Merge pull request #591 from wazuh/merge_master

Merge 4.3.9 into master
wazuh · Oct 17, 2022 · 5f0ba23 · 5f0ba23
2 parents 65e2f2c + 888f87f
commit 5f0ba23
Show file tree

Hide file tree

Showing 15 changed files with 576 additions and 240 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,24 @@ All notable changes to this project will be documented in this file.
 
 - Support to 4.4.0 Wazuh release.
 
+## Wazuh Puppet v4.3.9
+
+### Added
+
+- Support to 4.3.9 Wazuh release.
+
+## Wazuh Puppet v4.3.8
+
+### Added
+
+- Support to 4.3.8 Wazuh release.
+
+## Wazuh Puppet v4.3.7
+
+### Added
+
+- Support to 4.3.7 Wazuh release.
+
 ## Wazuh Puppet v4.3.6
 
 ### Added

diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp
@@ -13,7 +13,7 @@
  $active_response_timeout = undef,
  $active_response_repeated_offenders = [],
  $target_arg = 'manager_ossec.conf',
- $order_arg = undef,
+ $order_arg = 80,
  $before_arg = undef,
  $content_arg = 'wazuh/fragments/_activeresponse.erb'
 ) {

diff --git a/manifests/certificates.pp b/manifests/certificates.pp
@@ -4,28 +4,29 @@
  $wazuh_repository = 'packages.wazuh.com',
  $wazuh_version = '4.5',
 ) {
+ file { 'Configure Wazuh Certificates config.yml':
+ owner => 'root',
+ path => '/tmp/config.yml',
+ group => 'root',
+ mode => '0640',
+ content => template('wazuh/wazuh_config_yml.erb'),
+ }
 
- $certs_path = '/tmp/wazuh-certificates'
-
- $path_exists = find_file($certs_path)
-
- unless $path_exists {
- file { 'Configure config.yml':
- owner => 'root',
- path => '/tmp/config.yml',
- group => 'root',
- mode => '0644',
- content => template('wazuh/wazuh_config_yml.erb'),
- }
-
- exec { 'Create Wazuh Certificates':
- path => '/usr/bin:/bin',
- command => "curl -so /tmp/wazuh-certs-tool.sh 'https://${wazuh_repository}/${wazuh_version}/wazuh-certs-tool.sh'\
- && chmod 744 /tmp/wazuh-certs-tool.sh\
- && bash /tmp/wazuh-certs-tool.sh --all",
-
- }
+ file { '/tmp/wazuh-certs-tool.sh':
+ ensure => file,
+ source => "https://${wazuh_repository}/${wazuh_version}/wazuh-certs-tool.sh",
+ owner => 'root',
+ group => 'root',
+ mode => '0740',
  }
 
+ exec { 'Create Wazuh Certificates':
+ path => '/usr/bin:/bin',
+ command => 'bash /tmp/wazuh-certs-tool.sh --all',
+ creates => '/tmp/wazuh-certificates',
+ require => [
+ File['/tmp/wazuh-certs-tool.sh'],
+ File['/tmp/config.yml'],
+ ],
+ }
 }
-
diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp
@@ -4,66 +4,126 @@
  $dashboard_package = 'wazuh-dashboard',
  $dashboard_service = 'wazuh-dashboard',
  $dashboard_version = '4.5.0',
- $dashboard_user = 'admin',
- $dashboard_password = 'admin',
  $indexer_server_ip = 'localhost',
  $indexer_server_port = '9200',
  $dashboard_path_certs = '/etc/wazuh-dashboard/certs',
+ $dashboard_fileuser = 'wazuh-dashboard',
+ $dashboard_filegroup = 'wazuh-dashboard',
 
- $dashboard_server_port = '5601',
+ $dashboard_server_port = '443',
  $dashboard_server_host = '0.0.0.0',
- $dashboard_server_hosts ="https://${indexer_server_ip}:$indexer_server_port}",
- $dashboard_wazuh_api_credentials = [ {
- 'id' => 'default',
- 'url' => 'http://localhost',
- 'port' => '55000',
- 'user' => 'foo',
- 'password' => 'bar',
- },
- ]
+ $dashboard_server_hosts = "https://${indexer_server_ip}:${indexer_server_port}",
+
+ # If the keystore is used, the credentials are not managed by the module (TODO).
+ # If use_keystore is false, the keystore is deleted, the dashboard use the credentials in the configuration file.
+ $use_keystore = true,
+ $dashboard_user = 'kibanaserver',
+ $dashboard_password = 'kibanaserver',
+
+ $dashboard_wazuh_api_credentials = [
+ {
+ 'id' => 'default',
+ 'url' => 'https://localhost',
+ 'port' => '55000',
+ 'user' => 'wazuh-wui',
+ 'password' => 'wazuh-wui',
+ },
+ ],
+
+ $manage_repos = false, # Change to true when manager is not present.
 ) {
+ if $manage_repos {
+ include wazuh::repo
+
+ if $::osfamily == 'Debian' {
+ Class['wazuh::repo'] -> Class['apt::update'] -> Package['wazuh-dashboard']
+ } else {
+ Class['wazuh::repo'] -> Package['wazuh-dashboard']
+ }
+ }
 
  # assign version according to the package manager
- case $::osfamily {
- 'Debian' : {
+ case $facts['os']['family'] {
+ 'Debian': {
  $dashboard_version_install = "${dashboard_version}-*"
  }
- 'Linux', 'RedHat' : {
- $dashboard_version_install = "${dashboard_version}"
+ 'Linux', 'RedHat', default: {
+ $dashboard_version_install = $dashboard_version
  }
  }
 
  # install package
- package { 'Installing Wazuh Dashboard...':
+ package { 'wazuh-dashboard':
  ensure => $dashboard_version_install,
  name => $dashboard_package,
  }
 
- include wazuh::certificates
+ require wazuh::certificates
 
- exec { 'Copy Dashboard Certificates':
+ exec { "ensure full path of ${dashboard_path_certs}":
  path => '/usr/bin:/bin',
- command => "mkdir $dashboard_path_certs \
- && cp /tmp/wazuh-certificates/dashboard.pem $dashboard_path_certs\
- && cp /tmp/wazuh-certificates/dashboard-key.pem $dashboard_path_certs\
- && cp /tmp/wazuh-certificates/root-ca.pem $dashboard_path_certs\
- && chown wazuh-dashboard:wazuh-dashboard -R $dashboard_path_certs\
- && chmod 500 $dashboard_path_certs\
- && chmod 400 $dashboard_path_certs/*",
+ command => "mkdir -p ${dashboard_path_certs}",
+ creates => $dashboard_path_certs,
+ require => Package['wazuh-dashboard'],
+ }
+ -> file { $dashboard_path_certs:
+ ensure => directory,
+ owner => $dashboard_fileuser,
+ group => $dashboard_filegroup,
+ mode => '0500',
+ }
+
+ [
+ 'dashboard.pem',
+ 'dashboard-key.pem',
+ 'root-ca.pem',
+ ].each |String $certfile| {
+ file { "${dashboard_path_certs}/${certfile}":
+ ensure => file,
+ owner => $dashboard_fileuser,
+ group => $dashboard_filegroup,
+ mode => '0400',
+ replace => false, # only copy content when file not exist
+ source => "/tmp/wazuh-certificates/${certfile}",
+ }
+ }
+
+ file { '/etc/wazuh-dashboard/opensearch_dashboards.yml':
+ content => template('wazuh/wazuh_dashboard_yml.erb'),
+ group => $dashboard_filegroup,
+ mode => '0640',
+ owner => $dashboard_fileuser,
+ require => Package['wazuh-dashboard'],
+ notify => Service['wazuh-dashboard'],
+ }
+
+ file { [ '/usr/share/wazuh-dashboard/data/wazuh/', '/usr/share/wazuh-dashboard/data/wazuh/config' ]:
+ ensure => 'directory',
+ group => $dashboard_filegroup,
+ mode => '0755',
+ owner => $dashboard_fileuser,
+ require => Package['wazuh-dashboard'],
+ }
+ -> file { '/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml':
+ content => template('wazuh/wazuh_yml.erb'),
+ group => $dashboard_filegroup,
+ mode => '0600',
+ owner => $dashboard_fileuser,
+ notify => Service['wazuh-dashboard'],
+ }
 
+ unless $use_keystore {
+ file { '/usr/share/wazuh-dashboard/config/opensearch_dashboards.keystore':
+ ensure => absent,
+ require => Package['wazuh-dashboard'],
+ before => Service['wazuh-dashboard'],
+ }
  }
 
  service { 'wazuh-dashboard':
  ensure => running,
  enable => true,
  hasrestart => true,
+ name => $dashboard_service,
  }
-
- exec {'Waiting for Wazuh indexer...':
- path => '/usr/bin',
- command => "curl -u ${dashboard_user}:${dashboard_password} -k -s -XGET https://${indexer_server_ip}:${indexer_server_port}",
- tries => 100,
- try_sleep => 3,
- }
-
 }
diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
@@ -5,6 +5,7 @@
  $filebeat_oss_indexer_port = '9200',
  $indexer_server_ip = "\"${filebeat_oss_indexer_ip}:${filebeat_oss_indexer_port}\"",
 
+ $filebeat_oss_archives = false,
  $filebeat_oss_package = 'filebeat',
  $filebeat_oss_service = 'filebeat',
  $filebeat_oss_elastic_user = 'admin',
@@ -13,74 +14,104 @@
  $wazuh_app_version = '4.5.0_7.10.2',
  $wazuh_extensions_version = 'v4.5.0',
  $wazuh_filebeat_module = 'wazuh-filebeat-0.2.tar.gz',
- $filebeat_path_certs = '/etc/filebeat/certs',
-){
 
- class {'wazuh::repo_elastic_oss':}
+ $filebeat_fileuser = 'root',
+ $filebeat_filegroup = 'root',
+ $filebeat_path_certs = '/etc/filebeat/certs',
+) {
+ include wazuh::repo_elastic_oss
 
- if $::osfamily == 'Debian' {
- Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package[$filebeat_oss_package]
+ if $facts['os']['family'] == 'Debian' {
+ Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package['filebeat']
  } else {
- Class['wazuh::repo_elastic_oss'] -> Package[$filebeat_oss_package]
+ Class['wazuh::repo_elastic_oss'] -> Package['filebeat']
  }
 
  package { 'filebeat':
  ensure => $filebeat_oss_version,
  name => $filebeat_oss_package,
  }
 
- file { 'Configure filebeat.yml':
+ file { '/etc/filebeat/filebeat.yml':
  owner => 'root',
- path => '/etc/filebeat/filebeat.yml',
  group => 'root',
- mode => '0644',
- notify => Service[$filebeat_oss_service], ## Restarts the service
+ mode => '0640',
+ notify => Service['filebeat'], ## Restarts the service
  content => template('wazuh/filebeat_oss_yml.erb'),
- require => Package[$filebeat_oss_package]
+ require => Package['filebeat'],
  }
 
- exec { 'Installing wazuh-template.json...':
- path => '/usr/bin',
- command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'",
- notify => Service[$filebeat_oss_service],
- require => Package[$filebeat_oss_package]
+ # work around:
+ # Use cmp to compare the content of local and remote file. When they differ than rm the file to get it recreated by the file resource.
+ # Needed since GitHub can only ETAG and result in changes of the mtime everytime.
+ # TODO: Include file into the wazuh/wazuh-puppet project or use file { checksum => '..' } for this instead of the exec construct.
+ exec { 'cleanup /etc/filebeat/wazuh-template.json':
+ command => '/bin/rm /etc/filebeat/wazuh-template.json',
+ onlyif => '/bin/test -f /etc/filebeat/wazuh-template.json',
+ unless => "/bin/curl -s 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json' | /bin/cmp -s '/etc/filebeat/wazuh-template.json'",
  }
-
- exec { 'Installing filebeat module ... Downloading package':
- path => '/usr/bin',
- command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}",
+ -> file { '/etc/filebeat/wazuh-template.json':
+ owner => 'root',
+ group => 'root',
+ mode => '0440',
+ replace => false, # only copy content when file not exist
+ source => "https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json",
+ notify => Service['filebeat'],
+ require => Package['filebeat'],
  }
 
- exec { 'Unpackaging ...':
- command => '/bin/tar -xzvf /root/wazuh-filebeat-0.2.tar.gz -C /usr/share/filebeat/module',
- notify => Service[$filebeat_oss_service],
- require => Package[$filebeat_oss_package]
+ archive { "/tmp/${$wazuh_filebeat_module}":
+ ensure => present,
+ source => "https://packages.wazuh.com/4.x/filebeat/${$wazuh_filebeat_module}",
+ extract => true,
+ extract_path => '/usr/share/filebeat/module',
+ creates => '/usr/share/filebeat/module/wazuh',
+ cleanup => true,
+ notify => Service['filebeat'],
+ require => Package['filebeat'],
  }
 
  file { '/usr/share/filebeat/module/wazuh':
  ensure => 'directory',
  mode => '0755',
- require => Package[$filebeat_oss_package]
+ require => Package['filebeat'],
  }
 
- include wazuh::certificates
+ require wazuh::certificates
 
- exec { 'Copy Filebeat Certificates':
+ exec { "ensure full path of ${filebeat_path_certs}":
  path => '/usr/bin:/bin',
- command => "mkdir $filebeat_path_certs \
- && cp /tmp/wazuh-certificates/server.pem $filebeat_path_certs/filebeat.pem\
- && cp /tmp/wazuh-certificates/server-key.pem $filebeat_path_certs/filebeat-key.pem\
- && cp /tmp/wazuh-certificates/root-ca.pem $filebeat_path_certs\
- && chown root:root -R $filebeat_path_certs\
- && chmod 500 $filebeat_path_certs\
- && chmod 400 $filebeat_path_certs/*",
- require => Package[$filebeat_oss_package],
+ command => "mkdir -p ${filebeat_path_certs}",
+ creates => $filebeat_path_certs,
+ require => Package['filebeat'],
+ }
+ -> file { $filebeat_path_certs:
+ ensure => directory,
+ owner => $filebeat_fileuser,
+ group => $filebeat_filegroup,
+ mode => '0500',
+ }
 
+ $_certfiles = {
+ 'server.pem' => 'filebeat.pem',
+ 'server-key.pem' => 'filebeat-key.pem',
+ 'root-ca.pem' => 'root-ca.pem',
+ }
+ $_certfiles.each |String $certfile_source, String $certfile_target| {
+ file { "${filebeat_path_certs}/${certfile_target}":
+ ensure => file,
+ owner => $filebeat_fileuser,
+ group => $filebeat_filegroup,
+ mode => '0400',
+ replace => false, # only copy content when file not exist
+ source => "/tmp/wazuh-certificates/${certfile_source}",
+ }
  }
 
  service { 'filebeat':
  ensure => running,
  enable => true,
- require => Package[$filebeat_oss_package]
+ name => $filebeat_oss_service,
+ require => Package['filebeat'],
  }
 }