├── .github
    └── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   └── feature_request.md
├── LICENSE.md
├── README.md
├── assets
    └── images
    │   └── k8s-helm-wazuh-img.png
├── docker
    ├── Dockerfile
    ├── scripts
    │   ├── entrypoint.sh
    │   └── manage_agent_key.py
    └── template.ignore
    │   ├── runOnHost.sh
    │   ├── wait.sh
    │   └── wazuh-agent-install-cfm.yaml
└── wazuh-kubernetes
    ├── Chart.yaml
    ├── appData.yaml
    ├── indentifier.yaml
    ├── issuer.yaml
    ├── metadata.yaml
    ├── scripts
        ├── data.sh
        ├── deploy.sh
        ├── remove.sh
        ├── test.sh
        └── upgrade.sh
    ├── templates
        ├── _helpers.tpl
        ├── config-map
        │   ├── elasticsearch.yml
        │   ├── wazuh-agent.yaml
        │   ├── wazuh-master.yaml
        │   └── wazuh-workers.yaml
        ├── daemonset
        │   └── wazuh-agent.yaml
        ├── deployment
        │   └── kibana.yaml
        ├── rbac
        │   └── wazuh-agent.yaml
        ├── rolebinding
        │   └── wazuh-agent.yaml
        ├── secrets
        │   ├── elastic-cred.yaml
        │   ├── kibana-certs.yaml
        │   ├── odfe-ssl-certs.yaml
        │   ├── wazuh-api-cred.yaml
        │   ├── wazuh-authd-pass.yaml
        │   └── wazuh-cluster-key.yaml
        ├── service
        │   ├── elasticsearch-api.yaml
        │   ├── elasticsearch-svc.yaml
        │   ├── elasticsearch.yaml
        │   ├── kibana.yaml
        │   ├── wazuh-cluster.yaml
        │   ├── wazuh-master.yaml
        │   └── wazuh-workers.yaml
        ├── serviceaccount
        │   └── wazuh-agent.yaml
        ├── statefulset
        │   ├── elasticsearch.yaml
        │   ├── wazuh-master.yaml
        │   └── wazuh-worker.yaml
        └── storage-class
        │   └── minikube-standard-default.yaml
    └── values.yaml


/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Bug report
 3 | about: Create a report to help us improve
 4 | title: ''
 5 | labels: ''
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | **Describe the bug**
11 | A clear and concise description of what the bug is.
12 | 
13 | **To Reproduce**
14 | Steps to reproduce the behavior:
15 | 1. Go to '...'
16 | 2. Click on '....'
17 | 3. Scroll down to '....'
18 | 4. See error
19 | 
20 | **Expected behavior**
21 | A clear and concise description of what you expected to happen.
22 | 
23 | **Screenshots**
24 | If applicable, add screenshots to help explain your problem.
25 | 
26 | **Desktop (please complete the following information):**
27 |  - OS: [e.g. iOS]
28 |  - Browser [e.g. chrome, safari]
29 |  - Version [e.g. 22]
30 | 
31 | **Smartphone (please complete the following information):**
32 |  - Device: [e.g. iPhone6]
33 |  - OS: [e.g. iOS8.1]
34 |  - Browser [e.g. stock browser, safari]
35 |  - Version [e.g. 22]
36 | 
37 | **Additional context**
38 | Add any other context about the problem here.
39 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Feature request
 3 | about: Suggest an idea for this project
 4 | title: ''
 5 | labels: ''
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 | 
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 | 
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 | 
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 | 


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
  1 | 
  2 |                     GNU GENERAL PUBLIC LICENSE
  3 |                        Version 2, June 1991
  4 | 
  5 |  Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
  6 |  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  7 |  Everyone is permitted to copy and distribute verbatim copies
  8 |  of this license document, but changing it is not allowed.
  9 | 
 10 |                             Preamble
 11 | 
 12 |   The licenses for most software are designed to take away your
 13 | freedom to share and change it.  By contrast, the GNU General Public
 14 | License is intended to guarantee your freedom to share and change free
 15 | software--to make sure the software is free for all its users.  This
 16 | General Public License applies to most of the Free Software
 17 | Foundation's software and to any other program whose authors commit to
 18 | using it.  (Some other Free Software Foundation software is covered by
 19 | the GNU Lesser General Public License instead.)  You can apply it to
 20 | your programs, too.
 21 | 
 22 |   When we speak of free software, we are referring to freedom, not
 23 | price.  Our General Public Licenses are designed to make sure that you
 24 | have the freedom to distribute copies of free software (and charge for
 25 | this service if you wish), that you receive source code or can get it
 26 | if you want it, that you can change the software or use pieces of it
 27 | in new free programs; and that you know you can do these things.
 28 | 
 29 |   To protect your rights, we need to make restrictions that forbid
 30 | anyone to deny you these rights or to ask you to surrender the rights.
 31 | These restrictions translate to certain responsibilities for you if you
 32 | distribute copies of the software, or if you modify it.
 33 | 
 34 |   For example, if you distribute copies of such a program, whether
 35 | gratis or for a fee, you must give the recipients all the rights that
 36 | you have.  You must make sure that they, too, receive or can get the
 37 | source code.  And you must show them these terms so they know their
 38 | rights.
 39 | 
 40 |   We protect your rights with two steps: (1) copyright the software, and
 41 | (2) offer you this license which gives you legal permission to copy,
 42 | distribute and/or modify the software.
 43 | 
 44 |   Also, for each author's protection and ours, we want to make certain
 45 | that everyone understands that there is no warranty for this free
 46 | software.  If the software is modified by someone else and passed on, we
 47 | want its recipients to know that what they have is not the original, so
 48 | that any problems introduced by others will not reflect on the original
 49 | authors' reputations.
 50 | 
 51 |   Finally, any free program is threatened constantly by software
 52 | patents.  We wish to avoid the danger that redistributors of a free
 53 | program will individually obtain patent licenses, in effect making the
 54 | program proprietary.  To prevent this, we have made it clear that any
 55 | patent must be licensed for everyone's free use or not licensed at all.
 56 | 
 57 |   The precise terms and conditions for copying, distribution and
 58 | modification follow.
 59 | 
 60 |                     GNU GENERAL PUBLIC LICENSE
 61 |    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 62 | 
 63 |   0. This License applies to any program or other work which contains
 64 | a notice placed by the copyright holder saying it may be distributed
 65 | under the terms of this General Public License.  The "Program", below,
 66 | refers to any such program or work, and a "work based on the Program"
 67 | means either the Program or any derivative work under copyright law:
 68 | that is to say, a work containing the Program or a portion of it,
 69 | either verbatim or with modifications and/or translated into another
 70 | language.  (Hereinafter, translation is included without limitation in
 71 | the term "modification".)  Each licensee is addressed as "you".
 72 | 
 73 | Activities other than copying, distribution and modification are not
 74 | covered by this License; they are outside its scope.  The act of
 75 | running the Program is not restricted, and the output from the Program
 76 | is covered only if its contents constitute a work based on the
 77 | Program (independent of having been made by running the Program).
 78 | Whether that is true depends on what the Program does.
 79 | 
 80 |   1. You may copy and distribute verbatim copies of the Program's
 81 | source code as you receive it, in any medium, provided that you
 82 | conspicuously and appropriately publish on each copy an appropriate
 83 | copyright notice and disclaimer of warranty; keep intact all the
 84 | notices that refer to this License and to the absence of any warranty;
 85 | and give any other recipients of the Program a copy of this License
 86 | along with the Program.
 87 | 
 88 | You may charge a fee for the physical act of transferring a copy, and
 89 | you may at your option offer warranty protection in exchange for a fee.
 90 | 
 91 |   2. You may modify your copy or copies of the Program or any portion
 92 | of it, thus forming a work based on the Program, and copy and
 93 | distribute such modifications or work under the terms of Section 1
 94 | above, provided that you also meet all of these conditions:
 95 | 
 96 |     a) You must cause the modified files to carry prominent notices
 97 |     stating that you changed the files and the date of any change.
 98 | 
 99 |     b) You must cause any work that you distribute or publish, that in
100 |     whole or in part contains or is derived from the Program or any
101 |     part thereof, to be licensed as a whole at no charge to all third
102 |     parties under the terms of this License.
103 | 
104 |     c) If the modified program normally reads commands interactively
105 |     when run, you must cause it, when started running for such
106 |     interactive use in the most ordinary way, to print or display an
107 |     announcement including an appropriate copyright notice and a
108 |     notice that there is no warranty (or else, saying that you provide
109 |     a warranty) and that users may redistribute the program under
110 |     these conditions, and telling the user how to view a copy of this
111 |     License.  (Exception: if the Program itself is interactive but
112 |     does not normally print such an announcement, your work based on
113 |     the Program is not required to print an announcement.)
114 | 
115 | These requirements apply to the modified work as a whole.  If
116 | identifiable sections of that work are not derived from the Program,
117 | and can be reasonably considered independent and separate works in
118 | themselves, then this License, and its terms, do not apply to those
119 | sections when you distribute them as separate works.  But when you
120 | distribute the same sections as part of a whole which is a work based
121 | on the Program, the distribution of the whole must be on the terms of
122 | this License, whose permissions for other licensees extend to the
123 | entire whole, and thus to each and every part regardless of who wrote it.
124 | 
125 | Thus, it is not the intent of this section to claim rights or contest
126 | your rights to work written entirely by you; rather, the intent is to
127 | exercise the right to control the distribution of derivative or
128 | collective works based on the Program.
129 | 
130 | In addition, mere aggregation of another work not based on the Program
131 | with the Program (or with a work based on the Program) on a volume of
132 | a storage or distribution medium does not bring the other work under
133 | the scope of this License.
134 | 
135 |   3. You may copy and distribute the Program (or a work based on it,
136 | under Section 2) in object code or executable form under the terms of
137 | Sections 1 and 2 above provided that you also do one of the following:
138 | 
139 |     a) Accompany it with the complete corresponding machine-readable
140 |     source code, which must be distributed under the terms of Sections
141 |     1 and 2 above on a medium customarily used for software interchange; or,
142 | 
143 |     b) Accompany it with a written offer, valid for at least three
144 |     years, to give any third party, for a charge no more than your
145 |     cost of physically performing source distribution, a complete
146 |     machine-readable copy of the corresponding source code, to be
147 |     distributed under the terms of Sections 1 and 2 above on a medium
148 |     customarily used for software interchange; or,
149 | 
150 |     c) Accompany it with the information you received as to the offer
151 |     to distribute corresponding source code.  (This alternative is
152 |     allowed only for noncommercial distribution and only if you
153 |     received the program in object code or executable form with such
154 |     an offer, in accord with Subsection b above.)
155 | 
156 | The source code for a work means the preferred form of the work for
157 | making modifications to it.  For an executable work, complete source
158 | code means all the source code for all modules it contains, plus any
159 | associated interface definition files, plus the scripts used to
160 | control compilation and installation of the executable.  However, as a
161 | special exception, the source code distributed need not include
162 | anything that is normally distributed (in either source or binary
163 | form) with the major components (compiler, kernel, and so on) of the
164 | operating system on which the executable runs, unless that component
165 | itself accompanies the executable.
166 | 
167 | If distribution of executable or object code is made by offering
168 | access to copy from a designated place, then offering equivalent
169 | access to copy the source code from the same place counts as
170 | distribution of the source code, even though third parties are not
171 | compelled to copy the source along with the object code.
172 | 
173 |   4. You may not copy, modify, sublicense, or distribute the Program
174 | except as expressly provided under this License.  Any attempt
175 | otherwise to copy, modify, sublicense or distribute the Program is
176 | void, and will automatically terminate your rights under this License.
177 | However, parties who have received copies, or rights, from you under
178 | this License will not have their licenses terminated so long as such
179 | parties remain in full compliance.
180 | 
181 |   5. You are not required to accept this License, since you have not
182 | signed it.  However, nothing else grants you permission to modify or
183 | distribute the Program or its derivative works.  These actions are
184 | prohibited by law if you do not accept this License.  Therefore, by
185 | modifying or distributing the Program (or any work based on the
186 | Program), you indicate your acceptance of this License to do so, and
187 | all its terms and conditions for copying, distributing or modifying
188 | the Program or works based on it.
189 | 
190 |   6. Each time you redistribute the Program (or any work based on the
191 | Program), the recipient automatically receives a license from the
192 | original licensor to copy, distribute or modify the Program subject to
193 | these terms and conditions.  You may not impose any further
194 | restrictions on the recipients' exercise of the rights granted herein.
195 | You are not responsible for enforcing compliance by third parties to
196 | this License.
197 | 
198 |   7. If, as a consequence of a court judgment or allegation of patent
199 | infringement or for any other reason (not limited to patent issues),
200 | conditions are imposed on you (whether by court order, agreement or
201 | otherwise) that contradict the conditions of this License, they do not
202 | excuse you from the conditions of this License.  If you cannot
203 | distribute so as to satisfy simultaneously your obligations under this
204 | License and any other pertinent obligations, then as a consequence you
205 | may not distribute the Program at all.  For example, if a patent
206 | license would not permit royalty-free redistribution of the Program by
207 | all those who receive copies directly or indirectly through you, then
208 | the only way you could satisfy both it and this License would be to
209 | refrain entirely from distribution of the Program.
210 | 
211 | If any portion of this section is held invalid or unenforceable under
212 | any particular circumstance, the balance of the section is intended to
213 | apply and the section as a whole is intended to apply in other
214 | circumstances.
215 | 
216 | It is not the purpose of this section to induce you to infringe any
217 | patents or other property right claims or to contest validity of any
218 | such claims; this section has the sole purpose of protecting the
219 | integrity of the free software distribution system, which is
220 | implemented by public license practices.  Many people have made
221 | generous contributions to the wide range of software distributed
222 | through that system in reliance on consistent application of that
223 | system; it is up to the author/donor to decide if he or she is willing
224 | to distribute software through any other system and a licensee cannot
225 | impose that choice.
226 | 
227 | This section is intended to make thoroughly clear what is believed to
228 | be a consequence of the rest of this License.
229 | 
230 |   8. If the distribution and/or use of the Program is restricted in
231 | certain countries either by patents or by copyrighted interfaces, the
232 | original copyright holder who places the Program under this License
233 | may add an explicit geographical distribution limitation excluding
234 | those countries, so that distribution is permitted only in or among
235 | countries not thus excluded.  In such case, this License incorporates
236 | the limitation as if written in the body of this License.
237 | 
238 |   9. The Free Software Foundation may publish revised and/or new versions
239 | of the General Public License from time to time.  Such new versions will
240 | be similar in spirit to the present version, but may differ in detail to
241 | address new problems or concerns.
242 | 
243 | Each version is given a distinguishing version number.  If the Program
244 | specifies a version number of this License which applies to it and "any
245 | later version", you have the option of following the terms and conditions
246 | either of that version or of any later version published by the Free
247 | Software Foundation.  If the Program does not specify a version number of
248 | this License, you may choose any version ever published by the Free Software
249 | Foundation.
250 | 
251 |   10. If you wish to incorporate parts of the Program into other free
252 | programs whose distribution conditions are different, write to the author
253 | to ask for permission.  For software which is copyrighted by the Free
254 | Software Foundation, write to the Free Software Foundation; we sometimes
255 | make exceptions for this.  Our decision will be guided by the two goals
256 | of preserving the free status of all derivatives of our free software and
257 | of promoting the sharing and reuse of software generally.
258 | 
259 |                             NO WARRANTY
260 | 
261 |   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
262 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
263 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
264 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
265 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
266 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
267 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
268 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
269 | REPAIR OR CORRECTION.
270 | 
271 |   12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
272 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
273 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
274 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
275 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
276 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
277 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
278 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
279 | POSSIBILITY OF SUCH DAMAGES.
280 | 
281 |                      END OF TERMS AND CONDITIONS
282 | 
283 |             How to Apply These Terms to Your New Programs
284 | 
285 |   If you develop a new program, and you want it to be of the greatest
286 | possible use to the public, the best way to achieve this is to make it
287 | free software which everyone can redistribute and change under these terms.
288 | 
289 |   To do so, attach the following notices to the program.  It is safest
290 | to attach them to the start of each source file to most effectively
291 | convey the exclusion of warranty; and each file should have at least
292 | the "copyright" line and a pointer to where the full notice is found.
293 | 
294 |     <one line to give the program's name and a brief idea of what it does.>
295 |     Copyright (C) <year>  <name of author>
296 | 
297 |     This program is free software; you can redistribute it and/or modify
298 |     it under the terms of the GNU General Public License as published by
299 |     the Free Software Foundation; either version 2 of the License, or
300 |     (at your option) any later version.
301 | 
302 |     This program is distributed in the hope that it will be useful,
303 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
304 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
305 |     GNU General Public License for more details.
306 | 
307 |     You should have received a copy of the GNU General Public License along
308 |     with this program; if not, write to the Free Software Foundation, Inc.,
309 |     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
310 | 
311 | Also add information on how to contact you by electronic and paper mail.
312 | 
313 | If the program is interactive, make it output a short notice like this
314 | when it starts in an interactive mode:
315 | 
316 |     Gnomovision version 69, Copyright (C) year name of author
317 |     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
318 |     This is free software, and you are welcome to redistribute it
319 |     under certain conditions; type `show c' for details.
320 | 
321 | The hypothetical commands `show w' and `show c' should show the appropriate
322 | parts of the General Public License.  Of course, the commands you use may
323 | be called something other than `show w' and `show c'; they could even be
324 | mouse-clicks or menu items--whatever suits your program.
325 | 
326 | You should also get your employer (if you work as a programmer) or your
327 | school, if any, to sign a "copyright disclaimer" for the program, if
328 | necessary.  Here is a sample; alter the names:
329 | 
330 |   Yoyodyne, Inc., hereby disclaims all copyright interest in the program
331 |   `Gnomovision' (which makes passes at compilers) written by James Hacker.
332 | 
333 |   {signature of Ty Coon}, 1 April 1989
334 |   Ty Coon, President of Vice
335 | 
336 | This General Public License does not permit incorporating your program into
337 | proprietary programs.  If your program is a subroutine library, you may
338 | consider it more useful to permit linking proprietary applications with the
339 | library.  If this is what you want to do, use the GNU Lesser General
340 | Public License instead of this License.
341 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Wazuh Kubernetes Helm Chart
  2 | 
  3 | [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/)
  4 | [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh)
  5 | [![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com)
  6 | [![Documentation](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com)
  7 | 
  8 | Deploy a Wazuh cluster using Helm quickly to Kubernetes.
  9 | 
 10 | ## Author of the repo
 11 | 
 12 | Karolis Jovaisas
 13 | 
 14 | ## File Structure
 15 | ```bash
 16 | ├── assets
 17 | │   ├── documents
 18 | │   └── images
 19 | │       └── k8s-helm-wazuh-img.png
 20 | ├── docker
 21 | │   ├── Dockerfile
 22 | │   ├── scripts
 23 | │   │   ├── entrypoint.sh
 24 | │   │   └── manage_agent_key.py
 25 | │   └── template.ignore
 26 | │       ├── runOnHost.sh
 27 | │       ├── wait.sh
 28 | │       └── wazuh-agent-install-cfm.yaml
 29 | ├── LICENSE.md
 30 | ├── README.md
 31 | └── wazuh-kubernetes
 32 |     ├── Chart.yaml
 33 |     ├── indentifier.yaml
 34 |     ├── issuer.yaml
 35 |     ├── scripts
 36 |     │   ├── data.sh
 37 |     │   ├── deploy.sh
 38 |     │   ├── remove.sh
 39 |     │   ├── test.sh
 40 |     │   └── upgrade.sh
 41 |     ├── templates
 42 |     │   ├── config-map
 43 |     │   │   ├── elasticsearch.yml
 44 |     │   │   ├── wazuh-agent.yaml
 45 |     │   │   ├── wazuh-master.yaml
 46 |     │   │   └── wazuh-workers.yaml
 47 |     │   ├── daemonset
 48 |     │   │   └── wazuh-agent.yaml
 49 |     │   ├── deployment
 50 |     │   │   └── kibana.yaml
 51 |     │   ├── _helpers.tpl
 52 |     │   ├── rbac
 53 |     │   │   └── wazuh-agent.yaml
 54 |     │   ├── rolebinding
 55 |     │   │   └── wazuh-agent.yaml
 56 |     │   ├── secrets
 57 |     │   │   ├── elastic-cred.yaml
 58 |     │   │   ├── kibana-certs.yaml
 59 |     │   │   ├── odfe-ssl-certs.yaml
 60 |     │   │   ├── wazuh-api-cred.yaml
 61 |     │   │   ├── wazuh-authd-pass.yaml
 62 |     │   │   └── wazuh-cluster-key.yaml
 63 |     │   ├── service
 64 |     │   │   ├── elasticsearch-api.yaml
 65 |     │   │   ├── elasticsearch-svc.yaml
 66 |     │   │   ├── kibana.yaml
 67 |     │   │   ├── wazuh-cluster.yaml
 68 |     │   │   ├── wazuh-master.yaml
 69 |     │   │   └── wazuh-workers.yaml
 70 |     │   ├── serviceaccount
 71 |     │   │   └── wazuh-agent.yaml
 72 |     │   └── statefulset 
 73 |     │       ├── elasticsearch.yaml
 74 |     │       ├── wazuh-master.yaml
 75 |     │       └── wazuh-worker.yaml
 76 |     └── values.yaml
 77 | ```
 78 | 
 79 | ## Documentation
 80 | 
 81 | ***TODO***
 82 | 
 83 | 
 84 | ## Branches
 85 | 
 86 | `master` contains latest code and is not considered to be `stable`.
 87 | If you find any bugs feel free to create a PR.
 88 | 
 89 | ### Helm Version
 90 | 
 91 | Currently the chart is written using Helm 2 (__v2.16.12__) refactoring to Helm3 hasn't been planned yet
 92 |  but deffinetly might be happening in the future.
 93 | 
 94 | ## Local development
 95 | <!-- 
 96 | To deploy a cluster on your local environment (like Minikube, Kind or Microk8s) read the instructions on [local-environment.md](assets/documents/local-environment.md). -->
 97 | 
 98 | To deploy a cluster on your local environment just navigate to `wazuh-kubernetes/scripts` and execute `test.sh` script to see if everything is linting correctly, afterwards you can deploy it quickly to your Kubernetes using script `deploy.sh`
 99 | 
100 | When you are done with the testing or work, you can use script named `remove.sh` to delete the deployment from your kubernetes environment.
101 | 
102 | ### Wazuh Agent Dockerfile image
103 | ![Docker Cloud Automated build](https://img.shields.io/docker/cloud/automated/kajov/wazuh-agent-installer)
104 | ![Docker Cloud Build Status](https://img.shields.io/docker/cloud/build/kajov/wazuh-agent-installer)
105 | [![Docker Image Version (latest semver)](https://img.shields.io/docker/v/kajov/wazuh-agent-installer)](https://hub.docker.com/r/kajov/wazuh-agent-installer)
106 | ![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/kajov/wazuh-agent-installer?sort=date)
107 | ![Docker Pulls](https://img.shields.io/docker/pulls/kajov/wazuh-agent-installer)
108 | 
109 | ## Contribute
110 | 
111 | If you want to contribute to the project please don't hesitate to send a pull request.
112 | 
113 | ## About Wazuh
114 | 
115 | Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.
116 | 
117 | Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Besides, Wazuh has been fully integrated with the Elastic Stack, providing a search engine and data visualization tool that allows users to navigate through their security alerts.
118 | 
119 | ## Orchestration
120 | 
121 | Here you can find all the automation tools maintained by the Wazuh team.
122 | 
123 | * [Wazuh AWS CloudFormation](https://github.com/wazuh/wazuh-cloudformation)
124 | 
125 | * [Docker containers](https://github.com/wazuh/wazuh-docker)
126 | 
127 | * [Wazuh Ansible](https://github.com/wazuh/wazuh-ansible)
128 | 
129 | * [Wazuh Chef](https://github.com/wazuh/wazuh-chef)
130 | 
131 | * [Wazuh Puppet](https://github.com/wazuh/wazuh-puppet)
132 | 
133 | * [Wazuh Kubernetes](https://github.com/wazuh/wazuh-kubernetes)
134 | 
135 | * [Wazuh Bosh](https://github.com/wazuh/wazuh-bosh)
136 | 
137 | * [Wazuh Salt](https://github.com/wazuh/wazuh-salt)
138 | 
139 | ## Documentation
140 | 
141 | * [Full documentation](http://documentation.wazuh.com)
142 | * [Wazuh installation guide](https://documentation.wazuh.com/current/installation-guide/index.html)
143 | * [Deploying Wazuh with Helm](TO_BE_FILLED)
144 | 
145 | ## License and copyright
146 | 
147 | WAZUH
148 | Copyright (C) 2016-2021 Wazuh Inc.  (License GPLv2)
149 | 
150 | ## References
151 | 
152 | * [Wazuh website](http://wazuh.com)
153 | 
154 | ## Credits and Thank you
155 | 
156 | Based on the previous work from Wazuh team [wazuh/wazuh-kubernetes](https://github.com/wazuh/wazuh-kubernetes) (2021/02/15)
157 | 


--------------------------------------------------------------------------------
/assets/images/k8s-helm-wazuh-img.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kajov/wazuh-kubernetes-helmchart/96343a03f20e64061de79bc8ea757ef8b379dcb3/assets/images/k8s-helm-wazuh-img.png


--------------------------------------------------------------------------------
/docker/Dockerfile:
--------------------------------------------------------------------------------
 1 | # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
 2 | FROM ubuntu:18.04
 3 | 
 4 | # Dependencies
 5 | RUN apt-get update && \
 6 |     apt-get install software-properties-common curl apt-transport-https lsb-release python python-pip openssl -y &&\
 7 |     pip install docker \
 8 |     pip install kubernetes &&\
 9 |     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* &&\
10 |     mkdir /scripts /config
11 | 
12 | # Install osquery
13 | RUN apt-get update &&\
14 |     apt-get install -y wget gpgv apt-transport-https ca-certificates gnupg2 &&\
15 |     echo "deb [arch=amd64] https://pkg.osquery.io/deb deb main" | tee /etc/apt/sources.list.d/osquery.list &&\
16 |     apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B && \
17 |     apt-get update &&\
18 |     apt-get install -y osquery &&\
19 |     apt-get update
20 | 
21 | # Install the Wazuh agent
22 | RUN curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.0.4-1_amd64.deb && dpkg -i ./wazuh-agent.deb
23 | 
24 | # Scripts
25 | ADD docker/scripts/manage_agent_key.py /scripts/manage_agent_key.py
26 | 
27 | # Entrypoint
28 | ADD docker/scripts/entrypoint.sh /entrypoint.sh
29 | RUN chmod 755 /entrypoint.sh
30 | 
31 | ENTRYPOINT ["/entrypoint.sh"]
32 | 


--------------------------------------------------------------------------------
/docker/scripts/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copyright (C) 2015-2019, Wazuh Inc.
 4 | # Created by Wazuh, Inc. .
 5 | # This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2
 6 | 
 7 | WA_KEY=`python /scripts/manage_agent_key.py -n $NODE_NAME`
 8 | 
 9 | #Setting up Wazuh Agent
10 | if [ $WA_KEY == 'NOTFOUND' ]; then
11 |     /var/ossec/bin/agent-auth -d -m ${W_MANAGER} -A $NODE_NAME
12 |     NEW_WA_KEY=$(printf "`cat /var/ossec/etc/client.keys`" | base64 | tr -d \\n)
13 |     python /scripts/manage_agent_key.py -k ${NEW_WA_KEY} -n $NODE_NAME
14 | else
15 |     yes | /var/ossec/bin/manage_agents -i $WA_KEY
16 | fi
17 | 
18 | service wazuh-agent restart
19 | sleep infinity


--------------------------------------------------------------------------------
/docker/scripts/manage_agent_key.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | 
 3 | import logging
 4 | import base64
 5 | import argparse
 6 | import sys
 7 | from kubernetes import config, client
 8 | 
 9 | ########################## Global variables ##########################
10 | 
11 | # Analysisd socket address
12 | secret = 'agent-key'
13 | namespace = 'wazuh-agent'
14 | 
15 | parser = argparse.ArgumentParser()
16 | parser.add_argument("-k", "--key", action="store", dest="key", help="Agent key.")
17 | parser.add_argument("-n", "--node", action="store", dest="node",help="Read from NODE_NAME")
18 | args = parser.parse_args()
19 | 
20 | 
21 | ########################## Common functions ##########################
22 | def create_secret(new_key):
23 |     node = args.node
24 |     new_secret = ('{}-{}').format(secret, node)
25 |     config.load_incluster_config()
26 |     v1 = client.CoreV1Api()
27 |     metadata = {'name': new_secret, 'namespace': namespace}
28 |     message_bytes = new_key.encode('ascii')
29 |     base64_bytes = base64.b64encode(message_bytes)
30 |     base64_new_key = base64_bytes.decode('ascii')
31 |     data = {'agent.key': base64_new_key}
32 |     print(str(data))
33 |     api_version = 'v1'
34 |     kind = 'Secret'
35 |     body = client.V1Secret(api_version, data , kind, metadata)
36 |     api_response = v1.create_namespaced_secret(namespace, body)
37 | 
38 | def read_secret(node):
39 |     config.load_incluster_config()
40 |     v1 = client.CoreV1Api()
41 |     secret_name = ('{}-{}').format(secret, node)
42 |     sec = str(v1.read_namespaced_secret(secret_name, namespace).data)
43 |     key = base64.b64decode(sec.strip().split()[1].translate(None, '}\''))
44 |     return key
45 | 
46 | ########################## Main workflow #############################
47 | 
48 | 
49 | if __name__ == '__main__':
50 |     try:
51 |         node = args.node
52 |         new_key = args.key
53 |         if new_key:
54 |            create_secret(new_key)
55 |         else:
56 |            key = read_secret(node)
57 |            print(key)
58 |     except Exception as e:
59 |     	print('NOTFOUND')


--------------------------------------------------------------------------------
/docker/template.ignore/runOnHost.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # Copy installation script to host
 4 | cp /tmp/install.sh /host
 5 | 
 6 | # Copy wait script to the host
 7 | cp /wait.sh /host
 8 | 
 9 | # Wait for updates to complete
10 | /usr/bin/nsenter -t 1 -a -- chmod u+x /var/wait.sh
11 | 
12 | # Give execute priv to script
13 | /usr/bin/nsenter -t 1 -a -- chmod u+x /var/install.sh
14 | 
15 | # Wait for Node updates to complete
16 | /usr/bin/nsenter -t 1 -a /var/wait.sh
17 | 
18 | # If the /tmp folder is mounted on the host then it can run the script
19 | /usr/bin/nsenter -t 1 -a /var/install.sh
20 | 
21 | # Sleep so that the Pod in the DaemonSet does not exit
22 | sleep infinity


--------------------------------------------------------------------------------
/docker/template.ignore/wait.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | while sudo fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/null 2>&1; do sleep 1; done


--------------------------------------------------------------------------------
/docker/template.ignore/wazuh-agent-install-cfm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ConfigMap
 3 | metadata:
 4 |   name: wazuh-agent-installer-config
 5 |   namespace: qc-track
 6 | data:
 7 |   install.sh: |
 8 |     #/bin/bash
 9 |     
10 |     sudo -i
11 |     #fix env language
12 |     export LC_ALL="C"
13 |     
14 |     ##install dependencies
15 |     apt-get update && \
16 |     apt-get install curl apt-transport-https lsb-release python python-pip openssl -y &&\
17 |     pip install docker \
18 |     pip install kubernetes &&\
19 |     apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* &&\
20 |     mkdir /scripts /config
21 |     
22 |     #Install OSQuery
23 |     apt-get update &&\
24 |     apt-get install -y wget gpgv apt-transport-https ca-certificates gnupg2 &&\
25 |     echo "deb [arch=amd64] https://pkg.osquery.io/deb deb main" | tee /etc/apt/sources.list.d/osquery.list &&\
26 |     apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 1484120AC4E9F8A1A577AEEE97A80C63C9D8B80B && \
27 |     apt-get update &&\
28 |     apt-get install -y osquery &&\
29 |     apt-get update
30 |     
31 |     #Install Wazuh agent
32 |     curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.0.4-1_amd64.deb && dpkg -i ./wazuh-agent.deb
33 |     
34 |     systemctl daemon-reload
35 |     systemctl enable wazuh-agent
36 |     systemctl start wazuh-agent


--------------------------------------------------------------------------------
/wazuh-kubernetes/Chart.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | name: wazuh-kubernetes
 3 | version: 1
 4 | appVersion: 4.0.4_1.11.0
 5 | description: Wazuh is centralized Security Information Event Management(SIEM) and Vulnerability inteligence and threat monitoring application
 6 | home: https://wazuh.com
 7 | icon: https://avatars.githubusercontent.com/u/13752566?s=200&v=4
 8 | sources:
 9 |   - https://github.com/wazuh/wazuh
10 |   - https://github.com/wazuh/wazuh-kubernetes
11 |   - https://github.com/wazuh/wazuh-kibana-app
12 |   - https://github.com/wazuh/wazuh-rulesets
13 |   - https://github.com/wazuh/wazuh-docker
14 |   - https://github.com/wazuh/wazuh-ansamble
15 |   - https://github.com/wazuh/wazuh-api
16 | engine: gotpl
17 | tillerVersion: ">=2.8.0"
18 | maintainers:
19 |   - name: Karolis Jovaisas
20 |     email: kajovaisas9@gmail.com
21 |     github: kajov
22 | keywords:
23 |   - security
24 |   - information
25 |   - threat
26 |   - management
27 |   - centralized
28 |   - kubernetes
29 |   - wazuh
30 |   - kibana
31 |   - opendistro
32 |   - elasticsearch


--------------------------------------------------------------------------------
/wazuh-kubernetes/appData.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kajov/wazuh-kubernetes-helmchart/96343a03f20e64061de79bc8ea757ef8b379dcb3/wazuh-kubernetes/appData.yaml


--------------------------------------------------------------------------------
/wazuh-kubernetes/indentifier.yaml:
--------------------------------------------------------------------------------
1 | identifier:
2 |   clusterId: autogenerated
3 |   tenantId: autogenerated
4 |   tenantName: autogenerated
5 |   spaceId: autogenerated
6 |   spaceName: autogenerated
7 |   appId: autogenerated
8 |   appName: autogenerated
9 | 


--------------------------------------------------------------------------------
/wazuh-kubernetes/issuer.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kajov/wazuh-kubernetes-helmchart/96343a03f20e64061de79bc8ea757ef8b379dcb3/wazuh-kubernetes/issuer.yaml


--------------------------------------------------------------------------------
/wazuh-kubernetes/metadata.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kajov/wazuh-kubernetes-helmchart/96343a03f20e64061de79bc8ea757ef8b379dcb3/wazuh-kubernetes/metadata.yaml


--------------------------------------------------------------------------------
/wazuh-kubernetes/scripts/data.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | export CLUSTER_ID="minikube"
 3 | 
 4 | export SPACE_NAME="wazuh"
 5 | # export SPACE_ID=""
 6 | # export KUBE_NAMESPACE="${SPACE_NAME}-${SPACE_ID}"
 7 | export KUBE_NAMESPACE="${SPACE_NAME}"
 8 | 
 9 | 
10 | export APP_NAME="wazuh"
11 | ## generate new app_id with nanoid
12 | export APP_ID="m419ld912kghas2"
13 | export HELM_RELEASE_NAME="${APP_NAME}-${APP_ID}"
14 | 
15 | export HELM_VALUES_PATH="../values.yaml"
16 | export HELM_CHART_PATH=".."
17 | export HELM_METADATA="../metadata.yaml"
18 | export HELM_APPDATA="../appData.yaml"


--------------------------------------------------------------------------------
/wazuh-kubernetes/scripts/deploy.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | . ./data.sh
 4 | echo $HELM_RELEASE_NAME
 5 | 
 6 | helm install --name $HELM_RELEASE_NAME \
 7 |     --namespace $KUBE_NAMESPACE $HELM_CHART_PATH \
 8 |     -f $HELM_VALUES_PATH -f $HELM_METADATA -f $HELM_APPDATA \
 9 |     --set identifier.appId=${APP_ID} \
10 |     --set identifier.appName=${APP_NAME} \
11 |     --set identifier.spaceId=${SPACE_ID} \
12 |     --set identifier.spaceName=${SPACE_NAME} \
13 |     --set identifier.clusterId=${CLUSTER_ID} \
14 |     --debug --no-hooks
15 | 


--------------------------------------------------------------------------------
/wazuh-kubernetes/scripts/remove.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | . ./data.sh
3 | echo $HELM_RELEASE_NAME
4 | 
5 | helm delete $HELM_RELEASE_NAME --purge --debug
6 | 


--------------------------------------------------------------------------------
/wazuh-kubernetes/scripts/test.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | export KUBE_NAMESPACE="${SPACE_NAME}-${SPACE_ID}"
 3 | 
 4 | . ./data.sh
 5 | echo $HELM_RELEASE_NAME
 6 | 
 7 | echo "Test Linting..."
 8 | helm lint \
 9 |     --namespace $KUBE_NAMESPACE $HELM_CHART_PATH \
10 |     -f $HELM_VALUES_PATH -f $HELM_METADATA -f $HELM_APPDATA \
11 |     --set identifier.appId=${APP_ID} \
12 |     --set identifier.appName=${APP_NAME} \
13 |     --set identifier.spaceId=${SPACE_ID} \
14 |     --set identifier.spaceName=${SPACE_NAME} \
15 |     --set identifier.clusterId=${CLUSTER_ID} \
16 | 
17 | echo "Test Templating..."
18 | helm install --name $HELM_RELEASE_NAME \
19 |     --namespace $KUBE_NAMESPACE $HELM_CHART_PATH \
20 |     -f $HELM_VALUES_PATH -f $HELM_METADATA -f $HELM_APPDATA \
21 |     --set identifier.appId=${APP_ID} \
22 |     --set identifier.appName=${APP_NAME} \
23 |     --set identifier.spaceId=${SPACE_ID} \
24 |     --set identifier.spaceName=${SPACE_NAME} \
25 |     --set identifier.clusterId=${CLUSTER_ID} \
26 |     --debug --dry-run  --wait --no-hooks
27 | 


--------------------------------------------------------------------------------
/wazuh-kubernetes/scripts/upgrade.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | . ./data.sh
 4 | echo $HELM_RELEASE_NAME
 5 | 
 6 | helm upgrade $HELM_RELEASE_NAME \
 7 | --namespace $KUBE_NAMESPACE $HELM_CHART_PATH --debug -f $HELM_VALUES_PATH -f $HELM_METADATA -f $HELM_APPDATA \
 8 | --set identifier.appId=${APP_ID} \
 9 | --set identifier.appName=${APP_NAME} \
10 | --set identifier.spaceId=${SPACE_ID} \
11 | --set identifier.spaceName=${SPACE_NAME} \
12 | --set identifier.clusterId=${CLUSTER_ID} \
13 | --no-hooks


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/_helpers.tpl:
--------------------------------------------------------------------------------
  1 | {{/* vim: set filetype=mustache: */}}
  2 | {{/*
  3 | Expand the name of the chart.
  4 | */}}
  5 | {{- define "wazuh.name" -}}
  6 | {{ include "appIdentifier" .Values.identifier }}-wazuh
  7 | {{- end -}}
  8 | 
  9 | {{/*
 10 | Create a default fully qualified app name.
 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 12 | */}}
 13 | {{- define "wazuh.fullname" -}}
 14 | {{ include "appIdentifier" .Values.identifier }}-wazuh
 15 | {{- end -}}
 16 | {{/*
 17 | Create a fully qualified elasticsearch name.
 18 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 19 | */}}
 20 | {{- define "wazuh.elasticsearch.name" -}}
 21 | {{ include "appIdentifier" .Values.identifier }}-elasticsearch
 22 | {{- end -}}
 23 | 
 24 | {{- define "wazuh.elasticsearch.fullname" -}}
 25 | {{ include "appIdentifier" .Values.identifier }}-elasticsearch
 26 | {{- end -}}
 27 | 
 28 | 
 29 | {{- define "wazuh.kibana.name" -}}
 30 | {{ include "appIdentifier" .Values.identifier }}-kibana
 31 | {{- end -}}
 32 | {{/*
 33 | Create a fully qualified kibana name.
 34 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 35 | */}}
 36 | {{- define "wazuh.kibana.fullname" -}}
 37 | {{ include "appIdentifier" .Values.identifier }}-kibana
 38 | {{- end -}}
 39 | 
 40 | {{/*
 41 | Create a fully qualified Wazuh Agent DaemonSet name.
 42 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 43 | */}}
 44 | {{- define "wazuh.agent.name" -}}
 45 | {{ include "appIdentifier" .Values.identifier }}-agent
 46 | {{- end -}}
 47 | 
 48 | {{- define "wazuh.agent.fullname" -}}
 49 | {{ include "appIdentifier" .Values.identifier }}-agent
 50 | {{- end -}}
 51 | 
 52 | {{/*
 53 | Create the name of the service account to use for the agent daemonset
 54 | */}}
 55 | {{- define "wazuh.serviceAccountName.agent" -}}
 56 | {{- if .Values.agent.serviceAccount.create -}}
 57 | {{ default (include "wazuh.agent.fullname" .)  .Values.agent.serviceAccount.name }}
 58 | {{- else -}}
 59 | {{ default "default" .Values.agent.serviceAccounts.alertmanager.name }}
 60 | {{- end -}}
 61 | {{- end -}}
 62 | 
 63 | {{/* vim: set filetype=mustache: */}}
 64 | {{/*
 65 | Builds the full AppIdentifier, which is used for Kubernetes Objects
 66 | */}}
 67 | {{- define "appIdentifier" -}}
 68 | {{ .appName }}-{{ .appId }}
 69 | {{- end -}}
 70 | 
 71 | {{/*
 72 | Builds the full SpaceIdentifier, which is used for Namespaces
 73 | */}}
 74 | {{- define "spaceIdentifier" -}}
 75 | {{ .spaceName }}-{{ .spaceId }}
 76 | {{- end -}}
 77 | 
 78 | {{/*
 79 | Builds the full DNS of a Service
 80 | */}}
 81 | {{- define "serviceName" -}}
 82 | {{ template "appIdentifier" }}.{{ template "spaceIdentifier" }}
 83 | {{- end -}}
 84 | 
 85 | {{- define "dynamicEnvTemplate" -}}
 86 | {{- with .Values.api.config.envReplacement }}
 87 | {{ tpl . $ | indent 10 }}
 88 | {{- end -}}
 89 | {{- end -}}
 90 | 
 91 | {{- define "annotations" -}}
 92 | clusterId: {{ .Values.identifier.clusterId }}
 93 | tenantId: {{ .Values.identifier.tenantId }}
 94 | tenantName: {{ .Values.identifier.tenantName }}
 95 | appId: {{ .Values.identifier.appId }}
 96 | appName: {{ .Values.identifier.appName }}
 97 | spaceId: {{ .Values.identifier.spaceId }}
 98 | spaceName: {{ .Values.identifier.spaceName }}
 99 | {{- end -}}
100 | 
101 | {{- define "labels" -}}
102 | clusterId: {{ .Values.identifier.clusterId }}
103 | tenantId: {{ .Values.identifier.tenantId }}
104 | tenantName: {{ .Values.identifier.tenantName }}
105 | appId: {{ .Values.identifier.appId }}
106 | appName: {{ .Values.identifier.appName }}
107 | spaceId: {{ .Values.identifier.spaceId }}
108 | spaceName: {{ .Values.identifier.spaceName }}
109 | {{- end -}}
110 | 
111 | {{- define "route53.dns.labels" -}}
112 | {{- if .Values.aws.elb.dns53.enabled -}}
113 | dns: route53
114 | {{- end -}}
115 | {{- end -}}
116 | 
117 | {{- define "aws.annotations" -}}
118 | {{- if and .Values.aws.elb.enabled .Values.aws.elb.wazuh_workers.enabled .Values.aws.elb.dns53.enabled -}}
119 | domainName: {{ .Values.aws.dns53.wazuhWorkerDomain | quote }}
120 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: {{ .Values.aws.elb.protocol }}
121 | service.beta.kubernetes.io/aws-load-balancer-ssl-ports: {{ .Values.aws.elb.kibana.port | quote }}
122 | service.beta.kubernetes.io/aws-load-balancer-backend-protocol: {{ .Values.aws.elb.kibana.backEnd | quote}}
123 | {{- end -}}
124 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/config-map/elasticsearch.yml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.elasticsearch.deployment.enabled -}}
  2 | apiVersion: v1
  3 | kind: ConfigMap
  4 | metadata:
  5 |   labels:
  6 | {{ include "labels" $ | indent 4 }}
  7 |     appComponent: Elasticsearch-ConfigMap
  8 |   annotations:
  9 | {{ include "annotations" $ | indent 4 }}
 10 |     appComponent: Elasticsearch-ConfigMap
 11 |   name: {{ template "wazuh.elasticsearch.fullname" . }}-config
 12 | data:
 13 |   config.yml: |-
 14 |     cluster.name: {{ .Values.elasticsearch.env.CLUSTER_NAME }}
 15 |     node.name: ${NODE_NAME}
 16 |     network.host: ${NETWORK_HOST:_local_}
 17 |     cluster.initial_master_nodes:
 18 |       - wazuh-m419ld912kghas2-elasticsearch-elasticsearch-0
 19 | 
 20 |     opendistro_security.ssl.transport.enabled: true
 21 |     opendistro_security.ssl.transport.pemcert_filepath: node.pem
 22 |     opendistro_security.ssl.transport.pemkey_filepath: node-key.pem
 23 |     opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
 24 |     opendistro_security.ssl.transport.enforce_hostname_verification: false
 25 |     opendistro_security.ssl.http.enabled: true
 26 |     opendistro_security.ssl.http.pemcert_filepath: node.pem
 27 |     opendistro_security.ssl.http.pemkey_filepath: node-key.pem
 28 |     opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
 29 |     opendistro_security.audit.type: internal_elasticsearch
 30 |     opendistro_security.audit.config.index: "'security-auditlog-'YYYY.MM"
 31 |     opendistro_security.allow_default_init_securityindex: true
 32 |     opendistro_security.authcz.admin_dn:
 33 |       - CN=admin,O=CompanyUS,L=California,C=US
 34 |     opendistro_security.nodes_dn:
 35 |       - CN=*.elasticsearch,O=CompanyUS,L=California,C=US
 36 |     opendistro_security.enable_snapshot_restore_privilege: true
 37 |     opendistro_security.check_snapshot_restore_write_privileges: true
 38 |     opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access", "service_full_access"]
 39 | 
 40 |     cluster.routing.allocation.disk.threshold_enabled: false
 41 | 
 42 |   internal_users.yml: |-
 43 |     _meta:
 44 |       type: "internalusers"
 45 |       config_version: 2
 46 | 
 47 |     # Define your internal users here
 48 | 
 49 |     ## Demo users
 50 | 
 51 |     admin:
 52 |       hash: {{ .Values.elasticsearch.internal_users.admin | quote }}
 53 |       reserved: true
 54 |       backend_roles:
 55 |         - "admin"
 56 |       description: "Demo admin user"
 57 | 
 58 |     kibanaserver:
 59 |       hash: {{ .Values.elasticsearch.internal_users.kibanaserver | quote }}
 60 |       reserved: true
 61 |       description: "Demo kibanaserver user"
 62 | 
 63 |     kibanaro:
 64 |       hash: {{ .Values.elasticsearch.internal_users.kibanaro | quote }}
 65 |       reserved: false
 66 |       backend_roles:
 67 |         - "kibanauser"
 68 |         - "readall"
 69 |       attributes:
 70 |         attribute1: "value1"
 71 |         attribute2: "value2"
 72 |         attribute3: "value3"
 73 |       description: "Demo kibanaro user"
 74 | 
 75 |     logstash:
 76 |       hash: {{ .Values.elasticsearch.internal_users.logstash | quote }}
 77 |       reserved: false
 78 |       backend_roles:
 79 |         - "logstash"
 80 |       description: "Demo logstash user"
 81 | 
 82 |     readall:
 83 |       hash: {{ .Values.elasticsearch.internal_users.readall | quote }}
 84 |       reserved: false
 85 |       backend_roles:
 86 |         - "readall"
 87 |       description: "Demo readall user"
 88 | 
 89 |     snapshotrestore:
 90 |       hash: {{ .Values.elasticsearch.internal_users.snapshotrestore | quote }}
 91 |       reserved: false
 92 |       backend_roles:
 93 |         - "snapshotrestore"
 94 |       description: "Demo snapshotrestore user"
 95 | 
 96 |     {{- if eq (.Values.elasticsearch.elkversion | substr 0 1) "7" }}
 97 | 
 98 |     {{- $master_name := printf "- %s-%s" .Release.Name "master-dpl" }}
 99 | 
100 |     cluster.initial_master_nodes:
101 |     {{- range $ordinal, $e := untilStep 0 (.Values.elasticsearch.master.replicas | int) 1 }}
102 |     {{ $master_name }}-{{ $ordinal }}
103 |     {{- end }}
104 | 
105 |     discovery.seed_hosts: ${DISCOVERY_SERVICE:}
106 | 
107 |     {{ else }}
108 |     discovery.zen.ping.unicast.hosts: ${DISCOVERY_SERVICE:}
109 |     #(master/2)+1
110 |     discovery.zen.minimum_master_nodes: ${NUMBER_OF_MASTERS:1}
111 |     {{ end }}
112 | 
113 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/config-map/wazuh-agent.yaml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.agent.deployment.enabled -}}
  2 | apiVersion: v1
  3 | kind: ConfigMap
  4 | metadata:
  5 |   labels:
  6 | {{ include "qlabels" $ | indent 4 }}
  7 |     appComponent: Wazuh-Agent-ConfigMap
  8 |   annotations:
  9 | {{ include "annotations" $ | indent 4 }}
 10 |     appComponents: Wazuh-Agent-ConfigMap
 11 |   name: {{ template "wazuh.agent.fullname" . }}-config
 12 | data:
 13 |   ossec.conf: |-
 14 |     <!--
 15 |       Wazuh - Agent - Default configuration for ubuntu 20.04
 16 |       More info at: https://documentation.wazuh.com
 17 |       Mailing list: https://groups.google.com/forum/#!forum/wazuh
 18 |     -->
 19 | 
 20 |     <ossec_config>
 21 |       <client>
 22 |         <server>
 23 |           <address>WAZUH_MANAGER_WORKER_LOAD_BALANCER_URL/IP_OR_FQDN_URL</address>
 24 |           <port>1514</port>
 25 |           <protocol>tcp</protocol>
 26 |         </server>
 27 |         <config-profile>ubuntu, ubuntu20, ubuntu20.04, ubuntu16, ubuntu16.04</config-profile>
 28 |         <notify_time>10</notify_time>
 29 |         <time-reconnect>10</time-reconnect>
 30 |         <auto_restart>yes</auto_restart>
 31 |         <crypto_method>aes</crypto_method>
 32 |       </client>
 33 | 
 34 |       <auth>
 35 |         <use_password>yes</use_password>
 36 |       </auth>
 37 | 
 38 |       <client_buffer>
 39 |         <!-- Agent buffer options -->
 40 |         <disabled>no</disabled>
 41 |         <queue_size>5000</queue_size>
 42 |         <events_per_second>500</events_per_second>
 43 |       </client_buffer>
 44 | 
 45 |       <!-- Policy monitoring -->
 46 |       <rootcheck>
 47 |         <disabled>no</disabled>
 48 |         <check_files>yes</check_files>
 49 |         <check_trojans>yes</check_trojans>
 50 |         <check_dev>yes</check_dev>
 51 |         <check_sys>yes</check_sys>
 52 |         <check_pids>yes</check_pids>
 53 |         <check_ports>yes</check_ports>
 54 |         <check_if>yes</check_if>
 55 | 
 56 |         <!-- Frequency that rootcheck is executed - every 12 hours -->
 57 |         <frequency>43200</frequency>
 58 | 
 59 |         <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
 60 |         <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
 61 | 
 62 |         <skip_nfs>yes</skip_nfs>
 63 | 
 64 |         <rule id="100100" level="0">
 65 |             <if_group>rootcheck</if_group>
 66 |             <match>/dev/.blkid.tab</match>
 67 |             <description>Ignore false positive for /dev/.blkid.tab</description>
 68 |         </rule>
 69 | 
 70 |       </rootcheck>
 71 | 
 72 |       <wodle name="docker-listener">
 73 |         <disabled>no</disabled>
 74 |         <attempts>10</attempts>
 75 |         <run_on_start>yes</run_on_start>
 76 |         <interval>5m</interval>
 77 |       </wodle>
 78 | 
 79 |       <wodle name="open-scap">
 80 |         <disabled>no</disabled>
 81 |         <timeout>1800</timeout>
 82 |         <interval>1d</interval>
 83 |         <scan-on-start>yes</scan-on-start>
 84 | 
 85 |         <content type="xccdf" path="ssg-centos-7-ds.xml">
 86 |           <profile>xccdf_org.ssgproject.content_profile_pci-dss</profile>
 87 |           <profile>xccdf_org.ssgproject.content_profile_common</profile>
 88 |         </content>
 89 |       </wodle>
 90 |       
 91 |       <wodle name="cis-cat">
 92 |         <disabled>yes</disabled>
 93 |         <timeout>600</timeout>
 94 |         <interval>15m</interval>
 95 |         <scan-on-start>yes</scan-on-start>
 96 | 
 97 |         <java_path>/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin</java_path>
 98 |         <ciscat_path>wodles/ciscat</ciscat_path>
 99 | 
100 |         <content type="xccdf" path="benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml">
101 |           <profile>xccdf_org.cisecurity.benchmarks_profile_Level_2_-_Server</profile>
102 |         </content>
103 |         
104 |       </wodle>
105 | 
106 |       <!-- Osquery integration -->
107 |       <wodle name="osquery">
108 |         <disabled>no</disabled>
109 |         <run_daemon>yes</run_daemon>
110 |         <log_path>/var/log/osquery/osqueryd.results.log</log_path>
111 |         <config_path>/etc/osquery/osquery.conf</config_path>
112 |         <add_labels>yes</add_labels>
113 |       </wodle>
114 | 
115 |       <!-- Virustotal inegration -->
116 |       <integration>
117 |         <name>virustotal</name>
118 |         <api_key>VIRUS_TOTAL_API_KEY</api_key> <!-- Replace with your VirusTotal API key -->
119 |         <group>syscheck</group>
120 |         <alert_format>json</alert_format>
121 |       </integration>
122 | 
123 |       <!-- System inventory -->
124 |       <wodle name="syscollector">
125 |         <disabled>no</disabled>
126 |         <interval>1h</interval>
127 |         <scan_on_start>yes</scan_on_start>
128 |         <hardware>yes</hardware>
129 |         <os>yes</os>
130 |         <network>yes</network>
131 |         <packages>yes</packages>
132 |         <ports all="no">yes</ports>
133 |         <processes>yes</processes>
134 |       </wodle>
135 | 
136 |       <sca>
137 |         <enabled>yes</enabled>
138 |         <scan_on_start>yes</scan_on_start>
139 |         <interval>12h</interval>
140 |         <skip_nfs>yes</skip_nfs>
141 |       </sca>
142 | 
143 |       <!-- File integrity monitoring -->
144 |       <syscheck>
145 |         <disabled>no</disabled>
146 | 
147 |         <!-- Frequency that syscheck is executed default every 12 hours -->
148 |         <frequency>900</frequency>
149 | 
150 |         <scan_on_start>yes</scan_on_start>
151 | 
152 |         <!-- Directories to check  (perform all possible verifications) -->
153 |         <directories>/etc,/usr/bin,/usr/sbin</directories>
154 |         <directories>/bin,/sbin,/boot</directories>
155 |         <directories check_all="yes" realtime="yes">/media/user/software</directories>
156 |         <directories check_all="yes" realtime="yes">/home</directories>
157 |         <directories check_all="yes" realtime="yes">/etc</directories>
158 |         
159 |         <!-- Files/directories to ignore -->
160 |         <ignore>/etc/mtab</ignore>
161 |         <ignore>/etc/hosts.deny</ignore>
162 |         <ignore>/etc/mail/statistics</ignore>
163 |         <ignore>/etc/random-seed</ignore>
164 |         <ignore>/etc/random.seed</ignore>
165 |         <ignore>/etc/adjtime</ignore>
166 |         <ignore>/etc/httpd/logs</ignore>
167 |         <ignore>/etc/utmpx</ignore>
168 |         <ignore>/etc/wtmpx</ignore>
169 |         <ignore>/etc/cups/certs</ignore>
170 |         <ignore>/etc/dumpdates</ignore>
171 |         <ignore>/etc/svc/volatile</ignore>
172 | 
173 |         <!-- File types to ignore -->
174 |         <ignore type="sregex">.log$|.swp$</ignore>
175 | 
176 |         <!-- Check the file, but never compute the diff -->
177 |         <nodiff>/etc/ssl/private.key</nodiff>
178 | 
179 |         <skip_nfs>yes</skip_nfs>
180 |         <skip_dev>yes</skip_dev>
181 |         <skip_proc>yes</skip_proc>
182 |         <skip_sys>yes</skip_sys>
183 | 
184 |         <!-- Nice value for Syscheck process -->
185 |         <process_priority>10</process_priority>
186 | 
187 |         <!-- Maximum output throughput -->
188 |         <max_eps>100</max_eps>
189 | 
190 |         <!-- Database synchronization settings -->
191 |         <synchronization>
192 |           <enabled>yes</enabled>
193 |           <interval>5m</interval>
194 |           <max_interval>1h</max_interval>
195 |           <max_eps>10</max_eps>
196 |         </synchronization>
197 | 
198 |         <!-- Maximum number of files to be monitored -->
199 |         <file_limit>
200 |             <enabled>no</enabled>
201 |             <entries>1000000</entries>
202 |         </file_limit>
203 |       </syscheck>
204 | 
205 |       <!-- Log analysis -->
206 |       <localfile>
207 |         <log_format>apache</log_format>
208 |         <location>/var/log/nginx/access.log</location>
209 |       </localfile>
210 | 
211 |       <localfile>
212 |         <log_format>apache</log_format>
213 |         <location>/var/log/nginx/error.log</location>
214 |       </localfile>
215 | 
216 |       <localfile>
217 |         <log_format>syslog</log_format>
218 |         <location>/var/ossec/logs/active-responses.log</location>
219 |       </localfile>
220 | 
221 |       <localfile>
222 |         <log_format>syslog</log_format>
223 |         <location>/var/log/auth.log</location>
224 |       </localfile>
225 | 
226 |       <localfile>
227 |         <log_format>syslog</log_format>
228 |         <location>/var/log/syslog</location>
229 |       </localfile>
230 | 
231 |       <localfile>
232 |         <log_format>syslog</log_format>
233 |         <location>/var/log/dpkg.log</location>
234 |       </localfile>
235 | 
236 |       <localfile>
237 |         <log_format>syslog</log_format>
238 |         <location>/var/log/kern.log</location>
239 |       </localfile>
240 | 
241 |       <localfile>
242 |         <log_format>command</log_format>
243 |         <command>df -P</command>
244 |         <frequency>360</frequency>
245 |       </localfile>
246 | 
247 |       <localfile>
248 |         <log_format>full_command</log_format>
249 |         <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
250 |         <alias>netstat listening ports</alias>
251 |         <frequency>360</frequency>
252 |       </localfile>
253 | 
254 |       <localfile>
255 |         <log_format>full_command</log_format>
256 |         <command>last -n 20</command>
257 |         <frequency>360</frequency>
258 |       </localfile>
259 | 
260 |       <localfile>
261 |           <location>/var/log/*.log</location>
262 |           <log_format>syslog</log_format>
263 |       </localfile>
264 | 
265 |       <!-- Active response -->
266 |       <active-response>
267 |         <disabled>no</disabled>
268 |         <ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
269 |         <ca_verification>yes</ca_verification>
270 |       </active-response>
271 | 
272 |       <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
273 |       <logging>
274 |         <log_format>plain</log_format>
275 |       </logging>
276 | 
277 |     </ossec_config>
278 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/config-map/wazuh-master.yaml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.wazuh.deployment.enabled -}}
  2 | apiVersion: v1
  3 | kind: ConfigMap
  4 | metadata:
  5 |   labels:
  6 | {{ include "labels" $ | indent 4 }}
  7 |     appComponent: Wazuh-Master-ConfigMap
  8 |   annotations:
  9 | {{ include "annotations" $ | indent 4 }}
 10 |     appComponent: Wazuh-Master-ConfigMap
 11 |   name: {{ template "wazuh.fullname" . }}-master-config
 12 | data:
 13 |   ossec.conf: |-
 14 |     <!--
 15 |     Wazuh - Manager - Default configuration for ubuntu 18.04
 16 |     More info at: https://documentation.wazuh.com
 17 |     Mailing list: https://groups.google.com/forum/#!forum/wazuh
 18 |     Customization: TCP on port 1514
 19 |     Customization: Cluster mode enabled, master node
 20 |     -->
 21 |     <ossec_config>
 22 |       <global>
 23 |         <jsonout_output>yes</jsonout_output>
 24 |         <alerts_log>yes</alerts_log>
 25 |         <logall>no</logall>
 26 |         <logall_json>no</logall_json>
 27 |         <email_notification>no</email_notification>
 28 |         <smtp_server>smtp.sendgrid.net:587</smtp_server>
 29 |         <email_from>cloud@hms-dev.com</email_from>
 30 |         <email_to>youremail@email.comc</email_to>
 31 |         <email_maxperhour>4</email_maxperhour>
 32 |         <queue_size>131072</queue_size>
 33 |       </global>
 34 |       <alerts>
 35 |         <log_alert_level>3</log_alert_level>
 36 |         <email_alert_level>12</email_alert_level>
 37 |       </alerts>
 38 |       <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
 39 |       <logging>
 40 |         <log_format>plain</log_format>
 41 |       </logging>
 42 |       <remote>
 43 |         <connection>secure</connection>
 44 |         <port>1514</port>
 45 |         <protocol>tcp</protocol>
 46 |         <queue_size>131072</queue_size>
 47 |       </remote>
 48 |       <!-- Policy monitoring -->
 49 |       <rootcheck>
 50 |         <disabled>no</disabled>
 51 |         <check_unixaudit>yes</check_unixaudit>
 52 |         <check_files>yes</check_files>
 53 |         <check_trojans>yes</check_trojans>
 54 |         <check_dev>yes</check_dev>
 55 |         <check_sys>yes</check_sys>
 56 |         <check_pids>yes</check_pids>
 57 |         <check_ports>yes</check_ports>
 58 |         <check_if>yes</check_if>
 59 |         <!-- Frequency that rootcheck is executed - every 12 hours -->
 60 |         <frequency>43200</frequency>
 61 |         <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
 62 |         <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
 63 |         <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
 64 |         <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
 65 |         <skip_nfs>yes</skip_nfs>
 66 |       </rootcheck>
 67 |       <wodle name="docker-listener">
 68 |         <disabled>no</disabled>
 69 |       </wodle>
 70 |       <wodle name="open-scap">
 71 |         <disabled>yes</disabled>
 72 |         <timeout>1800</timeout>
 73 |         <interval>1d</interval>
 74 |         <scan-on-start>yes</scan-on-start>
 75 |       </wodle>
 76 |       <wodle name="cis-cat">
 77 |         <disabled>yes</disabled>
 78 |         <timeout>1800</timeout>
 79 |         <interval>1d</interval>
 80 |         <scan-on-start>yes</scan-on-start>
 81 |         <java_path>wodles/java</java_path>
 82 |         <ciscat_path>wodles/ciscat</ciscat_path>
 83 |       </wodle>
 84 |       <!-- Osquery integration -->
 85 |       <wodle name="osquery">
 86 |         <disabled>no</disabled>
 87 |         <run_daemon>yes</run_daemon>
 88 |         <log_path>/var/log/osquery/osqueryd.results.log</log_path>
 89 |         <config_path>/etc/osquery/osquery.conf</config_path>
 90 |         <add_labels>yes</add_labels>
 91 |       </wodle>
 92 |       <!-- VirusTotal integration -->
 93 |       <integration>
 94 |         <name>VirusTotal</name>
 95 |         <api_key>{{ .Values.virusTotalAPI }}</api_key>
 96 |         <!-- Required for PagerDuty and VirusTotal -->
 97 |         <group>syscheck</group>
 98 |         <alert_format>json</alert_format>
 99 |       </integration>
100 |       <!-- Slack integration -->
101 |       <integration>
102 |         <name>slack</name>
103 |         <hook_url>CHANGE_ME</hook_url>
104 |         <!-- Replace with your Slack hook URL -->
105 |         <alert_format>json</alert_format>
106 |       </integration>
107 |       <!-- System inventory -->
108 |       <wodle name="syscollector">
109 |         <disabled>no</disabled>
110 |         <interval>1h</interval>
111 |         <scan_on_start>yes</scan_on_start>
112 |         <hardware>yes</hardware>
113 |         <os>yes</os>
114 |         <network>yes</network>
115 |         <packages>yes</packages>
116 |         <ports all="no">yes</ports>
117 |         <processes>yes</processes>
118 |       </wodle>
119 |       <vulnerability-detector>
120 |         <enabled>yes</enabled>
121 |         <interval>5m</interval>
122 |         <ignore_time>1h</ignore_time>
123 |         <run_on_start>yes</run_on_start>
124 |         <!-- Ubuntu OS vulnerabilities -->
125 |         <provider name="canonical">
126 |           <enabled>yes</enabled>
127 |           <os>trusty</os>
128 |           <os>xenial</os>
129 |           <os>bionic</os>
130 |           <os>focal</os>
131 |           <update_interval>5m</update_interval>
132 |         </provider>
133 |         <!-- Debian OS vulnerabilities -->
134 |         <provider name="debian">
135 |           <enabled>yes</enabled>
136 |           <os>stretch</os>
137 |           <os>buster</os>
138 |           <update_interval>55</update_interval>
139 |         </provider>
140 |         <!-- RedHat OS vulnerabilities -->
141 |         <provider name="redhat">
142 |           <enabled>yes</enabled>
143 |           <os>5</os>
144 |           <os>6</os>
145 |           <os>7</os>
146 |           <os>8</os>
147 |           <update_interval>5m</update_interval>
148 |         </provider>
149 |         <!-- Windows OS vulnerabilities -->
150 |         <provider name="msu">
151 |           <enabled>yes</enabled>
152 |           <update_interval>5m</update_interval>
153 |         </provider>
154 |         <!-- Aggregate vulnerabilities -->
155 |         <provider name="nvd">
156 |           <enabled>yes</enabled>
157 |           <update_from_year>2010</update_from_year>
158 |           <update_interval>5m</update_interval>
159 |         </provider>
160 |       </vulnerability-detector>
161 |       <!-- File integrity monitoring -->
162 |       <syscheck>
163 |         <disabled>no</disabled>
164 |         <!-- Frequency that syscheck is executed default every 12 hours -->
165 |         <frequency>43200</frequency>
166 |         <scan_on_start>yes</scan_on_start>
167 |         <!-- Generate alert when new file detected -->
168 |         <alert_new_files>yes</alert_new_files>
169 |         <!-- Don't ignore files that change more than 'frequency' times -->
170 |         <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
171 |         <!-- Directories to check  (perform all possible verifications) -->
172 |         <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
173 |         <directories check_all="yes">/bin,/sbin,/boot</directories>
174 |         <!-- Files/directories to ignore -->
175 |         <ignore>/etc/mtab</ignore>
176 |         <ignore>/etc/hosts.deny</ignore>
177 |         <ignore>/etc/mail/statistics</ignore>
178 |         <ignore>/etc/random-seed</ignore>
179 |         <ignore>/etc/random.seed</ignore>
180 |         <ignore>/etc/adjtime</ignore>
181 |         <ignore>/etc/httpd/logs</ignore>
182 |         <ignore>/etc/utmpx</ignore>
183 |         <ignore>/etc/wtmpx</ignore>
184 |         <ignore>/etc/cups/certs</ignore>
185 |         <ignore>/etc/dumpdates</ignore>
186 |         <ignore>/etc/svc/volatile</ignore>
187 |         <ignore>/sys/kernel/security</ignore>
188 |         <ignore>/sys/kernel/debug</ignore>
189 |         <!-- Check the file, but never compute the diff -->
190 |         <nodiff>/etc/ssl/private.key</nodiff>
191 |         <skip_nfs>yes</skip_nfs>
192 |         <!-- Remove not monitored files -->
193 |         <remove_old_diff>yes</remove_old_diff>
194 |         <!-- Allow the system to restart Auditd after installing the plugin -->
195 |         <restart_audit>yes</restart_audit>
196 |       </syscheck>
197 |       <!-- Active response -->
198 |       <global>
199 |         <white_list>127.0.0.1</white_list>
200 |         <white_list>^localhost.localdomain$</white_list>
201 |         <white_list>10.66.0.2</white_list>
202 |       </global>
203 |       <command>
204 |         <name>disable-account</name>
205 |         <executable>disable-account.sh</executable>
206 |         <expect>user</expect>
207 |         <timeout_allowed>yes</timeout_allowed>
208 |       </command>
209 |       <command>
210 |         <name>restart-ossec</name>
211 |         <executable>restart-ossec.sh</executable>
212 |         <expect/>
213 |       </command>
214 |       <command>
215 |         <name>firewall-drop</name>
216 |         <executable>firewall-drop.sh</executable>
217 |         <expect>srcip</expect>
218 |         <timeout_allowed>yes</timeout_allowed>
219 |       </command>
220 |       <command>
221 |         <name>host-deny</name>
222 |         <executable>host-deny.sh</executable>
223 |         <expect>srcip</expect>
224 |         <timeout_allowed>yes</timeout_allowed>
225 |       </command>
226 |       <command>
227 |         <name>route-null</name>
228 |         <executable>route-null.sh</executable>
229 |         <expect>srcip</expect>
230 |         <timeout_allowed>yes</timeout_allowed>
231 |       </command>
232 |       <command>
233 |         <name>win_route-null</name>
234 |         <executable>route-null.cmd</executable>
235 |         <expect>srcip</expect>
236 |         <timeout_allowed>yes</timeout_allowed>
237 |       </command>
238 |       <command>
239 |         <name>win_route-null-2012</name>
240 |         <executable>route-null-2012.cmd</executable>
241 |         <expect>srcip</expect>
242 |         <timeout_allowed>yes</timeout_allowed>
243 |       </command>
244 |       <command>
245 |         <name>netsh</name>
246 |         <executable>netsh.cmd</executable>
247 |         <expect>srcip</expect>
248 |         <timeout_allowed>yes</timeout_allowed>
249 |       </command>
250 |       <command>
251 |         <name>netsh-win-2016</name>
252 |         <executable>netsh-win-2016.cmd</executable>
253 |         <expect>srcip</expect>
254 |         <timeout_allowed>yes</timeout_allowed>
255 |       </command>
256 |       <!--
257 |     <active-response>
258 |     active-response options here
259 |     </active-response>
260 |     -->
261 |       <!-- Log analysis -->
262 |       <localfile>
263 |         <log_format>command</log_format>
264 |         <command>df -P</command>
265 |         <frequency>360</frequency>
266 |       </localfile>
267 |       <localfile>
268 |         <log_format>full_command</log_format>
269 |         <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
270 |         <alias>netstat listening ports</alias>
271 |         <frequency>360</frequency>
272 |       </localfile>
273 |       <localfile>
274 |         <log_format>full_command</log_format>
275 |         <command>last -n 20</command>
276 |         <frequency>360</frequency>
277 |       </localfile>
278 |       <ruleset>
279 |         <!-- Default ruleset -->
280 |         <decoder_dir>ruleset/decoders</decoder_dir>
281 |         <rule_dir>ruleset/rules</rule_dir>
282 |         <rule_exclude>0215-policy_rules.xml</rule_exclude>
283 |         <list>etc/lists/audit-keys</list>
284 |         <list>etc/lists/amazon/aws-sources</list>
285 |         <list>etc/lists/amazon/aws-eventnames</list>
286 |         <!-- User-defined ruleset -->
287 |         <decoder_dir>etc/decoders</decoder_dir>
288 |         <rule_dir>etc/rules</rule_dir>
289 |       </ruleset>
290 |       <!-- Configuration for ossec-authd
291 |     To enable this service, run:
292 |     ossec-control enable auth
293 |     -->
294 |       <auth>
295 |         <disabled>no</disabled>
296 |         <port>1515</port>
297 |         <use_source_ip>no</use_source_ip>
298 |         <force_insert>no</force_insert>
299 |         <force_time>0</force_time>
300 |         <purge>no</purge>
301 |         <use_password>yes</use_password>
302 |         <limit_maxagents>yes</limit_maxagents>
303 |         <ciphers>ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM</ciphers>
304 |         <!-- <ssl_agent_ca></ssl_agent_ca> -->
305 |         <ssl_verify_host>no</ssl_verify_host>
306 |         <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
307 |         <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
308 |         <ssl_auto_negotiate>no</ssl_auto_negotiate>
309 |       </auth>
310 |       <cluster>
311 |         <name>wazuh</name>
312 |         <node_name>wazuh-manager-master</node_name>
313 |         <node_type>master</node_type>
314 |         <key>INSERT_WAZUH_CLUSTER_SECRET_KEY</key>
315 |         <port>1516</port>
316 |         <bind_addr>0.0.0.0</bind_addr>
317 |         <nodes>
318 |           <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
319 |         </nodes>
320 |         <hidden>no</hidden>
321 |         <disabled>no</disabled>
322 |       </cluster>
323 |     </ossec_config>
324 |     <ossec_config>
325 |       <localfile>
326 |         <log_format>syslog</log_format>
327 |         <location>/var/ossec/logs/active-responses.log</location>
328 |       </localfile>
329 |       <localfile>
330 |         <log_format>syslog</log_format>
331 |         <location>/var/log/syslog</location>
332 |       </localfile>
333 |       <localfile>
334 |         <log_format>syslog</log_format>
335 |         <location>/var/log/dpkg.log</location>
336 |       </localfile>
337 |     </ossec_config>
338 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/config-map/wazuh-workers.yaml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.wazuh.deployment.enabled -}}
  2 | apiVersion: v1
  3 | kind: ConfigMap
  4 | metadata:
  5 |   labels:
  6 | {{ include "labels" $ | indent 4 }}
  7 |     appComponent: Wazuh-Worker-ConfigMap
  8 |   annotations:
  9 | {{ include "annotations" $ | indent 4 }}
 10 |     appComponent: Wazuh-Worker-ConfigMap
 11 |   name: {{ template "wazuh.fullname" . }}-worker-config
 12 | data:
 13 |   ossec.conf: |-
 14 |     <!--
 15 |       Wazuh - Manager - Default configuration for ubuntu 16.04
 16 |       More info at: https://documentation.wazuh.com
 17 |       Mailing list: https://groups.google.com/forum/#!forum/wazuh
 18 |     
 19 |       Customization: TCP on port 1514
 20 |       Customization: Cluster mode enabled, worker node
 21 |     -->
 22 |     <ossec_config>
 23 |       <global>
 24 |         <jsonout_output>yes</jsonout_output>
 25 |         <alerts_log>yes</alerts_log>
 26 |         <logall>no</logall>
 27 |         <logall_json>no</logall_json>
 28 |         <email_notification>no</email_notification>
 29 |         <smtp_server>smtp.example.wazuh.com</smtp_server>
 30 |         <email_from>ossecm@example.wazuh.com</email_from>
 31 |         <email_to>recipient@example.wazuh.com</email_to>
 32 |         <email_maxperhour>12</email_maxperhour>
 33 |         <queue_size>131072</queue_size>
 34 |       </global>
 35 |     
 36 |       <alerts>
 37 |         <log_alert_level>3</log_alert_level>
 38 |         <email_alert_level>12</email_alert_level>
 39 |       </alerts>
 40 |     
 41 |       <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
 42 |       <logging>
 43 |         <log_format>plain</log_format>
 44 |       </logging>
 45 |     
 46 |       <remote>
 47 |         <connection>secure</connection>
 48 |         <port>1514</port>
 49 |         <protocol>tcp</protocol>
 50 |         <queue_size>131072</queue_size>
 51 |       </remote>
 52 |     
 53 |       <!-- Policy monitoring -->
 54 |       <rootcheck>
 55 |         <disabled>no</disabled>
 56 |         <check_unixaudit>yes</check_unixaudit>
 57 |         <check_files>yes</check_files>
 58 |         <check_trojans>yes</check_trojans>
 59 |         <check_dev>yes</check_dev>
 60 |         <check_sys>yes</check_sys>
 61 |         <check_pids>yes</check_pids>
 62 |         <check_ports>yes</check_ports>
 63 |         <check_if>yes</check_if>
 64 |     
 65 |         <!-- Frequency that rootcheck is executed - every 12 hours -->
 66 |         <frequency>43200</frequency>
 67 |     
 68 |         <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
 69 |         <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
 70 |     
 71 |         <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
 72 |         <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
 73 |     
 74 |         <skip_nfs>yes</skip_nfs>
 75 |       </rootcheck>
 76 |     
 77 |       <wodle name="open-scap">
 78 |         <disabled>yes</disabled>
 79 |         <timeout>1800</timeout>
 80 |         <interval>1d</interval>
 81 |         <scan-on-start>yes</scan-on-start>
 82 |       </wodle>
 83 |     
 84 |       <wodle name="cis-cat">
 85 |         <disabled>yes</disabled>
 86 |         <timeout>1800</timeout>
 87 |         <interval>1d</interval>
 88 |         <scan-on-start>yes</scan-on-start>
 89 |     
 90 |         <java_path>wodles/java</java_path>
 91 |         <ciscat_path>wodles/ciscat</ciscat_path>
 92 |       </wodle>
 93 |     
 94 |       <!-- Osquery integration -->
 95 |       <wodle name="osquery">
 96 |         <disabled>yes</disabled>
 97 |         <run_daemon>yes</run_daemon>
 98 |         <log_path>/var/log/osquery/osqueryd.results.log</log_path>
 99 |         <config_path>/etc/osquery/osquery.conf</config_path>
100 |         <add_labels>yes</add_labels>
101 |       </wodle>
102 |     
103 |       <!-- System inventory -->
104 |       <wodle name="syscollector">
105 |         <disabled>no</disabled>
106 |         <interval>1h</interval>
107 |         <scan_on_start>yes</scan_on_start>
108 |         <hardware>yes</hardware>
109 |         <os>yes</os>
110 |         <network>yes</network>
111 |         <packages>yes</packages>
112 |         <ports all="no">yes</ports>
113 |         <processes>yes</processes>
114 |       </wodle>
115 |     
116 |       <vulnerability-detector>
117 |           <enabled>no</enabled>
118 |           <interval>5m</interval>
119 |           <ignore_time>6h</ignore_time>
120 |           <run_on_start>yes</run_on_start>
121 |     
122 |           <!-- Ubuntu OS vulnerabilities -->
123 |           <provider name="canonical">
124 |             <enabled>no</enabled>
125 |             <os>trusty</os>
126 |             <os>xenial</os>
127 |             <os>bionic</os>
128 |             <os>focal</os>
129 |             <update_interval>1h</update_interval>
130 |           </provider>
131 |     
132 |           <!-- Debian OS vulnerabilities -->
133 |           <provider name="debian">
134 |             <enabled>no</enabled>
135 |             <os>stretch</os>
136 |             <os>buster</os>
137 |             <update_interval>1h</update_interval>
138 |           </provider>
139 |     
140 |           <!-- RedHat OS vulnerabilities -->
141 |           <provider name="redhat">
142 |             <enabled>no</enabled>
143 |             <os>5</os>
144 |             <os>6</os>
145 |             <os>7</os>
146 |             <os>8</os>
147 |             <update_interval>1h</update_interval>
148 |           </provider>
149 |     
150 |           <!-- Windows OS vulnerabilities -->
151 |           <provider name="msu">
152 |             <enabled>yes</enabled>
153 |             <update_interval>1h</update_interval>
154 |           </provider>
155 |     
156 |           <!-- Aggregate vulnerabilities -->
157 |           <provider name="nvd">
158 |             <enabled>yes</enabled>
159 |             <update_from_year>2010</update_from_year>
160 |             <update_interval>1h</update_interval>
161 |           </provider>
162 |     
163 |       </vulnerability-detector>
164 |     
165 |       <!-- File integrity monitoring -->
166 |       <syscheck>
167 |         <disabled>no</disabled>
168 |     
169 |         <!-- Frequency that syscheck is executed default every 12 hours -->
170 |         <frequency>43200</frequency>
171 |     
172 |         <scan_on_start>yes</scan_on_start>
173 |     
174 |         <!-- Generate alert when new file detected -->
175 |         <alert_new_files>yes</alert_new_files>
176 |     
177 |         <!-- Don't ignore files that change more than 'frequency' times -->
178 |         <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
179 |     
180 |         <!-- Directories to check  (perform all possible verifications) -->
181 |         <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
182 |         <directories check_all="yes">/bin,/sbin,/boot</directories>
183 |     
184 |         <!-- Files/directories to ignore -->
185 |         <ignore>/etc/mtab</ignore>
186 |         <ignore>/etc/hosts.deny</ignore>
187 |         <ignore>/etc/mail/statistics</ignore>
188 |         <ignore>/etc/random-seed</ignore>
189 |         <ignore>/etc/random.seed</ignore>
190 |         <ignore>/etc/adjtime</ignore>
191 |         <ignore>/etc/httpd/logs</ignore>
192 |         <ignore>/etc/utmpx</ignore>
193 |         <ignore>/etc/wtmpx</ignore>
194 |         <ignore>/etc/cups/certs</ignore>
195 |         <ignore>/etc/dumpdates</ignore>
196 |         <ignore>/etc/svc/volatile</ignore>
197 |         <ignore>/sys/kernel/security</ignore>
198 |         <ignore>/sys/kernel/debug</ignore>
199 |     
200 |         <!-- Check the file, but never compute the diff -->
201 |         <nodiff>/etc/ssl/private.key</nodiff>
202 |     
203 |         <skip_nfs>yes</skip_nfs>
204 |     
205 |         <!-- Remove not monitored files -->
206 |         <remove_old_diff>yes</remove_old_diff>
207 |     
208 |         <!-- Allow the system to restart Auditd after installing the plugin -->
209 |         <restart_audit>yes</restart_audit>
210 |       </syscheck>
211 |     
212 |       <!-- Active response -->
213 |       <global>
214 |         <white_list>127.0.0.1</white_list>
215 |         <white_list>^localhost.localdomain$</white_list>
216 |         <white_list>10.66.0.2</white_list>
217 |       </global>
218 |     
219 |       <command>
220 |         <name>disable-account</name>
221 |         <executable>disable-account.sh</executable>
222 |         <expect>user</expect>
223 |         <timeout_allowed>yes</timeout_allowed>
224 |       </command>
225 |     
226 |       <command>
227 |         <name>restart-ossec</name>
228 |         <executable>restart-ossec.sh</executable>
229 |         <expect></expect>
230 |       </command>
231 |     
232 |       <command>
233 |         <name>firewall-drop</name>
234 |         <executable>firewall-drop.sh</executable>
235 |         <expect>srcip</expect>
236 |         <timeout_allowed>yes</timeout_allowed>
237 |       </command>
238 |     
239 |       <command>
240 |         <name>host-deny</name>
241 |         <executable>host-deny.sh</executable>
242 |         <expect>srcip</expect>
243 |         <timeout_allowed>yes</timeout_allowed>
244 |       </command>
245 |     
246 |       <command>
247 |         <name>route-null</name>
248 |         <executable>route-null.sh</executable>
249 |         <expect>srcip</expect>
250 |         <timeout_allowed>yes</timeout_allowed>
251 |       </command>
252 |     
253 |       <command>
254 |         <name>win_route-null</name>
255 |         <executable>route-null.cmd</executable>
256 |         <expect>srcip</expect>
257 |         <timeout_allowed>yes</timeout_allowed>
258 |       </command>
259 |     
260 |       <command>
261 |         <name>win_route-null-2012</name>
262 |         <executable>route-null-2012.cmd</executable>
263 |         <expect>srcip</expect>
264 |         <timeout_allowed>yes</timeout_allowed>
265 |       </command>
266 |     
267 |       <command>
268 |         <name>netsh</name>
269 |         <executable>netsh.cmd</executable>
270 |         <expect>srcip</expect>
271 |         <timeout_allowed>yes</timeout_allowed>
272 |       </command>
273 |     
274 |       <command>
275 |         <name>netsh-win-2016</name>
276 |         <executable>netsh-win-2016.cmd</executable>
277 |         <expect>srcip</expect>
278 |         <timeout_allowed>yes</timeout_allowed>
279 |       </command>
280 |     
281 |       <!--
282 |       <active-response>
283 |         active-response options here
284 |       </active-response>
285 |       -->
286 |     
287 |       <!-- Log analysis -->
288 |       <localfile>
289 |         <log_format>command</log_format>
290 |         <command>df -P</command>
291 |         <frequency>360</frequency>
292 |       </localfile>
293 |     
294 |       <localfile>
295 |         <log_format>full_command</log_format>
296 |         <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
297 |         <alias>netstat listening ports</alias>
298 |         <frequency>360</frequency>
299 |       </localfile>
300 |     
301 |       <localfile>
302 |         <log_format>full_command</log_format>
303 |         <command>last -n 20</command>
304 |         <frequency>360</frequency>
305 |       </localfile>
306 |     
307 |       <ruleset>
308 |         <!-- Default ruleset -->
309 |         <decoder_dir>ruleset/decoders</decoder_dir>
310 |         <rule_dir>ruleset/rules</rule_dir>
311 |         <rule_exclude>0215-policy_rules.xml</rule_exclude>
312 |         <list>etc/lists/audit-keys</list>
313 |         <list>etc/lists/amazon/aws-sources</list>
314 |         <list>etc/lists/amazon/aws-eventnames</list>
315 |     
316 |         <!-- User-defined ruleset -->
317 |         <decoder_dir>etc/decoders</decoder_dir>
318 |         <rule_dir>etc/rules</rule_dir>
319 |       </ruleset>
320 |     
321 |       <!-- Configuration for ossec-authd
322 |         To enable this service, run:
323 |         ossec-control enable auth
324 |       -->
325 |       <auth>
326 |         <disabled>no</disabled>
327 |         <port>1515</port>
328 |         <use_source_ip>no</use_source_ip>
329 |         <force_insert>no</force_insert>
330 |         <force_time>0</force_time>
331 |         <purge>no</purge>
332 |         <use_password>no</use_password>
333 |         <limit_maxagents>yes</limit_maxagents>
334 |         <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
335 |         <!-- <ssl_agent_ca></ssl_agent_ca> -->
336 |         <ssl_verify_host>no</ssl_verify_host>
337 |         <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
338 |         <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
339 |         <ssl_auto_negotiate>no</ssl_auto_negotiate>
340 |       </auth>
341 |     
342 |       <cluster>
343 |         <name>wazuh</name>
344 |         <node_name>wazuh-manager-worker</node_name>
345 |         <node_type>worker</node_type>
346 |         <key>123a45bc67def891gh23i45jk67l8mn9</key>
347 |         <port>1516</port>
348 |         <bind_addr>0.0.0.0</bind_addr>
349 |         <nodes>
350 |             <node>wazuh-manager-master-0.wazuh-cluster.track</node>
351 |         </nodes>
352 |         <hidden>no</hidden>
353 |         <disabled>no</disabled>
354 |       </cluster>
355 |     </ossec_config>
356 |     
357 |     <ossec_config>
358 |       <localfile>
359 |         <log_format>syslog</log_format>
360 |         <location>/var/ossec/logs/active-responses.log</location>
361 |       </localfile>
362 |     
363 |       <localfile>
364 |         <log_format>syslog</log_format>
365 |         <location>/var/log/syslog</location>
366 |       </localfile>
367 |     
368 |       <localfile>
369 |         <log_format>syslog</log_format>
370 |         <location>/var/log/dpkg.log</location>
371 |       </localfile>
372 |     </ossec_config>
373 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/daemonset/wazuh-agent.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.agent.deployment.enabled -}}
 2 | apiVersion: apps/v1
 3 | kind: DaemonSet
 4 | metadata:
 5 |   name: {{ include "appIdentifier" .Values.identifier }}-agent-daemonset
 6 |   labels:
 7 | {{ include "labels" $ | indent 4 }}
 8 |     appComponent: Wazuh-Agent-DaemonSet
 9 |   annotations:
10 | {{ include "annotations" $ | indent 4 }}
11 |     appComponent: Wazuh-Agent-DaemonSet
12 | spec:
13 |   selector:
14 |     matchLabels:
15 |       name: {{ include "appIdentifier" .Values.identifier }}-agent-daemonset
16 |       labels:
17 | {{ include "labels" $ | indent 8 }}
18 |         appComponent: Wazuh-Agent-DaemonSet
19 |       annotations:
20 | {{ include "annotations" $ | indent 8 }}
21 |         appComponent: Wazuh-Agent-DaemonSet
22 |   template:
23 |     metadata:
24 |       labels:
25 |         name: {{ include "appIdentifier" .Values.identifier }}-agent-daemonset
26 | {{ include "labels" $ | indent 8 }}
27 |         appComponent: Wazuh-Agent-DaemonSet
28 |       annotations:
29 | {{ include "annotations" $ | indent 8 }}
30 |         appComponent: Wazuh-Agent-DaemonSet
31 |     spec:
32 |       tolerations:
33 |         - key: node-role.kubernetes.io/master
34 |           effect: NoSchedule
35 | {{- if .Values.agent.image.imagePullSecrets.enabled -}}
36 |       imagePullSecrets:
37 |         - name: {{ .Values.agent.image.imagePullSecrets.name | quote }}
38 | {{- end -}}
39 |       containers:
40 |         - name: wazuh-agent
41 |           image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}"
42 |           env:
43 |             - name: NODE_NAME
44 |               valueFrom:
45 |                 fieldRef:
46 |                   fieldPath: spec.nodeName
47 |             - name: W_MANAGER
48 |               value: {{ .Values.agent.env.W_MANAGER | quote }}
49 |           resources:
50 | {{toYaml .Values.agent.image.resources | indent 12 }}
51 |           volumeMounts:
52 |             - name: varlog
53 |               mountPath: /var/log
54 |             - name: ossec-conf
55 |               mountPath: /var/ossec/etc/ossec.conf
56 |               subPath: ossec.conf
57 |             - name: wazuh-authd-pass
58 |               mountPath: /var/ossec/etc/authd.pass
59 |               subPath: authd.pass
60 |               readOnly: true
61 |             - name: dockersock
62 |               mountPath: "/var/run/docker.sock"
63 |       terminationGracePeriodSeconds: 1
64 |       volumes:
65 |         - name: varlog
66 |           hostPath:
67 |             path: /var/log
68 |         - name: ossec-conf
69 |           configMap:
70 |             name: ossec-conf
71 |         - name: wazuh-authd-pass
72 |           secret:
73 |             secretName: wazuh-authd-pass
74 |         - name: dockersock
75 |           hostPath:
76 |             path: /var/run/docker.sock
77 |       serviceAccount: wazuh-agent
78 |       serviceAccountName: wazuh-agent
79 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/deployment/kibana.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.kibana.deployment.enabled }}
 2 | apiVersion: apps/v1
 3 | kind: Deployment
 4 | metadata:
 5 |   name: {{ include "wazuh.kibana.fullname" . }}-dpl
 6 |   labels:
 7 | {{ include "labels" $ | indent 4 }}
 8 |     appComponent: Kibana-Deployment
 9 |   annotations:
10 | {{ include "annotations" $ | indent 4 }}
11 |     appComponent: Kibana-Deployment
12 | spec:
13 |   replicas: {{ .Values.kibana.replicas }}
14 |   selector:
15 |     matchLabels:
16 | {{ include "labels" $ | indent 6 }}
17 |     role: kibana
18 |   serviceName: {{ include "appIdentifier" .Values.identifier }}-kibana-svc
19 |   template:
20 |     metadata:
21 |       labels:
22 | {{ include "labels" $ | indent 8 }}
23 |         appComponent: Kibana-Pod
24 |         app: {{ include "appIdentifier" .Values.identifier }}-kibana-dpl
25 |       annotations:
26 |         appComponent: Kibana-Pod
27 |       name: {{ include "appIdentifier" .Values.identifier }}-kibana-dpl
28 |     spec:
29 |       volumes:
30 |         - name: kibana-certs
31 |           secret:
32 |             secretName: kibana-certs
33 |       containers:
34 |         - name: odfe-kibana-w-wazuh
35 |           image: "{{ .Values.kibana.images.repository }}:{{ .Values.kibana.images.tag }}"
36 |           resources:
37 | {{ toYaml .Values.kibana.images.resources | indent 12 }}
38 |           volumeMounts:
39 |             - name: kibana-certs
40 |               mountPath: /usr/share/kibana/config/cert.pem
41 |               readOnly: true
42 |               subPath: cert.pem
43 |             - name: kibana-certs
44 |               mountPath: /usr/share/kibana/config/key.pem
45 |               readOnly: true
46 |               subPath: key.pem
47 |           ports:
48 |             - containerPort: {{ .Values.kibana.service.httpPort }}
49 |               name: kibana
50 |           env:
51 |             - name: ELASTICSEARCH_URL
52 |               value: {{ .Values.kibana.env.ELASTICSEARCH_URL | quote }}
53 |             - name: ELASTICSEARCH_USERNAME
54 |               valueFrom:
55 |                 secretKeyRef:
56 |                   name: elastic-cred
57 |                   key: username
58 |             - name: ELASTICSEARCH_PASSWORD
59 |               valueFrom:
60 |                 secretKeyRef:
61 |                   name: elastic-cred
62 |                   key: password
63 |             - name: SERVER_SSL_ENABLED
64 |               value: {{ .Values.kibana.enable_ssl | quote }}
65 |             - name: SERVER_SSL_CERTIFICATE
66 |               value: /usr/share/kibana/config/cert.pem
67 |             - name: SERVER_SSL_KEY
68 |               value: /usr/share/kibana/config/key.pem
69 |             - name: WAZUH_API_URL
70 |               value: {{ .Values.kibana.env.WAZUH_API_URL | quote }}
71 |             - name: API_USERNAME
72 |               valueFrom:
73 |                 secretKeyRef:
74 |                   name: wazuh-api-cred
75 |                   key: username
76 |             - name: API_PASSWORD
77 |               valueFrom:
78 |                 secretKeyRef:
79 |                   name: wazuh-api-cred
80 |                   key: password
81 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/rbac/wazuh-agent.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.agent.deployment.enabled }}
 2 | {{- if .Values.agent.rbac.create -}}
 3 | apiVersion: rbac.authorization.k8s.io/v1
 4 | kind: Role
 5 | metadata:
 6 |   name: {{ include "appIdentifier" .Values.identifier }}
 7 |   labels:
 8 | {{ include "labels" $ | indent 4 }}
 9 |     appComponent: ClusterRole
10 |   annotations:
11 | {{ include "annotations" $ | indent 4 }}
12 |     appComponent: ClusterRole
13 | rules:
14 |   - apiGroups: [""]
15 |     resources: ["secrets"]
16 |     verbs: ["get", "create", "update"]
17 | {{- end -}}
18 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/rolebinding/wazuh-agent.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.agent.deployment.enabled -}}
 2 |   {{- if .Values.agent.rbac.create -}}
 3 | apiVersion: rbac.authorization.k8s.io/v1
 4 | kind: RoleBinding
 5 | metadata:
 6 |   name: {{ include "appIdentifier" .Values.identifier }}
 7 |   labels:
 8 | {{ include "labels" $ | indent 4 }}
 9 |     appComponent: ClusterRoleBinding
10 |   annotations:
11 | {{ include "annotations" $ | indent 4 }}
12 |     appComponent: ClusterRoleBinding
13 | roleRef:
14 |   apiGroup: rbac.authorization.k8s.io
15 |   kind: Role
16 |   name: {{ include "appIdentifier" .Values.identifier }}
17 | subjects:
18 |   - kind: ServiceAccount
19 |     name: {{ include "appIdentifier" .Values.identifier }}
20 |     namespace: {{ .Release.Namespace | quote }}
21 |   {{- end -}}
22 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/secrets/elastic-cred.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.wazuh.deployment.enabled -}}
 2 | # Wazuh API credentials secret
 3 | apiVersion: v1
 4 | kind: Secret
 5 | metadata:
 6 |   name: elastic-cred
 7 | data:
 8 |   username: YWRtaW4= # string "admin" base64 encoded
 9 |   password: U2VjcmV0UGFzc3dvcmQ= # string "SecretPassword" base64 encoded
10 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/secrets/kibana-certs.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.democerts.enabled -}}
 2 | apiVersion: v1
 3 | kind: Secret
 4 | metadata:
 5 |   name: kibana-certs
 6 | type: Opaque
 7 | stringData:
 8 |   cert.pem: |-
 9 |     -----BEGIN CERTIFICATE-----
10 |     MIIDazCCAlOgAwIBAgIUJ0sAGwgx5sX4YtjQZVGEBOHx5ZAwDQYJKoZIhvcNAQEL
11 |     BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
12 |     GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTAyMDExMDUwNThaFw0yMjAy
13 |     MDExMDUwNThaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
14 |     HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
15 |     AQUAA4IBDwAwggEKAoIBAQC1P7gpmeZSyPbAQWBMAIs/9QvVRWt4kDGKgpHErhYZ
16 |     e1+sm/349n5Y95CxvpxYk+L507yq5JcoSK8n/n2gREQuQnmfWswIX7j3AA2gfM4Z
17 |     0v8FEcF8BS7XVhkaDFLZ5RvQRcwuEr9YPmfGODSl5IrD8mgbXOywl2onFYeWuaRF
18 |     f7KNkWqWyJywEaNbCG2X30Jxxfsc6g4K2k0wRZJTuQ32S03BDD7RPTIcLScHqagq
19 |     o2Pn7QB87UqB9b+9YCXYGyS25CprLEKOt1gh1/kVWEQVNf/ZPPGrKNLYCDZVsCB5
20 |     wAy0ylEvBAEJg8tRi1l+OtNTjMGR/MN1Ko/BuKqFk8k7AgMBAAGjUzBRMB0GA1Ud
21 |     DgQWBBT4ir9GCnVhjNmAVjN2n8qIiAptMzAfBgNVHSMEGDAWgBT4ir9GCnVhjNmA
22 |     VjN2n8qIiAptMzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCY
23 |     sGWPS2r/qqHlYWOV/BOv4HZ1ULl+X8jnJCBqKI2Iy8Ypkc6PXH/E+h2NFx2sl8Y0
24 |     wUO1hxvX8YVcliRk5SYGk97q4cmvgVLWK3PnsFsIst+CMicqS5w+ZsG2weeeuLJm
25 |     JwS13IOwB1VYNH7FIDUk0fsWAO9rirYpgB22Oh8jYsNHjpeZ5lPSWWQbjYaMx1fw
26 |     VawatnmkqxrJKZAXE4HdrG9GRAwtW2za5wo0QQVfIRCdZsP16giBosoi+cBO84EW
27 |     /QXmbhZJY0Zk1kfTMoe2F1m+42cQkeQg1ZmZAOAXLtfP7Tq4SoAPgRT98+4b/TZR
28 |     C7IoIPr5uNW5PnfFx603
29 |     -----END CERTIFICATE-----
30 | 
31 |   key.pemm: |-
32 |     -----BEGIN PRIVATE KEY-----
33 |     MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC1P7gpmeZSyPbA
34 |     QWBMAIs/9QvVRWt4kDGKgpHErhYZe1+sm/349n5Y95CxvpxYk+L507yq5JcoSK8n
35 |     /n2gREQuQnmfWswIX7j3AA2gfM4Z0v8FEcF8BS7XVhkaDFLZ5RvQRcwuEr9YPmfG
36 |     ODSl5IrD8mgbXOywl2onFYeWuaRFf7KNkWqWyJywEaNbCG2X30Jxxfsc6g4K2k0w
37 |     RZJTuQ32S03BDD7RPTIcLScHqagqo2Pn7QB87UqB9b+9YCXYGyS25CprLEKOt1gh
38 |     1/kVWEQVNf/ZPPGrKNLYCDZVsCB5wAy0ylEvBAEJg8tRi1l+OtNTjMGR/MN1Ko/B
39 |     uKqFk8k7AgMBAAECggEAVXWu6waiwAP7vJjWw985yTVMmAm8a8NpaIq6GoeO6gLv
40 |     EJ8YuCvZVS+drQFYDLfmPK+mdNmFoDvtQqlPKKMnlrxHRmj0bTpdJzGCO1q9fxWq
41 |     owRFO6nh9Symd066Pf02CRTv+gVi7UO3gJH92P6So2OHzOcavwUVy0nufZYYq5+H
42 |     3Jo4sH9AYZmWu6lm86Idp5BmrtJC8hfocLK/b2QWyIFWbZ97lf/XLWkCV+a5J2Io
43 |     6KNnQtHz1AsDzBbWPQhumvjF78sNKQapziks8rJvuqmOEA1eMnMVKBgRcu6qRQRj
44 |     DnS49/u2DTBKJ1mUhgIU5WhA2D7tNcmg8e3oIVd9QQKBgQDktlkl7HSZOWH3FZ2L
45 |     2/KgxCsIoNx5dR8qbNrxUppM3TwxnwW/NstuxfUg+bcod24eUWLrLk/8gj3613IX
46 |     Ya7JqXq8gndafeut/PdyV3kc++XX//0/udPzuSn3sRY/w8hiNgE38cVlvH6NsJiR
47 |     Tdk3DjZYL/n/XiZBO1EJKl7coQKBgQDK3613iN4TepSHs4JnnJVcKlYopZ3wrDVH
48 |     Qop7V3+dj4bUfzob+lnLYQUzPS9ff0lRZSk6zywCK7Og0XY+NzTxiZGeSTJThgPE
49 |     0DnZYX7/wT8M5v9fO0bfvY5pGeR0D9t7P/t/g5uPBibfgMHFlTDMf9EWNd1O0QwO
50 |     Eznwz6HcWwKBgQDHWVU84+wBfe2wsut+czj4/eNQgv2I9Bg1H2p6u3f4lUEZMzWM
51 |     JFOO+wadNmt53xdhX6jrupNHUbJ6SH2Oebsi1RFA7Crh+i2JmpuH00yigcEl01/G
52 |     ws9GeVdmKLlu3NR1HgNT4u0ervxTveBNjmBNR5sApNivyD1p0Czi40aJ4QKBgGZE
53 |     nYBtiW2OVIOX1Tv/7jcYzHgPDPA/D1iNzZthv14g9Rn3zMY/zLY+gU2UIWZllwMm
54 |     GMOhnhC2EQYXsSCp2dGMxNBjG7CJFStIwHC5ujiZJPyPEdri2dZ+CuUmfUiYmc6m
55 |     sVRVdryBoGT41jWRAJmGMVOd8aMCtK3/uSyQroqTAoGBANt4CQhvjwfOVqNjPVVE
56 |     OBrQtpmFHs67C3Uq5FyBB84YrJe0Tfv83XMVdOXdQ0Uvb8/Ux38Dr7IW8DarE/ir
57 |     pSt78qd+FoKWGF6yBnBXxk0tEU5+U5pdCeRgCoBS7vAzJYqleBLq9zUI56I2ilYS
58 |     weJqyC8tTSAoNiAE9jhi8pBM
59 |     -----END PRIVATE KEY-----
60 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/secrets/odfe-ssl-certs.yaml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.democerts.enabled -}}
  2 | apiVersion: v1
  3 | kind: Secret
  4 | metadata:
  5 |   name: odfe-ssl-certs
  6 | type: Opaque
  7 | stringData:
  8 |   root-ca.pem: |-
  9 |     -----BEGIN CERTIFICATE-----
 10 |     MIIDbTCCAlWgAwIBAgIUNR8tmOaVGzuLYk1CZB+T/vZ7ejEwDQYJKoZIhvcNAQEL
 11 |     BQAwRjELMAkGA1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExEDAOBgNVBAoM
 12 |     B0NvbXBhbnkxEDAOBgNVBAMMB3Jvb3QtY2EwHhcNMjEwMjAxMTA1MTA3WhcNMzEw
 13 |     MTMwMTA1MTA3WjBGMQswCQYDVQQGEwJVUzETMBEGA1UEBwwKQ2FsaWZvcm5pYTEQ
 14 |     MA4GA1UECgwHQ29tcGFueTEQMA4GA1UEAwwHcm9vdC1jYTCCASIwDQYJKoZIhvcN
 15 |     AQEBBQADggEPADCCAQoCggEBAKCZptDosP0kWvGo3xHDZe/whD46mrhTsUbTBqGS
 16 |     5eO4o1FaHF22hxJkWZgjsgVPla1dBUPrGS/Kjvw4CaOg7SJKdaVEFPxR5xjXY7LH
 17 |     MWhHuXWFj2aj6sGVj0umddgzfV9vNIMAb2oF0OQJLpdLrflN/ZkirwP/rIAGp8D0
 18 |     xv8+NflL3LmNd1ZFNPJADkF712Iu236pw+7hl/Pq3aB1Jgec86vI2+Kw5AmAy1Ds
 19 |     o3jlJhgtw9y68pq7x4wP95/gn165vkYPuDtVHJFy9k3L9+7dGrjpLwE22uzh6VYk
 20 |     VhpU843gCiBYD/dJpI2n4lIWo9Fho+nAPESgoTrbiOU3dVMCAwEAAaNTMFEwHQYD
 21 |     VR0OBBYEFAN2WpAxE/G/T31fqWZAeaEZayUMMB8GA1UdIwQYMBaAFAN2WpAxE/G/
 22 |     T31fqWZAeaEZayUMMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
 23 |     AA5okDJn6RZmNnCFvgmQUslddHssWzxA8LnCeyR5aLwjY/KJ6LUgVEB6/gdKqb8j
 24 |     KVFMLS8aD8ejOVS7FGpQujSnf2oheJW0HRVYR+4AEhOZzQl3QgYtzc48fYkJo9lP
 25 |     OSl/w91LwoqhlJ6tSancSHDtQmm/rBD3pdOO+fr1DvDiPOTpmAdfpAXcwQpgSaxe
 26 |     dKooAjpDEe+JHE4jRqY8Z+6EjagVQj1nnUmNQltlv0st6nFF4vAwv1DyDk+8HFFP
 27 |     1EvgRVPLMdJXNZdSkoE6U9yQ6ohQwaFyeS3iAsMtsfSxaFk5w97RoC1SY+a/4cuW
 28 |     oa8dT0fBROmGNfNtuE8+uUw=
 29 |     -----END CERTIFICATE-----
 30 | 
 31 |   node.pem: |-
 32 |     -----BEGIN CERTIFICATE-----
 33 |     MIIDGzCCAgMCFAQdeKWu5MeY4tKFNJPsKghLzmbtMA0GCSqGSIb3DQEBCwUAMEYx
 34 |     CzAJBgNVBAYTAlVTMRMwEQYDVQQHDApDYWxpZm9ybmlhMRAwDgYDVQQKDAdDb21w
 35 |     YW55MRAwDgYDVQQDDAdyb290LWNhMB4XDTIxMDIwMTEwNTEwN1oXDTMxMDEzMDEw
 36 |     NTEwN1owTjELMAkGA1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExEDAOBgNV
 37 |     BAoMB0NvbXBhbnkxGDAWBgNVBAMMDyouZWxhc3RpY3NlYXJjaDCCASIwDQYJKoZI
 38 |     hvcNAQEBBQADggEPADCCAQoCggEBALp8deNDLGz361xTWe8LJboXZK8axLt6HyMn
 39 |     1CPZsFQ8At8hcisz0cBXr8g5LG2DXrvr9kxUTMeYM67zlS6ZVw+Vg+NUVJnTKXB4
 40 |     JVQs0UbVx71V59ROc2wlBvHjtVMkG5RD8v/cQU8vqSOeV+W6C1ONzvlrweunlkcf
 41 |     X2dls7aaaz2o6Wf6vJlPFU5jGWnn1IzA92XT1wP/BCHidUw4n8MFCQpJxFOB/Spe
 42 |     cfjnqW2/HRmchmtWcHMYGbrMd7YorREOvP8fZ9TrNGZpN2iAtkp8lT9wz0s7KWZn
 43 |     YRe5mdcqwJQMdxaLIzoeWrmu4WCD5n2RGL9eJ101qjRz0te3EzcCAwEAATANBgkq
 44 |     hkiG9w0BAQsFAAOCAQEAYW3oYoG/A+iE+ckRtlv5PyFm5yLzew6HFcX2OhJY/BCk
 45 |     Kjpg/ZvrUmxZefWEtJZiuji8YDYFDfDW1Y79OEYgANbsntBySZsHYVMQtqkuitnd
 46 |     0DLr3BzeVgK5krjhJiLS83zxVBKrqsw0maqBOHsHJSM60GPXRMTjAaErr2B5Z5/L
 47 |     DpC3wBZ1O/Vvq+r+bDlr4PTIy3T3rYZxXGv1iiZbElyYwYU/WqI3b6yJ0v11CZ7d
 48 |     Z19isD0xpT3vTNqJKehucBXuaLQpthczPTVsZR7QGj1RV5pYYRrjckQY0ybDs3Ri
 49 |     MoxKIjX2sdE3cTQkVGY3v42Gl7SO3tIgkG6ww0wP2g==
 50 |     -----END CERTIFICATE-----
 51 | 
 52 |   node-key.pem: |-
 53 |     -----BEGIN PRIVATE KEY-----
 54 |     MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6fHXjQyxs9+tc
 55 |     U1nvCyW6F2SvGsS7eh8jJ9Qj2bBUPALfIXIrM9HAV6/IOSxtg1676/ZMVEzHmDOu
 56 |     85UumVcPlYPjVFSZ0ylweCVULNFG1ce9VefUTnNsJQbx47VTJBuUQ/L/3EFPL6kj
 57 |     nlflugtTjc75a8Hrp5ZHH19nZbO2mms9qOln+ryZTxVOYxlp59SMwPdl09cD/wQh
 58 |     4nVMOJ/DBQkKScRTgf0qXnH456ltvx0ZnIZrVnBzGBm6zHe2KK0RDrz/H2fU6zRm
 59 |     aTdogLZKfJU/cM9LOylmZ2EXuZnXKsCUDHcWiyM6Hlq5ruFgg+Z9kRi/XiddNao0
 60 |     c9LXtxM3AgMBAAECggEAWN73T1az1TpQ767JLSIi2IxNbyVSnAWW0Sop7uvPHFV9
 61 |     CNjnj68iRoeDPegBRC9W9jd9KOMDtBrUhouOjKaG1uZp8+w8ZRI8rVyUbYjuMtOu
 62 |     XIyT7pl0aBU9OglKYFTUz9OR+lz8wr/z2wWa3d/LhgYOnM69m5BCDaLl1GCjRGGC
 63 |     F/MJbakYK2i6dSQtSPIM6QfCrS3XVnvJl6f7VZHOqhGtzYtElB+BTbWK1UApfuUc
 64 |     CFuD4shw+5TtNWDGErKOqFWUrJ4cKEe7zToJjLG4JqL9zJp0vlFfLVEPBNUy1j/3
 65 |     otE2IbEYMoNjNzHTm/aWe7LJtk/mNGwdqrLeuncQAQKBgQDoExJpvFw/EwYVJe7g
 66 |     tyOZUwYVd6jm9IP1u2Co+9KrbtdvHupRTPGqX1SmiDgitOTJCSpxQKhyMNIPwx6b
 67 |     +ifcCQG2t4e4cgaCkEHFKgStdlzv5pScWx9Gc4HC5ufVJHu64dgLIsuAHeAHwW0i
 68 |     ChTvHcjn2zy2aTnzgCp8vjNUywKBgQDNtjfMhGKjps1pWxaP71y1O6iwL1gD9Z53
 69 |     KLk/vnRYjzET5JwnOjPR5d4NczfuEvZvfq3JHXa/zLeKaFn2EQwViEdHT5HXujSp
 70 |     RXNTPPMTpTZt4AFvEA8N+diIgMjrKVlmdc3sDzr3RwijRsXbByMDBwzeMY9fFOHc
 71 |     Sai8Be0ZxQKBgQC5Z/M/8jIoWgR0BNgxQ173cXLc17piuVpriYWRu431VBpdNm+x
 72 |     AC3aFUtFuHJQmABn9CCqViO9Bu/rk9DygAo0KiXqWfneC4rT6HgDEqymAHgDWU3F
 73 |     FK+J02IJ2fvBNuJ6zU+Spfu6oSOITqnnlfJfjoYhZe+9M5gOx4gqHLJZvQKBgBF1
 74 |     V4L58U0mSOSaIG4SyHFxIL3jJrsfS1WdlSs9xK4HaQjhLAeAPwmfUpsdni+MWHHZ
 75 |     9HHPGFbqzuDmPkxN4hKpwDLjI+OFIBcFl+YGlDKkoNvuWPDOEhkDjUb4dxTOK5Iw
 76 |     iUtxd3WpB6ijxwLxthz5qjPpTNuq8Ag8EB/0+MxpAoGATL4NMbZIiJfQUQyuN8+o
 77 |     rZ3jKZULTVhSe8I1wcD+tiPBLpohY4WQz0kiZ4zpEK+1xqEeBkZ3SGxpnSdwIo1u
 78 |     2uyqcO9+Z+NNn22pxLt5+KvPeWfp1S9tHdvszv6GYMAL0mgEy0Qs8BsVWfqrpyZh
 79 |     aF0BpH3AO9UYZD1AozyaKZs=
 80 |     -----END PRIVATE KEY-----
 81 | 
 82 |   kibana.pem: |-
 83 |     -----BEGIN CERTIFICATE-----
 84 |     MIIDEjCCAfoCFAQdeKWu5MeY4tKFNJPsKghLzmbuMA0GCSqGSIb3DQEBCwUAMEYx
 85 |     CzAJBgNVBAYTAlVTMRMwEQYDVQQHDApDYWxpZm9ybmlhMRAwDgYDVQQKDAdDb21w
 86 |     YW55MRAwDgYDVQQDDAdyb290LWNhMB4XDTIxMDIwMTEwNTEwOFoXDTMxMDEzMDEw
 87 |     NTEwOFowRTELMAkGA1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExEDAOBgNV
 88 |     BAoMB0NvbXBhbnkxDzANBgNVBAMMBmtpYmFuYTCCASIwDQYJKoZIhvcNAQEBBQAD
 89 |     ggEPADCCAQoCggEBAKft0fkqtDYfdiMomV2vRcaMKVcfsaU6UF/r3Lqzs5IQU7BY
 90 |     XRxCwRYEvhgBH4qOGxeXhKXjWo/HEnWbMxRc2xHCmk7jgG28VVeFTpDNa9UjzZzz
 91 |     wXR1GRUQwttCwmAAkCTcsdl7k/1etvOwd12Bqj8zguCQ4AyCQLdEqVustLRBjuPx
 92 |     uZIFlAjGqXfi50e0a153FOfU4CnWfSsWYvK/2Yo2xD9qCzOJ0GuozNrOWYTlgzB7
 93 |     fceqwDsSPBHzVNicJECQjlFY49oxiGWHPyTGesMvTUItOJFTfrw/xqmoSDp6wcyS
 94 |     gydVyJGwRVRZM7ST2anTSYOWXHZQjB6CddiSkvECAwEAATANBgkqhkiG9w0BAQsF
 95 |     AAOCAQEAO7HoCkNnD5EgOqA50YNAhcBX1Kv84PJ3bWQNjw9HqH6KwyDI5tb7ZeMY
 96 |     IiWkzoEy5snMCcwoYC3lE/Sty7kd+A1xV9Q7afQkfP267mvBfeJeclDUH9D4cnRZ
 97 |     HrAYfR7zYLzWXIqR9/VQeDrRd0xj1jUtxox2XfXYu37Co83/Tq6ixB3TgjbZWie0
 98 |     S8LByfwyjQBbee2oHMUHbMGS3ZOx7kuhsJdnHvT+K7w3SSu8PyifaiOeNvX3MfEs
 99 |     21WNIrvpWN8J18u1O2tCgakJh43FyGiddCTS4WPkyo8texfkOff6WlIZRBsRhouQ
100 |     zFvw7GMnoRvWZd+7x3Os6GTSZ5KcwA==
101 |     -----END CERTIFICATE-----
102 | 
103 |   kibana-key.pem: |-
104 |     -----BEGIN PRIVATE KEY-----
105 |     MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCn7dH5KrQ2H3Yj
106 |     KJldr0XGjClXH7GlOlBf69y6s7OSEFOwWF0cQsEWBL4YAR+KjhsXl4Sl41qPxxJ1
107 |     mzMUXNsRwppO44BtvFVXhU6QzWvVI82c88F0dRkVEMLbQsJgAJAk3LHZe5P9Xrbz
108 |     sHddgao/M4LgkOAMgkC3RKlbrLS0QY7j8bmSBZQIxql34udHtGtedxTn1OAp1n0r
109 |     FmLyv9mKNsQ/agszidBrqMzazlmE5YMwe33HqsA7EjwR81TYnCRAkI5RWOPaMYhl
110 |     hz8kxnrDL01CLTiRU368P8apqEg6esHMkoMnVciRsEVUWTO0k9mp00mDllx2UIwe
111 |     gnXYkpLxAgMBAAECggEAA4ALflwLgY1KUxVHjRJYK/lD61L3yu/aOQWbhjC0r3iz
112 |     pdtRpYMmryTOKYXseGDZ47X+x85jVtfZZKYlfGkrD8W0naxUQvVH+hkHODFv6/Nh
113 |     F8Jk596A9VVyGkvb7VBVsM8Azf2raf6NZarp8gL/321dbvzWDqywWKGPvh9tbMxg
114 |     Wvs/y8xUzyifFHH8w78Tn5NJ3T8ND9qFDd4mfPrsGeC2aCEN4i3ACpuoczQFwpYg
115 |     b8y2ZgbA1BJegf1NcOsYSo9zSus6to7XQuriusQEpGYKaC8ZEfnAwe7ZyKuydYGz
116 |     iNoW1hFcU8KvoQhgpTvivCCQyeQlXcW41afXTOwHoQKBgQDc0g8D0ITs/g59yP+l
117 |     H4ViYcN6m5ulz219rzyS4Mi1yEmcL3GuYM0QTErlgYeHJdboE+aMbVZyFAiSUiKL
118 |     4+t19/PXC5fP6d/5IMf9NcHDryMJiM1DIJRiwQ3l0R/HaSEn+ymc7WZYHmVNnHps
119 |     +nfleS9/QROrFRF3d0soCVdBTQKBgQDCrqIYguJdrF9LV7rtH5e6J0KDVWwlMaIs
120 |     w5cHVMsVXVKttt1flzXGbWKT+lwBe/BtxcihYNw0IrC5DLBIWipFBlFnvfj+nTFb
121 |     9sHyia1+ZyEac8BtLj/osK3+678DxzMspICSPOWet7HIK1AIBJkmCco5fq5PkWTS
122 |     zVIckMNGNQKBgFa4wGDVIX8Zf4NyzsOAj5fFoUmjlwsVXYDAs19TnD+X+yC1mUXM
123 |     inxeGgPsTNeMysu2FRMNVafTqlIco6igyDY6PK81xFdJGEb00tXkqMY7H918tnAo
124 |     eV4XR2f8KyjbZsQW5Y7VxR3SQiKq04G9FB0w7LBjVGAaFBQA66k7keL5AoGBAMGM
125 |     IqUhwnEEhLz/3FwQU6UDkRHG5DxaCvRcA5OLTlfQLvl7WrzFNPYwG5goiD4FfPN1
126 |     ddBS3rmKX42purxDv9BdxqLP8HMZzk+ylAFPtUd8uiF1QLKLD4iD1ogg0gesjAjv
127 |     Bs/ccSCJWds6jFdcUvHJO95LPnrmfolBDUhO94SdAoGADB1Um8cLTdXMXce488g4
128 |     cnlIk6sHgpHY7Vl++US9HDKRuImgORzbRGrmYn79A0Qt4oDSd5x6cZsBaGX8zQSc
129 |     y9OCoEWseBSxN49eN9LlFPRxfdQhjpohOPM3gE90oL0pOMmamvajqnN3eRtgdoKg
130 |     kLIDWW09JuxHDIfRj0O5+z8=
131 |     -----END PRIVATE KEY-----
132 | 
133 |   admin.pem: |-
134 |     -----BEGIN CERTIFICATE-----
135 |     MIIDEzCCAfsCFAQdeKWu5MeY4tKFNJPsKghLzmbsMA0GCSqGSIb3DQEBCwUAMEYx
136 |     CzAJBgNVBAYTAlVTMRMwEQYDVQQHDApDYWxpZm9ybmlhMRAwDgYDVQQKDAdDb21w
137 |     YW55MRAwDgYDVQQDDAdyb290LWNhMB4XDTIxMDIwMTEwNTEwN1oXDTMxMDEzMDEw
138 |     NTEwN1owRjELMAkGA1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExEjAQBgNV
139 |     BAoMCUNvbXBhbnlVUzEOMAwGA1UEAwwFYWRtaW4wggEiMA0GCSqGSIb3DQEBAQUA
140 |     A4IBDwAwggEKAoIBAQDMTg4Yi7B4J4phk/cA709dZPmlktM5tgUuK8wj6L4M0Zf4
141 |     fUL3aWcw39565Xyz68P0AIHlJZAL4sdtkWYkm2q37AOB8F2XYkl/hWCVHi9VuSGw
142 |     KadpI1pq5AQN7SmoD2MrNTSzuLHrQitroZKmT1uoHjVIDuXcbJBWpNx8IBgfisXi
143 |     ldUoNVOaKWsg3orJ7HMQ0Gduqj4FtOIjkGaYPy3QfLxLlxB/mdde3t7BlXZpckTT
144 |     A+hfEBJYjgYePZARLcxWHP4Fj8d1hjRdT+9CRfASscN+E3685yABaL+JtQJwH5gZ
145 |     XUvlh2J+k+4ENbj5R32qmAABs2obh2bDlAyLpAGXAgMBAAEwDQYJKoZIhvcNAQEL
146 |     BQADggEBAAUHQMXUFbf8c03V//2qU0kt7xfZ46vzaXuU3/+7l2+/XHlbBdBwNvc6
147 |     aW7fTJaBvSS9jJIdBMlYZaVhbEPIiIuDhE+mXZilXnJ+1kNTKyY49hcJKbc+OhZK
148 |     7NJ3vzw3Gou6eCh8M40x55InF4nLqKfLwdqJ0nkwQ76NRRv81yPRw7T48H5iN4Nz
149 |     u/HSFKYR29syi9Iv0SuViBqC/ZVd1M3ETd0saFXg2/0weU9MviyweYStUh4+g+5W
150 |     TtbA3m9eA+IoD9m9S1wKzF6zJqJJNaQxMa7unr9qHIuUWmT0bpKMxQxvGi6eIpqx
151 |     hD/AlBGrPRRoWIeO79OS49npJECUf18=
152 |     -----END CERTIFICATE-----
153 | 
154 |   admin-key.pem: |-
155 |     -----BEGIN PRIVATE KEY-----
156 |     MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMTg4Yi7B4J4ph
157 |     k/cA709dZPmlktM5tgUuK8wj6L4M0Zf4fUL3aWcw39565Xyz68P0AIHlJZAL4sdt
158 |     kWYkm2q37AOB8F2XYkl/hWCVHi9VuSGwKadpI1pq5AQN7SmoD2MrNTSzuLHrQitr
159 |     oZKmT1uoHjVIDuXcbJBWpNx8IBgfisXildUoNVOaKWsg3orJ7HMQ0Gduqj4FtOIj
160 |     kGaYPy3QfLxLlxB/mdde3t7BlXZpckTTA+hfEBJYjgYePZARLcxWHP4Fj8d1hjRd
161 |     T+9CRfASscN+E3685yABaL+JtQJwH5gZXUvlh2J+k+4ENbj5R32qmAABs2obh2bD
162 |     lAyLpAGXAgMBAAECggEAMqLJ5ZWBmFYcexDEMGwfnIMxSLM6PNx7LjVWtDO0HtM3
163 |     ujO5jD6If9mMd6M3JBS0DV6u0w9bQ0birKpTyZDng0wwllzvpVyL4No61NqVWsa2
164 |     rcW1I17KwyFeS+FS6L9fkc7vD/gfyLIuts9l3GhgzCsog4KFv/r8Ty0vJGiD8hTu
165 |     f2u1DS6l5qaSO9pIIJwDQkHkiZxI/tyNE400axileny65dEiV9OMoXxbRBHTQpDS
166 |     CwpQrcGjM9GgN8BOy7vx7Luz3byvLjnrqhIdp78MoHo4G0xCtlxbCHHLnUfU2XFw
167 |     /ePlvBE1+QmWnhWMYscvNbwYY6BljMx8Z4eXFcTZQQKBgQDuNISMyE4MtjuSqUrR
168 |     BLo5p2OBz0KHmWj5uHHrY5KwtwzrdnjnfTPHKjopzM+KEzx68aMOceqOFoqmOKh5
169 |     RtULUBMqfFHBslu0xZMKfPKzFIbP8JN7CAGXy3hVaG1SORU5An50yWbp/WAHDeEX
170 |     EwVDZFzb6wMjFIGGDfZFWxxnNwKBgQDbkTjpy/qVFwSC3Um+3NnHFHUYgX6GQZej
171 |     guW+U1fMNzSQwcNkZWSXIcMpCtIh6rCV+5kvKKNRlIngEnXbzDXll+SnPeXTyWvg
172 |     EE9oqHDIl52h33so+II31aj8h4Miqhasc/xtzEC3Yr6NzznQ8Ja0b7FD1b4MqagJ
173 |     JqbUrM2ooQKBgQC9qvWL/4YeGxAuRDw9WA1MENtrpfMsc1uh01pp+jv4F5ji989n
174 |     S0rqH9Z2KA1svMpgfny96LjB8HLvzZdgEaVbP6QzJRAYMgNRWiwtorXBH+wEMGPO
175 |     B9701d936hF58dfTMAgux5r5X3WRyFxc+hkrwwMpXOR/jzle20knileAWwKBgDTu
176 |     WnEKSntclCrUG+4WIa37gYsJ1K2a7GpvqODsCJNjj5mCDI+MXeaNLhYb1LJ2eGF/
177 |     yNr0igKls2NAMAdvwGJ77pReuKQIv6fBZtNNH/tLiaW3UWJ8HjBForpWFMfrhxHF
178 |     2EnD3qoW9OcM2NxE05/l+S7oPSuiTq7+EWPd0KphAoGBAIjTmka8L0n/KRm7bIUd
179 |     Yp0BuOQY50Q4lQDTCFYa8oDdMvvbHqaSVTcCUDwcsWD79TGxtWfASHLyuaEvWu67
180 |     luOX91X2EOEgAA9fDGE0eS+SRdPu41C5T0B50WxjdeYC4GcbtyIHO2dBmo1z74Lt
181 |     RPRePhcbK7mFSJmlfJzqrjSJ
182 |     -----END PRIVATE KEY-----
183 | 
184 |   filebeat.pem: |-
185 |     -----BEGIN CERTIFICATE-----
186 |     MIIDFDCCAfwCFAQdeKWu5MeY4tKFNJPsKghLzmbvMA0GCSqGSIb3DQEBCwUAMEYx
187 |     CzAJBgNVBAYTAlVTMRMwEQYDVQQHDApDYWxpZm9ybmlhMRAwDgYDVQQKDAdDb21w
188 |     YW55MRAwDgYDVQQDDAdyb290LWNhMB4XDTIxMDIwMTEwNTEwOFoXDTMxMDEzMDEw
189 |     NTEwOFowRzELMAkGA1UEBhMCVVMxEzARBgNVBAcMCkNhbGlmb3JuaWExEDAOBgNV
190 |     BAoMB0NvbXBhbnkxETAPBgNVBAMMCGZpbGViZWF0MIIBIjANBgkqhkiG9w0BAQEF
191 |     AAOCAQ8AMIIBCgKCAQEAvXweY9vbZoAwjvMZvql3kAjQ3wjvmhMZ7WCpcb7IfHJU
192 |     mN8bkNIQjfhq9NHQXisW42Eoy7HFYnsHCjBc1B5dirsBow2rPOfj3GU6fvbqbn0l
193 |     LDTVhRZW2jATnixi5ImD5Wplh2H8wFwITgH3S0KpboML1cw1uTDeg23vKtFmcFAD
194 |     0DI9ycAPXMxndsLwQBVK/SZRIY0DBM71IaWRaHuldrYwFOQjesyiRKigbdxgfkgL
195 |     WriQO2XqMVHzwNWJnyzSlzRA3HyEm9EW/V/vzPB9vicUk3Ef8ghvqO7Z95NAVx9S
196 |     F3m2h1Kq2FJJhQdpz9f9EPAkKob+F1q74HyrLN8ARwIDAQABMA0GCSqGSIb3DQEB
197 |     CwUAA4IBAQBrhdx+eXEJaQ9mA7IJYFnkkCXtp+HyD/qZJUbqs+/fm8zt64UcSvKK
198 |     R3w/2swlPiv5nS2Wf+fR1oV7Eg7cgOP9FUUtx0iBbK2KNYNZkrs06jwvLLan8i8P
199 |     L9hO7luaWH+76p0gBkOrIFUqdn9Of1sfLTPVpYA1tKZSklu64gVtnUWzk4abSpEP
200 |     e8lMSnQYNys6SpwNsaLxm61/znZy1Sz6qNu1Pi8iJhNHA+DYuvD5te1Hvz3FxxT0
201 |     tYIouaBPsdChfiu+5T6PYGbK4JQT94MTtSBubp/mwRcgQQpcNLZOh1fgWPwNdnrv
202 |     PLvRpTFk4B6yKrUtoWtV0m4niiVfBfa+
203 |     -----END CERTIFICATE-----
204 | 
205 |   filebeat-key.pem: |-
206 |     -----BEGIN PRIVATE KEY-----
207 |     MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9fB5j29tmgDCO
208 |     8xm+qXeQCNDfCO+aExntYKlxvsh8clSY3xuQ0hCN+Gr00dBeKxbjYSjLscViewcK
209 |     MFzUHl2KuwGjDas85+PcZTp+9upufSUsNNWFFlbaMBOeLGLkiYPlamWHYfzAXAhO
210 |     AfdLQqlugwvVzDW5MN6Dbe8q0WZwUAPQMj3JwA9czGd2wvBAFUr9JlEhjQMEzvUh
211 |     pZFoe6V2tjAU5CN6zKJEqKBt3GB+SAtauJA7ZeoxUfPA1YmfLNKXNEDcfISb0Rb9
212 |     X+/M8H2+JxSTcR/yCG+o7tn3k0BXH1IXebaHUqrYUkmFB2nP1/0Q8CQqhv4XWrvg
213 |     fKss3wBHAgMBAAECggEBAJDa8wyaBfctJnIRzGuieEHHS45F8Y3S7m43CDJpjDD+
214 |     4kdfwF4NCRTPhUyVnXpv7HZ1T0+xHllz/eS/JigO8qnc3pp9F5xfFiXlyTtInd1L
215 |     lIBf/59XfZwdRtIT0qItsoROu0EtGqEfekXQYPHLC2Xtjr2p+KQThPfqsf0EyhAu
216 |     +V9ESUjReK9t98WjsVa2kYKJzHsudUcg01uSijBJZljnErPv45RNeVP9AIv0GvBF
217 |     9rzL5ZJOWsc2SyPc14RYEM/a9Gd+LywI9RFv4+3WQmGfjeavlAhX1wEIkS6Od/JI
218 |     VNGmzpL+dekKlmeM6pqHlNPLAeV6tVmAfvaBmPugIIECgYEA7239z+oon3Hd/Ljq
219 |     9GpkT/WdxDFdeKQan9LmCddDJZT7UPVUprTuPzk/No67YN1L6wkqxH+1QMZlXELx
220 |     unJY4CxRywYVawxNYZnrs9twBvwOCoiJjscc6v6sECn+kF+Wg3DDhLpcVtIDouii
221 |     Z9sYrzzJNkQMXBaCOZeuHAkDZ8ECgYEAypk/fSP9rzOaWfvc0pzl0ZGmy2yxjIFn
222 |     5SNOYx2fFqLbu+MLJjGMvw/6Zy8jVY+9feNiz7PNFiTEl2Yj40fe1wj/69+4Q4E8
223 |     xTYOBK2wt/VSmijr5XpN+t4wCOBUe1AeljMXgIlkQ3DwRdU5ByE/HE8U4N4+h08s
224 |     O9ZWRQshqgcCgYBSq/L4qIywSVvyGFOgY2ARr+hyxuzUbC15RBQED9zyjBee46cA
225 |     DPc6w2SNTQlsL9034alvwfzuydJT4hWfYD5J4WO4q3gXx16stb4KE1oCP2QFxRFi
226 |     SGQ2zArTZfytEyRgbD5GhSa/H7L7vEHfhGpoj5+WajauUWNTyYjny0DuwQKBgFen
227 |     CcLYiW79gnAf+Z/dZcjPnTwxoHdLnWmTZtyW+jdO6oZVaoNxuJUJEqsFx+HCuJb4
228 |     g82c2sQT0EI4XJp+g7jBGggw2IXMKkCgbFw10VkleEFeJwE3cvlwm5ObirF3LmSJ
229 |     YkeoKYrMGAf+ghfFmIpk5IGNZbwg0uBokRZ6BGyNAoGARzfL3BE+sFWmcsGyodw5
230 |     2PU6M5A7BbS4OQqAJZXgUSX3daZ94m/GzhjiUoWE55dp1Hep+qoTqtat0IMnM1zZ
231 |     LAFLfm9tyRzsUJPVLP7PZZBzA0jNw7SV5uLmHZGJSZJULQEDLj1Qaep5O9vc3Pbm
232 |     uj9umrM7x2XJ1qXuhOIAzFY=
233 |     -----END PRIVATE KEY-----
234 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/secrets/wazuh-api-cred.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.wazuh.deployment.enabled -}}
 2 | # Wazuh API credentials secret
 3 | apiVersion: v1
 4 | kind: Secret
 5 | metadata:
 6 |   name: wazuh-api-cred
 7 | data:
 8 |   username: d2F6dWgtd3Vp # string "wazuh-wui" base64 encoded
 9 |   password: TXlTM2NyMzdQNDUwci4qLQ== # string "MyS3cr37P450r.*-" base64 encoded
10 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/secrets/wazuh-authd-pass.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.wazuh.deployment.enabled -}}
2 | # Wazuh authd password secret
3 | apiVersion: v1
4 | kind: Secret
5 | metadata:
6 |   name: wazuh-authd-pass
7 | data:
8 |   authd.pass: cGFzc3dvcmQ= # string "password" base64 encoded
9 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/secrets/wazuh-cluster-key.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.wazuh.deployment.enabled -}}
2 | # Wazuh cluster key secret
3 | apiVersion: v1
4 | kind: Secret
5 | metadata:
6 |   name: wazuh-cluster-key
7 | data:
8 |   key: MTIzYTQ1YmM2N2RlZjg5MWdoMjNpNDVqazY3bDhtbjk= # string "123a45bc67def891gh23i45jk67l8mn9" base64 encoded
9 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/service/elasticsearch-api.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.elasticsearch.deployment.enabled -}}
 2 | # Elasticsearch service: API
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: {{ include "appIdentifier" .Values.identifier }}-elasticsearch-api
 7 |   labels:
 8 | {{ include "labels" $ | indent 4 }}
 9 |     appComponent: Elasticsearch-svc
10 |     app: {{ include "wazuh.fullname" .}}-elasticsearch
11 |   annotations:
12 | {{ include "annotations" $ | indent 4 }}
13 |     appComponent: Elasticsearch-svc
14 | spec:
15 |   type: {{ .Values.elasticsearch.service.type }}
16 |   selector:
17 | {{ include "labels" $ | indent 4 }}
18 |     app: {{ include "wazuh.fullname" .}}-elasticsearch
19 |   ports:
20 |     - name: es-rest
21 |       port: {{ .Values.elasticsearch.service.httpPort }}
22 |       targetPort: 9200
23 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/service/elasticsearch-svc.yaml:
--------------------------------------------------------------------------------
 1 | {{ if .Values.elasticsearch.deployment.enabled -}}
 2 | # Elasticsearch service: Communications
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: wazuh-elasticsearch
 7 |   labels:
 8 |     app: wazuh-elasticsearch
 9 | spec:
10 |   selector:
11 |     app: wazuh-elasticsearch
12 |   ports:
13 |     - name: es-nodes
14 |       port: {{ .Values.elasticsearch.service.httpPort }}
15 |       targetPort: 9300
16 |   clusterIP: None
17 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/service/elasticsearch.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.elasticsearch.deployment.enabled -}}
 2 | # Elasticsearch service: Communications
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: {{ include "appIdentifier" .Values.identifier }}-elasticsearch
 7 |   labels:
 8 | {{ include "labels" $ | indent 4 }}
 9 |     appComponent: Wazuh-Elasticsearch
10 |     app: {{ include "wazuh.fullname" . }}-elasticsearch
11 |   annotations:
12 | {{ include "annotations" $ | indent 4 }}
13 |     appComponent: Wazuh-Elasticsearch
14 | spec:
15 |   ports:
16 |     - name: es-nodes
17 |       port: {{ .Values.elasticsearch.service.httpPort }}
18 |       targetPort: 9300
19 |   clusterIP: None
20 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/service/kibana.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.kibana.deployment.enabled }}
 2 | 
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: {{ include "appIdentifier" .Values.identifier }}-kibana
 7 |   labels:
 8 | {{ include "labels" $ | indent 4 }}
 9 |     appComponent: Kibana-svc
10 |     app: {{ include "appIdentifier" .Values.identifier  }}-kibana
11 | {{ include "route53.dns.labels" $ | indent 4 }}
12 |   annotations:
13 | {{ include "annotations" $ | indent 4 }}
14 |     appComponent: kibana-svc
15 | {{ include "aws.annotations" $ | indent 4 }}
16 | spec:
17 |   type: {{ .Values.kibana.service.type }}
18 |   selector:
19 |     app: wazuh-kibana
20 |   ports:
21 |     - name: kibana
22 |       port: {{ .Values.kibana.service.httpPort }}
23 |       targetPort: 5601
24 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/service/wazuh-cluster.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.wazuh.deployment.enabled -}}
 2 | # Wazuh cluster Service: Manager nodes communication
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: wazuh-cluster
 7 |   labels:
 8 |     app: wazuh-manager
 9 | spec:
10 |   selector:
11 |     app: wazuh-manager
12 |   ports:
13 |     - name: cluster
14 |       port: {{ .Values.wazuh.service.ports.wazuhInternal }}
15 |       targetPort: 1516
16 |   clusterIP: None
17 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/service/wazuh-master.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.wazuh.deployment.enabled -}}
 2 | # Wazuh master Service: API and registration (authd)
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: wazuh-master
 7 |   labels:
 8 |     app: wazuh-manager
 9 | {{ include "route53.dns.labels" $ | indent 4 }}
10 |   annotations:
11 | {{ include "annotations" $ | indent 4 }}
12 |     appComponent: wazuh-manager
13 | {{ include "aws.annotations" $ | indent 4 }}
14 | spec:
15 |   type: {{ .Values.wazuh.service.type }}
16 |   selector:
17 |     app: wazuh-manager
18 |     node-type: {{ .Values.wazuh.service.masterType }}
19 |   ports:
20 |     - name: registration
21 |       port: {{ .Values.wazuh.service.ports.registration }}
22 |       targetPort: 1515
23 |     - name: api
24 |       port: {{ .Values.wazuh.service.ports.api }}
25 |       targetPort: 55000
26 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/service/wazuh-workers.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.wazuh.deployment.enabled }}
 2 | # Wazuh workers service: Agent reporting
 3 | apiVersion: v1
 4 | kind: Service
 5 | metadata:
 6 |   name: wazuh-workers
 7 |   labels:
 8 |     app: wazuh-manager
 9 | {{ include "route53.dns.labels" $ | indent 4 }}
10 |   annotations:
11 | {{ include "annotations" $ | indent 4 }}
12 |     appComponent: wazuh-manager
13 | {{ include "aws.annotations" $ | indent 4 }}
14 | spec:
15 |   type: {{ .Values.wazuh.service.workerType }}
16 |   selector:
17 |     app: wazuh-manager
18 |     node-type: {{ .Values.wazuh.service.w_nodeType }}
19 |   ports:
20 |     - name: agents-events
21 |       port: {{ .Values.wazuh.service.ports.agentEvents }}
22 |       targetPort: 1514
23 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/serviceaccount/wazuh-agent.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: ServiceAccount
 3 | metadata:
 4 |   name: {{ include "wazuh.fullname" . }}-agent
 5 |   labels:
 6 | {{ include "labels" $ | indent 4 }}
 7 |     appComponent: Agent-ServiceAccount
 8 |     app: {{ include "wazuh.fullname" .}}-agent
 9 |   annotations:
10 | {{ include "annotations" $ | indent 4 }}
11 |     appComponent: Agent-ServiceAccount


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/statefulset/elasticsearch.yaml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.elasticsearch.deployment.enabled -}}
  2 | apiVersion: apps/v1
  3 | kind: StatefulSet
  4 | metadata:
  5 |   name: {{ include "wazuh.elasticsearch.fullname" . }}-elasticsearch
  6 |   labels:
  7 | {{ include "labels" $ | indent 4 }}
  8 |     appComponent: Elasticsearch-StatefulSet
  9 |     app: {{ include "wazuh.elasticsearch.fullname" . }}-elasticsearch
 10 |   annotations:
 11 | {{ include "annotations" $ | indent 4 }}
 12 |     appComponent: Elasticsearch-StatefulSet
 13 | spec:
 14 |   serviceName: {{ include "appIdentifier" .Values.identifier }}-elasticsearch
 15 |   replicas: {{ .Values.elasticsearch.images.replicaCount }}
 16 |   updateStrategy:
 17 |     type: {{ .Values.elasticsearch.images.updateStrategy }}
 18 |   selector:
 19 |     matchLabels:
 20 | {{ include "labels" $ | indent 6 }}
 21 |       app: {{ include "wazuh.elasticsearch.fullname" . }}-elasticsearch
 22 |       role: master
 23 |   serviceName: {{ include "appIdentifier" .Values.identifier }}-wazuh-elasticsearch
 24 |   template:
 25 |     metadata:
 26 |       labels:
 27 | {{ include "labels" $ | indent 8 }}
 28 |         appComponent: Elasticsearch-StatefulSet
 29 |         app: {{ include "wazuh.elasticsearch.fullname" . }}-elasticsearch
 30 |         role: master
 31 |       annotations:
 32 | {{ include "annotations" $ | indent 8 }}
 33 |         appComponent: Elasticsearch-StatefulSet
 34 | {{- if .Values.vault.enabled }}
 35 |         vault.security.banzaicloud.io/vault-addr: {{ .Values.vault.security.vault_addr | quote }}
 36 |         vault.security.banzaicloud.io/vault-role: {{ .Values.vault.security.vault_role | quote }}
 37 |         vault.security.banzaicloud.io/vault-path: {{ .Values.vault.security.vault_path | quote }}
 38 |         vault.security.banzaicloud.io/vault-skip-verify: {{ .Values.vault.security.vault_skip_verify | quote }}
 39 | {{- end }}
 40 |     spec:
 41 |       # Set the wazuh-elasticsearch volume permissions so the elasticsearch user can use it
 42 |       volumes:
 43 |         - name: odfe-ssl-certs 
 44 |           secret:
 45 |             secretName: odfe-ssl-certs
 46 |         - name: elastic-odfe-conf
 47 |           configMap:
 48 |             name: {{ template "wazuh.elasticsearch.fullname" . }}-config
 49 |       initContainers:
 50 |         - name: volume-mount-hack
 51 |           image: busybox
 52 |           resources:
 53 |             requests:
 54 |               cpu: 50m
 55 |               memory: 64Mi
 56 |             limits:
 57 |               cpu: 100m
 58 |               memory: 128Mi
 59 |           command:
 60 |             - sh
 61 |             - "-c"
 62 |             - "chown -R 1000:1000 /usr/share/elasticsearch/data"
 63 |           volumeMounts:
 64 |             - name: wazuh-elasticsearch
 65 |               mountPath: /usr/share/elasticsearch/data
 66 |         - name: increase-the-vm-max-map-count
 67 |           image: busybox
 68 |           command:
 69 |             - sysctl
 70 |             - -w
 71 |             - vm.max_map_count=262144
 72 |           securityContext:
 73 |             privileged: true
 74 |       containers:
 75 |         - name: wazuh-elasticsearch
 76 |           image: "{{ .Values.elasticsearch.images.repository }}:{{ .Values.elasticsearch.images.tag }}"
 77 |           env:
 78 |             - name: ES_JAVA_OPTS
 79 |               value: "-Xms1g -Xmx1g"
 80 |             - name: CLUSTER_NAME
 81 |               value: {{ .Values.elasticsearch.env.CLUSTER_NAME }}
 82 |             - name: NETWORK_HOST
 83 |               value: {{ .Values.elasticsearch.env.NETWORK_HOST }}
 84 |             - name: NODE_NAME
 85 |               valueFrom:
 86 |                 fieldRef:
 87 |                   fieldPath: metadata.name
 88 |             - name: DISCOVERY_SERVICE
 89 |               value: {{ .Values.elasticsearch.env.DISCOVERY_SERVICE }}
 90 |             - name: KUBERNETES_NAMESPACE
 91 |               valueFrom:
 92 |                 fieldRef:
 93 |                   fieldPath: metadata.namespace
 94 |           resources:
 95 | {{ toYaml .Values.elasticsearch.images.resources | indent 12 }}
 96 |           volumeMounts:
 97 |             - name: wazuh-elasticsearch
 98 |               mountPath: /usr/share/elasticsearch/data
 99 |             - name: odfe-ssl-certs
100 |               mountPath: /usr/share/elasticsearch/config/node-key.pem
101 |               subPath: node-key.pem
102 |               readOnly: true
103 |             - name: odfe-ssl-certs
104 |               mountPath: /usr/share/elasticsearch/config/node.pem
105 |               subPath: node.pem
106 |               readOnly: true
107 |             - name: odfe-ssl-certs
108 |               mountPath: /usr/share/elasticsearch/config/root-ca.pem
109 |               subPath: root-ca.pem
110 |               readOnly: true
111 |             - name: odfe-ssl-certs
112 |               mountPath: /usr/share/elasticsearch/config/admin.pem
113 |               subPath: admin.pem
114 |               readOnly: true
115 |             - name: odfe-ssl-certs
116 |               mountPath: /usr/share/elasticsearch/config/admin-key.pem
117 |               subPath: admin-key.pem
118 |               readOnly: true
119 |             - name: elastic-odfe-conf
120 |               mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
121 |               subPath: config.yml
122 |               readOnly: true
123 |             - name: elastic-odfe-conf
124 |               mountPath: /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
125 |               subPath: internal_users.yml
126 |               readOnly: true
127 |           ports:
128 |             - containerPort: 9200
129 |               name: es-rest
130 |             - containerPort: 9300
131 |               name: es-nodes
132 |   volumeClaimTemplates:
133 |     - metadata:
134 |         name: wazuh-elasticsearch
135 |       spec:
136 |         accessModes:
137 |           - ReadWriteOnce
138 |         storageClassName: default
139 |         resources:
140 |           requests:
141 |             storage: 50Gi
142 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/statefulset/wazuh-master.yaml:
--------------------------------------------------------------------------------
  1 | {{- if .Values.wazuh.deployment.enabled }}
  2 | apiVersion: apps/v1
  3 | kind: StatefulSet
  4 | metadata:
  5 |   name: wazuh-master
  6 |   labels:
  7 | {{ include "labels" $ | indent 4 }}
  8 |     appComponent: Wazuh-Master-StatefulSet
  9 |     node-type: master
 10 |   annotations:
 11 | {{ include "annotations" $ | indent 4 }}
 12 |     appComponent: Wazuh-Master-StatefulSet
 13 | spec:
 14 |   replicas: {{ .Values.wazuh.master_replicas }}
 15 |   selector:
 16 |     matchLabels:
 17 | {{ include "labels" $ | indent 6 }}
 18 |       appComponent: Wazuh-Master-StatefulSet
 19 |       node-type: master
 20 |     annotations:
 21 | {{ include "annotations" $ | indent 6 }}
 22 |       appComponent: Elasticsearch-StatefulSet
 23 |   serviceName: wazuh-cluster
 24 |   podManagementPolicy: Parallel
 25 |   template:
 26 |     metadata:
 27 |       labels:
 28 | {{ include "labels" $ | indent 8 }}
 29 |         appComponent: Wazuh-Master-StatefulSet
 30 |         node-type: master
 31 |       name: wazuh-manager-master
 32 |     spec:
 33 |       volumes:
 34 |         - name: config
 35 |           configMap:
 36 |             name: {{ template "wazuh.fullname" . }}-master-config
 37 |         - name: filebeat-certs
 38 |           secret:
 39 |             secretName: odfe-ssl-certs
 40 |         - name: wazuh-authd-pass
 41 |           secret:
 42 |             secretName: wazuh-authd-pass
 43 |       containers:
 44 |         - name: wazuh-manager
 45 |           image: "{{ .Values.wazuh.images.repository }}:{{ .Values.wazuh.images.tag }}"
 46 |           resources:
 47 | {{ toYaml .Values.wazuh.images.resources | indent 12 }}
 48 |           securityContext:
 49 |             capabilities:
 50 |               add: ["SYS_CHROOT"]
 51 |           volumeMounts:
 52 |             - name: config
 53 |               mountPath: /wazuh-config-mount/etc/ossec.conf
 54 |               subPath: master.conf
 55 |               readOnly: true
 56 |             - name: filebeat-certs
 57 |               mountPath: /etc/ssl/root-ca.pem
 58 |               readOnly: true
 59 |               subPath: root-ca.pem
 60 |             - name: filebeat-certs
 61 |               mountPath: /etc/ssl/filebeat.pem
 62 |               subPath: filebeat.pem
 63 |               readOnly: true
 64 |             - name: filebeat-certs
 65 |               mountPath: /etc/ssl/filebeat.key
 66 |               subPath: filebeat-key.pem
 67 |               readOnly: true
 68 |             - name: wazuh-authd-pass
 69 |               mountPath: /wazuh-config-mount/etc/authd.pass
 70 |               subPath: authd.pass
 71 |               readOnly: true
 72 |             - name: wazuh-manager-master
 73 |               mountPath: /var/ossec/api/configuration
 74 |               subPath: wazuh/var/ossec/api/configuration
 75 |             - name: wazuh-manager-master
 76 |               mountPath: /var/ossec/etc
 77 |               subPath: wazuh/var/ossec/etc
 78 |             - name: wazuh-manager-master
 79 |               mountPath: /var/ossec/logs
 80 |               subPath: wazuh/var/ossec/logs
 81 |             - name: wazuh-manager-master
 82 |               mountPath: /var/ossec/queue
 83 |               subPath: wazuh/var/ossec/queue
 84 |             - name: wazuh-manager-master
 85 |               mountPath: /var/ossec/var/multigroups
 86 |               subPath: wazuh/var/ossec/var/multigroups
 87 |             - name: wazuh-manager-master
 88 |               mountPath: /var/ossec/integrations
 89 |               subPath: wazuh/var/ossec/integrations
 90 |             - name: wazuh-manager-master
 91 |               mountPath: /var/ossec/active-response/bin
 92 |               subPath: wazuh/var/ossec/active-response/bin
 93 |             - name: wazuh-manager-master
 94 |               mountPath: /var/ossec/agentless
 95 |               subPath: wazuh/var/ossec/agentless
 96 |             - name: wazuh-manager-master
 97 |               mountPath: /var/ossec/wodles
 98 |               subPath: wazuh/var/ossec/wodles
 99 |             - name: wazuh-manager-master
100 |               mountPath: /etc/filebeat
101 |               subPath: filebeat/etc/filebeat
102 |             - name: wazuh-manager-master
103 |               mountPath: /var/lib/filebeat
104 |               subPath: filebeat/var/lib/filebeat
105 |           ports:
106 |             - containerPort: {{ .Values.wazuh.service.ports.registration }}
107 |               name: registration
108 |             - containerPort: {{ .Values.wazuh.service.ports.wazuhInternal }}
109 |               name: cluster
110 |             - containerPort: {{ .Values.wazuh.service.ports.api }}
111 |               name: api
112 |           env:
113 |             - name: ELASTICSEARCH_URL
114 |               value: {{ .Values.kibana.env.WAZUH_API_URL | quote }}
115 |             - name: ELASTIC_USERNAME
116 |               valueFrom:
117 |                 secretKeyRef:
118 |                   name: elastic-cred
119 |                   key: username
120 |             - name: ELASTIC_PASSWORD
121 |               valueFrom:
122 |                 secretKeyRef:
123 |                   name: elastic-cred
124 |                   key: password
125 |             - name: FILEBEAT_SSL_VERIFICATION_MODE
126 |               value: {{ .Values.wazuh.env.FILEBEAT_SSL_VERIFICATION_MODE | quote }}
127 |             - name: SSL_CERTIFICATE_AUTHORITIES
128 |               value: /etc/ssl/root-ca.pem
129 |             - name: SSL_CERTIFICATE
130 |               value: /etc/ssl/filebeat.pem
131 |             - name: SSL_KEY
132 |               value: /etc/ssl/filebeat.key
133 |             - name: API_USERNAME
134 |               valueFrom:
135 |                 secretKeyRef:
136 |                   name: wazuh-api-cred
137 |                   key: username
138 |             - name: API_PASSWORD
139 |               valueFrom:
140 |                 secretKeyRef:
141 |                   name: wazuh-api-cred
142 |                   key: password
143 |             - name: WAZUH_CLUSTER_KEY
144 |               valueFrom:
145 |                 secretKeyRef:
146 |                   name: wazuh-cluster-key
147 |                   key: key
148 |   volumeClaimTemplates:
149 |     - metadata:
150 |         name: wazuh-manager-master
151 |       spec:
152 |         accessModes:
153 |           - ReadWriteOnce
154 |         storageClassName: default
155 |         resources:
156 |           requests:
157 |             storage: 50Gi
158 | {{- end -}}


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/statefulset/wazuh-worker.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: apps/v1
  2 | kind: StatefulSet
  3 | metadata:
  4 |   name: wazuh-manager-worker
  5 | spec:
  6 |   replicas: {{ .Values.wazuh.worker_replicas }}
  7 |   selector:
  8 |     matchLabels:
  9 |       app: wazuh-manager
 10 |       node-type: worker
 11 |   serviceName: wazuh-cluster
 12 |   podManagementPolicy: Parallel
 13 |   template:
 14 |     metadata:
 15 |       labels:
 16 |         app: wazuh-manager
 17 |         node-type: worker
 18 |       name: wazuh-manager-worker
 19 |     spec:
 20 |       affinity:
 21 |         podAntiAffinity:
 22 |           preferredDuringSchedulingIgnoredDuringExecution:
 23 |             - weight: 100
 24 |               podAffinityTerm:
 25 |                 topologyKey: kubernetes.io/hostname
 26 |       volumes:
 27 |         - name: config
 28 |           configMap:
 29 |             name: {{ template "wazuh.fullname" . }}-worker-config
 30 |         - name: filebeat-certs
 31 |           secret:
 32 |             secretName: odfe-ssl-certs
 33 |       containers:
 34 |         - name: wazuh-manager
 35 |           image: "{{ .Values.wazuh.images.repository }}:{{ .Values.wazuh.images.tag }}"
 36 |           resources:
 37 | {{ toYaml .Values.wazuh.images.worker_resources | indent 12 }}
 38 |           securityContext:
 39 |             capabilities:
 40 |               add: ["SYS_CHROOT"]
 41 |           volumeMounts:
 42 |             - name: config
 43 |               mountPath: /wazuh-config-mount/etc/ossec.conf
 44 |               subPath: worker.conf
 45 |               readOnly: true
 46 |             - name: filebeat-certs
 47 |               mountPath: /etc/ssl/root-ca.pem
 48 |               readOnly: true
 49 |               subPath: root-ca.pem
 50 |             - name: filebeat-certs
 51 |               mountPath: /etc/ssl/filebeat.pem
 52 |               subPath: filebeat.pem
 53 |               readOnly: true
 54 |             - name: filebeat-certs
 55 |               mountPath: /etc/ssl/filebeat.key
 56 |               subPath: filebeat-key.pem
 57 |               readOnly: true
 58 |             - name: wazuh-manager-worker
 59 |               mountPath: /var/ossec/api/configuration
 60 |               subPath: wazuh/var/ossec/api/configuration
 61 |             - name: wazuh-manager-worker
 62 |               mountPath: /var/ossec/etc
 63 |               subPath: wazuh/var/ossec/etc
 64 |             - name: wazuh-manager-worker
 65 |               mountPath: /var/ossec/logs
 66 |               subPath: wazuh/var/ossec/logs
 67 |             - name: wazuh-manager-worker
 68 |               mountPath: /var/ossec/queue
 69 |               subPath: wazuh/var/ossec/queue
 70 |             - name: wazuh-manager-worker
 71 |               mountPath: /var/ossec/var/multigroups
 72 |               subPath: wazuh/var/ossec/var/multigroups
 73 |             - name: wazuh-manager-worker
 74 |               mountPath: /var/ossec/integrations
 75 |               subPath: wazuh/var/ossec/integrations
 76 |             - name: wazuh-manager-worker
 77 |               mountPath: /var/ossec/active-response/bin
 78 |               subPath: wazuh/var/ossec/active-response/bin
 79 |             - name: wazuh-manager-worker
 80 |               mountPath: /var/ossec/agentless
 81 |               subPath: wazuh/var/ossec/agentless
 82 |             - name: wazuh-manager-worker
 83 |               mountPath: /var/ossec/wodles
 84 |               subPath: wazuh/var/ossec/wodles
 85 |             - name: wazuh-manager-worker
 86 |               mountPath: /etc/filebeat
 87 |               subPath: filebeat/etc/filebeat
 88 |             - name: wazuh-manager-worker
 89 |               mountPath: /var/lib/filebeat
 90 |               subPath: filebeat/var/lib/filebeat
 91 |           ports:
 92 |             - containerPort: {{ .Values.wazuh.service.ports.agentEvents }}
 93 |               name: agents-events
 94 |             - containerPort: {{ .Values.wazuh.service.ports.wazuhInternal }}
 95 |               name: cluster
 96 |           env:
 97 |             - name: ELASTICSEARCH_URL
 98 |               value: {{ .Values.kibana.env.ELASTICSEARCH_URL | quote }}
 99 |             - name: ELASTIC_USERNAME
100 |               valueFrom:
101 |                 secretKeyRef:
102 |                   name: elastic-cred
103 |                   key: username
104 |             - name: ELASTIC_PASSWORD
105 |               valueFrom:
106 |                 secretKeyRef:
107 |                   name: elastic-cred
108 |                   key: password
109 |             - name: FILEBEAT_SSL_VERIFICATION_MODE
110 |               value: {{ .Values.wazuh.env.FILEBEAT_SSL_VERIFICATION_MODE | quote }}
111 |             - name: SSL_CERTIFICATE_AUTHORITIES
112 |               value: /etc/ssl/root-ca.pem
113 |             - name: SSL_CERTIFICATE
114 |               value: /etc/ssl/filebeat.pem
115 |             - name: SSL_KEY
116 |               value: /etc/ssl/filebeat.key
117 |             - name: WAZUH_CLUSTER_KEY
118 |               valueFrom:
119 |                 secretKeyRef:
120 |                   name: wazuh-cluster-key
121 |                   key: key
122 |   volumeClaimTemplates:
123 |     - metadata:
124 |         name: wazuh-manager-worker
125 |       spec:
126 |         accessModes:
127 |           - ReadWriteOnce
128 |         storageClassName: default
129 |         resources:
130 |           requests:
131 |             storage: 50Gi
132 | 


--------------------------------------------------------------------------------
/wazuh-kubernetes/templates/storage-class/minikube-standard-default.yaml:
--------------------------------------------------------------------------------
 1 | {{- if .Values.storage.minikube.enabled }}
 2 | kind: StorageClass
 3 | apiVersion: storage.k8s.io/v1
 4 | metadata:
 5 |   name: default
 6 | annotations:
 7 |   storageclass.beta.kubernetes.io/is-default-class: "true"
 8 | provisioner: k8s.io/minikube-hostpath
 9 | parameters:
10 |   type: default
11 | reclaimPolicy: Retain
12 | mountOptions:
13 |   - debug
14 | allowVolumeExpansion: true
15 | {{- end }}


--------------------------------------------------------------------------------
/wazuh-kubernetes/values.yaml:
--------------------------------------------------------------------------------
  1 | vault_addr: &vault_addr "http://vault.cluster.local:8200"
  2 | vault_path: &vault_path "kubernetes"
  3 | 
  4 | #AWS load balancer configuration for using ELB(AWS Elastic Load Balancer)
  5 | #Some resources require loadbalancer. Refer to Wazuh documentation for more information
  6 | aws:
  7 |   elb:
  8 |     enabled: true
  9 |     protocol: tcp
 10 | 
 11 |     # Enabled custom certificates for AWS ELB
 12 |     cert:
 13 |       enabled: false
 14 |       certName: demoCert
 15 | 
 16 |     # Enabled AWS ELB for Kibana Service
 17 |     kibana:
 18 |       enabled: false
 19 |       port: 443
 20 |       backEnd: https
 21 | 
 22 |     # AWS ELB for Elasticsearch Service
 23 |     elasticsearch:
 24 |       enabled: false
 25 | 
 26 |     # AWS ELB for Wazuh Master Service
 27 |     wazuh_master:
 28 |       enabled: true
 29 | 
 30 |     # AWS LB for Wazuh worker Service
 31 |     wazuh_workers:
 32 |       enabled: true
 33 | 
 34 |     # AWS DNS53 configuration, refer to AWS DNS53 documentation together with Wazuh Documentation how to set it up
 35 |     dns53:
 36 |       enabled: false
 37 |       wazuhMasterDomain: master-foobar.com
 38 |       wazuhWorkerDomain: worker-foobar.com
 39 |       kibanaDomain: kibana-foobar.com
 40 | 
 41 | # Use provided demo certificates
 42 | # for production please use dynamically signed certificates either provided by your own solution of Hashicorp Vault
 43 | democerts:
 44 |   enabled: true
 45 | 
 46 | vault:
 47 |   enabled: false
 48 |   security:
 49 |     vault_addr: *vault_addr
 50 |     vault_role: opendistro-elastic
 51 |     vault_path: *vault_path
 52 |     vault_skip_verify: true
 53 | 
 54 | # Elasticsearch statefulset deployment configuration
 55 | elasticsearch:
 56 |   deployment:
 57 |     enabled: true
 58 | 
 59 |   selfcert:
 60 |     enabled: false
 61 | 
 62 |   elkversion: "7.9.1"
 63 |   master:
 64 |     replicas: 3
 65 |   elasticsearch:
 66 |     discoveryOverride: ""
 67 | 
 68 |   service:
 69 |     httpPort: 9200
 70 |     transport: 9300
 71 |     metrics: 9600
 72 |     type: ClusterIP
 73 | 
 74 |   images:
 75 |     repository: amazon/opendistro-for-elasticsearch
 76 |     tag: "1.11.0"
 77 |     pullPolicy: IfNotPresent
 78 |     updateStrategy: RollingUpdate
 79 |     replicaCount: 3
 80 |     # If you're using private registry add secret name for docker credentials
 81 |     imagePullSecrets:
 82 |       enabled: false
 83 |       secret: {}
 84 |     resources:
 85 |       requests:
 86 |         cpu: 500m
 87 |         memory: 1Gi
 88 |       limits:
 89 |         cpu: 800m
 90 |         memory: 2Gi
 91 | 
 92 |   config:
 93 | 
 94 |   env:
 95 |     CLUSTER_NAME: "wazuh"
 96 |     #NETWORK_HOST: "_eth0_"
 97 |     NETWORK_HOST: "0.0.0.0"
 98 |     HTTP_CORS_ENABLE: "false"
 99 |     ALLOW_DEMOCERTIFICATES: "false"
100 |     # The minimum number of masters that will be able to form a quorum. This
101 |     # should be (#masters / 2) + 1. Default is 2.
102 |     NUMBER_OF_MASTERS: "3"
103 |     DISCOVERY_SERVICE: "wazuh-elasticsearch"
104 | 
105 |   plugins: []
106 | 
107 |   # Default users provided by Wazuh
108 |   # Check wazuh documentation for default credentials
109 |   internal_users:
110 |     admin: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
111 |     kibanaserver: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
112 |     kibanaro: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
113 |     logstash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
114 |     readall: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
115 |     snapshotrestore: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
116 | 
117 |     storageSize: 50Gi
118 |     storageClassName: default
119 | 
120 | # Kibana for elasticsearch with Wazuh plugins pre-installed
121 | kibana:
122 |   deployment:
123 |     enabled: true
124 | 
125 |   replicas: 1
126 | 
127 |   images:
128 |     repository: wazuh/wazuh-kibana
129 |     tag: "4.1.5"
130 |     pullPolicy: IfNotPresent
131 |     updateStrategy: OnDelete
132 |     resources:
133 |       requests:
134 |         cpu: 500m
135 |         memory: 512Mi
136 |       limits:
137 |         cpu: 900m
138 |         memory: 1Gi
139 |   # with this you will be able to access kibana on http port instead of https
140 |   # if you use Ambassador edgestack this is necessary becasue
141 |   # with `true` route will close unexpectedly
142 |   # when accessing via ambassador external url
143 |   enable_ssl: false
144 | 
145 |   service:
146 |     httpPort: 5601
147 |     type: ClusterIP
148 | 
149 |   env:
150 |     ELASTICSEARCH_URL: http://wazuh-elasticsearch-0.wazuh-elasticsearch:9200
151 |     WAZUH_API_URL: https://wazuh-manager-master-0.wazuh-cluster
152 | 
153 | wazuh:
154 |   deployment:
155 |     enabled: true
156 | 
157 |   master_replicas: 1
158 |   worker_replicas: 2
159 | 
160 |   images:
161 |     repository: wazuh/wazuh
162 |     tag: "4.1.5"
163 |     pullSecret: regcred
164 |     resources:
165 |       requests:
166 |         cpu: 500m
167 |         memory: 500Mi
168 |       limits:
169 |         cpu: 850m
170 |         memory: 1Gi
171 |     worker_resources:
172 |       requests:
173 |         cpu: 1000m
174 |         memory: 1Gi
175 |       limits:
176 |         cpu: 1500m
177 |         memory: 2Gi
178 | 
179 |   env:
180 |     FILEBEAT_SSL_VERIFICATION_MODE: none
181 | 
182 |   service:
183 |     type: ClusterIP
184 |     masterType: LoadBalancer
185 |     workerType: LoadBalancer
186 |     m_nodeType: master
187 |     w_nodeType: worker
188 |     ports:
189 |       registration: 1515
190 |       api: 55000
191 |       wazuhInternal: 1516
192 |       agentEvents: 1514
193 | 
194 | # Wazuh Agent installed in DaemonSet form
195 | # Currently still in PoC
196 | agent:
197 |   deployment:
198 |     enabled: false
199 | 
200 |   rbac:
201 |     create: true
202 | 
203 |   serviceAccount:
204 |     create: true
205 |     name: wazuh-agent-daemonset
206 | 
207 |   image:
208 |     repository: kajov/wazuh-agent-installer
209 |     tag: "latest"
210 |     imagePullSecrets:
211 |       name: regrecd
212 |       enabled: false
213 |     resources:
214 |       requests:
215 |         cpu: 100m
216 |         memory: 250m
217 |       limit:
218 |         cpu: 200m
219 |         memory: 500m
220 | 
221 |   # Wazuh Manager URL or IP. Reffer to Wazuh documentation for agent installation procedure for more information
222 |   env:
223 |     W_MANAGER: foobar.com
224 | 
225 | ## Automated Storage class deployment if you're deploying for testing in minikube
226 | # since it's not using the default standard storage class
227 | 
228 | storage:
229 |   minikube:
230 |     enabled: true
231 | 
232 | identifier:
233 |   clusterId: autogenerated
234 |   tenantId: autogenerated
235 |   tenantName: autogenerated
236 |   spaceId: autogenerated
237 |   spaceName: autogenerated
238 |   appId: autogenerated
239 |   appName: autogenerated
240 | 


--------------------------------------------------------------------------------