wazuh · giper45 · Nov 24, 2021 · Jan 28, 2022 · Jan 28, 2022 · Jan 28, 2022
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+production_cluster
diff --git a/.goss.yaml b/.goss.yaml
@@ -56,7 +56,7 @@ package:
   wazuh-manager:
     installed: true
     versions:
-    - 4.3.0
+    - 4.4.0
 port:
   tcp:1514:
     listening: true

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Docker v4.4.0
+### Added
+
+- Update Wazuh to version [4.4.0](https://github.com/wazuh/wazuh/blob/v4.4.0/CHANGELOG.md#v440)
+
 ## Wazuh Docker v4.3.0
 ### Added
 

diff --git a/Makefile b/Makefile
@@ -0,0 +1,56 @@
+WAZUH_VERSION ?= 4.4.0-1
+WAZUH_KIBANA_VERSION ?= 4.4.0
+
+DEV_STACK = docker-compose.yml 
+PROD_STACK = production-cluster.yml
+BUILD_STACK = build-from-sources.yml
+CERT_STACK = generate-opendistro-certs.yml
+PROD_DIR = production_cluster
+SSL_DIR = $(PROD_DIR)/ssl_certs
+NGINX_SSL = $(PROD_DIR)/nginx/ssl
+KIBANA_SSL = $(PROD_DIR)/kibana_ssl/
+
+DEFAULT_FLAGS = -d --remove-orphans
+COMPOSE = docker-compose
+
+
+images-build:
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(BUILD_STACK) up
+
+
+certs-create: prod-stop
+	$(COMPOSE) -f $(CERT_STACK) run --rm generator 
+	bash $(NGINX_SSL)/generate-self-signed-cert.sh
+	bash $(KIBANA_SSL)/generate-self-signed-cert.sh
+
+dev-up:
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) up $(DEFAULT_FLAGS) 
+
+dev-down:
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION)	$(COMPOSE) down 
+
+prod-elk-run: 
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(PROD_STACK) up elasticsearch elasticsearch-2 elasticsearch-3 
+
+prod-kibana-run: 
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(PROD_STACK) up kibana 
+
+prod-nginx-run: 
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(PROD_STACK) up nginx 
+
+prod-run:
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(PROD_STACK) up $(DEFAULT_FLAGS)
+
+prod-up: 
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(PROD_STACK) up $(DEFAULT_FLAGS)
+
+prod-stop:
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(PROD_STACK) stop
+
+prod-down: 
+	WAZUH_VERSION=$(WAZUH_VERSION) WAZUH_KIBANA_VERSION=$(WAZUH_KIBANA_VERSION) $(COMPOSE) -f $(PROD_STACK) down
+
+certs-clean: prod-stop
+	rm -f $(SSL_DIR)/admin* $(SSL_DIR)/node* $(SSL_DIR)/root* $(SSL_DIR)/filebeat* $(SSL_DIR)/intermediate* $(SSL_DIR)/client-cert*
+
+clean:  certs-clean dev-down prod-down
diff --git a/README.md b/README.md
@@ -21,6 +21,30 @@ In addition, a docker-compose file is provided to launch the containers mentione
 * [Wazuh documentation for Docker](https://documentation.wazuh.com/current/docker/index.html)
 * [Docker hub](https://hub.docker.com/u/wazuh)
 
+To start, just copy the `production_cluster.tpl` template directory: 
+``` 
+cp -r production_cluster.tpl production_cluster  
+```  
+and follow the documentation to run the Wazuh stack.
+
+### Usage through make  
+You can use `Makefile` to run the stack: 
+
+* build images: `make images-build`
+* run dev stack: `make dev-up`
+* stop dev stack: `make dev-down`
+* creates certificates: `make certs-create`
+* run prod elastic nodes: `make prod-elk-run`
+* run prod kibana: `make prod-kibana-run` 
+* run prod nginx: `make prod-nginx-run`
+* run prod stack: `make prod-run`
+* stop prod stack: `make prod-stop`
+* destroy prod stack: `make prod-down`
+* clean generated certificates : `make certs-clean`
+* clean the stack: `make clean`
+
+To try `wazuh`, just run `make dev-up`. 
+To run `wazuh`in production, creates certificates (`make certs-create`) and run prod stack (`make prod-run`)
 
 ### Setup SSL certificate
 
@@ -153,6 +177,7 @@ ADMIN_PRIVILEGES=true               # App privileges
 
 | Wazuh version | ODFE    | XPACK  |
 |---------------|---------|--------|
+| v4.4.0        | 1.13.2  | 7.11.2 |
 | v4.3.0        | 1.13.2  | 7.11.2 |
 | v4.2.5        | 1.13.2  | 7.11.2 |
 | v4.2.4        | 1.13.2  | 7.11.2 |

diff --git a/VERSION b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-DOCKER_VERSION="4.3.0"
-REVISION="43100"
+WAZUH-DOCKER_VERSION="4.4.0"
+REVISION="40400"
diff --git a/build-from-sources.yml b/build-from-sources.yml
@@ -3,7 +3,10 @@ version: '3.7'
 
 services:
   wazuh:
-    build:  wazuh-odfe/
+    build:  
+      context: wazuh-odfe/
+      args:
+          WAZUH_VERSION: $WAZUH_VERSION
     image: wazuh/wazuh-odfe:dev-version
     hostname: wazuh-manager
     restart: always
@@ -51,7 +54,10 @@ services:
         hard: 65536
 
   kibana:
-    build: kibana-odfe/
+    build: 
+      context: kibana-odfe/
+      args:
+        WAZUH_KIBANA_VERSION: $WAZUH_KIBANA_VERSION
     image: wazuh/wazuh-kibana-odfe:dev-version
     hostname: kibana
     restart: always

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh:
-    image: wazuh/wazuh-odfe:4.3.0
+    image: wazuh/wazuh-odfe:$WAZUH_VERSION
     hostname: wazuh-manager
     restart: always
     ports:
@@ -50,7 +50,7 @@ services:
         hard: 65536
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.3.0
+    image: wazuh/wazuh-kibana-odfe:$WAZUH_KIBANA_VERSION
     hostname: kibana
     restart: always
     ports:

diff --git a/kibana-odfe/Dockerfile b/kibana-odfe/Dockerfile
@@ -2,8 +2,8 @@
 FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.3.0
-ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
+ARG WAZUH_KIBANA_VERSION
+ARG WAZUH_APP_VERSION="${WAZUH_KIBANA_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana
 RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip

diff --git a/kibana/Dockerfile b/kibana/Dockerfile
@@ -2,7 +2,7 @@
 FROM docker.elastic.co/kibana/kibana:7.10.2
 USER kibana
 ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.3.0
+ARG WAZUH_VERSION
 ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
 
 WORKDIR /usr/share/kibana

diff --git a/production-cluster.yml b/production-cluster.yml
@@ -3,7 +3,7 @@ version: '3.7'
 
 services:
   wazuh-master:
-    image: wazuh/wazuh-odfe:4.3.0
+    image: wazuh/wazuh-odfe:$WAZUH_VERSION
     hostname: wazuh-master
     restart: always
     ports:
@@ -38,7 +38,7 @@ services:
       - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
 
   wazuh-worker:
-    image: wazuh/wazuh-odfe:4.3.0
+    image: wazuh/wazuh-odfe:$WAZUH_VERSION
     hostname: wazuh-worker
     restart: always
     environment:
@@ -134,7 +134,7 @@ services:
       - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
 
   kibana:
-    image: wazuh/wazuh-kibana-odfe:4.3.0
+    image: wazuh/wazuh-kibana-odfe:$WAZUH_KIBANA_VERSION
     hostname: kibana
     restart: always
     ports:

diff --git a/production_cluster.tpl/elastic_opendistro/elasticsearch-node1.yml b/production_cluster.tpl/elastic_opendistro/elasticsearch-node1.yml
@@ -0,0 +1,31 @@
+network.host: 0.0.0.0
+cluster.name: wazuh-cluster
+node.name: elasticsearch
+discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3
+cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3
+bootstrap.memory_lock: true
+
+opendistro_security.ssl.transport.pemcert_filepath: node1.pem
+opendistro_security.ssl.transport.pemkey_filepath: node1.key
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.transport.resolve_hostname: false
+opendistro_security.ssl.http.enabled: true
+opendistro_security.ssl.http.pemcert_filepath: node1.pem
+opendistro_security.ssl.http.pemkey_filepath: node1.key
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.nodes_dn:
+    - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+#opendistro_security.audit.config.disabled_rest_categories: NONE
+#opendistro_security.audit.config.disabled_transport_categories: NONE
+opendistro_security.audit.log_request_body: false
diff --git a/production_cluster.tpl/elastic_opendistro/elasticsearch-node2.yml b/production_cluster.tpl/elastic_opendistro/elasticsearch-node2.yml
@@ -0,0 +1,31 @@
+network.host: 0.0.0.0
+cluster.name: wazuh-cluster
+node.name: elasticsearch-2
+discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3
+cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3
+bootstrap.memory_lock: true
+
+opendistro_security.ssl.transport.pemcert_filepath: node2.pem
+opendistro_security.ssl.transport.pemkey_filepath: node2.key
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.transport.resolve_hostname: false
+opendistro_security.ssl.http.enabled: true
+opendistro_security.ssl.http.pemcert_filepath: node2.pem
+opendistro_security.ssl.http.pemkey_filepath: node2.key
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.nodes_dn:
+    - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+#opendistro_security.audit.config.disabled_rest_categories: NONE
+#opendistro_security.audit.config.disabled_transport_categories: NONE
+opendistro_security.audit.log_request_body: false
diff --git a/production_cluster.tpl/elastic_opendistro/elasticsearch-node3.yml b/production_cluster.tpl/elastic_opendistro/elasticsearch-node3.yml
@@ -0,0 +1,31 @@
+network.host: 0.0.0.0
+cluster.name: wazuh-cluster
+node.name: elasticsearch-3
+discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3
+cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3
+bootstrap.memory_lock: true
+
+opendistro_security.ssl.transport.pemcert_filepath: node3.pem
+opendistro_security.ssl.transport.pemkey_filepath: node3.key
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.transport.resolve_hostname: false
+opendistro_security.ssl.http.enabled: true
+opendistro_security.ssl.http.pemcert_filepath: node3.pem
+opendistro_security.ssl.http.pemkey_filepath: node3.key
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.nodes_dn:
+    - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
+opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+#opendistro_security.audit.config.disabled_rest_categories: NONE
+#opendistro_security.audit.config.disabled_transport_categories: NONE
+opendistro_security.audit.log_request_body: false
diff --git a/production_cluster.tpl/elastic_opendistro/internal_users.yml b/production_cluster.tpl/elastic_opendistro/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
diff --git a/production_cluster.tpl/kibana_ssl/generate-self-signed-cert.sh b/production_cluster.tpl/kibana_ssl/generate-self-signed-cert.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+if [ -s key.pem ]
+then
+    echo "Certificate already exists"
+    exit
+else
+    openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
+    chown -R 1000:1000 *.pem
+fi