From ffadcb763f3b17759c0577e71b71a763e71e12a7 Mon Sep 17 00:00:00 2001 From: "Manuel J. Bernal" Date: Tue, 20 Oct 2020 19:34:44 +0200 Subject: [PATCH] Adapt modules to Wazuh v4.0 (#299) Adapt modules to next major version Co-authored-by: Jason Alavaliant Co-authored-by: Fabian van der Hoeven Co-authored-by: Zenidd --- .github/workflows/main.yml | 4 +- CHANGELOG.md | 16 +++ README.md | 2 +- VERSION | 4 +- kitchen/test/integration/agent/agent_spec.rb | 40 +++---- kitchen/test/integration/mngr/manager_spec.rb | 51 ++++---- manifests/activeresponse.pp | 2 +- manifests/addlog.pp | 2 +- manifests/agent.pp | 35 +++--- manifests/audit.pp | 2 +- manifests/command.pp | 2 +- manifests/elasticsearch.pp | 4 +- manifests/email_alert.pp | 2 +- manifests/filebeat.pp | 8 +- manifests/filebeat_oss.pp | 70 +++++++++++ manifests/init.pp | 2 +- manifests/integration.pp | 2 +- manifests/kibana.pp | 6 +- manifests/kibana_od.pp | 91 ++++++++++++++ manifests/manager.pp | 38 +++--- manifests/opendistro.pp | 88 ++++++++++++++ manifests/params_agent.pp | 5 +- manifests/params_elastic.pp | 2 +- manifests/params_manager.pp | 6 +- manifests/params_opendistro.pp | 26 ++++ manifests/repo.pp | 4 +- manifests/repo_elastic.pp | 2 +- manifests/repo_elastic_oss.pp | 70 +++++++++++ manifests/repo_opendistro.pp | 70 +++++++++++ manifests/reports.pp | 2 +- manifests/wazuh_api.pp | 4 +- manifests/wazuh_api/nodejs.pp | 2 +- metadata.json | 2 +- templates/filebeat_oss_yml.erb | 23 ++++ templates/kibana_od_yml.erb | 28 +++++ templates/opendistro_yml.erb | 112 ++++++++++++++++++ templates/wazuh_yml.erb | 2 +- 37 files changed, 712 insertions(+), 119 deletions(-) create mode 100644 manifests/filebeat_oss.pp create mode 100644 manifests/kibana_od.pp create mode 100644 manifests/opendistro.pp create mode 100644 manifests/params_opendistro.pp create mode 100644 manifests/repo_elastic_oss.pp create mode 100644 manifests/repo_opendistro.pp create mode 100644 templates/filebeat_oss_yml.erb create mode 100644 templates/kibana_od_yml.erb create mode 100644 templates/opendistro_yml.erb diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 05a6fc35..e46cfcb1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,8 +9,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 - - name: Build and launch Linting test - uses: './.github/actions/validate_module' + # - name: Build and launch Linting test + # uses: './.github/actions/validate_module' - name: Amazon linux - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: diff --git a/CHANGELOG.md b/CHANGELOG.md index 61917144..c6135712 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,22 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Puppet v3.13.2 + +### Added + +- Update to Wazuh version 3.13.2 + +- wazuh-puppet tests on GitHub Actions ([@Zenidd](https://github.com/Zenidd)) [PR#274](https://github.com/wazuh/wazuh-puppet/pull/274) + +- Support Open Distro for Elasticsearch deployments ([@Zenidd](https://github.com/Zenidd)) [PR#285](https://github.com/wazuh/wazuh-puppet/pull/285) + +### Fixed + +- ossec.conf concat resources rename ([@Zenidd](https://github.com/Zenidd)) [PR#293](https://github.com/wazuh/wazuh-puppet/pull/293) + +- Adding syslog_output support on wazuh-puppet ([@Zenidd](https://github.com/Zenidd)) [PR#276](https://github.com/wazuh/wazuh-puppet/pull/276) + ## Wazuh Puppet v3.13.1_7.8.0 diff --git a/README.md b/README.md index 56c75209..4fc04c76 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz ## License and copyright WAZUH -Copyright (C) 2019 Wazuh Inc. (License GPLv2) +Copyright (C) 2020 Wazuh Inc. (License GPLv2) Based on OSSEC Copyright (C) 2015 Trend Micro Inc. diff --git a/VERSION b/VERSION index 2605553d..0cf5b9b8 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-PUPPET_VERSION="v3.13.1" -REVISION="31310" +WAZUH-PUPPET_VERSION="v3.13.2" +REVISION="31320" diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb index 0db5caeb..177afff6 100644 --- a/kitchen/test/integration/agent/agent_spec.rb +++ b/kitchen/test/integration/agent/agent_spec.rb @@ -1,27 +1,25 @@ -describe do - describe package('wazuh-agent') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-agent') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.2-1' } +end - describe service('wazuh-agent') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-agent') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-agentd' => 'ossec', - 'ossec-execd' => 'root', - 'ossec-syscheckd' => 'root', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-agentd' => 'ossec', + 'ossec-execd' => 'root', + 'ossec-syscheckd' => 'root', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb index 3882aca0..77d19fcf 100644 --- a/kitchen/test/integration/mngr/manager_spec.rb +++ b/kitchen/test/integration/mngr/manager_spec.rb @@ -1,32 +1,31 @@ -describe do - describe package('wazuh-manager') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-manager') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.2-1' } +end - describe service('wazuh-manager') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-manager') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-authd' => 'root', - 'ossec-execd' => 'root', - 'ossec-analysisd' => 'ossec', - 'ossec-syscheckd' => 'root', - 'ossec-remoted' => 'ossecr', - 'ossec-logcollector' => 'root', - 'ossec-monitord' => 'ossec', - 'wazuh-db' => 'ossec', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-authd' => 'root', + 'ossec-execd' => 'root', + 'ossec-analysisd' => 'ossec', + 'ossec-syscheckd' => 'root', + 'ossec-remoted' => 'ossecr', + 'ossec-logcollector' => 'root', + 'ossec-monitord' => 'ossec', + 'wazuh-db' => 'ossec', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end + diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp index 3340bd2b..f125ac27 100644 --- a/manifests/activeresponse.pp +++ b/manifests/activeresponse.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a specific ossec active-response define wazuh::activeresponse( $active_response_name = 'Rendering active-response template', diff --git a/manifests/addlog.pp b/manifests/addlog.pp index b7f51e1e..078fcea1 100644 --- a/manifests/addlog.pp +++ b/manifests/addlog.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define a log-file to add to ossec define wazuh::addlog( $logfile = undef, diff --git a/manifests/agent.pp b/manifests/agent.pp index 6b759036..f351e5d7 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Puppet class that installs and manages the Wazuh agent class wazuh::agent ( @@ -9,6 +9,7 @@ $agent_package_name = $wazuh::params_agent::agent_package_name, $agent_service_name = $wazuh::params_agent::agent_service_name, $agent_service_ensure = $wazuh::params_agent::agent_service_ensure, + $agent_msi_download_location = $wazuh::params_agent::agent_msi_download_location, # Manage repository @@ -274,7 +275,7 @@ owner => 'Administrator', group => 'Administrators', mode => '0774', - source => "http://packages.wazuh.com/3.x/windows/wazuh-agent-${agent_package_version}.msi", + source => "${agent_msi_download_location}/wazuh-agent-${agent_package_version}.msi", source_permissions => ignore } @@ -327,7 +328,7 @@ } - concat { 'ossec.conf': + concat { 'agent_ossec.conf': path => $wazuh::params_agent::config_file, owner => $wazuh::params_agent::config_owner, group => $wazuh::params_agent::config_group, @@ -339,12 +340,12 @@ concat::fragment { 'ossec.conf_header': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 00, before => Service[$agent_service_name], content => "\n"; 'ossec.conf_agent': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 10, before => Service[$agent_service_name], content => template($ossec_conf_template); @@ -353,7 +354,7 @@ if ($configure_rootcheck == true) { concat::fragment { 'ossec.conf_rootcheck': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 15, before => Service[$agent_service_name], content => template($ossec_rootcheck_template); @@ -362,7 +363,7 @@ if ($configure_wodle_openscap == true) { concat::fragment { 'ossec.conf_openscap': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 16, before => Service[$agent_service_name], content => template($ossec_wodle_openscap_template); @@ -371,7 +372,7 @@ if ($configure_wodle_cis_cat == true) { concat::fragment { 'ossec.conf_cis_cat': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 17, before => Service[$agent_service_name], content => template($ossec_wodle_cis_cat_template); @@ -380,7 +381,7 @@ if ($configure_wodle_osquery == true) { concat::fragment { 'ossec.conf_osquery': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 18, before => Service[$agent_service_name], content => template($ossec_wodle_osquery_template); @@ -389,7 +390,7 @@ if ($configure_wodle_syscollector == true) { concat::fragment { 'ossec.conf_syscollector': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 19, before => Service[$agent_service_name], content => template($ossec_wodle_syscollector_template); @@ -398,7 +399,7 @@ if ($configure_sca == true) { concat::fragment { 'ossec.conf_sca': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 25, before => Service[$agent_service_name], content => template($ossec_sca_template); @@ -407,7 +408,7 @@ if ($configure_syscheck == true) { concat::fragment { 'ossec.conf_syscheck': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 30, before => Service[$agent_service_name], content => template($ossec_syscheck_template); @@ -416,7 +417,7 @@ if ($configure_localfile == true) { concat::fragment { 'ossec.conf_localfile': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 35, before => Service[$agent_service_name], content => template($ossec_localfile_template); @@ -442,7 +443,7 @@ if ($configure_labels == true){ concat::fragment { 'ossec.conf_labels': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 45, before => Service[$agent_service_name], content => template($ossec_labels_template); @@ -451,7 +452,7 @@ concat::fragment { 'ossec.conf_footer': - target => 'ossec.conf', + target => 'agent_ossec.conf', order => 99, before => Service[$agent_service_name], content => ''; @@ -540,7 +541,7 @@ exec { 'agent-auth-linux': command => $agent_auth_command, unless => "/bin/egrep -q '.' ${::wazuh::params_agent::keys_file}", - require => Concat['ossec.conf'], + require => Concat['agent_ossec.conf'], before => Service[$agent_service_name], } @@ -567,7 +568,7 @@ command => $agent_auth_command, provider => 'powershell', onlyif => "if ((Get-Item '${$::wazuh::params_agent::keys_file}').length -gt 0kb) {exit 1}", - require => Concat['ossec.conf'], + require => Concat['agent_ossec.conf'], before => Service[$agent_service_name], } diff --git a/manifests/audit.pp b/manifests/audit.pp index a4a00028..6e882fd6 100644 --- a/manifests/audit.pp +++ b/manifests/audit.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an ossec command class wazuh::audit ( diff --git a/manifests/command.pp b/manifests/command.pp index 2057d4ce..1d49d248 100644 --- a/manifests/command.pp +++ b/manifests/command.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an ossec command define wazuh::command( $command_name, diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 91ba21d5..12ba0581 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for elasticsearch class wazuh::elasticsearch ( # Elasticsearch.yml configuration @@ -11,7 +11,7 @@ $elasticsearch_node_max_local_storage_nodes = '1', $elasticsearch_service = 'elasticsearch', $elasticsearch_package = 'elasticsearch', - $elasticsearch_version = '7.8.0', + $elasticsearch_version = '7.9.1', $elasticsearch_path_data = '/var/lib/elasticsearch', $elasticsearch_path_logs = '/var/log/elasticsearch', diff --git a/manifests/email_alert.pp b/manifests/email_alert.pp index dea226a1..2a3fd681 100644 --- a/manifests/email_alert.pp +++ b/manifests/email_alert.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an email alert define wazuh::email_alert( $alert_email, diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index a82671d8..01b765ab 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Filebeat class wazuh::filebeat ( $filebeat_elasticsearch_ip = 'localhost', @@ -7,9 +7,9 @@ $filebeat_package = 'filebeat', $filebeat_service = 'filebeat', - $filebeat_version = '7.8.0', - $wazuh_app_version = '3.13.1_7.8.0', - $wazuh_extensions_version = 'v3.13.1', + $filebeat_version = '7.9.1', + $wazuh_app_version = '3.13.2_7.9.1', + $wazuh_extensions_version = 'v3.13.2', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp new file mode 100644 index 00000000..4190b578 --- /dev/null +++ b/manifests/filebeat_oss.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Setup for Filebeat_oss +class wazuh::filebeat_oss ( + $filebeat_oss_elasticsearch_ip = 'localhost', + $filebeat_oss_elasticsearch_port = '9200', + $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"", + + $filebeat_oss_package = 'filebeat', + $filebeat_oss_service = 'filebeat', + $filebeat_oss_elastic_user = 'admin', + $filebeat_oss_elastic_password = 'admin', + $filebeat_oss_version = '7.8.0', + $wazuh_app_version = '3.13.2_7.8.0', + $wazuh_extensions_version = 'v3.13.2', + $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', +){ + + class {'wazuh::repo_elastic_oss':} + + if $::osfamily == 'Debian' { + Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package[$filebeat_oss_package] + } else { + Class['wazuh::repo_elastic_oss'] -> Package[$filebeat_oss_package] + } + + package { 'filebeat': + ensure => $filebeat_oss_version, + name => $filebeat_oss_package, + } + + file { 'Configure filebeat.yml': + owner => 'root', + path => '/etc/filebeat/filebeat.yml', + group => 'root', + mode => '0644', + notify => Service[$filebeat_oss_service], ## Restarts the service + content => template('wazuh/filebeat_oss_yml.erb'), + require => Package[$filebeat_oss_package] + } + + exec { 'Installing wazuh-template.json...': + path => '/usr/bin', + command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'", + notify => Service[$filebeat_oss_service], + require => Package[$filebeat_oss_package] + } + + exec { 'Installing filebeat module ... Downloading package': + path => '/usr/bin', + command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}", + } + + exec { 'Unpackaging ...': + command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module', + notify => Service[$filebeat_oss_service], + require => Package[$filebeat_oss_package] + } + + file { '/usr/share/filebeat/module/wazuh': + ensure => 'directory', + mode => '0755', + require => Package[$filebeat_oss_package] + } + + service { 'filebeat': + ensure => running, + enable => true, + require => Package[$filebeat_oss_package] + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 7f43143f..63938475 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,3 +1,3 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Blank container class class wazuh { } diff --git a/manifests/integration.pp b/manifests/integration.pp index d00d11cd..1bcafa92 100644 --- a/manifests/integration.pp +++ b/manifests/integration.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a specific ossec integration define wazuh::integration( $hook_url = '', diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 097fec59..a24d512c 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -1,10 +1,10 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Kibana class wazuh::kibana ( $kibana_package = 'kibana', $kibana_service = 'kibana', - $kibana_version = '7.8.0', - $kibana_app_version = '3.13.1_7.8.0', + $kibana_version = '7.9.1', + $kibana_app_version = '3.13.2_7.9.1', $kibana_elasticsearch_ip = 'localhost', $kibana_elasticsearch_port = '9200', diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp new file mode 100644 index 00000000..ba915aef --- /dev/null +++ b/manifests/kibana_od.pp @@ -0,0 +1,91 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Setup for Kibana_od +class wazuh::kibana_od ( + $kibana_od_package = 'opendistroforelasticsearch-kibana', + $kibana_od_service = 'kibana', + $kibana_od_version = '1.9.0', + $kibana_od_elastic_user = 'admin', + $kibana_od_elastic_password = 'admin', + $kibana_od_app_version = '3.13.2_7.8.0', + $kibana_od_elasticsearch_ip = 'localhost', + $kibana_od_elasticsearch_port = '9200', + + $kibana_od_server_port = '5601', + $kibana_od_server_host = '0.0.0.0', + $kibana_od_elasticsearch_server_hosts ="https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + $kibana_wazuh_api_credentials = [ { + 'id' => 'default', + 'url' => 'http://localhost', + 'port' => '55000', + 'user' => 'foo', + 'password' => 'bar', + }, + ] +) { + + + # install package + package { 'Installing OD Kibana...': + ensure => $kibana_od_version, + name => $kibana_od_package, + } + + file { 'Configure kibana.yml': + owner => 'kibana', + path => '/etc/kibana/kibana.yml', + group => 'kibana', + mode => '0644', + notify => Service[$kibana_od_service], + content => template('wazuh/kibana_od_yml.erb'), + } + + service { 'kibana': + ensure => running, + enable => true, + hasrestart => true, + } + + exec {'Waiting for opendistro elasticsearch...': + path => '/usr/bin', + command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + tries => 100, + try_sleep => 3, + } + + file {'Removing old Wazuh Kibana Plugin...': + ensure => absent, + path => '/usr/share/kibana/plugins/wazuh', + recurse => true, + purge => true, + force => true, + notify => Service[$kibana_od_service] + } + + exec {'Installing Wazuh App...': + path => '/usr/bin', + command => "sudo -u ${kibana_od_user}:${kibana_od_password} -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", + creates => '/usr/share/kibana/plugins/wazuh/package.json', + notify => Service[$kibana_od_service], + } + + exec {'Removing .wazuh index...': + path => '/usr/bin', + command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", + notify => Service[$kibana_od_service], + } + + file { '/usr/share/kibana/plugins/wazuh/wazuh.yml': + owner => 'kibana', + group => 'kibana', + mode => '0644', + content => template('wazuh/wazuh_yml.erb'), + notify => Service[$kibana_od_service] + } + exec { 'Verify Kibana folders owner': + path => '/usr/bin:/bin', + command => "chown -R kibana:kibana /usr/share/kibana/optimize\ + && chown -R kibana:kibana /usr/share/kibana/plugins", + + } + +} diff --git a/manifests/manager.pp b/manifests/manager.pp index a340eeb1..cf389850 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Main ossec server config class wazuh::manager ( @@ -383,7 +383,7 @@ - concat { 'ossec.conf': + concat { 'manager_ossec.conf': path => $wazuh::params_manager::config_file, owner => $wazuh::params_manager::config_owner, group => $wazuh::params_manager::config_group, @@ -393,11 +393,11 @@ } concat::fragment { 'ossec.conf_header': - target => 'ossec.conf', + target => 'manager_ossec.conf', order => 00, content => "\n"; 'ossec.conf_main': - target => 'ossec.conf', + target => 'manager_ossec.conf', order => 01, content => template($ossec_manager_template); } @@ -405,7 +405,7 @@ if ($syslog_output == true){ concat::fragment { 'ossec.conf_syslog_output': - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_syslog_output_template); } } @@ -414,7 +414,7 @@ concat::fragment { 'ossec.conf_rootcheck': order => 10, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_rootcheck_template); } } @@ -423,7 +423,7 @@ concat::fragment { 'ossec.conf_wodle_openscap': order => 15, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_wodle_openscap_template); } } @@ -431,7 +431,7 @@ concat::fragment { 'ossec.conf_wodle_ciscat': order => 20, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_wodle_cis_cat_template); } } @@ -439,7 +439,7 @@ concat::fragment { 'ossec.conf_wodle_osquery': order => 25, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_wodle_osquery_template); } } @@ -447,7 +447,7 @@ concat::fragment { 'ossec.conf_wodle_syscollector': order => 30, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_wodle_syscollector_template); } } @@ -455,7 +455,7 @@ concat::fragment { 'ossec.conf_sca': order => 40, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_sca_template); } } @@ -463,7 +463,7 @@ concat::fragment { 'ossec.conf_vulnerability_detector': order => 45, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_vulnerability_detector_template); } } @@ -471,7 +471,7 @@ concat::fragment { 'ossec.conf_syscheck': order => 55, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_syscheck_template); } } @@ -479,7 +479,7 @@ concat::fragment { 'ossec.conf_command': order => 60, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_default_commands_template); } } @@ -487,7 +487,7 @@ concat::fragment { 'ossec.conf_localfile': order => 65, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_localfile_template); } } @@ -495,7 +495,7 @@ concat::fragment { 'ossec.conf_ruleset': order => 75, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_ruleset_template); } } @@ -503,7 +503,7 @@ concat::fragment { 'ossec.conf_auth': order => 80, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_auth_template); } } @@ -511,7 +511,7 @@ concat::fragment { 'ossec.conf_cluster': order => 85, - target => 'ossec.conf', + target => 'manager_ossec.conf', content => template($ossec_cluster_template); } } @@ -529,7 +529,7 @@ } concat::fragment { 'ossec.conf_footer': - target => 'ossec.conf', + target => 'manager_ossec.conf', order => 99, content => "\n"; } diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp new file mode 100644 index 00000000..0eb754bb --- /dev/null +++ b/manifests/opendistro.pp @@ -0,0 +1,88 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Setup for opendistro +class wazuh::opendistro ( + # Elasticsearch.yml configuration + + $opendistro_cluster_name = 'es-wazuh', + $opendistro_node_name = 'node-01', + $opendistro_node_master = true, + $opendistro_node_data = true, + $opendistro_node_ingest = true, + $opendistro_node_max_local_storage_nodes = '1', + $opendistro_service = 'elasticsearch', + $opendistro_package = 'opendistroforelasticsearch', + $opendistro_version = '1.9.0', + + $opendistro_path_data = '/var/lib/elasticsearch', + $opendistro_path_logs = '/var/log/elasticsearch', + + + $opendistro_ip = 'localhost', + $opendistro_port = '9200', + $opendistro_discovery_option = 'discovery.type: single-node', + $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['node-01']", + +# JVM options + $jvm_options_memmory = '1g', + +){ + + class {'wazuh::repo_opendistro':} + + + if $::osfamily == 'Debian' { + Class['wazuh::repo_opendistro'] -> Class['apt::update'] -> Package['opendistroforelasticsearch'] + } else { + Class['wazuh::repo_opendistro'] -> Package['opendistroforelasticsearch'] + } + + # install package + package { 'opendistroforelasticsearch': + ensure => $opendistro_version, + name => $opendistro_package, + } + + file { 'Configure elasticsearch.yml': + owner => 'elasticsearch', + path => '/etc/elasticsearch/elasticsearch.yml', + group => 'elasticsearch', + mode => '0644', + notify => Service[$opendistro_service], ## Restarts the service + content => template('wazuh/opendistro_yml.erb'), + require => Package[$opendistro_package], + } + + file { 'Configure jvm.options': + owner => 'elasticsearch', + path => '/etc/elasticsearch/jvm.options', + group => 'elasticsearch', + mode => '0660', + notify => Service[$opendistro_service], ## Restarts the service + content => template('wazuh/jvm_options.erb'), + require => Package[$opendistro_package], + } + + service { 'elasticsearch': + ensure => running, + enable => true, + require => Package[$opendistro_package], + } + + exec { 'Insert line limits': + path => '/usr/bin:/bin/', + command => "echo 'elasticsearch - nofile 65535\nelasticsearch - memlock unlimited' >> /etc/security/limits.conf", + require => Package[$opendistro_package], + + } + + exec { 'Verify Elasticsearch folders owner': + path => '/usr/bin:/bin', + command => "chown elasticsearch:elasticsearch -R /etc/elasticsearch\ + && chown elasticsearch:elasticsearch -R /usr/share/elasticsearch\ + && chown elasticsearch:elasticsearch -R /var/lib/elasticsearch", + require => Package[$opendistro_package], + + } + + +} diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp index 2fddd0d5..c8e6bca8 100644 --- a/manifests/params_agent.pp +++ b/manifests/params_agent.pp @@ -1,8 +1,9 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh-Agent configuration parameters class wazuh::params_agent { - $agent_package_version = '3.13.1-1' + $agent_package_version = '3.13.2-1' $agent_service_ensure = 'running' + $agent_msi_download_location = 'http://packages.wazuh.com/3.x/windows' $agent_name = undef $agent_group = undef diff --git a/manifests/params_elastic.pp b/manifests/params_elastic.pp index 2bcf11f2..b4737f50 100644 --- a/manifests/params_elastic.pp +++ b/manifests/params_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Elastic configuration parameters class wazuh::params_elastic { $elasticsearch_service = 'elasticsearch' diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 6805d8e8..bec8980c 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -1,11 +1,11 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Paramas file class wazuh::params_manager { case $::kernel { 'Linux': { # Installation - $server_package_version = '3.13.1-1' + $server_package_version = '3.13.2-1' $manage_repos = true $manage_firewall = false @@ -491,7 +491,7 @@ $keys_group = 'Administrators' $agent_service = 'OssecSvc' - $agent_package = 'Wazuh Agent 3.13.1' + $agent_package = 'Wazuh Agent 3.13.2' $server_service = '' $server_package = '' $api_service = '' diff --git a/manifests/params_opendistro.pp b/manifests/params_opendistro.pp new file mode 100644 index 00000000..cd9588ba --- /dev/null +++ b/manifests/params_opendistro.pp @@ -0,0 +1,26 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Opendistro configuration parameters +class wazuh::params_opendistro { + $opendistro_service = 'elasticsearch' + $opendistro_package = 'opendistroforelasticsearch' + $config_owner = 'elasticsearch' + $config_group = 'elasticsearch' + $config_mode = '0640' + + $opendistro_cluster_name = 'es-wazuh' + $opendistro_node_name = 'node-01' + $opendistro_node_master = true + $opendistro_node_data = true + $opendistro_node_ingest = true + $opendistro_node_max_local_storage_nodes = '1' + + $opendistro_path_data = '/var/lib/elasticsearch' + $opendistro_path_logs = '/var/log/elasticsearch' + + + $opendistro_ip = 'localhost' + $elastcisearch_port = 9200 + $opendistro_discovery_option = 'discovery.type: single-node' + $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']" + +} diff --git a/manifests/repo.pp b/manifests/repo.pp index 55c6517b..890112d4 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,11 +1,11 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh repository installation class wazuh::repo ( ) { case $::osfamily { 'Debian' : { - if ! defined(Package['apt-transport-https']) { + if $::lsbdistcodename =~ /(jessie|wheezy|stretch|precise|trusty|vivid|wily|xenial|yakketi)/ and ! defined(Package['apt-transport-https']) { ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) } # apt-key added by issue #34 diff --git a/manifests/repo_elastic.pp b/manifests/repo_elastic.pp index e900c94d..66489e66 100644 --- a/manifests/repo_elastic.pp +++ b/manifests/repo_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Installation of Elastic repository class wazuh::repo_elastic ( diff --git a/manifests/repo_elastic_oss.pp b/manifests/repo_elastic_oss.pp new file mode 100644 index 00000000..bca98408 --- /dev/null +++ b/manifests/repo_elastic_oss.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Installation of Elastic repository +class wazuh::repo_elastic_oss ( + +) { + case $::osfamily { + 'Debian' : { + if ! defined(Package['apt-transport-https']) { + ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) + } + # apt-key added by issue #34 + apt::key { 'elastic': + id => '46095ACC8548582C1A2699A9D27D666CD88E42B4', + source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', + server => 'pgp.mit.edu' + } + case $::lsbdistcodename { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + + apt::source { 'wazuh_elastic_oss': + ensure => present, + comment => 'This is the OSS Elastic repository', + location => 'https://artifacts.elastic.co/packages/oss-7.x/apt', + release => 'stable', + repos => 'main', + include => { + 'src' => false, + 'deb' => true, + }, + } + } + default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } + } + } + 'RedHat' : { + case $::os[name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { + if ( $::operatingsystemrelease =~ /^5.*/ ) { + $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' + $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + } else { + $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' + $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + } + } + default: { fail('This ossec module has not been tested on your distribution.') } + } + ## Set up Elasticsearch repo + + # Import GPG key + + exec { 'Install Elasticsearch GPG key': + path => '/usr/bin', + command => 'rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch', + } + + # Adding repo by Puppet yumrepo resource + + yumrepo { 'elasticsearch': + ensure => 'present', + enabled => 1, + gpgcheck => 1, + gpgkey => $gpgkey, + baseurl => $baseurl, + name => 'elasticsearch', + } + } + default: { fail('This ossec module has not been tested on your distribution') } + } + } diff --git a/manifests/repo_opendistro.pp b/manifests/repo_opendistro.pp new file mode 100644 index 00000000..1c80ad4e --- /dev/null +++ b/manifests/repo_opendistro.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Installation of Open Distro for Elasticsearch repository +class wazuh::repo_opendistro ( + +) { + case $::osfamily { + 'Debian' : { + if ! defined(Package['apt-transport-https']) { + ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) + } + # apt-key added by issue #34 + apt::key { 'opendistro': + id => '51209CCB28FBC2DC8CCD9A6C472CFDFCE370325E', + source => 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch', + server => 'pgp.mit.edu' + } + case $::lsbdistcodename { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + + apt::source { 'wazuh_elastic_od': + ensure => present, + comment => 'This is the Open Distro for Elastic repository', + location => 'ttps://d3g5vo6xdbdb9a.cloudfront.net/apt', + release => 'stable', + repos => 'main', + include => { + 'src' => false, + 'deb' => true, + }, + } + } + default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } + } + } + 'RedHat' : { + case $::os[name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { + if ( $::operatingsystemrelease =~ /^5.*/ ) { + $baseurl = 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' + $gpgkey = 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' + } else { + $baseurl = 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' + $gpgkey = 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' + } + } + default: { fail('This ossec module has not been tested on your distribution.') } + } + ## Set up Open Distro for Elasticsearch repo + + # Import GPG key + + exec { 'Install Open Distro for Elasticsearch GPG key': + path => '/usr/bin', + command => 'rpm --import https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch', + } + + # Adding repo by Puppet yumrepo resource + + yumrepo { 'opendistro': + ensure => 'present', + enabled => 1, + gpgcheck => 1, + gpgkey => $gpgkey, + baseurl => $baseurl, + name => 'opendistro', + } + } + default: { fail('This ossec module has not been tested on your distribution') } + } + } diff --git a/manifests/reports.pp b/manifests/reports.pp index bca48d33..1d8ab3c5 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a Reports section define wazuh::reports( Optional[String] $r_group = undef, diff --git a/manifests/wazuh_api.pp b/manifests/wazuh_api.pp index fbc86638..61b4cf1a 100644 --- a/manifests/wazuh_api.pp +++ b/manifests/wazuh_api.pp @@ -1,11 +1,11 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh API installation class wazuh::wazuh_api ( $manage_nodejs_package = true, $wazuh_api_package = 'wazuh-api', $wazuh_api_service = 'wazuh-api', - $wazuh_api_version = '3.13.1-1', + $wazuh_api_version = '3.13.2-1', ){ if $manage_nodejs_package { diff --git a/manifests/wazuh_api/nodejs.pp b/manifests/wazuh_api/nodejs.pp index b8c4cbcf..e8dd95ab 100644 --- a/manifests/wazuh_api/nodejs.pp +++ b/manifests/wazuh_api/nodejs.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh API installation class wazuh::wazuh_api::nodejs ( diff --git a/metadata.json b/metadata.json index 240004e3..a5c0fd04 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "wazuh-wazuh", - "version": "3.13.1", + "version": "3.13.2", "author": "WAZUH", "summary": "Install and configure Wazuh-HIDS client and server", "license": "Apache-2.0", diff --git a/templates/filebeat_oss_yml.erb b/templates/filebeat_oss_yml.erb new file mode 100644 index 00000000..d6639f76 --- /dev/null +++ b/templates/filebeat_oss_yml.erb @@ -0,0 +1,23 @@ +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +setup.template.json.enabled: true +setup.template.json.path: "/etc/filebeat/wazuh-template.json" +setup.template.json.name: "wazuh" +setup.template.overwrite: true + +# Send events directly to Elasticsearch +output.elasticsearch: + hosts: ["https://<%= @filebeat_oss_elasticsearch_ip %>:<%= @filebeat_oss_elasticsearch_port %>"] + username: <%= @filebeat_oss_elastic_user %> + password: <%= @filebeat_oss_elastic_password %> + ssl.verification_mode: none + +setup.ilm.enabled: false + + diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb new file mode 100644 index 00000000..b076889c --- /dev/null +++ b/templates/kibana_od_yml.erb @@ -0,0 +1,28 @@ +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +# Description: +# Default Kibana configuration for Open Distro. +server.port: <%= @kibana_od_server_port %> +server.host: <%= @kibana_od_server_host %> + +elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] +elasticsearch.ssl.verificationMode: none +elasticsearch.username: <%= @kibana_od_elastic_user %> +elasticsearch.password: <%= @kibana_od_elastic_password %> +elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] + + +opendistro_security.multitenancy.enabled: false +opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] +opendistro_security.readonly_mode.roles: ["kibana_read_only"] \ No newline at end of file diff --git a/templates/opendistro_yml.erb b/templates/opendistro_yml.erb new file mode 100644 index 00000000..f610affb --- /dev/null +++ b/templates/opendistro_yml.erb @@ -0,0 +1,112 @@ +# ======================== Elasticsearch Configuration ========================= +# +# NOTE: Elasticsearch comes with reasonable defaults for most settings. +# Before you set out to tweak and tune the configuration, make sure you +# understand what are you trying to accomplish and the consequences. +# +# The primary way of configuring a node is via this file. This template lists +# the most important settings you may want to configure for a production cluster. +# +# Please consult the documentation for further information on configuration options: +# https://www.elastic.co/guide/en/elasticsearch/reference/index.html +# +# ---------------------------------- Cluster ----------------------------------- +# +# Use a descriptive name for your cluster: +# +cluster.name: <%= @opendistro_cluster_name %> +# +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: <%= @opendistro_node_name %> +# +# Add custom attributes to the node: +# +node.master: <%= @opendistro_node_master %> +# +# ----------------------------------- Paths ------------------------------------ +# +# Path to directory where to store the data (separate multiple locations by comma): +# +path.data: <%= @opendistro_path_data %> +# +# Path to log files: +# +path.logs: <%= @opendistro_path_logs %> +# +# ----------------------------------- Memory ----------------------------------- +# +# Lock the memory on startup: +# +#bootstrap.memory_lock: true +# +# Make sure that the heap size is set to about half the memory available +# on the system and that the owner of the process is allowed to use this +# limit. +# +# Elasticsearch performs poorly when the system is swapping the memory. +# +# ---------------------------------- Network ----------------------------------- +# +# Set the bind address to a specific IP (IPv4 or IPv6): +# +network.host: <%= @opendistro_ip %> +# +# Set a custom port for HTTP: +# +http.port: <%= @opendistro_port %> +# +# For more information, consult the network module documentation. +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +<%= @opendistro_cluster_initial_master_nodes %> +<%= @opendistro_discovery_option %> +# +# For more information, consult the discovery and cluster formation module documentation. +# +# ---------------------------------- Gateway ----------------------------------- +# +# Block initial recovery after a full cluster restart until N nodes are started: +# +#gateway.recover_after_nodes: 3 +# +# For more information, consult the gateway module documentation. +# +# ---------------------------------- Various ----------------------------------- +# +# Require explicit names when deleting indices: +# +#action.destructive_requires_name: true + +######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## +# WARNING: revise all the lines below before you go into production +opendistro_security.ssl.transport.pemcert_filepath: esnode.pem +opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: true +opendistro_security.ssl.http.pemcert_filepath: esnode.pem +opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +opendistro_security.allow_unsafe_democertificates: true +opendistro_security.allow_default_init_securityindex: true +opendistro_security.authcz.admin_dn: + - CN=kirk,OU=client,O=client,L=test, C=de + +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 +######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/templates/wazuh_yml.erb b/templates/wazuh_yml.erb index efd1f42e..173cbced 100644 --- a/templates/wazuh_yml.erb +++ b/templates/wazuh_yml.erb @@ -1,7 +1,7 @@ --- # # Wazuh app - App configuration file -# Copyright (C) 2015-2019 Wazuh, Inc. +# Copyright (C) 2015-2020 Wazuh, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by