Wazuh containers for Docker
In this repository you will find the containers to run:
- wazuh: It runs the Wazuh manager, Wazuh API and Filebeat (for integration with Elastic Stack)
- wazuh-kibana: Provides a web user interface to browse through alerts data. It includes Wazuh plugin for Kibana, that allows you to visualize agents configuration and status.
- wazuh-nginx: Proxies the Kibana container, adding HTTPS (via self-signed SSL certificate) and Basic authentication.
- wazuh-elasticsearch: An Elasticsearch container (working as a single-node cluster) using Elastic Stack Docker images. Be aware to increase the
vm.max_map_countsetting, as it's detailed in the Wazuh documentation.
In addition, a docker-compose file is provided to launch the containers mentioned above.
- Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file config_cluster.sh to set them in the elasticsearch.yml configuration file. You can see the meaning of the node variables here and other cluster settings here.
Documentation
Directory structure
wazuh-docker
├── docker-compose.yml
├── kibana
│ ├── config
│ │ ├── entrypoint.sh
│ │ └── kibana.yml
│ └── Dockerfile
├── LICENSE
├── nginx
│ ├── config
│ │ └── entrypoint.sh
│ └── Dockerfile
├── README.md
├── CHANGELOG.md
├── VERSION
├── test.txt
└── wazuh
├── config
│ ├── data_dirs.env
│ ├── entrypoint.sh
│ ├── filebeat.runit.service
│ ├── filebeat.yml
│ ├── init.bash
│ ├── postfix.runit.service
│ ├── wazuh-api.runit.service
│ └── wazuh.runit.service
└── Dockerfile
Branches
stablebranch on correspond to the latest Wazuh-Docker stable version.masterbranch contains the latest code, be aware of possible bugs on this branch.Wazuh.Version_ElasticStack.Version(for example 3.10.2_7.5.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.
Credits and Thank you
These Docker containers are based on:
- "deviantony" dockerfiles which can be found at https://github.com/deviantony/docker-elk
- "xetus-oss" dockerfiles, which can be found at https://github.com/xetus-oss/docker-ossec-server
We thank you them and everyone else who has contributed to this project.
License and copyright
Wazuh Docker Copyright (C) 2019 Wazuh Inc. (License GPLv2)