Wazuh containers for Docker

In this repository you will find the containers to run:

Wazuh manager: it runs the Wazuh manager, Wazuh API and Filebeat OSS
Wazuh dashboard: provides a web user interface to browse through alerts data and allows you to visualize agents configuration and status.
Wazuh indexer: Wazuh indexer container (working as a single-node cluster or as a multi-node cluster). Be aware to increase the vm.max_map_count setting, as it's detailed in the Wazuh documentation.

The folder build-docker-images contains a README explaining how to build the Wazuh images and the necessary assets. The folder indexer-certs-creator contains a README explaining how to create the certificates creator tool and the necessary assets. The folder single-node contains a README explaining how to run a Wazuh environment with one Wazuh manager, one Wazuh indexer, and one Wazuh dashboard. The folder multi-node contains a README explaining how to run a Wazuh environment with two Wazuh managers, three Wazuh indexer, and one Wazuh dashboard.

Documentation

Setup SSL certificate

Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).

Documentation on how to provide these two can be found at Wazuh Docker Documentation.

Environment Variables

Default values are included when available.

Wazuh

API_USERNAME="wazuh-wui"                            # Wazuh API username
API_PASSWORD="MyS3cr37P450r.*-"                     # Wazuh API password - Must comply with requirements
                                                    # (8+ length, uppercase, lowercase, specials chars)

INDEXER_URL=https://wazuh.indexer:9200              # Wazuh indexer URL
INDEXER_USERNAME=admin                              # Wazuh indexer Username
INDEXER_PASSWORD=SecretPassword                     # Wazuh indexer Password
FILEBEAT_SSL_VERIFICATION_MODE=full                 # Filebeat SSL Verification mode (full or none)
SSL_CERTIFICATE_AUTHORITIES=""                      # Path of Filebeat SSL CA
SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certificate
SSL_KEY=""                                          # Path of Filebeat SSL Key

Dashboard

PATTERN="wazuh-alerts-*"        # Default index pattern to use

CHECKS_PATTERN=true             # Defines which checks must to be consider by the healthcheck
CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must to be true or false
CHECKS_API=true
CHECKS_SETUP=true

EXTENSIONS_PCI=true             # Enable PCI Extension
EXTENSIONS_GDPR=true            # Enable GDPR Extension
EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
EXTENSIONS_NIST=true            # Enable NIST Extension
EXTENSIONS_TSC=true             # Enable TSC Extension
EXTENSIONS_AUDIT=true           # Enable Audit Extension
EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
EXTENSIONS_AWS=false            # Enable AWS Extension
EXTENSIONS_GCP=false            # Enable GCP Extension
EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
EXTENSIONS_DOCKER=false         # Enable Docker Extension

APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests

API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
IP_SELECTOR=true                # Defines if the user is allowed to change the selected index pattern directly from the Wazuh app top menu
IP_IGNORE="[]"                  # List of index patterns to be ignored

DASHBOARD_USERNAME=kibanaserver     # Custom user saved in the dashboard keystore
DASHBOARD_PASSWORD=kibanaserver     # Custom password saved in the dashboard keystore
WAZUH_MONITORING_ENABLED=true       # Custom settings to enable/disable wazuh-monitoring indices
WAZUH_MONITORING_FREQUENCY=900      # Custom setting to set the frequency for wazuh-monitoring indices cron task
WAZUH_MONITORING_SHARDS=2           # Configure wazuh-monitoring-* indices shards and replicas
WAZUH_MONITORING_REPLICAS=0         ##

Directory structure

├── build-docker-images
│   ├── docker-compose.yml
│   ├── wazuh-dashboard
│   │   ├── config
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
│   │   │   ├── opensearch_dashboards.yml
│   │   │   ├── wazuh_app_config.sh
│   │   │   └── wazuh.yml
│   │   └── Dockerfile
│   ├── wazuh-indexer
│   │   ├── config
│   │   │   ├── config.sh
│   │   │   ├── config.yml
│   │   │   ├── entrypoint.sh
│   │   │   ├── internal_users.yml
│   │   │   ├── opensearch.yml
│   │   │   ├── roles_mapping.yml
│   │   │   ├── roles.yml
│   │   │   └── securityadmin.sh
│   │   └── Dockerfile
│   └── wazuh-manager
│       ├── config
│       │   ├── create_user.py
│       │   ├── etc
│       │   │   ├── cont-init.d
│       │   │   │   ├── 0-wazuh-init
│       │   │   │   ├── 1-config-filebeat
│       │   │   │   └── 2-manager
│       │   │   └── services.d
│       │   │       ├── filebeat
│       │   │       │   ├── finish
│       │   │       │   └── run
│       │   │       └── ossec-logs
│       │   │           └── run
│       │   ├── filebeat.yml
│       │   ├── permanent_data.env
│       │   ├── permanent_data.sh
│       │   └── wazuh.repo
│       └── Dockerfile
├── CHANGELOG.md
├── indexer-certs-creator
│   ├── config
│   │   └── entrypoint.sh
│   └── Dockerfile
├── LICENSE
├── multi-node
│   ├── config
│   │   ├── nginx
│   │   │   └── nginx.conf
│   │   ├── wazuh_cluster
│   │   │   ├── wazuh_manager.conf
│   │   │   └── wazuh_worker.conf
│   │   ├── wazuh_dashboard
│   │   │   ├── opensearch_dashboards.yml
│   │   │   └── wazuh.yml
│   │   ├── wazuh_indexer
│   │   │   ├── internal_users.yml
│   │   │   ├── wazuh1.indexer.yml
│   │   │   ├── wazuh2.indexer.yml
│   │   │   └── wazuh3.indexer.yml
│   │   └── wazuh_indexer_ssl_certs
│   │       └── certs.yml
│   ├── docker-compose.yml
│   ├── generate-indexer-certs.yml
│   ├── Migration-to-Wazuh-4.3.md
│   └── volume-migrator.sh
├── README.md
├── single-node
│   ├── config
│   │   ├── wazuh_cluster
│   │   │   └── wazuh_manager.conf
│   │   ├── wazuh_dashboard
│   │   │   ├── opensearch_dashboards.yml
│   │   │   └── wazuh.yml
│   │   ├── wazuh_indexer
│   │   │   ├── internal_users.yml
│   │   │   └── wazuh.indexer.yml
│   │   └── wazuh_indexer_ssl_certs
│   │       ├── admin-key.pem
│   │       ├── admin.pem
│   │       ├── certs.yml
│   │       ├── root-ca.key
│   │       ├── root-ca.pem
│   │       ├── wazuh.dashboard-key.pem
│   │       ├── wazuh.dashboard.pem
│   │       ├── wazuh.indexer-key.pem
│   │       ├── wazuh.indexer.pem
│   │       ├── wazuh.manager-key.pem
│   │       └── wazuh.manager.pem
│   ├── docker-compose.yml
│   ├── generate-indexer-certs.yml
│   └── README.md
└── VERSION

Branches

master branch contains the latest code, be aware of possible bugs on this branch.
stable branch on correspond to the last Wazuh stable version.

Compatibility Matrix

Wazuh version	ODFE	XPACK
v4.8.0
v4.7.0
v4.6.0
v4.5.2
v4.5.1
v4.5.0
v4.4.5
v4.4.4
v4.4.3
v4.4.2
v4.4.1
v4.4.0
v4.3.11
v4.3.10
v4.3.9
v4.3.8
v4.3.7
v4.3.6
v4.3.5
v4.3.4
v4.3.3
v4.3.2
v4.3.1
v4.3.0
v4.2.7	1.13.2	7.11.2
v4.2.6	1.13.2	7.11.2
v4.2.5	1.13.2	7.11.2
v4.2.4	1.13.2	7.11.2
v4.2.3	1.13.2	7.11.2
v4.2.2	1.13.2	7.11.2
v4.2.1	1.13.2	7.11.2
v4.2.0	1.13.2	7.10.2
v4.1.5	1.13.2	7.10.2
v4.1.4	1.12.0	7.10.2
v4.1.3	1.12.0	7.10.2
v4.1.2	1.12.0	7.10.2
v4.1.1	1.12.0	7.10.2
v4.1.0	1.12.0	7.10.2
v4.0.4	1.11.0
v4.0.3	1.11.0
v4.0.2	1.11.0
v4.0.1	1.11.0
v4.0.0	1.10.1

Credits and Thank you

These Docker containers are based on:

"deviantony" dockerfiles which can be found at https://github.com/deviantony/docker-elk
"xetus-oss" dockerfiles, which can be found at https://github.com/xetus-oss/docker-ossec-server

We thank you them and everyone else who has contributed to this project.

License and copyright

Web references

Wazuh website

wazuh/wazuh-docker

wazuh

Reviews

Repository Details