Elwali karkoub elwali10
elwali10
/ WazuheBPFTCPTracer.py
Last active
December 27, 2023 10:54
Wazuh & eBPF established TCP connections tracer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # | |
| # tcpv4tracer Trace TCP connections & send them to Wazuh manager. | |
| # For Linux, uses BCC, eBPF. Embedded C. | |
| # | |
| # | |
| # Copyright 2017-2020 Kinvolk GmbH | |
| # Adapted to send events to Wazuh manager - 2023 ELwali Karkoub | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| network.host: 0.0.0.0 | |
| node.name: elasticsearch | |
| cluster.initial_master_nodes: elasticsearch | |
| cluster.name: "wazuh-cluster" | |
| discovery.seed_hosts: elasticsearch | |
| path.data: /var/lib/wazuh-indexer | |
| path.logs: /var/log/wazuh-indexer | |
| plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/config/certs/wazuh1.indexer.pem | |
| plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/config/certs/wazuh1.indexer.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server.host: 0.0.0.0 | |
| server.name: kibana | |
| server.port: 5601 | |
| opensearch.hosts: https://elasticsearch:9200 | |
| opensearch.ssl.verificationMode: certificate | |
| opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"] | |
| opensearch_security.multitenancy.enabled: false | |
| opensearch_security.readonly_mode.roles: ["kibana_read_only"] | |
| server.ssl.enabled: true | |
| server.ssl.key: "/usr/share/wazuh-dashboard/certs/wazuh-dashboard-key.pem" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hosts: | |
| - 1513629884013: | |
| url: "https://CHANGE_THIS_FOR_WAZUH_IP" | |
| port: 55000 | |
| username: wazuh-wui | |
| password: MyS3cr37P450r.*- | |
| run_as: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) | |
| version: '3.7' | |
| services: | |
| wazuh: | |
| image: wazuh/wazuh-manager:4.3.6 | |
| hostname: wazuh-manager | |
| restart: always | |
| ports: | |
| - "1515:1515" |
elwali10
/ docker-compose.yml
Created
July 27, 2022 19:43
docker compose for wazuh indexer & dashboard
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Wazuh App Copyright (C) 2017, Wazuh Inc. (License GPLv2) | |
| version: '3.7' | |
| services: | |
| elasticsearch: | |
| image: wazuh/wazuh-indexer:4.3.6 | |
| hostname: elasticsearch | |
| restart: always | |
| ports: | |
| - "9200:9200" |
elwali10
/ volume-Elasticseach-Migrator.sh
Created
July 27, 2022 19:22
Migrate Elasticsearch volumes from Wazuh 4.2 to 4.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker volume create \ | |
| --label com.docker.compose.project=$2 \ | |
| --label com.docker.compose.version=$1 \ | |
| --label com.docker.compose.volume=wazuh-indexer-data-1 \ | |
| $2_wazuh-indexer-data-1 | |
| docker container run --rm -it \ | |
| -v wazuh-docker_elastic-data-1:/from \ | |
| -v $2_wazuh-indexer-data-1:/to \ | |
| alpine ash -c "cd /from ; cp -avp . /to" |
elwali10
/ volume-WazuhManager-Migrator.sh
Created
July 27, 2022 19:19
Migrate Wazuh Manager volume from 4.2 to 4.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker volume create \ | |
| --label com.docker.compose.project=$2 \ | |
| --label com.docker.compose.version=$1 \ | |
| --label com.docker.compose.volume=wazuh_api_configuration \ | |
| $2_wazuh_api_configuration | |
| docker volume create \ | |
| --label com.docker.compose.project=$2 \ | |
| --label com.docker.compose.version=$1 \ | |
| --label com.docker.compose.volume=wazuh_etc \ |