БЛОГ НА HUSL


Как объединить Wazuh+OpenSearch+Logstash в Docker?

Автор вопроса: wexvellencex

Такая проблема, инсталировал докер в нем сделал контейнеры Wazuh (manager, indexer, dashboard), так же добавил OpenSearch (dashboard, node 1, node 2) и Logstash. Проблема в том, что все это запускается и работает в одной сети, но не совсем понимаю как это связать, читал официальную документацию Wazuh, OpenSearch и Logstash но там о самой настройке в Docker'е мало что говорится Делаю все в linux rocky 9

вот docker-compose файл, может быть проблема здесь, но я по крайней мере не увидел

version: '3.7
services:
wazuh.manager:
image: wazuh/wazuh-manager:4.7.2
hostname: wazuh.manager
restart: always
ulimits:
  memlock:
    soft: -1
    hard: -1
  nofile:
    soft: 655360
    hard: 655360
ports:
  - "1514:1514"
  - "1515:1515"
  - "514:514/udp"
  - "55000:55000"
networks:
  - wazuh-net
environment:
  - INDEXER_URL=https://wazuh.indexer:9200
  - INDEXER_USERNAME=admin
  - INDEXER_PASSWORD=SecretPassword
  - FILEBEAT_SSL_VERIFICATION_MODE=full
  - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
  - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
  - SSL_KEY=/etc/ssl/filebeat.key
  - API_USERNAME=wazuh-wui
  - API_PASSWORD=MyS3cr37P450r.*-
volumes:
  - wazuh_api_configuration:/var/ossec/api/configuration
  - wazuh_etc:/var/ossec/etc
  - wazuh_logs:/var/ossec/logs
  - wazuh_queue:/var/ossec/queue
  - wazuh_var_multigroups:/var/ossec/var/multigroups
  - wazuh_integrations:/var/ossec/integrations
  - wazuh_active_response:/var/ossec/active-response/bin
  - wazuh_agentless:/var/ossec/agentless
  - wazuh_wodles:/var/ossec/wodles
  - filebeat_etc:/etc/filebeat
  - filebeat_var:/var/lib/filebeat
  #- ./config/openopensearch_ssl_certs/root-ca.pem:/usr/share/opensearch/certs/root-ca.pem
  #- ./config/wazuh_cluster/wazuh.json:/etc/logstash/templates/wazuh.json
  - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
  - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
  - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
  - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf

wazuh.indexer:
image: wazuh/wazuh-indexer:4.7.2
hostname: wazuh.indexer
restart: always
ports:
  - "9200:9200"
networks:
  - wazuh-net
environment:
  - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
  memlock:
    soft: -1
    hard: -1
  nofile:
    soft: 65536
    hard: 65536
volumes:
  - wazuh-indexer-data:/var/lib/wazuh-indexer
  - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
  - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
  - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
  - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
  - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
  - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
  - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml

wazuh.dashboard:
image: wazuh/wazuh-dashboard:4.7.2
hostname: wazuh.dashboard
restart: always
ports:
  - 443:5601
networks:
  - wazuh-net
environment:
  - INDEXER_USERNAME=admin
  - INDEXER_PASSWORD=SecretPassword
  - WAZUH_API_URL=https://wazuh.manager
  - DASHBOARD_USERNAME=kibanaserver
  - DASHBOARD_PASSWORD=kibanaserver
  - API_USERNAME=wazuh-wui
  - API_PASSWORD=MyS3cr37P450r.*-
volumes:
  #- ./config/openopensearch_ssl_certs/root-ca.pem:/usr/share/opensearch/certs/root-ca.pem
  #- ./config/wazuh_cluster/wazuh.json:/etc/logstash/templates/wazuh.json
  - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
  - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
  - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
  - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
  - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
  - wazuh-dashboard-config:/usr/share/wazuh-dashboard/data/wazuh/config
  - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
depends_on:
  - wazuh.indexer
links:
  - wazuh.indexer:wazuh.indexer
  - wazuh.manager:wazuh.manager

opensearch-node1:
image: opensearchproject/opensearch:latest
container_name: opensearch-node1
environment:
  - cluster.name=opensearch-cluster
  - node.name=opensearch-node1
  - discovery.seed_hosts=opensearch-node1,opensearch-node2
  - cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
  - bootstrap.memory_lock=true
  - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
  memlock:
    soft: -1
    hard: -1
  nofile:
    soft: 65536
    hard: 65536
volumes:
  - opensearch-data1:/usr/share/opensearch/data
ports:
  - 9300:9200
  - 9600:9600
networks:
  - wazuh-net
opensearch-node2:
image: opensearchproject/opensearch:latest
container_name: opensearch-node2
environment:
  - cluster.name=opensearch-cluster
  - node.name=opensearch-node2
  - discovery.seed_hosts=opensearch-node1,opensearch-node2
  - cluster.initial_cluster_manager_nodes=opensearch-node1,opensearch-node2
  - bootstrap.memory_lock=true
  - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
  memlock:
    soft: -1
    hard: -1
  nofile:
    soft: 65536
    hard: 65536
volumes:
  - opensearch-data2:/usr/share/opensearch/data
networks:
  - wazuh-net
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:latest
container_name: opensearch-dashboards
ports:
  - 5601:5601
expose:
  - "5601"
environment:
  OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]'
networks:
  - wazuh-net

logstash:
image: opensearchproject/logstash-oss-with-opensearch-output-plugin
container_name: logstash
depends_on:
  - opensearch-dashboards
  - opensearch-node1
  - opensearch-node2
volumes:
  - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
  - ./config/openopensearch_ssl_certs/root-ca.pem:/usr/share/opensearch/certs/root-ca.pem
  - ./config/wazuh_cluster/wazuh.json:/etc/logstash/templates/wazuh.json
  - ./config/wazuh-opensearch.conf:/etc/logstash/conf.d/wazuh-opensearch.conf
  - ./logstash/bin/logstash-keystore:/etc/logstash/logstash-keystore
ports:
  - "5044:5044"
networks:
  - wazuh-net


networks:
wazuh-net:
driver: bridge

volumes:
wazuh_api_configuration:
wazuh_etc:
wazuh_logs:
wazuh_queue:
wazuh_var_multigroups:
wazuh_integrations:
wazuh_active_response:
wazuh_agentless:
wazuh_wodles:
filebeat_etc:
filebeat_var:
wazuh-indexer-data:
wazuh-dashboard-config:
wazuh-dashboard-custom:
opensearch-data1:
opensearch-data2:

Источник

Ответы (0 шт):

licensed under cc by-sa 3.0 with attribution.