Docker and reset configurations after host reboot
1,984 views
Skip to first unread message
Tech Master
Jul 5, 2022, 2:09:55 PM7/5/22
to Wazuh mailing list
Hello,
I'm experiencing a data persistence problem.
Whenever I restart the host server (Ubuntu Server 20.04.4) Wazuh Docker v4.3.5 does not reload the ossec.conf configuration file with the customizations: it is in the reset / default state.
Every time I have to re-add the settings for syslog server, for vulnerability scan, etc.
I'm experiencing a data persistence problem.
Whenever I restart the host server (Ubuntu Server 20.04.4) Wazuh Docker v4.3.5 does not reload the ossec.conf configuration file with the customizations: it is in the reset / default state.
Every time I have to re-add the settings for syslog server, for vulnerability scan, etc.
Franco Giovanolli
Jul 5, 2022, 2:49:57 PM7/5/22
to Wazuh mailing list
Hi TechMaster,
Thank you for using Wazuh.
I think it may be related to the volumes. Could you share the docker-compose manifest you are using?
Thank you for using Wazuh.
I think it may be related to the volumes. Could you share the docker-compose manifest you are using?
Tech Master
Jul 5, 2022, 3:10:35 PM7/5/22
to Wazuh mailing list
Hi Franco,
the docker-compose file is the standard single node deployment. The only difference is the custom admin password:
wazuh.manager and wazuh.dashboard:
- ELASTIC_USERNAME = admin
- ELASTIC_PASSWORD = mynewpassword
wazuh.manager and wazuh.dashboard:
- ELASTIC_USERNAME = admin
- ELASTIC_PASSWORD = mynewpassword
HA
Jul 6, 2022, 4:37:13 AM7/6/22
to Wazuh mailing list
Hi all,
Same issue for me with release 4.3.4.
Vulnerability settings are set to off (back to default value) after docker-compose down/up
Regards,
HA
Tech Master
Jul 6, 2022, 5:31:09 AM7/6/22
to Wazuh mailing list
Regardless of the type of mount (volumes, named or bind mounts), having never performed a docker-compose down, but only the reboot of the host, the deletion of the containers absolutely does not happen, for this reason I find it as an anomaly.
Tech Master
Jul 8, 2022, 6:45:46 AM7/8/22
to Wazuh mailing list
Hi Franco,
have you tried to restart a host with Wazuh Docker 4.3.5 after changing even a single parameter in ossec.conf even only from the GUI?
Let me know!
Let me know!
Franco Giovanolli
Jul 8, 2022, 9:37:18 AM7/8/22
to Tech Master, Wazuh mailing list
Hi! Forgive my delay.
I see that it is a repeated behavior. I'm going to do the same test and I'm going to consult it with the team in charge of the development of the docker deployment. I'll get back to you as soon as possible.
F.
F.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/5c571c92-8b91-4512-a27a-5a3d71a70acbn%40googlegroups.com.
 | Franco Giovanolli Cloud Team  The Open Source Security Platform |
Mayler Saíd
Jan 24, 2023, 2:29:59 PM1/24/23
to Wazuh mailing list
Hello, you can consult the two links below to better understand how file persistence file config works using wazuh's docker.
Opening docker-compose inside multi-node:
You can use the same path to transfer your personal configuration to wazuh docker.
- ./config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
The RED part its or backup files that we want to map and transfer to wazuh docker image when we UP the image. You need to copy the config that you want that follow the image and will work fine.
The Green part its a folder inside the Wazuh-Manager-Master and Worker that is used to read the file located in
- ./config/wazuh_cluster and than copy to the directory (/var/ossec/etc/ossec.conf.
Reply all
Reply to author
Forward
0 new messages