Giters

laund / redstack_docker_public

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Build Stack Consul

# docker-compose up -d --build consul-server-1

Create Bootstrap ACL

Bootstrap

Create Policy/Token Agent

Policy_Agent

# consul acl policy create -name "agent-token" -description "Agent's Token Policy" -rules @agent-policy.hcl
# consul acl token create -description "Agent Token" -policy-name "agent-token"
# consul acl set-agent-token default "<SecretID>"

Create Policy/Token Vault

Policy_Vault

# consul acl policy create -name "vault-token" -description "Vault Token Policy" -rules @vault-policy.hcl
# consul acl token create -description "Vault Token" -policy-name "vault-token"

Create Policy/Token Rabbitmq

Policy_Rabbitmq

# consul acl policy create -name "rabbitmq-token" -description "Rabbitmq Token Policy" -rules @rabbitmq-policy.hcl
# consul acl token create -description "Rabbitmq Token" -policy-name "rabbitmq-token"

Build Stack Rabbitmq

# docker-compose up -d --build rabbitmq-server-1
# docker-compose up -d --build rabbitmq-server-2
# docker-compose up -d --build rabbitmq-server-3

Build Stack Vault

# docker-compose up -d --build vault

Unsealed Vault Server

Vault_Unseal

# docker exec -it redstack_vault_1 /bin/sh
# vault operator init
# vault operator unseal (repeat process 3x use 3 tokens # )
# vault login (Insert Root Token)

Enable Dynamic Secrets Rabbitmq

Vault_Policy_Rabbitmq.svg

# vault secrets enable rabbitmq
# vault write rabbitmq/config/connection connection_uri="http://10.5.0.6:15672" username="guest" password="guest"
# vault write rabbitmq/roles/dc1-rabbitmq vhosts='{"/":{"configure": ".*", "write": ".*", "read": ".*"}}'

Test Dynamic Secrets Vault <-> Rabbitmq

Vault_Policy_Rabbitmq.svg

# vault read rabbitmq/creds/dc1-rabbitmq
# cd validate-rabbitmq-go

Configure Receive (Rabbitmq)

Consumer_Rabbitmq.svg

# go run consumer/receive.go

Configure Producer Send (Rabbitmq)

Producer_Rabbitmq.svg

# sh producer/loop.sh

Build Stack Cassandra

# docker-compose up -d --build cassandra-server-1
# docker-compose up -d --build cassandra-server-2
# docker-compose up -d --build cassandra-server-3

Enable Dynamic Secrets Cassandra

Vault_Policy_Cassandra.svg

# vault secrets enable database

# vault write database/config/cassandra-database \
    plugin_name="cassandra-database-plugin" \
    hosts=10.5.0.9 \
    protocol_version=4 \
    username=cassandra \
    password=cassandra \
    allowed_roles=cassandra-access

# vault write database/roles/cassandra-access \
plugin_name="cassandra-database-plugin" \
db_name=cassandra-database \
creation_statements="CREATE USER '{{username}}' WITH PASSWORD '{{password}}' NOSUPERUSER; \
     GRANT SELECT ON ALL KEYSPACES TO {{username}};" \
default_ttl="1h" \
max_ttl="24h"

Test Dynamics Secrets Vault/Cassandra

Dynamic_Secrets_Cassandra.svg

# vault read database/creds/cassandra-access

Connect_Cassandra_Dynamic_Secrets.svg

# cqlsh 10.5.0.9 -u<vaultuserdynamic> -p<vaultpassworddynamic>

Build Stack Wazuh

On the host that will build the stack build the following command:

# sysctl -w vm.max_map_count=262144

Next Steps:

# docker-compose up -d --build wazuh

# docker-compose up -d --build elasticsearch

# docker-compose up -d --build kibana

# docker-compose up -d --build nginx

Access:

https://10.5.0.15/

login: foo
password: bar

Terraform Under Construction

Reference Links

Consul Acl
Rabbitmq Cluster-Formation
Vault RabbitMQ Secrets Engine
Vault Cassandra Database

About

Languages

Language:Shell 63.5%Language:Dockerfile 24.1%Language:HCL 7.3%Language:Go 5.2%