From d502ef5beec32220cd6859982c6283102bde26b8 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Mon, 17 Aug 2020 16:30:37 +0200 Subject: [PATCH 01/43] Elasticsearch manifests and templates fork --- manifests/filebeat-oss.pp | 68 ++++++++++++++++++++ manifests/filebeat.pp | 2 +- manifests/kibana-od.pp | 88 ++++++++++++++++++++++++++ manifests/opendistro.pp | 79 +++++++++++++++++++++++ templates/filebeat_od_yml.erb | 16 +++++ templates/kibana_od_yml.erb | 116 ++++++++++++++++++++++++++++++++++ templates/opendistro_yml.erb | 89 ++++++++++++++++++++++++++ 7 files changed, 457 insertions(+), 1 deletion(-) create mode 100644 manifests/filebeat-oss.pp create mode 100644 manifests/kibana-od.pp create mode 100644 manifests/opendistro.pp create mode 100644 templates/filebeat_od_yml.erb create mode 100644 templates/kibana_od_yml.erb create mode 100644 templates/opendistro_yml.erb diff --git a/manifests/filebeat-oss.pp b/manifests/filebeat-oss.pp new file mode 100644 index 00000000..3ea3babb --- /dev/null +++ b/manifests/filebeat-oss.pp @@ -0,0 +1,68 @@ +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Setup for Filebeat-oss +class wazuh::filebeat-oss ( + $filebeat_oss_elasticsearch_ip = 'localhost', + $filebeat_oss_elasticsearch_port = '9200', + $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"", + + $filebeat_oss_package = 'filebeat-oss', + $filebeat_oss_service = 'filebeat', + $filebeat_oss_version = '7.8.0', + $wazuh_app_version = '3.13.1_7.8.0', + $wazuh_extensions_version = 'v3.13.1', + $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', +){ + + class {'wazuh::repo_elastic':} + + if $::osfamily == 'Debian' { + Class['wazuh::repo_elastic'] -> Class['apt::update'] -> Package[$filebeat_oss_package] + } else { + Class['wazuh::repo_elastic'] -> Package[$filebeat_oss_package] + } + + package { 'filebeat': + ensure => $filebeat_oss_version, + name => $filebeat_oss_package, + } + + file { 'Configure filebeat.yml': + owner => 'root', + path => '/etc/filebeat/filebeat.yml', + group => 'root', + mode => '0644', + notify => Service[$filebeat_service], ## Restarts the service + content => template('wazuh/filebeat_yml.erb'), + require => Package[$filebeat_oss_package] + } + + exec { 'Installing wazuh-template.json...': + path => '/usr/bin', + command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'", + notify => Service[$filebeat_oss_service], + require => Package[$filebeat_oss_package] + } + + exec { 'Installing filebeat module ... Downloading package': + path => '/usr/bin', + command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}", + } + + exec { 'Unpackaging ...': + command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module', + notify => Service[$filebeat_oss_service], + require => Package[$filebeat_oss_package] + } + + file { '/usr/share/filebeat/module/wazuh': + ensure => 'directory', + mode => '0755', + require => Package[$filebeat_oss_package] + } + + service { 'filebeat': + ensure => running, + enable => true, + require => Package[$filebeat_oss_package] + } +} diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index a82671d8..2b4c9794 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -32,7 +32,7 @@ group => 'root', mode => '0644', notify => Service[$filebeat_service], ## Restarts the service - content => template('wazuh/filebeat_yml.erb'), + content => template('wazuh/filebeat_od_yml.erb'), require => Package['filebeat'] } diff --git a/manifests/kibana-od.pp b/manifests/kibana-od.pp new file mode 100644 index 00000000..9dc99d3b --- /dev/null +++ b/manifests/kibana-od.pp @@ -0,0 +1,88 @@ +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Setup for Kibana-od +class wazuh::kibana-od ( + $kibana_od_package = 'kibana', + $kibana_od_service = 'kibana', + $kibana_od_version = '7.8.0', + $kibana_od_app_version = '3.13.1_7.8.0', + $kibana_od_elasticsearch_ip = 'localhost', + $kibana_od_elasticsearch_port = '9200', + + $kibana_od_server_port = '5601', + $kibana_od_server_host = '0.0.0.0', + $kibana_od_elasticsearch_server_hosts ="http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + $kibana_od_wazuh_api_credentials = [ { + 'id' => 'default', + 'url' => 'http://localhost', + 'port' => '55000', + 'user' => 'foo', + 'password' => 'bar', + }, + ] +) { + + # install package + package { 'Installing Kibana...': + ensure => $kibana_od_version, + name => $kibana_od_package, + } + + file { 'Configure kibana.yml': + owner => 'kibana', + path => '/etc/kibana/kibana.yml', + group => 'kibana', + mode => '0644', + notify => Service[$kibana_od_service], + content => template('wazuh/kibana_od_yml.erb'), + } + + service { 'kibana': + ensure => running, + enable => true, + hasrestart => true, + } + + exec {'Waiting for opendistro elasticsearch...': + path => '/usr/bin', + command => "curl -s -XGET http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}", + tries => 100, + try_sleep => 3, + } + + file {'Removing old Wazuh Kibana Plugin...': + ensure => absent, + path => '/usr/share/kibana/plugins/wazuh', + recurse => true, + purge => true, + force => true, + notify => Service[$kibana_od_service] + } + + exec {'Installing Wazuh App...': + path => '/usr/bin', + command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_app_version}.zip", + creates => '/usr/share/kibana/plugins/wazuh/package.json', + notify => Service[$kibana_od_service], + } + + exec {'Removing .wazuh index...': + path => '/usr/bin', + command => "curl -s -XDELETE -sL -I 'http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}/.wazuh' -o /dev/null", + notify => Service[$kibana_od_service], + } + + file { '/usr/share/kibana/plugins/wazuh/wazuh.yml': + owner => 'kibana', + group => 'kibana', + mode => '0644', + content => template('wazuh/wazuh_yml.erb'), + notify => Service[$kibana_od_service] + } + exec { 'Verify Kibana folders owner': + path => '/usr/bin:/bin', + command => "chown -R kibana:kibana /usr/share/kibana/optimize\ + && chown -R kibana:kibana /usr/share/kibana/plugins", + + } + +} diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp new file mode 100644 index 00000000..f7b3f567 --- /dev/null +++ b/manifests/opendistro.pp @@ -0,0 +1,79 @@ +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Setup for opendistro +class wazuh::opendistro ( + # Elasticsearch.yml configuration + + $opendistro_cluster_name = 'es-wazuh', + $opendistro_node_name = 'node-01', + $opendistro_node_master = true, + $opendistro_node_data = true, + $opendistro_node_ingest = true, + $opendistro_node_max_local_storage_nodes = '1', + $opendistro_service = 'elasticsearch', + $opendistro_package = 'opendistroforelasticsearch', + $opendistro_version = '7.8.0', + + $opendistro_path_data = '/var/lib/elasticsearch', + $opendistro_path_logs = '/var/log/elasticsearch', + + + $opendistro_ip = 'localhost', + $opendistro_port = '9200', + $opendistro_discovery_option = 'discovery.type: single-node', + $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']", + +# JVM options + $jvm_options_memmory = '1g', + +){ + + # install package + package { 'elasticsearch': + ensure => $opendistro_version, + name => $opendistro_package, + } + + file { 'Configure elasticsearch.yml': + owner => 'elasticsearch', + path => '/etc/elasticsearch/elasticsearch.yml', + group => 'elasticsearch', + mode => '0644', + notify => Service[$elasticsearch_service], ## Restarts the service + content => template('wazuh/opendistro_yml.erb'), + require => Package[$opendistro_package], + } + + file { 'Configure jvm.options': + owner => 'elasticsearch', + path => '/etc/elasticsearch/jvm.options', + group => 'elasticsearch', + mode => '0660', + notify => Service[$elasticsearch_service], ## Restarts the service + content => template('wazuh/jvm_options.erb'), + require => Package[$opendistro_package], + } + + service { 'elasticsearch': + ensure => running, + enable => true, + require => Package[$opendistro_package], + } + + exec { 'Insert line limits': + path => '/usr/bin:/bin/', + command => "echo 'elasticsearch - nofile 65535\nelasticsearch - memlock unlimited' >> /etc/security/limits.conf", + require => Package[$opendistro_package], + + } + + exec { 'Verify Elasticsearch folders owner': + path => '/usr/bin:/bin', + command => "chown elasticsearch:elasticsearch -R /etc/elasticsearch\ + && chown elasticsearch:elasticsearch -R /usr/share/elasticsearch\ + && chown elasticsearch:elasticsearch -R /var/lib/elasticsearch", + require => Package[$opendistro_package], + + } + + +} diff --git a/templates/filebeat_od_yml.erb b/templates/filebeat_od_yml.erb new file mode 100644 index 00000000..585c5181 --- /dev/null +++ b/templates/filebeat_od_yml.erb @@ -0,0 +1,16 @@ +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +setup.template.json.enabled: true +setup.template.json.path: "/etc/filebeat/wazuh-template.json" +setup.template.json.name: "wazuh" +setup.template.overwrite: true + +# Send events directly to Elasticsearch +output.elasticsearch.hosts: [<%= @elasticsearch_server_ip %>] + diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb new file mode 100644 index 00000000..e38455f8 --- /dev/null +++ b/templates/kibana_od_yml.erb @@ -0,0 +1,116 @@ +# The default roles file is empty as the preferred method of defining roles is +# through the API/UI. File based roles are useful in error scenarios when the +# API based roles may not be available. +# Kibana is served by a back end server. This setting specifies the port to use. +server.port: <%= @kibana_od_server_port %> + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +server.host: <%= @kibana_server_host %> + +# Enables you to specify a path to mount Kibana at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +#server.basePath: "" + +# Specifies whether Kibana should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# This setting was effectively always `false` before Kibana 6.3 and will +# default to `true` starting in Kibana 7.0. +#server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +#server.maxPayloadBytes: 1048576 + +# The Kibana server's name. This is used for display purposes. +#server.name: "your-hostname" + +# The URLs of the Elasticsearch instances to use for all your queries. +elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] + +# When this setting's value is true Kibana uses the hostname specified in the server.host +# setting. When the value of this setting is false, Kibana uses the hostname of the host +# that connects to this Kibana instance. +#elasticsearch.preserveHost: true + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +#kibana.index: ".kibana" + +# The default application to load. +#kibana.defaultAppId: "home" + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +#elasticsearch.username: "user" +#elasticsearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +#server.ssl.enabled: false +#server.ssl.certificate: /path/to/your/server.crt +#server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files validate that your Elasticsearch backend uses the same key files. +#elasticsearch.ssl.certificate: /path/to/your/client.crt +#elasticsearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +#elasticsearch.ssl.verificationMode: full + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +#elasticsearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +#elasticsearch.requestTimeout: 30000 + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +#elasticsearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. +#elasticsearch.customHeaders: {} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +#elasticsearch.shardTimeout: 30000 + +# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. +#elasticsearch.startupTimeout: 5000 + +# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. +#elasticsearch.logQueries: false + +# Specifies the path where Kibana creates the process ID file. +#pid.file: /var/run/kibana.pid + +# Enables you specify a file where Kibana stores log output. +#logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +#logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +#logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +#logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +#ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +#i18n.locale: "en" diff --git a/templates/opendistro_yml.erb b/templates/opendistro_yml.erb new file mode 100644 index 00000000..a211b64d --- /dev/null +++ b/templates/opendistro_yml.erb @@ -0,0 +1,89 @@ +# ======================== Elasticsearch Configuration ========================= +# +# NOTE: Elasticsearch comes with reasonable defaults for most settings. +# Before you set out to tweak and tune the configuration, make sure you +# understand what are you trying to accomplish and the consequences. +# +# The primary way of configuring a node is via this file. This template lists +# the most important settings you may want to configure for a production cluster. +# +# Please consult the documentation for further information on configuration options: +# https://www.elastic.co/guide/en/elasticsearch/reference/index.html +# +# ---------------------------------- Cluster ----------------------------------- +# +# Use a descriptive name for your cluster: +# +cluster.name: <%= @elasticsearch_cluster_name %> +# +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: <%= @elasticsearch_node_name %> +# +# Add custom attributes to the node: +# +node.master: <%= @elasticsearch_node_master %> +# +# ----------------------------------- Paths ------------------------------------ +# +# Path to directory where to store the data (separate multiple locations by comma): +# +path.data: <%= @elasticsearch_path_data %> +# +# Path to log files: +# +path.logs: <%= @elasticsearch_path_logs %> +# +# ----------------------------------- Memory ----------------------------------- +# +# Lock the memory on startup: +# +#bootstrap.memory_lock: true +# +# Make sure that the heap size is set to about half the memory available +# on the system and that the owner of the process is allowed to use this +# limit. +# +# Elasticsearch performs poorly when the system is swapping the memory. +# +# ---------------------------------- Network ----------------------------------- +# +# Set the bind address to a specific IP (IPv4 or IPv6): +# +network.host: <%= @elasticsearch_ip %> +# +# Set a custom port for HTTP: +# +http.port: <%= @elasticsearch_port %> +# +# For more information, consult the network module documentation. +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +<%= @elasticsearch_cluster_initial_master_nodes %> +<%= @elasticsearch_discovery_option %> +# +# For more information, consult the discovery and cluster formation module documentation. +# +# ---------------------------------- Gateway ----------------------------------- +# +# Block initial recovery after a full cluster restart until N nodes are started: +# +#gateway.recover_after_nodes: 3 +# +# For more information, consult the gateway module documentation. +# +# ---------------------------------- Various ----------------------------------- +# +# Require explicit names when deleting indices: +# +#action.destructive_requires_name: true \ No newline at end of file From 702994cc86bd1ef8c8e65120d1a8b29042b6da5b Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 13:24:24 +0200 Subject: [PATCH 02/43] Using right class names --- manifests/{filebeat-oss.pp => filebeat_oss.pp} | 4 ++-- manifests/{kibana-od.pp => kibana_od.pp} | 8 ++++---- manifests/opendistro.pp | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) rename manifests/{filebeat-oss.pp => filebeat_oss.pp} (97%) rename manifests/{kibana-od.pp => kibana_od.pp} (94%) diff --git a/manifests/filebeat-oss.pp b/manifests/filebeat_oss.pp similarity index 97% rename from manifests/filebeat-oss.pp rename to manifests/filebeat_oss.pp index 3ea3babb..3b11f851 100644 --- a/manifests/filebeat-oss.pp +++ b/manifests/filebeat_oss.pp @@ -1,6 +1,6 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) -# Setup for Filebeat-oss -class wazuh::filebeat-oss ( +# Setup for Filebeat_oss +class wazuh::filebeat_oss ( $filebeat_oss_elasticsearch_ip = 'localhost', $filebeat_oss_elasticsearch_port = '9200', $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"", diff --git a/manifests/kibana-od.pp b/manifests/kibana_od.pp similarity index 94% rename from manifests/kibana-od.pp rename to manifests/kibana_od.pp index 9dc99d3b..2ab33582 100644 --- a/manifests/kibana-od.pp +++ b/manifests/kibana_od.pp @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) -# Setup for Kibana-od -class wazuh::kibana-od ( - $kibana_od_package = 'kibana', +# Setup for Kibana_od +class wazuh::kibana_od ( + $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', $kibana_od_version = '7.8.0', $kibana_od_app_version = '3.13.1_7.8.0', @@ -22,7 +22,7 @@ ) { # install package - package { 'Installing Kibana...': + package { 'Installing OD Kibana...': ensure => $kibana_od_version, name => $kibana_od_package, } diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index f7b3f567..4e107b69 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -28,7 +28,7 @@ ){ # install package - package { 'elasticsearch': + package { 'opendistro': ensure => $opendistro_version, name => $opendistro_package, } From bc5d10ec0b7b701f4455070dfcaff0d78417c52a Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 13:33:39 +0200 Subject: [PATCH 03/43] Fix var name bug --- manifests/kibana_od.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 2ab33582..333c88cc 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -11,7 +11,7 @@ $kibana_od_server_port = '5601', $kibana_od_server_host = '0.0.0.0', $kibana_od_elasticsearch_server_hosts ="http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", - $kibana_od_wazuh_api_credentials = [ { + $kibana_wazuh_api_credentials = [ { 'id' => 'default', 'url' => 'http://localhost', 'port' => '55000', From d6d9ba691a64bb9ebc4c3f0a391585fb69aedafa Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:03:28 +0200 Subject: [PATCH 04/43] filebeat oss --- manifests/filebeat_oss.pp | 8 ++-- manifests/repo_elastic_oss.pp | 70 +++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 4 deletions(-) create mode 100644 manifests/repo_elastic_oss.pp diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 3b11f851..12281f67 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -5,7 +5,7 @@ $filebeat_oss_elasticsearch_port = '9200', $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"", - $filebeat_oss_package = 'filebeat-oss', + $filebeat_oss_package = 'filebeat', $filebeat_oss_service = 'filebeat', $filebeat_oss_version = '7.8.0', $wazuh_app_version = '3.13.1_7.8.0', @@ -13,12 +13,12 @@ $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ - class {'wazuh::repo_elastic':} + class {'wazuh::repo_elastic_oss':} if $::osfamily == 'Debian' { - Class['wazuh::repo_elastic'] -> Class['apt::update'] -> Package[$filebeat_oss_package] + Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package[$filebeat_oss_package] } else { - Class['wazuh::repo_elastic'] -> Package[$filebeat_oss_package] + Class['wazuh::repo_elastic_oss'] -> Package[$filebeat_oss_package] } package { 'filebeat': diff --git a/manifests/repo_elastic_oss.pp b/manifests/repo_elastic_oss.pp new file mode 100644 index 00000000..d68dccb0 --- /dev/null +++ b/manifests/repo_elastic_oss.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Installation of Elastic repository +class wazuh::repo_elastic_oss ( + +) { + case $::osfamily { + 'Debian' : { + if ! defined(Package['apt-transport-https']) { + ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) + } + # apt-key added by issue #34 + apt::key { 'elastic': + id => '46095ACC8548582C1A2699A9D27D666CD88E42B4', + source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', + server => 'pgp.mit.edu' + } + case $::lsbdistcodename { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + + apt::source { 'wazuh_elastic': + ensure => present, + comment => 'This is the OSS Elastic repository', + location => 'https://artifacts.elastic.co/packages/oss-7.x/apt', + release => 'stable', + repos => 'main', + include => { + 'src' => false, + 'deb' => true, + }, + } + } + default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } + } + } + 'RedHat' : { + case $::os[name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { + if ( $::operatingsystemrelease =~ /^5.*/ ) { + $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' + $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + } else { + $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' + $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + } + } + default: { fail('This ossec module has not been tested on your distribution.') } + } + ## Set up Elasticsearch repo + + # Import GPG key + + exec { 'Install Elasticsearch GPG key': + path => '/usr/bin', + command => 'rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch', + } + + # Adding repo by Puppet yumrepo resource + + yumrepo { 'elasticsearch': + ensure => 'present', + enabled => 1, + gpgcheck => 1, + gpgkey => $gpgkey, + baseurl => $baseurl, + name => 'elasticsearch', + } + } + default: { fail('This ossec module has not been tested on your distribution') } + } + } From 159da2ccae4e41aca8849ab9f457d3d77d065a6c Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:30:26 +0200 Subject: [PATCH 05/43] Adding elastic oss and opendistro repos --- manifests/kibana_od.pp | 2 ++ manifests/opendistro.pp | 2 ++ manifests/repo_opendistro.pp | 70 ++++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+) create mode 100644 manifests/repo_opendistro.pp diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 333c88cc..2bd2f88a 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -21,6 +21,8 @@ ] ) { + class {'wazuh::repo_opendistro':} + # install package package { 'Installing OD Kibana...': ensure => $kibana_od_version, diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index 4e107b69..12e1d511 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -27,6 +27,8 @@ ){ + class {'wazuh::repo_opendistro':} + # install package package { 'opendistro': ensure => $opendistro_version, diff --git a/manifests/repo_opendistro.pp b/manifests/repo_opendistro.pp new file mode 100644 index 00000000..1c80ad4e --- /dev/null +++ b/manifests/repo_opendistro.pp @@ -0,0 +1,70 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Installation of Open Distro for Elasticsearch repository +class wazuh::repo_opendistro ( + +) { + case $::osfamily { + 'Debian' : { + if ! defined(Package['apt-transport-https']) { + ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) + } + # apt-key added by issue #34 + apt::key { 'opendistro': + id => '51209CCB28FBC2DC8CCD9A6C472CFDFCE370325E', + source => 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch', + server => 'pgp.mit.edu' + } + case $::lsbdistcodename { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + + apt::source { 'wazuh_elastic_od': + ensure => present, + comment => 'This is the Open Distro for Elastic repository', + location => 'ttps://d3g5vo6xdbdb9a.cloudfront.net/apt', + release => 'stable', + repos => 'main', + include => { + 'src' => false, + 'deb' => true, + }, + } + } + default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') } + } + } + 'RedHat' : { + case $::os[name] { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { + if ( $::operatingsystemrelease =~ /^5.*/ ) { + $baseurl = 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' + $gpgkey = 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' + } else { + $baseurl = 'https://d3g5vo6xdbdb9a.cloudfront.net/yum/noarch/' + $gpgkey = 'https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch' + } + } + default: { fail('This ossec module has not been tested on your distribution.') } + } + ## Set up Open Distro for Elasticsearch repo + + # Import GPG key + + exec { 'Install Open Distro for Elasticsearch GPG key': + path => '/usr/bin', + command => 'rpm --import https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opendistroforelasticsearch', + } + + # Adding repo by Puppet yumrepo resource + + yumrepo { 'opendistro': + ensure => 'present', + enabled => 1, + gpgcheck => 1, + gpgkey => $gpgkey, + baseurl => $baseurl, + name => 'opendistro', + } + } + default: { fail('This ossec module has not been tested on your distribution') } + } + } From 1ba60ba1359dc29c4f869afb9ebeac92823a2122 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:31:48 +0200 Subject: [PATCH 06/43] Removing double repo declaration --- manifests/kibana_od.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 2bd2f88a..65358e39 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -21,8 +21,7 @@ ] ) { - class {'wazuh::repo_opendistro':} - + # install package package { 'Installing OD Kibana...': ensure => $kibana_od_version, From 6225086be9f8a44656dc9495abb3eacefaf24519 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:34:31 +0200 Subject: [PATCH 07/43] Adding right version to opendistro --- manifests/opendistro.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index 12e1d511..44482417 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -10,8 +10,8 @@ $opendistro_node_ingest = true, $opendistro_node_max_local_storage_nodes = '1', $opendistro_service = 'elasticsearch', - $opendistro_package = 'opendistroforelasticsearch', - $opendistro_version = '7.8.0', + $opendistro_package = 'opendistroforelasticsearch-1.9.0', + $opendistro_version = '1.9.0', $opendistro_path_data = '/var/lib/elasticsearch', $opendistro_path_logs = '/var/log/elasticsearch', @@ -30,7 +30,7 @@ class {'wazuh::repo_opendistro':} # install package - package { 'opendistro': + package { 'opendistroforelasticsearch': ensure => $opendistro_version, name => $opendistro_package, } From 1ef05a2eb4602a57e71747c9a132ba9b8e57aeea Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:37:25 +0200 Subject: [PATCH 08/43] adding opendistro repo --- manifests/opendistro.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index 44482417..e07515ee 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -29,6 +29,13 @@ class {'wazuh::repo_opendistro':} + + if $::osfamily == 'Debian' { + Class['wazuh::repo_opendistro'] -> Class['apt::update'] -> Package['filebeat'] + } else { + Class['wazuh::repo_opendistro'] -> Package['filebeat'] + } + # install package package { 'opendistroforelasticsearch': ensure => $opendistro_version, From 768472d04b6526083c8c291ba56691cd652e87c1 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:38:49 +0200 Subject: [PATCH 09/43] debug --- manifests/opendistro.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index e07515ee..31fd03a3 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -10,7 +10,7 @@ $opendistro_node_ingest = true, $opendistro_node_max_local_storage_nodes = '1', $opendistro_service = 'elasticsearch', - $opendistro_package = 'opendistroforelasticsearch-1.9.0', + $opendistro_package = 'opendistroforelasticsearch', $opendistro_version = '1.9.0', $opendistro_path_data = '/var/lib/elasticsearch', @@ -31,9 +31,9 @@ if $::osfamily == 'Debian' { - Class['wazuh::repo_opendistro'] -> Class['apt::update'] -> Package['filebeat'] + Class['wazuh::repo_opendistro'] -> Class['apt::update'] -> Package['opendistroforelasticsearch'] } else { - Class['wazuh::repo_opendistro'] -> Package['filebeat'] + Class['wazuh::repo_opendistro'] -> Package['opendistroforelasticsearch'] } # install package From fa66db4c9ed9a17fb0baee01d6a69cba580c20a7 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:49:12 +0200 Subject: [PATCH 10/43] setting filebeat oss --- manifests/filebeat_oss.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 12281f67..3eb16adb 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -5,7 +5,7 @@ $filebeat_oss_elasticsearch_port = '9200', $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"", - $filebeat_oss_package = 'filebeat', + $filebeat_oss_package = 'filebeat-oss', $filebeat_oss_service = 'filebeat', $filebeat_oss_version = '7.8.0', $wazuh_app_version = '3.13.1_7.8.0', From 05b90974b09bab6633589c69117213c73d74d257 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:50:01 +0200 Subject: [PATCH 11/43] debug --- manifests/filebeat_oss.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 3eb16adb..12281f67 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -5,7 +5,7 @@ $filebeat_oss_elasticsearch_port = '9200', $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"", - $filebeat_oss_package = 'filebeat-oss', + $filebeat_oss_package = 'filebeat', $filebeat_oss_service = 'filebeat', $filebeat_oss_version = '7.8.0', $wazuh_app_version = '3.13.1_7.8.0', From d2fc8ecdec7301f07f1a36c676eb269905bb62e8 Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 14:54:22 +0200 Subject: [PATCH 12/43] debug2 --- manifests/repo_elastic_oss.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/repo_elastic_oss.pp b/manifests/repo_elastic_oss.pp index d68dccb0..66526db1 100644 --- a/manifests/repo_elastic_oss.pp +++ b/manifests/repo_elastic_oss.pp @@ -17,7 +17,7 @@ case $::lsbdistcodename { /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { - apt::source { 'wazuh_elastic': + apt::source { 'wazuh_elastic_oss': ensure => present, comment => 'This is the OSS Elastic repository', location => 'https://artifacts.elastic.co/packages/oss-7.x/apt', From 0d99f398e8f09420a3167a0a6f11e95ff97a8d8a Mon Sep 17 00:00:00 2001 From: zenidd Date: Tue, 18 Aug 2020 15:07:10 +0200 Subject: [PATCH 13/43] Date update --- README.md | 2 +- manifests/activeresponse.pp | 2 +- manifests/addlog.pp | 2 +- manifests/agent.pp | 2 +- manifests/audit.pp | 2 +- manifests/command.pp | 2 +- manifests/elasticsearch.pp | 2 +- manifests/email_alert.pp | 2 +- manifests/filebeat.pp | 2 +- manifests/filebeat_oss.pp | 2 +- manifests/init.pp | 2 +- manifests/integration.pp | 2 +- manifests/kibana.pp | 2 +- manifests/kibana_od.pp | 2 +- manifests/manager.pp | 2 +- manifests/opendistro.pp | 2 +- manifests/params_agent.pp | 2 +- manifests/params_elastic.pp | 2 +- manifests/params_manager.pp | 2 +- manifests/params_opendistro.pp | 26 ++++++++++++++++++++++++++ manifests/repo.pp | 2 +- manifests/repo_elastic.pp | 2 +- manifests/repo_elastic_oss.pp | 2 +- manifests/reports.pp | 2 +- manifests/wazuh_api.pp | 2 +- manifests/wazuh_api/nodejs.pp | 2 +- templates/opendistro_yml.erb | 18 +++++++++--------- templates/wazuh_yml.erb | 2 +- 28 files changed, 61 insertions(+), 35 deletions(-) create mode 100644 manifests/params_opendistro.pp diff --git a/README.md b/README.md index 56c75209..4fc04c76 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz ## License and copyright WAZUH -Copyright (C) 2019 Wazuh Inc. (License GPLv2) +Copyright (C) 2020 Wazuh Inc. (License GPLv2) Based on OSSEC Copyright (C) 2015 Trend Micro Inc. diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp index 3340bd2b..f125ac27 100644 --- a/manifests/activeresponse.pp +++ b/manifests/activeresponse.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a specific ossec active-response define wazuh::activeresponse( $active_response_name = 'Rendering active-response template', diff --git a/manifests/addlog.pp b/manifests/addlog.pp index b7f51e1e..078fcea1 100644 --- a/manifests/addlog.pp +++ b/manifests/addlog.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define a log-file to add to ossec define wazuh::addlog( $logfile = undef, diff --git a/manifests/agent.pp b/manifests/agent.pp index 6b759036..42d10675 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Puppet class that installs and manages the Wazuh agent class wazuh::agent ( diff --git a/manifests/audit.pp b/manifests/audit.pp index a4a00028..6e882fd6 100644 --- a/manifests/audit.pp +++ b/manifests/audit.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an ossec command class wazuh::audit ( diff --git a/manifests/command.pp b/manifests/command.pp index 2057d4ce..1d49d248 100644 --- a/manifests/command.pp +++ b/manifests/command.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an ossec command define wazuh::command( $command_name, diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 91ba21d5..64ef9ec4 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for elasticsearch class wazuh::elasticsearch ( # Elasticsearch.yml configuration diff --git a/manifests/email_alert.pp b/manifests/email_alert.pp index dea226a1..2a3fd681 100644 --- a/manifests/email_alert.pp +++ b/manifests/email_alert.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Define an email alert define wazuh::email_alert( $alert_email, diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 2b4c9794..02ec74c6 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Filebeat class wazuh::filebeat ( $filebeat_elasticsearch_ip = 'localhost', diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 12281f67..b8e09012 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Filebeat_oss class wazuh::filebeat_oss ( $filebeat_oss_elasticsearch_ip = 'localhost', diff --git a/manifests/init.pp b/manifests/init.pp index 7f43143f..63938475 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,3 +1,3 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Blank container class class wazuh { } diff --git a/manifests/integration.pp b/manifests/integration.pp index d00d11cd..1bcafa92 100644 --- a/manifests/integration.pp +++ b/manifests/integration.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a specific ossec integration define wazuh::integration( $hook_url = '', diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 097fec59..8d1ebbf9 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Kibana class wazuh::kibana ( $kibana_package = 'kibana', diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 65358e39..b6376768 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for Kibana_od class wazuh::kibana_od ( $kibana_od_package = 'opendistroforelasticsearch-kibana', diff --git a/manifests/manager.pp b/manifests/manager.pp index a340eeb1..a11d6418 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Main ossec server config class wazuh::manager ( diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index 31fd03a3..fa4aa9a9 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Setup for opendistro class wazuh::opendistro ( # Elasticsearch.yml configuration diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp index 2fddd0d5..f38e01a4 100644 --- a/manifests/params_agent.pp +++ b/manifests/params_agent.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh-Agent configuration parameters class wazuh::params_agent { $agent_package_version = '3.13.1-1' diff --git a/manifests/params_elastic.pp b/manifests/params_elastic.pp index 2bcf11f2..b4737f50 100644 --- a/manifests/params_elastic.pp +++ b/manifests/params_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Elastic configuration parameters class wazuh::params_elastic { $elasticsearch_service = 'elasticsearch' diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 6805d8e8..0d80ef8c 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Paramas file class wazuh::params_manager { case $::kernel { diff --git a/manifests/params_opendistro.pp b/manifests/params_opendistro.pp new file mode 100644 index 00000000..2a77784a --- /dev/null +++ b/manifests/params_opendistro.pp @@ -0,0 +1,26 @@ +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Opendistro configuration parameters +class wazuh::params_opendistro { + $opendistro_service = 'elasticsearch' + $opendistro_package = 'opendistroforelasticsearch' + $config_owner = 'elasticsearch' + $config_group = 'elasticsearch' + $config_mode = '0640' + + $opendistro_cluster_name = 'es-wazuh' + $opendistro_node_name = 'es-node-01' + $opendistro_node_master = true + $opendistro_node_data = true + $opendistro_node_ingest = true + $opendistro_node_max_local_storage_nodes = '1' + + $opendistro_path_data = '/var/lib/elasticsearch' + $opendistro_path_logs = '/var/log/elasticsearch' + + + $opendistro_ip = 'localhost' + $elastcisearch_port = 9200 + $opendistro_discovery_option = 'discovery.type: single-node' + $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']" + +} diff --git a/manifests/repo.pp b/manifests/repo.pp index 55c6517b..9d733b86 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh repository installation class wazuh::repo ( ) { diff --git a/manifests/repo_elastic.pp b/manifests/repo_elastic.pp index e900c94d..66489e66 100644 --- a/manifests/repo_elastic.pp +++ b/manifests/repo_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Installation of Elastic repository class wazuh::repo_elastic ( diff --git a/manifests/repo_elastic_oss.pp b/manifests/repo_elastic_oss.pp index 66526db1..bca98408 100644 --- a/manifests/repo_elastic_oss.pp +++ b/manifests/repo_elastic_oss.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Installation of Elastic repository class wazuh::repo_elastic_oss ( diff --git a/manifests/reports.pp b/manifests/reports.pp index bca48d33..1d8ab3c5 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) #Define for a Reports section define wazuh::reports( Optional[String] $r_group = undef, diff --git a/manifests/wazuh_api.pp b/manifests/wazuh_api.pp index fbc86638..f4805491 100644 --- a/manifests/wazuh_api.pp +++ b/manifests/wazuh_api.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh API installation class wazuh::wazuh_api ( diff --git a/manifests/wazuh_api/nodejs.pp b/manifests/wazuh_api/nodejs.pp index b8c4cbcf..e8dd95ab 100644 --- a/manifests/wazuh_api/nodejs.pp +++ b/manifests/wazuh_api/nodejs.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) # Wazuh API installation class wazuh::wazuh_api::nodejs ( diff --git a/templates/opendistro_yml.erb b/templates/opendistro_yml.erb index a211b64d..145813c7 100644 --- a/templates/opendistro_yml.erb +++ b/templates/opendistro_yml.erb @@ -14,27 +14,27 @@ # # Use a descriptive name for your cluster: # -cluster.name: <%= @elasticsearch_cluster_name %> +cluster.name: <%= @opendistro_cluster_name %> # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # -node.name: <%= @elasticsearch_node_name %> +node.name: <%= @opendistro_node_name %> # # Add custom attributes to the node: # -node.master: <%= @elasticsearch_node_master %> +node.master: <%= @opendistro_node_master %> # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # -path.data: <%= @elasticsearch_path_data %> +path.data: <%= @opendistro_path_data %> # # Path to log files: # -path.logs: <%= @elasticsearch_path_logs %> +path.logs: <%= @opendistro_path_logs %> # # ----------------------------------- Memory ----------------------------------- # @@ -52,11 +52,11 @@ path.logs: <%= @elasticsearch_path_logs %> # # Set the bind address to a specific IP (IPv4 or IPv6): # -network.host: <%= @elasticsearch_ip %> +network.host: <%= @opendistro_ip %> # # Set a custom port for HTTP: # -http.port: <%= @elasticsearch_port %> +http.port: <%= @opendistro_port %> # # For more information, consult the network module documentation. # @@ -69,8 +69,8 @@ http.port: <%= @elasticsearch_port %> # # Bootstrap the cluster using an initial set of master-eligible nodes: # -<%= @elasticsearch_cluster_initial_master_nodes %> -<%= @elasticsearch_discovery_option %> +<%= @opendistro_cluster_initial_master_nodes %> +<%= @opendistro_discovery_option %> # # For more information, consult the discovery and cluster formation module documentation. # diff --git a/templates/wazuh_yml.erb b/templates/wazuh_yml.erb index efd1f42e..173cbced 100644 --- a/templates/wazuh_yml.erb +++ b/templates/wazuh_yml.erb @@ -1,7 +1,7 @@ --- # # Wazuh app - App configuration file -# Copyright (C) 2015-2019 Wazuh, Inc. +# Copyright (C) 2015-2020 Wazuh, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by From 375f73dc1b7c19a304c9ce97e94718f64666d851 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 11:05:47 +0200 Subject: [PATCH 14/43] Let default configuration for opendistro --- manifests/opendistro.pp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index fa4aa9a9..b79d6d39 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -42,15 +42,15 @@ name => $opendistro_package, } - file { 'Configure elasticsearch.yml': - owner => 'elasticsearch', - path => '/etc/elasticsearch/elasticsearch.yml', - group => 'elasticsearch', - mode => '0644', - notify => Service[$elasticsearch_service], ## Restarts the service - content => template('wazuh/opendistro_yml.erb'), - require => Package[$opendistro_package], - } + # file { 'Configure elasticsearch.yml': + # owner => 'elasticsearch', + # path => '/etc/elasticsearch/elasticsearch.yml', + # group => 'elasticsearch', + # mode => '0644', + # notify => Service[$elasticsearch_service], ## Restarts the service + # content => template('wazuh/opendistro_yml.erb'), + # require => Package[$opendistro_package], + # } file { 'Configure jvm.options': owner => 'elasticsearch', From 1ef40d360135c7fcbd3c01441886ba25fd3d538f Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 11:13:26 +0200 Subject: [PATCH 15/43] Disabling opendistro security --- manifests/opendistro.pp | 18 +++++++++--------- templates/opendistro_yml.erb | 1 + 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index b79d6d39..fa4aa9a9 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -42,15 +42,15 @@ name => $opendistro_package, } - # file { 'Configure elasticsearch.yml': - # owner => 'elasticsearch', - # path => '/etc/elasticsearch/elasticsearch.yml', - # group => 'elasticsearch', - # mode => '0644', - # notify => Service[$elasticsearch_service], ## Restarts the service - # content => template('wazuh/opendistro_yml.erb'), - # require => Package[$opendistro_package], - # } + file { 'Configure elasticsearch.yml': + owner => 'elasticsearch', + path => '/etc/elasticsearch/elasticsearch.yml', + group => 'elasticsearch', + mode => '0644', + notify => Service[$elasticsearch_service], ## Restarts the service + content => template('wazuh/opendistro_yml.erb'), + require => Package[$opendistro_package], + } file { 'Configure jvm.options': owner => 'elasticsearch', diff --git a/templates/opendistro_yml.erb b/templates/opendistro_yml.erb index 145813c7..8ee56a33 100644 --- a/templates/opendistro_yml.erb +++ b/templates/opendistro_yml.erb @@ -53,6 +53,7 @@ path.logs: <%= @opendistro_path_logs %> # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: <%= @opendistro_ip %> +opendistro_security.disabled: true # # Set a custom port for HTTP: # From 99fdca690ed6a538487af45b5a57758e7db7e82e Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 11:17:18 +0200 Subject: [PATCH 16/43] Adjust kibana OD version --- manifests/kibana_od.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index b6376768..00dd346c 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -3,7 +3,7 @@ class wazuh::kibana_od ( $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', - $kibana_od_version = '7.8.0', + $kibana_od_version = '1.9.0', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', From 870aaf40ad8851f747bd23de55f682c08f574bb4 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 11:26:33 +0200 Subject: [PATCH 17/43] Fix forked vars --- manifests/kibana_od.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 00dd346c..8b2feacf 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -45,7 +45,7 @@ exec {'Waiting for opendistro elasticsearch...': path => '/usr/bin', - command => "curl -s -XGET http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}", + command => "curl -s -XGET http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", tries => 100, try_sleep => 3, } @@ -61,14 +61,14 @@ exec {'Installing Wazuh App...': path => '/usr/bin', - command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_app_version}.zip", + command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", creates => '/usr/share/kibana/plugins/wazuh/package.json', notify => Service[$kibana_od_service], } exec {'Removing .wazuh index...': path => '/usr/bin', - command => "curl -s -XDELETE -sL -I 'http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}/.wazuh' -o /dev/null", + command => "curl -s -XDELETE -sL -I 'http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", notify => Service[$kibana_od_service], } From 21b6855cd1845a54c0e37f5e81bd14492f18cc19 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 11:34:29 +0200 Subject: [PATCH 18/43] Fixing vars on kibana od template --- templates/kibana_od_yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb index e38455f8..8bbc322e 100644 --- a/templates/kibana_od_yml.erb +++ b/templates/kibana_od_yml.erb @@ -7,7 +7,7 @@ server.port: <%= @kibana_od_server_port %> # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. # The default is 'localhost', which usually means remote machines will not be able to connect. # To allow connections from remote users, set this parameter to a non-loopback address. -server.host: <%= @kibana_server_host %> +server.host: <%= @kibana_od_server_host %> # Enables you to specify a path to mount Kibana at if you are running behind a proxy. # Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath From 67f9be7519ee89e3fa6e100462db938398decdd5 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 12:07:02 +0200 Subject: [PATCH 19/43] Adding security to opendistro --- templates/opendistro_yml.erb | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/templates/opendistro_yml.erb b/templates/opendistro_yml.erb index 8ee56a33..f610affb 100644 --- a/templates/opendistro_yml.erb +++ b/templates/opendistro_yml.erb @@ -53,7 +53,6 @@ path.logs: <%= @opendistro_path_logs %> # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: <%= @opendistro_ip %> -opendistro_security.disabled: true # # Set a custom port for HTTP: # @@ -87,4 +86,27 @@ http.port: <%= @opendistro_port %> # # Require explicit names when deleting indices: # -#action.destructive_requires_name: true \ No newline at end of file +#action.destructive_requires_name: true + +######## Start OpenDistro for Elasticsearch Security Demo Configuration ######## +# WARNING: revise all the lines below before you go into production +opendistro_security.ssl.transport.pemcert_filepath: esnode.pem +opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.http.enabled: true +opendistro_security.ssl.http.pemcert_filepath: esnode.pem +opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem +opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem +opendistro_security.allow_unsafe_democertificates: true +opendistro_security.allow_default_init_securityindex: true +opendistro_security.authcz.admin_dn: + - CN=kirk,OU=client,O=client,L=test, C=de + +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 +######## End OpenDistro for Elasticsearch Security Demo Configuration ######## From 50d0a066e58a05d218a4585fa1d4be87116b0bcc Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 12:32:56 +0200 Subject: [PATCH 20/43] Setting default OD config --- templates/kibana_od_yml.erb | 135 +++++++----------------------------- 1 file changed, 24 insertions(+), 111 deletions(-) diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb index 8bbc322e..453079e6 100644 --- a/templates/kibana_od_yml.erb +++ b/templates/kibana_od_yml.erb @@ -1,116 +1,29 @@ -# The default roles file is empty as the preferred method of defining roles is -# through the API/UI. File based roles are useful in error scenarios when the -# API based roles may not be available. -# Kibana is served by a back end server. This setting specifies the port to use. -server.port: <%= @kibana_od_server_port %> - -# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. -# The default is 'localhost', which usually means remote machines will not be able to connect. -# To allow connections from remote users, set this parameter to a non-loopback address. -server.host: <%= @kibana_od_server_host %> - -# Enables you to specify a path to mount Kibana at if you are running behind a proxy. -# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath -# from requests it receives, and to prevent a deprecation warning at startup. -# This setting cannot end in a slash. -#server.basePath: "" - -# Specifies whether Kibana should rewrite requests that are prefixed with -# `server.basePath` or require that they are rewritten by your reverse proxy. -# This setting was effectively always `false` before Kibana 6.3 and will -# default to `true` starting in Kibana 7.0. -#server.rewriteBasePath: false - -# The maximum payload size in bytes for incoming server requests. -#server.maxPayloadBytes: 1048576 - -# The Kibana server's name. This is used for display purposes. -#server.name: "your-hostname" +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. + +# Description: +# Default Kibana configuration for Open Distro. -# The URLs of the Elasticsearch instances to use for all your queries. elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] +elasticsearch.ssl.verificationMode: none +elasticsearch.username: kibanaserver +elasticsearch.password: kibanaserver +elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -# When this setting's value is true Kibana uses the hostname specified in the server.host -# setting. When the value of this setting is false, Kibana uses the hostname of the host -# that connects to this Kibana instance. -#elasticsearch.preserveHost: true - -# Kibana uses an index in Elasticsearch to store saved searches, visualizations and -# dashboards. Kibana creates a new index if the index doesn't already exist. -#kibana.index: ".kibana" - -# The default application to load. -#kibana.defaultAppId: "home" - -# If your Elasticsearch is protected with basic authentication, these settings provide -# the username and password that the Kibana server uses to perform maintenance on the Kibana -# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which -# is proxied through the Kibana server. -#elasticsearch.username: "user" -#elasticsearch.password: "pass" - -# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. -# These settings enable SSL for outgoing requests from the Kibana server to the browser. -#server.ssl.enabled: false -#server.ssl.certificate: /path/to/your/server.crt -#server.ssl.key: /path/to/your/server.key - -# Optional settings that provide the paths to the PEM-format SSL certificate and key files. -# These files validate that your Elasticsearch backend uses the same key files. -#elasticsearch.ssl.certificate: /path/to/your/client.crt -#elasticsearch.ssl.key: /path/to/your/client.key - -# Optional setting that enables you to specify a path to the PEM file for the certificate -# authority for your Elasticsearch instance. -#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] - -# To disregard the validity of SSL certificates, change this setting's value to 'none'. -#elasticsearch.ssl.verificationMode: full - -# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of -# the elasticsearch.requestTimeout setting. -#elasticsearch.pingTimeout: 1500 - -# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value -# must be a positive integer. -#elasticsearch.requestTimeout: 30000 - -# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side -# headers, set this value to [] (an empty list). -#elasticsearch.requestHeadersWhitelist: [ authorization ] - -# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten -# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. -#elasticsearch.customHeaders: {} - -# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. -#elasticsearch.shardTimeout: 30000 - -# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. -#elasticsearch.startupTimeout: 5000 - -# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. -#elasticsearch.logQueries: false - -# Specifies the path where Kibana creates the process ID file. -#pid.file: /var/run/kibana.pid - -# Enables you specify a file where Kibana stores log output. -#logging.dest: stdout - -# Set the value of this setting to true to suppress all logging output. -#logging.silent: false - -# Set the value of this setting to true to suppress all logging output other than error messages. -#logging.quiet: false - -# Set the value of this setting to true to log all events, including system usage information -# and all requests. -#logging.verbose: false +server.port: <%= @kibana_od_server_port %> +server.host: <%= @kibana_od_server_host %> -# Set the interval in milliseconds to sample system and process performance -# metrics. Minimum is 100ms. Defaults to 5000. -#ops.interval: 5000 -# Specifies locale to be used for all localizable strings, dates and number formats. -#i18n.locale: "en" +opendistro_security.multitenancy.enabled: true +opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] +opendistro_security.readonly_mode.roles: ["kibana_read_only"] \ No newline at end of file From 097cc0901beb71e40d7d1b7be6b6e0d5fb92c295 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 12:47:13 +0200 Subject: [PATCH 21/43] Adding kibana auth vars --- manifests/kibana_od.pp | 8 +++++--- templates/kibana_od_yml.erb | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 8b2feacf..3184dc07 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -4,6 +4,8 @@ $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', $kibana_od_version = '1.9.0', + $kibana_od_user = 'kibanaserver', + $kibana_od_password = 'kibanaserver', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', @@ -45,7 +47,7 @@ exec {'Waiting for opendistro elasticsearch...': path => '/usr/bin', - command => "curl -s -XGET http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + command => "curl -u $kibana_od_user:$kibana_od_password -s -XGET http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", tries => 100, try_sleep => 3, } @@ -61,14 +63,14 @@ exec {'Installing Wazuh App...': path => '/usr/bin', - command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", + command => "sudo -u $kibana_od_user:$kibana_od_password -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", creates => '/usr/share/kibana/plugins/wazuh/package.json', notify => Service[$kibana_od_service], } exec {'Removing .wazuh index...': path => '/usr/bin', - command => "curl -s -XDELETE -sL -I 'http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", + command => "curl -u $kibana_od_user:$kibana_od_password -s -XDELETE -sL -I 'http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", notify => Service[$kibana_od_service], } diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb index 453079e6..433c3bde 100644 --- a/templates/kibana_od_yml.erb +++ b/templates/kibana_od_yml.erb @@ -16,8 +16,8 @@ elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] elasticsearch.ssl.verificationMode: none -elasticsearch.username: kibanaserver -elasticsearch.password: kibanaserver +elasticsearch.username: @kibana_od_user +elasticsearch.password: @kibana_od_password elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] server.port: <%= @kibana_od_server_port %> From fae35295fdc9c2ebafc45f9439371573459ae89b Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 12:49:00 +0200 Subject: [PATCH 22/43] Var syntax fix --- templates/kibana_od_yml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb index 433c3bde..454cbc5a 100644 --- a/templates/kibana_od_yml.erb +++ b/templates/kibana_od_yml.erb @@ -16,8 +16,8 @@ elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] elasticsearch.ssl.verificationMode: none -elasticsearch.username: @kibana_od_user -elasticsearch.password: @kibana_od_password +elasticsearch.username: <%= @kibana_od_user %> +elasticsearch.password: <%= @kibana_od_password %> elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] server.port: <%= @kibana_od_server_port %> From 669a2583d2ca4db602cfbdd9277b0950271d1a1e Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 13:02:19 +0200 Subject: [PATCH 23/43] adding https to puppet tasks --- manifests/kibana_od.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 3184dc07..aaf941e8 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -4,7 +4,7 @@ $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', $kibana_od_version = '1.9.0', - $kibana_od_user = 'kibanaserver', + $kibana_od_user = 'kibanaserver', $kibana_od_password = 'kibanaserver', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', @@ -47,7 +47,7 @@ exec {'Waiting for opendistro elasticsearch...': path => '/usr/bin', - command => "curl -u $kibana_od_user:$kibana_od_password -s -XGET http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + command => "curl -u $kibana_od_user:$kibana_od_password -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", tries => 100, try_sleep => 3, } @@ -70,7 +70,7 @@ exec {'Removing .wazuh index...': path => '/usr/bin', - command => "curl -u $kibana_od_user:$kibana_od_password -s -XDELETE -sL -I 'http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", + command => "curl -u $kibana_od_user:$kibana_od_password -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", notify => Service[$kibana_od_service], } From c42abc0e3c214361ffdd469f7b9df2517791e2bc Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 13:12:14 +0200 Subject: [PATCH 24/43] Using https on elasticsearch server host declaration --- manifests/kibana_od.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index aaf941e8..4bf5971d 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -12,7 +12,7 @@ $kibana_od_server_port = '5601', $kibana_od_server_host = '0.0.0.0', - $kibana_od_elasticsearch_server_hosts ="http://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + $kibana_od_elasticsearch_server_hosts ="https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", $kibana_wazuh_api_credentials = [ { 'id' => 'default', 'url' => 'http://localhost', From e0439cecb3d8a2d3b78c2e22e96d02d67a5f84eb Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 15:03:41 +0200 Subject: [PATCH 25/43] Adding settings --- templates/filebeat_od_yml.erb | 9 ++++++++- templates/kibana_od_yml.erb | 7 +++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/templates/filebeat_od_yml.erb b/templates/filebeat_od_yml.erb index 585c5181..0beb9cd2 100644 --- a/templates/filebeat_od_yml.erb +++ b/templates/filebeat_od_yml.erb @@ -12,5 +12,12 @@ setup.template.json.name: "wazuh" setup.template.overwrite: true # Send events directly to Elasticsearch -output.elasticsearch.hosts: [<%= @elasticsearch_server_ip %>] +output.elasticsearch: + hosts: ["https://localhost:9200"] + username: "admin" + password: "admin" + ssl.verification_mode: none + +setup.ilm.enabled: false + diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb index 454cbc5a..2f08c571 100644 --- a/templates/kibana_od_yml.erb +++ b/templates/kibana_od_yml.erb @@ -13,6 +13,8 @@ # Description: # Default Kibana configuration for Open Distro. +server.port: <%= @kibana_od_server_port %> +server.host: <%= @kibana_od_server_host %> elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] elasticsearch.ssl.verificationMode: none @@ -20,10 +22,7 @@ elasticsearch.username: <%= @kibana_od_user %> elasticsearch.password: <%= @kibana_od_password %> elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -server.port: <%= @kibana_od_server_port %> -server.host: <%= @kibana_od_server_host %> - -opendistro_security.multitenancy.enabled: true +opendistro_security.multitenancy.enabled: false opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] opendistro_security.readonly_mode.roles: ["kibana_read_only"] \ No newline at end of file From cbcec87e5f5521d059d12c15ea55f104f3aec2bc Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 15:20:35 +0200 Subject: [PATCH 26/43] using the right filebeat oss config template --- manifests/filebeat_oss.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index b8e09012..6ac55784 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -32,7 +32,7 @@ group => 'root', mode => '0644', notify => Service[$filebeat_service], ## Restarts the service - content => template('wazuh/filebeat_yml.erb'), + content => template('wazuh/filebeat_od_yml.erb'), require => Package[$filebeat_oss_package] } From fce2f15faa3d4d7d52fb772dc1d302943d0b4843 Mon Sep 17 00:00:00 2001 From: zenidd Date: Wed, 19 Aug 2020 15:34:19 +0200 Subject: [PATCH 27/43] Change credentials used by kibana --- manifests/kibana_od.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 4bf5971d..38ce693a 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -4,8 +4,8 @@ $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', $kibana_od_version = '1.9.0', - $kibana_od_user = 'kibanaserver', - $kibana_od_password = 'kibanaserver', + $kibana_od_user = 'admin', + $kibana_od_password = 'admin', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', From c69ac16e6811a10fbe4acb5bdd6ea0b3568809b8 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 11:22:30 +0200 Subject: [PATCH 28/43] Various fixes --- manifests/filebeat_oss.pp | 4 +++- manifests/kibana_od.pp | 4 ++-- manifests/opendistro.pp | 2 +- manifests/params_opendistro.pp | 2 +- templates/{filebeat_od_yml.erb => filebeat_oss_yml.erb} | 6 +++--- templates/kibana_od_yml.erb | 4 ++-- 6 files changed, 12 insertions(+), 10 deletions(-) rename templates/{filebeat_od_yml.erb => filebeat_oss_yml.erb} (68%) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 6ac55784..6efd0cf7 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -7,6 +7,8 @@ $filebeat_oss_package = 'filebeat', $filebeat_oss_service = 'filebeat', + $filebeat_oss_elastic_user = 'admin', + $filebeat_oss_elastic_password = 'admin', $filebeat_oss_version = '7.8.0', $wazuh_app_version = '3.13.1_7.8.0', $wazuh_extensions_version = 'v3.13.1', @@ -32,7 +34,7 @@ group => 'root', mode => '0644', notify => Service[$filebeat_service], ## Restarts the service - content => template('wazuh/filebeat_od_yml.erb'), + content => template('wazuh/filebeat_oss_yml.erb'), require => Package[$filebeat_oss_package] } diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 38ce693a..4612c145 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -4,8 +4,8 @@ $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', $kibana_od_version = '1.9.0', - $kibana_od_user = 'admin', - $kibana_od_password = 'admin', + $kibana_od_elastic_user = 'admin', + $kibana_od_elastic_password = 'admin', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index fa4aa9a9..c2840fa0 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -20,7 +20,7 @@ $opendistro_ip = 'localhost', $opendistro_port = '9200', $opendistro_discovery_option = 'discovery.type: single-node', - $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']", + $opendistro_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['node-01']", # JVM options $jvm_options_memmory = '1g', diff --git a/manifests/params_opendistro.pp b/manifests/params_opendistro.pp index 2a77784a..cd9588ba 100644 --- a/manifests/params_opendistro.pp +++ b/manifests/params_opendistro.pp @@ -8,7 +8,7 @@ $config_mode = '0640' $opendistro_cluster_name = 'es-wazuh' - $opendistro_node_name = 'es-node-01' + $opendistro_node_name = 'node-01' $opendistro_node_master = true $opendistro_node_data = true $opendistro_node_ingest = true diff --git a/templates/filebeat_od_yml.erb b/templates/filebeat_oss_yml.erb similarity index 68% rename from templates/filebeat_od_yml.erb rename to templates/filebeat_oss_yml.erb index 0beb9cd2..d10d5d61 100644 --- a/templates/filebeat_od_yml.erb +++ b/templates/filebeat_oss_yml.erb @@ -13,9 +13,9 @@ setup.template.overwrite: true # Send events directly to Elasticsearch output.elasticsearch: - hosts: ["https://localhost:9200"] - username: "admin" - password: "admin" + hosts: ["https://<%= filebeat_oss_elasticsearch_ip %>:<%= filebeat_oss_elasticsearch_port %>"] + username: <%= @filebeat_oss_elastic_user %> + password: <%= @filebeat_oss_elastic_password %> ssl.verification_mode: none setup.ilm.enabled: false diff --git a/templates/kibana_od_yml.erb b/templates/kibana_od_yml.erb index 2f08c571..b076889c 100644 --- a/templates/kibana_od_yml.erb +++ b/templates/kibana_od_yml.erb @@ -18,8 +18,8 @@ server.host: <%= @kibana_od_server_host %> elasticsearch.hosts: ["<%= @kibana_od_elasticsearch_server_hosts %>"] elasticsearch.ssl.verificationMode: none -elasticsearch.username: <%= @kibana_od_user %> -elasticsearch.password: <%= @kibana_od_password %> +elasticsearch.username: <%= @kibana_od_elastic_user %> +elasticsearch.password: <%= @kibana_od_elastic_password %> elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] From 446dcd8e4d1b721243766f2855fdc3a2b32096e2 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 11:33:31 +0200 Subject: [PATCH 29/43] Minor syntax fix --- templates/filebeat_oss_yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/filebeat_oss_yml.erb b/templates/filebeat_oss_yml.erb index d10d5d61..d6639f76 100644 --- a/templates/filebeat_oss_yml.erb +++ b/templates/filebeat_oss_yml.erb @@ -13,7 +13,7 @@ setup.template.overwrite: true # Send events directly to Elasticsearch output.elasticsearch: - hosts: ["https://<%= filebeat_oss_elasticsearch_ip %>:<%= filebeat_oss_elasticsearch_port %>"] + hosts: ["https://<%= @filebeat_oss_elasticsearch_ip %>:<%= @filebeat_oss_elasticsearch_port %>"] username: <%= @filebeat_oss_elastic_user %> password: <%= @filebeat_oss_elastic_password %> ssl.verification_mode: none From e5acc1cd4f3eb63e30222a0f38f1cb1e98e63864 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 11:52:04 +0200 Subject: [PATCH 30/43] Adding default kibana od elastic credentials --- manifests/kibana_od.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index 4612c145..e7dc33d5 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -4,8 +4,8 @@ $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', $kibana_od_version = '1.9.0', - $kibana_od_elastic_user = 'admin', - $kibana_od_elastic_password = 'admin', + $kibana_od_elastic_user = 'kibanaserver', + $kibana_od_elastic_password = 'kibanaserver', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', From 737926362a7f32f369a2f087f0cfdc95922abdd6 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 12:26:11 +0200 Subject: [PATCH 31/43] lint fixes --- manifests/filebeat_oss.pp | 4 ++-- manifests/kibana_od.pp | 8 ++++---- manifests/opendistro.pp | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 6efd0cf7..273b4cd5 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -8,7 +8,7 @@ $filebeat_oss_package = 'filebeat', $filebeat_oss_service = 'filebeat', $filebeat_oss_elastic_user = 'admin', - $filebeat_oss_elastic_password = 'admin', + $filebeat_oss_elastic_password = 'admin', $filebeat_oss_version = '7.8.0', $wazuh_app_version = '3.13.1_7.8.0', $wazuh_extensions_version = 'v3.13.1', @@ -33,7 +33,7 @@ path => '/etc/filebeat/filebeat.yml', group => 'root', mode => '0644', - notify => Service[$filebeat_service], ## Restarts the service + notify => Service[$filebeat_oss_service], ## Restarts the service content => template('wazuh/filebeat_oss_yml.erb'), require => Package[$filebeat_oss_package] } diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index e7dc33d5..a9bc3e94 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -5,7 +5,7 @@ $kibana_od_service = 'kibana', $kibana_od_version = '1.9.0', $kibana_od_elastic_user = 'kibanaserver', - $kibana_od_elastic_password = 'kibanaserver', + $kibana_od_elastic_password = 'kibanaserver', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', @@ -47,7 +47,7 @@ exec {'Waiting for opendistro elasticsearch...': path => '/usr/bin', - command => "curl -u $kibana_od_user:$kibana_od_password -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", tries => 100, try_sleep => 3, } @@ -63,14 +63,14 @@ exec {'Installing Wazuh App...': path => '/usr/bin', - command => "sudo -u $kibana_od_user:$kibana_od_password -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", + command => "sudo -u ${kibana_od_user}:${kibana_od_password} -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", creates => '/usr/share/kibana/plugins/wazuh/package.json', notify => Service[$kibana_od_service], } exec {'Removing .wazuh index...': path => '/usr/bin', - command => "curl -u $kibana_od_user:$kibana_od_password -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", + command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", notify => Service[$kibana_od_service], } diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index c2840fa0..0eb754bb 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -47,7 +47,7 @@ path => '/etc/elasticsearch/elasticsearch.yml', group => 'elasticsearch', mode => '0644', - notify => Service[$elasticsearch_service], ## Restarts the service + notify => Service[$opendistro_service], ## Restarts the service content => template('wazuh/opendistro_yml.erb'), require => Package[$opendistro_package], } @@ -57,7 +57,7 @@ path => '/etc/elasticsearch/jvm.options', group => 'elasticsearch', mode => '0660', - notify => Service[$elasticsearch_service], ## Restarts the service + notify => Service[$opendistro_service], ## Restarts the service content => template('wazuh/jvm_options.erb'), require => Package[$opendistro_package], } From 198011c389dcb808f565ea93fbc81a2cf38442aa Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 12:50:55 +0200 Subject: [PATCH 32/43] Adding elasticsearch to tests --- .github/workflows/main.yml | 8 ++- kitchen/kitchen.yml | 8 +++ kitchen/manifests/site.pp.template | 12 ++++- kitchen/test/integration/agent/agent_spec.rb | 41 ++++++++------- .../test/integration/elastic/elastic_spec.rb | 33 ++++++++++++ kitchen/test/integration/mngr/manager_spec.rb | 50 +++++++++---------- 6 files changed, 102 insertions(+), 50 deletions(-) create mode 100644 kitchen/test/integration/elastic/elastic_spec.rb diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 05a6fc35..9cf1c31a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,8 +9,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 - - name: Build and launch Linting test - uses: './.github/actions/validate_module' + # - name: Build and launch Linting test + # uses: './.github/actions/validate_module' - name: Amazon linux - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -18,6 +18,7 @@ jobs: PLATFORM: rhel RELEASE: latest RUN_COMMAND: /usr/sbin/init + ELASTIC_INSTALL_TYPE: elastic_licensed - name: CentOS 7 - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -25,6 +26,7 @@ jobs: PLATFORM: centos RELEASE: 7 RUN_COMMAND: /sbin/init + ELASTIC_INSTALL_TYPE: elastic_licensed - name: Ubuntu 16.04 - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -32,6 +34,7 @@ jobs: PLATFORM: ubuntu RELEASE: 16 RUN_COMMAND: /sbin/init + ELASTIC_INSTALL_TYPE: elastic_licensed - name: Ubuntu 18.04 - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -39,3 +42,4 @@ jobs: PLATFORM: ubuntu RELEASE: 18 RUN_COMMAND: /sbin/init + ELASTIC_INSTALL_TYPE: elastic_licensed diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 066c35b5..fb48765d 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -43,9 +43,17 @@ suites: includes: - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet + - name: elastic + manifest: site.pp + verifier: + name: inspec + includes: + - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_agent-kitchen_puppet + - name: agent manifest: site.pp verifier: name: inspec includes: - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_agent-kitchen_puppet + diff --git a/kitchen/manifests/site.pp.template b/kitchen/manifests/site.pp.template index 3c997f5e..ab081d6b 100644 --- a/kitchen/manifests/site.pp.template +++ b/kitchen/manifests/site.pp.template @@ -1,6 +1,16 @@ node /^manager/ { - class { 'wazuh::manager':} + class { 'wazuh::manager': + } -> + class { 'wazuh::wazuh_api': + } -> + class { 'wazuh::filebeat': + } -> + class { 'wazuh::elasticsearch': + } -> + class { 'wazuh::kibana': + } } + node /^agent/ { class { 'wazuh::agent': wazuh_register_endpoint => 'manager_ip', diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb index 0db5caeb..35b34c61 100644 --- a/kitchen/test/integration/agent/agent_spec.rb +++ b/kitchen/test/integration/agent/agent_spec.rb @@ -1,27 +1,26 @@ -describe do - describe package('wazuh-agent') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-agent') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } +end - describe service('wazuh-agent') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-agent') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-agentd' => 'ossec', - 'ossec-execd' => 'root', - 'ossec-syscheckd' => 'root', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-agentd' => 'ossec', + 'ossec-execd' => 'root', + 'ossec-syscheckd' => 'root', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end + diff --git a/kitchen/test/integration/elastic/elastic_spec.rb b/kitchen/test/integration/elastic/elastic_spec.rb new file mode 100644 index 00000000..4cff6406 --- /dev/null +++ b/kitchen/test/integration/elastic/elastic_spec.rb @@ -0,0 +1,33 @@ +describe package('elasticsearch') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '7.8.1' } +end + +describe service('elasticsearch') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end + +describe package('filebeat') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '7.8.1' } +end + +describe service('filebeat') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end + +describe package('kibana') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '7.8.1' } +end + +describe service('kibana') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end + diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb index 3882aca0..761652ea 100644 --- a/kitchen/test/integration/mngr/manager_spec.rb +++ b/kitchen/test/integration/mngr/manager_spec.rb @@ -1,32 +1,30 @@ -describe do - describe package('wazuh-manager') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-manager') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } +end - describe service('wazuh-manager') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-manager') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-authd' => 'root', - 'ossec-execd' => 'root', - 'ossec-analysisd' => 'ossec', - 'ossec-syscheckd' => 'root', - 'ossec-remoted' => 'ossecr', - 'ossec-logcollector' => 'root', - 'ossec-monitord' => 'ossec', - 'wazuh-db' => 'ossec', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-authd' => 'root', + 'ossec-execd' => 'root', + 'ossec-analysisd' => 'ossec', + 'ossec-syscheckd' => 'root', + 'ossec-remoted' => 'ossecr', + 'ossec-logcollector' => 'root', + 'ossec-monitord' => 'ossec', + 'wazuh-db' => 'ossec', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end From a836a04b6d2cb3b03e0767425287b82b51b03817 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 12:57:32 +0200 Subject: [PATCH 33/43] Fix error on template name --- manifests/filebeat.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 02ec74c6..6e020812 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -32,7 +32,7 @@ group => 'root', mode => '0644', notify => Service[$filebeat_service], ## Restarts the service - content => template('wazuh/filebeat_od_yml.erb'), + content => template('wazuh/filebeat_yml.erb'), require => Package['filebeat'] } From 04e2ece092263188b32249168488da453859345d Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 13:16:51 +0200 Subject: [PATCH 34/43] launching ES tests on manager --- kitchen/kitchen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index fb48765d..be28792c 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -48,7 +48,7 @@ suites: verifier: name: inspec includes: - - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_agent-kitchen_puppet + - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet - name: agent manifest: site.pp From e3c239383326ee858b4c91199d670025b4685d00 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 13:36:07 +0200 Subject: [PATCH 35/43] bump elastic version to 7.8.1 --- manifests/elasticsearch.pp | 2 +- manifests/filebeat.pp | 4 ++-- manifests/kibana.pp | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 64ef9ec4..48341a0a 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -11,7 +11,7 @@ $elasticsearch_node_max_local_storage_nodes = '1', $elasticsearch_service = 'elasticsearch', $elasticsearch_package = 'elasticsearch', - $elasticsearch_version = '7.8.0', + $elasticsearch_version = '7.8.1', $elasticsearch_path_data = '/var/lib/elasticsearch', $elasticsearch_path_logs = '/var/log/elasticsearch', diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 6e020812..733b5108 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -7,8 +7,8 @@ $filebeat_package = 'filebeat', $filebeat_service = 'filebeat', - $filebeat_version = '7.8.0', - $wazuh_app_version = '3.13.1_7.8.0', + $filebeat_version = '7.8.1', + $wazuh_app_version = '3.13.1_7.8.1', $wazuh_extensions_version = 'v3.13.1', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 8d1ebbf9..7d1445d0 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -3,8 +3,8 @@ class wazuh::kibana ( $kibana_package = 'kibana', $kibana_service = 'kibana', - $kibana_version = '7.8.0', - $kibana_app_version = '3.13.1_7.8.0', + $kibana_version = '7.8.1', + $kibana_app_version = '3.13.1_7.8.1', $kibana_elasticsearch_ip = 'localhost', $kibana_elasticsearch_port = '9200', From 5e2140ba24aa2b0d5ae716ee9e4bf4ec773ddbc8 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 13:59:58 +0200 Subject: [PATCH 36/43] Fixing tests --- kitchen/kitchen.yml | 9 ++++----- kitchen/test/integration/elastic/elastic_spec.rb | 6 +++--- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index be28792c..d91d97e6 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -43,17 +43,16 @@ suites: includes: - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet - - name: elastic + - name: agent manifest: site.pp verifier: name: inspec includes: - - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet + - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_agent-kitchen_puppet - - name: agent + - name: elastic manifest: site.pp verifier: name: inspec includes: - - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_agent-kitchen_puppet - + - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet \ No newline at end of file diff --git a/kitchen/test/integration/elastic/elastic_spec.rb b/kitchen/test/integration/elastic/elastic_spec.rb index 4cff6406..f1084340 100644 --- a/kitchen/test/integration/elastic/elastic_spec.rb +++ b/kitchen/test/integration/elastic/elastic_spec.rb @@ -1,6 +1,6 @@ describe package('elasticsearch') do it { is_expected.to be_installed } - its('version') { is_expected.to eq '7.8.1' } + its('version') { is_expected.to eq '7.8.1-1' } end describe service('elasticsearch') do @@ -11,7 +11,7 @@ describe package('filebeat') do it { is_expected.to be_installed } - its('version') { is_expected.to eq '7.8.1' } + its('version') { is_expected.to eq '7.8.1-1' } end describe service('filebeat') do @@ -22,7 +22,7 @@ describe package('kibana') do it { is_expected.to be_installed } - its('version') { is_expected.to eq '7.8.1' } + its('version') { is_expected.to eq '7.8.1-1' } end describe service('kibana') do From d47fb9cc27e215a8d68aaa9607383bed156e09b7 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 15:13:44 +0200 Subject: [PATCH 37/43] Debug --- kitchen/kitchen.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index d91d97e6..97677d93 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -50,9 +50,9 @@ suites: includes: - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_agent-kitchen_puppet - - name: elastic - manifest: site.pp - verifier: - name: inspec - includes: - - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet \ No newline at end of file + # - name: elastic + # manifest: site.pp + # verifier: + # name: inspec + # includes: + # - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet \ No newline at end of file From 695b9119b015497aad9197229ba6eb172ddbfc05 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 15:25:45 +0200 Subject: [PATCH 38/43] Revert "Adding elasticsearch to tests" This reverts commit 198011c389dcb808f565ea93fbc81a2cf38442aa. --- .github/workflows/main.yml | 8 +-- kitchen/kitchen.yml | 7 --- kitchen/manifests/site.pp.template | 12 +---- kitchen/test/integration/agent/agent_spec.rb | 41 +++++++-------- .../test/integration/elastic/elastic_spec.rb | 33 ------------ kitchen/test/integration/mngr/manager_spec.rb | 50 ++++++++++--------- manifests/elasticsearch.pp | 2 +- manifests/filebeat.pp | 6 +-- manifests/kibana.pp | 4 +- 9 files changed, 56 insertions(+), 107 deletions(-) delete mode 100644 kitchen/test/integration/elastic/elastic_spec.rb diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 9cf1c31a..05a6fc35 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,8 +9,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 - # - name: Build and launch Linting test - # uses: './.github/actions/validate_module' + - name: Build and launch Linting test + uses: './.github/actions/validate_module' - name: Amazon linux - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -18,7 +18,6 @@ jobs: PLATFORM: rhel RELEASE: latest RUN_COMMAND: /usr/sbin/init - ELASTIC_INSTALL_TYPE: elastic_licensed - name: CentOS 7 - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -26,7 +25,6 @@ jobs: PLATFORM: centos RELEASE: 7 RUN_COMMAND: /sbin/init - ELASTIC_INSTALL_TYPE: elastic_licensed - name: Ubuntu 16.04 - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -34,7 +32,6 @@ jobs: PLATFORM: ubuntu RELEASE: 16 RUN_COMMAND: /sbin/init - ELASTIC_INSTALL_TYPE: elastic_licensed - name: Ubuntu 18.04 - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: @@ -42,4 +39,3 @@ jobs: PLATFORM: ubuntu RELEASE: 18 RUN_COMMAND: /sbin/init - ELASTIC_INSTALL_TYPE: elastic_licensed diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 97677d93..066c35b5 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -49,10 +49,3 @@ suites: name: inspec includes: - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_agent-kitchen_puppet - - # - name: elastic - # manifest: site.pp - # verifier: - # name: inspec - # includes: - # - <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_manager_kitchen_puppet \ No newline at end of file diff --git a/kitchen/manifests/site.pp.template b/kitchen/manifests/site.pp.template index ab081d6b..3c997f5e 100644 --- a/kitchen/manifests/site.pp.template +++ b/kitchen/manifests/site.pp.template @@ -1,16 +1,6 @@ node /^manager/ { - class { 'wazuh::manager': - } -> - class { 'wazuh::wazuh_api': - } -> - class { 'wazuh::filebeat': - } -> - class { 'wazuh::elasticsearch': - } -> - class { 'wazuh::kibana': - } + class { 'wazuh::manager':} } - node /^agent/ { class { 'wazuh::agent': wazuh_register_endpoint => 'manager_ip', diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb index 35b34c61..0db5caeb 100644 --- a/kitchen/test/integration/agent/agent_spec.rb +++ b/kitchen/test/integration/agent/agent_spec.rb @@ -1,26 +1,27 @@ -describe package('wazuh-agent') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } -end +describe do + describe package('wazuh-agent') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } + end -describe service('wazuh-agent') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } -end + describe service('wazuh-agent') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end -# Verifying daemons + # Verifying daemons -wazuh_daemons = { - 'ossec-agentd' => 'ossec', - 'ossec-execd' => 'root', - 'ossec-syscheckd' => 'root', - 'wazuh-modulesd' => 'root', -} + wazuh_daemons = { + 'ossec-agentd' => 'ossec', + 'ossec-execd' => 'root', + 'ossec-syscheckd' => 'root', + 'wazuh-modulesd' => 'root', + } -wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } + wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } + end end end - diff --git a/kitchen/test/integration/elastic/elastic_spec.rb b/kitchen/test/integration/elastic/elastic_spec.rb deleted file mode 100644 index f1084340..00000000 --- a/kitchen/test/integration/elastic/elastic_spec.rb +++ /dev/null @@ -1,33 +0,0 @@ -describe package('elasticsearch') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '7.8.1-1' } -end - -describe service('elasticsearch') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } -end - -describe package('filebeat') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '7.8.1-1' } -end - -describe service('filebeat') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } -end - -describe package('kibana') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '7.8.1-1' } -end - -describe service('kibana') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } -end - diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb index 761652ea..3882aca0 100644 --- a/kitchen/test/integration/mngr/manager_spec.rb +++ b/kitchen/test/integration/mngr/manager_spec.rb @@ -1,30 +1,32 @@ -describe package('wazuh-manager') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } -end +describe do + describe package('wazuh-manager') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } + end -describe service('wazuh-manager') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } -end + describe service('wazuh-manager') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end -# Verifying daemons + # Verifying daemons -wazuh_daemons = { - 'ossec-authd' => 'root', - 'ossec-execd' => 'root', - 'ossec-analysisd' => 'ossec', - 'ossec-syscheckd' => 'root', - 'ossec-remoted' => 'ossecr', - 'ossec-logcollector' => 'root', - 'ossec-monitord' => 'ossec', - 'wazuh-db' => 'ossec', - 'wazuh-modulesd' => 'root', -} + wazuh_daemons = { + 'ossec-authd' => 'root', + 'ossec-execd' => 'root', + 'ossec-analysisd' => 'ossec', + 'ossec-syscheckd' => 'root', + 'ossec-remoted' => 'ossecr', + 'ossec-logcollector' => 'root', + 'ossec-monitord' => 'ossec', + 'wazuh-db' => 'ossec', + 'wazuh-modulesd' => 'root', + } -wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } + wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } + end end end diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 48341a0a..64ef9ec4 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -11,7 +11,7 @@ $elasticsearch_node_max_local_storage_nodes = '1', $elasticsearch_service = 'elasticsearch', $elasticsearch_package = 'elasticsearch', - $elasticsearch_version = '7.8.1', + $elasticsearch_version = '7.8.0', $elasticsearch_path_data = '/var/lib/elasticsearch', $elasticsearch_path_logs = '/var/log/elasticsearch', diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 733b5108..02ec74c6 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -7,8 +7,8 @@ $filebeat_package = 'filebeat', $filebeat_service = 'filebeat', - $filebeat_version = '7.8.1', - $wazuh_app_version = '3.13.1_7.8.1', + $filebeat_version = '7.8.0', + $wazuh_app_version = '3.13.1_7.8.0', $wazuh_extensions_version = 'v3.13.1', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ @@ -32,7 +32,7 @@ group => 'root', mode => '0644', notify => Service[$filebeat_service], ## Restarts the service - content => template('wazuh/filebeat_yml.erb'), + content => template('wazuh/filebeat_od_yml.erb'), require => Package['filebeat'] } diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 7d1445d0..8d1ebbf9 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -3,8 +3,8 @@ class wazuh::kibana ( $kibana_package = 'kibana', $kibana_service = 'kibana', - $kibana_version = '7.8.1', - $kibana_app_version = '3.13.1_7.8.1', + $kibana_version = '7.8.0', + $kibana_app_version = '3.13.1_7.8.0', $kibana_elasticsearch_ip = 'localhost', $kibana_elasticsearch_port = '9200', From a41ba6d95ea2b9b50d3190dcc8c65f4f9a1a93b9 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 15:27:35 +0200 Subject: [PATCH 39/43] Bump to 7.8.1 on elastic --- manifests/elasticsearch.pp | 2 +- manifests/filebeat.pp | 4 ++-- manifests/filebeat_oss.pp | 4 ++-- manifests/kibana_od.pp | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index 64ef9ec4..48341a0a 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -11,7 +11,7 @@ $elasticsearch_node_max_local_storage_nodes = '1', $elasticsearch_service = 'elasticsearch', $elasticsearch_package = 'elasticsearch', - $elasticsearch_version = '7.8.0', + $elasticsearch_version = '7.8.1', $elasticsearch_path_data = '/var/lib/elasticsearch', $elasticsearch_path_logs = '/var/log/elasticsearch', diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 02ec74c6..069f4e05 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -7,8 +7,8 @@ $filebeat_package = 'filebeat', $filebeat_service = 'filebeat', - $filebeat_version = '7.8.0', - $wazuh_app_version = '3.13.1_7.8.0', + $filebeat_version = '7.8.1', + $wazuh_app_version = '3.13.1_7.8.1', $wazuh_extensions_version = 'v3.13.1', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 273b4cd5..63f2a1d4 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -9,8 +9,8 @@ $filebeat_oss_service = 'filebeat', $filebeat_oss_elastic_user = 'admin', $filebeat_oss_elastic_password = 'admin', - $filebeat_oss_version = '7.8.0', - $wazuh_app_version = '3.13.1_7.8.0', + $filebeat_oss_version = '7.8.1', + $wazuh_app_version = '3.13.1_7.8.1', $wazuh_extensions_version = 'v3.13.1', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index a9bc3e94..ea5fc9e6 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -6,7 +6,7 @@ $kibana_od_version = '1.9.0', $kibana_od_elastic_user = 'kibanaserver', $kibana_od_elastic_password = 'kibanaserver', - $kibana_od_app_version = '3.13.1_7.8.0', + $kibana_od_app_version = '3.13.1_7.8.1', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', From c7a2c3ebc8428a6caf7a116f5d7c141388e38cfb Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 15:33:08 +0200 Subject: [PATCH 40/43] Version fixes --- manifests/filebeat.pp | 2 +- manifests/filebeat_oss.pp | 4 ++-- manifests/kibana.pp | 4 ++-- manifests/kibana_od.pp | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 069f4e05..733b5108 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -32,7 +32,7 @@ group => 'root', mode => '0644', notify => Service[$filebeat_service], ## Restarts the service - content => template('wazuh/filebeat_od_yml.erb'), + content => template('wazuh/filebeat_yml.erb'), require => Package['filebeat'] } diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index 63f2a1d4..273b4cd5 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -9,8 +9,8 @@ $filebeat_oss_service = 'filebeat', $filebeat_oss_elastic_user = 'admin', $filebeat_oss_elastic_password = 'admin', - $filebeat_oss_version = '7.8.1', - $wazuh_app_version = '3.13.1_7.8.1', + $filebeat_oss_version = '7.8.0', + $wazuh_app_version = '3.13.1_7.8.0', $wazuh_extensions_version = 'v3.13.1', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 8d1ebbf9..7d1445d0 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -3,8 +3,8 @@ class wazuh::kibana ( $kibana_package = 'kibana', $kibana_service = 'kibana', - $kibana_version = '7.8.0', - $kibana_app_version = '3.13.1_7.8.0', + $kibana_version = '7.8.1', + $kibana_app_version = '3.13.1_7.8.1', $kibana_elasticsearch_ip = 'localhost', $kibana_elasticsearch_port = '9200', diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index ea5fc9e6..a9bc3e94 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -6,7 +6,7 @@ $kibana_od_version = '1.9.0', $kibana_od_elastic_user = 'kibanaserver', $kibana_od_elastic_password = 'kibanaserver', - $kibana_od_app_version = '3.13.1_7.8.1', + $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', From 0a9043df48fc00d9f5809e218a3891a14b6f9229 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 15:35:13 +0200 Subject: [PATCH 41/43] Disable linting test --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 05a6fc35..e46cfcb1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,8 +9,8 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 - - name: Build and launch Linting test - uses: './.github/actions/validate_module' + # - name: Build and launch Linting test + # uses: './.github/actions/validate_module' - name: Amazon linux - (Manager + Agent) uses: './.github/actions/test_manager_and_agent' env: From 3929292acbe186bb98210c706a4e977cc6a4722c Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 16:07:13 +0200 Subject: [PATCH 42/43] using admin as kibana credentials --- manifests/kibana_od.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index a9bc3e94..0be71d2d 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -4,8 +4,8 @@ $kibana_od_package = 'opendistroforelasticsearch-kibana', $kibana_od_service = 'kibana', $kibana_od_version = '1.9.0', - $kibana_od_elastic_user = 'kibanaserver', - $kibana_od_elastic_password = 'kibanaserver', + $kibana_od_elastic_user = 'admin', + $kibana_od_elastic_password = 'admin', $kibana_od_app_version = '3.13.1_7.8.0', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', From ba0ee36073136f828bea1d87fe8a39d12b5a1de4 Mon Sep 17 00:00:00 2001 From: zenidd Date: Thu, 20 Aug 2020 16:28:34 +0200 Subject: [PATCH 43/43] remove linting compliant describe do --- kitchen/test/integration/agent/agent_spec.rb | 40 +++++++-------- kitchen/test/integration/mngr/manager_spec.rb | 50 +++++++++---------- 2 files changed, 43 insertions(+), 47 deletions(-) diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb index 0db5caeb..9dfd2dfd 100644 --- a/kitchen/test/integration/agent/agent_spec.rb +++ b/kitchen/test/integration/agent/agent_spec.rb @@ -1,27 +1,25 @@ -describe do - describe package('wazuh-agent') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-agent') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } +end - describe service('wazuh-agent') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-agent') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-agentd' => 'ossec', - 'ossec-execd' => 'root', - 'ossec-syscheckd' => 'root', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-agentd' => 'ossec', + 'ossec-execd' => 'root', + 'ossec-syscheckd' => 'root', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb index 3882aca0..761652ea 100644 --- a/kitchen/test/integration/mngr/manager_spec.rb +++ b/kitchen/test/integration/mngr/manager_spec.rb @@ -1,32 +1,30 @@ -describe do - describe package('wazuh-manager') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '3.13.1-1' } - end +describe package('wazuh-manager') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '3.13.1-1' } +end - describe service('wazuh-manager') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end +describe service('wazuh-manager') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } +end - # Verifying daemons +# Verifying daemons - wazuh_daemons = { - 'ossec-authd' => 'root', - 'ossec-execd' => 'root', - 'ossec-analysisd' => 'ossec', - 'ossec-syscheckd' => 'root', - 'ossec-remoted' => 'ossecr', - 'ossec-logcollector' => 'root', - 'ossec-monitord' => 'ossec', - 'wazuh-db' => 'ossec', - 'wazuh-modulesd' => 'root', - } +wazuh_daemons = { + 'ossec-authd' => 'root', + 'ossec-execd' => 'root', + 'ossec-analysisd' => 'ossec', + 'ossec-syscheckd' => 'root', + 'ossec-remoted' => 'ossecr', + 'ossec-logcollector' => 'root', + 'ossec-monitord' => 'ossec', + 'wazuh-db' => 'ossec', + 'wazuh-modulesd' => 'root', +} - wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } - end +wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } end end