This project is a comprehensive Docker-based setup for a variety of services including Wazuh (a security information and event management system), Traefik (a modern HTTP reverse proxy and load balancer), Grafana, InfluxDB, Telegraf, and more.
- Prerequisites
- Getting Started
- Project Structure
- Services
- Configuration
- Troubleshooting
- Contributing
- License
Before you begin, ensure you have the following installed on your system:
- Docker
- Docker Compose
- Git (for cloning the repository)
- 8GB RAM
- 50GB Storage
-
Clone the repository:
git clone https://github.com/Hamada-khairi/Hamada-FYP.git cd Hamada-FYP -
Set up the environment variables:
cp .env.example .envEdit the
.envfile with your desired configurations. -
Increase the max map count (required for Wazuh):
sudo sysctl -w vm.max_map_count=262144 -
Generate certificates for the Wazuh indexer:
docker-compose -f generate-indexer-certs.yml run --rm generator -
Generate wild card certificates for Traefik you can change the Domain
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout ./traefik/config/certs/cert-key.pem \ -out ./traefik/config/certs/cert.pem \ -subj "/CN=*.hamada.local" \ -addext "subjectAltName=DNS:*.hamada.local,DNS:hamada.local" -
Verifying the Certs:
openssl x509 -outform der -in ./traefik/config/certs/cert.pem -out ./traefik/config/certs/cert.der openssl x509 -in ./traefik/config/certs/cert.pem -text -noout openssl rsa -noout -modulus -in ./traefik/config/certs/cert-key.pem | openssl md5 openssl x509 -noout -modulus -in ./traefik/config/certs/cert.pem | openssl md5 -
Configuring The Dns:
nano bind9/config/hamada.local.zoneadd your Privet IP here
-
Configuring The telegraf:
sudo chmod 666 /var/run/docker.sock -
Start the services:
docker-compose up -d -
if you are on ubuntu do this:
sudo nano /etc/systemd/resolved.confuncomment both DNSStubListener=no and put your privet ip here DNS=10.0.0.134
sudo systemctl restart systemd-resolved
- Access the services through their respective URLs (as defined in your Traefik configuration).
If you Dont want to use BIND9 DNS you can add these to your /etc/hosts
nano /etc/hosts
And paste these
127.0.0.1 traefik-dashboard.hamada.local
127.0.0.1 wazuh-manager.hamada.local
127.0.0.1 wazuh-indexer.hamada.local
127.0.0.1 wazuh-dashboard.hamada.local
127.0.0.1 telegraf.hamada.local
127.0.0.1 influx.hamada.local
127.0.0.1 grafana.hamada.local
127.0.0.1 filebrowser.hamada.local
127.0.0.1 it-tools.hamada.local
127.0.0.1 dashboard.hamada.local
127.0.0.1 port.hamada.local
Hamada-FYP-Simple/
├── bind9/
│ ├── config/
│ ├── cache/
│ └── records/
├── homarr/
│ ├── configs/
│ └── icons/
├── influxdb/
│ └── influxdb_data/
├── portainer/
│ └── portainer_data/
├── telegraf/
│ └── telegraf.conf
├── traefik/
│ ├── config/
│ │ ├── conf/
│ │ ├── certs/
│ │ └── traefik.yaml
├── vol/
│ ├── grafana/
│ │ └── grafana_data/
│ └── wazuh/
│ ├── config/
│ └── logs/
├── wazuh/
│ ├── config/
│ │ ├── wazuh_cluster/
│ │ ├── wazuh_indexer/
│ │ ├── wazuh_dashboard/
│ │ └── wazuh_indexer_ssl_certs/
│ └── logo/
├── docker-compose.yml
├── generate-indexer-certs.yml
└── .env
This project includes the following services:
- Traefik: Reverse proxy and load balancer
- Bind9: DNS server
- Wazuh Manager: Security information and event management
- Wazuh Indexer: Data indexing for Wazuh
- Wazuh Dashboard: Web interface for Wazuh
- Telegraf: Server agent for collecting and reporting metrics
- InfluxDB: Time series database
- Grafana: Analytics and interactive visualization web application
- Filebrowser: Web-based file manager
- IT Tools: Collection of handy IT tools
- Homarr: Dashboard for your server
- Portainer CE: Container management platform
Traefik is configured to handle routing and SSL termination for all services. The configuration can be found in traefik/config/traefik.yaml.
Wazuh configuration files are located in the wazuh/config/ directory. You may need to adjust these based on your specific security requirements.
These services work together to provide monitoring and visualization capabilities. Telegraf configuration can be found in telegraf/telegraf.conf.
Configurations for other services can be found in their respective directories or within the docker-compose.yml file.
If you encounter any issues:
- Check the logs of the specific service:
docker-compose logs [service_name] - Ensure all required ports are open and not in use by other services.
- Verify that all environment variables in the
.envfile are correctly set.
Contributions are welcome! Please feel free to submit a Pull Request.
This project incorporates several security measures to protect your infrastructure and data:
-
Wazuh Security Information and Event Management (SIEM)
- Wazuh provides comprehensive security monitoring and threat detection.
- It offers real-time analysis of security events across your infrastructure.
- Features include log analysis, file integrity monitoring, vulnerability detection, and compliance monitoring.
-
Traefik as a Reverse Proxy with SSL/TLS Encryption
- Traefik acts as a secure gateway to your services, managing routing and load balancing.
- It automatically handles SSL/TLS certificate management for HTTPS connections.
- This ensures encrypted communication between clients and your services, protecting data in transit.
-
Network Segmentation with Docker Networks
- The project uses a custom Docker network (
hamada-network) to isolate containers. - This network segmentation limits the attack surface and contains potential security breaches.
- It allows for fine-grained control over inter-container communication.
- The project uses a custom Docker network (
- Bind9 DNS Server: Provides a local DNS resolution, reducing reliance on external DNS services and potential DNS-based attacks.
This project is licensed under the MIT License - see the LICENSE file for details.