# Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)version: '3.7'se

1. # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2)
2. version: '3.7'
3.  
4. services:
5. wazuh.manager:
6. image: wazuh/wazuh-manager:4.4.1
7. hostname: wazuh.manager
8. restart: always
9. ports:
10. - "1514:1514"
11. - "1515:1515"
12. - "514:514/udp"
13. - "55000:55000"
14. environment:
15. - INDEXER_URL=https://wazuh.indexer:9200
16. - INDEXER_USERNAME=admin
17. - INDEXER_PASSWORD=SecretPassword
18. - FILEBEAT_SSL_VERIFICATION_MODE=full
19. - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
20. - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
21. - SSL_KEY=/etc/ssl/filebeat.key
22. - API_USERNAME=wazuh-wui
23. - API_PASSWORD=MyS3cr37P450r.*-
24. volumes:
25. - wazuh_api_configuration:/var/ossec/api/configuration
26. - wazuh_etc:/var/ossec/etc
27. - wazuh_logs:/var/ossec/logs
28. - wazuh_queue:/var/ossec/queue
29. - wazuh_var_multigroups:/var/ossec/var/multigroups
30. - wazuh_integrations:/var/ossec/integrations
31. - wazuh_active_response:/var/ossec/active-response/bin
32. - wazuh_agentless:/var/ossec/agentless
33. - wazuh_wodles:/var/ossec/wodles
34. - filebeat_etc:/etc/filebeat
35. - filebeat_var:/var/lib/filebeat
36. - ./config/wazuh_indexer_ssl_certs/root-ca-manager.pem:/etc/ssl/root-ca.pem
37. - ./config/wazuh_indexer_ssl_certs/wazuh.manager.pem:/etc/ssl/filebeat.pem
38. - ./config/wazuh_indexer_ssl_certs/wazuh.manager-key.pem:/etc/ssl/filebeat.key
39. - ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
40.  
41. wazuh.indexer:
42. image: wazuh/wazuh-indexer:4.4.1
43. hostname: wazuh.indexer
44. restart: always
45. ports:
46. - "9200:9200"
47. environment:
48. - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
49. ulimits:
50. memlock:
51. soft: -1
52. hard: -1
53. nofile:
54. soft: 65536
55. hard: 65536
56. volumes:
57. - wazuh-indexer-data:/var/lib/wazuh-indexer
58. - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-indexer/certs/root-ca.pem
59. - ./config/wazuh_indexer_ssl_certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.key
60. - ./config/wazuh_indexer_ssl_certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/certs/wazuh.indexer.pem
61. - ./config/wazuh_indexer_ssl_certs/admin.pem:/usr/share/wazuh-indexer/certs/admin.pem
62. - ./config/wazuh_indexer_ssl_certs/admin-key.pem:/usr/share/wazuh-indexer/certs/admin-key.pem
63. - ./config/wazuh_indexer/wazuh.indexer.yml:/usr/share/wazuh-indexer/opensearch.yml
64. - ./config/wazuh_indexer/internal_users.yml:/usr/share/wazuh-indexer/opensearch-security/internal_users.yml
65.  
66. wazuh.dashboard:
67. image: wazuh/wazuh-dashboard:4.4.1
68. hostname: wazuh.dashboard
69. restart: always
70. ports:
71. - 443:5601
72. environment:
73. - INDEXER_USERNAME=admin
74. - INDEXER_PASSWORD=SecretPassword
75. - WAZUH_API_URL=https://wazuh.manager
76. - API_USERNAME=wazuh-wui
77. - API_PASSWORD=MyS3cr37P450r.*-
78. volumes:
79. - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard.pem
80. - ./config/wazuh_indexer_ssl_certs/wazuh.dashboard-key.pem:/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem
81. - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/usr/share/wazuh-dashboard/certs/root-ca.pem
82. - ./config/wazuh_dashboard/opensearch_dashboards.yml:/usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
83. - ./config/wazuh_dashboard/wazuh.yml:/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml
84. depends_on:
85. - wazuh.indexer
86. links:
87. - wazuh.indexer:wazuh.indexer
88. - wazuh.manager:wazuh.manager
89.  
90. mongo:
91. image: mongo:latest
92. container_name: mongo
93. restart: on-failure
94. volumes:
95. - mongo_data:/data/db
96.  
97. graylog:
98. image: graylog/graylog:5.0
99. container_name: graylog
100. restart: always
101. depends_on:
102. - mongo
103. - wazuh.indexer
104. environment:
105. - GRAYLOG_HTTP_EXTERNAL_URI=http://10.93.1.61:9000/
106. - GRAYLOG_HTTP_PUBLISH_URI=http://localhost:9000/
107. - GRAYLOG_ROOT_TIMEZONE=UTC
108. - GRAYLOG_IS_MASTER=true
109. - GRAYLOG_MONGODB_URI=mongodb://mongo:27017/graylog
110. - GRAYLOG_OPENSEARCH_HOSTS=https://wazuh.indexer:9200
111. - GRAYLOG_ROOT_PASSWORD_SHA2=415e8a6ba1c3eb93e81df34731acc3d60efee685c8e6f7412592a45ba3a0e3b0
112. - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
113. - GRAYLOG_HTTP_TLS_CERT_FILE=/usr/share/graylog/certificates/graylog.pem
114. - GRAYLOG_HTTP_TLS_KEY_FILE=/usr/share/graylog/certificates/graylog.key
115. - GRAYLOG_HTTP_TLS_TRUST_MANAGERS_FILE=/usr/share/graylog/certificates/root-ca.pem
116. # - GRAYLOG_HTTP_TLS_ENABLE_OCSP=true
117. # - GRAYLOG_SERVER_JAVA_OPTS="$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true -Djavax.net.ssl.trustStore=/etc/graylog/server/certs/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
118. ports:
119. - "1516:514/tcp"
120. - "1516:514/udp"
121. - "5044:5044/tcp" # Beats
122. - "5140:5140/udp" # Syslog
123. - "5140:5140/tcp" # Syslog
124. - "5555:5555/tcp" # RAW TCP
125. - "5555:5555/udp" # RAW TCP
126. - "9000:9000/tcp" # Server API
127. - "12201:12201/tcp" # GELF TCP
128. - "12201:12201/udp" # GELF UDP
129. #- "10000:10000/tcp" # Custom TCP port
130. #- "10000:10000/udp" # Custom UDP port
131. - "13301:13301/tcp" # Forwarder data
132. - "13302:13302/tcp" # Forwarder config
133. volumes:
134. # - ./config/wazuh_indexer_ssl_certs/root-ca.pem:/etc/ssl/certs/root-ca.pem
135. # - ./config/wazuh_indexer_ssl_certs/graylog-key.pem:/etc/ssl/certs/graylog-pkcs8-encrypted.pem
136. # - ./config/wazuh_indexer_ssl_certs/graylog.pem:/etc/ssl/certs/graylog.pem
137. - graylog_data:/usr/share/graylog/data
138. - graylog_journal:/usr/share/graylog/data/journal
139.  
140.  
141. volumes:
142. wazuh_api_configuration:
143. wazuh_etc:
144. wazuh_logs:
145. wazuh_queue:
146. wazuh_var_multigroups:
147. wazuh_integrations:
148. wazuh_active_response:
149. wazuh_agentless:
150. wazuh_wodles:
151. filebeat_etc:
152. filebeat_var:
153. wazuh-indexer-data:
154. graylog_data:
155. graylog_journal:
156. mongo_data: