Adapt modules to Wazuh v4.0 (#300)

Updated to Wazuh v4.0 and minor changes
Co-authored-by: Jason Alavaliant <alavaliant@ra09.com>
Co-authored-by: Fabian van der Hoeven <fvanderhoeven@conclusion.nl>
Co-authored-by: Zenidd <jpsaezgutierrez@gmail.com>

README.md

@@ -3,7 +3,8 @@
 [![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/)
 [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh)
 [![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com)
-[![Documentation](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com)
+[![Web](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com)
+![Kitchen tests](https://github.com/wazuh/wazuh-puppet/workflows/Kitchen%20tests/badge.svg)
 
 This module installs and configure Wazuh agent and manager.
 
@@ -18,87 +19,117 @@ This module installs and configure Wazuh agent and manager.
  wazuh-puppet/
  ├── CHANGELOG.md
  ├── checksums.json
+ ├── data
+ │ └── common.yaml
  ├── files
- │   └── ossec-logrotate.te
+ │  └── ossec-logrotate.te
  ├── Gemfile
+ ├── kitchen
+ │ ├── chefignore
+ │ ├── clean.sh
+ │ ├── Gemfile
+ │ ├── hieradata
+ │ │ ├── common.yaml
+ │ │ └── roles
+ │ │ └── default.yaml
+ │ ├── kitchen.yml
+ │ ├── manifests
+ │ │ └── site.pp.template
+ │ ├── Puppetfile
+ │ ├── README.md
+ │ ├── run.sh
+ │ └── test
+ │ └── integration
+ │ ├── agent
+ │ │ └── agent_spec.rb
+ │ └── mngr
+ │ └── manager_spec.rb
  ├── LICENSE.txt
  ├── manifests
- │   ├── activeresponse.pp
- │   ├── addlog.pp
- │   ├── agent.pp
- │   ├── command.pp
- │   ├── elasticsearch.pp
- │   ├── email_alert.pp
- │   ├── filebeat.pp
- │   ├── init.pp
- │   ├── integration.pp
- │   ├── kibana.pp
- │   ├── manager.pp
- │   ├── params_agent.pp
- │   ├── params_elastic.pp
- │   ├── params_manager.pp
- │   ├── repo_elastic.pp
- │   ├── repo.pp
- │   ├── reports.pp
- │   └── wazuh_api.pp
+ │ ├── activeresponse.pp
+ │ ├── addlog.pp
+ │ ├── agent.pp
+ │ ├── audit.pp
+ │ ├── command.pp
+ │ ├── elasticsearch.pp
+ │ ├── email_alert.pp
+ │ ├── filebeat_oss.pp
+ │ ├── filebeat.pp
+ │ ├── init.pp
+ │ ├── integration.pp
+ │ ├── kibana_od.pp
+ │ ├── kibana.pp
+ │ ├── manager.pp
+ │ ├── opendistro.pp
+ │ ├── params_agent.pp
+ │ ├── params_elastic.pp
+ │ ├── params_manager.pp
+ │ ├── params_opendistro.pp
+ │ ├── repo_elastic_oss.pp
+ │ ├── repo_elastic.pp
+ │ ├── repo_elasticsearch-oss.pp
+ │ ├── repo_opendistro.pp
+ │ ├── repo.pp
+ │ ├── reports.pp
+ │ └── tests.pp
  ├── metadata.json
  ├── Rakefile
  ├── README.md
  ├── spec
- │   ├── classes
- │   │   ├── client_spec.rb
- │   │   ├── init_spec.rb
- │   │   └── server_spec.rb
- │   └── spec_helper.rb
+ │  ├── classes
+ │ │  ├── client_spec.rb
+ │ │  ├── init_spec.rb
+ │ │  └── server_spec.rb
+ │  └── spec_helper.rb
  ├── templates
- │   ├── api
- │   │   └── config.js.erb
- │   ├── default_commands.erb
- │   ├── elasticsearch_yml.erb
- │   ├── filebeat_yml.erb
- │   ├── fragments
- │   │   ├── _activeresponse.erb
- │   │   ├── _auth.erb
- │   │   ├── _cluster.erb
- │   │   ├── _command.erb
- │   │   ├── _default_activeresponse.erb
+ │ ├── default_commands.erb
+ │ ├── elasticsearch_yml.erb
+ │ ├── filebeat_oss_yml.erb
+ │ ├── filebeat_yml.erb
+ │ ├── fragments
+ │ │ ├── _activeresponse.erb
+ │ │ ├── _auth.erb
+ │ │ ├── _cluster.erb
+ │ │ ├── _command.erb
+ │ │ ├── _default_activeresponse.erb
  │ │ ├── _email_alert.erb
- │   │   ├── _integration.erb
- │   │   ├── _localfile.erb
- │   │   ├── _localfile_generation.erb
- │   │   ├── _reports.erb
- │   │   ├── _rootcheck.erb
- │   │   ├── _ruleset.erb
- │   │   ├── _sca.erb
- │   │   ├── _syscheck.erb
- │   │   ├── _wodle_cis_cat.erb
- │   │   ├── _wodle_openscap.erb
- │   │   ├── _wodle_osquery.erb
- │   │   ├── _wodle_syscollector.erb
- │   │   └── _wodle_vulnerability_detector.erb
- │   ├── jvm_options.erb
- │   ├── kibana_yml.erb
- │   ├── local_decoder.xml.erb
- │   ├── local_rules.xml.erb
- │   ├── ossec_shared_agent.conf.erb
- │   ├── process_list.erb
- │   ├── wazuh_agent.conf.erb
- │   └── wazuh_manager.conf.erb
- ├── tests
- │   └── init.pp
+ │ │ ├── _integration.erb
+ │ │ ├── _labels.erb
+ │ │ ├── _localfile.erb
+ │ │ ├── _localfile_generation.erb
+ │ │ ├── _reports.erb
+ │ │ ├── _rootcheck.erb
+ │ │ ├── _ruleset.erb
+ │ │ ├── _sca.erb
+ │ │ ├── _syscheck.erb
+ │ │ ├── _syslog_output.erb
+ │ │ ├── _vulnerability_detector.erb
+ │ │ ├── _wodle_cis_cat.erb
+ │ │ ├── _wodle_openscap.erb
+ │ │ ├── _wodle_osquery.erb
+ │ │ └── _wodle_syscollector.erb
+ │ ├── jvm_options.erb
+ │ ├── kibana_od_yml.erb
+ │ ├── kibana_yml.erb
+ │ ├── local_decoder.xml.erb
+ │ ├── local_rules.xml.erb
+ │ ├── opendistro_yml.erb
+ │ ├── ossec_shared_agent.conf.erb
+ │ ├── process_list.erb
+ │ ├── wazuh_agent.conf.erb
+ │ ├── wazuh_api_yml.erb
+ │ ├── wazuh_manager.conf.erb
+ │ └── wazuh_yml.erb
  └── VERSION
 
 ## Branches
 
-* `stable` branch on correspond to the last Wazuh-Puppet stable version.
+* `4.0` branch on correspond to the last Wazuh-Puppet stable version.
 * `master` branch contains the latest code, be aware of possible bugs on this branch.
 
 ## Contribute
 
-If you would like to contribute to our repository, please fork our Github repository and submit a pull request.
-
-If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`. 
-
+If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users [mailing list](https://groups.google.com/d/forum/wazuh) or the [Wazuh Slack community channel](https://wazuh.com/community/join-us-on-slack/) to ask questions and participate in discussions.
 
 ## Credits and thank you
 
@@ -109,10 +140,6 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz
 WAZUH
 Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
-Based on OSSEC
-Copyright (C) 2015 Trend Micro Inc.
-
-
 ## Web References
 
 * [Wazuh website](http://wazuh.com)

VERSION

@@ -1,2 +1,2 @@
-WAZUH-PUPPET_VERSION="v3.13.2"
-REVISION="31320"
+WAZUH-PUPPET_VERSION="v4.0.0"
+REVISION="40000"

kitchen/test/integration/agent/agent_spec.rb

@@ -1,6 +1,6 @@
 describe package('wazuh-agent') do
  it { is_expected.to be_installed }
- its('version') { is_expected.to eq '3.13.2-1' }
+ its('version') { is_expected.to eq '4.0.0-1' }
 end
 
 describe service('wazuh-agent') do
@@ -15,7 +15,7 @@
  'ossec-agentd' => 'ossec',
  'ossec-execd' => 'root',
  'ossec-syscheckd' => 'root',
- 'wazuh-modulesd' => 'root',
+# 'wazuh-modulesd' => 'root',
 }
 
 wazuh_daemons.each do |key, value|

kitchen/test/integration/mngr/manager_spec.rb

@@ -1,6 +1,6 @@
 describe package('wazuh-manager') do
  it { is_expected.to be_installed }
- its('version') { is_expected.to eq '3.13.2-1' }
+ its('version') { is_expected.to eq '4.0.0-1' }
 end
 
 describe service('wazuh-manager') do

manifests/agent.pp

@@ -72,6 +72,25 @@
  $client_buffer_queue_size = $wazuh::params_agent::client_buffer_queue_size,
  $client_buffer_events_per_second = $wazuh::params_agent::client_buffer_events_per_second,
 
+ # Auto enrollment configuration
+
+ $wazuh_enrollment_enabled = $wazuh::params_agent::wazuh_enrollment_enabled,
+ $wazuh_enrollment_manager_address = $wazuh::params_agent::wazuh_enrollment_manager_address,
+ $wazuh_enrollment_port = $wazuh::params_agent::wazuh_enrollment_port,
+ $wazuh_enrollment_agent_name = $wazuh::params_agent::wazuh_enrollment_agent_name,
+ $wazuh_enrollment_groups = $wazuh::params_agent::wazuh_enrollment_groups,
+ $wazuh_enrollment_agent_address = $wazuh::params_agent::wazuh_enrollment_agent_address,
+ $wazuh_enrollment_ssl_cipher = $wazuh::params_agent::wazuh_enrollment_ssl_cipher,
+ $wazuh_enrollment_server_ca_path = $wazuh::params_agent::wazuh_enrollment_server_ca_path,
+ $wazuh_enrollment_agent_cert_path = $wazuh::params_agent::wazuh_enrollment_agent_cert_path,
+ $wazuh_enrollment_agent_key_path = $wazuh::params_agent::wazuh_enrollment_agent_key_path,
+ $wazuh_enrollment_auth_pass = $wazuh::params_agent::wazuh_enrollment_auth_pass,
+ $wazuh_enrollment_auth_pass_path = $wazuh::params_agent::wazuh_enrollment_auth_pass_path,
+ $wazuh_enrollment_auto_method = $wazuh::params_agent::wazuh_enrollment_auto_method,
+ $wazuh_delay_after_enrollment = $wazuh::params_agent::wazuh_delay_after_enrollment,
+ $wazuh_enrollment_use_source_ip = $wazuh::params_agent::wazuh_enrollment_use_source_ip,
+
+
  # Rootcheck
  $ossec_rootcheck_disabled = $wazuh::params_agent::ossec_rootcheck_disabled,
  $ossec_rootcheck_check_files = $wazuh::params_agent::ossec_rootcheck_check_files,
@@ -617,4 +636,15 @@
  ],
  }
  }
+
+ if ( $wazuh_enrollment_auth_pass ) {
+ file { $wazuh::params_agent::authd_pass_file:
+ owner => 'root',
+ group => 'ossec',
+ mode => '0640',
+ content => $wazuh::params_agent::wazuh_enrollment_auth_pass,
+ require => Package[$wazuh::params_agent::agent_package_name],
+ }
+ }
+
 }

manifests/filebeat.pp

@@ -7,9 +7,9 @@
 
  $filebeat_package = 'filebeat',
  $filebeat_service = 'filebeat',
- $filebeat_version = '7.9.1',
- $wazuh_app_version = '3.13.2_7.9.1',
- $wazuh_extensions_version = 'v3.13.2',
+ $filebeat_version = '7.9.2',
+ $wazuh_app_version = '4.0.0_7.9.2',
+ $wazuh_extensions_version = 'v4.0.0',
  $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
 ){
 

manifests/filebeat_oss.pp

@@ -10,8 +10,8 @@
  $filebeat_oss_elastic_user = 'admin',
  $filebeat_oss_elastic_password = 'admin',
  $filebeat_oss_version = '7.8.0',
- $wazuh_app_version = '3.13.2_7.8.0',
- $wazuh_extensions_version = 'v3.13.2',
+ $wazuh_app_version = '4.0.0_7.9.1',
+ $wazuh_extensions_version = 'v4.0.0',
  $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
 ){
 

manifests/kibana.pp

@@ -3,8 +3,8 @@
 class wazuh::kibana (
  $kibana_package = 'kibana',
  $kibana_service = 'kibana',
- $kibana_version = '7.9.1',
- $kibana_app_version = '3.13.2_7.9.1',
+ $kibana_version = '7.9.2',
+ $kibana_app_version = '4.0.0_7.9.2',
  $kibana_elasticsearch_ip = 'localhost',
  $kibana_elasticsearch_port = '9200',
 

manifests/kibana_od.pp

@@ -6,7 +6,7 @@
  $kibana_od_version = '1.9.0',
  $kibana_od_elastic_user = 'admin',
  $kibana_od_elastic_password = 'admin',
- $kibana_od_app_version = '3.13.2_7.8.0',
+ $kibana_od_app_version = '4.0.0_7.9.1',
  $kibana_od_elasticsearch_ip = 'localhost',
  $kibana_od_elasticsearch_port = '9200',
 

manifests/manager.pp

@@ -260,6 +260,46 @@
  $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key,
 
  $ossec_local_files = $::wazuh::params_manager::default_local_files,
+
+ # API
+
+
+ $wazuh_api_host = $wazuh::params_manager::wazuh_api_host,
+
+ $wazuh_api_port = $wazuh::params_manager::wazuh_api_port,
+ $wazuh_api_file = $wazuh::params_manager::wazuh_api_file,
+
+ $wazuh_api_behind_proxy_server = $wazuh::params_manager::wazuh_api_behind_proxy_server,
+ $wazuh_api_https_enabled = $wazuh::params_manager::wazuh_api_https_enabled,
+ $wazuh_api_https_key = $wazuh::params_manager::wazuh_api_https_key,
+
+ $wazuh_api_https_cert = $wazuh::params_manager::wazuh_api_https_cert,
+ $wazuh_api_https_use_ca = $wazuh::params_manager::wazuh_api_https_use_ca,
+ $wazuh_api_https_ca = $wazuh::params_manager::wazuh_api_https_ca,
+ $wazuh_api_logs_level = $wazuh::params_manager::wazuh_api_logs_level,
+ $wazuh_api_logs_path = $wazuh::params_manager::wazuh_api_logs_path,
+
+ $wazuh_api_cors_enabled = $wazuh::params_manager::wazuh_api_cors_enabled,
+ $wazuh_api_cors_source_route = $wazuh::params_manager::wazuh_api_cors_source_route,
+ $wazuh_api_cors_expose_headers = $wazuh::params_manager::wazuh_api_cors_expose_headers,
+
+
+ $wazuh_api_cors_allow_credentials = $::wazuh::params_manager::wazuh_api_cors_allow_credentials,
+ $wazuh_api_cache_enabled = $::wazuh::params_manager::wazuh_api_cache_enabled,
+
+ $wazuh_api_cache_time = $::wazuh::params_manager::wazuh_api_cache_time,
+
+ $wazuh_api_access_max_login_attempts = $::wazuh::params_manager::wazuh_api_access_max_login_attempts,
+ $wazuh_api_access_block_time = $::wazuh::params_manager::wazuh_api_access_block_time,
+ $wazuh_api_access_max_request_per_minute = $::wazuh::params_manager::wazuh_api_access_max_request_per_minute,
+ $wazuh_api_use_only_authd = $::wazuh::params_manager::wazuh_api_use_only_authd,
+ $wazuh_api_drop_privileges = $::wazuh::params_manager::wazuh_api_drop_privileges,
+ $wazuh_api_experimental_features = $::wazuh::params_manager::wazuh_api_experimental_features,
+ $wazuh_api_template = $::wazuh::params_manager::wazuh_api_template,
+
+
+
+
 ) inherits wazuh::params_manager {
  validate_bool(
  $manage_repos, $syslog_output,$wazuh_manager_verify_manager_ssl
@@ -320,7 +360,6 @@
  Class['wazuh::repo'] -> Package[$wazuh::params_manager::server_package]
  }
  }
-
  # Install and configure Wazuh-manager package
 
  package { $wazuh::params_manager::server_package:
@@ -609,4 +648,12 @@
  }
  }
 
+ file { '/var/ossec/api/configuration/api.yaml':
+ owner => 'root',
+ group => 'ossec',
+ mode => '0640',
+ content => template('wazuh/wazuh_api_yml.erb'),
+ notify => Service[$wazuh::params_manager::server_service]
+ }
+
 }