Skip to content

Commit

Permalink
Merge branch '4.9.0' into 253-add-splunk-indexer-integration
Browse files Browse the repository at this point in the history
Signed-off-by: Álex Ruiz <[email protected]>
  • Loading branch information
AlexRuiz7 authored Jun 10, 2024
2 parents 50d7f59 + deee1c8 commit f0f5770
Show file tree
Hide file tree
Showing 12 changed files with 2,416 additions and 81 deletions.
12 changes: 12 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
run-name: Build ${{ inputs.distribution }} Wazuh Indexer on ${{ inputs.architecture }} | ${{ inputs.id }}
name: Build packages (on demand)

# This workflow runs when any of the following occur:
Expand Down Expand Up @@ -30,6 +31,10 @@ on:
description: "Checksum ?"
type: boolean
default: false
id:
description: "ID used to identify the workflow uniquely."
type: string
required: false
workflow_call:
inputs:
revision:
Expand All @@ -56,6 +61,9 @@ on:
description: "Checksum ?"
type: boolean
default: false
id:
type: string
required: false
secrets:
CI_INTERNAL_DEVELOPMENT_BUCKET_USER_ACCESS_KEY:
required: true
Expand Down Expand Up @@ -185,10 +193,14 @@ jobs:
src="artifacts/dist/${{ steps.package.outputs.name }}"
dest="s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/"
aws s3 cp "$src" "$dest"
s3uri="${dest}${{ steps.package.outputs.name }}"
echo "S3 URI: ${s3uri}"
- name: Upload checksum to S3
if: ${{ inputs.upload && inputs.checksum }}
run: |
src="artifacts/dist/${{ steps.package.outputs.name }}.sha512"
dest="s3://packages-dev.internal.wazuh.com/development/wazuh/4.x/main/packages/"
aws s3 cp "$src" "$dest"
s3uri="${dest}${{ steps.package.outputs.name }}.sha512"
echo "S3 sha512 URI: ${s3uri}"
78 changes: 0 additions & 78 deletions .github/workflows/build_single.yml

This file was deleted.

3 changes: 2 additions & 1 deletion integrations/.gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
opensearch
external
common
config
docker/certs
3 changes: 3 additions & 0 deletions integrations/docker/.env
Original file line number Diff line number Diff line change
Expand Up @@ -21,3 +21,6 @@ KIBANA_PORT=5602

# Increase or decrease based on the available host memory (in bytes)
MEM_LIMIT=1073741824

# OpenSearch destination cluster version
OS_VERSION=2.14.0
8 changes: 6 additions & 2 deletions integrations/docker/config/certs.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
nodes:
# Wazuh indexer server nodes
# Wazuh indexer and OpenSearch server nodes
indexer:
- name: wazuh.indexer
ip: wazuh.indexer
- name: opensearch.node
ip: opensearch.node

# Wazuh server nodes
# Use node_type only with more than one Wazuh manager
server:
- name: wazuh.manager
ip: wazuh.manager

# Wazuh dashboard node
# Wazuh dashboard and OpenSearch Dashboards nodes
dashboard:
- name: wazuh.dashboard
ip: wazuh.dashboard
- name: opensearch.dashboards
ip: opensearch.dashboards
169 changes: 169 additions & 0 deletions integrations/docker/opensearch.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
name: "opensearch-integration"

services:
events-generator:
image: wazuh/indexer-events-generator
build:
context: ../tools/events-generator
container_name: events-generator
depends_on:
wazuh.indexer:
condition: service_healthy
command: bash -c "python run.py -a wazuh.indexer"

wazuh.indexer:
image: opensearchproject/opensearch:2.12.0
container_name: wazuh.indexer
depends_on:
wazuh-certs-generator:
condition: service_completed_successfully
hostname: wazuh.indexer
ports:
- 9200:9200
environment:
- node.name=wazuh.indexer
- discovery.type=single-node
- bootstrap.memory_lock=true
- "DISABLE_INSTALL_DEMO_CONFIG=true"
- plugins.security.ssl.http.enabled=true
- plugins.security.allow_default_init_securityindex=true
- plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem
- plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem
- plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem
- plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem
- plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem
- plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem
- plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US"
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
healthcheck:
test: curl -sku admin:admin https://localhost:9200/_cat/health | grep -q docker-cluster
start_period: 10s
start_interval: 3s
volumes:
- data:/usr/share/opensearch/data
- ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem
- ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem
- ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem

wazuh.dashboard:
image: opensearchproject/opensearch-dashboards:2.12.0
container_name: wazuh.dashboard
depends_on:
- wazuh.indexer
hostname: wazuh.dashboard
ports:
- 5601:5601
expose:
- "5601"
volumes:
- ../opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
- ./certs/:/usr/share/opensearch-dashboards/config/certs/
- ./certs/opensearch.dashboards-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key
- ./certs/opensearch.dashboards.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem
- ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem
environment:
OPENSEARCH_HOSTS: '["https://wazuh.indexer:9200"]'
SERVER_SSL_ENABLED: 'true'
SERVER_SSL_KEY: '/usr/share/opensearch-dashboards/config/certs/opensearch.key'
SERVER.SSL_CERTIFICATE: '/usr/share/opensearch-dashboards/config/certs/opensearch.pem'
OPENSEARCH_SSL_CERTIFICATEAUTHORITIES: '/usr/share/opensearch-dashboards/config/certs/root-ca.pem'


wazuh-certs-generator:
image: wazuh/wazuh-certs-generator:0.0.1
hostname: wazuh-certs-generator
container_name: wazuh-certs-generator
entrypoint: sh -c "/entrypoint.sh; chown -R 1000:999 /certificates; chmod 740 /certificates; chmod 440 /certificates/*"
volumes:
- ./certs/:/certificates/
- ./config/certs.yml:/config/certs.yml


# ================================================
# OpenSearch, OpenSearch Dashboards and Logstash
# ================================================

opensearch.node:
image: opensearchproject/opensearch:${OS_VERSION}
depends_on:
wazuh-certs-generator:
condition: service_completed_successfully
container_name: opensearch.node
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch.node
- discovery.type=single-node
- bootstrap.memory_lock=true
- 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
- "DISABLE_INSTALL_DEMO_CONFIG=true"
volumes:
- ../opensearch/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
- ./certs/opensearch.node-key.pem:/usr/share/opensearch/config/certs/opensearch.key
- ./certs/opensearch.node.pem:/usr/share/opensearch/config/certs/opensearch.pem
- ./certs/root-ca.pem:/usr/share/opensearch/config/certs/root-ca.pem
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- 9201:9200
- 9600:9600
healthcheck:
test:
[
'CMD-SHELL',
"curl -sku admin:admin https://opensearch.node:9200 2>&1 | grep -q 'The OpenSearch Project: https://opensearch.org/'",
]
interval: 1s
timeout: 5s
retries: 120

opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:${OS_VERSION}
depends_on:
opensearch.node:
condition: service_healthy
container_name: opensearch-dashboards
ports:
- 5602:5601
expose:
- '5602'
volumes:
- ../opensearch/opensearch_dashboards.yml:/usr/share/opensearch-dashboards/config/opensearch_dashboards.yml
- ./certs/:/usr/share/opensearch-dashboards/config/certs/
- ./certs/opensearch.dashboards-key.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.key
- ./certs/opensearch.dashboards.pem:/usr/share/opensearch-dashboards/config/certs/opensearch.pem
- ./certs/root-ca.pem:/usr/share/opensearch-dashboards/config/certs/root-ca.pem

environment:
- 'OPENSEARCH_HOSTS="https://opensearch.node:9200"'

logstash:
image: logstash-oss:8.6.2
depends_on:
opensearch.node:
condition: service_healthy
container_name: logstash
build:
context: ../opensearch
environment:
LOG_LEVEL: info
MONITORING_ENABLED: false
volumes:
- ../opensearch/logstash/pipeline:/usr/share/logstash/pipeline
- ./certs/root-ca.pem:/etc/ssl/root-ca.pem
command: logstash -f /usr/share/logstash/pipeline/indexer-to-opensearch.conf

volumes:
data:
os_config:
49 changes: 49 additions & 0 deletions integrations/opensearch/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Wazuh to OpenSearch Integration Developer Guide

This document describes how to prepare a Docker Compose environment to test the integration between Wazuh and the OpenSearch Stack. For a detailed guide on how to integrate Wazuh with OpenSearch Stack, please refer to the [Wazuh documentation](https://documentation.wazuh.com/current/integrations-guide/OpenSearch-stack/index.html).

## Requirements

- Docker and Docker Compose installed.

## Usage

1. Clone the Wazuh repository and navigate to the `integrations/` folder.
2. Run the following command to start the environment:
```bash
docker compose -f ./docker/opensearch.yml up -d
```

The Docker Compose project will bring up the following services:

- 1x Events Generator (learn more in [wazuh-indexer/integrations/tools/events-generator](../tools/events-generator/README.md)).
- 1x Wazuh Indexer (OpenSearch).
- 1x Wazuh Dashboards (OpenSearch Dashboards).
- 1x Logstash
- 1x OpenSearch
- 1x OpenSearch Dashboards

For custom configurations, you may need to modify these files:

- [docker/opensearch.yml](../docker/opensearch.yml): Docker Compose file.
- [docker/.env](../docker/.env): Environment variables file.
- [opensearch/logstash/pipeline/indexer-to-opensearch.conf](./logstash/pipeline/indexer-to-opensearch.conf): Logstash Pipeline configuration file.

Check the files above for **credentials**, ports, and other configurations.

| Service | Address | Credentials |
| --------------------- | ---------------------- | ----------- |
| Wazuh Indexer | https://localhost:9200 | admin:admin |
| Wazuh Dashboard | https://localhost:5601 | admin:admin |
| OpenSearch | https://localhost:9201 | admin:admin |
| OpenSearch Dashboards | https://localhost:5602 | admin:admin |

## Importing the dashboards

The dashboards for OpenSearch are included in [dashboards.ndjson](./dashboards.ndjson). The steps to import them to OpenSearch are the following:

- On OpenSearch Dashboards, expand the left menu, and go to `Dashboards Management`.
- Click on `Saved Objects`, select `Import`, click on the `Import` icon and browse the dashboard file.
- Click on Import and complete the process.

Imported dashboards will appear in the `Dashboards` app on the left menu.
38 changes: 38 additions & 0 deletions integrations/opensearch/dashboards.ndjson

Large diffs are not rendered by default.

Loading

0 comments on commit f0f5770

Please sign in to comment.