diff --git a/README.md b/README.md
index 4fc04c76..5d4e0756 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,8 @@
[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/)
[![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh)
[![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com)
-[![Documentation](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com)
+[![Web](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com)
+![Kitchen tests](https://github.com/wazuh/wazuh-puppet/workflows/Kitchen%20tests/badge.svg)
This module installs and configure Wazuh agent and manager.
@@ -18,87 +19,117 @@ This module installs and configure Wazuh agent and manager.
wazuh-puppet/
├── CHANGELOG.md
├── checksums.json
+ ├── data
+ │ └── common.yaml
├── files
- │ └── ossec-logrotate.te
+ │ └── ossec-logrotate.te
├── Gemfile
+ ├── kitchen
+ │ ├── chefignore
+ │ ├── clean.sh
+ │ ├── Gemfile
+ │ ├── hieradata
+ │ │ ├── common.yaml
+ │ │ └── roles
+ │ │ └── default.yaml
+ │ ├── kitchen.yml
+ │ ├── manifests
+ │ │ └── site.pp.template
+ │ ├── Puppetfile
+ │ ├── README.md
+ │ ├── run.sh
+ │ └── test
+ │ └── integration
+ │ ├── agent
+ │ │ └── agent_spec.rb
+ │ └── mngr
+ │ └── manager_spec.rb
├── LICENSE.txt
├── manifests
- │ ├── activeresponse.pp
- │ ├── addlog.pp
- │ ├── agent.pp
- │ ├── command.pp
- │ ├── elasticsearch.pp
- │ ├── email_alert.pp
- │ ├── filebeat.pp
- │ ├── init.pp
- │ ├── integration.pp
- │ ├── kibana.pp
- │ ├── manager.pp
- │ ├── params_agent.pp
- │ ├── params_elastic.pp
- │ ├── params_manager.pp
- │ ├── repo_elastic.pp
- │ ├── repo.pp
- │ ├── reports.pp
- │ └── wazuh_api.pp
+ │ ├── activeresponse.pp
+ │ ├── addlog.pp
+ │ ├── agent.pp
+ │ ├── audit.pp
+ │ ├── command.pp
+ │ ├── elasticsearch.pp
+ │ ├── email_alert.pp
+ │ ├── filebeat_oss.pp
+ │ ├── filebeat.pp
+ │ ├── init.pp
+ │ ├── integration.pp
+ │ ├── kibana_od.pp
+ │ ├── kibana.pp
+ │ ├── manager.pp
+ │ ├── opendistro.pp
+ │ ├── params_agent.pp
+ │ ├── params_elastic.pp
+ │ ├── params_manager.pp
+ │ ├── params_opendistro.pp
+ │ ├── repo_elastic_oss.pp
+ │ ├── repo_elastic.pp
+ │ ├── repo_elasticsearch-oss.pp
+ │ ├── repo_opendistro.pp
+ │ ├── repo.pp
+ │ ├── reports.pp
+ │ └── tests.pp
├── metadata.json
├── Rakefile
├── README.md
├── spec
- │ ├── classes
- │ │ ├── client_spec.rb
- │ │ ├── init_spec.rb
- │ │ └── server_spec.rb
- │ └── spec_helper.rb
+ │ ├── classes
+ │ │ ├── client_spec.rb
+ │ │ ├── init_spec.rb
+ │ │ └── server_spec.rb
+ │ └── spec_helper.rb
├── templates
- │ ├── api
- │ │ └── config.js.erb
- │ ├── default_commands.erb
- │ ├── elasticsearch_yml.erb
- │ ├── filebeat_yml.erb
- │ ├── fragments
- │ │ ├── _activeresponse.erb
- │ │ ├── _auth.erb
- │ │ ├── _cluster.erb
- │ │ ├── _command.erb
- │ │ ├── _default_activeresponse.erb
+ │ ├── default_commands.erb
+ │ ├── elasticsearch_yml.erb
+ │ ├── filebeat_oss_yml.erb
+ │ ├── filebeat_yml.erb
+ │ ├── fragments
+ │ │ ├── _activeresponse.erb
+ │ │ ├── _auth.erb
+ │ │ ├── _cluster.erb
+ │ │ ├── _command.erb
+ │ │ ├── _default_activeresponse.erb
│ │ ├── _email_alert.erb
- │ │ ├── _integration.erb
- │ │ ├── _localfile.erb
- │ │ ├── _localfile_generation.erb
- │ │ ├── _reports.erb
- │ │ ├── _rootcheck.erb
- │ │ ├── _ruleset.erb
- │ │ ├── _sca.erb
- │ │ ├── _syscheck.erb
- │ │ ├── _wodle_cis_cat.erb
- │ │ ├── _wodle_openscap.erb
- │ │ ├── _wodle_osquery.erb
- │ │ ├── _wodle_syscollector.erb
- │ │ └── _wodle_vulnerability_detector.erb
- │ ├── jvm_options.erb
- │ ├── kibana_yml.erb
- │ ├── local_decoder.xml.erb
- │ ├── local_rules.xml.erb
- │ ├── ossec_shared_agent.conf.erb
- │ ├── process_list.erb
- │ ├── wazuh_agent.conf.erb
- │ └── wazuh_manager.conf.erb
- ├── tests
- │ └── init.pp
+ │ │ ├── _integration.erb
+ │ │ ├── _labels.erb
+ │ │ ├── _localfile.erb
+ │ │ ├── _localfile_generation.erb
+ │ │ ├── _reports.erb
+ │ │ ├── _rootcheck.erb
+ │ │ ├── _ruleset.erb
+ │ │ ├── _sca.erb
+ │ │ ├── _syscheck.erb
+ │ │ ├── _syslog_output.erb
+ │ │ ├── _vulnerability_detector.erb
+ │ │ ├── _wodle_cis_cat.erb
+ │ │ ├── _wodle_openscap.erb
+ │ │ ├── _wodle_osquery.erb
+ │ │ └── _wodle_syscollector.erb
+ │ ├── jvm_options.erb
+ │ ├── kibana_od_yml.erb
+ │ ├── kibana_yml.erb
+ │ ├── local_decoder.xml.erb
+ │ ├── local_rules.xml.erb
+ │ ├── opendistro_yml.erb
+ │ ├── ossec_shared_agent.conf.erb
+ │ ├── process_list.erb
+ │ ├── wazuh_agent.conf.erb
+ │ ├── wazuh_api_yml.erb
+ │ ├── wazuh_manager.conf.erb
+ │ └── wazuh_yml.erb
└── VERSION
## Branches
-* `stable` branch on correspond to the last Wazuh-Puppet stable version.
+* `4.0` branch on correspond to the last Wazuh-Puppet stable version.
* `master` branch contains the latest code, be aware of possible bugs on this branch.
## Contribute
-If you would like to contribute to our repository, please fork our Github repository and submit a pull request.
-
-If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`.
-
+If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users [mailing list](https://groups.google.com/d/forum/wazuh) or the [Wazuh Slack community channel](https://wazuh.com/community/join-us-on-slack/) to ask questions and participate in discussions.
## Credits and thank you
@@ -109,10 +140,6 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz
WAZUH
Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-Based on OSSEC
-Copyright (C) 2015 Trend Micro Inc.
-
-
## Web References
* [Wazuh website](http://wazuh.com)
diff --git a/VERSION b/VERSION
index 0cf5b9b8..2c282886 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-WAZUH-PUPPET_VERSION="v3.13.2"
-REVISION="31320"
+WAZUH-PUPPET_VERSION="v4.0.0"
+REVISION="40000"
diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb
index 177afff6..ef5d6afb 100644
--- a/kitchen/test/integration/agent/agent_spec.rb
+++ b/kitchen/test/integration/agent/agent_spec.rb
@@ -1,6 +1,6 @@
describe package('wazuh-agent') do
it { is_expected.to be_installed }
- its('version') { is_expected.to eq '3.13.2-1' }
+ its('version') { is_expected.to eq '4.0.0-1' }
end
describe service('wazuh-agent') do
@@ -15,7 +15,7 @@
'ossec-agentd' => 'ossec',
'ossec-execd' => 'root',
'ossec-syscheckd' => 'root',
- 'wazuh-modulesd' => 'root',
+# 'wazuh-modulesd' => 'root',
}
wazuh_daemons.each do |key, value|
diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb
index 77d19fcf..1e299cfa 100644
--- a/kitchen/test/integration/mngr/manager_spec.rb
+++ b/kitchen/test/integration/mngr/manager_spec.rb
@@ -1,6 +1,6 @@
describe package('wazuh-manager') do
it { is_expected.to be_installed }
- its('version') { is_expected.to eq '3.13.2-1' }
+ its('version') { is_expected.to eq '4.0.0-1' }
end
describe service('wazuh-manager') do
diff --git a/manifests/agent.pp b/manifests/agent.pp
index f351e5d7..905c2dae 100644
--- a/manifests/agent.pp
+++ b/manifests/agent.pp
@@ -72,6 +72,25 @@
$client_buffer_queue_size = $wazuh::params_agent::client_buffer_queue_size,
$client_buffer_events_per_second = $wazuh::params_agent::client_buffer_events_per_second,
+ # Auto enrollment configuration
+
+ $wazuh_enrollment_enabled = $wazuh::params_agent::wazuh_enrollment_enabled,
+ $wazuh_enrollment_manager_address = $wazuh::params_agent::wazuh_enrollment_manager_address,
+ $wazuh_enrollment_port = $wazuh::params_agent::wazuh_enrollment_port,
+ $wazuh_enrollment_agent_name = $wazuh::params_agent::wazuh_enrollment_agent_name,
+ $wazuh_enrollment_groups = $wazuh::params_agent::wazuh_enrollment_groups,
+ $wazuh_enrollment_agent_address = $wazuh::params_agent::wazuh_enrollment_agent_address,
+ $wazuh_enrollment_ssl_cipher = $wazuh::params_agent::wazuh_enrollment_ssl_cipher,
+ $wazuh_enrollment_server_ca_path = $wazuh::params_agent::wazuh_enrollment_server_ca_path,
+ $wazuh_enrollment_agent_cert_path = $wazuh::params_agent::wazuh_enrollment_agent_cert_path,
+ $wazuh_enrollment_agent_key_path = $wazuh::params_agent::wazuh_enrollment_agent_key_path,
+ $wazuh_enrollment_auth_pass = $wazuh::params_agent::wazuh_enrollment_auth_pass,
+ $wazuh_enrollment_auth_pass_path = $wazuh::params_agent::wazuh_enrollment_auth_pass_path,
+ $wazuh_enrollment_auto_method = $wazuh::params_agent::wazuh_enrollment_auto_method,
+ $wazuh_delay_after_enrollment = $wazuh::params_agent::wazuh_delay_after_enrollment,
+ $wazuh_enrollment_use_source_ip = $wazuh::params_agent::wazuh_enrollment_use_source_ip,
+
+
# Rootcheck
$ossec_rootcheck_disabled = $wazuh::params_agent::ossec_rootcheck_disabled,
$ossec_rootcheck_check_files = $wazuh::params_agent::ossec_rootcheck_check_files,
@@ -617,4 +636,15 @@
],
}
}
+
+ if ( $wazuh_enrollment_auth_pass ) {
+ file { $wazuh::params_agent::authd_pass_file:
+ owner => 'root',
+ group => 'ossec',
+ mode => '0640',
+ content => $wazuh::params_agent::wazuh_enrollment_auth_pass,
+ require => Package[$wazuh::params_agent::agent_package_name],
+ }
+ }
+
}
diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp
index 01b765ab..0ad18845 100644
--- a/manifests/filebeat.pp
+++ b/manifests/filebeat.pp
@@ -7,9 +7,9 @@
$filebeat_package = 'filebeat',
$filebeat_service = 'filebeat',
- $filebeat_version = '7.9.1',
- $wazuh_app_version = '3.13.2_7.9.1',
- $wazuh_extensions_version = 'v3.13.2',
+ $filebeat_version = '7.9.2',
+ $wazuh_app_version = '4.0.0_7.9.2',
+ $wazuh_extensions_version = 'v4.0.0',
$wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
){
diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp
index 4190b578..3f6d46c1 100644
--- a/manifests/filebeat_oss.pp
+++ b/manifests/filebeat_oss.pp
@@ -10,8 +10,8 @@
$filebeat_oss_elastic_user = 'admin',
$filebeat_oss_elastic_password = 'admin',
$filebeat_oss_version = '7.8.0',
- $wazuh_app_version = '3.13.2_7.8.0',
- $wazuh_extensions_version = 'v3.13.2',
+ $wazuh_app_version = '4.0.0_7.9.1',
+ $wazuh_extensions_version = 'v4.0.0',
$wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
){
diff --git a/manifests/kibana.pp b/manifests/kibana.pp
index a24d512c..cb05091a 100644
--- a/manifests/kibana.pp
+++ b/manifests/kibana.pp
@@ -3,8 +3,8 @@
class wazuh::kibana (
$kibana_package = 'kibana',
$kibana_service = 'kibana',
- $kibana_version = '7.9.1',
- $kibana_app_version = '3.13.2_7.9.1',
+ $kibana_version = '7.9.2',
+ $kibana_app_version = '4.0.0_7.9.2',
$kibana_elasticsearch_ip = 'localhost',
$kibana_elasticsearch_port = '9200',
diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp
index ba915aef..a075c081 100644
--- a/manifests/kibana_od.pp
+++ b/manifests/kibana_od.pp
@@ -6,7 +6,7 @@
$kibana_od_version = '1.9.0',
$kibana_od_elastic_user = 'admin',
$kibana_od_elastic_password = 'admin',
- $kibana_od_app_version = '3.13.2_7.8.0',
+ $kibana_od_app_version = '4.0.0_7.9.1',
$kibana_od_elasticsearch_ip = 'localhost',
$kibana_od_elasticsearch_port = '9200',
diff --git a/manifests/manager.pp b/manifests/manager.pp
index cf389850..7678f917 100644
--- a/manifests/manager.pp
+++ b/manifests/manager.pp
@@ -260,6 +260,46 @@
$wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key,
$ossec_local_files = $::wazuh::params_manager::default_local_files,
+
+ # API
+
+
+ $wazuh_api_host = $wazuh::params_manager::wazuh_api_host,
+
+ $wazuh_api_port = $wazuh::params_manager::wazuh_api_port,
+ $wazuh_api_file = $wazuh::params_manager::wazuh_api_file,
+
+ $wazuh_api_behind_proxy_server = $wazuh::params_manager::wazuh_api_behind_proxy_server,
+ $wazuh_api_https_enabled = $wazuh::params_manager::wazuh_api_https_enabled,
+ $wazuh_api_https_key = $wazuh::params_manager::wazuh_api_https_key,
+
+ $wazuh_api_https_cert = $wazuh::params_manager::wazuh_api_https_cert,
+ $wazuh_api_https_use_ca = $wazuh::params_manager::wazuh_api_https_use_ca,
+ $wazuh_api_https_ca = $wazuh::params_manager::wazuh_api_https_ca,
+ $wazuh_api_logs_level = $wazuh::params_manager::wazuh_api_logs_level,
+ $wazuh_api_logs_path = $wazuh::params_manager::wazuh_api_logs_path,
+
+ $wazuh_api_cors_enabled = $wazuh::params_manager::wazuh_api_cors_enabled,
+ $wazuh_api_cors_source_route = $wazuh::params_manager::wazuh_api_cors_source_route,
+ $wazuh_api_cors_expose_headers = $wazuh::params_manager::wazuh_api_cors_expose_headers,
+
+
+ $wazuh_api_cors_allow_credentials = $::wazuh::params_manager::wazuh_api_cors_allow_credentials,
+ $wazuh_api_cache_enabled = $::wazuh::params_manager::wazuh_api_cache_enabled,
+
+ $wazuh_api_cache_time = $::wazuh::params_manager::wazuh_api_cache_time,
+
+ $wazuh_api_access_max_login_attempts = $::wazuh::params_manager::wazuh_api_access_max_login_attempts,
+ $wazuh_api_access_block_time = $::wazuh::params_manager::wazuh_api_access_block_time,
+ $wazuh_api_access_max_request_per_minute = $::wazuh::params_manager::wazuh_api_access_max_request_per_minute,
+ $wazuh_api_use_only_authd = $::wazuh::params_manager::wazuh_api_use_only_authd,
+ $wazuh_api_drop_privileges = $::wazuh::params_manager::wazuh_api_drop_privileges,
+ $wazuh_api_experimental_features = $::wazuh::params_manager::wazuh_api_experimental_features,
+ $wazuh_api_template = $::wazuh::params_manager::wazuh_api_template,
+
+
+
+
) inherits wazuh::params_manager {
validate_bool(
$manage_repos, $syslog_output,$wazuh_manager_verify_manager_ssl
@@ -320,7 +360,6 @@
Class['wazuh::repo'] -> Package[$wazuh::params_manager::server_package]
}
}
-
# Install and configure Wazuh-manager package
package { $wazuh::params_manager::server_package:
@@ -609,4 +648,12 @@
}
}
+ file { '/var/ossec/api/configuration/api.yaml':
+ owner => 'root',
+ group => 'ossec',
+ mode => '0640',
+ content => template('wazuh/wazuh_api_yml.erb'),
+ notify => Service[$wazuh::params_manager::server_service]
+ }
+
}
diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp
index c8e6bca8..508de8e8 100644
--- a/manifests/params_agent.pp
+++ b/manifests/params_agent.pp
@@ -1,7 +1,7 @@
# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
# Wazuh-Agent configuration parameters
class wazuh::params_agent {
- $agent_package_version = '3.13.2-1'
+ $agent_package_version = '4.0.0-1'
$agent_service_ensure = 'running'
$agent_msi_download_location = 'http://packages.wazuh.com/3.x/windows'
@@ -54,7 +54,7 @@
$wazuh_register_endpoint = undef
$wazuh_reporting_endpoint = undef
$ossec_port = '1514'
- $ossec_protocol = 'udp'
+ $ossec_protocol = 'tcp'
$wazuh_max_retries = '5'
$wazuh_retry_interval = '5'
$ossec_config_ubuntu_profiles = 'ubuntu, ubuntu18, ubuntu18.04'
@@ -81,6 +81,22 @@
$active_response_timeout = undef
$active_response_repeated_offenders = []
+ # agent autoenrollment
+ $wazuh_enrollment_enabled = undef
+ $wazuh_enrollment_manager_address = undef
+ $wazuh_enrollment_port = undef
+ $wazuh_enrollment_agent_name = undef
+ $wazuh_enrollment_groups = undef
+ $wazuh_enrollment_agent_address = undef
+ $wazuh_enrollment_ssl_cipher = undef
+ $wazuh_enrollment_server_ca_path = undef
+ $wazuh_enrollment_agent_cert_path = undef
+ $wazuh_enrollment_agent_key_path = undef
+ $wazuh_enrollment_auth_pass = undef
+ $wazuh_enrollment_auth_pass_path = $authd_pass_file
+ $wazuh_enrollment_auto_method = undef
+ $wazuh_delay_after_enrollment = undef
+ $wazuh_enrollment_use_source_ip = undef
# OS specific configurations
case $::kernel {
@@ -121,7 +137,7 @@
$ossec_rootcheck_check_pids = 'yes'
$ossec_rootcheck_check_ports = 'yes'
$ossec_rootcheck_check_if = 'yes'
- $ossec_rootcheck_frequency = 43200
+ $ossec_rootcheck_frequency = 36000
$ossec_rootcheck_ignore_list = []
$ossec_rootcheck_rootkit_files = '/var/ossec/etc/shared/rootkit_files.txt'
$ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/shared/rootkit_trojans.txt'
@@ -300,8 +316,6 @@
/^(wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|bionic)$/: {
$server_service = 'wazuh-manager'
$server_package = 'wazuh-manager'
- $api_service = 'wazuh-api'
- $api_package = 'wazuh-api'
$wodle_openscap_content = undef
}
default: {
@@ -440,9 +454,6 @@
$sca_windows_skip_nfs = 'yes'
$sca_windows_policies = []
- # Syscheck
- $ossec_syscheck_disabled = 'no'
- $ossec_syscheck_frequency = '43200'
# Wodles
diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp
index bec8980c..fb23edde 100644
--- a/manifests/params_manager.pp
+++ b/manifests/params_manager.pp
@@ -5,7 +5,7 @@
'Linux': {
# Installation
- $server_package_version = '3.13.2-1'
+ $server_package_version = '4.0.0-1'
$manage_repos = true
$manage_firewall = false
@@ -25,7 +25,7 @@
$ossec_email_alert_level = 12
$ossec_remote_connection = 'secure'
$ossec_remote_port = 1514
- $ossec_remote_protocol = 'udp'
+ $ossec_remote_protocol = 'tcp'
$ossec_remote_local_ip = undef
$ossec_remote_queue_size = 131072
@@ -323,6 +323,57 @@
$processlist_owner = 'root'
$processlist_group = 'ossec'
+ #API
+
+ $wazuh_api_host = '0.0.0.0'
+ $wazuh_api_port = '55000'
+
+ $wazuh_api_file = undef
+
+ # Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no
+ $wazuh_api_behind_proxy_server = 'no'
+
+ # Advanced configuration
+ $wazuh_api_https_enabled = 'yes'
+ $wazuh_api_https_key = 'api/configuration/ssl/server.key'
+ $wazuh_api_https_cert = 'api/configuration/ssl/server.crt'
+ $wazuh_api_https_use_ca = 'False'
+ $wazuh_api_https_ca = 'api/configuration/ssl/ca.crt'
+
+
+ # Logging configuration
+ # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
+ $wazuh_api_logs_level = 'info'
+ $wazuh_api_logs_path = 'logs/api.log'
+
+ # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
+ $wazuh_api_cors_enabled = 'no'
+ $wazuh_api_cors_source_route = '"*"'
+ $wazuh_api_cors_expose_headers = '"*"'
+ $wazuh_api_cors_allow_headers = '"*"'
+ $wazuh_api_cors_allow_credentials = 'no'
+
+ # Cache (time in seconds)
+ $wazuh_api_cache_enabled = 'yes'
+ $wazuh_api_cache_time = '0.750'
+
+ # Access parameters
+ $wazuh_api_access_max_login_attempts = 5
+ $wazuh_api_access_block_time = 300
+ $wazuh_api_access_max_request_per_minute = 300
+
+ # Force the use of authd when adding and removing agents. Values: yes, no
+ $wazuh_api_use_only_authd = 'no'
+
+ # Drop privileges (Run as ossec user)
+ $wazuh_api_drop_privileges = 'yes'
+
+ # Enable features under development
+ $wazuh_api_experimental_features = 'no'
+
+ # Wazuh API template path
+ $wazuh_api_template = 'wazuh/wazuh_api.erb'
+
case $::osfamily {
'Debian': {
@@ -343,8 +394,6 @@
'xenial': {
$server_service = 'wazuh-manager'
$server_package = 'wazuh-manager'
- $api_service = 'wazuh-api'
- $api_package = 'wazuh-api'
$wodle_openscap_content = {
'ssg-ubuntu-1604-ds.xml' => {
'type' => 'xccdf',
@@ -357,8 +406,6 @@
'jessie': {
$server_service = 'wazuh-manager'
$server_package = 'wazuh-manager'
- $api_service = 'wazuh-api'
- $api_package = 'wazuh-api'
$wodle_openscap_content = {
'ssg-debian-8-ds.xml' => {
'type' => 'xccdf',
@@ -372,8 +419,6 @@
/^(wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|bionic)$/: {
$server_service = 'wazuh-manager'
$server_package = 'wazuh-manager'
- $api_service = 'wazuh-api'
- $api_package = 'wazuh-api'
$wodle_openscap_content = undef
}
default: {
@@ -388,8 +433,6 @@
$agent_package = 'wazuh-agent'
$server_service = 'wazuh-manager'
$server_package = 'wazuh-manager'
- $api_service = 'wazuh-api'
- $api_package = 'wazuh-api'
$service_has_status = true
$default_local_files =[
@@ -491,7 +534,7 @@
$keys_group = 'Administrators'
$agent_service = 'OssecSvc'
- $agent_package = 'Wazuh Agent 3.13.2'
+ $agent_package = 'Wazuh Agent 4.0.0'
$server_service = ''
$server_package = ''
$api_service = ''
diff --git a/manifests/repo_elasticsearch-oss.pp b/manifests/repo_elasticsearch-oss.pp
new file mode 100644
index 00000000..e3a12129
--- /dev/null
+++ b/manifests/repo_elasticsearch-oss.pp
@@ -0,0 +1,70 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Installation of Elastic repository
+class wazuh::repo_elastic (
+
+) {
+ case $::osfamily {
+ 'Debian' : {
+ if ! defined(Package['apt-transport-https']) {
+ ensure_packages(['apt-transport-https'], {'ensure' => 'present'})
+ }
+ # apt-key added by issue #34
+ apt::key { 'elastic':
+ id => '46095ACC8548582C1A2699A9D27D666CD88E42B4',
+ source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+ server => 'pgp.mit.edu'
+ }
+ case $::lsbdistcodename {
+ /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: {
+
+ apt::source { 'wazuh_elastic':
+ ensure => present,
+ comment => 'This is the Elastic repository',
+ location => 'https://artifacts.elastic.co/packages/7.x/apt',
+ release => 'stable',
+ repos => 'main',
+ include => {
+ 'src' => false,
+ 'deb' => true,
+ },
+ }
+ }
+ default: { fail('This module has not been tested on your distribution (or lsb package not installed)') }
+ }
+ }
+ 'RedHat' : {
+ case $::os[name] {
+ /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: {
+ if ( $::operatingsystemrelease =~ /^5.*/ ) {
+ $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum'
+ $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+ } else {
+ $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum'
+ $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+ }
+ }
+ default: { fail('This module has not been tested on your distribution.') }
+ }
+ ## Set up Elasticsearch repo
+
+ # Import GPG key
+
+ exec { 'Install Elasticsearch GPG key':
+ path => '/usr/bin',
+ command => 'rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+ }
+
+ # Adding repo by Puppet yumrepo resource
+
+ yumrepo { 'elasticsearch':
+ ensure => 'present',
+ enabled => 1,
+ gpgcheck => 1,
+ gpgkey => $gpgkey,
+ baseurl => $baseurl,
+ name => 'elasticsearch',
+ }
+ }
+ default: { fail('This module has not been tested on your distribution') }
+ }
+ }
diff --git a/manifests/wazuh_api.pp b/manifests/wazuh_api.pp
deleted file mode 100644
index 61b4cf1a..00000000
--- a/manifests/wazuh_api.pp
+++ /dev/null
@@ -1,33 +0,0 @@
-# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-# Wazuh API installation
-class wazuh::wazuh_api (
-
- $manage_nodejs_package = true,
- $wazuh_api_package = 'wazuh-api',
- $wazuh_api_service = 'wazuh-api',
- $wazuh_api_version = '3.13.2-1',
-
-){
- if $manage_nodejs_package {
- contain wazuh::wazuh_api::nodejs
- }
-
- if $::osfamily == 'Debian' {
- package { $wazuh_api_package:
- ensure => $wazuh_api_version,
- provider => 'apt',
- }
- } else {
- package { $wazuh_api_package:
- ensure => $wazuh_api_version,
- provider => 'yum',
- }
- }
-
- service { 'wazuh-api':
- ensure => running,
- enable => true,
- provider => 'systemd',
- require => Package[$wazuh_api_package],
- }
-}
diff --git a/manifests/wazuh_api/nodejs.pp b/manifests/wazuh_api/nodejs.pp
deleted file mode 100644
index e8dd95ab..00000000
--- a/manifests/wazuh_api/nodejs.pp
+++ /dev/null
@@ -1,26 +0,0 @@
-# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
-# Wazuh API installation
-
-class wazuh::wazuh_api::nodejs (
- $nodejs_package = 'nodejs'
-){
- if $::osfamily == 'Debian' {
- exec { 'Updating repositories...':
- path => '/usr/bin',
- command => 'curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -',
- }
- package { $nodejs_package:
- provider => 'apt',
- }
- } else {
- exec { 'Updating repositories...':
- path => '/usr/bin',
- command => 'curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -',
-
- }
- package { $nodejs_package:
- provider => 'yum',
- }
- }
-}
-
diff --git a/metadata.json b/metadata.json
index a5c0fd04..faa33361 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "wazuh-wazuh",
- "version": "3.13.2",
+ "version": "4.0.0",
"author": "WAZUH",
"summary": "Install and configure Wazuh-HIDS client and server",
"license": "Apache-2.0",
@@ -106,7 +106,7 @@
"tags": [
"ossec",
"hids",
- "3.12",
+ "4.0",
"wazuh"
],
"pdk-version": "1.14.1",
diff --git a/templates/api/config.js.erb b/templates/api/config.js.erb
deleted file mode 100644
index bfc14fc0..00000000
--- a/templates/api/config.js.erb
+++ /dev/null
@@ -1,42 +0,0 @@
-
-var config = {};
-
-// Basic configuration
-<% @api_config_params.each do |config| -%>
-config.<%= config['name'] %> = "<%= config['value'] %>";
-<% end -%>
-
-// Advanced configuration
-
-// Values for API log: disabled, info, warning, error, debug (each level includes the previous level).
-config.logs = "info";
-// Cross-origin resource sharing. Values: yes, no.
-config.cors = "yes";
-// Cache (time in milliseconds)
-config.cache_enabled = "yes";
-config.cache_debug = "no";
-config.cache_time = "750";
-// Log path
-config.log_path = config.ossec_path + "/logs/api.log";
-// Python
-config.python = [
- // Default installation
- {
- bin: "python",
- lib: ""
- },
- // Python 3
- {
- bin: "python3",
- lib: ""
- },
- // Package 'python27' for CentOS 6
- {
- bin: "/opt/rh/python27/root/usr/bin/python",
- lib: "/opt/rh/python27/root/usr/lib64"
- }
-];
-// Shared library path
-config.ld_library_path = config.ossec_path + "/api/framework/lib"
-
-module.exports = config;
diff --git a/templates/wazuh_agent.conf.erb b/templates/wazuh_agent.conf.erb
index 963f3b7e..52dffe8f 100644
--- a/templates/wazuh_agent.conf.erb
+++ b/templates/wazuh_agent.conf.erb
@@ -27,6 +27,50 @@
<%- if @ossec_auto_restart then -%>
<%= @ossec_auto_restart %>
<%- end -%>
+ <%- if @wazuh_enrollment_enabled == 'yes' then -%>
+
+ <%= @wazuh_enrollment_enabled %>
+ <%- if @wazuh_enrollment_manager_address then -%>
+ <%= @wazuh_enrollment_manager_address %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_port then -%>
+ <%= @wazuh_enrollment_port %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_agent_name then -%>
+ <%= @wazuh_enrollment_agent_name %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_groups then -%>
+ <%= @wazuh_enrollment_groups %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_agent_address then -%>
+ <%= @wazuh_enrollment_agent_address %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_ssl_cipher then -%>
+ <%= @wazuh_enrollment_ssl_cipher %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_server_ca_path then -%>
+ <%= @wazuh_enrollment_server_ca_path %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_agent_cert_path then -%>
+ <%= @wazuh_enrollment_agent_cert_path %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_agent_key_path then -%>
+ <%= @wazuh_enrollment_agent_key_path %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_auth_pass_path then -%>
+ <%= @wazuh_enrollment_auth_pass_path %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_auto_method then -%>
+ <%= @wazuh_enrollment_auto_method %>
+ <%- end -%>
+ <%- if @wazuh_delay_after_enrollment then -%>
+ <%= @wazuh_delay_after_enrollment %>
+ <%- end -%>
+ <%- if @wazuh_enrollment_use_source_ip then -%>
+ <%= @wazuh_enrollment_use_source_ip %>
+ <%- end -%>
+
+ <%- end -%>
diff --git a/templates/wazuh_api_yml.erb b/templates/wazuh_api_yml.erb
new file mode 100644
index 00000000..2f7887d9
--- /dev/null
+++ b/templates/wazuh_api_yml.erb
@@ -0,0 +1,42 @@
+#
+# Wazuh API configuration file
+# Copyright (C) 2015-2020 Wazuh, Inc.
+#
+host: <%= @wazuh_api_host %>
+port: <%= @wazuh_api_port %>
+# Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no
+behind_proxy_server: <%= @wazuh_api_behind_proxy_server %>
+# Advanced configuration
+https:
+ enabled: <%= @wazuh_api_https_enabled %>
+ key: <%= @wazuh_api_https_key %>
+ cert: <%= @wazuh_api_https_cert %>
+ use_ca: <%= @wazuh_api_https_use_ca %>
+ ca: <%= @wazuh_api_https_ca %>
+# Logging configuration
+# Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level).
+logs:
+ level: <%= @wazuh_api_logs_level %>
+ path: <%= @wazuh_api_logs_path %>
+# Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage
+cors:
+ enabled: <%= @wazuh_api_cors_enabled %>
+ source_route: <%= @wazuh_api_cors_source_route %>
+ expose_headers: <%= @wazuh_api_cors_expose_headers %>
+ allow_headers: <%= @wazuh_api_cors_allow_headers %>
+ allow_credentials: <%= @wazuh_api_cors_allow_credentials %>
+# Cache (time in seconds)
+cache:
+ enabled: <%= @wazuh_api_cache_enabled %>
+ time: <%= @wazuh_api_cache_time %>
+# Access parameters
+access:
+ max_login_attempts: <%= @wazuh_api_access_max_login_attempts %>
+ block_time: <%= @wazuh_api_access_block_time %>
+ max_request_per_minute: <%= @wazuh_api_access_max_request_per_minute %>
+# Force the use of authd when adding and removing agents. Values: yes, no
+use_only_authd: <%= @wazuh_api_use_only_authd %>
+# Drop privileges (Run as ossec user)
+drop_privileges: <%= @wazuh_api_drop_privileges %>
+# Enable features under development
+experimental_features: <%= @wazuh_api_experimental_features %>
\ No newline at end of file
diff --git a/templates/wazuh_yml.erb b/templates/wazuh_yml.erb
index 173cbced..cfb50ea0 100644
--- a/templates/wazuh_yml.erb
+++ b/templates/wazuh_yml.erb
@@ -128,6 +128,6 @@ hosts:
- <%= api_profile['id'] %>:
url: <%= api_profile['url'] %>
port: <%= api_profile['port'] %>
- user: <%= api_profile['user'] %>
+ username: <%= api_profile['user'] %>
password: <%= api_profile['password'] %>
<% end -%>
\ No newline at end of file