Skip to content

TheMallCop/docker-ossec-elk

 
 

Repository files navigation

Docker container for OSSEC

This Docker container source files can be found in our wazuh Github repository. It includes both an OSSEC manager and an Elasticsearch single-node cluster, with Logstash and Kibana. You can find more information on how these components work together in our documentation.

Important Note

This container wont be updated, a new container with Wazuh 2.0 and Elastic Stack 5 in the following URL: https://github.com/wazuh/wazuh-docker.

Documentation

Credits and thank you

This Docker container is based on “xetus-oss” dockerfiles, which can be found at his Github repository. We created our own fork, which we test and maintain. Thank you Terence Kent for your contribution to the community.

References

OSSEC Wazuh v1.1.1

Dear Wazuh community,

We have released OSSEC Wazuh v1.1.1, in this new release we fixed some issues regarding to logcollector, maild and remoted processes, also we are including last version of Wazuh Ruleset. Some of the more important changes in this release are mentioned in the change log below.

Added

  • agent_control: maximum number of agents can now be extracted using option "-m".
  • maild: timeout limitation, preventing it from hang in some cases.
  • Updated decoders, ruleset and rootchecks from Wazuh Ruleset v1.0.8.
  • Updated changes from ossec-hids repository.

Changed

  • Avoid authd to rename agent if overplaced.
  • Changed some log messages.
  • Reordered directories for agent backups.
  • Don't exit when client.keys is empty by default.
  • Improved client.keys reloading capabilities.

Fixed

  • Fixed JSON output at rootcheck_control.
  • Fixed agent compilation on OS X.
  • Fixed memory issue on removing timestamps.
  • Fixed segmentation fault at reported.
  • Fixed segmentation fault at logcollector.

Removed

  • Removed old rootcheck options.

OSSEC Wazuh v1.1

We have released OSSEC Wazuh v1.1, in this new release we have improved the Agents management, we added mechanisms to prevent agent IP duplication, re-usage of old ID's, backup for agent information before deleting, force adding or alerting when duplicate IP conflicts.

This release will also include:

  • Expanded RESTful API integration facilitating massive deployments using Wazuh Powershell or Python scripts
  • Added improvements and fixes from others OSSEC forks
  • Agents date created file
  • Upgraded Ruleset v1.07

Wazuh RESTful API v1.2

This new release has been an effort to have a much more solid API. We would like to highlight especially the following new capabilities:

  • Run the API as service.
  • API Versioning by URL or HTTP header.
  • On adding a new agent, the IP will be automatically detected.
  • IP detection works behind a proxy server.

About

OSSEC integrated with ELK Stack container

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 51.5%
  • Dockerfile 25.9%
  • Shell 22.6%