec/logs
- wazuh_queue:/var/ossec/queue
- wazuh_var_multigroups:/var/ossec/var/multigroups
- wazuh_integrations:/var/ossec/integrations
- wazuh_active_response:/var/ossec/active-response/bin
- wazuh_agentless:/var/ossec/agentless
- wazuh_wodles:/var/ossec/wodles
- filebeat_etc:/etc/filebeat
- filebeat_var:/var/lib/filebeat
- ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
wazuh.indexer:
image: wazuh/wazuh-indexer:4.7.4
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.4
hostname: wazuh.dashboard
restart: always
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
depends_on:
- wazuh.indexer
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager
volumes:
wazuh_api_configuration:
wazuh_etc:
wazuh_logs:
wazuh_queue:
wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response:
wazuh_agentless:
wazuh_wodles:
filebeat_etc:
filebeat_var:
wazuh-indexer-data:
wazuh-dashboard-config:
wazuh-dashboard-custom:
[root@ip-172-31-34-188 single-node]# docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
[root@ip-172-31-34-188 single-node]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
028ab2ade5a3 wazuh/wazuh-dashboard:4.7.4 "/entrypoint.sh" 13 seconds ago Up 12 seconds 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node_wazuh.dashboard_1
44bb57b99b74 wazuh/wazuh-manager:4.7.4 "/init" 14 seconds ago Up 13 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node_wazuh.manager_1
5d1469923afa wazuh/wazuh-indexer:4.7.4 "/entrypoint.sh open…" 14 seconds ago Up 13 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node_wazuh.indexer_1
[root@ip-172-31-34-188 single-node]# curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**4fbcd91cb00d5a95358aab9a003077e30e611d5c6f37e54d3224d3c09fee2f0c*lSC-2OXPJyuC-w77jkOt4g*0fiHsCcOx-xCEIOtRVo0PSy6BVEgIHH4zmGzWW0F7dJANW--XT4e5Fc45TG2QYEkXBCgI9FrogGKNL5l9wDZygdXfZM804Sl1M8wmKPQe08-ptr2qIopwSA9mTMHx9bySJamLMdHBdVyKMogQ7LBM3bPW11GmeylJ5rHNjZoW0VWhae_Z1fOx6EI9oCm_XIU**5d43a713cabbee51fe294930cee07e879bae50902708ea6eebe49d24939fb71e*a8UzMeT2U2hdKrHMWDrSZMoDlqAsfv3d2R5K-X0E4mY; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Tue, 14 May 2024 14:17:06 GMT
Connection: keep-alive
Keep-Alive: timeout=120
[root@ip-172-31-34-188 single-node]#curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -ss
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
[root@ip-172-31-34-188 single-node]# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
[root@ip-172-31-34-188 single-node]# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
[root@ip-172-31-34-188 single-node]#docker exec -it single-node_wazuh.manager_1 filebeat test outputt
elasticsearch: https://wazuh.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.21.0.3
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
[root@ip-172-31-34-188 single-node]# |
Decian 12 with z optionroot@ip-172-31-46-212:~/wazuh-docker/single-node# cat docker-compose.yml
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.7.4
hostname: wazuh.manager
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 655360
hard: 655360
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration:z
- wazuh_etc:/var/ossec/etc:z
- wazuh_logs:/var/ossec/logs:z
- wazuh_queue:/var/ossec/queue:z
- wazuh_var_multigroups:/var/ossec/var/multigroups:z
- wazuh_integrations:/var/ossec/integrations:z
- wazuh_active_response:/var/ossec/active-response/bin:z
- wazuh_agentless:/var/ossec/agentless:z
- wazuh_wodles:/var/ossec/wodles:z
- filebeat_etc:/etc/filebeat:z
- filebeat_var:/var/lib/filebeat:z
- ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key:z
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf:z
wazuh.indexer:
image: wazuh/wazuh-indexer:4.7.4
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer:z
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key:z
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem:z
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem:z
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem:z
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml:z
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml:z
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.4
hostname: wazuh.dashboard
restart: always
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem:z
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem:z
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml:z
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:z
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config:z
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom:z
depends_on:
- wazuh.indexer
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager
volumes:
wazuh_api_configuration:
wazuh_etc:
wazuh_logs:
wazuh_queue:
wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response:
wazuh_agentless:
wazuh_wodles:
filebeat_etc:
filebeat_var:
wazuh-indexer-data:
wazuh-dashboard-config:
wazuh-dashboard-custom:
root@ip-172-31-46-212:~/wazuh-docker/single-node# docker-compose up -d
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Pulling wazuh.manager (wazuh/wazuh-manager:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-manager
4477f8fe99eb: Pull complete
4f82ca0de8a3: Pull complete
6e28c91bf777: Pull complete
0fec5dd278d8: Pull complete
ee85e582bf27: Pull complete
f10c38f7efaf: Pull complete
93bcbc6a9448: Pull complete
ca64c0fc9c15: Pull complete
ae935062ef4f: Pull complete
d4961b085c15: Pull complete
fc107cfd5c2e: Pull complete
c0d1fb658994: Pull complete
451a4e1798f0: Pull complete
9d09bc2b68a7: Pull complete
883eedb0a2cc: Pull complete
7ed3a0fe083b: Pull complete
9993a312216e: Pull complete
f0a3f2587984: Pull complete
7035748a853c: Pull complete
Digest: sha256:1fffbb9c2aa1cad5ebfdd3931f7a64f971f8eb00d375c4d27446cbb9f378daec
Status: Downloaded newer image for wazuh/wazuh-manager:4.7.4
Pulling wazuh.indexer (wazuh/wazuh-indexer:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-indexer
4477f8fe99eb: Already exists
7e35b2ca79c1: Pull complete
e643da7165cb: Pull complete
627b30910ffe: Pull complete
8cd1f1a10661: Pull complete
ec9201c50a43: Pull complete
fea7f74075b9: Pull complete
0c442ad43dfc: Pull complete
abf77b830c62: Pull complete
eecc1011391f: Pull complete
5d306016bcfd: Pull complete
0e5a888b320d: Pull complete
180da07d0cbb: Pull complete
6daa89e881e9: Pull complete
Digest: sha256:9c45a77707a898dc05c522ee7e4f6c3f0c1faefdb20d45ade70a32c94a727819
Status: Downloaded newer image for wazuh/wazuh-indexer:4.7.4
Pulling wazuh.dashboard (wazuh/wazuh-dashboard:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-dashboard
4477f8fe99eb: Already exists
06940afa91b1: Pull complete
7c014928fc44: Pull complete
881d31674f2d: Pull complete
f38563d87715: Pull complete
f11cb71b84d3: Pull complete
c55be58f8ad7: Pull complete
826b252d37bc: Pull complete
fa4d268f2f11: Pull complete
9100a9073978: Pull complete
ed9829d616cc: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:101998c7e47a926404eea7bd354f39b5ea34a40d5ec6aa0fedb240c44853766c
Status: Downloaded newer image for wazuh/wazuh-dashboard:4.7.4
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
root@ip-172-31-46-212:~/wazuh-docker/single-node# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1e0f739f2e2b wazuh/wazuh-dashboard:4.7.4 "/entrypoint.sh" 13 minutes ago Up 13 minutes 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node_wazuh.dashboard_1
371f669709f9 wazuh/wazuh-manager:4.7.4 "/init" 13 minutes ago Up 13 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node_wazuh.manager_1
c3744b1079da wazuh/wazuh-indexer:4.7.4 "/entrypoint.sh open…" 13 minutes ago Up 13 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node_wazuh.indexer_1
root@ip-172-31-46-212:~/wazuh-docker/single-node# curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**01fe230eccf4522f6ef3847574edbeae87ce0bd1d504299ae0054bc48ea4a9db*_BahbnbqB970asrAP2vIHQ*t_Z4PsxxXGrR5Cbt0bkRnJEBWwkrWeO2dvK03RgGC3kedEmR4DGKZ4ipflv_foHXnUjN3X0bHsVhHKlJcBdoEjJdT_fpHapYZzhnbp1meNcHsulP4rYts-G5Sm_4Sx7rGtE2LdujmDrcdcUmixZXQqKtkFeZbQLrxxQWynZ2nc7-aP1haG7rjABqSDaJqbT1**572bc85f14cf89fa65ffbba922c14a2f2ca9f52129bc459a57f666b4d5d6876f*spQdZ2RKqzKMThlqCyzMaIiKQU0ObfbVWWzvk0QTbFw; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Tue, 14 May 2024 15:20:55 GMT
Connection: keep-alive
Keep-Alive: timeout=120
root@ip-172-31-46-212:~/wazuh-docker/single-node# curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
root@ip-172-31-46-212:~/wazuh-docker/single-node# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
root@ip-172-31-46-212:~/wazuh-docker/single-node# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
root@ip-172-31-46-212:~/wazuh-docker/single-node#docker exec -it single-node_wazuh.manager_1 filebeat test outputt
elasticsearch: https://wazuh.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.18.0.3
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
root@ip-172-31-46-212:~/wazuh-docker/single-node# |
Centos 7 without :z option[root@ip-172-31-45-119 single-node]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
[root@ip-172-31-45-119 single-node]# docker-compose up -d
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Pulling wazuh.manager (wazuh/wazuh-manager:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-manager
4477f8fe99eb: Pull complete
4f82ca0de8a3: Pull complete
6e28c91bf777: Pull complete
0fec5dd278d8: Pull complete
ee85e582bf27: Pull complete
f10c38f7efaf: Pull complete
93bcbc6a9448: Pull complete
ca64c0fc9c15: Pull complete
ae935062ef4f: Pull complete
d4961b085c15: Pull complete
fc107cfd5c2e: Pull complete
c0d1fb658994: Pull complete
451a4e1798f0: Pull complete
9d09bc2b68a7: Pull complete
883eedb0a2cc: Pull complete
7ed3a0fe083b: Pull complete
9993a312216e: Pull complete
f0a3f2587984: Pull complete
7035748a853c: Pull complete
Digest: sha256:1fffbb9c2aa1cad5ebfdd3931f7a64f971f8eb00d375c4d27446cbb9f378daec
Status: Downloaded newer image for wazuh/wazuh-manager:4.7.4
Pulling wazuh.indexer (wazuh/wazuh-indexer:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-indexer
4477f8fe99eb: Already exists
7e35b2ca79c1: Pull complete
e643da7165cb: Pull complete
627b30910ffe: Pull complete
8cd1f1a10661: Pull complete
ec9201c50a43: Pull complete
fea7f74075b9: Pull complete
0c442ad43dfc: Pull complete
abf77b830c62: Pull complete
eecc1011391f: Pull complete
5d306016bcfd: Pull complete
0e5a888b320d: Pull complete
180da07d0cbb: Pull complete
6daa89e881e9: Pull complete
Digest: sha256:9c45a77707a898dc05c522ee7e4f6c3f0c1faefdb20d45ade70a32c94a727819
Status: Downloaded newer image for wazuh/wazuh-indexer:4.7.4
Pulling wazuh.dashboard (wazuh/wazuh-dashboard:4.7.4)...
4.7.4: Pulling from wazuh/wazuh-dashboard
4477f8fe99eb: Already exists
06940afa91b1: Pull complete
7c014928fc44: Pull complete
881d31674f2d: Pull complete
f38563d87715: Pull complete
f11cb71b84d3: Pull complete
c55be58f8ad7: Pull complete
826b252d37bc: Pull complete
fa4d268f2f11: Pull complete
9100a9073978: Pull complete
ed9829d616cc: Pull complete
4f4fb700ef54: Pull complete
Digest: sha256:101998c7e47a926404eea7bd354f39b5ea34a40d5ec6aa0fedb240c44853766c
Status: Downloaded newer image for wazuh/wazuh-dashboard:4.7.4
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
[root@ip-172-31-45-119 single-node]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0c02cec132ae wazuh/wazuh-dashboard:4.7.4 "/entrypoint.sh" 14 seconds ago Up 13 seconds 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node_wazuh.dashboard_1
c078b714c82b wazuh/wazuh-manager:4.7.4 "/init" 18 seconds ago Up 13 seconds 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node_wazuh.manager_1
adeb6d5f6b34 wazuh/wazuh-indexer:4.7.4 "/entrypoint.sh open…" 18 seconds ago Up 13 seconds 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node_wazuh.indexer_1
[root@ip-172-31-45-119 single-node]# curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**7dfeef43046a7f0b6cf2f129bd1928d4e9e0a8212972845fbca93a6509e87fb4*Zbey3k3h11JihgtR4MQVYw*3KbGq3AFYU-7o1MpINuTivd_WrII-oG4fIvcgLN0Zl0w_JnbnRCal3S4nNv2Kh2OHLhpvlhXvwCWgrY95g3rhOUhvz5EkVbCOJYLIK5dy3DhmJzwkwFmQ_o3KQYzTCJrbL6LuwDWD8JBjd6vtQglSAiZnDBjpFi-O99t61dXk6BFA1BHweJ1o06BpDegrSvZ**f6aa8496d8742aa589421c89b3cca9ec01372623cffd3f80be0f494a83c0dbff*_gpL7E-1OAEd3Oym_d5BzOgSiKDa4JY2AGq07TjxNaI; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Wed, 15 May 2024 10:36:45 GMT
Connection: keep-alive
Keep-Alive: timeout=120
[root@ip-172-31-45-119 single-node]# curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
[root@ip-172-31-45-119 single-node]# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
[root@ip-172-31-45-119 single-node]# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
[root@ip-172-31-45-119 single-node]# docker exec -it single-node_wazuh.manager_1 filebeat test output
elasticsearch: https://wazuh.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.18.0.2
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
[root@ip-172-31-45-119 single-node]# |
Centos 7 with :z option[root@ip-172-31-45-119 single-node]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
[root@ip-172-31-45-119 single-node]# cat docker-compose.yml
# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
version: '3.7'
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.7.4
hostname: wazuh.manager
restart: always
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 655360
hard: 655360
ports:
- "1514:1514"
- "1515:1515"
- "514:514/udp"
- "55000:55000"
environment:
- INDEXER_URL=https://wazuh.indexer:9200
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- FILEBEAT_SSL_VERIFICATION_MODE=full
- SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
- SSL_CERTIFICATE=/etc/ssl/filebeat.pem
- SSL_KEY=/etc/ssl/filebeat.key
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- wazuh_api_configuration:/var/ossec/api/configuration:z
- wazuh_etc:/var/ossec/etc:z
- wazuh_logs:/var/ossec/logs:z
- wazuh_queue:/var/ossec/queue:z
- wazuh_var_multigroups:/var/ossec/var/multigroups:z
- wazuh_integrations:/var/ossec/integrations:z
- wazuh_active_response:/var/ossec/active-response/bin:z
- wazuh_agentless:/var/ossec/agentless:z
- wazuh_wodles:/var/ossec/wodles:z
- filebeat_etc:/etc/filebeat:z
- filebeat_var:/var/lib/filebeat:z
- ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key:z
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf:z
wazuh.indexer:
image: wazuh/wazuh-indexer:4.7.4
hostname: wazuh.indexer
restart: always
ports:
- "9200:9200"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
volumes:
- wazuh-indexer-data:/var/lib/wazuh-indexer:z
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key:z
- ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem:z
- ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem:z
- ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem:z
- ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml:z
- ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml:z
wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.4
hostname: wazuh.dashboard
restart: always
ports:
- 443:5601
environment:
- INDEXER_USERNAME=admin
- INDEXER_PASSWORD=SecretPassword
- WAZUH_API_URL=https://wazuh.manager
- DASHBOARD_USERNAME=kibanaserver
- DASHBOARD_PASSWORD=kibanaserver
- API_USERNAME=wazuh-wui
- API_PASSWORD=MyS3cr37P450r.*-
volumes:
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem:z
- ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem:z
- ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem:z
- ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml:z
- ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml:z
- wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config:z
- wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom:z
depends_on:
- wazuh.indexer
links:
- wazuh.indexer:wazuh.indexer
- wazuh.manager:wazuh.manager
volumes:
wazuh_api_configuration:
wazuh_etc:
wazuh_logs:
wazuh_queue:
wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response:
wazuh_agentless:
wazuh_wodles:
filebeat_etc:
filebeat_var:
wazuh-indexer-data:
wazuh-dashboard-config:
wazuh-dashboard-custom:
[root@ip-172-31-45-119 single-node]# docker-compose up -d
Creating network "single-node_default" with the default driver
Creating volume "single-node_wazuh_api_configuration" with default driver
Creating volume "single-node_wazuh_etc" with default driver
Creating volume "single-node_wazuh_logs" with default driver
Creating volume "single-node_wazuh_queue" with default driver
Creating volume "single-node_wazuh_var_multigroups" with default driver
Creating volume "single-node_wazuh_integrations" with default driver
Creating volume "single-node_wazuh_active_response" with default driver
Creating volume "single-node_wazuh_agentless" with default driver
Creating volume "single-node_wazuh_wodles" with default driver
Creating volume "single-node_filebeat_etc" with default driver
Creating volume "single-node_filebeat_var" with default driver
Creating volume "single-node_wazuh-indexer-data" with default driver
Creating volume "single-node_wazuh-dashboard-config" with default driver
Creating volume "single-node_wazuh-dashboard-custom" with default driver
Creating single-node_wazuh.manager_1 ... done
Creating single-node_wazuh.indexer_1 ... done
Creating single-node_wazuh.dashboard_1 ... done
[root@ip-172-31-45-119 single-node]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
fcfd6015a958 wazuh/wazuh-dashboard:4.7.4 "/entrypoint.sh" 6 minutes ago Up 6 minutes 443/tcp, 0.0.0.0:443->5601/tcp, :::443->5601/tcp single-node_wazuh.dashboard_1
2747f4c23bda wazuh/wazuh-indexer:4.7.4 "/entrypoint.sh open…" 6 minutes ago Up 6 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp single-node_wazuh.indexer_1
dd176e670a86 wazuh/wazuh-manager:4.7.4 "/init" 6 minutes ago Up 6 minutes 0.0.0.0:1514-1515->1514-1515/tcp, :::1514-1515->1514-1515/tcp, 0.0.0.0:514->514/udp, :::514->514/udp, 0.0.0.0:55000->55000/tcp, :::55000->55000/tcp, 1516/tcp single-node_wazuh.manager_1
[root@ip-172-31-45-119 single-node]# curl -XGET --silent https://0.0.0.0:443/app/status -k -u admin:SecretPassword -I -s
HTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'
osd-name: wazuh.dashboard
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=Fe26.2**afbf0357136679289f968655006f3da9dc32f3ff37fd5ba70481b0538790d3ca*fMfubcxBlexRdWQ6-emwrQ*_boVc9XYZ75X1g8vZBv8KL89OFAU26Jq2N1sgDpcKOXzxr8QsWNI6VWc3eI_yof3T8mgJnx2s6cpCuuIlIm46X-EemVAOtUSWNM62OLA-PAeIQPmhs2eB21kre9fc3xunwF74RlyGU2lwEFHb0Mw6d7gtjB7bsKT1SaVSQJcUf2vZeFHLtB68i8eESer1MrA**627f0c2e23a7ac883ea7fcfbf703b7fe2684096ead4f7b20021f0e5b8cf6cb29*w65I_dvIMq0TCRh-yEv7wcaJwkCstik6FCISpWiwuyk; HttpOnly; Path=/
content-length: 92350
vary: accept-encoding
accept-ranges: bytes
Date: Wed, 15 May 2024 11:05:45 GMT
Connection: keep-alive
Keep-Alive: timeout=120
[root@ip-172-31-45-119 single-node]# curl -XGET "https://0.0.0.0:9200/_cluster/health" -u admin:SecretPassword -k -s
{"cluster_name":"opensearch","status":"green","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"discovered_master":true,"discovered_cluster_manager":true,"active_primary_shards":7,"active_shards":7,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
[root@ip-172-31-45-119 single-node]# TOKEN=$(curl -s -u wazuh-wui:MyS3cr37P450r.*- -k -X GET "https://0.0.0.0:55000/security/user/authenticate?raw=true")
[root@ip-172-31-45-119 single-node]# curl -k -s -X GET "https://0.0.0.0:55000/manager/status?pretty=true" -H "Authorization: Bearer $TOKEN"
{
"data": {
"affected_items": [
{
"wazuh-agentlessd": "stopped",
"wazuh-analysisd": "running",
"wazuh-authd": "running",
"wazuh-csyslogd": "stopped",
"wazuh-dbd": "stopped",
"wazuh-monitord": "running",
"wazuh-execd": "running",
"wazuh-integratord": "stopped",
"wazuh-logcollector": "running",
"wazuh-maild": "stopped",
"wazuh-remoted": "running",
"wazuh-reportd": "stopped",
"wazuh-syscheckd": "running",
"wazuh-clusterd": "stopped",
"wazuh-modulesd": "running",
"wazuh-db": "running",
"wazuh-apid": "running"
}
],
"total_affected_items": 1,
"total_failed_items": 0,
"failed_items": []
},
"message": "Processes status was successfully read",
"error": 0
}
[root@ip-172-31-45-119 single-node]# docker exec -it single-node_wazuh.manager_1 filebeat test output
elasticsearch: https://wazuh.indexer:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 172.19.0.2
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... OK
version: 7.10.2
[root@ip-172-31-45-119 single-node]# |
Hello @levisre I have carried out tests on several computers and I have not been able to reproduce the error that you mentioned regarding this topic in the issue #711. |
As we were not able to reproduce the issue we will close it. |
Description
It is required to add the
:z
option to the files that are mounted in the Wazuh containers so that they can modify the SElinux labels.It is necessary to verify that this change correctly performs what is needed and does not have a negative impact on the deployment under Linux distributions without active SElinux and that upgrading from a deployment without these options to one with this change does not generate errors.
Tasks
The text was updated successfully, but these errors were encountered: