wazuh · AlexRuiz7 · Dec 27, 2024 · Jan 7, 2025 · Jan 7, 2025
diff --git a/integrations/docker/.env b/integrations/docker/.env
@@ -19,11 +19,8 @@ KIBANA_PORT=5602
 # Increase or decrease based on the available host memory (in bytes)
 MEM_LIMIT=1073741824
 
-# Wazuh version
-WAZUH_VERSION=4.9.2
-
-# Wazuh Indexer version (Provisionally using OpenSearch)
-WAZUH_INDEXER_VERSION=2.18.0
+# Wazuh Indexer version
+WAZUH_INDEXER_VERSION=5.0.0-0
 
 # Wazuh Dashboard version (Provisionally using OpenSearch Dashboards)
 WAZUH_DASHBOARD_VERSION=2.18.0

diff --git a/integrations/docker/amazon-security-lake.yml b/integrations/docker/amazon-security-lake.yml
diff --git a/integrations/docker/compose.indexer-opensearch.yml b/integrations/docker/compose.indexer-opensearch.yml
@@ -11,28 +11,15 @@ services:
     command: bash -c "python run.py -a wazuh.indexer"
 
   wazuh.indexer:
-    image: opensearchproject/opensearch:${WAZUH_INDEXER_VERSION}
+    image: quay.io/wazuh/wazuh-indexer:${WAZUH_INDEXER_VERSION}
     depends_on:
       wazuh-certs-generator:
         condition: service_completed_successfully
     hostname: wazuh.indexer
     ports:
       - 9200:9200
     environment:
-      - WAZUH_INDEXER_VERSION=${WAZUH_INDEXER_VERSION}
-      - node.name=wazuh.indexer
-      - discovery.type=single-node
-      - bootstrap.memory_lock=true
       - "DISABLE_INSTALL_DEMO_CONFIG=true"
-      - plugins.security.ssl.http.enabled=true
-      - plugins.security.allow_default_init_securityindex=true
-      - plugins.security.ssl.http.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem
-      - plugins.security.ssl.transport.pemcert_filepath=/usr/share/opensearch/config/wazuh.indexer.pem
-      - plugins.security.ssl.http.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem
-      - plugins.security.ssl.transport.pemkey_filepath=/usr/share/opensearch/config/wazuh.indexer-key.pem
-      - plugins.security.ssl.http.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem
-      - plugins.security.ssl.transport.pemtrustedcas_filepath=/usr/share/opensearch/config/root-ca.pem
-      - plugins.security.authcz.admin_dn="CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US"
       - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
     ulimits:
       memlock:
@@ -46,10 +33,11 @@ services:
       start_period: 10s
       start_interval: 3s
     volumes:
-      - data:/usr/share/opensearch/data
-      - ./certs/wazuh.indexer.pem:/usr/share/opensearch/config/wazuh.indexer.pem
-      - ./certs/wazuh.indexer-key.pem:/usr/share/opensearch/config/wazuh.indexer-key.pem
-      - ./certs/root-ca.pem:/usr/share/opensearch/config/root-ca.pem
+      - ./config/opensearch.yml:/usr/share/wazuh-indexer/config/opensearch.yml
+      - data:/usr/share/wazuh-indexer/data
+      - ./certs/wazuh.indexer.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+      - ./certs/wazuh.indexer-key.pem:/usr/share/wazuh-indexer/config/certs/wazuh.indexer-key.pem
+      - ./certs/root-ca.pem:/usr/share/wazuh-indexer/config/certs/root-ca.pem
 
   wazuh.dashboard:
     image: opensearchproject/opensearch-dashboards:${WAZUH_DASHBOARD_VERSION}

diff --git a/integrations/docker/config/certs.yml b/integrations/docker/config/certs.yml
@@ -1,20 +1,16 @@
+
 nodes:
-  # Wazuh indexer and OpenSearch server nodes
   indexer:
     - name: wazuh.indexer
-      ip: wazuh.indexer
+      ip: "wazuh.indexer"
     - name: opensearch.node
-      ip: opensearch.node
-
-  # Wazuh server nodes
-  # Use node_type only with more than one Wazuh manager
+      ip: "opensearch.node"
   server:
     - name: wazuh.manager
-      ip: wazuh.manager
-
-  # Wazuh dashboard and OpenSearch Dashboards nodes
+      ip: "wazuh.manager"
   dashboard:
     - name: wazuh.dashboard
-      ip: wazuh.dashboard
+      ip: "wazuh.dashboard"
     - name: opensearch.dashboards
-      ip: opensearch.dashboards
+      ip: "opensearch.dashboards"
+
diff --git a/integrations/docker/config/opensearch.yml b/integrations/docker/config/opensearch.yml
@@ -0,0 +1,30 @@
+network.host: "0.0.0.0"
+node.name: "wazuh.indexer"
+discovery.type: "single-node"
+bootstrap.memory_lock: true
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh.indexer-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/config/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.allow_default_init_securityindex: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+
+plugins.security.authcz.admin_dn:
+- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California, C=US"
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+- "CN=wazuh.indexer,OU=Wazuh,O=Wazuh,L=California,C=US"
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+
+plugins.security.system_indices.enabled: true
+plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"]