HTTP Strict Transport Security (HSTS) is a vital security measure in today’s
digital landscape, where data security and privacy are paramount. With the increasing sophistication of cyber threats, safeguarding sensitive
information transmitted over the internet has become critical for individuals
and organizations.
HSTS plays a crucial role in this regard by enforcing secure connections. It
instructs browsers to only interact with a website using a secure HTTPS
connection, rather than the less secure HTTP. This simple yet powerful
mechanism mitigates the risk of man-in-the-middle attacks, where attackers
can intercept or manipulate data being transferred over less secure
connections.
This article describes how to add HTTP headers to implement HSTS
(assuming HTTPS is already implemented):
Wazuh Dashboard:
Navigate to the file /etc/wazuh-dashboard/opensearch_dashboards.yml and add the option server.customResponseHeaders with our STS and any custom HTTP headers as shown below:
server.host: 0.0.0.0
opensearch.hosts: https://127.0.0.1:9200
server.port: 443
opensearch.ssl.verificationMode: certificate
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: false
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
server.ssl.enabled: true
server.ssl.key: "/etc/wazuh-dashboard/certs/wazuh-dashboard-key.pem"
server.ssl.certificate: "/etc/wazuh-dashboard/certs/wazuh-dashboard.pem"
opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"
uiSettings.overrides.defaultRoute: /app/wazuh
opensearch_security.cookie.secure: true
server.customResponseHeaders: {"Strict-Transport-Security":" max-age=63072000;includeSubDomains; preload","x-content-type-options": "nosniff"}Restart Wazuh Dashboard:systemctl retart wazuh-dashboard
Confirm the implementation: curl -v https://wazuh-dashboard -k -X
curl -v https://wazuh-dashboard -k -X
HTTP/1.1 302 Found
location: /app/login?
strict-transport-security: max-age=63072000; includeSubDomains; preload;
x-content-type-options: nosniff
osd-name: localhost.localdomain
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
set-cookie: security_authentication=; Max-Age=0; Expires=Thu, 01 Jan 1970 00:0
content-length: 0
Date: Thu, 04 Jan 2024 16:50:08 GMT
Connection: keep-alive
Keep-Alive: timeout=120
Kibana:
Use the option server.customResponseHeaders within the file /etc/kibana/kibana.yml as shown below (Note the syntax is different even
if the option is the same):
server.host: 0.0.0.0
server.port: 443
elasticsearch.hosts: https://localhost:9200
elasticsearch.password: xfdddd
# Elasticsearch from/to Kibana
elasticsearch.ssl.certificateAuthorities: /etc/kibana/certs/ca/ca.crt
elasticsearch.ssl.certificate: /etc/kibana/certs/kibana.crt
elasticsearch.ssl.key: /etc/kibana/certs/kibana.key
# Browser from/to Kibana
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/kibana.crt
server.ssl.key: /etc/kibana/certs/kibana.key
# Elasticsearch authentication
xpack.security.enabled: true
elasticsearch.username: elastic
uiSettings.overrides.defaultRoute: "/app/wazuh"
elasticsearch.ssl.verificationMode: certificate
server.customResponseHeaders:
Strict-Transport-Security: "max-age=63072000; includeSubDomains; preload;"
X-content-type-options: "nosniff"Restart Kibana: systemctl restart kibana
Confirm the implementation: curl -v https://kibana -k
HTTP/1.1 302 Found
location: /login?next=%2F
strict-transport-security: max-age=63072000; includeSubDomains; preload;
x-content-type-options: nosniff
kbn-name: localhost.localdomain
kbn-license-sig: 8abb6707d135b062d0066e8049907961156f811af5f4ba3892e8a9006f94e
x-frame-options: sameorigin
cache-control: private, no-cache, no-store, must-revalidate
content-length: 0
Date: Thu, 04 Jan 2024 17:10:14 GMT
Connection: keep-alive
Keep-Alive: timeout=120I hope you find it useful 😀
93 responses to “HTTP Strict Transport Security(HSTS) for Wazuh & Kibana”
ivermectin 6 mg pills for humans – stromectol 6mg carbamazepine us
buy generic isotretinoin – order dexamethasone 0,5 mg online cheap oral linezolid 600 mg
amoxicillin over the counter – amoxil online purchase combivent online
buy zithromax 250mg sale – cost bystolic bystolic 20mg pills
order prednisolone 20mg generic – buy progesterone 100mg online order prometrium 100mg for sale
doxycycline over the counter – cheap acticlate glucotrol 10mg price
buy generic augmentin 375mg – clavulanate uk buy duloxetine generic
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
buy amoxiclav pill – buy duloxetine 40mg generic cymbalta 40mg uk
rybelsus 14 mg canada – semaglutide over the counter cost periactin 4 mg
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Your article helped me a lot, is there any more related content? Thanks!
cheap tizanidine 2mg – order tizanidine 2mg pill order microzide 25 mg
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me. https://accounts.binance.com/ur/register-person?ref=WTOZ531Y
over the counter cialis – buy cialis 20mg pills sildenafil in usa
buy viagra 100mg online – sildenafil 50mg over the counter cialis coupon walmart
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me. https://accounts.binance.com/cs/register?ref=S5H7X3LP
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
buy generic cenforce 50mg – chloroquine 250mg price buy metformin for sale
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
buy generic atorvastatin – lipitor 40mg cost lisinopril 10mg canada
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
treat stomach – metoprolol 50mg canada atenolol 100mg over the counter
medrol without prescription – order generic lyrica 150mg buy triamcinolone 10mg sale
buy generic clarinex over the counter – order dapoxetine 90mg pill order dapoxetine 90mg generic
order cytotec generic – buy misoprostol paypal diltiazem ca
… [Trackback]
[…] Information on that Topic: opensourcesecurityblogs.com/http-strict-transport-securityhsts-for-wazuh-kibana/ […]
… [Trackback]
[…] Read More on on that Topic: opensourcesecurityblogs.com/http-strict-transport-securityhsts-for-wazuh-kibana/ […]
… [Trackback]
[…] Find More on that Topic: opensourcesecurityblogs.com/http-strict-transport-securityhsts-for-wazuh-kibana/ […]
acyclovir 400mg sale – allopurinol 300mg uk crestor order
… [Trackback]
[…] Here you will find 53572 additional Info on that Topic: opensourcesecurityblogs.com/http-strict-transport-securityhsts-for-wazuh-kibana/ […]
order domperidone 10mg generic – buy motilium 10mg for sale buy flexeril without prescription
buy motilium sale – order domperidone pills flexeril drug
buy generic propranolol over the counter – brand inderal buy methotrexate 2.5mg without prescription
coumadin for sale – losartan 25mg oral order cozaar 50mg online cheap
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
order levofloxacin online cheap – ranitidine canada buy ranitidine sale
order esomeprazole 20mg – esomeprazole 20mg us order sumatriptan 50mg online cheap
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
buy mobic 15mg generic – buy flomax 0.2mg pill order flomax 0.4mg without prescription
профиль с подписчиками https://birzha-akkauntov-online.ru/
перепродажа аккаунтов продажа аккаунтов
купить аккаунт с прокачкой аккаунт для рекламы
аккаунты с балансом маркетплейс аккаунтов
гарантия при продаже аккаунтов маркетплейс для реселлеров
платформа для покупки аккаунтов купить аккаунт
гарантия при продаже аккаунтов перепродажа аккаунтов
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Account Trading Platform Sell Account
Buy Pre-made Account Gaming account marketplace
Website for Selling Accounts Account exchange
Account Selling Platform Marketplace for Ready-Made Accounts
Account Market Sell accounts
Sell Pre-made Account Online Account Store
Secure Account Purchasing Platform Ready-Made Accounts for Sale
Account Trading Account Store
Ready-Made Accounts for Sale Buy Account
Account Trading Account Market
marketplace for ready-made accounts account trading service
account exchange service accountsmarketplaceonline.com
account trading service profitable account sales
secure account sales sell pre-made account
account market account trading platform
social media account marketplace account selling service
account acquisition account purchase
guaranteed accounts buy and sell accounts
account purchase secure account sales
account buying platform secure account purchasing platform
social media account marketplace profitable account sales
I blog frequently and I truly appreciate your information. The article
has really peaked my interest. I will bookmark your site
and keep checking for new details about once a week. I subscribed to your RSS feed too.
My blog :: nordvpn coupons inspiresensation (t.co)
Can I simply say what a relief to find someone who genuinely understands what
they are talking about over the internet.
You definitely realize how to bring an issue to light
and make it important. A lot more people must look at this and understand this side of
the story. I was surprised that you’re not more popular since you definitely possess the gift.
My site: nordvpn coupons inspiresensation
account buying service sell pre-made account
verified accounts for sale account buying platform
account acquisition secure account purchasing platform
account trading platform accounts for sale
account marketplace account exchange service
account exchange account selling service
Thanks in support of sharing such a nice opinion, article
is fastidious, thats why i have read it fully
my blog: nordvpn coupons inspiresensation
Great article! This is the type of info that should be shared across the internet.
Shame on Google for now not positioning this submit higher!
Come on over and discuss with my site . Thanks
=)
my blog post – Nordvpn Coupons inspiresensation
account trading service account marketplace
account marketplace accounts market
account trading https://account-buy.org
account marketplace account buying service
First off I would like to say great blog! I had a quick
question in which I’d like to ask if you don’t mind. I was curious to find out how you center yourself and clear your head prior to writing.
I’ve had a difficult time clearing my mind in getting
my ideas out. I do enjoy writing however it just seems like the first 10 to 15 minutes are wasted just trying
to figure out how to begin. Any recommendations or hints?
Many thanks!
my webpage: nordvpn coupons inspiresensation (http://cia.sh/)
profitable account sales buy account
gaming account marketplace buy pre-made account
database of accounts for sale account acquisition
Link exchange is nothing else but it is just placing the other person’s web site link on your
page at suitable place and other person will also do same
for you.
Feel free to surf to my blog post: nordvpn coupons inspiresensation, shorturl.ru,
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.
You obviously know what youre talking about, why throw away your intelligence on just posting videos to your site
when you could be giving us something informative to read?
My blog :: nordvpn coupons inspiresensation (https://t.co/)
If some one wishes to be updated with most recent technologies then he must be visit this web site and be up to date everyday.
Stop by my page :: Nordvpn coupons Inspiresensation
ready-made accounts for sale https://accounts-store.org/
online account store verified accounts for sale
social media account marketplace marketplace for ready-made accounts