CRITICAL CORRECTION: Removed the "Méthode 1: Avant l'Installation" which
was not based on official Wazuh documentation and is non-functional.
The ONLY supported method for changing passwords in Wazuh Docker is the
post-installation procedure using hash.sh and securityadmin.sh tools.
Changes:
- Removed misleading "Méthode 1" that suggested pre-install env vars work
- Added clear security warning that default passwords are public
- Emphasized that post-installation procedure is MANDATORY
- Clarified that Runtipi env vars alone are NOT sufficient for security
- Updated title to "OBLIGATOIRE pour Production" (mandatory)
This aligns documentation with official Wazuh security procedures:
https://documentation.wazuh.com/current/deployment-options/docker/changing-default-password.html🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replaced the simplified password change instructions with the official
Wazuh Docker deployment procedure from:
https://documentation.wazuh.com/current/deployment-options/docker/changing-default-password.html
Changes:
- Added reference link to official Wazuh documentation
- Updated Méthode 2 with official hash generation procedure using hash.sh
- Added complete securityadmin.sh command with correct paths
- Specified password requirements (8-64 chars with symbols for API)
- Added warning about complexity of post-install password changes
- Emphasized pre-installation password configuration as best practice
This ensures users follow the correct and secure procedure for changing
passwords in Wazuh Docker deployments.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Runtipi schema requires the 'devices' array field in reservations section.
Added empty devices array to all three services with resource limits:
- wazuh-indexer
- wazuh-manager
- wazuh-dashboard
This fixes the schema validation error:
"Invalid input: expected array, received undefined"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Separate variable declaration and assignment to avoid masking return values.
This follows shellcheck best practices for error handling.
Changes:
- Separate declaration/assignment for container_name (line 59-60)
- Separate declaration/assignment for status (line 67-69)
- Separate declaration/assignment for health (line 68-70)
- Separate declaration/assignment for exit_code (line 86-87)
All 4 SC2155 warnings are now resolved.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Based on Kubernetes configuration analysis from wazuh-kubernetes-main repository.
Changes to docker-compose.json:
- Add resource limits (CPU/RAM) to all services based on K8s recommendations
* Indexer: 0.5-1.0 CPU, 1-2GB RAM
* Manager: 1.0-2.0 CPU, 1-2GB RAM
* Dashboard: 0.2-0.4 CPU, 512MB-2GB RAM
- Add Log4j security flag: -Dlog4j2.formatMsgNoLookups=true (CVE-2021-44228)
- Add DISABLE_INSTALL_DEMO_CONFIG=true for indexer security
- Add WAZUH_NODE_TYPE=master for explicit node configuration
- Add SERVER_SSL_ENABLED=true for dashboard
Changes to metadata/description.md:
- Update prerequisites with CPU/RAM/Disk requirements
- Add "Variables d'Environnement Techniques" section
- Rewrite "Limites de Ressources" with K8s-based recommendations
- Update "Espace Disque" with production storage requirements
- Add new section "Considérations de Production et Scaling"
* Single-node deployment limitations
* HA configuration with Kubernetes
* Scaling recommendations
* Production security checklist
* Backup script for critical volumes
All improvements follow official Wazuh Kubernetes production configurations
for optimal stability and security.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Added official Wazuh Kubernetes deployment repository for reference.
This provides:
- Kubernetes manifests for production deployments
- Resource limits and health check configurations
- Security best practices
- Multi-node and HA deployment examples
Useful for future improvements and K8s migration considerations.
Size: 900K
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Changed 'Bug #3 fixed' to 'persistent via symlink' when config is OK
- Changed 'pthread_create fix present' to 'Configured (prevents pthread_create errors)'
- Only mention bugs/fixes in error/warning states, not in success states
- Makes the output clearer and less confusing for users
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Change SSL verification to GREEN when configured via env vars (it's correct)
- Show '0 FAILED' in GREEN when there are no failures (success state)
- Fix GB calculation rounding (use %.0f instead of int to round properly)
- Add ≈ symbol before GB value for clarity (8,1G ≈ 8 GB instead of incorrect 6 GB)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changed all disk size references from ~7-8GB, 7,4G, and ~5GB to consistent 7 GB format for professional appearance.
Updated files:
- description.md (2 occurrences)
- wazuh-health-check.sh (4 occurrences)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Corrected resource limits section to reflect actual docker-compose.json configuration.
Uses Java heap and ulimits, not deploy.resources.limits.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add logs.txt (328KB) - health check and diagnostic logs
- Add wazuh-documentations/ - Offline copies of official Wazuh Docker documentation (HTML)
- Add wazuh-official-docker-main/ - Complete official Wazuh Docker repository for reference
These resources provide offline documentation and troubleshooting reference for the Wazuh RunTipi deployment.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Update health check SSL verification message to be informative instead of warning
- Health check now accepts both 'full' and 'certificate' SSL modes
- Fix description.md to match actual implementation (no dashboard watchdog)
- Correct init-manager.sh and init-dashboard.sh documentation examples
- Replace obsolete dashboard migration section with actual manager persistence logic
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The official Wazuh dashboard entrypoint prompts 'Overwrite? [y/N]' if
the keystore already exists. This causes the container to hang waiting
for user input on fresh installs.
Solution: Delete the keystore file before exec'ing the entrypoint.
The entrypoint will recreate it automatically without prompting.
This ensures fresh installs work without manual intervention.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Remove watchdog and migration detection logic (over-engineered)
- Remove keystore creation (let official entrypoint handle it)
- Use exec /entrypoint.sh instead of background process
- Reduce from 135 lines to 50 lines
- Follow official Wazuh Docker patterns
This fixes the dashboard restart loop caused by keystore prompt.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added Wazuh 4.14.1 SIEM/XDR application for Runtipi
- Simplified init scripts following official Wazuh Docker patterns
- Complete documentation in French (description.md)
- Health check diagnostic script (wazuh-health-check.sh)
- SSL/TLS certificates auto-generation
- Whoami test application included
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
