diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 05a6fc35..e46cfcb1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,8 +9,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 - - name: Build and launch Linting test - uses: './.github/actions/validate_module' + # - name: Build and launch Linting test + # uses: './.github/actions/validate_module' - name: Amazon linux - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: diff --git a/README.md b/README.md index 56c75209..4fc04c76 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz ## License and copyright WAZUH -Copyright (C) 2019 Wazuh Inc. (License GPLv2) +Copyright (C) 2020 Wazuh Inc. (License GPLv2) Based on OSSEC Copyright (C) 2015 Trend Micro Inc. diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb index 0db5caeb..9dfd2dfd 100644 --- a/kitchen/test/integration/agent/agent_spec.rb +++ b/kitchen/test/integration/agent/agent_spec.rb @@ -1,27 +1,25 @@ -describe do - describe package('wazuh-agent') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-agent') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } +end - describe service('wazuh-agent') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-agent') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-agentd' => 'ossec', - 'ossec-execd' => 'root', - 'ossec-syscheckd' => 'root', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-agentd' => 'ossec', + 'ossec-execd' => 'root', + 'ossec-syscheckd' => 'root', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb index 3882aca0..761652ea 100644 --- a/kitchen/test/integration/mngr/manager_spec.rb +++ b/kitchen/test/integration/mngr/manager_spec.rb @@ -1,32 +1,30 @@ -describe do - describe package('wazuh-manager') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-manager') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } +end - describe service('wazuh-manager') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-manager') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-authd' => 'root', - 'ossec-execd' => 'root', - 'ossec-analysisd' => 'ossec', - 'ossec-syscheckd' => 'root', - 'ossec-remoted' => 'ossecr', - 'ossec-logcollector' => 'root', - 'ossec-monitord' => 'ossec', - 'wazuh-db' => 'ossec', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-authd' => 'root', + 'ossec-execd' => 'root', + 'ossec-analysisd' => 'ossec', + 'ossec-syscheckd' => 'root', + 'ossec-remoted' => 'ossecr', + 'ossec-logcollector' => 'root', + 'ossec-monitord' => 'ossec', + 'wazuh-db' => 'ossec', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp index 3340bd2b..f125ac27 100644 --- a/manifests/activeresponse.pp +++ b/manifests/activeresponse.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a specific ossec active-response define wazuh::activeresponse( $active_response_name = 'Rendering active-response template', diff --git a/manifests/addlog.pp b/manifests/addlog.pp index b7f51e1e..078fcea1 100644 --- a/manifests/addlog.pp +++ b/manifests/addlog.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define a log-file to add to ossec define wazuh::addlog( $logfile = undef, diff --git a/manifests/agent.pp b/manifests/agent.pp index 6b759036..42d10675 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Puppet class that installs and manages the Wazuh agent class wazuh::agent ( diff --git a/manifests/audit.pp b/manifests/audit.pp index a4a00028..6e882fd6 100644 --- a/manifests/audit.pp +++ b/manifests/audit.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an ossec command class wazuh::audit ( diff --git a/manifests/command.pp b/manifests/command.pp index 2057d4ce..1d49d248 100644 --- a/manifests/command.pp +++ b/manifests/command.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an ossec command define wazuh::command( $command_name, diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 91ba21d5..48341a0a 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for elasticsearch class wazuh::elasticsearch ( # Elasticsearch.yml configuration @@ -11,7 +11,7 @@ $elasticsearch_node_max_local_storage_nodes = '1', $elasticsearch_service = 'elasticsearch', $elasticsearch_package = 'elasticsearch', - $elasticsearch_version = '7.8.0', + $elasticsearch_version = '7.8.1', $elasticsearch_path_data = '/var/lib/elasticsearch', $elasticsearch_path_logs = '/var/log/elasticsearch', diff --git a/manifests/email_alert.pp b/manifests/email_alert.pp index dea226a1..2a3fd681 100644 --- a/manifests/email_alert.pp +++ b/manifests/email_alert.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an email alert define wazuh::email_alert( $alert_email, diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index a82671d8..733b5108 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Filebeat class wazuh::filebeat ( $filebeat_elasticsearch_ip = 'localhost', @@ -7,8 +7,8 @@ $filebeat_package = 'filebeat', $filebeat_service = 'filebeat', - $filebeat_version = '7.8.0', - $wazuh_app_version = '3.13.1_7.8.0', + $filebeat_version = '7.8.1', + $wazuh_app_version = '3.13.1_7.8.1', $wazuh_extensions_version = 'v3.13.1', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp new file mode 100644 index 00000000..273b4cd5 --- /dev/null +++ b/manifests/filebeat_oss.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Setup for Filebeat_oss +class wazuh::filebeat_oss ( + $filebeat_oss_elasticsearch_ip = 'localhost', + $filebeat_oss_elasticsearch_port = '9200', + $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"", + + $filebeat_oss_package = 'filebeat', + $filebeat_oss_service = 'filebeat', + $filebeat_oss_elastic_user = 'admin', + $filebeat_oss_elastic_password = 'admin', + $filebeat_oss_version = '7.8.0', + $wazuh_app_version = '3.13.1_7.8.0', + $wazuh_extensions_version = 'v3.13.1', + $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', +){ + + class {'wazuh::repo_elastic_oss':} + + if $::osfamily == 'Debian' { + Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package[$filebeat_oss_package] + } else { + Class['wazuh::repo_elastic_oss'] -> Package[$filebeat_oss_package] + } + + package { 'filebeat': + ensure => $filebeat_oss_version, + name => $filebeat_oss_package, + } + + file { 'Configure filebeat.yml': + owner => 'root', + path => '/etc/filebeat/filebeat.yml', + group => 'root', + mode => '0644', + notify => Service[$filebeat_oss_service], ## Restarts the service + content => template('wazuh/filebeat_oss_yml.erb'), + require => Package[$filebeat_oss_package] + } + + exec { 'Installing wazuh-template.json...': + path => '/usr/bin', + command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'", + notify => Service[$filebeat_oss_service], + require => Package[$filebeat_oss_package] + } + + exec { 'Installing filebeat module ... Downloading package': + path => '/usr/bin', + command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}", + } + + exec { 'Unpackaging ...': + command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module', + notify => Service[$filebeat_oss_service], + require => Package[$filebeat_oss_package] + } + + file { '/usr/share/filebeat/module/wazuh': + ensure => 'directory', + mode => '0755', + require => Package[$filebeat_oss_package] + } + + service { 'filebeat': + ensure => running, + enable => true, + require => Package[$filebeat_oss_package] + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 7f43143f..63938475 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,3 +1,3 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Blank container class class wazuh { } diff --git a/manifests/integration.pp b/manifests/integration.pp index d00d11cd..1bcafa92 100644 --- a/manifests/integration.pp +++ b/manifests/integration.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a specific ossec integration define wazuh::integration( $hook_url = '', diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 097fec59..7d1445d0 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -1,10 +1,10 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Kibana class wazuh::kibana ( $kibana_package = 'kibana', $kibana_service = 'kibana', - $kibana_version = '7.8.0', - $kibana_app_version = '3.13.1_7.8.0', + $kibana_version = '7.8.1', + $kibana_app_version = '3.13.1_7.8.1', $kibana_elasticsearch_ip = 'localhost', $kibana_elasticsearch_port = '9200', diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp new file mode 100644 index 00000000..0be71d2d --- /dev/null +++ b/manifests/kibana_od.pp @@ -0,0 +1,91 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Setup for Kibana_od +class wazuh::kibana_od ( + $kibana_od_package = 'opendistroforelasticsearch-kibana', + $kibana_od_service = 'kibana', + $kibana_od_version = '1.9.0', + $kibana_od_elastic_user = 'admin', + $kibana_od_elastic_password = 'admin', + $kibana_od_app_version = '3.13.1_7.8.0', + $kibana_od_elasticsearch_ip = 'localhost', + $kibana_od_elasticsearch_port = '9200', + + $kibana_od_server_port = '5601', + $kibana_od_server_host = '0.0.0.0', + $kibana_od_elasticsearch_server_hosts ="https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + $kibana_wazuh_api_credentials = [ { + 'id' => 'default', + 'url' => 'http://localhost', + 'port' => '55000', + 'user' => 'foo', + 'password' => 'bar', + }, + ] +) { + + + # install package + package { 'Installing OD Kibana...': + ensure => $kibana_od_version, + name => $kibana_od_package, + } + + file { 'Configure kibana.yml': + owner => 'kibana', + path => '/etc/kibana/kibana.yml', + group => 'kibana', + mode => '0644', + notify => Service[$kibana_od_service], + content => template('wazuh/kibana_od_yml.erb'), + } + + service { 'kibana': + ensure => running, + enable => true, + hasrestart => true, + } + + exec {'Waiting for opendistro elasticsearch...': + path => '/usr/bin', + command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + tries => 100, + try_sleep => 3, + } + + file {'Removing old Wazuh Kibana Plugin...': + ensure => absent, + path => '/usr/share/kibana/plugins/wazuh', + recurse => true, + purge => true, + force => true, + notify => Service[$kibana_od_service] + } + + exec {'Installing Wazuh App...': + path => '/usr/bin', + command => "sudo -u ${kibana_od_user}:${kibana_od_password} -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", + creates => '/usr/share/kibana/plugins/wazuh/package.json', + notify => Service[$kibana_od_service], + } + + exec {'Removing .wazuh index...': + path => '/usr/bin', + command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", + notify => Service[$kibana_od_service], + } + + file { '/usr/share/kibana/plugins/wazuh/wazuh.yml': + owner => 'kibana', + group => 'kibana', + mode => '0644', + content => template('wazuh/wazuh_yml.erb'), + notify => Service[$kibana_od_service] + } + exec { 'Verify Kibana folders owner': + path => '/usr/bin:/bin', + command => "chown -R kibana:kibana /usr/share/kibana/optimize\ + && chown -R kibana:kibana /usr/share/kibana/plugins", + + } + +} diff --git a/manifests/manager.pp b/manifests/manager.pp index a340eeb1..a11d6418 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Main ossec server config class wazuh::manager ( diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp new file mode 100644 index 00000000..0eb754bb --- /dev/null +++ b/manifests/opendistro.pp @@ -0,0 +1,88 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Setup for opendistro +class wazuh::opendistro ( + # Elasticsearch.yml configuration + + $opendistro_cluster_name = 'es-wazuh', + $opendistro_node_name = 'node-01', + $opendistro_node_master = true, + $opendistro_node_data = true, + $opendistro_node_ingest = true, + $opendistro_node_max_local_storage_nodes = '1', + $opendistro_service = 'elasticsearch', + $opendistro_package = 'opendistroforelasticsearch', + $opendistro_version = '1.9.0', + + $opendistro_path_data = '/var/lib/elasticsearch', + $opendistro_path_logs = '/var/log/elasticsearch', + + + $opendistro_ip = 'localhost', + $opendistro_port = '9200', + $opendistro_discovery_option = 'discovery.type: single-node', + $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['node-01']", + +# JVM options + $jvm_options_memmory = '1g', + +){ + + class {'wazuh::repo_opendistro':} + + + if $::osfamily == 'Debian' { + Class['wazuh::repo_opendistro'] -> Class['apt::update'] -> Package['opendistroforelasticsearch'] + } else { + Class['wazuh::repo_opendistro'] -> Package['opendistroforelasticsearch'] + } + + # install package + package { 'opendistroforelasticsearch': + ensure => $opendistro_version, + name => $opendistro_package, + } + + file { 'Configure elasticsearch.yml': + owner => 'elasticsearch', + path => '/etc/elasticsearch/elasticsearch.yml', + group => 'elasticsearch', + mode => '0644', + notify => Service[$opendistro_service], ## Restarts the service + content => template('wazuh/opendistro_yml.erb'), + require => Package[$opendistro_package], + } + + file { 'Configure jvm.options': + owner => 'elasticsearch', + path => '/etc/elasticsearch/jvm.options', + group => 'elasticsearch', + mode => '0660', + notify => Service[$opendistro_service], ## Restarts the service + content => template('wazuh/jvm_options.erb'), + require => Package[$opendistro_package], + } + + service { 'elasticsearch': + ensure => running, + enable => true, + require => Package[$opendistro_package], + } + + exec { 'Insert line limits': + path => '/usr/bin:/bin/', + command => "echo 'elasticsearch - nofile 65535\nelasticsearch - memlock unlimited' >> /etc/security/limits.conf", + require => Package[$opendistro_package], + + } + + exec { 'Verify Elasticsearch folders owner': + path => '/usr/bin:/bin', + command => "chown elasticsearch:elasticsearch -R /etc/elasticsearch\ + && chown elasticsearch:elasticsearch -R /usr/share/elasticsearch\ + && chown elasticsearch:elasticsearch -R /var/lib/elasticsearch", + require => Package[$opendistro_package], + + } + + +} diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp index 2fddd0d5..f38e01a4 100644 --- a/manifests/params_agent.pp +++ b/manifests/params_agent.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh-Agent configuration parameters class wazuh::params_agent { $agent_package_version = '3.13.1-1' diff --git a/manifests/params_elastic.pp b/manifests/params_elastic.pp index 2bcf11f2..b4737f50 100644 --- a/manifests/params_elastic.pp +++ b/manifests/params_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Elastic configuration parameters class wazuh::params_elastic { $elasticsearch_service = 'elasticsearch' diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 6805d8e8..0d80ef8c 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Paramas file class wazuh::params_manager { case $::kernel { diff --git a/manifests/params_opendistro.pp b/manifests/params_opendistro.pp new file mode 100644 index 00000000..cd9588ba --- /dev/null +++ b/manifests/params_opendistro.pp @@ -0,0 +1,26 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Opendistro configuration parameters +class wazuh::params_opendistro { + $opendistro_service = 'elasticsearch' + $opendistro_package = 'opendistroforelasticsearch' + $config_owner = 'elasticsearch' + $config_group = 'elasticsearch' + $config_mode = '0640' + + $opendistro_cluster_name = 'es-wazuh' + $opendistro_node_name = 'node-01' + $opendistro_node_master = true + $opendistro_node_data = true + $opendistro_node_ingest = true + $opendistro_node_max_local_storage_nodes = '1' + + $opendistro_path_data = '/var/lib/elasticsearch' + $opendistro_path_logs = '/var/log/elasticsearch' + + + $opendistro_ip = 'localhost' + $elastcisearch_port = 9200 + $opendistro_discovery_option = 'discovery.type: single-node' + $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']" + +} diff --git a/manifests/repo.pp b/manifests/repo.pp index 55c6517b..9d733b86 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh repository installation class wazuh::repo ( ) { diff --git a/manifests/repo_elastic.pp b/manifests/repo_elastic.pp index e900c94d..66489e66 100644 --- a/manifests/repo_elastic.pp +++ b/manifests/repo_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Installation of Elastic repository class wazuh::repo_elastic ( diff --git a/manifests/repo_elastic_oss.pp b/manifests/repo_elastic_oss.pp new file mode 100644 index 00000000..bca98408 --- /dev/null +++ b/manifests/repo_elastic_oss.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Installation of Elastic repository +class wazuh::repo_elastic_oss ( + +) { + case $::osfamily { + 'Debian' : { + if ! defined(Package['apt-transport-https']) { + ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) + } + # apt-key added by issue #34 + apt::key { 'elastic': + id => '46095ACC8548582C1A2699A9D27D666CD88E42B4', + source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', + server => 'pgp.mit.edu' + } + case $::lsbdistcodename { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + + apt::source { 'wazuh_elastic_oss': + ensure => present, + comment => 'This is the OSS Elastic repository', + location => 'https://artifacts.elastic.co/packages/oss-7.x/apt', + release => 'stable', + repos => 'main', + include => { + 'src' => false, + 'deb' => true, + }, + } + } + default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } + } + } + 'RedHat' : { + case $::os[name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { + if ( $::operatingsystemrelease =~ /^5.*/ ) { + $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' + $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + } else { + $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' + $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + } + } + default: { fail('This ossec module has not been tested on your distribution.') } + } + ## Set up Elasticsearch repo + + # Import GPG key + + exec { 'Install Elasticsearch GPG key': + path => '/usr/bin', + command => 'rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch', + } + + # Adding repo by Puppet yumrepo resource + + yumrepo { 'elasticsearch': + ensure => 'present', + enabled => 1, + gpgcheck => 1, + gpgkey => $gpgkey, + baseurl => $baseurl, + name => 'elasticsearch', + } + } + default: { fail('This ossec module has not been tested on your distribution') } + } + } diff --git a/manifests/repo_opendistro.pp b/manifests/repo_opendistro.pp new file mode 100644 index 00000000..1c80ad4e --- /dev/null +++ b/manifests/repo_opendistro.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Installation of Open Distro for Elasticsearch repository +class wazuh::repo_opendistro ( + +) { + case $::osfamily { + 'Debian' : { + if ! defined(Package['apt-transport-https']) { + ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) + } + # apt-key added by issue #34 + apt::key { 'opendistro': + id => '51209CCB28FBC2DC8CCD9A6C472CFDFCE370325E', + source => 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch', + server => 'pgp.mit.edu' + } + case $::lsbdistcodename { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + + apt::source { 'wazuh_elastic_od': + ensure => present, + comment => 'This is the Open Distro for Elastic repository', + location => 'ttps://d3g5vo6xdbdb9a.cloudfront.net/apt', + release => 'stable', + repos => 'main', + include => { + 'src' => false, + 'deb' => true, + }, + } + } + default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } + } + } + 'RedHat' : { + case $::os[name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { + if ( $::operatingsystemrelease =~ /^5.*/ ) { + $baseurl = 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' + $gpgkey = 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' + } else { + $baseurl = 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' + $gpgkey = 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' + } + } + default: { fail('This ossec module has not been tested on your distribution.') } + } + ## Set up Open Distro for Elasticsearch repo + + # Import GPG key + + exec { 'Install Open Distro for Elasticsearch GPG key': + path => '/usr/bin', + command => 'rpm --import https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch', + } + + # Adding repo by Puppet yumrepo resource + + yumrepo { 'opendistro': + ensure => 'present', + enabled => 1, + gpgcheck => 1, + gpgkey => $gpgkey, + baseurl => $baseurl, + name => 'opendistro', + } + } + default: { fail('This ossec module has not been tested on your distribution') } + } + } diff --git a/manifests/reports.pp b/manifests/reports.pp index bca48d33..1d8ab3c5 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a Reports section define wazuh::reports( Optional[String] $r_group = undef, diff --git a/manifests/wazuh_api.pp b/manifests/wazuh_api.pp index fbc86638..f4805491 100644 --- a/manifests/wazuh_api.pp +++ b/manifests/wazuh_api.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh API installation class wazuh::wazuh_api ( diff --git a/manifests/wazuh_api/nodejs.pp b/manifests/wazuh_api/nodejs.pp index b8c4cbcf..e8dd95ab 100644 --- a/manifests/wazuh_api/nodejs.pp +++ b/manifests/wazuh_api/nodejs.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh API installation class wazuh::wazuh_api::nodejs ( diff --git a/templates/filebeat_oss_yml.erb b/templates/filebeat_oss_yml.erb new file mode 100644 index 00000000..d6639f76 --- /dev/null +++ b/templates/filebeat_oss_yml.erb @@ -0,0 +1,23 @@ +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +setup.template.json.enabled: true +setup.template.json.path: "/etc/filebeat/wazuh-template.json" +setup.template.json.name: "wazuh" +setup.template.overwrite: true + +# Send events directly to Elasticsearch +output.elasticsearch: + hosts: ["https://<%= @filebeat_oss_elasticsearch_ip %>:<%= @filebeat_oss_elasticsearch_port %>"] + username: <%= @filebeat_oss_elastic_user %> + password: <%= @filebeat_oss_elastic_password %> + ssl.verification_mode: none + +setup.ilm.enabled: false + + diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb new file mode 100644 index 00000000..b076889c --- /dev/null +++ b/templates/kibana_od_yml.erb @@ -0,0 +1,28 @@ +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +# Description: +# Default Kibana configuration for Open Distro. +server.port: <%= @kibana_od_server_port %> +server.host: <%= @kibana_od_server_host %> + +elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] +elasticsearch.ssl.verificationMode: none +elasticsearch.username: <%= @kibana_od_elastic_user %> +elasticsearch.password: <%= @kibana_od_elastic_password %> +elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] + + +opendistro_security.multitenancy.enabled: false +opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] +opendistro_security.readonly_mode.roles: ["kibana_read_only"] \ No newline at end of file diff --git a/templates/opendistro_yml.erb b/templates/opendistro_yml.erb new file mode 100644 index 00000000..f610affb --- /dev/null +++ b/templates/opendistro_yml.erb @@ -0,0 +1,112 @@ +# ======================== Elasticsearch Configuration ========================= +# +# NOTE: Elasticsearch comes with reasonable defaults for most settings. +# Before you set out to tweak and tune the configuration, make sure you +# understand what are you trying to accomplish and the consequences. +# +# The primary way of configuring a node is via this file. This template lists +# the most important settings you may want to configure for a production cluster. +# +# Please consult the documentation for further information on configuration options: +# https://www.elastic.co/guide/en/elasticsearch/reference/index.html +# +# ---------------------------------- Cluster ----------------------------------- +# +# Use a descriptive name for your cluster: +# +cluster.name: <%= @opendistro_cluster_name %> +# +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: <%= @opendistro_node_name %> +# +# Add custom attributes to the node: +# +node.master: <%= @opendistro_node_master %> +# +# ----------------------------------- Paths ------------------------------------ +# +# Path to directory where to store the data (separate multiple locations by comma): +# +path.data: <%= @opendistro_path_data %> +# +# Path to log files: +# +path.logs: <%= @opendistro_path_logs %> +# +# ----------------------------------- Memory ----------------------------------- +# +# Lock the memory on startup: +# +#bootstrap.memory_lock: true +# +# Make sure that the heap size is set to about half the memory available +# on the system and that the owner of the process is allowed to use this +# limit. +# +# Elasticsearch performs poorly when the system is swapping the memory. +# +# ---------------------------------- Network ----------------------------------- +# +# Set the bind address to a specific IP (IPv4 or IPv6): +# +network.host: <%= @opendistro_ip %> +# +# Set a custom port for HTTP: +# +http.port: <%= @opendistro_port %> +# +# For more information, consult the network module documentation. +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +<%= @opendistro_cluster_initial_master_nodes %> +<%= @opendistro_discovery_option %> +# +# For more information, consult the discovery and cluster formation module documentation. +# +# ---------------------------------- Gateway ----------------------------------- +# +# Block initial recovery after a full cluster restart until N nodes are started: +# +#gateway.recover_after_nodes: 3 +# +# For more information, consult the gateway module documentation. +# +# ---------------------------------- Various ----------------------------------- +# +# Require explicit names when deleting indices: +# +#action.destructive_requires_name: true + +######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## +# WARNING: revise all the lines below before you go into production +opendistro_security.ssl.transport.pemcert_filepath: esnode.pem +opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: true +opendistro_security.ssl.http.pemcert_filepath: esnode.pem +opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +opendistro_security.allow_unsafe_democertificates: true +opendistro_security.allow_default_init_securityindex: true +opendistro_security.authcz.admin_dn: + - CN=kirk,OU=client,O=client,L=test, C=de + +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 +######## End OpenDistro for Elasticsearch Security Demo Configuration ######## diff --git a/templates/wazuh_yml.erb b/templates/wazuh_yml.erb index efd1f42e..173cbced 100644 --- a/templates/wazuh_yml.erb +++ b/templates/wazuh_yml.erb @@ -1,7 +1,7 @@ --- # # Wazuh app - App configuration file -# Copyright (C) 2015-2019 Wazuh, Inc. +# Copyright (C) 2015-2020 Wazuh, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by