From 561fea3b860d7f44976fa1cee36bee05c31a1765 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 7 Aug 2019 13:23:12 +0200 Subject: [PATCH 01/11] added the installation of filebeat module --- manifests/filebeat.pp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index ab5cbacc..5c5e5ebe 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -32,6 +32,20 @@ notify => Service['filebeat'] } + exec { 'Installing filebeat module ...': + path => '/usr/bin', + command => "curl -s https://packages-dev.wazuh.com/3.x/filebeat/wazuh-filebeat-0.1.tar.gz | tar -xvz -C /usr/share/filebeat/module", + notify => Service['filebeat'] + } + + directory "/usr/share/filebeat/module/wazuh" do + owner 'root' + group 'root' + recursive true + action :create + mode '0755' + end + service { 'filebeat': ensure => running, enable => true, From 8ab955828663597338759deb96f0a537adeb863d Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Wed, 7 Aug 2019 15:34:52 +0200 Subject: [PATCH 02/11] fixes for filebeat.pp manifest --- manifests/filebeat.pp | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 5c5e5ebe..a2939d94 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -38,13 +38,21 @@ notify => Service['filebeat'] } - directory "/usr/share/filebeat/module/wazuh" do - owner 'root' - group 'root' - recursive true - action :create - mode '0755' - end + class directory_tree { + + # or you can assign them to a variable and use them in the resource + $whisper_dirs = [ '/usr/share/filebeat', '/usr/share/filebeat/module', + '/usr/share/filebeat/module/wazuh', + ] + + file { $whisper_dirs: + ensure => 'directory', + owner => 'root', + group => 'wheel', + mode => '0755', + } + + } service { 'filebeat': ensure => running, From 3191eccfbd12b15eac62c958d79956361ce29885 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 8 Aug 2019 11:36:04 +0200 Subject: [PATCH 03/11] improved filebeat.pp and corrected the the installation flow .. --- manifests/elasticsearch.pp | 2 -- manifests/filebeat.pp | 20 +++++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 33891d5b..199821e1 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -27,8 +27,6 @@ ){ - class {'wazuh::repo_elastic':} - # install package package { 'Installing elasticsearch...': ensure => $elasticsearch_version, diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index a2939d94..e129e29d 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,5 +1,7 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) # Setup for Filebeat +class {'wazuh::repo_elastic':} + class wazuh::filebeat ( $filebeat_elasticsearch_ip = 'localhost', $filebeat_elasticsearch_port = '9200', @@ -10,8 +12,10 @@ $filebeat_version = '7.2.0', $wazuh_app_version = '3.9.4_7.2.0', $wazuh_extensions_version = 'v3.9.4', + $wazuh_module_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ + package { 'Installing Filebeat...': ensure => $filebeat_version, name => $filebeat_package, @@ -32,23 +36,23 @@ notify => Service['filebeat'] } - exec { 'Installing filebeat module ...': - path => '/usr/bin', - command => "curl -s https://packages-dev.wazuh.com/3.x/filebeat/wazuh-filebeat-0.1.tar.gz | tar -xvz -C /usr/share/filebeat/module", + exec { 'Installing filebeat module ... Downloading package': + command => "/usr/bin/wget -c https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_module_filebeat_module} -P /root/", + } + + exec { 'Unpackaging ...': + command => "/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module", notify => Service['filebeat'] } class directory_tree { # or you can assign them to a variable and use them in the resource - $whisper_dirs = [ '/usr/share/filebeat', '/usr/share/filebeat/module', - '/usr/share/filebeat/module/wazuh', + $whisper_dirs = [ '/usr/share/filebeat/module/wazuh', ] file { $whisper_dirs: ensure => 'directory', - owner => 'root', - group => 'wheel', mode => '0755', } @@ -58,6 +62,4 @@ ensure => running, enable => true, } - - } From 72ac040a39c172a999d42e5e50a125e034458c40 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 8 Aug 2019 11:53:46 +0200 Subject: [PATCH 04/11] fixes to filebeat.pp --- manifests/filebeat.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index e129e29d..bf8476df 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,7 +1,5 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) # Setup for Filebeat -class {'wazuh::repo_elastic':} - class wazuh::filebeat ( $filebeat_elasticsearch_ip = 'localhost', $filebeat_elasticsearch_port = '9200', @@ -15,6 +13,7 @@ $wazuh_module_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ + class {'wazuh::repo_elastic':} package { 'Installing Filebeat...': ensure => $filebeat_version, From f07524f2f179c1fabf9e49cd3e3be3ca38e56e30 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 8 Aug 2019 13:18:17 +0200 Subject: [PATCH 05/11] replacing wget by curl --- manifests/filebeat.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index bf8476df..1f003bc9 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -36,7 +36,8 @@ } exec { 'Installing filebeat module ... Downloading package': - command => "/usr/bin/wget -c https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_module_filebeat_module} -P /root/", + path => '/usr/bin', + command => "curl -o /root/${$wazuh_module_filebeat_module} https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_module_filebeat_module}", } exec { 'Unpackaging ...': From 0d3f6ea1f82a6592a80caee701d1ea2e4102de22 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 8 Aug 2019 14:54:52 +0200 Subject: [PATCH 06/11] adapted kibana --- manifests/elasticsearch.pp | 2 +- manifests/filebeat.pp | 2 +- manifests/kibana.pp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 199821e1..12af35dd 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -17,7 +17,7 @@ $elasticsearch_path_logs = '/var/log/elasticsearch', - $elasticsearch_ip = 'localhost', + $elasticsearch_ip = '', $elasticsearch_port = '9200', $elasticsearch_discovery_option = 'discovery.type: single-node', $elasticsearch_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']", diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 1f003bc9..16aecc63 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) # Setup for Filebeat class wazuh::filebeat ( - $filebeat_elasticsearch_ip = 'localhost', + $filebeat_elasticsearch_ip = '', $filebeat_elasticsearch_port = '9200', $elasticsearch_server_ip = "\"${filebeat_elasticsearch_ip}:${filebeat_elasticsearch_port}\"", diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 80963df9..ab298c7d 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -6,7 +6,7 @@ $kibana_version = '7.2.0', $kibana_app_version = '3.9.4_7.2.0', - $kibana_elasticsearch_ip = 'localhost', + $kibana_elasticsearch_ip = '', $kibana_elasticsearch_port = '9200', $kibana_server_port = '5601', From 61017308ea403a68cb15d1ddad6ecf6b9b41b61c Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 8 Aug 2019 15:24:08 +0200 Subject: [PATCH 07/11] Updated CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ef0eed45..47a2853b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ All notable changes to this project will be documented in this file. - Update to Wazuh version 3.9.4_7.2.0 +- Added Filebeat module and adapted Elasticsearch IP[rshad](https://github.com/rshad) [PR#144] (https://github.com/wazuh/wazuh-puppet/pull/144) + +- Added Kitchen testing for Wazuh deployment with Puppet. [rshad](https://github.com/rshad) [PR#139](https://github.com/wazuh/wazuh-puppet/pull/139) + - Moved command and email_alert templates to templates/fragments. [rshad](https://github.com/rshad) [PR#143](https://github.com/wazuh/wazuh-puppet/pull/143). - Fixed integration when group is not specified. [TheoPoc](https://github.com/TheoPoc) [PR#142](https://github.com/wazuh/wazuh-puppet/pull/142). From 1301d408b350d150f40ea1e58dbace59119cc99a Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Thu, 8 Aug 2019 19:57:33 +0200 Subject: [PATCH 08/11] Fixes .. --- manifests/elasticsearch.pp | 2 +- manifests/filebeat.pp | 16 ++++------------ manifests/kibana.pp | 2 +- 3 files changed, 6 insertions(+), 14 deletions(-) diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 12af35dd..6615372c 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -17,7 +17,7 @@ $elasticsearch_path_logs = '/var/log/elasticsearch', - $elasticsearch_ip = '', + $elasticsearch_ip = '', $elasticsearch_port = '9200', $elasticsearch_discovery_option = 'discovery.type: single-node', $elasticsearch_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']", diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 16aecc63..bf88db9e 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) # Setup for Filebeat class wazuh::filebeat ( - $filebeat_elasticsearch_ip = '', + $filebeat_elasticsearch_ip = '', $filebeat_elasticsearch_port = '9200', $elasticsearch_server_ip = "\"${filebeat_elasticsearch_ip}:${filebeat_elasticsearch_port}\"", @@ -45,17 +45,9 @@ notify => Service['filebeat'] } - class directory_tree { - - # or you can assign them to a variable and use them in the resource - $whisper_dirs = [ '/usr/share/filebeat/module/wazuh', - ] - - file { $whisper_dirs: - ensure => 'directory', - mode => '0755', - } - + file { '/usr/share/filebeat/module/wazuh': + ensure => 'directory', + mode => '0755', } service { 'filebeat': diff --git a/manifests/kibana.pp b/manifests/kibana.pp index ab298c7d..bda14ed0 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -6,7 +6,7 @@ $kibana_version = '7.2.0', $kibana_app_version = '3.9.4_7.2.0', - $kibana_elasticsearch_ip = '', + $kibana_elasticsearch_ip = '', $kibana_elasticsearch_port = '9200', $kibana_server_port = '5601', From e350d69b9bc390e53e2bbbf33535717e9e424ac7 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 9 Aug 2019 10:11:51 +0200 Subject: [PATCH 09/11] changing variable name --- manifests/filebeat.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index bf88db9e..bed19126 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -10,7 +10,7 @@ $filebeat_version = '7.2.0', $wazuh_app_version = '3.9.4_7.2.0', $wazuh_extensions_version = 'v3.9.4', - $wazuh_module_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', + $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ class {'wazuh::repo_elastic':} @@ -37,7 +37,7 @@ exec { 'Installing filebeat module ... Downloading package': path => '/usr/bin', - command => "curl -o /root/${$wazuh_module_filebeat_module} https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_module_filebeat_module}", + command => "curl -o /root/${$wazuh_filebeat_module} https://packages-dev.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}", } exec { 'Unpackaging ...': From 86eb4b5661e7f30cea24e6215eba754b3aa9cb68 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 9 Aug 2019 10:32:50 +0200 Subject: [PATCH 10/11] fixed CHANGELOG.md --- CHANGELOG.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47a2853b..69d9a3c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,15 +7,15 @@ All notable changes to this project will be documented in this file. - Update to Wazuh version 3.9.4_7.2.0 -- Added Filebeat module and adapted Elasticsearch IP[rshad](https://github.com/rshad) [PR#144] (https://github.com/wazuh/wazuh-puppet/pull/144) +- Added Filebeat module and adapted Elasticsearch IP ([rshad](https://github.com/rshad)) [PR#144](https://github.com/wazuh/wazuh-puppet/pull/144) -- Added Kitchen testing for Wazuh deployment with Puppet. [rshad](https://github.com/rshad) [PR#139](https://github.com/wazuh/wazuh-puppet/pull/139) +- Added Kitchen testing for Wazuh deployment with Puppet. ([rshad](https://github.com/rshad)) [PR#139](https://github.com/wazuh/wazuh-puppet/pull/139) -- Moved command and email_alert templates to templates/fragments. [rshad](https://github.com/rshad) [PR#143](https://github.com/wazuh/wazuh-puppet/pull/143). +- Moved command and email_alert templates to templates/fragments. ([rshad](https://github.com/rshad)) [PR#143](https://github.com/wazuh/wazuh-puppet/pull/143). -- Fixed integration when group is not specified. [TheoPoc](https://github.com/TheoPoc) [PR#142](https://github.com/wazuh/wazuh-puppet/pull/142). +- Fixed integration when group is not specified. ([TheoPoc](https://github.com/TheoPoc)) [PR#142](https://github.com/wazuh/wazuh-puppet/pull/142). -- Added Ubuntu as a recognized operating system to Puppet manifests. [rshad](https://github.com/rshad) [PR#141](https://github.com/wazuh/wazuh-puppet/pull/141). +- Added Ubuntu as a recognized operating system to Puppet manifests. ([rshad](https://github.com/rshad)) [PR#141](https://github.com/wazuh/wazuh-puppet/pull/141). - Made Wazuh Agent able to register and report to different IPs. ([@jm404](https://github.com/jm404)) [PR#136](https://github.com/wazuh/wazuh-puppet/pull/136). From b4c4e0a7b85a2f115cda78e4000dc3990ab34f69 Mon Sep 17 00:00:00 2001 From: Rshad Zhran Date: Fri, 9 Aug 2019 11:00:00 +0200 Subject: [PATCH 11/11] UPDATE CHANGELOG.md --- CHANGELOG.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 69d9a3c9..1878de84 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,13 +11,13 @@ All notable changes to this project will be documented in this file. - Added Kitchen testing for Wazuh deployment with Puppet. ([rshad](https://github.com/rshad)) [PR#139](https://github.com/wazuh/wazuh-puppet/pull/139) -- Moved command and email_alert templates to templates/fragments. ([rshad](https://github.com/rshad)) [PR#143](https://github.com/wazuh/wazuh-puppet/pull/143). +- Moved command and email_alert templates to templates/fragments. ([rshad](https://github.com/rshad)) [PR#143](https://github.com/wazuh/wazuh-puppet/pull/143) -- Fixed integration when group is not specified. ([TheoPoc](https://github.com/TheoPoc)) [PR#142](https://github.com/wazuh/wazuh-puppet/pull/142). +- Fixed integration when group is not specified. ([TheoPoc](https://github.com/TheoPoc)) [PR#142](https://github.com/wazuh/wazuh-puppet/pull/142) -- Added Ubuntu as a recognized operating system to Puppet manifests. ([rshad](https://github.com/rshad)) [PR#141](https://github.com/wazuh/wazuh-puppet/pull/141). +- Added Ubuntu as a recognized operating system to Puppet manifests. ([rshad](https://github.com/rshad)) [PR#141](https://github.com/wazuh/wazuh-puppet/pull/141) -- Made Wazuh Agent able to register and report to different IPs. ([@jm404](https://github.com/jm404)) [PR#136](https://github.com/wazuh/wazuh-puppet/pull/136). +- Made Wazuh Agent able to register and report to different IPs. ([@jm404](https://github.com/jm404)) [PR#136](https://github.com/wazuh/wazuh-puppet/pull/136)