From b9d6c6eb49a1281aefd21fb3ea2787f039b080a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Ruiz?= Date: Mon, 9 Sep 2024 17:00:10 +0200 Subject: [PATCH] Remove old compose files for integrations --- integrations/docker/elastic.yml | 213 ------------------ integrations/docker/manager-elastic.yml | 243 --------------------- integrations/docker/manager-opensearch.yml | 181 --------------- integrations/docker/manager-splunk.yml | 172 --------------- integrations/docker/opensearch.yml | 162 -------------- integrations/docker/splunk.yml | 143 ------------ 6 files changed, 1114 deletions(-) delete mode 100644 integrations/docker/elastic.yml delete mode 100644 integrations/docker/manager-elastic.yml delete mode 100644 integrations/docker/manager-opensearch.yml delete mode 100644 integrations/docker/manager-splunk.yml delete mode 100644 integrations/docker/opensearch.yml delete mode 100644 integrations/docker/splunk.yml diff --git a/integrations/docker/elastic.yml b/integrations/docker/elastic.yml deleted file mode 100644 index e30cda48306ab..0000000000000 --- a/integrations/docker/elastic.yml +++ /dev/null @@ -1,213 +0,0 @@ -name: "elastic-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -a wazuh.indexer" - - wazuh.indexer: - image: opensearchproject/opensearch:2.12.0 - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh.dashboard: - image: opensearchproject/opensearch-dashboards:2.12.0 - depends_on: - - wazuh.indexer - hostname: wazuh.dashboard - ports: - - 5601:5601 # Map host port 5601 to container port 5601 - expose: - - "5601" # Expose port 5601 for web access to OpenSearch Dashboards - environment: - OPENSEARCH_HOSTS: '["https://wazuh.indexer:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:0.0.1 - hostname: wazuh-certs-generator - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - - # ================================= - # Elasticsearch, Kibana and Logstash - # ================================= - # https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html - - setup: - image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} - volumes: - - es_certs:/usr/share/elasticsearch/config/certs - user: '0' - command: > - bash -c ' - if [ x${ELASTIC_PASSWORD} == x ]; then - echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; - exit 1; - elif [ x${KIBANA_PASSWORD} == x ]; then - echo "Set the KIBANA_PASSWORD environment variable in the .env file"; - exit 1; - fi; - if [ ! -f config/certs/ca.zip ]; then - echo "Creating CA"; - bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; - unzip config/certs/ca.zip -d config/certs; - fi; - if [ ! -f config/certs/certs.zip ]; then - echo "Creating certs"; - echo -ne \ - "instances:\n"\ - " - name: es01\n"\ - " dns:\n"\ - " - es01\n"\ - " - localhost\n"\ - " ip:\n"\ - " - 127.0.0.1\n"\ - > config/certs/instances.yml; - bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; - unzip config/certs/certs.zip -d config/certs; - fi; - echo "Setting file permissions" - chown -R 1000:1000 config/certs; - find . -type d -exec chmod 750 \{\} \;; - find . -type f -exec chmod 640 \{\} \;; - echo "Waiting for Elasticsearch availability"; - until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; - echo "Setting kibana_system password"; - until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; - echo "All done!"; - ' - healthcheck: - test: ['CMD-SHELL', '[ -f config/certs/es01/es01.crt ]'] - interval: 1s - timeout: 5s - retries: 120 - - es01: - depends_on: - setup: - condition: service_healthy - image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} - volumes: - - es_certs:/usr/share/elasticsearch/config/certs - ports: - - ${ES_PORT}:9200 - environment: - - node.name=es01 - - cluster.name=${CLUSTER_NAME} - - cluster.initial_master_nodes=es01 - - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - - bootstrap.memory_lock=true - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.key=certs/es01/es01.key - - xpack.security.http.ssl.certificate=certs/es01/es01.crt - - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.key=certs/es01/es01.key - - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.license.self_generated.type=${LICENSE} - mem_limit: ${MEM_LIMIT} - ulimits: - memlock: - soft: -1 - hard: -1 - healthcheck: - test: - [ - 'CMD-SHELL', - "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", - ] - interval: 10s - timeout: 10s - retries: 120 - - kibana: - depends_on: - es01: - condition: service_healthy - image: docker.elastic.co/kibana/kibana:${STACK_VERSION} - volumes: - - es_certs:/usr/share/kibana/config/certs - ports: - - ${KIBANA_PORT}:5601 - environment: - - SERVERNAME=kibana - - ELASTICSEARCH_HOSTS=https://es01:9200 - - ELASTICSEARCH_USERNAME=kibana_system - - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt - mem_limit: ${MEM_LIMIT} - healthcheck: - test: - [ - 'CMD-SHELL', - "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", - ] - interval: 10s - timeout: 10s - retries: 120 - - logstash: - depends_on: - es01: - condition: service_healthy - image: logstash-oss:8.6.2 - build: - context: ../elastic - environment: - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../elastic/logstash/pipeline:/usr/share/logstash/pipeline - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - - es_certs:/etc/certs/elastic - command: logstash -f /usr/share/logstash/pipeline/indexer-to-elastic.conf - -volumes: - data: - es_certs: diff --git a/integrations/docker/manager-elastic.yml b/integrations/docker/manager-elastic.yml deleted file mode 100644 index e98a2871dff8b..0000000000000 --- a/integrations/docker/manager-elastic.yml +++ /dev/null @@ -1,243 +0,0 @@ -name: "manager-elastic-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -o filebeat" - volumes: - - alerts:/var/ossec/logs/alerts/ - - wazuh.manager: - image: wazuh/wazuh-manager:${WAZUH_VERSION} - hostname: wazuh.manager - restart: always - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 655360 - hard: 655360 - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - LOG_LEVEL=info - - MONITORING_ENABLED=false - volumes: - - ./certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - ./certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - - wazuh.indexer: - image: opensearchproject/opensearch:2.12.0 - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - compatibility.override_main_response_version=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:0.0.1 - hostname: wazuh-certs-generator - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - logstash: - depends_on: - es01: - condition: service_healthy - wazuh-certs-generator: - condition: service_completed_successfully - image: logstash-oss:8.6.2 - build: - context: ../elastic - environment: - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../elastic/logstash/pipeline:/usr/share/logstash/pipeline - - es_certs:/usr/share/logstash/es_certs - - alerts:/var/ossec/logs/alerts/ - command: logstash -f /usr/share/logstash/pipeline/manager-to-elastic.conf - - - - # ================================= - # Elasticsearch and Kibana - # ================================= - # https://www.elastic.co/guide/en/elastic-stack-get-started/current/get-started-docker.html - - setup: - image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} - volumes: - - es_certs:/usr/share/elasticsearch/config/certs - user: '0' - command: > - bash -c ' - if [ x${ELASTIC_PASSWORD} == x ]; then - echo "Set the ELASTIC_PASSWORD environment variable in the .env file"; - exit 1; - elif [ x${KIBANA_PASSWORD} == x ]; then - echo "Set the KIBANA_PASSWORD environment variable in the .env file"; - exit 1; - fi; - if [ ! -f config/certs/ca.zip ]; then - echo "Creating CA"; - bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip; - unzip config/certs/ca.zip -d config/certs; - fi; - if [ ! -f config/certs/certs.zip ]; then - echo "Creating certs"; - echo -ne \ - "instances:\n"\ - " - name: es01\n"\ - " dns:\n"\ - " - es01\n"\ - " - localhost\n"\ - " ip:\n"\ - " - 127.0.0.1\n"\ - > config/certs/instances.yml; - bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key; - unzip config/certs/certs.zip -d config/certs; - fi; - echo "Setting file permissions" - chown -R 1000:1000 config/certs; - find . -type d -exec chmod 750 \{\} \;; - find . -type f -exec chmod 640 \{\} \;; - echo "Waiting for Elasticsearch availability"; - until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done; - echo "Setting kibana_system password"; - until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done; - echo "All done!"; - ' - healthcheck: - test: ['CMD-SHELL', '[ -f config/certs/es01/es01.crt ]'] - interval: 1s - timeout: 5s - retries: 120 - - es01: - depends_on: - setup: - condition: service_healthy - image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION} - volumes: - - es_certs:/usr/share/elasticsearch/config/certs - ports: - - ${ES_PORT}:9200 - environment: - - node.name=es01 - - cluster.name=${CLUSTER_NAME} - - cluster.initial_master_nodes=es01 - - ELASTIC_PASSWORD=${ELASTIC_PASSWORD} - - bootstrap.memory_lock=true - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.key=certs/es01/es01.key - - xpack.security.http.ssl.certificate=certs/es01/es01.crt - - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.enabled=true - - xpack.security.transport.ssl.key=certs/es01/es01.key - - xpack.security.transport.ssl.certificate=certs/es01/es01.crt - - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt - - xpack.security.transport.ssl.verification_mode=certificate - - xpack.license.self_generated.type=${LICENSE} - mem_limit: ${MEM_LIMIT} - ulimits: - memlock: - soft: -1 - hard: -1 - healthcheck: - test: - [ - 'CMD-SHELL', - "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'", - ] - interval: 10s - timeout: 10s - retries: 120 - - kibana: - depends_on: - es01: - condition: service_healthy - image: docker.elastic.co/kibana/kibana:${STACK_VERSION} - volumes: - - es_certs:/usr/share/kibana/config/certs - ports: - - ${KIBANA_PORT}:5601 - environment: - - SERVERNAME=kibana - - ELASTICSEARCH_HOSTS=https://es01:9200 - - ELASTICSEARCH_USERNAME=kibana_system - - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD} - - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt - mem_limit: ${MEM_LIMIT} - healthcheck: - test: - [ - 'CMD-SHELL', - "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'", - ] - interval: 10s - timeout: 10s - retries: 120 - -volumes: - data: - es_certs: - alerts: diff --git a/integrations/docker/manager-opensearch.yml b/integrations/docker/manager-opensearch.yml deleted file mode 100644 index b7f1c64bb239e..0000000000000 --- a/integrations/docker/manager-opensearch.yml +++ /dev/null @@ -1,181 +0,0 @@ -name: "manager-opensearch-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -o filebeat" - volumes: - - alerts:/var/ossec/logs/alerts/ - - wazuh.manager: - image: wazuh/wazuh-manager:${WAZUH_VERSION} - hostname: wazuh.manager - restart: always - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 655360 - hard: 655360 - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - LOG_LEVEL=info - - MONITORING_ENABLED=false - volumes: - - ./certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - ./certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - - wazuh.indexer: - image: opensearchproject/opensearch:2.12.0 - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - compatibility.override_main_response_version=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:0.0.1 - hostname: wazuh-certs-generator - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - logstash: - depends_on: - opensearch.node: - condition: service_healthy - wazuh-certs-generator: - condition: service_completed_successfully - image: logstash-oss:8.6.2 - build: - dockerfile: ../elastic/Dockerfile - context: ../opensearch - environment: - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../opensearch/logstash/pipeline:/usr/share/logstash/pipeline - - ./certs/root-ca.pem:/etc/ssl/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - command: logstash -f /usr/share/logstash/pipeline/manager-to-opensearch.conf - - # ================================================ - # OpenSearch and OpenSearch Dashboards - # ================================================ - - opensearch.node: - image: opensearchproject/opensearch:${OS_VERSION} - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch.node - - discovery.type=single-node - - bootstrap.memory_lock=true - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - "DISABLE_INSTALL_DEMO_CONFIG=true" - volumes: - - ../opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml - - ./certs/opensearch.node-key.pem:/usr/share/opensearch/config/certs/opensearch.key - - ./certs/opensearch.node.pem:/usr/share/opensearch/config/certs/opensearch.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/certs/root-ca.pem - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - ports: - - 9201:9200 - - 9600:9600 - healthcheck: - test: - [ - "CMD-SHELL", - "curl -sku admin:admin https://opensearch.node:9200 2>&1 | grep -q 'The OpenSearch Project: https://opensearch.org/'", - ] - interval: 1s - timeout: 5s - retries: 120 - - opensearch-dashboards: - image: opensearchproject/opensearch-dashboards:${OS_VERSION} - depends_on: - opensearch.node: - condition: service_healthy - ports: - - 5602:5601 - expose: - - "5602" - volumes: - - ../opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml - - ./certs/:/usr/share/opensearch-dashboards/config/certs/ - - ./certs/opensearch.dashboards-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key - - ./certs/opensearch.dashboards.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem - - ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem - - environment: - - 'OPENSEARCH_HOSTS="https://opensearch.node:9200"' - -volumes: - data: - es_certs: - alerts: diff --git a/integrations/docker/manager-splunk.yml b/integrations/docker/manager-splunk.yml deleted file mode 100644 index 532eb73374b7f..0000000000000 --- a/integrations/docker/manager-splunk.yml +++ /dev/null @@ -1,172 +0,0 @@ -name: "manager-splunk-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -o filebeat" - volumes: - - alerts:/var/ossec/logs/alerts/ - - wazuh.manager: - image: wazuh/wazuh-manager:${WAZUH_VERSION} - hostname: wazuh.manager - restart: always - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 655360 - hard: 655360 - ports: - - "1514:1514" - - "1515:1515" - - "514:514/udp" - - "55000:55000" - environment: - - INDEXER_URL=https://wazuh.indexer:9200 - - INDEXER_USERNAME=admin - - INDEXER_PASSWORD=admin - - FILEBEAT_SSL_VERIFICATION_MODE=full - - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem - - SSL_CERTIFICATE=/etc/ssl/filebeat.pem - - SSL_KEY=/etc/ssl/filebeat.key - - API_USERNAME=wazuh-wui - - API_PASSWORD=MyS3cr37P450r.*- - - LOG_LEVEL=info - - MONITORING_ENABLED=false - volumes: - - ./certs/root-ca-manager.pem:/etc/ssl/root-ca.pem - - ./certs/wazuh.manager.pem:/etc/ssl/filebeat.pem - - ./certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - - wazuh.indexer: - image: opensearchproject/opensearch:2.12.0 - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - - compatibility.override_main_response_version=true - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:0.0.1 - hostname: wazuh-certs-generator - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - logstash: - depends_on: - splunk: - condition: service_healthy - wazuh-certs-generator: - condition: service_completed_successfully - image: logstash-oss:8.6.2 - build: - dockerfile: ../elastic/Dockerfile - context: ../splunk - environment: - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../splunk/logstash/pipeline:/usr/share/logstash/pipeline - - ./certs/root-ca.pem:/etc/ssl/root-ca.pem - - alerts:/var/ossec/logs/alerts/ - command: logstash -f /usr/share/logstash/pipeline/manager-to-splunk.conf - - # ================================================ - # Splunk - # ================================================ - - generator: - image: cfssl/cfssl - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - volumes: - - ./certs/:/certs/ - - ../splunk/cfssl/:/conf/ - entrypoint: /bin/bash - command: > - -c ' - cd /certs - cat /conf/host.json | \ - cfssl gencert \ - -ca root-ca.pem \ - -ca-key root-ca.key \ - -config /conf/cfssl.json \ - -profile=server - | \ - cfssljson -bare splunk - openssl pkcs8 -topk8 -inform pem -in splunk-key.pem -outform pem -nocrypt -out splunk.key - rm splunk.csr - cat splunk.pem splunk-key.pem root-ca.pem > splunkhec.pem - chown -R 1000:1000 /certs/splunk* - ' - - splunk: - image: splunk/splunk:9.0.4 - volumes: - - ./certs/splunk.key:/opt/splunk/etc/auth/custom/splunk.key - - ./certs/splunk.pem:/opt/splunk/etc/auth/custom/splunk.pem - - ./certs/splunkhec.pem:/opt/splunk/etc/auth/custom/splunkhec.pem - - ../splunk/config/indexes.conf:/opt/splunk/etc/system/local/indexes.conf - - ../splunk/config/default.yml:/tmp/defaults/default.yml - depends_on: - generator: - condition: service_completed_successfully - ports: - - '8000:8000' - - '8088:8088' - environment: - SPLUNK_HEC_TOKEN: "abcd1234" - SPLUNK_HOSTNAME: splunk - SPLUNK_HTTP_ENABLESSL: 'true' - SPLUNK_PASSWORD: Password.1234 - SPLUNK_STANDALONE_URL: https://splunk:8080 - SPLUNK_START_ARGS: --accept-license - -volumes: - data: - es_certs: - alerts: \ No newline at end of file diff --git a/integrations/docker/opensearch.yml b/integrations/docker/opensearch.yml deleted file mode 100644 index 2cfa537cbcc50..0000000000000 --- a/integrations/docker/opensearch.yml +++ /dev/null @@ -1,162 +0,0 @@ -name: "opensearch-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -a wazuh.indexer" - - wazuh.indexer: - image: opensearchproject/opensearch:2.12.0 - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh.dashboard: - image: opensearchproject/opensearch-dashboards:2.12.0 - depends_on: - - wazuh.indexer - hostname: wazuh.dashboard - ports: - - 5601:5601 - expose: - - "5601" - volumes: - - ../opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml - - ./certs/:/usr/share/opensearch-dashboards/config/certs/ - - ./certs/opensearch.dashboards-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key - - ./certs/opensearch.dashboards.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem - - ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem - environment: - OPENSEARCH_HOSTS: '["https://wazuh.indexer:9200"]' - SERVER_SSL_ENABLED: 'true' - SERVER_SSL_KEY: '/usr/share/opensearch-dashboards/config/certs/opensearch.key' - SERVER.SSL_CERTIFICATE: '/usr/share/opensearch-dashboards/config/certs/opensearch.pem' - OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '/usr/share/opensearch-dashboards/config/certs/root-ca.pem' - - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:0.0.1 - hostname: wazuh-certs-generator - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - - # ================================================ - # OpenSearch, OpenSearch Dashboards and Logstash - # ================================================ - - opensearch.node: - image: opensearchproject/opensearch:${OS_VERSION} - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - environment: - - cluster.name=opensearch-cluster - - node.name=opensearch.node - - discovery.type=single-node - - bootstrap.memory_lock=true - - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m' - - "DISABLE_INSTALL_DEMO_CONFIG=true" - volumes: - - ../opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml - - ./certs/opensearch.node-key.pem:/usr/share/opensearch/config/certs/opensearch.key - - ./certs/opensearch.node.pem:/usr/share/opensearch/config/certs/opensearch.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/certs/root-ca.pem - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - ports: - - 9201:9200 - - 9600:9600 - healthcheck: - test: - [ - 'CMD-SHELL', - "curl -sku admin:admin https://opensearch.node:9200 2>&1 | grep -q 'The OpenSearch Project: https://opensearch.org/'", - ] - interval: 1s - timeout: 5s - retries: 120 - - opensearch-dashboards: - image: opensearchproject/opensearch-dashboards:${OS_VERSION} - depends_on: - opensearch.node: - condition: service_healthy - ports: - - 5602:5601 - expose: - - '5602' - volumes: - - ../opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml - - ./certs/:/usr/share/opensearch-dashboards/config/certs/ - - ./certs/opensearch.dashboards-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key - - ./certs/opensearch.dashboards.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem - - ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem - - environment: - - 'OPENSEARCH_HOSTS="https://opensearch.node:9200"' - - logstash: - image: logstash-oss:8.6.2 - depends_on: - opensearch.node: - condition: service_healthy - build: - context: ../opensearch - environment: - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../opensearch/logstash/pipeline:/usr/share/logstash/pipeline - - ./certs/root-ca.pem:/etc/ssl/root-ca.pem - command: logstash -f /usr/share/logstash/pipeline/indexer-to-opensearch.conf - -volumes: - data: - os_config: diff --git a/integrations/docker/splunk.yml b/integrations/docker/splunk.yml deleted file mode 100644 index 91d4f346cca81..0000000000000 --- a/integrations/docker/splunk.yml +++ /dev/null @@ -1,143 +0,0 @@ -name: "splunk-integration" - -services: - events-generator: - image: wazuh/indexer-events-generator - build: - context: ../tools/events-generator - depends_on: - wazuh.indexer: - condition: service_healthy - command: bash -c "python run.py -a wazuh.indexer" - - wazuh.indexer: - image: opensearchproject/opensearch:2.12.0 - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - hostname: wazuh.indexer - ports: - - 9200:9200 - environment: - - node.name=wazuh.indexer - - discovery.type=single-node - - bootstrap.memory_lock=true - - "DISABLE_INSTALL_DEMO_CONFIG=true" - - plugins.security.ssl.http.enabled=true - - plugins.security.allow_default_init_securityindex=true - - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem - - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem - - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem - - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US" - - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 - nofile: - soft: 65536 - hard: 65536 - healthcheck: - test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster - start_period: 10s - start_interval: 3s - volumes: - - data:/usr/share/opensearch/data - - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem - - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem - - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem - - wazuh.dashboard: - image: opensearchproject/opensearch-dashboards:2.12.0 - depends_on: - - wazuh.indexer - hostname: wazuh.dashboard - ports: - - 5601:5601 # Map host port 5601 to container port 5601 - expose: - - "5601" # Expose port 5601 for web access to OpenSearch Dashboards - environment: - OPENSEARCH_HOSTS: '["https://wazuh.indexer:9200"]' # Define the OpenSearch nodes that OpenSearch Dashboards will query - - wazuh-certs-generator: - image: wazuh/wazuh-certs-generator:0.0.1 - hostname: wazuh-certs-generator - entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*" - volumes: - - ./certs/:/certificates/ - - ./config/certs.yml:/config/certs.yml - - - # ================================= - # Splunk and Logstash - # ================================= - - generator: - image: cfssl/cfssl - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - volumes: - - ./certs/:/certs/ - - ../splunk/cfssl/:/conf/ - entrypoint: /bin/bash - command: > - -c ' - cd /certs - cat /conf/host.json | \ - cfssl gencert \ - -ca root-ca.pem \ - -ca-key root-ca.key \ - -config /conf/cfssl.json \ - -profile=server - | \ - cfssljson -bare splunk - openssl pkcs8 -topk8 -inform pem -in splunk-key.pem -outform pem -nocrypt -out splunk.key - rm splunk.csr - cat splunk.pem splunk-key.pem root-ca.pem > splunkhec.pem - chown -R 1000:1000 /certs/splunk* - ' - - splunk: - image: splunk/splunk:9.0.4 - volumes: - - ./certs/splunk.key:/opt/splunk/etc/auth/custom/splunk.key - - ./certs/splunk.pem:/opt/splunk/etc/auth/custom/splunk.pem - - ./certs/splunkhec.pem:/opt/splunk/etc/auth/custom/splunkhec.pem - - ../splunk/config/indexes.conf:/opt/splunk/etc/system/local/indexes.conf - - ../splunk/config/default.yml:/tmp/defaults/default.yml - depends_on: - wazuh-certs-generator: - condition: service_completed_successfully - generator: - condition: service_completed_successfully - ports: - - '8000:8000' - - '8088:8088' - environment: - SPLUNK_HEC_TOKEN: "abcd1234" - SPLUNK_HOSTNAME: splunk - SPLUNK_HTTP_ENABLESSL: 'true' - SPLUNK_PASSWORD: Password.1234 - SPLUNK_STANDALONE_URL: https://splunk:8080 - SPLUNK_START_ARGS: --accept-license - - logstash: - depends_on: - splunk: - condition: service_healthy - image: logstash-oss:8.6.2 - build: - context: ../splunk - environment: - LOG_LEVEL: info - MONITORING_ENABLED: false - volumes: - - ../splunk/logstash/pipeline:/usr/share/logstash/pipeline - - ./certs/root-ca.pem:/usr/share/logstash/root-ca.pem - command: logstash -f /usr/share/logstash/pipeline/indexer-to-splunk.conf - -volumes: - data: