From cd6c47582d5da3d782e69e356d94c494533ab129 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Fri, 5 Jul 2024 09:46:05 -0300 Subject: [PATCH 1/5] Add certs generator and dashboard certs configuration --- integrations/docker/splunk.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/integrations/docker/splunk.yml b/integrations/docker/splunk.yml index 91d4f346cca81..1336575bb0e45 100644 --- a/integrations/docker/splunk.yml +++ b/integrations/docker/splunk.yml @@ -59,12 +59,44 @@ services: - 5601:5601 # Map host port 5601 to container port 5601 expose: - "5601" # Expose port 5601 for web access to OpenSearch Dashboards + volumes: + - ./certs/:/usr/share/opensearch-dashboards/config/certs/ + - ./certs/wazuh.dashboard-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key + - ./certs/wazuh.dashboard.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem + - ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem environment: OPENSEARCH_HOSTS: '["https://wazuh.indexer:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query + SERVER_SSL_ENABLED: 'true' + SERVER_SSL_KEY: '/usr/share/opensearch-dashboards/config/certs/opensearch.key' + SERVER_SSL_CERTIFICATE: '/usr/share/opensearch-dashboards/config/certs/opensearch.pem' + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '/usr/share/opensearch-dashboards/config/certs/root-ca.pem' + + generate-certs-config: + image: alpine:latest + volumes: + - ./config:/config + command: | + sh -c " + echo ' + nodes: + indexer: + - name: wazuh.indexer + ip: \"wazuh.indexer\" + server: + - name: wazuh.manager + ip: \"wazuh.manager\" + dashboard: + - name: wazuh.dashboard + ip: \"wazuh.dashboard\" + ' > /config/certs.yml + " wazuh-certs-generator: image: wazuh/wazuh-certs-generator:0.0.1 hostname: wazuh-certs-generator + depends_on: + generate-certs-config: + condition: service_completed_successfully entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" volumes: - ./certs/:/certificates/ From a6d5857dd5581768ac0c804f44b09e5406fc0741 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Fri, 5 Jul 2024 10:38:10 -0300 Subject: [PATCH 2/5] Adding tls to kibana and wazuh dashboard in elastic integration --- integrations/docker/elastic.yml | 43 ++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/integrations/docker/elastic.yml b/integrations/docker/elastic.yml index e30cda48306ab..937d712deee35 100644 --- a/integrations/docker/elastic.yml +++ b/integrations/docker/elastic.yml @@ -59,12 +59,44 @@ services: - 5601:5601 # Map host port 5601 to container port 5601 expose: - "5601" # Expose port 5601 for web access to OpenSearch Dashboards + volumes: + - ./certs/:/usr/share/opensearch-dashboards/config/certs/ + - ./certs/wazuh.dashboard-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key + - ./certs/wazuh.dashboard.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem + - ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem environment: OPENSEARCH_HOSTS: '["https://wazuh.indexer:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query + SERVER_SSL_ENABLED: 'true' + SERVER_SSL_KEY: '/usr/share/opensearch-dashboards/config/certs/opensearch.key' + SERVER_SSL_CERTIFICATE: '/usr/share/opensearch-dashboards/config/certs/opensearch.pem' + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '/usr/share/opensearch-dashboards/config/certs/root-ca.pem' + + generate-certs-config: + image: alpine:latest + volumes: + - ./config:/config + command: | + sh -c " + echo ' + nodes: + indexer: + - name: wazuh.indexer + ip: \"wazuh.indexer\" + server: + - name: wazuh.manager + ip: \"wazuh.manager\" + dashboard: + - name: wazuh.dashboard + ip: \"wazuh.dashboard\" + ' > /config/certs.yml + " wazuh-certs-generator: image: wazuh/wazuh-certs-generator:0.0.1 hostname: wazuh-certs-generator + depends_on: + generate-certs-config: + condition: service_completed_successfully entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" volumes: - ./certs/:/certificates/ @@ -105,6 +137,12 @@ services: " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ + " - name: kibana\n"\ + " dns:\n"\ + " - kibana\n"\ + " - localhost\n"\ + " ip:\n"\ + " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; @@ -181,12 +219,15 @@ services: - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt + - SERVER_SSL_ENABLED=true + - SERVER_SSL_KEY=/usr/share/kibana/config/certs/kibana/kibana.key + - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/certs/kibana/kibana.crt mem_limit: ${MEM_LIMIT} healthcheck: test: [ 'CMD-SHELL', - "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", + "curl -s -I https://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", ] interval: 10s timeout: 10s From 58bf4d64be76e5dd120fc1b3113654b2edc8f658 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Fri, 5 Jul 2024 10:43:41 -0300 Subject: [PATCH 3/5] Adding tls to Kibana in manager to elastic integration --- integrations/docker/manager-elastic.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/integrations/docker/manager-elastic.yml b/integrations/docker/manager-elastic.yml index e98a2871dff8b..12ee41527ee24 100644 --- a/integrations/docker/manager-elastic.yml +++ b/integrations/docker/manager-elastic.yml @@ -150,6 +150,12 @@ services: " - localhost\n"\ " ip:\n"\ " - 127.0.0.1\n"\ + " - name: kibana\n"\ + " dns:\n"\ + " - kibana\n"\ + " - localhost\n"\ + " ip:\n"\ + " - 127.0.0.1\n"\ > config/certs/instances.yml; bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; unzip config/certs/certs.zip -d config/certs; @@ -226,12 +232,15 @@ services: - ELASTICSEARCH_USERNAME=kibana_system - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt + - SERVER_SSL_ENABLED=true + - SERVER_SSL_KEY=/usr/share/kibana/config/certs/kibana/kibana.key + - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/certs/kibana/kibana.crt mem_limit: ${MEM_LIMIT} healthcheck: test: [ 'CMD-SHELL', - "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", + "curl -s -I https://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", ] interval: 10s timeout: 10s From 9b21029e38c369ea7bbd552c10dd57d14d26a539 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Fri, 5 Jul 2024 11:00:02 -0300 Subject: [PATCH 4/5] Add TLS to OpenSearch and Wazuh Dashboards --- integrations/docker/opensearch.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/integrations/docker/opensearch.yml b/integrations/docker/opensearch.yml index 2cfa537cbcc50..ed878c8054b92 100644 --- a/integrations/docker/opensearch.yml +++ b/integrations/docker/opensearch.yml @@ -72,10 +72,36 @@ services: SERVER.SSL_CERTIFICATE: '/usr/share/opensearch-dashboards/config/certs/opensearch.pem' OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '/usr/share/opensearch-dashboards/config/certs/root-ca.pem' + generate-certs-config: + image: alpine:latest + volumes: + - ./config:/config + command: | + sh -c " + echo ' + nodes: + indexer: + - name: wazuh.indexer + ip: \"wazuh.indexer\" + - name: opensearch.node + ip: \"opensearch.node\" + server: + - name: wazuh.manager + ip: \"wazuh.manager\" + dashboard: + - name: wazuh.dashboard + ip: \"wazuh.dashboard\" + - name: opensearch.dashboards + ip: \"opensearch.dashboards\" + ' > /config/certs.yml + " wazuh-certs-generator: image: wazuh/wazuh-certs-generator:0.0.1 hostname: wazuh-certs-generator + depends_on: + generate-certs-config: + condition: service_completed_successfully entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" volumes: - ./certs/:/certificates/ From a84f2423e69d40b84a0bec121fb8c0f1c0d41a09 Mon Sep 17 00:00:00 2001 From: Fede Tux Date: Fri, 5 Jul 2024 11:11:53 -0300 Subject: [PATCH 5/5] Add TLS to Dashboard in AWS Security Lake integration --- integrations/docker/amazon-security-lake.yml | 32 ++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/integrations/docker/amazon-security-lake.yml b/integrations/docker/amazon-security-lake.yml index c02b51dab8c58..16ee907668a0d 100644 --- a/integrations/docker/amazon-security-lake.yml +++ b/integrations/docker/amazon-security-lake.yml @@ -65,8 +65,17 @@ services: - 5601:5601 # Map host port 5601 to container port 5601 expose: - "5601" # Expose port 5601 for web access to OpenSearch Dashboards + volumes: + - ./certs/:/usr/share/opensearch-dashboards/config/certs/ + - ./certs/wazuh.dashboard-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key + - ./certs/wazuh.dashboard.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem + - ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem environment: OPENSEARCH_HOSTS: '["https://wazuh.indexer:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query + SERVER_SSL_ENABLED: 'true' + SERVER_SSL_KEY: '/usr/share/opensearch-dashboards/config/certs/opensearch.key' + SERVER_SSL_CERTIFICATE: '/usr/share/opensearch-dashboards/config/certs/opensearch.pem' + OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '/usr/share/opensearch-dashboards/config/certs/root-ca.pem' wazuh.integration.security.lake: image: wazuh/indexer-security-lake-integration @@ -128,10 +137,33 @@ services: - ../amazon-security-lake/src:/var/task ports: - "9000:8080" + + generate-certs-config: + image: alpine:latest + volumes: + - ./config:/config + command: | + sh -c " + echo ' + nodes: + indexer: + - name: wazuh.indexer + ip: \"wazuh.indexer\" + server: + - name: wazuh.manager + ip: \"wazuh.manager\" + dashboard: + - name: wazuh.dashboard + ip: \"wazuh.dashboard\" + ' > /config/certs.yml + " wazuh-certs-generator: image: wazuh/wazuh-certs-generator:0.0.1 hostname: wazuh-certs-generator + depends_on: + generate-certs-config: + condition: service_completed_successfully container_name: wazuh-certs-generator entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" volumes: