wazuh · manuasir · Aug 20, 2020 · Aug 17, 2020 · Aug 18, 2020 · Aug 18, 2020
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -9,8 +9,8 @@ jobs:
  steps:
  - name: Check out code
  uses: actions/checkout@v2
- - name: Build and launch Linting test
- uses: './.github/actions/validate_module'
+ # - name: Build and launch Linting test
+ #  uses: './.github/actions/validate_module'
  - name: Amazon linux - (Manager + Agent)
  uses: './.github/actions/test_manager_and_agent'
  env:

diff --git a/README.md b/README.md
@@ -107,7 +107,7 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz
 ## License and copyright
 
 WAZUH
-Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 Based on OSSEC
 Copyright (C) 2015 Trend Micro Inc.

diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb
@@ -1,27 +1,25 @@
-describe do
- describe package('wazuh-agent') do
- it { is_expected.to be_installed }
- its('version') { is_expected.to eq '3.13.1-1' }
- end
+describe package('wazuh-agent') do
+ it { is_expected.to be_installed }
+ its('version') { is_expected.to eq '3.13.1-1' }
+end
 
- describe service('wazuh-agent') do
-  it { is_expected.to be_installed }
-  it { is_expected.to be_enabled }
-  it { is_expected.to be_running }
- end
+describe service('wazuh-agent') do
+ it { is_expected.to be_installed }
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+end
 
- # Verifying daemons
+# Verifying daemons
 
- wazuh_daemons = {
-  'ossec-agentd' => 'ossec',
-  'ossec-execd' => 'root',
-  'ossec-syscheckd' => 'root',
-  'wazuh-modulesd' => 'root',
- }
+wazuh_daemons = {
+ 'ossec-agentd' => 'ossec',
+ 'ossec-execd' => 'root',
+ 'ossec-syscheckd' => 'root',
+ 'wazuh-modulesd' => 'root',
+}
 
- wazuh_daemons.each do |key, value|
- describe processes(key) do
- its('users') { is_expected.to eq [value] }
- end
+wazuh_daemons.each do |key, value|
+ describe processes(key) do
+ its('users') { is_expected.to eq [value] }
  end
 end
diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb
@@ -1,32 +1,30 @@
-describe do
- describe package('wazuh-manager') do
- it { is_expected.to be_installed }
- its('version') { is_expected.to eq '3.13.1-1' }
- end
+describe package('wazuh-manager') do
+ it { is_expected.to be_installed }
+ its('version') { is_expected.to eq '3.13.1-1' }
+end
 
- describe service('wazuh-manager') do
-  it { is_expected.to be_installed }
-  it { is_expected.to be_enabled }
-  it { is_expected.to be_running }
- end
+describe service('wazuh-manager') do
+ it { is_expected.to be_installed }
+ it { is_expected.to be_enabled }
+ it { is_expected.to be_running }
+end
 
- # Verifying daemons
+# Verifying daemons
 
- wazuh_daemons = {
-  'ossec-authd' => 'root',
-  'ossec-execd' => 'root',
-  'ossec-analysisd' => 'ossec',
-  'ossec-syscheckd' => 'root',
-  'ossec-remoted' => 'ossecr',
-  'ossec-logcollector' => 'root',
-  'ossec-monitord' => 'ossec',
-  'wazuh-db' => 'ossec',
-  'wazuh-modulesd' => 'root',
- }
+wazuh_daemons = {
+ 'ossec-authd' => 'root',
+ 'ossec-execd' => 'root',
+ 'ossec-analysisd' => 'ossec',
+ 'ossec-syscheckd' => 'root',
+ 'ossec-remoted' => 'ossecr',
+ 'ossec-logcollector' => 'root',
+ 'ossec-monitord' => 'ossec',
+ 'wazuh-db' => 'ossec',
+ 'wazuh-modulesd' => 'root',
+}
 
- wazuh_daemons.each do |key, value|
- describe processes(key) do
- its('users') { is_expected.to eq [value] }
- end
+wazuh_daemons.each do |key, value|
+ describe processes(key) do
+ its('users') { is_expected.to eq [value] }
  end
 end
diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 #Define for a specific ossec active-response
 define wazuh::activeresponse(
  $active_response_name = 'Rendering active-response template',

diff --git a/manifests/addlog.pp b/manifests/addlog.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 #Define a log-file to add to ossec
 define wazuh::addlog(
  $logfile = undef,

diff --git a/manifests/agent.pp b/manifests/agent.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # Puppet class that installs and manages the Wazuh agent
 class wazuh::agent (

diff --git a/manifests/audit.pp b/manifests/audit.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Define an ossec command
 
 class wazuh::audit (

diff --git a/manifests/command.pp b/manifests/command.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Define an ossec command
 define wazuh::command(
  $command_name,

diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Setup for elasticsearch
 class wazuh::elasticsearch (
  # Elasticsearch.yml configuration
@@ -11,7 +11,7 @@
  $elasticsearch_node_max_local_storage_nodes = '1',
  $elasticsearch_service = 'elasticsearch',
  $elasticsearch_package = 'elasticsearch',
- $elasticsearch_version = '7.8.0',
+ $elasticsearch_version = '7.8.1',
 
  $elasticsearch_path_data = '/var/lib/elasticsearch',
  $elasticsearch_path_logs = '/var/log/elasticsearch',

diff --git a/manifests/email_alert.pp b/manifests/email_alert.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Define an email alert
 define wazuh::email_alert(
  $alert_email,

diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Setup for Filebeat
 class wazuh::filebeat (
  $filebeat_elasticsearch_ip = 'localhost',
@@ -7,8 +7,8 @@
 
  $filebeat_package = 'filebeat',
  $filebeat_service = 'filebeat',
- $filebeat_version = '7.8.0',
- $wazuh_app_version = '3.13.1_7.8.0',
+ $filebeat_version = '7.8.1',
+ $wazuh_app_version = '3.13.1_7.8.1',
  $wazuh_extensions_version = 'v3.13.1',
  $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
 ){

diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
@@ -0,0 +1,70 @@
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+# Setup for Filebeat_oss
+class wazuh::filebeat_oss (
+ $filebeat_oss_elasticsearch_ip = 'localhost',
+ $filebeat_oss_elasticsearch_port = '9200',
+ $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"",
+
+ $filebeat_oss_package = 'filebeat',
+ $filebeat_oss_service = 'filebeat',
+ $filebeat_oss_elastic_user = 'admin',
+ $filebeat_oss_elastic_password = 'admin',
+ $filebeat_oss_version = '7.8.0',
+ $wazuh_app_version = '3.13.1_7.8.0',
+ $wazuh_extensions_version = 'v3.13.1',
+ $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
+){
+
+ class {'wazuh::repo_elastic_oss':}
+
+ if $::osfamily == 'Debian' {
+ Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package[$filebeat_oss_package]
+ } else {
+ Class['wazuh::repo_elastic_oss'] -> Package[$filebeat_oss_package]
+ }
+
+ package { 'filebeat':
+ ensure => $filebeat_oss_version,
+ name => $filebeat_oss_package,
+ }
+
+ file { 'Configure filebeat.yml':
+ owner => 'root',
+ path => '/etc/filebeat/filebeat.yml',
+ group => 'root',
+ mode => '0644',
+ notify => Service[$filebeat_oss_service], ## Restarts the service
+ content => template('wazuh/filebeat_oss_yml.erb'),
+ require => Package[$filebeat_oss_package]
+ }
+
+ exec { 'Installing wazuh-template.json...':
+ path => '/usr/bin',
+ command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'",
+ notify => Service[$filebeat_oss_service],
+ require => Package[$filebeat_oss_package]
+ }
+
+ exec { 'Installing filebeat module ... Downloading package':
+ path => '/usr/bin',
+ command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}",
+ }
+
+ exec { 'Unpackaging ...':
+ command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module',
+ notify => Service[$filebeat_oss_service],
+ require => Package[$filebeat_oss_package]
+ }
+
+ file { '/usr/share/filebeat/module/wazuh':
+ ensure => 'directory',
+ mode => '0755',
+ require => Package[$filebeat_oss_package]
+ }
+
+ service { 'filebeat':
+ ensure => running,
+ enable => true,
+ require => Package[$filebeat_oss_package]
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -1,3 +1,3 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Blank container class
 class wazuh { }
diff --git a/manifests/integration.pp b/manifests/integration.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 #Define for a specific ossec integration
 define wazuh::integration(
  $hook_url = '',

diff --git a/manifests/kibana.pp b/manifests/kibana.pp
@@ -1,10 +1,10 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Setup for Kibana
 class wazuh::kibana (
  $kibana_package = 'kibana',
  $kibana_service = 'kibana',
- $kibana_version = '7.8.0',
- $kibana_app_version = '3.13.1_7.8.0',
+ $kibana_version = '7.8.1',
+ $kibana_app_version = '3.13.1_7.8.1',
  $kibana_elasticsearch_ip = 'localhost',
  $kibana_elasticsearch_port = '9200',
 

diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp
@@ -0,0 +1,91 @@
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+# Setup for Kibana_od
+class wazuh::kibana_od (
+ $kibana_od_package = 'opendistroforelasticsearch-kibana',
+ $kibana_od_service = 'kibana',
+ $kibana_od_version = '1.9.0',
+ $kibana_od_elastic_user = 'admin',
+ $kibana_od_elastic_password = 'admin',
+ $kibana_od_app_version = '3.13.1_7.8.0',
+ $kibana_od_elasticsearch_ip = 'localhost',
+ $kibana_od_elasticsearch_port = '9200',
+
+ $kibana_od_server_port = '5601',
+ $kibana_od_server_host = '0.0.0.0',
+ $kibana_od_elasticsearch_server_hosts ="https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}",
+ $kibana_wazuh_api_credentials = [ {
+ 'id' => 'default',
+ 'url' => 'http://localhost',
+ 'port' => '55000',
+ 'user' => 'foo',
+ 'password' => 'bar',
+ },
+ ]
+) {
+
+
+ # install package
+ package { 'Installing OD Kibana...':
+ ensure => $kibana_od_version,
+ name => $kibana_od_package,
+ }
+
+ file { 'Configure kibana.yml':
+ owner => 'kibana',
+ path => '/etc/kibana/kibana.yml',
+ group => 'kibana',
+ mode => '0644',
+ notify => Service[$kibana_od_service],
+ content => template('wazuh/kibana_od_yml.erb'),
+ }
+
+ service { 'kibana':
+ ensure => running,
+ enable => true,
+ hasrestart => true,
+ }
+
+ exec {'Waiting for opendistro elasticsearch...':
+ path => '/usr/bin',
+ command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}",
+ tries => 100,
+ try_sleep => 3,
+ }
+
+ file {'Removing old Wazuh Kibana Plugin...':
+ ensure => absent,
+ path => '/usr/share/kibana/plugins/wazuh',
+ recurse => true,
+ purge => true,
+ force => true,
+ notify => Service[$kibana_od_service]
+ }
+
+ exec {'Installing Wazuh App...':
+ path => '/usr/bin',
+ command => "sudo -u ${kibana_od_user}:${kibana_od_password} -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip",
+ creates => '/usr/share/kibana/plugins/wazuh/package.json',
+ notify => Service[$kibana_od_service],
+ }
+
+ exec {'Removing .wazuh index...':
+ path => '/usr/bin',
+ command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null",
+ notify => Service[$kibana_od_service],
+ }
+
+ file { '/usr/share/kibana/plugins/wazuh/wazuh.yml':
+ owner => 'kibana',
+ group => 'kibana',
+ mode => '0644',
+ content => template('wazuh/wazuh_yml.erb'),
+ notify => Service[$kibana_od_service]
+ }
+ exec { 'Verify Kibana folders owner':
+ path => '/usr/bin:/bin',
+ command => "chown -R kibana:kibana /usr/share/kibana/optimize\
+ && chown -R kibana:kibana /usr/share/kibana/plugins",
+
+ }
+
+}
diff --git a/manifests/manager.pp b/manifests/manager.pp
@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Main ossec server config
 class wazuh::manager (