Steven Foerster
5 years ago
3 changed files with 132 additions and 0 deletions
@ -0,0 +1,101 @@ |
|||||||
|
# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) |
||||||
|
version: '3.7' |
||||||
|
|
||||||
|
services: |
||||||
|
wazuh: |
||||||
|
image: wazuh/wazuh-odfe:4.1.4 |
||||||
|
hostname: wazuh-manager |
||||||
|
restart: unless-stopped |
||||||
|
ports: |
||||||
|
- "${MISTBORN_BIND_IP}:1514:1514" |
||||||
|
- "${MISTBORN_BIND_IP}:1515:1515" |
||||||
|
- "${MISTBORN_BIND_IP}:514:514/udp" |
||||||
|
- "${MISTBORN_BIND_IP}:55000:55000" |
||||||
|
environment: |
||||||
|
- ELASTICSEARCH_URL=https://wazuhes.mistborn |
||||||
|
- FILEBEAT_SSL_VERIFICATION_MODE=none |
||||||
|
env_file: |
||||||
|
- ../.envs/.production/.wazuh |
||||||
|
volumes: |
||||||
|
- ossec_api_configuration:/var/ossec/api/configuration |
||||||
|
- ossec_etc:/var/ossec/etc |
||||||
|
- ossec_logs:/var/ossec/logs |
||||||
|
- ossec_queue:/var/ossec/queue |
||||||
|
- ossec_var_multigroups:/var/ossec/var/multigroups |
||||||
|
- ossec_integrations:/var/ossec/integrations |
||||||
|
- ossec_active_response:/var/ossec/active-response/bin |
||||||
|
- ossec_agentless:/var/ossec/agentless |
||||||
|
- ossec_wodles:/var/ossec/wodles |
||||||
|
- filebeat_etc:/etc/filebeat |
||||||
|
- filebeat_var:/var/lib/filebeat |
||||||
|
|
||||||
|
wazuh-elasticsearch: |
||||||
|
image: amazon/opendistro-for-elasticsearch:1.12.0 |
||||||
|
hostname: wazuh-elasticsearch |
||||||
|
restart: unless-stopped |
||||||
|
labels: |
||||||
|
- "traefik.enable=true" |
||||||
|
- "traefik.http.routers.wazuhes-http.rule=Host(`wazuhes.mistborn`)" |
||||||
|
- "traefik.http.routers.wazuhes-http.entrypoints=web" |
||||||
|
- "traefik.http.routers.wazuhes-http.middlewares=mistborn_auth@file" |
||||||
|
- "traefik.http.routers.wazuhes-https.rule=Host(`wazuhes.mistborn`)" |
||||||
|
- "traefik.http.routers.wazuhes-https.entrypoints=websecure" |
||||||
|
- "traefik.http.routers.wazuhes-https.middlewares=mistborn_auth@file" |
||||||
|
- "traefik.http.routers.wazuhes-https.tls.certresolver=basic" |
||||||
|
- "traefik.http.services.wazuhes-service.loadbalancer.server.port=9200" |
||||||
|
#ports: |
||||||
|
# - "${MISTBORN_BIND_IP}:9200:9200" |
||||||
|
environment: |
||||||
|
- discovery.type=single-node |
||||||
|
- cluster.name=wazuh-cluster |
||||||
|
- network.host=0.0.0.0 |
||||||
|
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" |
||||||
|
- bootstrap.memory_lock=true |
||||||
|
ulimits: |
||||||
|
memlock: |
||||||
|
soft: -1 |
||||||
|
hard: -1 |
||||||
|
nofile: |
||||||
|
soft: 65536 |
||||||
|
hard: 65536 |
||||||
|
|
||||||
|
wazuh-kibana: |
||||||
|
image: wazuh/wazuh-kibana-odfe:4.1.4 |
||||||
|
hostname: wazuh-kibana |
||||||
|
restart: unless-stopped |
||||||
|
labels: |
||||||
|
- "traefik.enable=true" |
||||||
|
- "traefik.http.routers.wazuhk-http.rule=Host(`wazuhk.mistborn`)" |
||||||
|
- "traefik.http.routers.wazuhk-http.entrypoints=web" |
||||||
|
- "traefik.http.routers.wazuhk-http.middlewares=mistborn_auth@file" |
||||||
|
- "traefik.http.routers.wazuhk-https.rule=Host(`wazuhk.mistborn`)" |
||||||
|
- "traefik.http.routers.wazuhk-https.entrypoints=websecure" |
||||||
|
- "traefik.http.routers.wazuhk-https.middlewares=mistborn_auth@file" |
||||||
|
- "traefik.http.routers.wazuhk-https.tls.certresolver=basic" |
||||||
|
- "traefik.http.services.wazuhk-service.loadbalancer.server.port=5601" |
||||||
|
#ports: |
||||||
|
# - "${MISTBORN_BIND_IP}:5601:5601" |
||||||
|
environment: |
||||||
|
- SERVER_SSL_ENABLED=false |
||||||
|
- SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert |
||||||
|
- SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key |
||||||
|
env_file: |
||||||
|
- ../.envs/.production/.wazuh |
||||||
|
depends_on: |
||||||
|
- wazuh-elasticsearch |
||||||
|
links: |
||||||
|
- wazuh-elasticsearch:wazuh-elasticsearch |
||||||
|
- wazuh:wazuh |
||||||
|
|
||||||
|
volumes: |
||||||
|
ossec_api_configuration: |
||||||
|
ossec_etc: |
||||||
|
ossec_logs: |
||||||
|
ossec_queue: |
||||||
|
ossec_var_multigroups: |
||||||
|
ossec_integrations: |
||||||
|
ossec_active_response: |
||||||
|
ossec_agentless: |
||||||
|
ossec_wodles: |
||||||
|
filebeat_etc: |
||||||
|
filebeat_var: |
||||||
@ -0,0 +1,22 @@ |
|||||||
|
[Unit] |
||||||
|
Description=Mistborn Wazuh Service |
||||||
|
Requires=Mistborn-base.service |
||||||
|
After=Mistborn-base.service |
||||||
|
PartOf=Mistborn-base.service |
||||||
|
|
||||||
|
[Service] |
||||||
|
Restart=always |
||||||
|
RestartSec=15 |
||||||
|
User=root |
||||||
|
Group=docker |
||||||
|
PermissionsStartOnly=true |
||||||
|
# Shutdown container (if running) when unit is stopped |
||||||
|
ExecStartPre=/usr/sbin/sysctl -w vm.max_map_count=262144 |
||||||
|
ExecStartPre=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose -f /opt/mistborn/extra/wazuh.yml down |
||||||
|
# Start container when unit is started |
||||||
|
ExecStart=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose -f /opt/mistborn/extra/wazuh.yml up --build |
||||||
|
# Stop container when unit is stopped |
||||||
|
ExecStop=/opt/mistborn/scripts/wrappers/mistborn_docker.sh wazuh docker-compose -f /opt/mistborn/extra/wazuh.yml down |
||||||
|
|
||||||
|
[Install] |
||||||
|
WantedBy=multi-user.target |
||||||
@ -0,0 +1,9 @@ |
|||||||
|
#!/bin/bash |
||||||
|
|
||||||
|
# Wazuh |
||||||
|
WAZUH_PROD_FILE="$1" |
||||||
|
echo "ELASTIC_USERNAME=mistborn" > $WAZUH_PROD_FILE |
||||||
|
echo "ELASTIC_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE |
||||||
|
echo "ELASTICSEARCH_USERNAME=mistborn" >> $WAZUH_PROD_FILE |
||||||
|
echo "ELASTICSEARCH_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE |
||||||
|
chmod 600 $WAZUH_PROD_FILE |
||||||
Loading…
Reference in new issue