Add docker

docker/README.md

@@ -0,0 +1,77 @@
+# Wazuh development with Wazuh Stack
+
+## Requirements
+
+- vm.max_map_count=262144
+
+  To modify the vm.max_map_count, you can run this command:
+  `sudo sysctl -w vm.max_map_count=262144`
+
+- jq
+
+  To install jq, you can run this command:
+
+  - In Debian/Ubuntu os:
+    `sudo apt-get install jq`
+  - In RedHat/CentOS:
+    `sudo yum install jq`
+  - In Arch:
+    `sudo pacman -Sy --noconfirm jq`
+  - In MAC:
+    `brew install jq`
+
+## Usage
+
+Use always the provided script to bring up or down the development
+environment. For example:
+
+```bash
+./dev.sh [-o 1.2.4] [-d 1.2.0] $WZ_HOME up [saml]
+```
+
+The script will ask you all the required parameters to bring up the
+environment, including the version of the elastic stack you want to
+develop for, and the source code folder where the wazuh-dashboard-plugins is
+located.
+
+Use the `saml` flag to bring up KeyCloak IDP. **Add idp to your hosts and start
+the server using the `--no-base-path`**.
+
+```apacheconf
+# Linux systems: /etc/hosts
+# Windows systems: C:\Windows\System32\drivers\etc\hosts
+127.0.0.1 idp
+```
+
+**The script will not select the appropriate version of the
+wazuh-dashboard-plugins to use, so be sure to check out the appropriate version
+before bringing up the environment!**
+
+### UI Credentials
+
+The default user and password to access the UI at https://0.0.0.0:5601/ are:
+
+```
+admin:admin
+```
+
+## Notes
+
+`Wazuh Indexer` and `Wazuh Dashboard` are both a redistribution of a
+version of the OpenSearch Stack. We will only create environments for
+the versions of OpenSearch which will be included into a Wazuh
+version.
+
+We must use official `Wazuh Indexer` and `Wazuh Dashboard` images for
+testing!
+
+This environment will start a working deployment with:
+
+- Imposter - a mock server.
+- Elasticsearch-exporter - Elasticsearch metrics to Prometheus adapter.
+- OpenSearch single-node cluster.
+- OpenSearch Dashboards development environment.
+
+The OpenSearch Dashboards development environment includes an already
+bootstrapped Kibana, with all the node modules precompiled and ready to
+use in a development session.

docker/config/1.x/certs/ca.json

@@ -0,0 +1,15 @@
+{
+  "CN": "Wazuh",
+  "key": {
+    "algo": "rsa",
+    "size": 2048
+  },
+  "names": [
+  {
+    "C": "US",
+    "L": "San Francisco",
+    "O": "Wazuh",
+    "OU": "Wazuh Root CA"
+  }
+ ]
+}

docker/config/1.x/certs/cfssl.json

@@ -0,0 +1,58 @@
+{
+  "signing": {
+    "default": {
+      "expiry": "8760h"
+    },
+    "profiles": {
+      "intermediate_ca": {
+        "usages": [
+            "signing",
+            "digital signature",
+            "key encipherment",
+            "cert sign",
+            "crl sign",
+            "server auth",
+            "client auth"
+        ],
+        "expiry": "8760h",
+        "ca_constraint": {
+            "is_ca": true,
+            "max_path_len": 0, 
+            "max_path_len_zero": true
+        }
+      },
+      "peer": {
+        "usages": [
+            "signing",
+            "digital signature",
+            "key encipherment", 
+            "data encipherment",
+            "client auth",
+            "server auth"
+        ],
+        "expiry": "8760h"
+      },
+      "server": {
+        "usages": [
+          "signing",
+          "digital signing",
+          "key encipherment",
+          "data encipherment",
+          "server auth"
+        ],
+        "expiry": "8760h"
+      },
+      "client": {
+        "usages": [
+          "signing",
+          "digital signature",
+          "key encipherment", 
+          "data encipherment",
+          "client auth"
+        ],
+        "expiry": "8760h"
+      }
+    }
+  }
+}
+

docker/config/1.x/certs/host.json

@@ -0,0 +1,19 @@
+{
+  "CN": "HOST",
+  "key": {
+    "algo": "rsa",
+    "size": 2048
+  },
+  "names": [
+  {
+    "C": "US",
+    "L": "California",
+    "O": "Wazuh",
+    "OU": "Wazuh"
+  }
+  ],
+  "hosts": [
+    "HOST",
+    "localhost"
+  ]
+}

docker/config/1.x/filebeat/filebeat.yml

@@ -0,0 +1,21 @@
+# Wazuh - Filebeat configuration file
+filebeat.modules:
+  - module: wazuh
+    alerts:
+      enabled: true
+    archives:
+      enabled: false
+
+setup.template.json.enabled: true
+setup.template.json.path: "/etc/filebeat/wazuh-template.json"
+setup.template.json.name: "wazuh"
+setup.template.overwrite: true
+setup.ilm.enabled: false
+output.elasticsearch:
+  hosts: ["https://os1:9200"]
+  username: "admin"
+  password: "admin"
+  ssl.verification_mode: full
+  ssl.certificate_authorities: ["/etc/ssl/elastic/ca.pem"]
+  ssl.certificate: "/etc/ssl/elastic/filebeat.pem"
+  ssl.key: "/etc/ssl/elastic/filebeat-key.pem"

docker/config/1.x/os/config-saml.yml

@@ -0,0 +1,40 @@
+---
+_meta:
+  type: "config"
+  config_version: 2
+
+config:
+  dynamic:
+    http:
+      anonymous_auth_enabled: false
+    authc:
+      internal_auth:
+        order: 0
+        description: "HTTP basic authentication using the internal user database"
+        http_enabled: true
+        transport_enabled: true
+        http_authenticator:
+          type: basic
+          challenge: false
+        authentication_backend:
+          type: internal
+      saml_auth:
+        order: 1
+        description: "Keycloack SAML provider"
+        http_enabled: true
+        transport_enabled: false
+        http_authenticator:
+          type: saml
+          challenge: true
+          config:
+            idp:
+              metadata_url: http://idp:8080/realms/wazuh/protocol/saml/descriptor
+              entity_id: http://idp:8080/realms/wazuh
+            sp:
+              entity_id: wazuh
+              signature_private_key_filepath: "certs/admin-key.pem"
+            kibana_url: https://localhost:5601
+            roles_key: Role
+            exchange_key: 1a2a3a4a5a6a7a8a9a0a1b2b3b4b5b6b
+        authentication_backend:
+          type: noop

docker/config/1.x/os/config.yml

@@ -0,0 +1,20 @@
+---
+_meta:
+  type: "config"
+  config_version: 2
+
+config:
+  dynamic:
+    http:
+      anonymous_auth_enabled: false
+    authc:
+      internal_auth:
+        order: 0
+        description: "HTTP basic authentication using the internal user database"
+        http_enabled: true
+        transport_enabled: true
+        http_authenticator:
+          type: basic
+          challenge: false
+        authentication_backend:
+          type: internal

docker/config/1.x/os/internal_users.yml

@@ -0,0 +1,74 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+wazuh_admin:
+  hash: "$2y$12$d2awHiOYvZjI88VfsDON.u6buoBol0gYPJEgdG1ArKVE0OMxViFfu"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: ["wazuh_ui_admin"]
+  static: false
+
+wazuh_user:
+  hash: "$2y$12$BQixeoQdRubZdVf/7sq1suHwiVRnSst1.lPI2M0.GPZms4bq2D9vO"
+  reserved: true
+  hidden: false
+  backend_roles: []
+  attributes: {}
+  opendistro_security_roles: ["wazuh_ui_user"]
+  static: false
+
+## Demo users
+
+admin:
+  hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG"
+  reserved: true
+  backend_roles:
+    - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+    - "kibanauser"
+    - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+    - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+    - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+    - "snapshotrestore"
+  description: "Demo snapshotrestore user"

docker/config/1.x/os/opensearch.yml

@@ -0,0 +1,42 @@
+network.host: "0.0.0.0"
+node.name: "os1"
+path.data: /var/lib/os1
+path.logs: /var/log/os1
+# comment compatibility.override_main_response_version for 2.0.0
+compatibility.override_main_response_version: true
+plugins.security.ssl.http.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.http.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.http.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.transport.pemcert_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.pem
+plugins.security.ssl.transport.pemkey_filepath: ${OPENSEARCH_PATH_CONF}/certs/os1.key
+plugins.security.ssl.transport.pemtrustedcas_filepath: ${OPENSEARCH_PATH_CONF}/certs/ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+  - "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+  - "CN=os1,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+  - "all_access"
+  - "security_rest_api_access"
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices:
+  [
+    ".opendistro-alerting-config",
+    ".opendistro-alerting-alert*",
+    ".opendistro-anomaly-results*",
+    ".opendistro-anomaly-detector*",
+    ".opendistro-anomaly-checkpoints",
+    ".opendistro-anomaly-detection-state",
+    ".opendistro-reports-*",
+    ".opendistro-notifications-*",
+    ".opendistro-notebooks",
+    ".opensearch-observability",
+    ".opendistro-asynchronous-search-response*",
+    ".replication-metadata-store",
+  ]
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false