Awesome Open Source
Awesome Open Source

Wazuh containers for Docker

Slack Email Documentation Documentation

In this repository you will find the containers to run:

  • Wazuh manager: it runs the Wazuh manager, Wazuh API and Filebeat OSS
  • Wazuh dashboard: provides a web user interface to browse through alerts data and allows you to visualize agents configuration and status.
  • Wazuh indexer: Wazuh indexer container (working as a single-node cluster or as a multi-node cluster). Be aware to increase the vm.max_map_count setting, as it's detailed in the Wazuh documentation.

The folder build-docker-images contains a README explaining how to build the Wazuh images and the necessary assets. The folder indexer-certs-creator contains a README explaining how to create the certificates creator tool and the necessary assets. The folder single-node contains a README explaining how to run a Wazuh environment with one Wazuh manager, one Wazuh indexer, and one Wazuh dashboard. The folder multi-node contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexer, and one Wazuh dashboard.

Documentation

Setup SSL certificate

Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).

Documentation on how to provide these two can be found at Wazuh Docker Documentation.

Environment Variables

Default values are included when available.

Wazuh

API_USERNAME="wazuh"                                # Wazuh API username
API_PASSWORD="wazuh"                                # Wazuh API password - Must comply with requirements
                                                    # (8+ length, uppercase, lowercase, specials chars)

INDEXER_URL=https://wazuh.indexer:9200              # Wazuh indexer URL
INDEXER_USERNAME=admin                              # Wazuh indexer Username
INDEXER_PASSWORD=admin                              # Wazuh indexer Password
FILEBEAT_SSL_VERIFICATION_MODE=full                 # Filebeat SSL Verification mode (full or none)
SSL_CERTIFICATE_AUTHORITIES=""                      # Path of Filebeat SSL CA
SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certificate
SSL_KEY=""                                          # Path of Filebeat SSL Key

Dashboard

PATTERN="wazuh-alerts-*"        # Default index pattern to use

CHECKS_PATTERN=true             # Defines which checks must to be consider by the healthcheck
CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must to be true or false
CHECKS_API=true
CHECKS_SETUP=true

EXTENSIONS_PCI=true             # Enable PCI Extension
EXTENSIONS_GDPR=true            # Enable GDPR Extension
EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
EXTENSIONS_NIST=true            # Enable NIST Extension
EXTENSIONS_TSC=true             # Enable TSC Extension
EXTENSIONS_AUDIT=true           # Enable Audit Extension
EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
EXTENSIONS_AWS=false            # Enable AWS Extension
EXTENSIONS_GCP=false            # Enable GCP Extension
EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
EXTENSIONS_DOCKER=false         # Enable Docker Extension

APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests

API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
IP_SELECTOR=true                # Defines if the user is allowed to change the selected index pattern directly from the Wazuh app top menu
IP_IGNORE="[]"                  # List of index patterns to be ignored

WAZUH_MONITORING_ENABLED=true       # Custom settings to enable/disable wazuh-monitoring indices
WAZUH_MONITORING_FREQUENCY=900      # Custom setting to set the frequency for wazuh-monitoring indices cron task
WAZUH_MONITORING_SHARDS=2           # Configure wazuh-monitoring-* indices shards and replicas
WAZUH_MONITORING_REPLICAS=0         #

Directory structure

├── build-docker-images
│   ├── docker-compose.yml
│   ├── wazuh-dashboard
│   │   ├── config
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
│   │   │   ├── opensearch_dashboards.yml
│   │   │   ├── wazuh_app_config.sh
│   │   │   └── wazuh.yml
│   │   └── Dockerfile
│   ├── wazuh-indexer
│   │   ├── config
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
│   │   │   ├── internal_users.yml
│   │   │   ├── opensearch.yml
│   │   │   ├── roles_mapping.yml
│   │   │   ├── roles.yml
│   │   │   └── securityadmin.sh
│   │   └── Dockerfile
│   └── wazuh-manager
│       ├── config
│       │   ├── create_user.py
│       │   ├── etc
│       │   │   ├── cont-init.d
│       │   │   │   ├── 0-wazuh-init
│       │   │   │   ├── 1-config-filebeat
│       │   │   │   └── 2-manager
│       │   │   └── services.d
│       │   │       ├── filebeat
│       │   │       │   ├── finish
│       │   │       │   └── run
│       │   │       └── ossec-logs
│       │   │           └── run
│       │   ├── filebeat.yml
│       │   ├── permanent_data.env
│       │   ├── permanent_data.sh
│       │   └── wazuh.repo
│       └── Dockerfile
├── CHANGELOG.md
├── indexer-certs-creator
│   ├── config
│   │   └── entrypoint.sh
│   └── Dockerfile
├── LICENSE
├── multi-node
│   ├── config
│   │   ├── nginx
│   │   │   └── nginx.conf
│   │   ├── wazuh_cluster
│   │   │   ├── wazuh_manager.conf
│   │   │   └── wazuh_worker.conf
│   │   ├── wazuh_dashboard
│   │   │   ├── opensearch_dashboards.yml
│   │   │   └── wazuh.yml
│   │   ├── wazuh_indexer
│   │   │   ├── internal_users.yml
│   │   │   ├── wazuh1.indexer.yml
│   │   │   ├── wazuh2.indexer.yml
│   │   │   └── wazuh3.indexer.yml
│   │   └── wazuh_indexer_ssl_certs
│   │       └── certs.yml
│   ├── docker-compose.yml
│   ├── generate-indexer-certs.yml
│   ├── Migration-to-Wazuh-4.3.md
│   └── volume-migrator.sh
├── README.md
├── single-node
│   ├── config
│   │   ├── wazuh_cluster
│   │   │   └── wazuh_manager.conf
│   │   ├── wazuh_dashboard
│   │   │   ├── opensearch_dashboards.yml
│   │   │   └── wazuh.yml
│   │   ├── wazuh_indexer
│   │   │   ├── internal_users.yml
│   │   │   └── wazuh.indexer.yml
│   │   └── wazuh_indexer_ssl_certs
│   │       ├── admin-key.pem
│   │       ├── admin.pem
│   │       ├── certs.yml
│   │       ├── root-ca.key
│   │       ├── root-ca.pem
│   │       ├── wazuh.dashboard-key.pem
│   │       ├── wazuh.dashboard.pem
│   │       ├── wazuh.indexer-key.pem
│   │       ├── wazuh.indexer.pem
│   │       ├── wazuh.manager-key.pem
│   │       └── wazuh.manager.pem
│   ├── docker-compose.yml
│   ├── generate-indexer-certs.yml
│   └── README.md
└── VERSION

Branches

  • master branch contains the latest code, be aware of possible bugs on this branch.
  • stable branch on correspond to the last Wazuh stable version.

Compatibility Matrix

Wazuh version ODFE XPACK
v4.5.0
v4.4.0
v4.3.3
v4.3.2
v4.3.1
v4.3.0
v4.2.7 1.13.2 7.11.2
v4.2.6 1.13.2 7.11.2
v4.2.5 1.13.2 7.11.2
v4.2.4 1.13.2 7.11.2
v4.2.3 1.13.2 7.11.2
v4.2.2 1.13.2 7.11.2
v4.2.1 1.13.2 7.11.2
v4.2.0 1.13.2 7.10.2
v4.1.5 1.13.2 7.10.2
v4.1.4 1.12.0 7.10.2
v4.1.3 1.12.0 7.10.2
v4.1.2 1.12.0 7.10.2
v4.1.1 1.12.0 7.10.2
v4.1.0 1.12.0 7.10.2
v4.0.4 1.11.0
v4.0.3 1.11.0
v4.0.2 1.11.0
v4.0.1 1.11.0
v4.0.0 1.10.1

Credits and Thank you

These Docker containers are based on:

We thank you them and everyone else who has contributed to this project.

License and copyright

Wazuh Docker Copyright (C) 2017, Wazuh Inc. (License GPLv2)

Web references

Wazuh website

Related Awesome Lists
Top Programming Languages
Top Projects

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Shell (171,198
Docker (97,280
Security (31,687
Monitoring (11,800
Elasticsearch (11,368
Certificate (11,233
Ids (3,947
Kibana (3,055
Hacktoberfest Accepted (1,496
Compliance (1,428
Incident Response (313
Elasticsearch Cluster (258
Vulnerability Detection (224
Security Hardening (201
Log Analysis (182
Intrusion Detection (181
Loganalyzer (92
Pci Dss (82
Wazuh (37
Ossec (34
Security Awareness (20
Policy Monitoring (18
File Integrity Management (18