forked from opensearch-project/OpenSearch
-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
420 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
## JVM configuration | ||
|
||
################################################################ | ||
## IMPORTANT: JVM heap size | ||
################################################################ | ||
## | ||
## You should always set the min and max JVM heap | ||
## size to the same value. For example, to set | ||
## the heap to 4 GB, set: | ||
## | ||
## -Xms4g | ||
## -Xmx4g | ||
## | ||
## See https://opensearch.org/docs/opensearch/install/important-settings/ | ||
## for more information | ||
## | ||
################################################################ | ||
|
||
# Xms represents the initial size of total heap space | ||
# Xmx represents the maximum size of total heap space | ||
|
||
-Xms1g | ||
-Xmx1g | ||
|
||
################################################################ | ||
## Expert settings | ||
################################################################ | ||
## | ||
## All settings below this section are considered | ||
## expert settings. Don't tamper with them unless | ||
## you understand what you are doing | ||
## | ||
################################################################ | ||
|
||
## GC configuration | ||
8-10:-XX:+UseConcMarkSweepGC | ||
8-10:-XX:CMSInitiatingOccupancyFraction=75 | ||
8-10:-XX:+UseCMSInitiatingOccupancyOnly | ||
|
||
## G1GC Configuration | ||
# NOTE: G1 GC is only supported on JDK version 10 or later | ||
# to use G1GC, uncomment the next two lines and update the version on the | ||
# following three lines to your version of the JDK | ||
# 10:-XX:-UseConcMarkSweepGC | ||
# 10:-XX:-UseCMSInitiatingOccupancyOnly | ||
11-:-XX:+UseG1GC | ||
11-:-XX:G1ReservePercent=25 | ||
11-:-XX:InitiatingHeapOccupancyPercent=30 | ||
|
||
## JVM temporary directory | ||
-Djava.io.tmpdir=${OPENSEARCH_TMPDIR} | ||
|
||
## heap dumps | ||
|
||
# generate a heap dump when an allocation from the Java heap fails | ||
# heap dumps are created in the working directory of the JVM | ||
-XX:+HeapDumpOnOutOfMemoryError | ||
|
||
# specify an alternative path for heap dumps; ensure the directory exists and | ||
# has sufficient space | ||
-XX:HeapDumpPath=/var/lib/wazuh-indexer | ||
|
||
# specify an alternative path for JVM fatal error logs | ||
-XX:ErrorFile=/var/log/wazuh-indexer/hs_err_pid%p.log | ||
|
||
## JDK 8 GC logging | ||
8:-XX:+PrintGCDetails | ||
8:-XX:+PrintGCDateStamps | ||
8:-XX:+PrintTenuringDistribution | ||
8:-XX:+PrintGCApplicationStoppedTime | ||
8:-Xloggc:/var/log/wazuh-indexer/gc.log | ||
8:-XX:+UseGCLogFileRotation | ||
8:-XX:NumberOfGCLogFiles=32 | ||
8:-XX:GCLogFileSize=64m | ||
|
||
# JDK 9+ GC logging | ||
9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/wazuh-indexer/gc.log:utctime,pid,tags:filecount=32,filesize=64m | ||
|
||
# Explicitly allow security manager (https://bugs.openjdk.java.net/browse/JDK-8270380) | ||
18-:-Djava.security.manager=allow | ||
|
||
## OpenSearch Performance Analyzer | ||
-Dclk.tck=100 | ||
-Djdk.attach.allowAttachSelf=true | ||
-Djava.security.policy=file:///etc/wazuh-indexer/opensearch-performance-analyzer/opensearch_security.policy | ||
--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
network.host: "0.0.0.0" | ||
node.name: "node-1" | ||
cluster.initial_master_nodes: | ||
- "node-1" | ||
#- "node-2" | ||
#- "node-3" | ||
cluster.name: "wazuh-cluster" | ||
#discovery.seed_hosts: | ||
# - "node-1-ip" | ||
# - "node-2-ip" | ||
# - "node-3-ip" | ||
node.max_local_storage_nodes: "3" | ||
path.data: /var/lib/wazuh-indexer | ||
path.logs: /var/log/wazuh-indexer | ||
|
||
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem | ||
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem | ||
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem | ||
plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certs/indexer.pem | ||
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certs/indexer-key.pem | ||
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certs/root-ca.pem | ||
plugins.security.ssl.http.enabled: true | ||
plugins.security.ssl.transport.enforce_hostname_verification: false | ||
plugins.security.ssl.transport.resolve_hostname: false | ||
|
||
plugins.security.authcz.admin_dn: | ||
- "CN=admin,OU=Wazuh,O=Wazuh,L=California,C=US" | ||
plugins.security.check_snapshot_restore_write_privileges: true | ||
plugins.security.enable_snapshot_restore_privilege: true | ||
plugins.security.nodes_dn: | ||
- "CN=node-1,OU=Wazuh,O=Wazuh,L=California,C=US" | ||
#- "CN=node-2,OU=Wazuh,O=Wazuh,L=California,C=US" | ||
#- "CN=node-3,OU=Wazuh,O=Wazuh,L=California,C=US" | ||
plugins.security.restapi.roles_enabled: | ||
- "all_access" | ||
- "security_rest_api_access" | ||
|
||
plugins.security.system_indices.enabled: true | ||
plugins.security.system_indices.indices: [".plugins-ml-model", ".plugins-ml-task", ".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opensearch-notifications-*", ".opensearch-notebooks", ".opensearch-observability", ".opendistro-asynchronous-search-response*", ".replication-metadata-store"] | ||
|
||
### Option to allow Filebeat-oss 7.10.2 to work ### | ||
compatibility.override_main_response_version: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
--- | ||
# This is the internal user database | ||
# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh | ||
|
||
_meta: | ||
type: "internalusers" | ||
config_version: 2 | ||
|
||
# Define your internal users here | ||
|
||
## Demo users | ||
|
||
admin: | ||
hash: "$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG" | ||
reserved: true | ||
backend_roles: | ||
- "admin" | ||
description: "Demo admin user" | ||
|
||
kibanaserver: | ||
hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H." | ||
reserved: true | ||
description: "Demo kibanaserver user" | ||
|
||
kibanaro: | ||
hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC" | ||
reserved: false | ||
backend_roles: | ||
- "kibanauser" | ||
- "readall" | ||
attributes: | ||
attribute1: "value1" | ||
attribute2: "value2" | ||
attribute3: "value3" | ||
description: "Demo kibanaro user" | ||
|
||
logstash: | ||
hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2" | ||
reserved: false | ||
backend_roles: | ||
- "logstash" | ||
description: "Demo logstash user" | ||
|
||
readall: | ||
hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2" | ||
reserved: false | ||
backend_roles: | ||
- "readall" | ||
description: "Demo readall user" | ||
|
||
snapshotrestore: | ||
hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W" | ||
reserved: false | ||
backend_roles: | ||
- "snapshotrestore" | ||
description: "Demo snapshotrestore user" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,149 @@ | ||
_meta: | ||
type: "roles" | ||
config_version: 2 | ||
|
||
# Restrict users so they can only view visualization and dashboard on kibana | ||
kibana_read_only: | ||
reserved: true | ||
|
||
# The security REST API access role is used to assign specific users access to change the security settings through the REST API. | ||
security_rest_api_access: | ||
reserved: true | ||
|
||
# Allows users to view monitors, destinations and alerts | ||
alerting_read_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/alerting/alerts/get' | ||
- 'cluster:admin/opendistro/alerting/destination/get' | ||
- 'cluster:admin/opendistro/alerting/monitor/get' | ||
- 'cluster:admin/opendistro/alerting/monitor/search' | ||
|
||
# Allows users to view and acknowledge alerts | ||
alerting_ack_alerts: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/alerting/alerts/*' | ||
|
||
# Allows users to use all alerting functionality | ||
alerting_full_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster_monitor' | ||
- 'cluster:admin/opendistro/alerting/*' | ||
index_permissions: | ||
- index_patterns: | ||
- '*' | ||
allowed_actions: | ||
- 'indices_monitor' | ||
- 'indices:admin/aliases/get' | ||
- 'indices:admin/mappings/get' | ||
|
||
# Allow users to read Anomaly Detection detectors and results | ||
anomaly_read_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/ad/detector/info' | ||
- 'cluster:admin/opendistro/ad/detector/search' | ||
- 'cluster:admin/opendistro/ad/detectors/get' | ||
- 'cluster:admin/opendistro/ad/result/search' | ||
- 'cluster:admin/opendistro/ad/tasks/search' | ||
|
||
# Allows users to use all Anomaly Detection functionality | ||
anomaly_full_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster_monitor' | ||
- 'cluster:admin/opendistro/ad/*' | ||
index_permissions: | ||
- index_patterns: | ||
- '*' | ||
allowed_actions: | ||
- 'indices_monitor' | ||
- 'indices:admin/aliases/get' | ||
- 'indices:admin/mappings/get' | ||
|
||
# Allows users to read Notebooks | ||
notebooks_read_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/notebooks/list' | ||
- 'cluster:admin/opendistro/notebooks/get' | ||
|
||
# Allows users to all Notebooks functionality | ||
notebooks_full_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/notebooks/create' | ||
- 'cluster:admin/opendistro/notebooks/update' | ||
- 'cluster:admin/opendistro/notebooks/delete' | ||
- 'cluster:admin/opendistro/notebooks/get' | ||
- 'cluster:admin/opendistro/notebooks/list' | ||
|
||
# Allows users to read and download Reports | ||
reports_instances_read_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/reports/instance/list' | ||
- 'cluster:admin/opendistro/reports/instance/get' | ||
- 'cluster:admin/opendistro/reports/menu/download' | ||
|
||
# Allows users to read and download Reports and Report-definitions | ||
reports_read_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/reports/definition/get' | ||
- 'cluster:admin/opendistro/reports/definition/list' | ||
- 'cluster:admin/opendistro/reports/instance/list' | ||
- 'cluster:admin/opendistro/reports/instance/get' | ||
- 'cluster:admin/opendistro/reports/menu/download' | ||
|
||
# Allows users to all Reports functionality | ||
reports_full_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/reports/definition/create' | ||
- 'cluster:admin/opendistro/reports/definition/update' | ||
- 'cluster:admin/opendistro/reports/definition/on_demand' | ||
- 'cluster:admin/opendistro/reports/definition/delete' | ||
- 'cluster:admin/opendistro/reports/definition/get' | ||
- 'cluster:admin/opendistro/reports/definition/list' | ||
- 'cluster:admin/opendistro/reports/instance/list' | ||
- 'cluster:admin/opendistro/reports/instance/get' | ||
- 'cluster:admin/opendistro/reports/menu/download' | ||
|
||
# Allows users to use all asynchronous-search functionality | ||
asynchronous_search_full_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/asynchronous_search/*' | ||
index_permissions: | ||
- index_patterns: | ||
- '*' | ||
allowed_actions: | ||
- 'indices:data/read/search*' | ||
|
||
# Allows users to read stored asynchronous-search results | ||
asynchronous_search_read_access: | ||
reserved: true | ||
cluster_permissions: | ||
- 'cluster:admin/opendistro/asynchronous_search/get' | ||
|
||
# Wazuh monitoring and statistics index permissions | ||
manage_wazuh_index: | ||
reserved: true | ||
hidden: false | ||
cluster_permissions: [] | ||
index_permissions: | ||
- index_patterns: | ||
- "wazuh-*" | ||
dls: "" | ||
fls: [] | ||
masked_fields: [] | ||
allowed_actions: | ||
- "read" | ||
- "delete" | ||
- "manage" | ||
- "index" | ||
tenant_permissions: [] | ||
static: false |
Oops, something went wrong.