Atualização - 18/04/2026 - 17:53

2026-04-18 17:53:56 -03:00
parent 3a6b311d9f
commit af178b467c
10 changed files with 0 additions and 0 deletions
--- a/roteiros/03-lab01/README.md
+++ b/roteiros/03-lab01/README.md
@@ -0,0 +1 @@
+ops
--- a/roteiros/03-lab01/docker-compose.yml
+++ b/roteiros/03-lab01/docker-compose.yml
@@ -0,0 +1,56 @@
+services:
+  rk-siem-core:
+    image: ricardokleber/rk-siem-core:latest
+    container_name: rk-siem-core
+    environment:
+      - cluster.name=rk-siem-core
+      - node.name=rk-siem-node
+      - discovery.type=single-node
+      - bootstrap.memory_lock=true
+      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # Ajuste conforme sua RAM disponível
+      - DISABLE_INSTALL_DEMO_CONFIG=false
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - rk-siem-data:/usr/share/opensearch/data
+    ports:
+      - 9200:9200 # API REST
+      - 9600:9600 # Performance Analyzer
+    networks:
+      - rk-siem-net
+
+  rk-siem-ui:
+    image: ricardokleber/rk-siem-ui:latest
+    container_name: rk-siem-ui
+    ports:
+      - 5601:5601 # Interface Web
+    expose:
+      - 5601
+    command: ["/bin/bash", "-c", "/etc/init.d/opensearch-dashboards start && tail -f /var/log/opensearch-dashboards/opensearch-dashboards.stdout"]
+    restart: always
+    environment:
+      - 'OPENSEARCH_HOSTS=["https://rk-siem-core:9200"]'
+      - "DISABLE_SECURITY_DASHBOARDS_PLUGIN=false"
+    networks:
+      - rk-siem-net
+    depends_on:
+      - rk-siem-core
+
+  rk-siem-host01:
+    image: ricardokleber/rk-siem-host01:latest
+    container_name: rk-siem-host01
+    hostname: rk-siem-host01
+    tty: true
+    stdin_open: true
+    restart: always
+
+volumes:
+  rk-siem-data:
+
+networks:
+  rk-siem-net:
--- a/roteiros/03-lab01/rsyslog.conf
+++ b/roteiros/03-lab01/rsyslog.conf
@@ -0,0 +1,50 @@
+module(load="imuxsock")
+module(load="mmjsonparse")
+module(load="omelasticsearch")
+
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+$WorkDirectory /var/spool/rsyslog
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+*.*;auth,authpriv.none		-/var/log/syslog
+auth,authpriv.*			/var/log/auth.log
+cron.*				-/var/log/cron.log
+kern.*				-/var/log/kern.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+*.emerg				:omusrmsg:*
+
+# Template para formatar o JSON
+template(name="json-template" type="list") {
+    constant(value="{")
+    constant(value="\"@timestamp\":\"")     property(name="timereported" dateFormat="rfc3339")
+    constant(value="\",\"host\":\"")         property(name="hostname")
+    constant(value="\",\"severity\":\"")     property(name="syslogseverity-text")
+    constant(value="\",\"facility\":\"")     property(name="syslogfacility-text")
+    constant(value="\",\"message\":\"")      property(name="msg" format="json")
+    constant(value="\"}")
+}
+
+# Envio para o RK-CORE
+action(type="omelasticsearch"
+       server="172.19.0.1"
+       serverport="9200"
+       template="json-template"
+       searchIndex="host01-logs"
+       bulkmode="on"
+       errorfile="/var/log/rsyslog-descarte.log"
+       usehttps="on"
+       skipverifyhost="on"
+       allowunsignedcerts="on"
+       searchType=""
+       action.resumeRetryCount="-1"
+
+       # Autenticacao
+       uid="admin"
+       pwd="admin"
+)