From a5455b8664c2630a21cad7465d4e0287e64e3eaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 18 Nov 2020 17:27:13 +0100 Subject: [PATCH 001/260] Migrate filebeat to manager --- .../wazuh_manager/attributes/filebeat.rb | 44 ++++++++++ cookbooks/wazuh_manager/recipes/default.rb | 3 +- cookbooks/wazuh_manager/recipes/filebeat.rb | 86 +++++++++++++++++++ .../templates/default/filebeat.yml.erb | 22 +++++ 4 files changed, 154 insertions(+), 1 deletion(-) create mode 100644 cookbooks/wazuh_manager/attributes/filebeat.rb create mode 100644 cookbooks/wazuh_manager/recipes/filebeat.rb create mode 100644 cookbooks/wazuh_manager/templates/default/filebeat.yml.erb diff --git a/cookbooks/wazuh_manager/attributes/filebeat.rb b/cookbooks/wazuh_manager/attributes/filebeat.rb new file mode 100644 index 00000000..63894eaa --- /dev/null +++ b/cookbooks/wazuh_manager/attributes/filebeat.rb @@ -0,0 +1,44 @@ +default['filebeat']['config_path'] = '/etc/filebeat/filebeat.yml' +default['filebeat']['wazuh_filebeat_module'] = "wazuh-filebeat-0.1.tar.gz" +default['filebeat']['wazuh_template'] = "wazuh-template.json" +default['filebeat']['yml'] = { + "output.elasticsearch": { + "hosts": [ + "0.0.0.0:9200" + ], + "protocol": "https", + "username": "admin", + "password": "admin", + "ssl.certificate_authorities": [ + "/etc/filebeat/certs/root-ca.pem" + ], + "ssl": { + "certificate": "/etc/filebeat/certs/filebeat.pem", + "key": "/etc/filebeat/certs/filebeat.key" + }, + }, + "setup": { + "template": { + "json": { + "enabled": true, + "path": "/etc/filebeat/wazuh-template.json", + "name": "wazuh" + } + }, + "ilm": { + "overwrite": true, + "enabled": false + } + }, + "filebeat.modules": [ + { + "module": "wazuh", + "alerts": { + "enabled": true + }, + "archives": { + "enabled": false + } + } + ] +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/recipes/default.rb b/cookbooks/wazuh_manager/recipes/default.rb index 61084ba0..f5ad7994 100644 --- a/cookbooks/wazuh_manager/recipes/default.rb +++ b/cookbooks/wazuh_manager/recipes/default.rb @@ -1,4 +1,5 @@ include_recipe 'apt::default' include_recipe 'wazuh_manager::prerequisites' include_recipe 'wazuh_manager::repository' -include_recipe 'wazuh_manager::manager' \ No newline at end of file +include_recipe 'wazuh_manager::manager' +include_recipe 'wazuh_manager::filebeat' \ No newline at end of file diff --git a/cookbooks/wazuh_manager/recipes/filebeat.rb b/cookbooks/wazuh_manager/recipes/filebeat.rb new file mode 100644 index 00000000..6e7878cc --- /dev/null +++ b/cookbooks/wazuh_manager/recipes/filebeat.rb @@ -0,0 +1,86 @@ +# +# Cookbook Name:: filebeat +# Recipe:: default +# Author:: Wazuh + +# Install Filebeat package + +if platform_family?('debian','ubuntu') + package 'lsb-release' + ohai 'reload lsb' do + plugin 'lsb' + # action :nothing + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_package 'filebeat' do + version "#{node['filebeat']['version']}" + only_if do + File.exists?("/etc/apt/sources.list.d/wazuh.list") + end + end +elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') + yum_package 'filebeat' do + version "#{node['filebeat']['version']}" + only_if do + File.exists?("/etc/yum.repos.d/wazuh.repo") + end + end +elsif platform_family?('suse') + yum_package 'filebeat' do + version "#{node['filebeat']['version']}" + only_if do + File.exists?("/etc/zypp/repos.d/wazuh.repo") + end + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end + +# Edit the file /etc/filebeat/filebeat.yml +=begin +template node['filebeat']['config_path'] do + source 'filebeat.yml.erb' + owner 'root' + group 'root' + mode '0640' + variables(output_elasticsearch_hosts: "hosts: [\"#{node['filebeat']['elasticsearch_server_ip']}:#{node['filebeat']['elasticsearch_server_port']}\"]") +end + +yaml_file "#{node['filebeat']['config_path']}" do + owner 'root' + group 'root' + mode '0640' + content node['filebeat']['yml'] +end +=end +file "#{node['filebeat']['config_path']}" do + owner 'root' + group 'root' + mode '0640' + + content lazy { + {node['filebeat']['yml']}.to_yaml + } + +end + + +# Download the alerts template for Elasticsearch: +remote_file "/etc/filebeat/#{node['filebeat']['wazuh_template']}" do + source "https://raw.githubusercontent.com/wazuh/wazuh/#{node['wazuh']['version']}/extensions/elasticsearch/#{node['elastic']['version']}/#{node['filebeat']['wazuh_template']}" + owner "root" + group "root" + mode "0644" +end + +# Download the Wazuh module for Filebeat: +remote_file "/usr/share/filebeat/module/#{node['filebeat']['wazuh_filebeat_module']}" do + source "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/filebeat/#{node['filebeat']['wazuh_filebeat_module']}" +end + +# Change module permission +directory '/usr/share/filebeat/module/wazuh' do + mode '0755' + recursive true +end diff --git a/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb b/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb new file mode 100644 index 00000000..35780086 --- /dev/null +++ b/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb @@ -0,0 +1,22 @@ +# Wazuh - Filebeat configuration file +output.elasticsearch: + hosts: [<%= @output_elasticsearch_hosts %>] + protocol: [<%= @output_elasticsearch_protocol %>] + username: [<%= @output_elasticsearch_username %>] + password: [<%= @output_elasticsearch_password %>] + ssl.certificate_authorities: + - [<%= @ssl_certificate_authorities %>] + ssl.certificate: [<%= @ssl_certificate %>] + ssl.key: [<%= @ssl_key %>] +setup.template.json.enabled: [<%= @setup_template_json_enabled %>] +setup.template.json.path: [<%= @setup_template_json_path %>] +setup.template.json.name: [<%= @setup_template_json_name %>] +setup.ilm.overwrite: [<%= @setup_ilm_overwrite %>] +setup.ilm.enabled: [<%= @setup_ilm_enabled %>] + +filebeat.modules: + - module: [<%= @filebeat_modules_module %>] + alerts: + enabled: [<%= @filebeat_modules_alerts_enabled %>] + archives: + enabled: [<%= @filebeat_modules_module %>] From f5484e7f8efd058674d206592935edee4ccf25db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 18 Nov 2020 17:27:30 +0100 Subject: [PATCH 002/260] Customize kitchen yml file --- cookbooks/wazuh_manager/.kitchen.yml | 163 +++++++++++++++------------ 1 file changed, 94 insertions(+), 69 deletions(-) diff --git a/cookbooks/wazuh_manager/.kitchen.yml b/cookbooks/wazuh_manager/.kitchen.yml index bbbb6579..3893e611 100644 --- a/cookbooks/wazuh_manager/.kitchen.yml +++ b/cookbooks/wazuh_manager/.kitchen.yml @@ -1,84 +1,109 @@ --- driver: name: vagrant -driver_config: - require_chef_omnibus: latest provisioner: name: chef_zero - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" + +verifiers: + name: inspec platforms: - - name: ubuntu-12.04 - run_list: apt::default - - name: ubuntu-14.04 - run_list: apt::default - - name: ubuntu-16.04 - run_list: apt::default - - name: centos-6.7 - - name: centos-7.2 -suites: - - name: manager-development-master - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - driver: - network: - - ["private_network", {ip: "172.16.10.10"}] - run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh::manager] - - recipe[wazuh_filebeat::default] - attributes: - provisioner: - client_rb: - environment: development-master + - name: ubuntu-18.04 - - name: manager-development-client - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - driver: - network: - - ["private_network", {ip: "172.16.10.11"}] +suites: + - name: wazuh-manager run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh::manager] - - recipe[wazuh_filebeat::default] - attributes: - provisioner: - client_rb: - environment: development-client - - - name: elastic-development - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" + - recipe[wazuh_manager::default] driver: network: - - ["private_network", {ip: "172.16.10.12"}] + - ["private_network", {ip: "172.17.0.100"}] customize: - memory: 2048 + memory: 4096 cpus: 2 - run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh_elastic::default] - attributes: - provisioner: - client_rb: - environment: development-master + - name: odfe + - name: kibana - - name: agent-development - driver: - network: - - ["private_network", { type: "dhcp" }] - run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh::agent] - attributes: - vagrant: - provisioner: - client_rb: - environment: development +#driver: +# name: vagrant +#driver_config: +# require_chef_omnibus: latest +# +#provisioner: +# name: chef_zero +# environments_path: "test/environments" +# data_bags_path: "test/data_bags" +# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" +# +#platforms: +# - name: ubuntu-12.04 +# run_list: apt::default +# - name: ubuntu-14.04 +# run_list: apt::default +# - name: ubuntu-16.04 +# run_list: apt::default +# - name: centos-6.7 +# - name: centos-7.2 +#suites: +# - name: manager-development-master +# environments_path: "test/environments" +# data_bags_path: "test/data_bags" +# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" +# driver: +# network: +# - ["private_network", {ip: "172.16.10.10"}] +# run_list: +# - recipe[wazuh::testenvsetup] +# - recipe[wazuh::manager] +# - recipe[wazuh_filebeat::default] +# attributes: +# provisioner: +# client_rb: +# environment: development-master +# +# - name: manager-development-client +# environments_path: "test/environments" +# data_bags_path: "test/data_bags" +# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" +# driver: +# network: +# - ["private_network", {ip: "172.16.10.11"}] +# run_list: +# - recipe[wazuh::testenvsetup] +# - recipe[wazuh::manager] +# - recipe[wazuh_filebeat::default] +# attributes: +# provisioner: +# client_rb: +# environment: development-client +# +# - name: elastic-development +# environments_path: "test/environments" +# data_bags_path: "test/data_bags" +# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" +# driver: +# network: +# - ["private_network", {ip: "172.16.10.12"}] +# customize: +# memory: 2048 +# cpus: 2 +# run_list: +# - recipe[wazuh::testenvsetup] +# - recipe[wazuh_elastic::default] +# attributes: +# provisioner: +# client_rb: +# environment: development-master +# +# - name: agent-development +# driver: +# network: +# - ["private_network", { type: "dhcp" }] +# run_list: +# - recipe[wazuh::testenvsetup] +# - recipe[wazuh::agent] +# attributes: +# vagrant: +# provisioner: +# client_rb: +# environment: development From a8a41ad8852a87cc38b53454939c680a8ddd7717 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 18 Nov 2020 17:28:04 +0100 Subject: [PATCH 003/260] Add zypper and yaml --- cookbooks/wazuh_manager/Berksfile | 2 ++ cookbooks/wazuh_manager/Gemfile | 13 +++++++------ cookbooks/wazuh_manager/metadata.rb | 2 ++ 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/cookbooks/wazuh_manager/Berksfile b/cookbooks/wazuh_manager/Berksfile index 341f0d90..0471d13f 100644 --- a/cookbooks/wazuh_manager/Berksfile +++ b/cookbooks/wazuh_manager/Berksfile @@ -7,3 +7,5 @@ cookbook 'hostsfile' cookbook 'apt' cookbook 'yum' cookbook 'poise-python' +cookbook 'zypper' +cookbook 'yaml' \ No newline at end of file diff --git a/cookbooks/wazuh_manager/Gemfile b/cookbooks/wazuh_manager/Gemfile index 518b772e..29f461b1 100644 --- a/cookbooks/wazuh_manager/Gemfile +++ b/cookbooks/wazuh_manager/Gemfile @@ -1,19 +1,20 @@ source 'https://rubygems.org' group :lint do - gem 'foodcritic', '~> 5.0' - gem 'rubocop', '~> 0.50.0' + gem 'foodcritic', '~> 16.3' + gem 'rubocop', '~> 1.3', '>= 1.3.1' + gem 'yaml', '~> 0.1.0' end group :unit do - gem 'berkshelf', '~> 4.0' - gem 'chefspec', '~> 4.4' + gem 'berkshelf', '~> 7.1' + gem 'chefspec', '~> 9.2', '>= 9.2.1' end group :kitchen_common do - gem 'test-kitchen', '~> 1.4' + gem 'test-kitchen', '~> 2.7', '>= 2.7.2' end group :kitchen_vagrant do - gem 'kitchen-vagrant', '~> 0.19' + gem 'kitchen-vagrant', '~> 1.7', '>= 1.7.2' end diff --git a/cookbooks/wazuh_manager/metadata.rb b/cookbooks/wazuh_manager/metadata.rb index c582ce51..0fd3f9f2 100644 --- a/cookbooks/wazuh_manager/metadata.rb +++ b/cookbooks/wazuh_manager/metadata.rb @@ -29,6 +29,8 @@ depends 'poise-python' depends 'yum' depends 'hostsfile' +depends 'zypper' +depends 'yaml' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) From 06c589c15df1767ed1d9ac3b329a63c2548661b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 18 Nov 2020 17:28:34 +0100 Subject: [PATCH 004/260] Reference version attributes --- cookbooks/wazuh_manager/attributes/versions.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cookbooks/wazuh_manager/attributes/versions.rb b/cookbooks/wazuh_manager/attributes/versions.rb index 0658b9fe..90fd3b54 100644 --- a/cookbooks/wazuh_manager/attributes/versions.rb +++ b/cookbooks/wazuh_manager/attributes/versions.rb @@ -1 +1,5 @@ default['wazuh-manager']['version'] = "4.0.1" +default['packages.wazuh.com']['version'] = "4.x" +default['wazuh']['version'] = "4.0" +default['filebeat']['version'] = "7.9.1" +default['elastic']['version'] = "7.x" \ No newline at end of file From 57599787344334085103d87c3f5c5456ed0fa1ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 19 Nov 2020 17:10:50 +0100 Subject: [PATCH 005/260] Add filebeat and version attribute. Modified syntax --- .../wazuh_manager/attributes/agent_conf.rb | 6 +- cookbooks/wazuh_manager/attributes/alerts.rb | 6 +- cookbooks/wazuh_manager/attributes/api.rb | 48 +++++++------- cookbooks/wazuh_manager/attributes/auth.rb | 26 ++++---- cookbooks/wazuh_manager/attributes/cluster.rb | 22 ++++--- .../wazuh_manager/attributes/filebeat.rb | 54 +++++----------- cookbooks/wazuh_manager/attributes/global.rb | 28 ++++---- cookbooks/wazuh_manager/attributes/remote.rb | 10 +-- .../wazuh_manager/attributes/rootcheck.rb | 26 ++++---- cookbooks/wazuh_manager/attributes/ruleset.rb | 20 ++++-- cookbooks/wazuh_manager/attributes/sca.rb | 10 +-- .../wazuh_manager/attributes/syscheck.rb | 48 +++++++------- .../attributes/vulnerability-detector.rb | 52 +++++++-------- cookbooks/wazuh_manager/attributes/wodle.rb | 64 +++++++++---------- 14 files changed, 220 insertions(+), 200 deletions(-) diff --git a/cookbooks/wazuh_manager/attributes/agent_conf.rb b/cookbooks/wazuh_manager/attributes/agent_conf.rb index 7f4d559c..089429c1 100644 --- a/cookbooks/wazuh_manager/attributes/agent_conf.rb +++ b/cookbooks/wazuh_manager/attributes/agent_conf.rb @@ -1,5 +1,7 @@ -default['ossec']['centralized_configuration']['enabled'] = 'no' -default['ossec']['centralized_configuration']['path'] = '/var/ossec/etc/shared/default' +default['ossec']['centralized_configuration'] = { + 'enabled' => 'no', + 'path' => '/var/ossec/etc/shared/default' +} # Example of configuration to include in agent.conf diff --git a/cookbooks/wazuh_manager/attributes/alerts.rb b/cookbooks/wazuh_manager/attributes/alerts.rb index cc25360e..e0f4d45d 100644 --- a/cookbooks/wazuh_manager/attributes/alerts.rb +++ b/cookbooks/wazuh_manager/attributes/alerts.rb @@ -1,2 +1,4 @@ -default['ossec']['conf']['alerts']['log_alert_level'] = 3 -default['ossec']['conf']['alerts']['email_alert_level'] = 12 \ No newline at end of file +default['ossec']['conf']['alerts'] = { + 'log_alert_level' => 3, + 'email_alert_level' => 12 +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/api.rb b/cookbooks/wazuh_manager/attributes/api.rb index 4903708e..8fe6377a 100644 --- a/cookbooks/wazuh_manager/attributes/api.rb +++ b/cookbooks/wazuh_manager/attributes/api.rb @@ -1,23 +1,25 @@ -default['api']['bind_addr'] = "0.0.0.0" -default['api']['port'] = 55000 -default['api']['behind_proxy_server'] = "no" -default['api']['https'] = "yes" -default['api']['https_key'] = "api/configuration/ssl/server.key" -default['api']['https_cert'] = "api/configuration/ssl/server.crt" -default['api']['https_use_ca'] = "False" -default['api']['https_ca'] = "api/configuration/ssl/ca.crt" -default['api']['logging_level'] = "info" -default['api']['logging_path'] = "logs/api.log" -default['api']['cors'] = "no" -default['api']['cors_source_route'] = "*" -default['api']['cors_expose_headers'] = "*" -default['api']['cors_allow_headers'] = "*" -default['api']['cors_allow_credentials'] = "no" -default['api']['cache'] = "yes" -default['api']['cache_time'] = 0.750 -default['api']['access_max_login_attempts'] = 5 #Should be updated -default['api']['access_block_time'] = 300 -default['api']['access_max_request_per_minute'] = 300 -default['api']['use_only_authd'] = 300 -default['api']['drop_privileges'] = "yes" -default['api']['experimental_features'] = "no" +default['api'] = { + 'bind_addr' => "0.0.0.0", + 'port' => 55000, + 'behind_proxy_server' => "no", + 'https' => "yes", + 'https_key' => "api/configuration/ssl/server.key", + 'https_cert' => "api/configuration/ssl/server.crt", + 'https_use_ca' => "False", + 'https_ca' => "api/configuration/ssl/ca.crt", + 'logging_level' => "info", + 'logging_path' => "logs/api.log", + 'cors' => "no", + 'cors_source_route' => "*", + 'cors_expose_headers' => "*", + 'cors_allow_headers' => "*", + 'cors_allow_credentials' => "no", + 'cache' => "yes", + 'cache_time' => 0.750, + 'access_max_login_attempts' => 5, #Should be updated + 'access_block_time' => 300, + 'access_max_request_per_minute' => 300, + 'use_only_authd' => 300, + 'drop_privileges' => "yes", + 'experimental_features' => "no" +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/auth.rb b/cookbooks/wazuh_manager/attributes/auth.rb index bf86c774..adaff79e 100644 --- a/cookbooks/wazuh_manager/attributes/auth.rb +++ b/cookbooks/wazuh_manager/attributes/auth.rb @@ -1,13 +1,15 @@ # Registration service - Authd settings (Manager) -default['ossec']['conf']['auth']['disabled'] = false -default['ossec']['conf']['auth']['port'] = 1515 -default['ossec']['conf']['auth']['use_source_ip'] = true -default['ossec']['conf']['auth']['force_insert'] = true -default['ossec']['conf']['auth']['force_time'] = 0 -default['ossec']['conf']['auth']['purge'] = true -default['ossec']['conf']['auth']['use_password'] = false -default['ossec']['conf']['auth']['ciphers'] = 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH' -default['ossec']['conf']['auth']['ssl_verify_host'] = false -default['ossec']['conf']['auth']['ssl_manager_cert'] = "#{node['ossec']['dir']}/etc/sslmanager.cert" -default['ossec']['conf']['auth']['ssl_manager_key'] = "#{node['ossec']['dir']}/etc/sslmanager.key" -default['ossec']['conf']['auth']['ssl_auto_negotiate'] = false \ No newline at end of file +default['ossec']['conf']['auth'] = { + 'disabled' => false, + 'port' => 1515, + 'use_source_ip' => true, + 'force_insert' => true, + 'force_time' => 0, + 'purge' => true, + 'use_password' => false, + 'ciphers' => 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH', + 'ssl_verify_host' => false, + 'ssl_manager_cert' => "#{node['ossec']['dir']}/etc/sslmanager.cert", + 'ssl_manager_key' => "#{node['ossec']['dir']}/etc/sslmanager.key", + 'ssl_auto_negotiate' => false +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/cluster.rb b/cookbooks/wazuh_manager/attributes/cluster.rb index 9934a4e6..ee96f73a 100644 --- a/cookbooks/wazuh_manager/attributes/cluster.rb +++ b/cookbooks/wazuh_manager/attributes/cluster.rb @@ -1,10 +1,14 @@ # Cluster settings -default['ossec']['conf']['cluster']['name'] = 'wazuh' -default['ossec']['conf']['cluster']['node_name'] = 'node01' -default['ossec']['conf']['cluster']['node_type'] = 'master' -default['ossec']['conf']['cluster']['key'] = '' -default['ossec']['conf']['cluster']['port'] = 1516 -default['ossec']['conf']['cluster']['bind_addr'] = '0.0.0.0' -default['ossec']['conf']['cluster']['nodes']['node'] = "NODE_IP" -default['ossec']['conf']['cluster']['hidden'] = 'no' -default['ossec']['conf']['cluster']['disabled'] = 'yes' +default['ossec']['conf']['cluster'] = { + 'name' => 'wazuh', + 'node_name' => 'node01', + 'node_type' => 'master', + 'key' => '', + 'port' => 1516, + 'bind_addr' => '0.0.0.0', + 'nodes' => { + 'node' => "NODE_IP" + }, + 'hidden' => 'no', + 'disabled' => 'yes' +} diff --git a/cookbooks/wazuh_manager/attributes/filebeat.rb b/cookbooks/wazuh_manager/attributes/filebeat.rb index 63894eaa..48c9414b 100644 --- a/cookbooks/wazuh_manager/attributes/filebeat.rb +++ b/cookbooks/wazuh_manager/attributes/filebeat.rb @@ -2,43 +2,21 @@ default['filebeat']['wazuh_filebeat_module'] = "wazuh-filebeat-0.1.tar.gz" default['filebeat']['wazuh_template'] = "wazuh-template.json" default['filebeat']['yml'] = { - "output.elasticsearch": { - "hosts": [ - "0.0.0.0:9200" - ], - "protocol": "https", - "username": "admin", - "password": "admin", - "ssl.certificate_authorities": [ - "/etc/filebeat/certs/root-ca.pem" - ], - "ssl": { - "certificate": "/etc/filebeat/certs/filebeat.pem", - "key": "/etc/filebeat/certs/filebeat.key" - }, + 'output_elasticsearch_hosts' => { + "0.0.0.0": 9200 }, - "setup": { - "template": { - "json": { - "enabled": true, - "path": "/etc/filebeat/wazuh-template.json", - "name": "wazuh" - } - }, - "ilm": { - "overwrite": true, - "enabled": false - } - }, - "filebeat.modules": [ - { - "module": "wazuh", - "alerts": { - "enabled": true - }, - "archives": { - "enabled": false - } - } - ] + 'output_elasticsearch_protocol' => "https", + 'output_elasticsearch_username' => "\"admin\"", + 'output_elasticsearch_password' => "\"admin\"", + 'ssl_certificate_authorities' => "/etc/filebeat/certs/root-ca.pem", + 'ssl_certificate' => "\"/etc/filebeat/certs/filebeat.pem\"", + 'ssl_key' => "\"/etc/filebeat/certs/filebeat.key\"", + 'setup_template_json_enabled' => true, + 'setup_template_json_path' => "\'/etc/filebeat/#{node['filebeat']['wazuh_template']}\'", + 'setup_template_json_name' => "\'wazuh\'", + 'setup_ilm_overwrite' => true, + 'setup_ilm_enabled' => false, + 'filebeat_modules_module' => "wazuh", + 'filebeat_modules_alerts_enabled' => true, + 'filebeat_modules_archives_enabled' => false } \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/global.rb b/cookbooks/wazuh_manager/attributes/global.rb index 11cf4528..87de353e 100644 --- a/cookbooks/wazuh_manager/attributes/global.rb +++ b/cookbooks/wazuh_manager/attributes/global.rb @@ -1,11 +1,17 @@ -default['ossec']['conf']['global']['jsonout_output'] = true -default['ossec']['conf']['global']['alerts_log'] = true -default['ossec']['conf']['global']['logall'] = false -default['ossec']['conf']['global']['logall_json'] = false -default['ossec']['conf']['global']['email_notification'] = false -default['ossec']['conf']['global']['smtp_server'] = 'smtp.example.wazuh.com' -default['ossec']['conf']['global']['email_from'] = 'ossecm@example.wazuh.com' -default['ossec']['conf']['global']['email_to'] = 'recipient@example.wazuh.com' -default['ossec']['conf']['global']['email_maxperhour'] = 12 -default['ossec']['conf']['global']['email_log_source'] = "alerts.log" -default['ossec']['conf']['global']['white_list'] = [ '127.0.0.1', '^localhost.localdomain$', '127.0.0.53'] \ No newline at end of file +default['ossec']['conf']['global'] = { + 'jsonout_output' => true, + 'alerts_log' => true, + 'logall' => false, + 'logall_json' => false, + 'email_notification' => false, + 'smtp_server' => 'smtp.example.wazuh.com', + 'email_from' => 'ossecm@example.wazuh.com', + 'email_to' => 'recipient@example.wazuh.com', + 'email_maxperhour' => 12, + 'email_log_source' => "alerts.log", + 'white_list' => [ + '127.0.0.1', + '^localhost.localdomain$', + '127.0.0.53' + ] +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/remote.rb b/cookbooks/wazuh_manager/attributes/remote.rb index 2db10027..eb008ea8 100644 --- a/cookbooks/wazuh_manager/attributes/remote.rb +++ b/cookbooks/wazuh_manager/attributes/remote.rb @@ -1,5 +1,7 @@ # Remoted settings -default['ossec']['conf']['remote']['connection'] = ['secure'] -default['ossec']['conf']['remote']['port'] = "1514" -default['ossec']['conf']['remote']['protocol'] = "tcp" -default['ossec']['conf']['remote']['queue_size'] = "131072" \ No newline at end of file +default['ossec']['conf']['remote'] = { + 'connection' => 'secure', + 'port' => "1514", + 'protocol' => "tcp", + 'queue_size' => "131072" +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/rootcheck.rb b/cookbooks/wazuh_manager/attributes/rootcheck.rb index 732bbac6..963bf8fc 100644 --- a/cookbooks/wazuh_manager/attributes/rootcheck.rb +++ b/cookbooks/wazuh_manager/attributes/rootcheck.rb @@ -1,13 +1,15 @@ # Rootcheck settings -default['ossec']['conf']['rootcheck']['disabled'] = false -default['ossec']['conf']['rootcheck']['check_files'] = true -default['ossec']['conf']['rootcheck']['check_trojans'] = true -default['ossec']['conf']['rootcheck']['check_dev'] = true -default['ossec']['conf']['rootcheck']['check_sys'] = true -default['ossec']['conf']['rootcheck']['check_pids'] = true -default['ossec']['conf']['rootcheck']['check_ports'] = true -default['ossec']['conf']['rootcheck']['check_if'] = true -default['ossec']['conf']['rootcheck']['frequency'] = 43200 -default['ossec']['conf']['rootcheck']['rootkit_files'] = "#{node['ossec']['dir']}/etc/rootcheck/rootkit_files.txt" -default['ossec']['conf']['rootcheck']['rootkit_trojans'] = "#{node['ossec']['dir']}/etc/rootcheck/rootkit_trojans.txt" -default['ossec']['conf']['rootcheck']['skip_nfs'] = true +default['ossec']['conf']['rootcheck'] = { + 'disabled' => false, + 'check_files' => true, + 'check_trojans' => true, + 'check_dev' => true, + 'check_sys' => true, + 'check_pids' => true, + 'check_ports' => true, + 'check_if' => true, + 'frequency' => 43200, + 'rootkit_files' => "#{node['ossec']['dir']}/etc/rootcheck/rootkit_files.txt", + 'rootkit_trojans' => "#{node['ossec']['dir']}/etc/rootcheck/rootkit_trojans.txt", + 'skip_nfs' => true +} diff --git a/cookbooks/wazuh_manager/attributes/ruleset.rb b/cookbooks/wazuh_manager/attributes/ruleset.rb index 0df5ec6a..1eb1e604 100644 --- a/cookbooks/wazuh_manager/attributes/ruleset.rb +++ b/cookbooks/wazuh_manager/attributes/ruleset.rb @@ -1,5 +1,17 @@ # Ruleset settings (Manager) -default['ossec']['conf']['ruleset']['decoder_dir'] = ['ruleset/decoders', 'etc/decoders'] -default['ossec']['conf']['ruleset']['rule_dir'] = ['ruleset/rules', 'etc/rules'] -default['ossec']['conf']['ruleset']['rule_exclude'] = '0215-policy_rules.xml' -default['ossec']['conf']['ruleset']['list'] = ['etc/lists/audit-keys', 'etc/lists/security-eventchannel', 'etc/lists/amazon/aws-eventnames'] +default['ossec']['conf']['ruleset'] = { + 'decoder_dir' => [ + 'ruleset/decoders', + 'etc/decoders' + ], + 'rule_dir' => [ + 'ruleset/rules', + 'etc/rules' + ], + 'rule_exclude' => '0215-policy_rules.xml', + 'list' => [ + 'etc/lists/audit-keys', + 'etc/lists/security-eventchannel', + 'etc/lists/amazon/aws-eventnames' + ] +} diff --git a/cookbooks/wazuh_manager/attributes/sca.rb b/cookbooks/wazuh_manager/attributes/sca.rb index da98c89a..6777b12a 100644 --- a/cookbooks/wazuh_manager/attributes/sca.rb +++ b/cookbooks/wazuh_manager/attributes/sca.rb @@ -1,5 +1,7 @@ -default['ossec']['conf']['sca']['enabled'] = true -default['ossec']['conf']['sca']['scan_on_start'] = true -default['ossec']['conf']['sca']['interval'] = "12h" -default['ossec']['conf']['sca']['skip_nfs'] = true \ No newline at end of file +default['ossec']['conf']['sca'] = { + 'enabled' => true, + 'scan_on_start' => true, + 'interval' => "12h", + 'skip_nfs' => true +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/syscheck.rb b/cookbooks/wazuh_manager/attributes/syscheck.rb index 2fb78745..b2680e53 100644 --- a/cookbooks/wazuh_manager/attributes/syscheck.rb +++ b/cookbooks/wazuh_manager/attributes/syscheck.rb @@ -1,11 +1,14 @@ # Syscheck settings -default['ossec']['conf']['syscheck']['disabled'] = false -default['ossec']['conf']['syscheck']['frequency'] = 43200 -default['ossec']['conf']['syscheck']['scan_on_start'] = true -default['ossec']['conf']['syscheck']['auto_ignore'] = [ - { '@frequency' => '10', '@timeframe' => '3600', 'content!' => false } -] -default['ossec']['conf']['syscheck']['ignore'] = [ +default['ossec']['conf']['syscheck'] = { + 'disabled' => false, + 'frequency' => 43200, + 'scan_on_start' => true, + 'auto_ignore' => { + '@frequency' => '10', + '@timeframe' => '3600', + 'content!' => false + }, + 'ignore' => [ '/etc/mtab', '/etc/hosts.deny', '/etc/mail/statistics', @@ -23,18 +26,19 @@ '/dev/core', { '@type' => 'sregex', 'content!' => '^/proc' }, { '@type' => 'sregex', 'content!' => '.log$|.swp$'} -] - -default['ossec']['conf']['syscheck']['directories'] = [ - { '@check_all' => true, 'content!' => '/etc,/usr/bin,/usr/sbin' }, - { '@check_all' => true, 'content!' => '/bin,/sbin,/boot' } -] - -default['ossec']['conf']['syscheck']['nodiff'] = '/etc/ssl/private.key' -default['ossec']['conf']['syscheck']['skip_nfs'] = true -default['ossec']['conf']['syscheck']['max_eps'] = 100 -default['ossec']['conf']['syscheck']['process_priority'] = 10 -default['ossec']['conf']['syscheck']['synchronization']['enabled'] = 'yes' -default['ossec']['conf']['syscheck']['synchronization']['interval'] = '5m' -default['ossec']['conf']['syscheck']['synchronization']['max_interval'] = '1h' -default['ossec']['conf']['syscheck']['synchronization']['max_eps'] = '10' \ No newline at end of file + ], + 'directories' => [ + { '@check_all' => true, 'content!' => '/etc,/usr/bin,/usr/sbin' }, + { '@check_all' => true, 'content!' => '/bin,/sbin,/boot' } + ], + 'nodiff' => '/etc/ssl/private.key', + 'skip_nfs' => true, + 'max_eps' => 100, + 'process_priority' => 10, + 'synchronization' => { + 'enabled' => 'yes', + 'interval' => '5m', + 'max_interval' => '1h', + 'max_eps' => '10' + } +} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb b/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb index 208d906b..e0f6dc22 100644 --- a/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb +++ b/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb @@ -1,26 +1,28 @@ -default['ossec']['conf']['vulnerability-detector']['enabled'] = 'no' -default['ossec']['conf']['vulnerability-detector']['interval'] = '5m' -default['ossec']['conf']['vulnerability-detector']['ignore_time'] = '6h' -default['ossec']['conf']['vulnerability-detector']['run_on_start'] = 'yes' -default['ossec']['conf']['vulnerability-detector']['provider'] = [ - { '@name' => 'canonical', - 'enabled' => 'no', - 'os' => ['trusty', 'xenial', 'bionic', 'focal'], - 'update_interval' => '1h' - }, - { '@name' => 'debian', - 'enabled' => 'no', - 'os' => ['wheezy', 'stretch', 'jessie', 'buster'], - 'update_interval' => '1h' - }, - { '@name' => 'redhat', - 'enabled' => 'no', - 'update_from_year' => '2010', - 'update_interval' => '1h' - }, - { '@name' => 'nvd', - 'enabled' => 'no', - 'update_from_year' => '2010', - 'update_interval' => '1h' - } +default['ossec']['conf']['vulnerability-detector'] = [ + 'enabled' => 'no', + 'interval' => '5m', + 'ignore_time' => '6h', + 'run_on_start' => 'yes', + 'provider' => [ + { '@name' => 'canonical', + 'enabled' => 'no', + 'os' => ['trusty', 'xenial', 'bionic', 'focal'], + 'update_interval' => '1h' + }, + { '@name' => 'debian', + 'enabled' => 'no', + 'os' => ['wheezy', 'stretch', 'jessie', 'buster'], + 'update_interval' => '1h' + }, + { '@name' => 'redhat', + 'enabled' => 'no', + 'update_from_year' => '2010', + 'update_interval' => '1h' + }, + { '@name' => 'nvd', + 'enabled' => 'no', + 'update_from_year' => '2010', + 'update_interval' => '1h' + } + ] ] \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/wodle.rb b/cookbooks/wazuh_manager/attributes/wodle.rb index baf4c1aa..6e4d5d4e 100644 --- a/cookbooks/wazuh_manager/attributes/wodle.rb +++ b/cookbooks/wazuh_manager/attributes/wodle.rb @@ -1,34 +1,34 @@ default['ossec']['conf']['wodle'] = [ - { '@name' => 'open-scap', - 'disabled' => 'yes', - 'timeout' => '1800', - 'interval' => '1d', - 'scan-on-start' => 'yes' - }, - { '@name' => 'cis-cat', - 'disabled' => 'yes', - 'timeout' => '1800', - 'interval' => '1d', - 'scan-on-start' => 'yes', - 'java_path' => 'wodles/java', - 'ciscat_path' => 'wodles/ciscat' - }, - { '@name' => 'osquery', - 'disabled' => 'yes', - 'run_daemon' => 'yes', - 'log_path' => '/var/log/osquery/osqueryd.results.log', - 'config_path' => '/etc/osquery/osquery.conf', - 'add_labels' => 'yes' - }, - { '@name' => 'syscollector', - 'disabled' => 'no', - 'interval' => '1d', - 'scan_on_start' => 'yes', - 'hardware' => 'yes', - 'os' => 'yes', - 'network' => 'yes', - 'packages' => 'yes', - 'ports' => { '@all' => 'no', 'content!' => 'yes'}, - 'processes' => 'yes' - } + { '@name' => 'open-scap', + 'disabled' => 'yes', + 'timeout' => '1800', + 'interval' => '1d', + 'scan-on-start' => 'yes' + }, + { '@name' => 'cis-cat', + 'disabled' => 'yes', + 'timeout' => '1800', + 'interval' => '1d', + 'scan-on-start' => 'yes', + 'java_path' => 'wodles/java', + 'ciscat_path' => 'wodles/ciscat' + }, + { '@name' => 'osquery', + 'disabled' => 'yes', + 'run_daemon' => 'yes', + 'log_path' => '/var/log/osquery/osqueryd.results.log', + 'config_path' => '/etc/osquery/osquery.conf', + 'add_labels' => 'yes' + }, + { '@name' => 'syscollector', + 'disabled' => 'no', + 'interval' => '1d', + 'scan_on_start' => 'yes', + 'hardware' => 'yes', + 'os' => 'yes', + 'network' => 'yes', + 'packages' => 'yes', + 'ports' => { '@all' => 'no', 'content!' => 'yes'}, + 'processes' => 'yes' + } ] From 2b9dd64a90e4434e8287c3957d115064c6cfc916 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 19 Nov 2020 17:12:25 +0100 Subject: [PATCH 006/260] If condition in case rhel 8 --- cookbooks/wazuh_manager/recipes/filebeat.rb | 59 +++++++++++-------- cookbooks/wazuh_manager/recipes/manager.rb | 10 +++- .../wazuh_manager/recipes/prerequisites.rb | 9 ++- 3 files changed, 47 insertions(+), 31 deletions(-) diff --git a/cookbooks/wazuh_manager/recipes/filebeat.rb b/cookbooks/wazuh_manager/recipes/filebeat.rb index 6e7878cc..ebe5563d 100644 --- a/cookbooks/wazuh_manager/recipes/filebeat.rb +++ b/cookbooks/wazuh_manager/recipes/filebeat.rb @@ -20,12 +20,21 @@ end end elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') - yum_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/yum.repos.d/wazuh.repo") + if node['platform'] == 'rhel' && node['platform_version'] >= '8' + dnf_package 'filebeat' do + version "#{node['filebeat']['version']}" + only_if do + File.exists?("/etc/yum.repos.d/wazuh.repo") + end end - end + else + yum_package 'filebeat' do + version "#{node['filebeat']['version']}" + only_if do + File.exists?("/etc/yum.repos.d/wazuh.repo") + end + end + end elsif platform_family?('suse') yum_package 'filebeat' do version "#{node['filebeat']['version']}" @@ -38,35 +47,33 @@ end # Edit the file /etc/filebeat/filebeat.yml -=begin + template node['filebeat']['config_path'] do source 'filebeat.yml.erb' owner 'root' group 'root' mode '0640' - variables(output_elasticsearch_hosts: "hosts: [\"#{node['filebeat']['elasticsearch_server_ip']}:#{node['filebeat']['elasticsearch_server_port']}\"]") + variables( + output_elasticsearch_hosts: node['filebeat']['yml']['output_elasticsearch_hosts'], + output_elasticsearch_protocol: node['filebeat']['yml']['output_elasticsearch_protocol'], + output_elasticsearch_username: node['filebeat']['yml']['output_elasticsearch_username'], + output_elasticsearch_password: node['filebeat']['yml']['output_elasticsearch_password'], + ssl_certificate_authorities: node['filebeat']['yml']['ssl_certificate_authorities'], + ssl_certificate: node['filebeat']['yml']['ssl_certificate'], + ssl_key: node['filebeat']['yml']['ssl_key'], + setup_template_json_enabled: node['filebeat']['yml']['setup_template_json_enabled'], + setup_template_json_path: node['filebeat']['yml']['setup_template_json_path'], + setup_template_json_name: node['filebeat']['yml']['setup_template_json_name'], + setup_ilm_overwrite: node['filebeat']['yml']['setup_ilm_overwrite'], + setup_ilm_enabled: node['filebeat']['yml']['setup_ilm_enabled'], + filebeat_modules_module: node['filebeat']['yml']['filebeat_modules_module'], + filebeat_modules_alerts_enabled: node['filebeat']['yml']['filebeat_modules_alerts_enabled'], + filebeat_modules_archives_enabled: node['filebeat']['yml']['filebeat_modules_archives_enabled'] + ) end -yaml_file "#{node['filebeat']['config_path']}" do - owner 'root' - group 'root' - mode '0640' - content node['filebeat']['yml'] -end -=end -file "#{node['filebeat']['config_path']}" do - owner 'root' - group 'root' - mode '0640' - - content lazy { - {node['filebeat']['yml']}.to_yaml - } - -end - - # Download the alerts template for Elasticsearch: + remote_file "/etc/filebeat/#{node['filebeat']['wazuh_template']}" do source "https://raw.githubusercontent.com/wazuh/wazuh/#{node['wazuh']['version']}/extensions/elasticsearch/#{node['elastic']['version']}/#{node['filebeat']['wazuh_template']}" owner "root" diff --git a/cookbooks/wazuh_manager/recipes/manager.rb b/cookbooks/wazuh_manager/recipes/manager.rb index 8d6cd611..0f4a4d98 100644 --- a/cookbooks/wazuh_manager/recipes/manager.rb +++ b/cookbooks/wazuh_manager/recipes/manager.rb @@ -24,8 +24,14 @@ version "#{node['wazuh-manager']['version']}-1" end elsif platform_family?('redhat', 'rhel','centos', 'amazon') - yum_package 'wazuh-manager' do - version "#{node['wazuh-manager']['version']}-1" + if node['platform'] == 'rhel' && node['platform_version'] >= '8' + dnf_package 'wazuh-manager' do + version "#{node['wazuh-manager']['version']}-1" + end + else + yum_package 'wazuh-manager' do + version "#{node['wazuh-manager']['version']}-1" + end end elsif platform_family?('suse') zypper_package 'wazuh-manager' do diff --git a/cookbooks/wazuh_manager/recipes/prerequisites.rb b/cookbooks/wazuh_manager/recipes/prerequisites.rb index 4bae9830..0745329d 100644 --- a/cookbooks/wazuh_manager/recipes/prerequisites.rb +++ b/cookbooks/wazuh_manager/recipes/prerequisites.rb @@ -12,11 +12,14 @@ apt_package %w(curl apt-transport-https) elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') - yum_package 'curl' - + if node['platform'] == 'rhel' && node['platform_version'] >= '8' + dnf_package 'curl' + else + yum_package 'curl' + end elsif platform_family?('suse') zypper_package 'curl' - + else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end From d2a2b87bccb4a27b9fa790375ad7c75295def54c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 19 Nov 2020 17:12:48 +0100 Subject: [PATCH 007/260] Add version attribute --- cookbooks/wazuh_manager/recipes/repository.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cookbooks/wazuh_manager/recipes/repository.rb b/cookbooks/wazuh_manager/recipes/repository.rb index bc106726..c1c5b544 100644 --- a/cookbooks/wazuh_manager/recipes/repository.rb +++ b/cookbooks/wazuh_manager/recipes/repository.rb @@ -28,7 +28,7 @@ apt_repository 'wazuh' do key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - uri 'http://packages.wazuh.com/4.x/apt/' + uri "http://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/apt/" components ['main'] distribution 'stable' action :add @@ -41,7 +41,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl 'https://packages.wazuh.com/4.x/yum' + baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum" action :create end elsif platform_family?('suse') @@ -50,7 +50,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl 'https://packages.wazuh.com/4.x/yum' + baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum" action :create end else From 140b39be7dfaf26af195dfa6d7d330aef9fecd46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 19 Nov 2020 17:13:12 +0100 Subject: [PATCH 008/260] Customize templates --- .../templates/default/api.yaml.erb | 22 +++++++----- .../templates/default/filebeat.yml.erb | 34 +++++++++++-------- 2 files changed, 33 insertions(+), 23 deletions(-) diff --git a/cookbooks/wazuh_manager/templates/default/api.yaml.erb b/cookbooks/wazuh_manager/templates/default/api.yaml.erb index 2d923afa..0edecabe 100644 --- a/cookbooks/wazuh_manager/templates/default/api.yaml.erb +++ b/cookbooks/wazuh_manager/templates/default/api.yaml.erb @@ -2,10 +2,15 @@ <%= @bind_addr %> <%= @port %> - # Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no +<%= @behind_proxy_server %> +# Force the use of authd when adding and removing agents. Values: yes, no +<%= @use_only_authd %> +# Drop privileges (Run as ossec user) +<%= @drop_privileges %> +# Enable features under development +<%= @experimental_features %> -<%= @behind_proxy_server %> #Advanced configuration https: @@ -17,29 +22,30 @@ https: # Logging configuration # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). + logs: <%= @logging_level %> <%= @logging_path %> + # Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage + cors: <%= @cors_enabled %> <%= @cors_source_route %> <%= @cors_expose_headers %> <%= @cors_allow_headers %> <%= @cors_allow_credentials %> + # Cache (time in seconds) + cache: <%= @cache_enabled %> <%= @cache_time %> + # Access parameters + access: <%= @access_max_login_attempts %> <%= @access_block_time %> <%= @access_max_request_per_minute %> -# Force the use of authd when adding and removing agents. Values: yes, no -<%= @use_only_authd %> -# Drop privileges (Run as ossec user) -<%= @drop_privileges %> -# Enable features under development -<%= @experimental_features %> \ No newline at end of file diff --git a/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb b/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb index 35780086..480747dc 100644 --- a/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb +++ b/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb @@ -1,22 +1,26 @@ # Wazuh - Filebeat configuration file output.elasticsearch: - hosts: [<%= @output_elasticsearch_hosts %>] - protocol: [<%= @output_elasticsearch_protocol %>] - username: [<%= @output_elasticsearch_username %>] - password: [<%= @output_elasticsearch_password %>] + hosts: [ + <% @output_elasticsearch_hosts.each do |ip, port| -%> + "<%= ip %>:<%= port %>", + <% end -%> + ] + protocol: <%= @output_elasticsearch_protocol %> + username: <%= @output_elasticsearch_username %> + password: <%= @output_elasticsearch_password %> ssl.certificate_authorities: - - [<%= @ssl_certificate_authorities %>] - ssl.certificate: [<%= @ssl_certificate %>] - ssl.key: [<%= @ssl_key %>] -setup.template.json.enabled: [<%= @setup_template_json_enabled %>] -setup.template.json.path: [<%= @setup_template_json_path %>] -setup.template.json.name: [<%= @setup_template_json_name %>] -setup.ilm.overwrite: [<%= @setup_ilm_overwrite %>] -setup.ilm.enabled: [<%= @setup_ilm_enabled %>] + - <%= @ssl_certificate_authorities %> + ssl.certificate: <%= @ssl_certificate %> + ssl.key: <%= @ssl_key %> +setup.template.json.enabled: <%= @setup_template_json_enabled %> +setup.template.json.path: <%= @setup_template_json_path %> +setup.template.json.name: <%= @setup_template_json_name %> +setup.ilm.overwrite: <%= @setup_ilm_overwrite %> +setup.ilm.enabled: <%= @setup_ilm_enabled %> filebeat.modules: - - module: [<%= @filebeat_modules_module %>] + - module: <%= @filebeat_modules_module %> alerts: - enabled: [<%= @filebeat_modules_alerts_enabled %>] + enabled: <%= @filebeat_modules_alerts_enabled %> archives: - enabled: [<%= @filebeat_modules_module %>] + enabled: <%= @filebeat_modules_archives_enabled %> From 19d5ae6049e868c42dd703cc007e148acc312b23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 19 Nov 2020 17:28:42 +0100 Subject: [PATCH 009/260] Modified CHANGELOG.md --- cookbooks/wazuh_manager/CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cookbooks/wazuh_manager/CHANGELOG.md b/cookbooks/wazuh_manager/CHANGELOG.md index 907a53a7..c606efc4 100644 --- a/cookbooks/wazuh_manager/CHANGELOG.md +++ b/cookbooks/wazuh_manager/CHANGELOG.md @@ -1,3 +1,5 @@ +## v0.1.1 +1. Included filebeat into manager cookbook ## v0.1.0 1. Bump to wazuh 4.0.1 version 2. Added suse repository From c8e30c63eb756347c7787694df981759c54ed3bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 19 Nov 2020 17:29:27 +0100 Subject: [PATCH 010/260] Update README.md --- cookbooks/wazuh_manager/README.md | 46 +++++++++++++++++-------------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/cookbooks/wazuh_manager/README.md b/cookbooks/wazuh_manager/README.md index 520e9906..d4ac1e44 100644 --- a/cookbooks/wazuh_manager/README.md +++ b/cookbooks/wazuh_manager/README.md @@ -1,21 +1,27 @@ -# Wazuh Manager cookbook +# Wazuh Server cookbook -This cookbook installs and configure Wazuh Manager and API on specified nodes. +This cookbook installs and configure Wazuh Manager, API and Filebeat on specified nodes. -### Attributes +### Attributes -The ``attributes`` folder contains all the default configuration files in order to generate ossec.conf file. +* ``filebeat.rb`` contains configuration variables and filebeat.yml content +* ``versions.rb`` contains version attributes to make it easier when it comes to bump version +* The rest of files contains all the default configuration files in order to generate ossec.conf -Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. + +Check ['Filebeat section'](https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/filebeat/7.x/filebeat.yml) to see an example of Filebeat configuration. + +Check ['ossec.conf'](https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/) documentation +to see all configuration sections. ### Installation -Create a role, `wazuh_manager`. Add attributes per above as needed to customize the installation. +Create a role, `wazuh_server`. Add attributes per above as needed to customize the installation. ``` { - "name": "wazuh_manager", - "description": "Wazuh Manager host", + "name": "wazuh_server", + "description": "Wazuh Server host", "json_class": "Chef::Role", "default_attributes": { @@ -25,7 +31,7 @@ Create a role, `wazuh_manager`. Add attributes per above as needed to customize }, "chef_type": "role", "run_list": [ - "recipe[wazuh::manager]" + "recipe[wazuh_server::default]" ], "env_run_lists": { @@ -35,12 +41,10 @@ Create a role, `wazuh_manager`. Add attributes per above as needed to customize If you want to build a Wazuh cluster, you need to create two roles, one role for the **Master** and another one for **Client**: -**Note**: This Chef cookbook only brings compatibility with **CentOS 7**, we are working on add more distributions soon. - ``` { - "name": "wazuh_manager_master", - "description": "Wazuh Manager master node", + "name": "wazuh_server_master", + "description": "Wazuh Server master node", "json_class": "Chef::Role", "default_attributes": { @@ -63,15 +67,15 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for }, "chef_type": "role", "run_list": [ - "recipe[wazuh::manager]" + "recipe[wazuh_server::default]" ], "env_run_lists": { } } { - "name": "wazuh_manager_client", - "description": "Wazuh Manager client node", + "name": "wazuh_server_client", + "description": "Wazuh Server client node", "json_class": "Chef::Role", "default_attributes": { @@ -94,7 +98,7 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for }, "chef_type": "role", "run_list": [ - "recipe[wazuh::manager]" + "recipe[wazuh_server::default]" ], "env_run_lists": { @@ -102,7 +106,7 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for } ``` -Check cluster documentation for more details: +Check [cluster documentation](https://documentation.wazuh.com/4.0/user-manual/configuring-cluster/index.html) for more details ### Recipes @@ -110,6 +114,9 @@ Check cluster documentation for more details: Date: Fri, 20 Nov 2020 11:21:13 +0100 Subject: [PATCH 011/260] Change cookbook name wazuh_manager to wazuh_server --- cookbooks/wazuh_filebeat/.gitignore | 16 ---- cookbooks/wazuh_filebeat/.kitchen.yml | 29 ------ cookbooks/wazuh_filebeat/Berksfile | 7 -- cookbooks/wazuh_filebeat/CHANGELOG.md | 10 -- cookbooks/wazuh_filebeat/README.md | 66 ------------- .../wazuh_filebeat/attributes/default.rb | 13 --- .../wazuh_filebeat/attributes/versions.rb | 5 - cookbooks/wazuh_filebeat/chefignore | 95 ------------------- .../wazuh_filebeat/libraries/matchers.rb | 0 cookbooks/wazuh_filebeat/metadata.rb | 13 --- cookbooks/wazuh_filebeat/providers/default.rb | 0 cookbooks/wazuh_filebeat/recipes/default.rb | 6 -- cookbooks/wazuh_filebeat/recipes/filebeat.rb | 68 ------------- cookbooks/wazuh_filebeat/resources/default.rb | 0 .../spec/unit/recipes/default_spec.rb | 45 --------- .../templates/default/filebeat.yml.erb | 22 ----- .../wazuh_secrets/logstash_certificate.json | 9 -- .../data_bags/wazuh_secrets_delete/api.json | 15 --- .../logstash_certificate.json | 9 -- .../test/environments/development.json | 16 ---- .../test/environments/production.json | 16 ---- .../default/data_bags/wazuh_secrets/api.json | 15 --- .../wazuh_secrets/logstash_certificate.json | 9 -- .../data_bags/wazuh_secrets_delete/api.json | 15 --- .../logstash_certificate.json | 9 -- .../default/encrypted_data_bag_secret | 1 - cookbooks/wazuh_manager/spec/spec_helper.rb | 20 ---- .../test/data_bags/wazuh_secrets/api.json | 15 --- .../.gitignore | 0 .../.kitchen.yml | 36 ++++++- .../{wazuh_manager => wazuh_server}/.rspec | 0 .../.rubocop.yml | 0 .../{wazuh_manager => wazuh_server}/Berksfile | 3 +- .../CHANGELOG.md | 1 + .../CONTRIBUTING.md | 0 .../{wazuh_manager => wazuh_server}/Gemfile | 0 .../{wazuh_manager => wazuh_server}/LICENSE | 0 .../{wazuh_manager => wazuh_server}/README.md | 0 .../{wazuh_manager => wazuh_server}/Rakefile | 0 .../TESTING.md | 0 .../attributes/agent_conf.rb | 0 .../attributes/alerts.rb | 0 .../attributes/api.rb | 0 .../attributes/auth.rb | 0 .../attributes/cluster.rb | 0 .../attributes/command.rb | 0 .../attributes/default.rb | 0 .../attributes/filebeat.rb | 0 .../attributes/global.rb | 0 .../attributes/localfile.rb | 0 .../attributes/logging.rb | 0 .../attributes/remote.rb | 0 .../attributes/rootcheck.rb | 0 .../attributes/ruleset.rb | 0 .../attributes/sca.rb | 0 .../attributes/syscheck.rb | 0 .../attributes/versions.rb | 0 .../attributes/vulnerability-detector.rb | 0 .../attributes/wodle.rb | 0 .../chefignore | 0 .../libraries/helpers.rb | 0 .../metadata.rb | 20 ++-- .../recipes/common.rb | 0 .../recipes/default.rb | 0 .../recipes/filebeat.rb | 4 +- .../recipes/manager.rb | 4 +- .../recipes/prerequisites.rb | 4 +- .../recipes/repository.rb | 0 .../spec/spec_helper.rb | 0 .../spec/unit/recipes/backups_spec.rb | 0 .../spec/unit/recipes/common_spec.rb | 0 .../spec/unit/recipes/manager_spec.rb | 0 .../spec/unit/recipes/wazuhapi_spec.rb | 0 .../templates/default/api.yaml.erb | 0 .../templates/default/filebeat.yml.erb | 0 .../default/ossec_local_decoder.xml.erb | 0 .../default/ossec_local_rules.xml.erb | 0 .../etc/manager_local_internal_options.conf | 0 .../test/data_bags/wazuh_secrets/api.json | 0 .../wazuh_secrets/logstash_certificate.json | 0 .../data_bags/wazuh_secrets/test_data_bag_key | 0 .../test/environments/development-client.json | 0 .../test/environments/development-master.json | 0 .../test/environments/development.json | 0 .../test/environments/production.json | 0 .../serverspec/agent_spec.rb | 0 .../agent-production/serverspec/agent_spec.rb | 0 .../default/encrypted_data_bag_secret | 0 .../default/serverspec/default_spec.rb | 0 .../elk-development/serverspec/elk_spec.rb | 0 .../helpers/serverspec/common_agent_tests.rb | 0 .../serverspec/common_manager_tests.rb | 0 .../helpers/serverspec/common_ossec_tests.rb | 0 .../helpers/serverspec/spec_helper.rb | 0 .../serverspec/manager_spec.rb | 0 .../serverspec/manager_spec.rb | 0 .../{wazuh_manager.json => wazuh_server.json} | 6 +- 97 files changed, 50 insertions(+), 572 deletions(-) delete mode 100644 cookbooks/wazuh_filebeat/.gitignore delete mode 100644 cookbooks/wazuh_filebeat/.kitchen.yml delete mode 100644 cookbooks/wazuh_filebeat/Berksfile delete mode 100644 cookbooks/wazuh_filebeat/CHANGELOG.md delete mode 100644 cookbooks/wazuh_filebeat/README.md delete mode 100644 cookbooks/wazuh_filebeat/attributes/default.rb delete mode 100644 cookbooks/wazuh_filebeat/attributes/versions.rb delete mode 100644 cookbooks/wazuh_filebeat/chefignore delete mode 100644 cookbooks/wazuh_filebeat/libraries/matchers.rb delete mode 100644 cookbooks/wazuh_filebeat/metadata.rb delete mode 100644 cookbooks/wazuh_filebeat/providers/default.rb delete mode 100644 cookbooks/wazuh_filebeat/recipes/default.rb delete mode 100644 cookbooks/wazuh_filebeat/recipes/filebeat.rb delete mode 100644 cookbooks/wazuh_filebeat/resources/default.rb delete mode 100644 cookbooks/wazuh_filebeat/spec/unit/recipes/default_spec.rb delete mode 100644 cookbooks/wazuh_filebeat/templates/default/filebeat.yml.erb delete mode 100644 cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/api.json delete mode 100644 cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json delete mode 100644 cookbooks/wazuh_filebeat/test/environments/development.json delete mode 100644 cookbooks/wazuh_filebeat/test/environments/production.json delete mode 100644 cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json delete mode 100644 cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json delete mode 100644 cookbooks/wazuh_filebeat/test/integration/default/encrypted_data_bag_secret delete mode 100644 cookbooks/wazuh_manager/spec/spec_helper.rb delete mode 100644 cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json rename cookbooks/{wazuh_manager => wazuh_server}/.gitignore (100%) rename cookbooks/{wazuh_manager => wazuh_server}/.kitchen.yml (77%) rename cookbooks/{wazuh_manager => wazuh_server}/.rspec (100%) rename cookbooks/{wazuh_manager => wazuh_server}/.rubocop.yml (100%) rename cookbooks/{wazuh_manager => wazuh_server}/Berksfile (81%) rename cookbooks/{wazuh_manager => wazuh_server}/CHANGELOG.md (81%) rename cookbooks/{wazuh_manager => wazuh_server}/CONTRIBUTING.md (100%) rename cookbooks/{wazuh_manager => wazuh_server}/Gemfile (100%) rename cookbooks/{wazuh_manager => wazuh_server}/LICENSE (100%) rename cookbooks/{wazuh_manager => wazuh_server}/README.md (100%) rename cookbooks/{wazuh_manager => wazuh_server}/Rakefile (100%) rename cookbooks/{wazuh_manager => wazuh_server}/TESTING.md (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/agent_conf.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/alerts.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/api.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/auth.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/cluster.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/command.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/default.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/filebeat.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/global.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/localfile.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/logging.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/remote.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/rootcheck.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/ruleset.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/sca.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/syscheck.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/versions.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/vulnerability-detector.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/attributes/wodle.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/chefignore (100%) rename cookbooks/{wazuh_manager => wazuh_server}/libraries/helpers.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/metadata.rb (74%) rename cookbooks/{wazuh_manager => wazuh_server}/recipes/common.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/recipes/default.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/recipes/filebeat.rb (96%) rename cookbooks/{wazuh_manager => wazuh_server}/recipes/manager.rb (97%) rename cookbooks/{wazuh_manager => wazuh_server}/recipes/prerequisites.rb (82%) rename cookbooks/{wazuh_manager => wazuh_server}/recipes/repository.rb (100%) rename cookbooks/{wazuh_filebeat => wazuh_server}/spec/spec_helper.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/spec/unit/recipes/backups_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/spec/unit/recipes/common_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/spec/unit/recipes/manager_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/spec/unit/recipes/wazuhapi_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/templates/default/api.yaml.erb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/templates/default/filebeat.yml.erb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/templates/default/ossec_local_decoder.xml.erb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/templates/default/ossec_local_rules.xml.erb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/templates/var/ossec/etc/manager_local_internal_options.conf (100%) rename cookbooks/{wazuh_filebeat => wazuh_server}/test/data_bags/wazuh_secrets/api.json (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/data_bags/wazuh_secrets/logstash_certificate.json (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/data_bags/wazuh_secrets/test_data_bag_key (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/environments/development-client.json (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/environments/development-master.json (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/environments/development.json (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/environments/production.json (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/agent-development/serverspec/agent_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/agent-production/serverspec/agent_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/default/encrypted_data_bag_secret (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/default/serverspec/default_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/elk-development/serverspec/elk_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/helpers/serverspec/common_agent_tests.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/helpers/serverspec/common_manager_tests.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/helpers/serverspec/common_ossec_tests.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/helpers/serverspec/spec_helper.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/manager-development/serverspec/manager_spec.rb (100%) rename cookbooks/{wazuh_manager => wazuh_server}/test/integration/manager-production/serverspec/manager_spec.rb (100%) rename roles/{wazuh_manager.json => wazuh_server.json} (63%) diff --git a/cookbooks/wazuh_filebeat/.gitignore b/cookbooks/wazuh_filebeat/.gitignore deleted file mode 100644 index ec2a890b..00000000 --- a/cookbooks/wazuh_filebeat/.gitignore +++ /dev/null @@ -1,16 +0,0 @@ -.vagrant -Berksfile.lock -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ - -# Bundler -Gemfile.lock -bin/* -.bundle/* - -.kitchen/ -.kitchen.local.yml diff --git a/cookbooks/wazuh_filebeat/.kitchen.yml b/cookbooks/wazuh_filebeat/.kitchen.yml deleted file mode 100644 index fdaf9828..00000000 --- a/cookbooks/wazuh_filebeat/.kitchen.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -driver: - name: vagrant - driver_config: - require_chef_omnibus: latest - -provisioner: - name: chef_zero - environments_path: "../../environments" - data_bags_path: "../../data_bags" - encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret" - -platforms: - - name: ubuntu-12.04 - run_list: apt::default - - name: ubuntu-14.04 - run_list: apt::default -suites: - - name: default - driver: - network: - - ["private_network", {ip: "172.17.10.10"}] - run_list: - - recipe[wazuh_filebeat::default] - attributes: - vagrant: - provisioner: - client_rb: - environment: development diff --git a/cookbooks/wazuh_filebeat/Berksfile b/cookbooks/wazuh_filebeat/Berksfile deleted file mode 100644 index 15a237d0..00000000 --- a/cookbooks/wazuh_filebeat/Berksfile +++ /dev/null @@ -1,7 +0,0 @@ -source 'https://supermarket.chef.io' - -metadata - -group :integration do - cookbook 'apt' -end diff --git a/cookbooks/wazuh_filebeat/CHANGELOG.md b/cookbooks/wazuh_filebeat/CHANGELOG.md deleted file mode 100644 index 4b9aee97..00000000 --- a/cookbooks/wazuh_filebeat/CHANGELOG.md +++ /dev/null @@ -1,10 +0,0 @@ -## v0.1.0 -1. Bump to filebeat OSS 7.9.1 -2. Remove repository.rb since it is useless. To install filebeat, you need first to install first -wazuh manager in the same node. Filebeat use the same URI and GPG KEY repository as the latter -to install the package -3. Added suse repository - -*Note*: in future version, filebeat will be included into wazuh-manager cookbook - -* Initial/current release diff --git a/cookbooks/wazuh_filebeat/README.md b/cookbooks/wazuh_filebeat/README.md deleted file mode 100644 index 08ab5b1a..00000000 --- a/cookbooks/wazuh_filebeat/README.md +++ /dev/null @@ -1,66 +0,0 @@ -# Filebeat cookbook - -## Description -This cookbook installs and configures Filebeat in order on the specified node. - -#### Chef -- Chef 12+ - -#### Cookbooks -- apt -- yum - -Attributes ----------- - -Default configuration is defined in ```/attributes/default.rb``` and contains needed parameters to configure the ```filebeat.yml``` file. Check ['Filebeat section'](https://raw.githubusercontent.com/wazuh/wazuh/3.9/extensions/filebeat/filebeat.yml) to see an example of Filebeat configuration. - -## Installation - -Create a role, wazuh_filebeat. Add attributes per above as needed to customize the installation. - - - -``` - { - "name": "wazuh_filebeat", - "description": "Wazuh Manager host", - "json_class": "Chef::Role", - "default_attributes": { - - }, - "override_attributes": { - - }, - "chef_type": "role", - "run_list": [ - "recipe[wazuh_filebeat::filebeat]" - ], - "env_run_lists": { - - } - } -``` - -Default attributes are: - -* `node['filebeat']['package_name']` - Package name -* `node['filebeat']['service_name']` - Service name -* `node['filebeat']['timeout'] ` - Seconds until the timeout -* `node['filebeat']['config_path'] ` - Certificate path. -* `node['filebeat']['ssl_ca'] ` - SSL path. - -Recipes -------- - -#### default.rb - -This recipe imports and executes the recipe *wazuh_filebeat::filebeat* - -#### filebeat.rb - -Install the package Filebeats, create the configuration of */etc/filebeat/filebeat.yml* with defined attributes in the ```attributes``` folder. - -## References - -Check [Wazuh Filebeat Documentation](https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/wazuh-cluster/wazuh_single_node_cluster.html#installing-filebeat) for more information about Wazuh and Filebeat. \ No newline at end of file diff --git a/cookbooks/wazuh_filebeat/attributes/default.rb b/cookbooks/wazuh_filebeat/attributes/default.rb deleted file mode 100644 index 144d3fd9..00000000 --- a/cookbooks/wazuh_filebeat/attributes/default.rb +++ /dev/null @@ -1,13 +0,0 @@ -# -# Cookbook Name:: filebeat -# Attribute:: default -# Author:: Wazuh -# -# -# -default['filebeat']['package_name'] = 'filebeat' -default['filebeat']['service_name'] = 'filebeat' -default['filebeat']['elasticsearch_server_ip'] = '0.0.0.0' -default['filebeat']['timeout'] = 15 -default['filebeat']['config_path'] = '/etc/filebeat/filebeat.yml' -default['filebeat']['elasticsearch_server_port'] = 9200 diff --git a/cookbooks/wazuh_filebeat/attributes/versions.rb b/cookbooks/wazuh_filebeat/attributes/versions.rb deleted file mode 100644 index 9eb33dd4..00000000 --- a/cookbooks/wazuh_filebeat/attributes/versions.rb +++ /dev/null @@ -1,5 +0,0 @@ -default['filebeat']['version'] = "7.9.1" -default['filebeat']['elastic_stack_version'] = "7.9.1" -default['filebeat']['wazuh_app_version'] = "4.0.1_7.9.1" -default['filebeat']['extensions_version'] = "v4.0.1" -default['filebeat']['wazuh_filebeat_module'] = "wazuh-filebeat-0.1.tar.gz" diff --git a/cookbooks/wazuh_filebeat/chefignore b/cookbooks/wazuh_filebeat/chefignore deleted file mode 100644 index 80dc2d20..00000000 --- a/cookbooks/wazuh_filebeat/chefignore +++ /dev/null @@ -1,95 +0,0 @@ -# Put files/directories that should be ignored in this file when uploading -# or sharing to the community site. -# Lines that start with '# ' are comments. - -# OS generated files # -###################### -.DS_Store -Icon? -nohup.out -ehthumbs.db -Thumbs.db - -# SASS # -######## -.sass-cache - -# EDITORS # -########### -\#* -.#* -*~ -*.sw[a-z] -*.bak -REVISION -TAGS* -tmtags -*_flymake.* -*_flymake -*.tmproj -.project -.settings -mkmf.log - -## COMPILED ## -############## -a.out -*.o -*.pyc -*.so -*.com -*.class -*.dll -*.exe -*/rdoc/ - -# Testing # -########### -.watchr -.rspec -spec/* -spec/fixtures/* -test/* -features/* -Guardfile -Procfile - -# SCM # -####### -.git -*/.git -.gitignore -.gitmodules -.gitconfig -.gitattributes -.svn -*/.bzr/* -*/.hg/* -*/.svn/* - -# Berkshelf # -############# -Berksfile -Berksfile.lock -cookbooks/* -tmp - -# Cookbooks # -############# -CONTRIBUTING - -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer - -# Vagrant # -########### -.vagrant -Vagrantfile - -# Travis # -########## -.travis.yml diff --git a/cookbooks/wazuh_filebeat/libraries/matchers.rb b/cookbooks/wazuh_filebeat/libraries/matchers.rb deleted file mode 100644 index e69de29b..00000000 diff --git a/cookbooks/wazuh_filebeat/metadata.rb b/cookbooks/wazuh_filebeat/metadata.rb deleted file mode 100644 index e66a1364..00000000 --- a/cookbooks/wazuh_filebeat/metadata.rb +++ /dev/null @@ -1,13 +0,0 @@ -name 'wazuh_filebeat' -maintainer 'Wazuh' -maintainer_email 'info@wazuh.com' -license 'Apache 2.0' -description 'Installs and configures filebeat' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '0.1.0' - - -supports 'debian' -supports 'ubuntu' - -depends 'apt' diff --git a/cookbooks/wazuh_filebeat/providers/default.rb b/cookbooks/wazuh_filebeat/providers/default.rb deleted file mode 100644 index e69de29b..00000000 diff --git a/cookbooks/wazuh_filebeat/recipes/default.rb b/cookbooks/wazuh_filebeat/recipes/default.rb deleted file mode 100644 index 71e44442..00000000 --- a/cookbooks/wazuh_filebeat/recipes/default.rb +++ /dev/null @@ -1,6 +0,0 @@ -# -# Cookbook Name:: filebeat -# Recipe:: default -# Author:: Wazuh - -include_recipe 'wazuh_filebeat::filebeat' diff --git a/cookbooks/wazuh_filebeat/recipes/filebeat.rb b/cookbooks/wazuh_filebeat/recipes/filebeat.rb deleted file mode 100644 index 40b4fe78..00000000 --- a/cookbooks/wazuh_filebeat/recipes/filebeat.rb +++ /dev/null @@ -1,68 +0,0 @@ -# -# Cookbook Name:: filebeat -# Recipe:: default -# Author:: Wazuh - -# Install Filebeat package - -if platform_family?('debian','ubuntu') - package 'lsb-release' - ohai 'reload lsb' do - plugin 'lsb' - # action :nothing - subscribes :reload, 'package[lsb-release]', :immediately - end - - apt_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/apt/sources.list.d/wazuh.list") - end - end -elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') - yum_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/yum.repos.d/wazuh.repo") - end - end -elsif platform_family?('suse') - yum_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/zypp/repos.d/wazuh.repo") - end - end -else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" -end - -# Edit the file /etc/filebeat/filebeat.yml -template node['filebeat']['config_path'] do - source 'filebeat.yml.erb' - owner 'root' - group 'root' - mode '0640' - variables(output_elasticsearch_hosts: "hosts: [\"#{node['filebeat']['elasticsearch_server_ip']}:#{node['filebeat']['elasticsearch_server_port']}\"]") -end - -# Download the alerts template for Elasticsearch: -bash 'Download alerts template' do - code <<-EOH - curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/4.0/extensions/elasticsearch/7.x/wazuh-template.json - chmod go+r /etc/filebeat/wazuh-template.json - EOH -end - -# Download the Wazuh module for Filebeat: -bash 'Import Wazuh module for filebeat' do - code <<-EOH - curl -s "https://packages.wazuh.com/4.x/filebeat/#{node['filebeat']['wazuh_filebeat_module']}" | tar -xvz -C /usr/share/filebeat/module - EOH -end - -# Change module permission -directory '/usr/share/filebeat/module/wazuh' do - mode '0755' - recursive true -end diff --git a/cookbooks/wazuh_filebeat/resources/default.rb b/cookbooks/wazuh_filebeat/resources/default.rb deleted file mode 100644 index e69de29b..00000000 diff --git a/cookbooks/wazuh_filebeat/spec/unit/recipes/default_spec.rb b/cookbooks/wazuh_filebeat/spec/unit/recipes/default_spec.rb deleted file mode 100644 index 461ed571..00000000 --- a/cookbooks/wazuh_filebeat/spec/unit/recipes/default_spec.rb +++ /dev/null @@ -1,45 +0,0 @@ -# -# Cookbook Name:: wazuh_filebeat -# Spec:: manager -# - -require 'spec_helper' - -describe 'wazuh_filebeat::default' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( - '{"logstash_certificate": "ossec"}' - ) - end - - it 'includes the wazuh_filebeat:default recipe' do - expect(chef_run).to include_recipe 'wazuh_filebeat::default' - end - - it 'installs filebeat' do - expect(chef_run).to install_package('filebeat') - end - - it 'service restart filebeat' do - expect(chef_run).to start_service('filebeat') - end - - it 'creates template for /etc/filebeat/filebeat.yml' do - expect(chef_run).to create_template('/etc/filebeat/filebeat.yml').with( - mode: '0640', - user: 'root', - group: 'root', - source: 'filebeat.yml.erb' - ) - end - - it 'creates a file /etc/filebeat/logstash_certificate.crt' do - expect(chef_run).to create_file('/etc/filebeat/logstash_certificate.crt').with( - user: 'root', - group: 'root' - ) - end - -end diff --git a/cookbooks/wazuh_filebeat/templates/default/filebeat.yml.erb b/cookbooks/wazuh_filebeat/templates/default/filebeat.yml.erb deleted file mode 100644 index d7895ad7..00000000 --- a/cookbooks/wazuh_filebeat/templates/default/filebeat.yml.erb +++ /dev/null @@ -1,22 +0,0 @@ -# Wazuh - Filebeat configuration file -output.elasticsearch: - <%= @output_elasticsearch_hosts %> - protocol: https - username: "admin" - password: "admin" - ssl.certificate_authorities: - - /etc/filebeat/certs/root-ca.pem - ssl.certificate: "/etc/filebeat/certs/filebeat.pem" - ssl.key: "/etc/filebeat/certs/filebeat.key" -setup.template.json.enabled: true -setup.template.json.path: '/etc/filebeat/wazuh-template.json' -setup.template.json.name: 'wazuh' -setup.ilm.overwrite: true -setup.ilm.enabled: false - -filebeat.modules: - - module: wazuh - alerts: - enabled: true - archives: - enabled: false diff --git a/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/api.json b/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json b/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_filebeat/test/environments/development.json b/cookbooks/wazuh_filebeat/test/environments/development.json deleted file mode 100644 index d97c9bdb..00000000 --- a/cookbooks/wazuh_filebeat/test/environments/development.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "development", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "filebeat": { - "logstash_servers": "elk.wazuh-development.com:5000" - } - } -} diff --git a/cookbooks/wazuh_filebeat/test/environments/production.json b/cookbooks/wazuh_filebeat/test/environments/production.json deleted file mode 100644 index 28faa538..00000000 --- a/cookbooks/wazuh_filebeat/test/environments/production.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "production", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "filebeat": { - "logstash_servers": "elk.wazuh-production.com:5000" - } - } -} diff --git a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/api.json b/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json b/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json b/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/wazuh_filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_filebeat/test/integration/default/encrypted_data_bag_secret b/cookbooks/wazuh_filebeat/test/integration/default/encrypted_data_bag_secret deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/wazuh_filebeat/test/integration/default/encrypted_data_bag_secret +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/wazuh_manager/spec/spec_helper.rb b/cookbooks/wazuh_manager/spec/spec_helper.rb deleted file mode 100644 index c86adfd5..00000000 --- a/cookbooks/wazuh_manager/spec/spec_helper.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' - -RSpec.configure do |config| - # Use color in STDOUT - config.color = true - - # Use color not only in STDOUT but also in pagers and files - config.tty = true - - # Use the specified formatter - config.formatter = :documentation # :progress, :html, :textmate - - config.log_level = :error - - config.platform = 'ubuntu' - config.version = '14.04' -end - -at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_manager/.gitignore b/cookbooks/wazuh_server/.gitignore similarity index 100% rename from cookbooks/wazuh_manager/.gitignore rename to cookbooks/wazuh_server/.gitignore diff --git a/cookbooks/wazuh_manager/.kitchen.yml b/cookbooks/wazuh_server/.kitchen.yml similarity index 77% rename from cookbooks/wazuh_manager/.kitchen.yml rename to cookbooks/wazuh_server/.kitchen.yml index 3893e611..663cf721 100644 --- a/cookbooks/wazuh_manager/.kitchen.yml +++ b/cookbooks/wazuh_server/.kitchen.yml @@ -4,25 +4,53 @@ driver: provisioner: name: chef_zero + product_version: latest verifiers: name: inspec platforms: - name: ubuntu-18.04 + - name: centos-8.0 + - name: centos-7 suites: - name: wazuh-manager run_list: - - recipe[wazuh_manager::default] + - recipe[wazuh_manager::manager] driver: network: - - ["private_network", {ip: "172.17.0.100"}] + - ["private_network", {ip: "172.16.10.10"}] customize: - memory: 4096 + memory: 2048 + cpus: 1 + - name: elastic + run_list: + - recipe[wazuh_elastic::default] + driver: + network: + - ["private_network", {ip: "172.16.10.11"}] + customize: + memory: 2048 cpus: 2 - - name: odfe - name: kibana + run_list: + - recipe[wazuh_kibana::default] + driver: + network: + - ["private_network", {ip: "172.16.10.12"}] + customize: + memory: 4096 + cpus: 2 + - name: agent + run_list: + - recipe[wazuh_agent::default] + driver: + network: + - ["private_network", {ip: "172.16.10.13"}] + customize: + memory: 512 + cpus: 1 #driver: # name: vagrant diff --git a/cookbooks/wazuh_manager/.rspec b/cookbooks/wazuh_server/.rspec similarity index 100% rename from cookbooks/wazuh_manager/.rspec rename to cookbooks/wazuh_server/.rspec diff --git a/cookbooks/wazuh_manager/.rubocop.yml b/cookbooks/wazuh_server/.rubocop.yml similarity index 100% rename from cookbooks/wazuh_manager/.rubocop.yml rename to cookbooks/wazuh_server/.rubocop.yml diff --git a/cookbooks/wazuh_manager/Berksfile b/cookbooks/wazuh_server/Berksfile similarity index 81% rename from cookbooks/wazuh_manager/Berksfile rename to cookbooks/wazuh_server/Berksfile index 0471d13f..97ca84b9 100644 --- a/cookbooks/wazuh_manager/Berksfile +++ b/cookbooks/wazuh_server/Berksfile @@ -7,5 +7,4 @@ cookbook 'hostsfile' cookbook 'apt' cookbook 'yum' cookbook 'poise-python' -cookbook 'zypper' -cookbook 'yaml' \ No newline at end of file +cookbook 'zypper' \ No newline at end of file diff --git a/cookbooks/wazuh_manager/CHANGELOG.md b/cookbooks/wazuh_server/CHANGELOG.md similarity index 81% rename from cookbooks/wazuh_manager/CHANGELOG.md rename to cookbooks/wazuh_server/CHANGELOG.md index c606efc4..3b9b261a 100644 --- a/cookbooks/wazuh_manager/CHANGELOG.md +++ b/cookbooks/wazuh_server/CHANGELOG.md @@ -1,5 +1,6 @@ ## v0.1.1 1. Included filebeat into manager cookbook +2. Change cookbook name from wazuih_manager to wazuh_server ## v0.1.0 1. Bump to wazuh 4.0.1 version 2. Added suse repository diff --git a/cookbooks/wazuh_manager/CONTRIBUTING.md b/cookbooks/wazuh_server/CONTRIBUTING.md similarity index 100% rename from cookbooks/wazuh_manager/CONTRIBUTING.md rename to cookbooks/wazuh_server/CONTRIBUTING.md diff --git a/cookbooks/wazuh_manager/Gemfile b/cookbooks/wazuh_server/Gemfile similarity index 100% rename from cookbooks/wazuh_manager/Gemfile rename to cookbooks/wazuh_server/Gemfile diff --git a/cookbooks/wazuh_manager/LICENSE b/cookbooks/wazuh_server/LICENSE similarity index 100% rename from cookbooks/wazuh_manager/LICENSE rename to cookbooks/wazuh_server/LICENSE diff --git a/cookbooks/wazuh_manager/README.md b/cookbooks/wazuh_server/README.md similarity index 100% rename from cookbooks/wazuh_manager/README.md rename to cookbooks/wazuh_server/README.md diff --git a/cookbooks/wazuh_manager/Rakefile b/cookbooks/wazuh_server/Rakefile similarity index 100% rename from cookbooks/wazuh_manager/Rakefile rename to cookbooks/wazuh_server/Rakefile diff --git a/cookbooks/wazuh_manager/TESTING.md b/cookbooks/wazuh_server/TESTING.md similarity index 100% rename from cookbooks/wazuh_manager/TESTING.md rename to cookbooks/wazuh_server/TESTING.md diff --git a/cookbooks/wazuh_manager/attributes/agent_conf.rb b/cookbooks/wazuh_server/attributes/agent_conf.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/agent_conf.rb rename to cookbooks/wazuh_server/attributes/agent_conf.rb diff --git a/cookbooks/wazuh_manager/attributes/alerts.rb b/cookbooks/wazuh_server/attributes/alerts.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/alerts.rb rename to cookbooks/wazuh_server/attributes/alerts.rb diff --git a/cookbooks/wazuh_manager/attributes/api.rb b/cookbooks/wazuh_server/attributes/api.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/api.rb rename to cookbooks/wazuh_server/attributes/api.rb diff --git a/cookbooks/wazuh_manager/attributes/auth.rb b/cookbooks/wazuh_server/attributes/auth.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/auth.rb rename to cookbooks/wazuh_server/attributes/auth.rb diff --git a/cookbooks/wazuh_manager/attributes/cluster.rb b/cookbooks/wazuh_server/attributes/cluster.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/cluster.rb rename to cookbooks/wazuh_server/attributes/cluster.rb diff --git a/cookbooks/wazuh_manager/attributes/command.rb b/cookbooks/wazuh_server/attributes/command.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/command.rb rename to cookbooks/wazuh_server/attributes/command.rb diff --git a/cookbooks/wazuh_manager/attributes/default.rb b/cookbooks/wazuh_server/attributes/default.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/default.rb rename to cookbooks/wazuh_server/attributes/default.rb diff --git a/cookbooks/wazuh_manager/attributes/filebeat.rb b/cookbooks/wazuh_server/attributes/filebeat.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/filebeat.rb rename to cookbooks/wazuh_server/attributes/filebeat.rb diff --git a/cookbooks/wazuh_manager/attributes/global.rb b/cookbooks/wazuh_server/attributes/global.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/global.rb rename to cookbooks/wazuh_server/attributes/global.rb diff --git a/cookbooks/wazuh_manager/attributes/localfile.rb b/cookbooks/wazuh_server/attributes/localfile.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/localfile.rb rename to cookbooks/wazuh_server/attributes/localfile.rb diff --git a/cookbooks/wazuh_manager/attributes/logging.rb b/cookbooks/wazuh_server/attributes/logging.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/logging.rb rename to cookbooks/wazuh_server/attributes/logging.rb diff --git a/cookbooks/wazuh_manager/attributes/remote.rb b/cookbooks/wazuh_server/attributes/remote.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/remote.rb rename to cookbooks/wazuh_server/attributes/remote.rb diff --git a/cookbooks/wazuh_manager/attributes/rootcheck.rb b/cookbooks/wazuh_server/attributes/rootcheck.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/rootcheck.rb rename to cookbooks/wazuh_server/attributes/rootcheck.rb diff --git a/cookbooks/wazuh_manager/attributes/ruleset.rb b/cookbooks/wazuh_server/attributes/ruleset.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/ruleset.rb rename to cookbooks/wazuh_server/attributes/ruleset.rb diff --git a/cookbooks/wazuh_manager/attributes/sca.rb b/cookbooks/wazuh_server/attributes/sca.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/sca.rb rename to cookbooks/wazuh_server/attributes/sca.rb diff --git a/cookbooks/wazuh_manager/attributes/syscheck.rb b/cookbooks/wazuh_server/attributes/syscheck.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/syscheck.rb rename to cookbooks/wazuh_server/attributes/syscheck.rb diff --git a/cookbooks/wazuh_manager/attributes/versions.rb b/cookbooks/wazuh_server/attributes/versions.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/versions.rb rename to cookbooks/wazuh_server/attributes/versions.rb diff --git a/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb b/cookbooks/wazuh_server/attributes/vulnerability-detector.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/vulnerability-detector.rb rename to cookbooks/wazuh_server/attributes/vulnerability-detector.rb diff --git a/cookbooks/wazuh_manager/attributes/wodle.rb b/cookbooks/wazuh_server/attributes/wodle.rb similarity index 100% rename from cookbooks/wazuh_manager/attributes/wodle.rb rename to cookbooks/wazuh_server/attributes/wodle.rb diff --git a/cookbooks/wazuh_manager/chefignore b/cookbooks/wazuh_server/chefignore similarity index 100% rename from cookbooks/wazuh_manager/chefignore rename to cookbooks/wazuh_server/chefignore diff --git a/cookbooks/wazuh_manager/libraries/helpers.rb b/cookbooks/wazuh_server/libraries/helpers.rb similarity index 100% rename from cookbooks/wazuh_manager/libraries/helpers.rb rename to cookbooks/wazuh_server/libraries/helpers.rb diff --git a/cookbooks/wazuh_manager/metadata.rb b/cookbooks/wazuh_server/metadata.rb similarity index 74% rename from cookbooks/wazuh_manager/metadata.rb rename to cookbooks/wazuh_server/metadata.rb index 0fd3f9f2..8afb3bc2 100644 --- a/cookbooks/wazuh_manager/metadata.rb +++ b/cookbooks/wazuh_server/metadata.rb @@ -4,25 +4,19 @@ license 'Apache 2.0' description 'Installs and onfigures ossec' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '0.1.0' +version '0.1.1' %w(redhat centos oracle).each do |el| supports el, '>= 6.0' end -supports 'amazon' -supports 'fedora' +supports 'amazon', '>= 2.0' +supports 'fedora', '>= 32.0' supports 'debian', '>= 7.0' supports 'ubuntu', '>= 14.04' -supports 'suse' - -%w( apt ).each do |pkg| - depends pkg -end - -%w( debian ubuntu ).each do |os| - supports os -end +supports 'suse', '>= 15.0' +supports 'debian', '>= 8.0' +supports 'ubuntu', '>= 14.04' depends 'chef-sugar' depends 'apt' @@ -34,4 +28,4 @@ issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) -chef_version '>= 12.7' if respond_to?(:chef_version) +chef_version '>= 12.0' if respond_to?(:chef_version) diff --git a/cookbooks/wazuh_manager/recipes/common.rb b/cookbooks/wazuh_server/recipes/common.rb similarity index 100% rename from cookbooks/wazuh_manager/recipes/common.rb rename to cookbooks/wazuh_server/recipes/common.rb diff --git a/cookbooks/wazuh_manager/recipes/default.rb b/cookbooks/wazuh_server/recipes/default.rb similarity index 100% rename from cookbooks/wazuh_manager/recipes/default.rb rename to cookbooks/wazuh_server/recipes/default.rb diff --git a/cookbooks/wazuh_manager/recipes/filebeat.rb b/cookbooks/wazuh_server/recipes/filebeat.rb similarity index 96% rename from cookbooks/wazuh_manager/recipes/filebeat.rb rename to cookbooks/wazuh_server/recipes/filebeat.rb index ebe5563d..a49804ec 100644 --- a/cookbooks/wazuh_manager/recipes/filebeat.rb +++ b/cookbooks/wazuh_server/recipes/filebeat.rb @@ -19,8 +19,8 @@ File.exists?("/etc/apt/sources.list.d/wazuh.list") end end -elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') - if node['platform'] == 'rhel' && node['platform_version'] >= '8' +elsif platform_family?('rhel', 'redhat', 'centos') + if node['platform_version'] >= '8' dnf_package 'filebeat' do version "#{node['filebeat']['version']}" only_if do diff --git a/cookbooks/wazuh_manager/recipes/manager.rb b/cookbooks/wazuh_server/recipes/manager.rb similarity index 97% rename from cookbooks/wazuh_manager/recipes/manager.rb rename to cookbooks/wazuh_server/recipes/manager.rb index 0f4a4d98..e02d4239 100644 --- a/cookbooks/wazuh_manager/recipes/manager.rb +++ b/cookbooks/wazuh_server/recipes/manager.rb @@ -23,8 +23,8 @@ apt_package 'wazuh-manager' do version "#{node['wazuh-manager']['version']}-1" end -elsif platform_family?('redhat', 'rhel','centos', 'amazon') - if node['platform'] == 'rhel' && node['platform_version'] >= '8' +elsif platform_family?('redhat', 'rhel','centos') + if node['platform_version'] >= '8' dnf_package 'wazuh-manager' do version "#{node['wazuh-manager']['version']}-1" end diff --git a/cookbooks/wazuh_manager/recipes/prerequisites.rb b/cookbooks/wazuh_server/recipes/prerequisites.rb similarity index 82% rename from cookbooks/wazuh_manager/recipes/prerequisites.rb rename to cookbooks/wazuh_server/recipes/prerequisites.rb index 0745329d..c98e4895 100644 --- a/cookbooks/wazuh_manager/recipes/prerequisites.rb +++ b/cookbooks/wazuh_server/recipes/prerequisites.rb @@ -11,8 +11,8 @@ apt_package %w(curl apt-transport-https) -elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') - if node['platform'] == 'rhel' && node['platform_version'] >= '8' +elsif platform_family?('rhel', 'redhat', 'centos') + if node['platform_version'] >= '8' dnf_package 'curl' else yum_package 'curl' diff --git a/cookbooks/wazuh_manager/recipes/repository.rb b/cookbooks/wazuh_server/recipes/repository.rb similarity index 100% rename from cookbooks/wazuh_manager/recipes/repository.rb rename to cookbooks/wazuh_server/recipes/repository.rb diff --git a/cookbooks/wazuh_filebeat/spec/spec_helper.rb b/cookbooks/wazuh_server/spec/spec_helper.rb similarity index 100% rename from cookbooks/wazuh_filebeat/spec/spec_helper.rb rename to cookbooks/wazuh_server/spec/spec_helper.rb diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb b/cookbooks/wazuh_server/spec/unit/recipes/backups_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb rename to cookbooks/wazuh_server/spec/unit/recipes/backups_spec.rb diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb b/cookbooks/wazuh_server/spec/unit/recipes/common_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb rename to cookbooks/wazuh_server/spec/unit/recipes/common_spec.rb diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb b/cookbooks/wazuh_server/spec/unit/recipes/manager_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb rename to cookbooks/wazuh_server/spec/unit/recipes/manager_spec.rb diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb b/cookbooks/wazuh_server/spec/unit/recipes/wazuhapi_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb rename to cookbooks/wazuh_server/spec/unit/recipes/wazuhapi_spec.rb diff --git a/cookbooks/wazuh_manager/templates/default/api.yaml.erb b/cookbooks/wazuh_server/templates/default/api.yaml.erb similarity index 100% rename from cookbooks/wazuh_manager/templates/default/api.yaml.erb rename to cookbooks/wazuh_server/templates/default/api.yaml.erb diff --git a/cookbooks/wazuh_manager/templates/default/filebeat.yml.erb b/cookbooks/wazuh_server/templates/default/filebeat.yml.erb similarity index 100% rename from cookbooks/wazuh_manager/templates/default/filebeat.yml.erb rename to cookbooks/wazuh_server/templates/default/filebeat.yml.erb diff --git a/cookbooks/wazuh_manager/templates/default/ossec_local_decoder.xml.erb b/cookbooks/wazuh_server/templates/default/ossec_local_decoder.xml.erb similarity index 100% rename from cookbooks/wazuh_manager/templates/default/ossec_local_decoder.xml.erb rename to cookbooks/wazuh_server/templates/default/ossec_local_decoder.xml.erb diff --git a/cookbooks/wazuh_manager/templates/default/ossec_local_rules.xml.erb b/cookbooks/wazuh_server/templates/default/ossec_local_rules.xml.erb similarity index 100% rename from cookbooks/wazuh_manager/templates/default/ossec_local_rules.xml.erb rename to cookbooks/wazuh_server/templates/default/ossec_local_rules.xml.erb diff --git a/cookbooks/wazuh_manager/templates/var/ossec/etc/manager_local_internal_options.conf b/cookbooks/wazuh_server/templates/var/ossec/etc/manager_local_internal_options.conf similarity index 100% rename from cookbooks/wazuh_manager/templates/var/ossec/etc/manager_local_internal_options.conf rename to cookbooks/wazuh_server/templates/var/ossec/etc/manager_local_internal_options.conf diff --git a/cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets/api.json b/cookbooks/wazuh_server/test/data_bags/wazuh_secrets/api.json similarity index 100% rename from cookbooks/wazuh_filebeat/test/data_bags/wazuh_secrets/api.json rename to cookbooks/wazuh_server/test/data_bags/wazuh_secrets/api.json diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/wazuh_server/test/data_bags/wazuh_secrets/logstash_certificate.json similarity index 100% rename from cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json rename to cookbooks/wazuh_server/test/data_bags/wazuh_secrets/logstash_certificate.json diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/wazuh_server/test/data_bags/wazuh_secrets/test_data_bag_key similarity index 100% rename from cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key rename to cookbooks/wazuh_server/test/data_bags/wazuh_secrets/test_data_bag_key diff --git a/cookbooks/wazuh_manager/test/environments/development-client.json b/cookbooks/wazuh_server/test/environments/development-client.json similarity index 100% rename from cookbooks/wazuh_manager/test/environments/development-client.json rename to cookbooks/wazuh_server/test/environments/development-client.json diff --git a/cookbooks/wazuh_manager/test/environments/development-master.json b/cookbooks/wazuh_server/test/environments/development-master.json similarity index 100% rename from cookbooks/wazuh_manager/test/environments/development-master.json rename to cookbooks/wazuh_server/test/environments/development-master.json diff --git a/cookbooks/wazuh_manager/test/environments/development.json b/cookbooks/wazuh_server/test/environments/development.json similarity index 100% rename from cookbooks/wazuh_manager/test/environments/development.json rename to cookbooks/wazuh_server/test/environments/development.json diff --git a/cookbooks/wazuh_manager/test/environments/production.json b/cookbooks/wazuh_server/test/environments/production.json similarity index 100% rename from cookbooks/wazuh_manager/test/environments/production.json rename to cookbooks/wazuh_server/test/environments/production.json diff --git a/cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb b/cookbooks/wazuh_server/test/integration/agent-development/serverspec/agent_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb rename to cookbooks/wazuh_server/test/integration/agent-development/serverspec/agent_spec.rb diff --git a/cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb b/cookbooks/wazuh_server/test/integration/agent-production/serverspec/agent_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb rename to cookbooks/wazuh_server/test/integration/agent-production/serverspec/agent_spec.rb diff --git a/cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret b/cookbooks/wazuh_server/test/integration/default/encrypted_data_bag_secret similarity index 100% rename from cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret rename to cookbooks/wazuh_server/test/integration/default/encrypted_data_bag_secret diff --git a/cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb b/cookbooks/wazuh_server/test/integration/default/serverspec/default_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb rename to cookbooks/wazuh_server/test/integration/default/serverspec/default_spec.rb diff --git a/cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb b/cookbooks/wazuh_server/test/integration/elk-development/serverspec/elk_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb rename to cookbooks/wazuh_server/test/integration/elk-development/serverspec/elk_spec.rb diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb b/cookbooks/wazuh_server/test/integration/helpers/serverspec/common_agent_tests.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb rename to cookbooks/wazuh_server/test/integration/helpers/serverspec/common_agent_tests.rb diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb b/cookbooks/wazuh_server/test/integration/helpers/serverspec/common_manager_tests.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb rename to cookbooks/wazuh_server/test/integration/helpers/serverspec/common_manager_tests.rb diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb b/cookbooks/wazuh_server/test/integration/helpers/serverspec/common_ossec_tests.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb rename to cookbooks/wazuh_server/test/integration/helpers/serverspec/common_ossec_tests.rb diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/wazuh_server/test/integration/helpers/serverspec/spec_helper.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb rename to cookbooks/wazuh_server/test/integration/helpers/serverspec/spec_helper.rb diff --git a/cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb b/cookbooks/wazuh_server/test/integration/manager-development/serverspec/manager_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb rename to cookbooks/wazuh_server/test/integration/manager-development/serverspec/manager_spec.rb diff --git a/cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb b/cookbooks/wazuh_server/test/integration/manager-production/serverspec/manager_spec.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb rename to cookbooks/wazuh_server/test/integration/manager-production/serverspec/manager_spec.rb diff --git a/roles/wazuh_manager.json b/roles/wazuh_server.json similarity index 63% rename from roles/wazuh_manager.json rename to roles/wazuh_server.json index 240431f7..df13d264 100644 --- a/roles/wazuh_manager.json +++ b/roles/wazuh_server.json @@ -1,6 +1,6 @@ { - "name": "wazuh_manager", - "description": "Wazuh Manager host", + "name": "wazuh_server", + "description": "Wazuh Server host", "json_class": "Chef::Role", "default_attributes": { @@ -10,7 +10,7 @@ }, "chef_type": "role", "run_list": [ - "recipe[wazuh_manager::default]" + "recipe[wazuh_server::default]" ], "env_run_lists": { From c2caa3d0644b5df9ba66e4316a223ef52219a0cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 20 Nov 2020 11:21:37 +0100 Subject: [PATCH 012/260] Updated README.md --- README.md | 50 ++++++++++++++++++-------------------------------- 1 file changed, 18 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 392c8067..c11dd021 100644 --- a/README.md +++ b/README.md @@ -19,16 +19,18 @@ Every cookbook will install its own required dependencies, *Berksfile* and *meta There is software that must be installed to ensure the correct installation. -- Curl -- Wget -- Chef Server Core v12.19.31 +## Chef + +Chef gives plenty of software packages solution deppending on how you want to distribute the software. Please +refer to the [platform overview documentation](https://docs.chef.io/platform_overview/) to know +all the software products they have. ## Cookbooks * [Wazuh Agent ](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_agent) -* [Wazuh Manager and API](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_manager) -* [Elastic Stack (Elasticsearch, Kibana)](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_elastic) -* [Filebeat](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_filebeat) +* [Wazuh Server (Manager, API and Filebeat)](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_server) +* [Elasticsearch](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_elastic) +* [Kibana](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_kibana) Each cookbook has its README.md @@ -37,7 +39,9 @@ Each cookbook has its README.md You can find predefined roles for a default installation of Wazuh Agent and Manager in the roles folder. - [Wazuh Agent Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_agent.json) -- [Wazuh Manager Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_agent.json) +- [Wazuh Server Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_server.json) +- [Wazuh Elastic Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_elastic.json) +- [Wazuh Kibana Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_kibana.json) Check roles README for more information about default attributes and how to customize your installation. @@ -49,12 +53,12 @@ You can clone the repository by running: ```git clone https://github.com/wazuh/w #### Use through Berkshelf -The easiest way to making use of these cookbooks (especially `wazuh_filebeat` & `wazuh_elastic` until they are published to Supermarket) is by including in your `Berksfile` the desired cookbooks as stated below: +The easiest way to making use of these cookbooks is by including in your `Berksfile` the desired cookbooks as stated below: ```ruby -cookbook "wazuh_agent", git: "https://github.com/wazuh/wazuh-chef.git",rel: 'cookbooks/wazuh_agent' -cookbook "wazuh_manager", git: "https://github.com/wazuh/wazuh-chef.git",rel: 'cookbooks/wazuh_manager' -cookbook 'wazuh_filebeat', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_filebeat' +cookbook "wazuh_agent", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_agent' +cookbook "wazuh_server", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_manager' +cookbook 'wazuh_kibana', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_kibana' cookbook 'wazuh_elastic', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_elastic' ``` @@ -136,35 +140,17 @@ After that, the vault will be created and synced with the server. The defined no You can check Chef Official Documentation about [Chef Vault](https://docs.chef.io/chef_vault.html) for detailed info. -## Use through Berkshelf - -The easiest way to making use of these cookbooks (especially `wazuh_filebeat` & `wazuh_elastic` until they are published to Supermarket) is by including in your `Berksfile` something like the below: - -```ruby -cookbook 'wazuh', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh' -cookbook 'wazuh_filebeat', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh_filebeat' -cookbook 'wazuh_elastic', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh_elastic' -``` - -This will source all three cookbooks housed in this repo from GitHub. - ## Choose to register an agent into a manager or not Now we give the possibility to choose to register an agent after being configured and installed in a manager. -In order to do so, it's only needed to assign the value `yes` to the variable ` default['ossec']['agent_auth']['register'] ` in the attributes file_ ` wazuh-chef/cookbooks/wazuh_agent/attributes/authd.rb `: - -``` -default['ossec']['agent_auth']['register'] = 'yes' -``` - -To connect an agent with the manager simply modify the `wazuh-chef/roles/wazuh_agent.json` with the desired IP address: +To connect an agent with the manager simply modify the `wazuh-chef/roles/wazuh_agent.json` with the +manager IP address: ``` -"registration_address": "", "address": "" ``` -In other case, we just assign a different value which is not `yes`. +Since Wazuh 4.0, by default, the agent registers automatically with the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#reference-ossec-client). ## Contribute From 05aa785812a77ca9564ae14096e7748e04c3eb69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 20 Nov 2020 11:28:31 +0100 Subject: [PATCH 013/260] Update README.md cookbooks --- cookbooks/README.md | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/cookbooks/README.md b/cookbooks/README.md index 4f5b9ff2..365bc236 100644 --- a/cookbooks/README.md +++ b/cookbooks/README.md @@ -19,7 +19,7 @@ These cookbooks don't configure Windows systems yet. For manual agent installati - yum - poise-python -Attributes for Agent and Manager +Attributes ---------- All default attributes files are defined in the ```attributes/``` folder of each cookbook. Chef applies attributes from all attribute files regardless of which recipes were executed. It's important to mention that Chef will load ```default.rb``` first and then will proceed alphabetically. @@ -52,7 +52,7 @@ This produces: If you want to add new fields to customize your installation, you can declare it as a default attribute in its respective .rb file in the attributes folder or add it manually to the role. -For example: To enable cluster configuration, the following lane would be added to ```/cookbooks/wazuh_manager/attributes/cluster.rb ```. +For example: To enable cluster configuration, the following lane would be added to ```/cookbooks/wazuh_server/attributes/cluster.rb ```. `````` ruby default['ossec']['conf']['cluster']['disabled'] == false @@ -100,8 +100,8 @@ In case you want to customize your installation using roles, you can declare att ```json { - "name": "wazuh_manager", - "description": "Wazuh Manager host", + "name": "wazuh_server", + "description": "Wazuh Server host", "json_class": "Chef::Role", "default_attributes": { "ossec": { @@ -115,7 +115,7 @@ In case you want to customize your installation using roles, you can declare att }, "chef_type": "role", "run_list": [ - "recipe[wazuh_manager::manager]" + "recipe[wazuh_server::manager]" ], "env_run_lists": { @@ -127,11 +127,9 @@ The same example applies for Wazuh Agent and it's own attributes. You can get more info about attributes and how the work on the chef documentation: https://docs.chef.io/attributes.html - - ### Centralized Configuration -You can configure your Wazuh [Centralized Configuration](https://documentation.wazuh.com/3.9/user-manual/reference/centralized-configuration.html#centralized-configuration-process) with Chef. +You can configure your Wazuh [Centralized Configuration](https://documentation.wazuh.com/4.0/user-manual/reference/centralized-configuration.html#centralized-configuration-process) with Chef. In order to achieve this, the following steps are required: @@ -139,12 +137,10 @@ In order to achieve this, the following steps are required: The easiest way to achieve this is to modify the Wazuh Manager attributes in the role - - ``` { - "name": "wazuh_manager", - "description": "Wazuh Manager host", + "name": "wazuh_server", + "description": "Wazuh Server host", "json_class": "Chef::Role", "default_attributes": { "ossec": { @@ -159,7 +155,7 @@ The easiest way to achieve this is to modify the Wazuh Manager attributes in the }, "chef_type": "role", "run_list": [ - "recipe[wazuh_manager::manager]" + "recipe[wazuh_server::manager]" ], "env_run_lists": { @@ -167,12 +163,8 @@ The easiest way to achieve this is to modify the Wazuh Manager attributes in the } ``` - - This, will render all `['ossec']['centralized_configuration']['conf']['agent_config']` variables and convert them to XML using Gyoku - - For example, the following attribute: ```ruby @@ -186,8 +178,6 @@ default['ossec']['centralized_configuration']['conf']['agent_config']= [ ] ``` - - Generates this XML in the `agent.conf` file: ```xml @@ -197,9 +187,4 @@ Generates this XML in the `agent.conf` file: syslog -``` - - - -Please check our Documentation about [Wazuh Centralized Configuration](https://documentation.wazuh.com/3.9/user-manual/reference/centralized-configuration.html#centralized-configuration-process) for detailed information. - +``` \ No newline at end of file From 417681f1d2f9c970ed1a2c9335e29b7858eb7f51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 20 Nov 2020 11:31:13 +0100 Subject: [PATCH 014/260] Fix vocabulary mistake and add note for kibana --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c11dd021..6b32adbc 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ There is software that must be installed to ensure the correct installation. ## Chef -Chef gives plenty of software packages solution deppending on how you want to distribute the software. Please +Chef gives plenty of software packages solution depending on how you want to distribute the software. Please refer to the [platform overview documentation](https://docs.chef.io/platform_overview/) to know all the software products they have. @@ -30,7 +30,7 @@ all the software products they have. * [Wazuh Agent ](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_agent) * [Wazuh Server (Manager, API and Filebeat)](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_server) * [Elasticsearch](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_elastic) -* [Kibana](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_kibana) +* Kibana (*future version*) Each cookbook has its README.md From e268c9e8d1cdc6087dc430805bb75e6e31b4b272 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 20 Nov 2020 15:28:30 +0100 Subject: [PATCH 015/260] Update filebat cookbook and metadata.rb --- cookbooks/wazuh_server/metadata.rb | 6 ++---- cookbooks/wazuh_server/recipes/filebeat.rb | 9 ++++++++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/cookbooks/wazuh_server/metadata.rb b/cookbooks/wazuh_server/metadata.rb index 8afb3bc2..a7e806b5 100644 --- a/cookbooks/wazuh_server/metadata.rb +++ b/cookbooks/wazuh_server/metadata.rb @@ -1,15 +1,14 @@ -name 'wazuh_manager' +name 'wazuh_server' maintainer 'Wazuh Inc.' maintainer_email 'info@wazuh.com' license 'Apache 2.0' -description 'Installs and onfigures ossec' +description 'Installs and configures Wazuh manager and Filebeat' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.1' %w(redhat centos oracle).each do |el| supports el, '>= 6.0' end - supports 'amazon', '>= 2.0' supports 'fedora', '>= 32.0' supports 'debian', '>= 7.0' @@ -24,7 +23,6 @@ depends 'yum' depends 'hostsfile' depends 'zypper' -depends 'yaml' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) diff --git a/cookbooks/wazuh_server/recipes/filebeat.rb b/cookbooks/wazuh_server/recipes/filebeat.rb index a49804ec..499ae2b1 100644 --- a/cookbooks/wazuh_server/recipes/filebeat.rb +++ b/cookbooks/wazuh_server/recipes/filebeat.rb @@ -47,7 +47,7 @@ end # Edit the file /etc/filebeat/filebeat.yml - +=begin template node['filebeat']['config_path'] do source 'filebeat.yml.erb' owner 'root' @@ -71,6 +71,13 @@ filebeat_modules_archives_enabled: node['filebeat']['yml']['filebeat_modules_archives_enabled'] ) end +=end +template node['filebeat']['config_path'] do + source 'filebeat.yml.erb' + owner 'root' + group 'root' + mode '0640' + variables(content: # Download the alerts template for Elasticsearch: From e781830c72f61a8cd3c99884f9067fef40abd851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 20 Nov 2020 15:28:47 +0100 Subject: [PATCH 016/260] Remove reg address --- roles/wazuh_agent.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/wazuh_agent.json b/roles/wazuh_agent.json index 98e74977..a5a3a788 100644 --- a/roles/wazuh_agent.json +++ b/roles/wazuh_agent.json @@ -7,8 +7,7 @@ }, "override_attributes": { "ossec": { - "registration_address": "", - "address": "" + "address": "" } }, "chef_type": "role", From 56baae00777c89f7201b0f1fb358c9b1bc4ebb04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 20 Nov 2020 15:30:11 +0100 Subject: [PATCH 017/260] Start on issue #112 --- cookbooks/wazuh_elastic/Gemfile | 2 + cookbooks/wazuh_elastic/attributes/default.rb | 17 ++ cookbooks/wazuh_elastic/attributes/odfe.rb | 60 +++++++ .../wazuh_elastic/attributes/search_guard.rb | 47 ++++++ .../wazuh_elastic/attributes/versions.rb | 5 + cookbooks/wazuh_elastic/metadata.rb | 17 +- cookbooks/wazuh_elastic/recipes/default.rb | 10 +- .../wazuh_elastic/recipes/elasticsearch.rb | 33 +++- cookbooks/wazuh_elastic/recipes/odfe.rb | 155 ++++++++++++++++++ .../wazuh_elastic/recipes/prerequisites.rb | 19 ++- cookbooks/wazuh_elastic/recipes/repository.rb | 7 +- .../default/od_elasticsearch.yml.erb | 32 +--- .../templates/default/search-guard.yml.erb | 34 +--- 13 files changed, 359 insertions(+), 79 deletions(-) create mode 100644 cookbooks/wazuh_elastic/attributes/odfe.rb create mode 100644 cookbooks/wazuh_elastic/attributes/search_guard.rb create mode 100644 cookbooks/wazuh_elastic/recipes/odfe.rb diff --git a/cookbooks/wazuh_elastic/Gemfile b/cookbooks/wazuh_elastic/Gemfile index 518b772e..15eaf962 100644 --- a/cookbooks/wazuh_elastic/Gemfile +++ b/cookbooks/wazuh_elastic/Gemfile @@ -17,3 +17,5 @@ end group :kitchen_vagrant do gem 'kitchen-vagrant', '~> 0.19' end + +gem 'psych', '~> 3.2' diff --git a/cookbooks/wazuh_elastic/attributes/default.rb b/cookbooks/wazuh_elastic/attributes/default.rb index e69de29b..a01008e8 100644 --- a/cookbooks/wazuh_elastic/attributes/default.rb +++ b/cookbooks/wazuh_elastic/attributes/default.rb @@ -0,0 +1,17 @@ +=begin +This attributes define which environment to use: + - Opendistroforelasticsearch + - Elastic Stack +Neither of both variables can be assigned to the same value. One has to be set to "true" and the +other one to "false". +Both are checked inside recipes/default.rb recipe +=end +default['wazuh-elastic']['elasticsearch'] = false +default['wazuh-elastic']['odfe'] = true + +# Setup in role +default['wazuh-elastic']['ip'] = "0.0.0.0" +default['wazuh-kibana']['ip'] = "0.0.0.0" + +default['wazuh-elastic']['config_path'] = "/etc/elasticsearch" +default['wazuh-elastic']['plugins_path'] = "/usr/share/elasticsearch/plugins" \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/attributes/odfe.rb b/cookbooks/wazuh_elastic/attributes/odfe.rb new file mode 100644 index 00000000..efdd0cc7 --- /dev/null +++ b/cookbooks/wazuh_elastic/attributes/odfe.rb @@ -0,0 +1,60 @@ +# elasticsearch.yml configuration file +default['odfe']['yml'] = { + 'network' => { + 'host' => node['wazuh-elastic']['ip'] + }, + 'node' => { + 'name' => "node-1", + 'max_local_storage_nodes' => 3 + }, + 'cluster' => { + 'initial_master_nodes' => "node-1", + 'routing' => { + 'allocation' => { + 'disk' => { + 'threshold_enabled' => false + } + } + } + }, + 'path' => { + 'data' => "/var/lib/elasticsearch", + 'logs' => "/var/log/elasticsearch" + }, + 'opendistro_security' => { + 'ssl' => { + 'transport' => { + 'pemcert_filepath' => "/etc/elasticsearch/certs/elasticsearch.pem", + 'pemkey_filepath' => "/etc/elasticsearch/certs/elasticsearch.key", + 'pemtrustedcas_filepath' => "/etc/elasticsearch/certs/root-ca.pem", + 'enforce_hostname_verification' => false, + 'resolve_hostname' => false + }, + 'http' => { + 'enabled' => true, + 'pemcert_filepath' => "/etc/elasticsearch/certs/elasticsearch_http.pem", + 'pemkey_filepath' => "/etc/elasticsearch/certs/elasticsearch_http.key", + 'pemtrustedcas_filepath' => "/etc/elasticsearch/certs/root-ca.pem" + } + }, + 'nodes_dn' => [ + "CN=node-1,OU=Docu,O=Wazuh,L=California,C=US" + ], + 'authcz' => { + 'admin_dn' => [ + "CN=admin,OU=Docu,O=Wazuh,L=California,C=US" + ] + }, + 'audit' => { + 'type' => "internal_elasticsearch" + }, + 'enable_snapshot_restore_privilege' => true, + 'check_snapshot_restore_write_privileges' => true, + 'restapi' => { + 'roles_enabled' => [ + "all_access", + "security_rest_api_access" + ] + } + } +} diff --git a/cookbooks/wazuh_elastic/attributes/search_guard.rb b/cookbooks/wazuh_elastic/attributes/search_guard.rb new file mode 100644 index 00000000..5edf1e56 --- /dev/null +++ b/cookbooks/wazuh_elastic/attributes/search_guard.rb @@ -0,0 +1,47 @@ +default['search_guard']['tls_tool'] = "search-guard-tlstool-1.8.zip" +default['search_guard']['config_path'] = "/etc/searchguard" +default['search_guard']['yml'] = +{ + "ca" => { + "root" => { + "dn" => "CN=elasticsearch,OU=Docu,O=Wazuh,L=California,C=US", + "keysize" => 2048, + "validityDays" => 3650, + "pkPassword" => "none", + "file" => "root-ca.pem" + } + }, + "defaults" => { + "validityDays" => 3650, + "pkPassword" => "none", + "generatedPasswordLength" => 12, + "httpsEnabled" => true + }, + "nodes" => [ + { + "name" => "elasticsearch", + "dn" => "CN=node-1,OU=Docu,O=Wazuh,L=California,C=US", + "ip" => [ + "#{node['wazuh-elastic']['ip']}" + ] + }, + { + "name" => "kibana", + "dn" => "CN=kibana,OU=Docu,O=Wazuh,L=California,C=US", + "ip" => [ + "#{node['wazuh-kibana']['ip']}" + ] + } + ], + "clients" => [ + { + "name" => "admin", + "dn" => "CN=admin,OU=Docu,O=Wazuh,L=California,C=US", + "admin" => true + }, + { + "name" => "filebeat", + "dn" => "CN=filebeat,OU=Docu,O=Wazuh,L=California,C=US" + } + ] +} \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/attributes/versions.rb b/cookbooks/wazuh_elastic/attributes/versions.rb index 7f66ac51..e1a8f97c 100644 --- a/cookbooks/wazuh_elastic/attributes/versions.rb +++ b/cookbooks/wazuh_elastic/attributes/versions.rb @@ -1,3 +1,8 @@ default['wazuh-elastic']['elastic_stack_version'] = "7.9.1" +default['wazuh-elastic']['odfe_version'] = "1.11.0" default['wazuh-elastic']['wazuh_app_version'] = "4.0.1_7.9.1" default['wazuh-elastic']['extensions_version'] = "v4.0.1" +default['wazuh']['major']['version'] = "4.x" +default['wazuh']['version'] = "4.0" +default['elastic']['major']['version'] = "7.x" +default['search_guard']['version'] = "1.8" diff --git a/cookbooks/wazuh_elastic/metadata.rb b/cookbooks/wazuh_elastic/metadata.rb index 47aa2935..c1d3df95 100644 --- a/cookbooks/wazuh_elastic/metadata.rb +++ b/cookbooks/wazuh_elastic/metadata.rb @@ -1,4 +1,3 @@ -# -*- encoding: utf-8 -*- name 'wazuh_elastic' maintainer 'Wazuh' maintainer_email 'info@wazuh.com' @@ -11,9 +10,16 @@ depends pkg end -%w( debian ubuntu ).each do |os| - supports os +%w(redhat centos oracle).each do |el| + supports el, '>= 6.0' end +supports 'amazon', '>= 2.0' +supports 'fedora', '>= 32.0' +supports 'debian', '>= 7.0' +supports 'ubuntu', '>= 14.04' +supports 'suse', '>= 15.0' +supports 'debian', '>= 8.0' +supports 'ubuntu', '>= 14.04' depends 'chef-sugar' depends 'apt' @@ -21,3 +27,8 @@ depends 'yum' depends 'hostsfile' depends 'htpasswd' +depends 'zypper' + +issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) +chef_version '>= 12.0' if respond_to?(:chef_version) \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/recipes/default.rb b/cookbooks/wazuh_elastic/recipes/default.rb index 899e6d26..b48940b1 100644 --- a/cookbooks/wazuh_elastic/recipes/default.rb +++ b/cookbooks/wazuh_elastic/recipes/default.rb @@ -7,6 +7,10 @@ ############################################# include_recipe 'chef-sugar::default' include_recipe 'wazuh_elastic::prerequisites' -include_recipe 'wazuh_elastic::repository' -include_recipe 'wazuh_elastic::elasticsearch' -include_recipe 'wazuh_elastic::kibana' +if node['wazuh-elastic']['elasticsearch'] + include_recipe 'wazuh_elastic::repository' + include_recipe 'wazuh_elastic::elasticsearch' +elsif node['wazuh-elastic']['odfe'] + include_recipe 'wazuh_elastic::repository' + include_recipe 'wazuh_elastic::odfe' +#include_recipe 'wazuh_elastic::kibana' diff --git a/cookbooks/wazuh_elastic/recipes/elasticsearch.rb b/cookbooks/wazuh_elastic/recipes/elasticsearch.rb index 268b3097..9009fff3 100644 --- a/cookbooks/wazuh_elastic/recipes/elasticsearch.rb +++ b/cookbooks/wazuh_elastic/recipes/elasticsearch.rb @@ -8,11 +8,34 @@ # Install opendistroforelasticsearch if platform_family?('debian', 'ubuntu') - apt_package %w(elasticsearch-oss opendistroforelasticsearch) -elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') - yum_package 'opendistroforelasticsearch' + apt_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + apt_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end +elsif platform_family?('rhel', 'redhat', 'centos') + if node['platform_version'] >= '8' + dnf_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + dnf_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end + else + yum_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + yum_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end elsif platform_family?('suse') - zypper_package 'opendistroforelasticsearch' + zypper_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + zypper_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end @@ -24,7 +47,7 @@ owner 'root' group 'elasticsearch' mode '0660' - variables ({ + variables (content: network_host: "network.host: #{node['wazuh-elastic']['elasticsearch_ip']}", node_name: "node.name: #{node['wazuh-elastic']['elasticsearch_node_name']}", cluster_initial_master_nodes: "cluster.initial_master_nodes: #{node['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']}", diff --git a/cookbooks/wazuh_elastic/recipes/odfe.rb b/cookbooks/wazuh_elastic/recipes/odfe.rb new file mode 100644 index 00000000..bd662123 --- /dev/null +++ b/cookbooks/wazuh_elastic/recipes/odfe.rb @@ -0,0 +1,155 @@ +# -*- encoding: utf-8 -*- +# +# Cookbook Name:: wazuh-elastic +# Recipe:: elasticsearch_install +# +###################################################### + +# Install opendistroforelasticsearch + +if platform_family?('debian', 'ubuntu') + apt_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + apt_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end +elsif platform_family?('rhel', 'redhat', 'centos') + if node['platform_version'] >= '8' + dnf_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + dnf_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end + else + yum_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + yum_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end +elsif platform_family?('suse') + zypper_package 'elasticsearch-oss' do + version "#{node['wazuh-elastic']['elastic_stack_version']}-1" + end + zypper_package 'opendistroforelasticsearch' do + version "#{node['wazuh-elastic']['odfe_version']}-1" + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end + +# Set up opendistro for elasticsearch configuration file +template "#{node['wazuh-elastic']['config_path']}/elasticsearch.yml" do + source 'od_elasticsearch.yml.erb' + owner 'root' + group 'elasticsearch' + mode '0660' + variables (content: Psych.dump(node['odfe']['yml'])) +end + +remote_file "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/roles.yml" do + source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['version']}/resources/open-distro/elasticsearch/roles/roles.yml" +end + +remote_file "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/roles_mapping.yml" do + source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['version']}/resources/open-distro/elasticsearch/roles/roles_mapping.yml" +end + +remote_file "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/internal_users.yml" do + source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['version']}/resources/open-distro/elasticsearch/roles/internal_users.yml" +end + +# Certificates creation and deployment + +execute 'Remove the demo certificates' do + command "rm #{node['wazuh-elastic']['config_path']}/esnode-key.pem #{node['wazuh-elastic']['config_path']}/esnode.pem #{node['wazuh-elastic']['config_path']}/kirk-key.pem #{node['wazuh-elastic']['config_path']}/kirk.pem #{node['wazuh-elastic']['config_path']}/root-ca.pem -f" +end + +directory "#{node['wazuh-elastic']['config_path']}/certs" do + action :create +end + +directory "#{node['search_guard']['config_path']}" do + action :create +end + +remote_file "/tmp/#{node['search_guard']['tls_tool']}" do + source "https://maven.search-guard.com/search-guard-tlstool/#{node['search_guard']['version']}/#{node['odfe']['search_guard_tls_tool']}" +end + +archive_file "#{node['search_guard']['tls_tool']}" do + path "/tmp/#{node['odfe']['search_guard_tls_tool']}" + destination "#{node['search_guard']['config_path']}" +end + +template "#{node['search_guard']['config_path']}/search-guard.yml" do + source 'search-guard.yml.erb' + owner 'root' + group 'elasticsearch' + mode '0660' + variables (content: Psych.dump(node['search_guard']['yml'])) +end + +execute 'Run the Search Guard’s script to create the certificates' do + command "#{node['search_guard']['config_path']}/tools/sgtlstool.sh -c #{node['search_guard']['config_path']}/search-guard.yml -ca -crt -t #{node['wazuh-elastic']['config_path']}/certs/" +end + +bash 'Compress all the necessary files to be sent to the all the instances' do + code <<-EOF + cd #{node['wazuh-elastic']['config_path']}/certs + tar -cf certs.tar * + EOF +end + +execute 'Remove unnecessary files' do + command "rm #{node['wazuh-elastic']['config_path']}/certs/client-certificates.readme #{node['wazuh-elastic']['config_path']}/certs/elasticsearch_elasticsearch_config_snippet.yml /tmp/#{node['search_guard']['tls_tool']} -f" +end + +# Configure Filebeat certificates + +bash 'Configure Filebeat certificates' do + code <<-EOH + mkdir /etc/filebeat/certs + cp #{node['wazuh-elastic']['config_path']}/certs/certs.tar /etc/filebeat/certs/ + cd /etc/filebeat/certs/ + tar --extract --file=certs.tar filebeat.pem filebeat.key root-ca.pem + rm certs.tar + EOH +end + +# Run filebeat service + +service "filebeat" do + supports :status => true, :restart => true, :reload => true + action [:start, :enable] +end + +# Run elasticsearch service + +service "elasticsearch" do + supports :start => true, :stop => true, :restart => true, :reload => true + action [:enable, :start] +end + +ruby_block 'wait for elasticsearch' do + block do + loop { break if (TCPSocket.open("#{node['wazuh-elastic']['elasticsearch_ip']}",node['wazuh-elastic']['elasticsearch_port']) rescue nil); puts "Waiting for elasticsearch to start"; sleep 5 } + end +end + +bash 'Verify Elasticsearch folders owner' do + code <<-EOF + chown elasticsearch:elasticsearch -R #{node['wazuh-elastic']['config_path']} + chown elasticsearch:elasticsearch -R /usr/share/elasticsearch + chown elasticsearch:elasticsearch -R /var/lib/elasticsearch + EOF + notifies :restart, "service[elasticsearch]", :delayed +end + +execute 'Run the Elasticsearch’s securityadmin script' do + command "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['wazuh-elastic']['config_path']}/certs/root-ca.pem -cert #{node['wazuh-elastic']['config_path']}/certs/admin.pem -key #{node['wazuh-elastic']['config_path']}/certs/admin.key -h #{node['wazuh-elastic']['elasticsearch_ip']}" +end + + diff --git a/cookbooks/wazuh_elastic/recipes/prerequisites.rb b/cookbooks/wazuh_elastic/recipes/prerequisites.rb index fb23d21c..86554a21 100644 --- a/cookbooks/wazuh_elastic/recipes/prerequisites.rb +++ b/cookbooks/wazuh_elastic/recipes/prerequisites.rb @@ -29,23 +29,30 @@ apt_update # Install all the required utilities - execute 'export JAVA_HOME' do - command 'export JAVA_HOME=/usr/' + bash 'export JAVA_HOME' do + environment 'JAVA_HOME' => '/usr/' end apt_package 'openjdk-11-jdk' -elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') +elsif platform_family?('rhel', 'redhat', 'centos') # Install all the necessary packages for the installation execute 'export JAVA_HOME' do command 'export JAVA_HOME=/usr/' end - yum_package 'prerequisites' do - package_name ['curl', 'unzip', 'wget', 'java-11-openjdk-devel', 'libcap'] - action :install + if node['platform_version'] >= '8' + dnf_package 'prerequisites' do + package_name ['curl', 'unzip', 'wget', 'java-11-openjdk-devel', 'libcap'] + action :install + end + else + yum_package 'prerequisites' do + package_name ['curl', 'unzip', 'wget', 'java-11-openjdk-devel', 'libcap'] + action :install + end end elsif platform_family?('suse') diff --git a/cookbooks/wazuh_elastic/recipes/repository.rb b/cookbooks/wazuh_elastic/recipes/repository.rb index 7e9aad89..c588e604 100644 --- a/cookbooks/wazuh_elastic/recipes/repository.rb +++ b/cookbooks/wazuh_elastic/recipes/repository.rb @@ -13,7 +13,7 @@ # Install GPG key and add repository apt_repository "wazuh" do - uri "https://packages.wazuh.com/4.x/apt/ " + uri "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/apt/" key "https://packages.wazuh.com/key/GPG-KEY-WAZUH" distribution "stable" components ["main"] @@ -24,10 +24,11 @@ # Update the package information apt_update + elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') yum_repository "wazuh" do description "OpenDistro Elasticseach Yum" - baseurl "https://packages.wazuh.com/4.x/yum/" + baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum/" gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" action :create not_if do @@ -37,7 +38,7 @@ elsif platform_family?('suse') zypper_repository "wazuh" do description "OpenDistro Elasticseach Zypper" - baseurl "https://packages.wazuh.com/4.x/yum/" + baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum/" gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" action :create not_if do diff --git a/cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb b/cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb index 0794960a..0677d6b5 100644 --- a/cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb +++ b/cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb @@ -1,27 +1,7 @@ -<%= @network_host %> -<%= @node_name %> -<%= @cluster_initial_master_nodes %> +# ======================== Elasticsearch Configuration ========================= +# +# Please consult the documentation for further information on configuration options: +# https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-configuration +# -opendistro_security.ssl.transport.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch.pem -opendistro_security.ssl.transport.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch.key -opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem -opendistro_security.ssl.transport.enforce_hostname_verification: false -opendistro_security.ssl.transport.resolve_hostname: false -opendistro_security.ssl.http.enabled: true -opendistro_security.ssl.http.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch_http.pem -opendistro_security.ssl.http.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch_http.key -opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem -opendistro_security.nodes_dn: -- CN=node-1,OU=Docu,O=Wazuh,L=California,C=US -opendistro_security.authcz.admin_dn: -- CN=admin,OU=Docu,O=Wazuh,L=California,C=US - -opendistro_security.audit.type: internal_elasticsearch -opendistro_security.enable_snapshot_restore_privilege: true -opendistro_security.check_snapshot_restore_write_privileges: true -opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] -cluster.routing.allocation.disk.threshold_enabled: false -node.max_local_storage_nodes: 3 - -<%= @path_data %> -<%= @path_logs %> +<%= @content %> diff --git a/cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb b/cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb index 4ce1fce6..eb342d80 100644 --- a/cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb +++ b/cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb @@ -5,36 +5,4 @@ # # Self-signed certificate authority -ca: - root: - dn: CN=elasticsearch,OU=Docu,O=Wazuh,L=California,C=US - keysize: 2048 - validityDays: 3650 - pkPassword: none - file: root-ca.pem - -# Default values and global settings -defaults: - validityDays: 3650 - pkPassword: none - generatedPasswordLength: 12 - httpsEnabled: true - -# Nodes certificates -nodes: - - name: elasticsearch - dn: CN=node-1,OU=Docu,O=Wazuh,L=California,C=US - ip: - - <%= @elasticsearch_ip %> - - name: kibana - dn: CN=kibana,OU=Docu,O=Wazuh,L=California,C=US - ip: - - <%= @kibana_ip %> - -# Clients certificates -clients: - - name: admin - dn: CN=admin,OU=Docu,O=Wazuh,L=California,C=US - admin: true - - name: filebeat - dn: CN=filebeat,OU=Docu,O=Wazuh,L=California,C=US +<%= @content %> \ No newline at end of file From 316ea35436ffcdec78dab6bf7cbbe1cb70710f57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 23 Nov 2020 14:21:39 +0100 Subject: [PATCH 018/260] Add databags and environments --- cookbooks/wazuh_server/.kitchen.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/cookbooks/wazuh_server/.kitchen.yml b/cookbooks/wazuh_server/.kitchen.yml index 663cf721..c7a646e3 100644 --- a/cookbooks/wazuh_server/.kitchen.yml +++ b/cookbooks/wazuh_server/.kitchen.yml @@ -4,26 +4,37 @@ driver: provisioner: name: chef_zero + environments_path: "test/environments" + data_bags_path: "test/data_bags" + encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" product_version: latest verifiers: name: inspec platforms: + - name: ubuntu-20.04 - name: ubuntu-18.04 - name: centos-8.0 - name: centos-7 suites: - - name: wazuh-manager + - name: wazuh-server + environments_path: "test/environments" + data_bags_path: "test/data_bags" + encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" run_list: - - recipe[wazuh_manager::manager] + - recipe[wazuh_server::manager] driver: network: - ["private_network", {ip: "172.16.10.10"}] customize: memory: 2048 cpus: 1 +# provisioner: +# client_rb: +# environment: development-master + - name: elastic run_list: - recipe[wazuh_elastic::default] From b402562644c3e360d396b97a39cd0acb71d23dd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 23 Nov 2020 14:22:09 +0100 Subject: [PATCH 019/260] Ad yaml gem --- cookbooks/wazuh_server/Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cookbooks/wazuh_server/Gemfile b/cookbooks/wazuh_server/Gemfile index 29f461b1..1dc2730c 100644 --- a/cookbooks/wazuh_server/Gemfile +++ b/cookbooks/wazuh_server/Gemfile @@ -3,7 +3,6 @@ source 'https://rubygems.org' group :lint do gem 'foodcritic', '~> 16.3' gem 'rubocop', '~> 1.3', '>= 1.3.1' - gem 'yaml', '~> 0.1.0' end group :unit do @@ -18,3 +17,5 @@ end group :kitchen_vagrant do gem 'kitchen-vagrant', '~> 1.7', '>= 1.7.2' end + +gem 'yaml', '~> 0.1.0' From bda4bead1310dead3974500fb61566a93fb49261 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 23 Nov 2020 14:23:24 +0100 Subject: [PATCH 020/260] Create yaml attribute and use it in templates --- cookbooks/wazuh_server/attributes/api.rb | 58 +++++++++------- cookbooks/wazuh_server/attributes/filebeat.rb | 66 +++++++++++++------ cookbooks/wazuh_server/recipes/filebeat.rb | 16 +++-- cookbooks/wazuh_server/recipes/manager.rb | 25 +------ .../templates/default/api.yaml.erb | 51 +------------- .../templates/default/filebeat.yml.erb | 26 +------- 6 files changed, 94 insertions(+), 148 deletions(-) diff --git a/cookbooks/wazuh_server/attributes/api.rb b/cookbooks/wazuh_server/attributes/api.rb index 8fe6377a..b41b3d4b 100644 --- a/cookbooks/wazuh_server/attributes/api.rb +++ b/cookbooks/wazuh_server/attributes/api.rb @@ -1,25 +1,35 @@ -default['api'] = { - 'bind_addr' => "0.0.0.0", - 'port' => 55000, - 'behind_proxy_server' => "no", - 'https' => "yes", - 'https_key' => "api/configuration/ssl/server.key", - 'https_cert' => "api/configuration/ssl/server.crt", - 'https_use_ca' => "False", - 'https_ca' => "api/configuration/ssl/ca.crt", - 'logging_level' => "info", - 'logging_path' => "logs/api.log", - 'cors' => "no", - 'cors_source_route' => "*", - 'cors_expose_headers' => "*", - 'cors_allow_headers' => "*", - 'cors_allow_credentials' => "no", - 'cache' => "yes", - 'cache_time' => 0.750, - 'access_max_login_attempts' => 5, #Should be updated - 'access_block_time' => 300, - 'access_max_request_per_minute' => 300, - 'use_only_authd' => 300, - 'drop_privileges' => "yes", - 'experimental_features' => "no" +default['api']['yml'] = { + 'host': '0.0.0.0', + 'port': 55000, + 'behind_proxy_server': 'no', + 'use_only_authd': 'no', + 'drop_privileges': 'yes', + 'experimental_features': 'no', + 'https': { + 'enabled': 'yes', + 'key': "\"api/configuration/ssl/server.key\"", + 'cert': "\"api/configuration/ssl/server.crt\"", + 'use_ca': 'False', + 'ca': "\"api/configuration/ssl/ca.crt\"" + }, + 'logs': { + 'level': "\"info\"", + 'path': "\"logs/api.log\"" + }, + 'cors': { + 'enabled': 'no', + 'source_route': "\"*\"", + 'expose_headers': "\"*\"", + 'allow_headers': "\"*\"", + 'allow_credentials': 'no' + }, + 'cache': { + 'enabled': 'yes', + 'time': 0.750 + }, + 'access': { + 'max_login_attempts': 5, + 'block_time': 300, + 'max_request_per_minute': 300 + } } \ No newline at end of file diff --git a/cookbooks/wazuh_server/attributes/filebeat.rb b/cookbooks/wazuh_server/attributes/filebeat.rb index 48c9414b..0c549fdf 100644 --- a/cookbooks/wazuh_server/attributes/filebeat.rb +++ b/cookbooks/wazuh_server/attributes/filebeat.rb @@ -1,22 +1,48 @@ -default['filebeat']['config_path'] = '/etc/filebeat/filebeat.yml' -default['filebeat']['wazuh_filebeat_module'] = "wazuh-filebeat-0.1.tar.gz" -default['filebeat']['wazuh_template'] = "wazuh-template.json" -default['filebeat']['yml'] = { - 'output_elasticsearch_hosts' => { - "0.0.0.0": 9200 +default["filebeat"]["config_path"] = "/etc/filebeat" +default["filebeat"]["wazuh_filebeat_module"] = "wazuh-filebeat-0.1.tar.gz" +default["filebeat"]["wazuh_template"] = "wazuh-template.json" +# Array with Elastic nodes IP +default["filebeat"]["elastic_nodes_ip"] = [ + "\"0.0.0.0:9200\"" +] +default["filebeat"]["yml"] = { + "output": { + "elasticsearch": { + "hosts": node["filebeat"]["elastic_nodes_ip"], + "protocol": "https", + "username": "\"admin\"", + "password": "\"admin\"", + "ssl": { + "certificate_authorities": [ + "/etc/filebeat/certs/root-ca.pem" + ], + "certificate": "/etc/filebeat/certs/filebeat.pem", + "key": "/etc/filebeat/certs/filebeat.key" + } + } }, - 'output_elasticsearch_protocol' => "https", - 'output_elasticsearch_username' => "\"admin\"", - 'output_elasticsearch_password' => "\"admin\"", - 'ssl_certificate_authorities' => "/etc/filebeat/certs/root-ca.pem", - 'ssl_certificate' => "\"/etc/filebeat/certs/filebeat.pem\"", - 'ssl_key' => "\"/etc/filebeat/certs/filebeat.key\"", - 'setup_template_json_enabled' => true, - 'setup_template_json_path' => "\'/etc/filebeat/#{node['filebeat']['wazuh_template']}\'", - 'setup_template_json_name' => "\'wazuh\'", - 'setup_ilm_overwrite' => true, - 'setup_ilm_enabled' => false, - 'filebeat_modules_module' => "wazuh", - 'filebeat_modules_alerts_enabled' => true, - 'filebeat_modules_archives_enabled' => false + "setup": { + "template": { + "json": { + "enabled": true, + "path": "/etc/filebeat/wazuh-template.json", + "name": "\"wazuh\"" + } + }, + "ilm": { + "overwrite": true, + "enabled": false + } + }, + "filebeat": [ + { + "module": "wazuh", + "alerts": { + "enabled": true + }, + "archives": { + "enabled": false + } + } + ] } \ No newline at end of file diff --git a/cookbooks/wazuh_server/recipes/filebeat.rb b/cookbooks/wazuh_server/recipes/filebeat.rb index 499ae2b1..39d242a9 100644 --- a/cookbooks/wazuh_server/recipes/filebeat.rb +++ b/cookbooks/wazuh_server/recipes/filebeat.rb @@ -4,6 +4,7 @@ # Author:: Wazuh # Install Filebeat package +require 'yaml' if platform_family?('debian','ubuntu') package 'lsb-release' @@ -72,25 +73,26 @@ ) end =end -template node['filebeat']['config_path'] do +template "#{node['filebeat']['config_path']}/filebeat.yml" do source 'filebeat.yml.erb' owner 'root' group 'root' mode '0640' - variables(content: + variables :content => YAML::dump(YAML::dump(node['filebeat']['yml'].to_hash).gsub('!map:Mash','')) +end # Download the alerts template for Elasticsearch: remote_file "/etc/filebeat/#{node['filebeat']['wazuh_template']}" do - source "https://raw.githubusercontent.com/wazuh/wazuh/#{node['wazuh']['version']}/extensions/elasticsearch/#{node['elastic']['version']}/#{node['filebeat']['wazuh_template']}" - owner "root" - group "root" - mode "0644" + source "https://raw.githubusercontent.com/wazuh/wazuh/#{node['wazuh']['version']}/extensions/elasticsearch/#{node['elastic']['version']}/#{node['filebeat']['wazuh_template']}" + owner "root" + group "root" + mode "0644" end # Download the Wazuh module for Filebeat: remote_file "/usr/share/filebeat/module/#{node['filebeat']['wazuh_filebeat_module']}" do - source "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/filebeat/#{node['filebeat']['wazuh_filebeat_module']}" + source "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/filebeat/#{node['filebeat']['wazuh_filebeat_module']}" end # Change module permission diff --git a/cookbooks/wazuh_server/recipes/manager.rb b/cookbooks/wazuh_server/recipes/manager.rb index e02d4239..c786893c 100644 --- a/cookbooks/wazuh_server/recipes/manager.rb +++ b/cookbooks/wazuh_server/recipes/manager.rb @@ -66,7 +66,7 @@ end end -include_recipe 'wazuh_manager::common' +include_recipe 'wazuh_server::common' template "#{node['ossec']['dir']}/etc/local_internal_options.conf" do source 'var/ossec/etc/manager_local_internal_options.conf' @@ -96,28 +96,7 @@ owner 'root' group 'ossec' mode '0660' - variables({bind_addr: "host: #{node['api']['bind_addr']}", - port: "port: #{node['api']['port']}", - behind_proxy_server: "behind_proxy_server: #{node['api']['behind_proxy_server']}", - https_enabled: "enabled: #{node['api']['https']}", - https_key: "key: #{node['api']['https_key']}", - https_cert: "cert: #{node['api']['https_cert']}", - https_use_ca: "use_ca: #{node['api']['https_use_ca']}", - https_ca: "ca: #{node['api']['https_ca']}", - logging_level: "level: #{node['api']['logging_level']}", - logging_path: "path: #{node['api']['logging_path']}", - cors_enabled: "enabled: #{node['api']['cors']}", - cors_source_route: "source_route: \"#{node['api']['cors_source_route']}\"", - cors_expose_headers: "expose_headers: \"#{node['api']['cors_expose_headers']}\"", - cors_allow_headers: "allow_headers: \"#{node['api']['cors_allow_headers']}\"", - cors_allow_credentials: "allow_credentials: #{node['api']['cors_allow_credentials']}", - cache_enabled: "enabled: #{node['api']['cache']}", - access_max_login_attempts: "max_login_attempts: #{node['api']['access_max_login_attempts']}", - access_block_time: "block_time: #{node['api']['access_block_time']}", - access_max_request_per_minute: "max_request_per_minute: #{node['api']['access_max_request_per_minute']}", - use_only_authd: "use_only_authd: #{node['api']['use_only_authd']}", - drop_privileges: "drop_privileges: #{node['api']['drop_privileges']}", - experimental_features: "experimental_features: #{node['api']['experimental_features']}" }) + variables :content => YAML::dump(YAML::dump(node['api']['yml'].to_hash).gsub('!map:Mash','')) end diff --git a/cookbooks/wazuh_server/templates/default/api.yaml.erb b/cookbooks/wazuh_server/templates/default/api.yaml.erb index 0edecabe..8778170f 100644 --- a/cookbooks/wazuh_server/templates/default/api.yaml.erb +++ b/cookbooks/wazuh_server/templates/default/api.yaml.erb @@ -1,51 +1,4 @@ -# USE THIS FILE AS A TEMPLATE. UNCOMMENT LINES TO APPLY CUSTOM CONFIGURATION +# Wazuh - Api configuration file +<%= @content %> -<%= @bind_addr %> -<%= @port %> -# Set this option to "yes" in case the API is running behind a proxy server. Values: yes, no -<%= @behind_proxy_server %> -# Force the use of authd when adding and removing agents. Values: yes, no -<%= @use_only_authd %> -# Drop privileges (Run as ossec user) -<%= @drop_privileges %> -# Enable features under development -<%= @experimental_features %> - -#Advanced configuration - -https: - <%= @https_enabled %> - <%= @https_key %> - <%= @https_cert %> - <%= @https_use_ca %> - <%= @https_ca %> - -# Logging configuration -# Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). - -logs: - <%= @logging_level %> - <%= @logging_path %> - -# Cross-origin resource sharing: https://github.com/aio-libs/aiohttp-cors#usage - -cors: - <%= @cors_enabled %> - <%= @cors_source_route %> - <%= @cors_expose_headers %> - <%= @cors_allow_headers %> - <%= @cors_allow_credentials %> - -# Cache (time in seconds) - -cache: - <%= @cache_enabled %> - <%= @cache_time %> - -# Access parameters - -access: - <%= @access_max_login_attempts %> - <%= @access_block_time %> - <%= @access_max_request_per_minute %> diff --git a/cookbooks/wazuh_server/templates/default/filebeat.yml.erb b/cookbooks/wazuh_server/templates/default/filebeat.yml.erb index 480747dc..337058b0 100644 --- a/cookbooks/wazuh_server/templates/default/filebeat.yml.erb +++ b/cookbooks/wazuh_server/templates/default/filebeat.yml.erb @@ -1,26 +1,2 @@ # Wazuh - Filebeat configuration file -output.elasticsearch: - hosts: [ - <% @output_elasticsearch_hosts.each do |ip, port| -%> - "<%= ip %>:<%= port %>", - <% end -%> - ] - protocol: <%= @output_elasticsearch_protocol %> - username: <%= @output_elasticsearch_username %> - password: <%= @output_elasticsearch_password %> - ssl.certificate_authorities: - - <%= @ssl_certificate_authorities %> - ssl.certificate: <%= @ssl_certificate %> - ssl.key: <%= @ssl_key %> -setup.template.json.enabled: <%= @setup_template_json_enabled %> -setup.template.json.path: <%= @setup_template_json_path %> -setup.template.json.name: <%= @setup_template_json_name %> -setup.ilm.overwrite: <%= @setup_ilm_overwrite %> -setup.ilm.enabled: <%= @setup_ilm_enabled %> - -filebeat.modules: - - module: <%= @filebeat_modules_module %> - alerts: - enabled: <%= @filebeat_modules_alerts_enabled %> - archives: - enabled: <%= @filebeat_modules_archives_enabled %> +<%= @content %> \ No newline at end of file From cbd5935884d432e7164690b253a653868802eca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 23 Nov 2020 14:23:40 +0100 Subject: [PATCH 021/260] Change manager to server --- cookbooks/wazuh_server/recipes/default.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cookbooks/wazuh_server/recipes/default.rb b/cookbooks/wazuh_server/recipes/default.rb index f5ad7994..2bc68f21 100644 --- a/cookbooks/wazuh_server/recipes/default.rb +++ b/cookbooks/wazuh_server/recipes/default.rb @@ -1,5 +1,5 @@ include_recipe 'apt::default' -include_recipe 'wazuh_manager::prerequisites' -include_recipe 'wazuh_manager::repository' -include_recipe 'wazuh_manager::manager' -include_recipe 'wazuh_manager::filebeat' \ No newline at end of file +include_recipe 'wazuh_server::prerequisites' +include_recipe 'wazuh_server::repository' +include_recipe 'wazuh_server::manager' +include_recipe 'wazuh_server::filebeat' \ No newline at end of file From 5affe25e41d2bee5fda0fe6fee099525f4e43d8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 24 Nov 2020 15:08:45 +0100 Subject: [PATCH 022/260] Fixed #111 --- cookbooks/wazuh_server/.kitchen.yml | 10 +-- cookbooks/wazuh_server/attributes/api.rb | 37 +---------- cookbooks/wazuh_server/attributes/auth.rb | 3 +- cookbooks/wazuh_server/attributes/cluster.rb | 4 +- cookbooks/wazuh_server/attributes/command.rb | 62 +++++++------------ cookbooks/wazuh_server/attributes/filebeat.rb | 53 +++------------- cookbooks/wazuh_server/attributes/logging.rb | 4 +- cookbooks/wazuh_server/attributes/syscheck.rb | 20 +++--- .../attributes/vulnerability-detector.rb | 19 +++--- cookbooks/wazuh_server/recipes/filebeat.rb | 28 +-------- cookbooks/wazuh_server/recipes/manager.rb | 5 +- .../templates/default/api.yaml.erb | 35 ++++++++++- .../templates/default/filebeat.yml.erb | 26 +++++++- roles/README.md | 20 ++++++ 14 files changed, 155 insertions(+), 171 deletions(-) create mode 100644 roles/README.md diff --git a/cookbooks/wazuh_server/.kitchen.yml b/cookbooks/wazuh_server/.kitchen.yml index c7a646e3..b9f2e3bf 100644 --- a/cookbooks/wazuh_server/.kitchen.yml +++ b/cookbooks/wazuh_server/.kitchen.yml @@ -24,17 +24,17 @@ suites: data_bags_path: "test/data_bags" encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" run_list: - - recipe[wazuh_server::manager] + - recipe[wazuh_server::default] + #- recipe[wazuh_server::prerequisites] + #- recipe[wazuh_server::repository] + #- recipe[wazuh_server::manager] + #- recipe[wazuh_server::filebeat] driver: network: - ["private_network", {ip: "172.16.10.10"}] customize: memory: 2048 cpus: 1 -# provisioner: -# client_rb: -# environment: development-master - - name: elastic run_list: - recipe[wazuh_elastic::default] diff --git a/cookbooks/wazuh_server/attributes/api.rb b/cookbooks/wazuh_server/attributes/api.rb index b41b3d4b..fa19c072 100644 --- a/cookbooks/wazuh_server/attributes/api.rb +++ b/cookbooks/wazuh_server/attributes/api.rb @@ -1,35 +1,4 @@ -default['api']['yml'] = { - 'host': '0.0.0.0', - 'port': 55000, - 'behind_proxy_server': 'no', - 'use_only_authd': 'no', - 'drop_privileges': 'yes', - 'experimental_features': 'no', - 'https': { - 'enabled': 'yes', - 'key': "\"api/configuration/ssl/server.key\"", - 'cert': "\"api/configuration/ssl/server.crt\"", - 'use_ca': 'False', - 'ca': "\"api/configuration/ssl/ca.crt\"" - }, - 'logs': { - 'level': "\"info\"", - 'path': "\"logs/api.log\"" - }, - 'cors': { - 'enabled': 'no', - 'source_route': "\"*\"", - 'expose_headers': "\"*\"", - 'allow_headers': "\"*\"", - 'allow_credentials': 'no' - }, - 'cache': { - 'enabled': 'yes', - 'time': 0.750 - }, - 'access': { - 'max_login_attempts': 5, - 'block_time': 300, - 'max_request_per_minute': 300 - } +default['api'] = { + 'ip' => '0.0.0.0', + 'port' => 55000 } \ No newline at end of file diff --git a/cookbooks/wazuh_server/attributes/auth.rb b/cookbooks/wazuh_server/attributes/auth.rb index adaff79e..9cddcdc6 100644 --- a/cookbooks/wazuh_server/attributes/auth.rb +++ b/cookbooks/wazuh_server/attributes/auth.rb @@ -2,11 +2,12 @@ default['ossec']['conf']['auth'] = { 'disabled' => false, 'port' => 1515, - 'use_source_ip' => true, + 'use_source_ip' => false, 'force_insert' => true, 'force_time' => 0, 'purge' => true, 'use_password' => false, + 'limit_maxagents' => true, 'ciphers' => 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH', 'ssl_verify_host' => false, 'ssl_manager_cert' => "#{node['ossec']['dir']}/etc/sslmanager.cert", diff --git a/cookbooks/wazuh_server/attributes/cluster.rb b/cookbooks/wazuh_server/attributes/cluster.rb index ee96f73a..dd0deab2 100644 --- a/cookbooks/wazuh_server/attributes/cluster.rb +++ b/cookbooks/wazuh_server/attributes/cluster.rb @@ -9,6 +9,6 @@ 'nodes' => { 'node' => "NODE_IP" }, - 'hidden' => 'no', - 'disabled' => 'yes' + 'hidden' => false, + 'disabled' => true } diff --git a/cookbooks/wazuh_server/attributes/command.rb b/cookbooks/wazuh_server/attributes/command.rb index 135788da..2404d335 100644 --- a/cookbooks/wazuh_server/attributes/command.rb +++ b/cookbooks/wazuh_server/attributes/command.rb @@ -3,69 +3,53 @@ 'name' => 'disable-account', 'executable' => 'disable-account.sh', 'expect' => 'user', - 'timeout_allowed' => 'yes' + 'timeout_allowed' => true }, { - 'content!' => { - 'name' => 'restart-ossec', - 'executable' => 'restart-ossec.sh', - 'expect' => '' - } + 'name' => 'restart-ossec', + 'executable' => 'restart-ossec.sh', + 'expect' => '' }, { - 'content!' => { 'name' => 'firewall-drop', 'executable' => 'firewall-drop.sh', 'expect' => 'srcip', - 'timeout_allowed' => 'yes' - } + 'timeout_allowed' => true }, { - 'content!' => { 'name' => 'host-deny', 'executable' => 'host-deny.sh', 'expect' => 'srcip', - 'timeout_allowed' => 'yes' - } + 'timeout_allowed' => true }, { - 'content!' => { 'name' => 'route-null', 'executable' => 'route-null.sh', 'expect' => 'srcip', - 'timeout_allowed' => 'yes' - } + 'timeout_allowed' => true }, { - 'content!' => { - 'name' => 'win_route-null', - 'executable' => 'win_route-null.cmd', - 'expect' => 'srcip', - 'timeout_allowed' => 'yes' - } + 'name' => 'win_route-null', + 'executable' => 'route-null.cmd', + 'expect' => 'srcip', + 'timeout_allowed' => true }, { - 'content!' => { - 'name' => 'win_route-null-2012', - 'executable' => 'route-null_2012.cmd', - 'expect' => 'srcip', - 'timeout_allowed' => 'yes' - } + 'name' => 'win_route-null-2012', + 'executable' => 'route-null_2012.cmd', + 'expect' => 'srcip', + 'timeout_allowed' => true }, { - 'content!' => { - 'name' => 'netsh', - 'executable' => 'netsh.cmd', - 'expect' => 'srcip', - 'timeout_allowed' => 'yes' - } + 'name' => 'netsh', + 'executable' => 'netsh.cmd', + 'expect' => 'srcip', + 'timeout_allowed' => true }, { - 'content!' => { - 'name' => 'netsh-win-2016', - 'executable' => 'netsh-win-2016.cmd', - 'expect' => 'srcip', - 'timeout_allowed' => 'yes' - } + 'name' => 'netsh-win-2016', + 'executable' => 'netsh-win-2016.cmd', + 'expect' => 'srcip', + 'timeout_allowed' => true } ] diff --git a/cookbooks/wazuh_server/attributes/filebeat.rb b/cookbooks/wazuh_server/attributes/filebeat.rb index 0c549fdf..20276128 100644 --- a/cookbooks/wazuh_server/attributes/filebeat.rb +++ b/cookbooks/wazuh_server/attributes/filebeat.rb @@ -1,48 +1,9 @@ -default["filebeat"]["config_path"] = "/etc/filebeat" -default["filebeat"]["wazuh_filebeat_module"] = "wazuh-filebeat-0.1.tar.gz" -default["filebeat"]["wazuh_template"] = "wazuh-template.json" -# Array with Elastic nodes IP -default["filebeat"]["elastic_nodes_ip"] = [ - "\"0.0.0.0:9200\"" -] -default["filebeat"]["yml"] = { - "output": { - "elasticsearch": { - "hosts": node["filebeat"]["elastic_nodes_ip"], - "protocol": "https", - "username": "\"admin\"", - "password": "\"admin\"", - "ssl": { - "certificate_authorities": [ - "/etc/filebeat/certs/root-ca.pem" - ], - "certificate": "/etc/filebeat/certs/filebeat.pem", - "key": "/etc/filebeat/certs/filebeat.key" - } - } - }, - "setup": { - "template": { - "json": { - "enabled": true, - "path": "/etc/filebeat/wazuh-template.json", - "name": "\"wazuh\"" - } - }, - "ilm": { - "overwrite": true, - "enabled": false - } - }, - "filebeat": [ - { - "module": "wazuh", - "alerts": { - "enabled": true - }, - "archives": { - "enabled": false - } - } +default["filebeat"] = { + "config_path" => "/etc/filebeat", + "wazuh_filebeat_module" => "wazuh-filebeat-0.1.tar.gz", + "wazuh_template" => "wazuh-template.json", + # Array with Elastic nodes IP + "elastic_nodes" => [ + "0.0.0.0:9200" ] } \ No newline at end of file diff --git a/cookbooks/wazuh_server/attributes/logging.rb b/cookbooks/wazuh_server/attributes/logging.rb index 6d32e36d..807f3a0f 100644 --- a/cookbooks/wazuh_server/attributes/logging.rb +++ b/cookbooks/wazuh_server/attributes/logging.rb @@ -1,2 +1,4 @@ # Choose between plain or json format (or both) for internal logs -default['ossec']['conf']['logging']['log_format'] = 'plain' \ No newline at end of file +default['ossec']['conf']['logging'] = { + 'log_format' => 'plain' +} \ No newline at end of file diff --git a/cookbooks/wazuh_server/attributes/syscheck.rb b/cookbooks/wazuh_server/attributes/syscheck.rb index b2680e53..59d003ea 100644 --- a/cookbooks/wazuh_server/attributes/syscheck.rb +++ b/cookbooks/wazuh_server/attributes/syscheck.rb @@ -1,13 +1,18 @@ # Syscheck settings default['ossec']['conf']['syscheck'] = { 'disabled' => false, - 'frequency' => 43200, + 'frequency' => '43200', 'scan_on_start' => true, + 'alert_new_files' => true, 'auto_ignore' => { '@frequency' => '10', '@timeframe' => '3600', 'content!' => false }, + 'directories' => [ + { '@check_all' => true, 'content!' => '/etc,/usr/bin,/usr/sbin' }, + { '@check_all' => true, 'content!' => '/bin,/sbin,/boot' } + ], 'ignore' => [ '/etc/mtab', '/etc/hosts.deny', @@ -27,16 +32,15 @@ { '@type' => 'sregex', 'content!' => '^/proc' }, { '@type' => 'sregex', 'content!' => '.log$|.swp$'} ], - 'directories' => [ - { '@check_all' => true, 'content!' => '/etc,/usr/bin,/usr/sbin' }, - { '@check_all' => true, 'content!' => '/bin,/sbin,/boot' } - ], 'nodiff' => '/etc/ssl/private.key', 'skip_nfs' => true, - 'max_eps' => 100, - 'process_priority' => 10, + 'skip_dev' => true, + 'skip_proc' => true, + 'skip_sys' => true, + 'max_eps' => '100', + 'process_priority' => '10', 'synchronization' => { - 'enabled' => 'yes', + 'enabled' => true, 'interval' => '5m', 'max_interval' => '1h', 'max_eps' => '10' diff --git a/cookbooks/wazuh_server/attributes/vulnerability-detector.rb b/cookbooks/wazuh_server/attributes/vulnerability-detector.rb index e0f6dc22..ac85c63b 100644 --- a/cookbooks/wazuh_server/attributes/vulnerability-detector.rb +++ b/cookbooks/wazuh_server/attributes/vulnerability-detector.rb @@ -1,26 +1,31 @@ default['ossec']['conf']['vulnerability-detector'] = [ - 'enabled' => 'no', + 'enabled' => false, 'interval' => '5m', 'ignore_time' => '6h', - 'run_on_start' => 'yes', + 'run_on_start' => true, 'provider' => [ { '@name' => 'canonical', - 'enabled' => 'no', + 'enabled' => false, 'os' => ['trusty', 'xenial', 'bionic', 'focal'], 'update_interval' => '1h' }, { '@name' => 'debian', - 'enabled' => 'no', + 'enabled' => false, 'os' => ['wheezy', 'stretch', 'jessie', 'buster'], 'update_interval' => '1h' }, { '@name' => 'redhat', - 'enabled' => 'no', - 'update_from_year' => '2010', + 'enabled' => false, + 'os' => ['5', '6', '7', '8'], + 'update_interval' => '1h' + }, + { + '@name' => 'msu', + 'enabled' => true, 'update_interval' => '1h' }, { '@name' => 'nvd', - 'enabled' => 'no', + 'enabled' => true, 'update_from_year' => '2010', 'update_interval' => '1h' } diff --git a/cookbooks/wazuh_server/recipes/filebeat.rb b/cookbooks/wazuh_server/recipes/filebeat.rb index 39d242a9..835d00bf 100644 --- a/cookbooks/wazuh_server/recipes/filebeat.rb +++ b/cookbooks/wazuh_server/recipes/filebeat.rb @@ -48,38 +48,16 @@ end # Edit the file /etc/filebeat/filebeat.yml -=begin -template node['filebeat']['config_path'] do + +template "#{node['filebeat']['config_path']}/filebeat.yml" do source 'filebeat.yml.erb' owner 'root' group 'root' mode '0640' variables( - output_elasticsearch_hosts: node['filebeat']['yml']['output_elasticsearch_hosts'], - output_elasticsearch_protocol: node['filebeat']['yml']['output_elasticsearch_protocol'], - output_elasticsearch_username: node['filebeat']['yml']['output_elasticsearch_username'], - output_elasticsearch_password: node['filebeat']['yml']['output_elasticsearch_password'], - ssl_certificate_authorities: node['filebeat']['yml']['ssl_certificate_authorities'], - ssl_certificate: node['filebeat']['yml']['ssl_certificate'], - ssl_key: node['filebeat']['yml']['ssl_key'], - setup_template_json_enabled: node['filebeat']['yml']['setup_template_json_enabled'], - setup_template_json_path: node['filebeat']['yml']['setup_template_json_path'], - setup_template_json_name: node['filebeat']['yml']['setup_template_json_name'], - setup_ilm_overwrite: node['filebeat']['yml']['setup_ilm_overwrite'], - setup_ilm_enabled: node['filebeat']['yml']['setup_ilm_enabled'], - filebeat_modules_module: node['filebeat']['yml']['filebeat_modules_module'], - filebeat_modules_alerts_enabled: node['filebeat']['yml']['filebeat_modules_alerts_enabled'], - filebeat_modules_archives_enabled: node['filebeat']['yml']['filebeat_modules_archives_enabled'] + hosts: node["filebeat"]["elastic_nodes"] ) end -=end -template "#{node['filebeat']['config_path']}/filebeat.yml" do - source 'filebeat.yml.erb' - owner 'root' - group 'root' - mode '0640' - variables :content => YAML::dump(YAML::dump(node['filebeat']['yml'].to_hash).gsub('!map:Mash','')) -end # Download the alerts template for Elasticsearch: diff --git a/cookbooks/wazuh_server/recipes/manager.rb b/cookbooks/wazuh_server/recipes/manager.rb index c786893c..56308e00 100644 --- a/cookbooks/wazuh_server/recipes/manager.rb +++ b/cookbooks/wazuh_server/recipes/manager.rb @@ -96,7 +96,10 @@ owner 'root' group 'ossec' mode '0660' - variables :content => YAML::dump(YAML::dump(node['api']['yml'].to_hash).gsub('!map:Mash','')) + variables( + host: "#{node['api']['ip']}", + port: "#{node['api']['port']}" + ) end diff --git a/cookbooks/wazuh_server/templates/default/api.yaml.erb b/cookbooks/wazuh_server/templates/default/api.yaml.erb index 8778170f..1001f347 100644 --- a/cookbooks/wazuh_server/templates/default/api.yaml.erb +++ b/cookbooks/wazuh_server/templates/default/api.yaml.erb @@ -1,4 +1,37 @@ # Wazuh - Api configuration file -<%= @content %> +host: <%= @host %> +port: <%= @port %> +behind_proxy_server: no + +use_only_authd: no +drop_privileges: yes +experimental_features: no + +https: + enabled: yes + key: "api/configuration/ssl/server.key" + cert: "api/configuration/ssl/server.crt" + use_ca: False + ca: "api/configuration/ssl/ca.crt" + +logs: + level: "info" + path: "logs/api.log" + +cors: + enabled: no + source_route: "*" + expose_headers: "*" + allow_headers: "*" + allow_credentials: no + +cache: + enabled: yes + time: 0.750 + +access: + max_login_attempts: 50 + block_time: 300 + max_request_per_minute: 300 diff --git a/cookbooks/wazuh_server/templates/default/filebeat.yml.erb b/cookbooks/wazuh_server/templates/default/filebeat.yml.erb index 337058b0..9f61795b 100644 --- a/cookbooks/wazuh_server/templates/default/filebeat.yml.erb +++ b/cookbooks/wazuh_server/templates/default/filebeat.yml.erb @@ -1,2 +1,26 @@ # Wazuh - Filebeat configuration file -<%= @content %> \ No newline at end of file +output.elasticsearch: + hosts: [ + <% @hosts.each do |node| %> + "<%= node %>", + <% end %> + ] + protocol: https + username: "admin" + password: "admin" + ssl.certificate_authorities: + - /etc/filebeat/certs/root-ca.pem + ssl.certificate: "/etc/filebeat/certs/filebeat.pem" + ssl.key: "/etc/filebeat/certs/filebeat.key" +setup.template.json.enabled: true +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' +setup.ilm.overwrite: true +setup.ilm.enabled: false + +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false \ No newline at end of file diff --git a/roles/README.md b/roles/README.md new file mode 100644 index 00000000..3a4ef0c6 --- /dev/null +++ b/roles/README.md @@ -0,0 +1,20 @@ +Wazuh roles +==================================== + +# Attrributes + +Manager +------------ + +### How to bind a specific IP address to manager? + +In case you have a non single-node installation and want to bind a specifi IP address to the manager +the followig attributes must be override: + +* ```node['api]['ip']```: the IP address bind to the API +* ```node['api]['port']```: the port bind to the API + +Filebeat +------------ + +* ```node['filebeat']['elastic_nodes']```: array with all Elastic nodes IP and port (:) \ No newline at end of file From 939e13b8b2c0c5a2450ced08e15b0608962b224d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 26 Nov 2020 14:25:40 +0100 Subject: [PATCH 023/260] Deploy more cookbooks --- .../.gitignore | 0 cookbooks/elastic-stack/.kitchen.yml | 58 +++++ .../Berksfile | 2 +- .../CHANGELOG.md | 0 .../{wazuh_elastic => elastic-stack}/Gemfile | 0 cookbooks/elastic-stack/README.md | 129 +++++++++++ cookbooks/elastic-stack/attributes/api.rb | 8 + cookbooks/elastic-stack/attributes/default.rb | 12 ++ cookbooks/elastic-stack/attributes/jvm.rb | 3 + .../elastic-stack/attributes/versions.rb | 11 + cookbooks/elastic-stack/attributes/yml.rb | 35 +++ .../config/rake.rb | 0 cookbooks/elastic-stack/metadata.rb | 29 +++ cookbooks/elastic-stack/recipes/default.rb | 9 + .../elastic-stack/recipes/elasticsearch.rb | 100 +++++++++ cookbooks/elastic-stack/recipes/kibana.rb | 114 ++++++++++ .../elastic-stack/recipes/prerequisites.rb | 15 ++ cookbooks/elastic-stack/recipes/repository.rb | 48 +++++ .../spec/spec_helper.rb | 0 .../spec/unit/recipes/default_spec.rb | 0 .../spec/unit/recipes/elasticsearch_spec.rb | 0 .../spec/unit/recipes/kibana_spec.rb | 0 .../spec/unit/recipes/lostash_spec.rb | 0 .../spec/unit/recipes/nginx_spec.rb | 0 .../templates/elasticsearch.yml.erb | 92 ++++++++ .../elastic-stack/templates/jvm.options.erb | 77 +++++++ .../elastic-stack/templates/kibana.yml.erb | 119 +++++++++++ .../test/data_bags/wazuh_secrets/api.json | 0 .../wazuh_secrets/logstash_certificate.json | 0 .../wazuh_secrets/nginx_certificate.json | 0 .../data_bags/wazuh_secrets/test_data_bag_key | 0 .../test/environments/development.json | 0 .../test/environments/production.json | 0 .../default/data_bags/wazuh_secrets/api.json | 0 .../wazuh_secrets/logstash_certificate.json | 0 .../default/encrypted_data_bag_secret | 0 .../default/serverspec/default_spec.rb | 0 .../helpers/serverspec/spec_helper.rb | 0 cookbooks/filebeat-oss/.delivery/project.toml | 32 +++ cookbooks/filebeat-oss/.gitignore | 22 ++ .../filebeat-oss/.vscode/extensions.json | 5 + cookbooks/filebeat-oss/Berksfile | 3 + cookbooks/filebeat-oss/CHANGELOG.md | 10 + .../{wazuh_server => filebeat-oss}/LICENSE | 0 cookbooks/filebeat-oss/README.md | 4 + cookbooks/filebeat-oss/attributes/default.rb | 11 + cookbooks/filebeat-oss/attributes/versions.rb | 12 ++ cookbooks/filebeat-oss/chefignore | 115 ++++++++++ cookbooks/filebeat-oss/kitchen.yml | 38 ++++ cookbooks/filebeat-oss/metadata.rb | 19 ++ cookbooks/filebeat-oss/recipes/default.rb | 7 + cookbooks/filebeat-oss/recipes/filebeat.rb | 88 ++++++++ cookbooks/filebeat-oss/recipes/repository.rb | 44 ++++ cookbooks/filebeat-oss/spec/spec_helper.rb | 2 + .../spec/unit/recipes/default_spec.rb | 41 ++++ .../templates}/filebeat.yml.erb | 0 .../test/integration/default/default_test.rb | 16 ++ cookbooks/filebeat/.gitignore | 16 ++ cookbooks/filebeat/.kitchen.yml | 27 +++ cookbooks/filebeat/Berksfile | 9 + cookbooks/filebeat/CHANGELOG.md | 10 + cookbooks/filebeat/README.md | 69 ++++++ cookbooks/filebeat/attributes/default.rb | 11 + cookbooks/filebeat/attributes/versions.rb | 12 ++ cookbooks/filebeat/chefignore | 95 +++++++++ cookbooks/filebeat/libraries/matchers.rb | 0 cookbooks/filebeat/metadata.rb | 25 +++ cookbooks/filebeat/providers/default.rb | 0 cookbooks/filebeat/recipes/default.rb | 7 + cookbooks/filebeat/recipes/filebeat.rb | 94 ++++++++ cookbooks/filebeat/recipes/repository.rb | 49 +++++ cookbooks/filebeat/resources/default.rb | 0 .../spec/spec_helper.rb | 0 .../spec/unit/recipes/default_spec.rb | 45 ++++ .../templates/default/filebeat.yml.erb | 19 ++ .../test/data_bags/wazuh_secrets/api.json | 0 .../wazuh_secrets/logstash_certificate.json | 9 + .../data_bags/wazuh_secrets_delete/api.json | 15 ++ .../logstash_certificate.json | 9 + .../test/environments/development.json | 16 ++ .../test/environments/production.json | 16 ++ .../default/data_bags/wazuh_secrets/api.json | 15 ++ .../wazuh_secrets/logstash_certificate.json | 9 + .../data_bags/wazuh_secrets_delete/api.json | 15 ++ .../logstash_certificate.json | 9 + .../default/encrypted_data_bag_secret} | 0 cookbooks/opendistro/.gitignore | 5 + cookbooks/opendistro/.kitchen.yml | 58 +++++ cookbooks/opendistro/Berksfile | 7 + cookbooks/opendistro/CHANGELOG.md | 6 + cookbooks/opendistro/Gemfile | 21 ++ .../{wazuh_elastic => opendistro}/README.md | 0 cookbooks/opendistro/attributes/api.rb | 12 ++ cookbooks/opendistro/attributes/default.rb | 16 ++ cookbooks/opendistro/attributes/jvm.rb | 3 + .../opendistro/attributes/search_guard.rb | 1 + cookbooks/opendistro/attributes/versions.rb | 23 ++ .../attributes/yml.rb} | 32 ++- cookbooks/opendistro/config/rake.rb | 35 +++ .../{wazuh_elastic => opendistro}/metadata.rb | 0 cookbooks/opendistro/recipes/default.rb | 10 + cookbooks/opendistro/recipes/elasticsearch.rb | 184 ++++++++++++++++ .../recipes/kibana.rb | 35 +-- .../recipes/prerequisites.rb | 11 +- .../recipes/repository.rb | 15 +- cookbooks/opendistro/spec/spec_helper.rb | 20 ++ .../spec/unit/recipes/default_spec.rb | 25 +++ .../spec/unit/recipes/elasticsearch_spec.rb | 26 +++ .../spec/unit/recipes/kibana_spec.rb | 49 +++++ .../spec/unit/recipes/lostash_spec.rb | 58 +++++ .../spec/unit/recipes/nginx_spec.rb | 60 ++++++ .../templates/elasticsearch.yml.erb | 33 +++ .../opendistro/templates/jvm.options.erb | 77 +++++++ .../templates}/nginx.erb | 0 .../templates}/od_kibana.yml.erb | 4 +- .../opendistro/templates/search-guard.yml.erb | 40 ++++ .../test/data_bags/wazuh_secrets/api.json | 15 ++ .../wazuh_secrets/logstash_certificate.json | 0 .../wazuh_secrets/nginx_certificate.json | 15 ++ .../data_bags/wazuh_secrets/test_data_bag_key | 1 + .../test/environments/development.json | 17 ++ .../test/environments/production.json | 17 ++ .../default/data_bags/wazuh_secrets/api.json | 15 ++ .../wazuh_secrets/logstash_certificate.json | 9 + .../default/encrypted_data_bag_secret | 1 + .../default/serverspec/default_spec.rb | 9 + .../helpers/serverspec/spec_helper.rb | 0 cookbooks/wazuh_elastic/.kitchen.yml | 27 --- cookbooks/wazuh_elastic/attributes/default.rb | 17 -- .../wazuh_elastic/attributes/elasticsearch.rb | 23 -- cookbooks/wazuh_elastic/attributes/kibana.rb | 4 - cookbooks/wazuh_elastic/attributes/nginx.rb | 2 - cookbooks/wazuh_elastic/attributes/odfe.rb | 60 ------ .../wazuh_elastic/attributes/versions.rb | 8 - cookbooks/wazuh_elastic/recipes/default.rb | 16 -- .../wazuh_elastic/recipes/elasticsearch.rb | 167 --------------- cookbooks/wazuh_elastic/recipes/odfe.rb | 155 -------------- .../default/od_elasticsearch.yml.erb | 7 - .../templates/default/search-guard.yml.erb | 8 - .../.gitignore | 0 .../.kitchen.yml | 0 .../{wazuh_server => wazuh_manager}/.rspec | 0 .../.rubocop.yml | 0 .../{wazuh_server => wazuh_manager}/Berksfile | 0 .../CHANGELOG.md | 0 .../CONTRIBUTING.md | 0 .../{wazuh_server => wazuh_manager}/Gemfile | 0 cookbooks/wazuh_manager/LICENSE | 201 ++++++++++++++++++ .../{wazuh_server => wazuh_manager}/README.md | 0 .../{wazuh_server => wazuh_manager}/Rakefile | 0 .../TESTING.md | 0 .../attributes/agent_conf.rb | 0 .../attributes/alerts.rb | 0 .../attributes/api.rb | 0 .../attributes/auth.rb | 0 .../attributes/cluster.rb | 0 .../attributes/command.rb | 0 .../attributes/default.rb | 0 .../attributes/filebeat.rb | 0 .../attributes/global.rb | 0 .../attributes/localfile.rb | 0 .../attributes/logging.rb | 0 .../attributes/remote.rb | 0 .../attributes/rootcheck.rb | 0 .../attributes/ruleset.rb | 0 .../attributes/sca.rb | 0 .../attributes/syscheck.rb | 0 .../attributes/versions.rb | 2 +- .../attributes/vulnerability-detector.rb | 0 .../attributes/wodle.rb | 0 .../chefignore | 0 .../libraries/helpers.rb | 0 .../metadata.rb | 0 .../recipes/common.rb | 0 .../recipes/default.rb | 0 .../recipes/filebeat.rb | 30 --- .../recipes/manager.rb | 0 .../recipes/prerequisites.rb | 0 .../recipes/repository.rb | 0 cookbooks/wazuh_manager/spec/spec_helper.rb | 20 ++ .../spec/unit/recipes/backups_spec.rb | 0 .../spec/unit/recipes/common_spec.rb | 0 .../spec/unit/recipes/manager_spec.rb | 0 .../spec/unit/recipes/wazuhapi_spec.rb | 0 .../templates/default/api.yaml.erb | 0 .../default/ossec_local_decoder.xml.erb | 0 .../default/ossec_local_rules.xml.erb | 0 .../etc/manager_local_internal_options.conf | 0 .../test/data_bags/wazuh_secrets/api.json | 15 ++ .../wazuh_secrets/logstash_certificate.json | 15 ++ .../data_bags/wazuh_secrets/test_data_bag_key | 1 + .../test/environments/development-client.json | 0 .../test/environments/development-master.json | 0 .../test/environments/development.json | 0 .../test/environments/production.json | 0 .../serverspec/agent_spec.rb | 0 .../agent-production/serverspec/agent_spec.rb | 0 .../default/encrypted_data_bag_secret | 0 .../default/serverspec/default_spec.rb | 0 .../elk-development/serverspec/elk_spec.rb | 0 .../helpers/serverspec/common_agent_tests.rb | 0 .../serverspec/common_manager_tests.rb | 0 .../helpers/serverspec/common_ossec_tests.rb | 0 .../helpers/serverspec/spec_helper.rb | 8 + .../serverspec/manager_spec.rb | 0 .../serverspec/manager_spec.rb | 0 206 files changed, 3126 insertions(+), 556 deletions(-) rename cookbooks/{wazuh_elastic => elastic-stack}/.gitignore (100%) create mode 100644 cookbooks/elastic-stack/.kitchen.yml rename cookbooks/{wazuh_elastic => elastic-stack}/Berksfile (73%) rename cookbooks/{wazuh_elastic => elastic-stack}/CHANGELOG.md (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/Gemfile (100%) create mode 100644 cookbooks/elastic-stack/README.md create mode 100644 cookbooks/elastic-stack/attributes/api.rb create mode 100644 cookbooks/elastic-stack/attributes/default.rb create mode 100644 cookbooks/elastic-stack/attributes/jvm.rb create mode 100644 cookbooks/elastic-stack/attributes/versions.rb create mode 100644 cookbooks/elastic-stack/attributes/yml.rb rename cookbooks/{wazuh_elastic => elastic-stack}/config/rake.rb (100%) create mode 100644 cookbooks/elastic-stack/metadata.rb create mode 100644 cookbooks/elastic-stack/recipes/default.rb create mode 100644 cookbooks/elastic-stack/recipes/elasticsearch.rb create mode 100644 cookbooks/elastic-stack/recipes/kibana.rb create mode 100644 cookbooks/elastic-stack/recipes/prerequisites.rb create mode 100644 cookbooks/elastic-stack/recipes/repository.rb rename cookbooks/{wazuh_elastic => elastic-stack}/spec/spec_helper.rb (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/spec/unit/recipes/default_spec.rb (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/spec/unit/recipes/elasticsearch_spec.rb (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/spec/unit/recipes/kibana_spec.rb (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/spec/unit/recipes/lostash_spec.rb (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/spec/unit/recipes/nginx_spec.rb (100%) create mode 100644 cookbooks/elastic-stack/templates/elasticsearch.yml.erb create mode 100644 cookbooks/elastic-stack/templates/jvm.options.erb create mode 100644 cookbooks/elastic-stack/templates/kibana.yml.erb rename cookbooks/{wazuh_elastic => elastic-stack}/test/data_bags/wazuh_secrets/api.json (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/data_bags/wazuh_secrets/logstash_certificate.json (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/data_bags/wazuh_secrets/nginx_certificate.json (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/data_bags/wazuh_secrets/test_data_bag_key (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/environments/development.json (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/environments/production.json (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/integration/default/data_bags/wazuh_secrets/api.json (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/integration/default/encrypted_data_bag_secret (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/integration/default/serverspec/default_spec.rb (100%) rename cookbooks/{wazuh_elastic => elastic-stack}/test/integration/helpers/serverspec/spec_helper.rb (100%) create mode 100644 cookbooks/filebeat-oss/.delivery/project.toml create mode 100644 cookbooks/filebeat-oss/.gitignore create mode 100644 cookbooks/filebeat-oss/.vscode/extensions.json create mode 100644 cookbooks/filebeat-oss/Berksfile create mode 100644 cookbooks/filebeat-oss/CHANGELOG.md rename cookbooks/{wazuh_server => filebeat-oss}/LICENSE (100%) create mode 100644 cookbooks/filebeat-oss/README.md create mode 100644 cookbooks/filebeat-oss/attributes/default.rb create mode 100644 cookbooks/filebeat-oss/attributes/versions.rb create mode 100644 cookbooks/filebeat-oss/chefignore create mode 100644 cookbooks/filebeat-oss/kitchen.yml create mode 100644 cookbooks/filebeat-oss/metadata.rb create mode 100644 cookbooks/filebeat-oss/recipes/default.rb create mode 100644 cookbooks/filebeat-oss/recipes/filebeat.rb create mode 100644 cookbooks/filebeat-oss/recipes/repository.rb create mode 100644 cookbooks/filebeat-oss/spec/spec_helper.rb create mode 100644 cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb rename cookbooks/{wazuh_server/templates/default => filebeat-oss/templates}/filebeat.yml.erb (100%) create mode 100644 cookbooks/filebeat-oss/test/integration/default/default_test.rb create mode 100644 cookbooks/filebeat/.gitignore create mode 100644 cookbooks/filebeat/.kitchen.yml create mode 100644 cookbooks/filebeat/Berksfile create mode 100644 cookbooks/filebeat/CHANGELOG.md create mode 100644 cookbooks/filebeat/README.md create mode 100644 cookbooks/filebeat/attributes/default.rb create mode 100644 cookbooks/filebeat/attributes/versions.rb create mode 100644 cookbooks/filebeat/chefignore create mode 100644 cookbooks/filebeat/libraries/matchers.rb create mode 100644 cookbooks/filebeat/metadata.rb create mode 100644 cookbooks/filebeat/providers/default.rb create mode 100644 cookbooks/filebeat/recipes/default.rb create mode 100644 cookbooks/filebeat/recipes/filebeat.rb create mode 100644 cookbooks/filebeat/recipes/repository.rb create mode 100644 cookbooks/filebeat/resources/default.rb rename cookbooks/{wazuh_server => filebeat}/spec/spec_helper.rb (100%) create mode 100644 cookbooks/filebeat/spec/unit/recipes/default_spec.rb create mode 100644 cookbooks/filebeat/templates/default/filebeat.yml.erb rename cookbooks/{wazuh_server => filebeat}/test/data_bags/wazuh_secrets/api.json (100%) create mode 100644 cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json create mode 100644 cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json create mode 100644 cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json create mode 100644 cookbooks/filebeat/test/environments/development.json create mode 100644 cookbooks/filebeat/test/environments/production.json create mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json create mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json create mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json create mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json rename cookbooks/{wazuh_server/test/data_bags/wazuh_secrets/test_data_bag_key => filebeat/test/integration/default/encrypted_data_bag_secret} (100%) create mode 100644 cookbooks/opendistro/.gitignore create mode 100644 cookbooks/opendistro/.kitchen.yml create mode 100644 cookbooks/opendistro/Berksfile create mode 100644 cookbooks/opendistro/CHANGELOG.md create mode 100644 cookbooks/opendistro/Gemfile rename cookbooks/{wazuh_elastic => opendistro}/README.md (100%) create mode 100644 cookbooks/opendistro/attributes/api.rb create mode 100644 cookbooks/opendistro/attributes/default.rb create mode 100644 cookbooks/opendistro/attributes/jvm.rb create mode 100644 cookbooks/opendistro/attributes/search_guard.rb create mode 100644 cookbooks/opendistro/attributes/versions.rb rename cookbooks/{wazuh_elastic/attributes/search_guard.rb => opendistro/attributes/yml.rb} (65%) create mode 100644 cookbooks/opendistro/config/rake.rb rename cookbooks/{wazuh_elastic => opendistro}/metadata.rb (100%) create mode 100644 cookbooks/opendistro/recipes/default.rb create mode 100644 cookbooks/opendistro/recipes/elasticsearch.rb rename cookbooks/{wazuh_elastic => opendistro}/recipes/kibana.rb (74%) rename cookbooks/{wazuh_elastic => opendistro}/recipes/prerequisites.rb (90%) rename cookbooks/{wazuh_elastic => opendistro}/recipes/repository.rb (73%) create mode 100644 cookbooks/opendistro/spec/spec_helper.rb create mode 100644 cookbooks/opendistro/spec/unit/recipes/default_spec.rb create mode 100644 cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb create mode 100644 cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb create mode 100644 cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb create mode 100644 cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb create mode 100644 cookbooks/opendistro/templates/elasticsearch.yml.erb create mode 100644 cookbooks/opendistro/templates/jvm.options.erb rename cookbooks/{wazuh_elastic/templates/default => opendistro/templates}/nginx.erb (100%) rename cookbooks/{wazuh_elastic/templates/default => opendistro/templates}/od_kibana.yml.erb (87%) create mode 100644 cookbooks/opendistro/templates/search-guard.yml.erb create mode 100644 cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json rename cookbooks/{wazuh_server => opendistro}/test/data_bags/wazuh_secrets/logstash_certificate.json (100%) create mode 100644 cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json create mode 100644 cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key create mode 100644 cookbooks/opendistro/test/environments/development.json create mode 100644 cookbooks/opendistro/test/environments/production.json create mode 100644 cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json create mode 100644 cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json create mode 100644 cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret create mode 100644 cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb rename cookbooks/{wazuh_server => opendistro}/test/integration/helpers/serverspec/spec_helper.rb (100%) delete mode 100644 cookbooks/wazuh_elastic/.kitchen.yml delete mode 100644 cookbooks/wazuh_elastic/attributes/default.rb delete mode 100644 cookbooks/wazuh_elastic/attributes/elasticsearch.rb delete mode 100644 cookbooks/wazuh_elastic/attributes/kibana.rb delete mode 100644 cookbooks/wazuh_elastic/attributes/nginx.rb delete mode 100644 cookbooks/wazuh_elastic/attributes/odfe.rb delete mode 100644 cookbooks/wazuh_elastic/attributes/versions.rb delete mode 100644 cookbooks/wazuh_elastic/recipes/default.rb delete mode 100644 cookbooks/wazuh_elastic/recipes/elasticsearch.rb delete mode 100644 cookbooks/wazuh_elastic/recipes/odfe.rb delete mode 100644 cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb delete mode 100644 cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb rename cookbooks/{wazuh_server => wazuh_manager}/.gitignore (100%) rename cookbooks/{wazuh_server => wazuh_manager}/.kitchen.yml (100%) rename cookbooks/{wazuh_server => wazuh_manager}/.rspec (100%) rename cookbooks/{wazuh_server => wazuh_manager}/.rubocop.yml (100%) rename cookbooks/{wazuh_server => wazuh_manager}/Berksfile (100%) rename cookbooks/{wazuh_server => wazuh_manager}/CHANGELOG.md (100%) rename cookbooks/{wazuh_server => wazuh_manager}/CONTRIBUTING.md (100%) rename cookbooks/{wazuh_server => wazuh_manager}/Gemfile (100%) create mode 100644 cookbooks/wazuh_manager/LICENSE rename cookbooks/{wazuh_server => wazuh_manager}/README.md (100%) rename cookbooks/{wazuh_server => wazuh_manager}/Rakefile (100%) rename cookbooks/{wazuh_server => wazuh_manager}/TESTING.md (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/agent_conf.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/alerts.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/api.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/auth.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/cluster.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/command.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/default.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/filebeat.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/global.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/localfile.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/logging.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/remote.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/rootcheck.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/ruleset.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/sca.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/syscheck.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/versions.rb (77%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/vulnerability-detector.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/attributes/wodle.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/chefignore (100%) rename cookbooks/{wazuh_server => wazuh_manager}/libraries/helpers.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/metadata.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/recipes/common.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/recipes/default.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/recipes/filebeat.rb (56%) rename cookbooks/{wazuh_server => wazuh_manager}/recipes/manager.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/recipes/prerequisites.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/recipes/repository.rb (100%) create mode 100644 cookbooks/wazuh_manager/spec/spec_helper.rb rename cookbooks/{wazuh_server => wazuh_manager}/spec/unit/recipes/backups_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/spec/unit/recipes/common_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/spec/unit/recipes/manager_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/spec/unit/recipes/wazuhapi_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/templates/default/api.yaml.erb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/templates/default/ossec_local_decoder.xml.erb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/templates/default/ossec_local_rules.xml.erb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/templates/var/ossec/etc/manager_local_internal_options.conf (100%) create mode 100644 cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json create mode 100644 cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json create mode 100644 cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key rename cookbooks/{wazuh_server => wazuh_manager}/test/environments/development-client.json (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/environments/development-master.json (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/environments/development.json (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/environments/production.json (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/agent-development/serverspec/agent_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/agent-production/serverspec/agent_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/default/encrypted_data_bag_secret (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/default/serverspec/default_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/elk-development/serverspec/elk_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/helpers/serverspec/common_agent_tests.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/helpers/serverspec/common_manager_tests.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/helpers/serverspec/common_ossec_tests.rb (100%) create mode 100644 cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/manager-development/serverspec/manager_spec.rb (100%) rename cookbooks/{wazuh_server => wazuh_manager}/test/integration/manager-production/serverspec/manager_spec.rb (100%) diff --git a/cookbooks/wazuh_elastic/.gitignore b/cookbooks/elastic-stack/.gitignore similarity index 100% rename from cookbooks/wazuh_elastic/.gitignore rename to cookbooks/elastic-stack/.gitignore diff --git a/cookbooks/elastic-stack/.kitchen.yml b/cookbooks/elastic-stack/.kitchen.yml new file mode 100644 index 00000000..cd80b7ae --- /dev/null +++ b/cookbooks/elastic-stack/.kitchen.yml @@ -0,0 +1,58 @@ +driver: + name: vagrant + +provisioner: + name: chef_zero + environments_path: "test/environments" + data_bags_path: "test/data_bags" + encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" + product_version: latest + +verifiers: + name: inspec + +platforms: + - name: ubuntu-20.04 + - name: ubuntu-18.04 + - name: centos-8.0 + - name: centos-7 + +suites: + - name: elastic + run_list: + - recipe[wazuh_elastic::default] + driver: + network: + - ["private_network", {ip: "172.16.10.11"}] + customize: + memory: 2048 + cpus: 2 + + +#driver: +# name: vagrant +# driver_config: +# require_chef_omnibus: latest +# +#provisioner: +# name: chef_zero +# environments_path: "../../environments" +# data_bags_path: "../../data_bags" +# encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret" +# +# +#platforms: +# - name: ubuntu-12.04 +# run_list: apt::default +# - name: ubuntu-14.04 +# run_list: apt::default +# +#suites: +# - name: default +# driver: +# network: +# - ["private_network", {ip: "172.16.10.10"}] +# run_list: +# - recipe[wazuh_elastic::default] +# attributes: +# \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/Berksfile b/cookbooks/elastic-stack/Berksfile similarity index 73% rename from cookbooks/wazuh_elastic/Berksfile rename to cookbooks/elastic-stack/Berksfile index cd27be5f..1a8f987d 100644 --- a/cookbooks/wazuh_elastic/Berksfile +++ b/cookbooks/elastic-stack/Berksfile @@ -4,4 +4,4 @@ source 'https://supermarket.getchef.com' metadata cookbook 'hostsfile' -cookbook 'htpasswd', '~> 1.0.0' +cookbook 'htpasswd' diff --git a/cookbooks/wazuh_elastic/CHANGELOG.md b/cookbooks/elastic-stack/CHANGELOG.md similarity index 100% rename from cookbooks/wazuh_elastic/CHANGELOG.md rename to cookbooks/elastic-stack/CHANGELOG.md diff --git a/cookbooks/wazuh_elastic/Gemfile b/cookbooks/elastic-stack/Gemfile similarity index 100% rename from cookbooks/wazuh_elastic/Gemfile rename to cookbooks/elastic-stack/Gemfile diff --git a/cookbooks/elastic-stack/README.md b/cookbooks/elastic-stack/README.md new file mode 100644 index 00000000..65ea4584 --- /dev/null +++ b/cookbooks/elastic-stack/README.md @@ -0,0 +1,129 @@ +# Elastic Stack cookbook + +This cookbook installs and configures Elastic Stack. Please note that it's not obligatory to install the whole stack, recipes can work independently. + +### Attributes + +The ``attributes`` folder contains all the default configuration files in order to generate ossec.conf file. + +Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. + +### Installation + +Create a role, `wazuh_elastic`. Modify attributes to customize the installation. + +``` +{ + "name": "wazuh_elastic", + "description": "Wazuh Elastic Role", + "json_class": "Chef::Role", + "default_attributes": { + + }, + "override_attributes": { + + }, + "chef_type": "role", + "run_list": [ + "recipe[wazuh_elastic::default]" + ], + "env_run_lists": { + + } +} +``` + +#### Customize ELK installation + +You can customize the installation of Elasticsearch and Kibana modifying the following parameters. + + +**Elasticsearch:** + +* ```['wazuh-elastic']['elasticsearch_memmory'] = "1g"``` +* ```['wazuh-elastic']['elasticsearch_cluster_name'] = 'wazuh'``` +* ```['wazuh-elastic']['elasticsearch_node_name'] = 'elk.wazuh-test.com'``` +* ```['wazuh-elastic']['elasticsearch_port'] = 9200``` +* ```['wazuh-elastic']['elasticsearch_ip'] = 'localhost'``` + +**Kibana:** + +* ```['wazuh-elastic']['kibana_host'] = '0.0.0.0'``` +* ```['wazuh-elastic']['kibana_port'] = '5601'``` +* ```['wazuh-elastic']['kibana_elasticsearch_server'] = "http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}"``` + + +### Recipes + +#### default.rb + +Declares all recipes in the cookbook and installs the whole Elastic Stack. + +#### elasticsearch.rb + +Installs Elasticsearch, the Wazuh template will be configured. + +#### repository.rb + +Declares elastic repository and GPG key URLs. + +### kibana.rb + +Installs Kibana packages and configures *kibana.yml*. You can customize the installation by editing the following attributes. + +### Elasticsearch 7.x Cluster Changes + +ES implements a big change on how clusters are formed and the communication between them. You can check full details here [A-new-era-for-cluster-coordination-in-elasticsearch](https://www.elastic.co/es/blog/a-new-era-for-cluster-coordination-in-elasticsearch) + +Elastic adds new parameters that customize the cluster formation: `discovery.seed_hosts`. `discovery.host_provider` and `cluster.initial_master_nodes` + +You can find more information about such attributes here: [Discovery and cluster formation settings](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery-settings.html) + +In order to make Chef compatible Elasticsearch 7.x, two new attributes have been added. + +- `['wazuh-elastic']['discovery_option']` : This option let you set the full line in the *elasticsearch.yml* file so you can declare it to: + - `['wazuh-elastic']['discovery_option']: "discovery.seed.hosts: "` + - `['wazuh-elastic']['discovery_option']: "discovery.host_providers: "` + - `['wazuh-elastic']['discovery_option']: "discovery.type: single-node"` +- `['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. You can declare it like: + - `['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']: "['']"` + +**Important note:** In some situations you will need only one of such parameters, that's why it's implemented as the whole line, to allow the declaration of character **#** to disable it. + +#### Example: + +One example of the previously stated configuration would be the following. + +If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would be wanted, the Elastic role needs to be adapted like this: + +```json +{ + "name": "wazuh_elastic", + "description": "Wazuh Elastic Role", + "json_class": "Chef::Role", + "default_attributes": { + + }, + "override_attributes": { + "wazuh-elastic":{ + "discovery_option": "#", + "elasticsearch_cluster_initial_master_nodes": "192.168.0.1" + } + + }, + "chef_type": "role", + "run_list": [ + "recipe[wazuh_elastic::default]" + ], + "env_run_lists": { + + } +} + +``` + + + +### References + +Check https://documentation.wazuh.com/current/installation-guide/installing-elastic-stack/index.html for more information about Wazuh Elastic. \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/api.rb b/cookbooks/elastic-stack/attributes/api.rb new file mode 100644 index 00000000..a7224579 --- /dev/null +++ b/cookbooks/elastic-stack/attributes/api.rb @@ -0,0 +1,8 @@ + +default['kibana']['wazuh_api_credentials'] = { + 'id' => "wazuhapi", + 'url' => "https =>//localhost", + 'port' => "55000", + 'username' => "wazuh", + 'password' => "wazuh" +} \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/default.rb b/cookbooks/elastic-stack/attributes/default.rb new file mode 100644 index 00000000..ad1c7ee2 --- /dev/null +++ b/cookbooks/elastic-stack/attributes/default.rb @@ -0,0 +1,12 @@ +# Cookbook Name:: elastic-stack +# Attributes:: default +# Author:: Wazuh + +# Elastic paths +default['elastic']['config_path'] = "/etc/elasticsearch" + +# Kibana paths +default['kibana']['package_path'] = "/usr/share/kibana" +default['kibana']['config_path'] = "/etc/kibana" + +#Try yo rename this to path.rb and install all \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/jvm.rb b/cookbooks/elastic-stack/attributes/jvm.rb new file mode 100644 index 00000000..f30c99c9 --- /dev/null +++ b/cookbooks/elastic-stack/attributes/jvm.rb @@ -0,0 +1,3 @@ +default['jvm'] = { + 'memory' => "1g" +} \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/versions.rb b/cookbooks/elastic-stack/attributes/versions.rb new file mode 100644 index 00000000..8f272b85 --- /dev/null +++ b/cookbooks/elastic-stack/attributes/versions.rb @@ -0,0 +1,11 @@ +# ELK +default['elk']['major_version'] = "7.x" +default['elk']['patch_version'] = "7.9.1" + +# Wazuh +default['wazuh']['major_version'] = "4.x" +default['wazuh']['minor_version'] = "4.0" +default['wazuh']['patch_version'] = "4.0.2" + +# Kibana +default['wazuh']['kibana_plugin_version'] = "4.0.2_7.9.1" diff --git a/cookbooks/elastic-stack/attributes/yml.rb b/cookbooks/elastic-stack/attributes/yml.rb new file mode 100644 index 00000000..e7bf2c6a --- /dev/null +++ b/cookbooks/elastic-stack/attributes/yml.rb @@ -0,0 +1,35 @@ +# Elasticsearch configuration file +default['elastic']['yml'] = { + 'cluster' => { + 'name' => 'es-wazuh', + 'initial_master_nodes' => [ + 'es-node-01' + ] + }, + 'node' => { + 'name' => 'es-node-01' + }, + 'path' => { + 'data' => "/var/lib/elasticsearch", + 'logs' => "/var/log/elasticsearch" + }, + 'network' => { + 'host' => '0.0.0.0' + }, + 'http' => { + 'port' => 9200 + } +} + +# Kibana configuration file +default['kibana']['yml'] = { + 'server' => { + 'host' => '0.0.0.0', + 'port' => 443 + }, + 'elasticsearch' => { + 'hosts' => [ + "https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" + ] + } +} diff --git a/cookbooks/wazuh_elastic/config/rake.rb b/cookbooks/elastic-stack/config/rake.rb similarity index 100% rename from cookbooks/wazuh_elastic/config/rake.rb rename to cookbooks/elastic-stack/config/rake.rb diff --git a/cookbooks/elastic-stack/metadata.rb b/cookbooks/elastic-stack/metadata.rb new file mode 100644 index 00000000..4da7c192 --- /dev/null +++ b/cookbooks/elastic-stack/metadata.rb @@ -0,0 +1,29 @@ +name 'wazuh_elastic' +maintainer 'Wazuh' +maintainer_email 'info@wazuh.com' +license 'All rights reserved' +description 'setup Elastic: elasticsearch and kibana for Wazuh' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '0.1.0' + +%w(redhat centos oracle).each do |el| + supports el, '>= 6.0' +end +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' +supports 'debian', '>= 7.0' +supports 'ubuntu', '>= 12.04' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' + +depends 'chef-sugar' +depends 'apt' +depends 'poise-python' +depends 'yum' +depends 'hostsfile' +depends 'htpasswd' +depends 'zypper' + +issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) +chef_version '>= 12.0' if respond_to?(:chef_version) \ No newline at end of file diff --git a/cookbooks/elastic-stack/recipes/default.rb b/cookbooks/elastic-stack/recipes/default.rb new file mode 100644 index 00000000..413d3d0b --- /dev/null +++ b/cookbooks/elastic-stack/recipes/default.rb @@ -0,0 +1,9 @@ +# Cookbook Name:: elastic-stack +# Recipe:: default +# Author:: Wazuh + +############################################# +include_recipe 'elastic-stack::prerequisites' +include_recipe 'elastic-stack::repository' +include_recipe 'elastic-stack::elasticsearch' +include_recipe 'elastic-stack::kibana' diff --git a/cookbooks/elastic-stack/recipes/elasticsearch.rb b/cookbooks/elastic-stack/recipes/elasticsearch.rb new file mode 100644 index 00000000..49aa8309 --- /dev/null +++ b/cookbooks/elastic-stack/recipes/elasticsearch.rb @@ -0,0 +1,100 @@ +# Cookbook Name:: elastic-stack +# Recipe:: elasticsearch +# Author:: Wazuh + +# Install the Elasticsearch package + +if platform_family?('debian', 'ubuntu') + apt_package 'elasticsearch' do + version "#{node['elastic']['elastic_stack_version']}" + end +elsif platform_family?('rhel', 'redhat', 'centos') + if node['platform_version'] >= '8' + dnf_package 'elasticsearch' do + version "#{node['elastic']['elastic_stack_version']}" + end + else + yum_package 'elasticsearch' do + version "#{node['elastic']['elastic_stack_version']}" + end + end +elsif platform_family?('suse') + zypper_package 'elasticsearch' do + version "#{node['elastic']['elastic_stack_version']}" + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end + +# Set up elasticsearch config file + +template "#{node['elastic']['config_path']}/elasticsearch.yml" do + source 'elasticsearch.yml.erb' + owner 'root' + group 'elasticsearch' + mode '0660' + variables({ + cluster_name: node['elastic']['yml']['cluster']['name'], + node_name: node['elastic']['yml']['node']['name'], + path_data: node['elastic']['yml']['path']['data'], + path_logs: node['elastic']['yml']['path']['logs'], + network_host: node['elastic']['yml']['network']['host'], + http_port: node['elastic']['yml']['http']['port'], + initial_master_nodes: node['elastic']['yml']['cluster']['initial_master_nodes'] + }) +end + +# Set up jvm options + +template "#{node['elastic']['config_path']}/jvm.options" do + source 'jvm.options.erb' + owner 'root' + group 'elasticsearch' + mode '0660' + variables({memmory: node['jvm']['memory']}) +end + +bash 'insert_line_limits.conf' do + code <<-EOH + echo "elasticsearch - nofile 65535" >> /etc/security/limits.conf + echo "elasticsearch - memlock unlimited" >> /etc/security/limits.conf + EOH + not_if "grep -q elasticsearch /etc/security/limits.conf" +end + +# Verify Elasticsearch folders owner + +directory "#{'elastic']['config_path']}" do + owner 'elasticsearch' + group 'elasticsearch' + recursive true +end + +directory "/usr/share/elasticsearch" do + owner 'elasticsearch' + group 'elasticsearch' + recursive true +end + +directory "/var/lib/elasticsearch" do + owner 'elasticsearch' + group 'elasticsearch' + recursive true +end + +# Enable and start service + +service "elasticsearch" do + supports :start => true, :stop => true, :restart => true, :reload => true + action [:enable, :start] +end + +ruby_block 'wait for elasticsearch' do + block do + loop { break if (TCPSocket.open( + "#{node['elastic']['yml']['network']['host']}", + node['elastic']['yml']['http']['port']) rescue nil + ); puts "Waiting for elasticsearch to start"; sleep 5 } + end +end + diff --git a/cookbooks/elastic-stack/recipes/kibana.rb b/cookbooks/elastic-stack/recipes/kibana.rb new file mode 100644 index 00000000..149490cd --- /dev/null +++ b/cookbooks/elastic-stack/recipes/kibana.rb @@ -0,0 +1,114 @@ + +# Cookbook Name:: elastic-stack +# Recipe:: kibana +# Author:: Wazuh + +# Install the Kibana package + +if platform_family?('debian', 'ubuntu') + apt_package 'kibana' do + version "#{node['elk']['patch_version']}" + end +elsif platform_family?('rhel', 'redhat', 'centos') + if node['platform_version'] >= '8' + dnf_package 'kibana' do + version "#{node['elk']['patch_version']}" + end + else + yum_package 'kibana' do + version "#{node['elk']['patch_version']}" + end + end +elsif platform_family?('suse') + zypper_package 'kibana' do + version "#{node['elk']['patch_version']}" + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end + +# Update the optimize and plugins directories permissions + +directory "#{node['kibana']['package_path'}/optimize" do + owner 'kibana' + group 'kibana' + recursive true +end + +directory "#{node['kibana']['package_path'}/plugins" do + owner 'kibana' + group 'kibana' + recursive true +end + +bash 'Install the Wazuh app plugin for Kibana' do + code <<-EOH + cd #{node['kibana']['package_path'} + sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-#{node['wazuh']['kibana_plugin_version']}.zip + EOH +end + +# Set up Kibana configuration file + +template "#{node['kibana']['config_path'}/kibana.yml" do + source 'kibana.yml.erb' + owner 'root' + group 'kibana' + mode 0755 + variables({ + server_port: node['kibana']['yml']['server']['port'], + server_host: node['kibana']['yml']['server']['host'], + elasticsearch_hosts: node['kibana']['yml']['elasticsearch']['hosts'] + }) +end + + +bash 'Allow Kibana to bind to port 443' do + code <<-EOH + setcap 'CAP_NET_BIND_SERVICE=+eip' #{node['kibana']['package_path'}/node/bin/node + EOH +end + +bash 'Optimize Kibana packages' do + code <<-EOH + NODE_OPTIONS="--max-old-space-size=4096" #{node['kibana']['package_path'}/bin/kibana --optimize --allow-root + EOH +end + +bash 'Configure the credentials to access the Wazuh API' do + code <<-EOH + cat >> #{node['kibana']['package_path'}/optimize/wazuh/config/wazuh.yml << EOF + - #{node['kibana']['wazuh_api_credentials']['id']}: + url: #{node['kibana']['wazuh_api_credentials']['url']} + port: #{node['kibana']['wazuh_api_credentials']['port']} + username: #{node['kibana']['wazuh_api_credentials']['username']} + password: #{node['kibana']['wazuh_api_credentials']['password']} + EOF + EOH +end + +# Enable and start the Kibana service + +service "kibana" do + supports :start => true, :stop => true, :restart => true, :reload => true + action [:restart] +end + +ruby_block 'Wait for elasticsearch' do + block do + loop { break if (TCPSocket.open( + "#{node['elastic']['yml']['network']['host']}", + node['elastic']['yml']['http']['port']) rescue nil); + puts "Waiting elasticsearch...."; sleep 1 + } + end +end + +bash 'Waiting for elasticsearch curl response...' do + code <<-EOH + until (curl -XGET #{node['kibana']['yml']['elasticsearch']['hosts']}); do + printf 'Waiting for elasticsearch....' + sleep 5 + done + EOH +end \ No newline at end of file diff --git a/cookbooks/elastic-stack/recipes/prerequisites.rb b/cookbooks/elastic-stack/recipes/prerequisites.rb new file mode 100644 index 00000000..f22c936d --- /dev/null +++ b/cookbooks/elastic-stack/recipes/prerequisites.rb @@ -0,0 +1,15 @@ +# Cookbook Name:: elastis-stack +# Recipe:: prerequisites +# Author:: Wazuh + +if platform_family?('debian','ubuntu') + package "lsb-release" + + ohai "reload lsb" do + plugin "lsb" + subscribes :reload, "package[lsb-release]", :immediately + end + + # Install debian prerequisites + apt_package %w(curl apt-transport-https) +end diff --git a/cookbooks/elastic-stack/recipes/repository.rb b/cookbooks/elastic-stack/recipes/repository.rb new file mode 100644 index 00000000..e5cfc460 --- /dev/null +++ b/cookbooks/elastic-stack/recipes/repository.rb @@ -0,0 +1,48 @@ +# Cookbook Name:: elastic-stack +# Recipe:: repository +# Author:: Wazuh + +if platform_family?('ubuntu', 'debian') + package 'lsb-release' + + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_repository 'elastic-7.x' do + key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + uri "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/apt" + components ['main'] + distribution 'stable' + not_if do + File.exists?("/etc/apt/sources.list.d/elastic-#{node['elk']['major_version']}.list") + end + action :add + end + + apt_update + +elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') + yum_repository 'elastic' do + description 'Elasticsearch repository for 7.x packages' + gpgcheck true + gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + enabled true + baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" + action :create + end + +elsif platform_family?('opensuseleap', 'suse') + zypper_repository 'elastic' do + description 'Elasticsearch repository for 7.x packages' + gpgcheck true + gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + enabled true + baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" + action :create + end + +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/spec/spec_helper.rb b/cookbooks/elastic-stack/spec/spec_helper.rb similarity index 100% rename from cookbooks/wazuh_elastic/spec/spec_helper.rb rename to cookbooks/elastic-stack/spec/spec_helper.rb diff --git a/cookbooks/wazuh_elastic/spec/unit/recipes/default_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/default_spec.rb similarity index 100% rename from cookbooks/wazuh_elastic/spec/unit/recipes/default_spec.rb rename to cookbooks/elastic-stack/spec/unit/recipes/default_spec.rb diff --git a/cookbooks/wazuh_elastic/spec/unit/recipes/elasticsearch_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/elasticsearch_spec.rb similarity index 100% rename from cookbooks/wazuh_elastic/spec/unit/recipes/elasticsearch_spec.rb rename to cookbooks/elastic-stack/spec/unit/recipes/elasticsearch_spec.rb diff --git a/cookbooks/wazuh_elastic/spec/unit/recipes/kibana_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/kibana_spec.rb similarity index 100% rename from cookbooks/wazuh_elastic/spec/unit/recipes/kibana_spec.rb rename to cookbooks/elastic-stack/spec/unit/recipes/kibana_spec.rb diff --git a/cookbooks/wazuh_elastic/spec/unit/recipes/lostash_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/lostash_spec.rb similarity index 100% rename from cookbooks/wazuh_elastic/spec/unit/recipes/lostash_spec.rb rename to cookbooks/elastic-stack/spec/unit/recipes/lostash_spec.rb diff --git a/cookbooks/wazuh_elastic/spec/unit/recipes/nginx_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/nginx_spec.rb similarity index 100% rename from cookbooks/wazuh_elastic/spec/unit/recipes/nginx_spec.rb rename to cookbooks/elastic-stack/spec/unit/recipes/nginx_spec.rb diff --git a/cookbooks/elastic-stack/templates/elasticsearch.yml.erb b/cookbooks/elastic-stack/templates/elasticsearch.yml.erb new file mode 100644 index 00000000..31986138 --- /dev/null +++ b/cookbooks/elastic-stack/templates/elasticsearch.yml.erb @@ -0,0 +1,92 @@ +# ======================== Elasticsearch Configuration ========================= +# +# NOTE: Elasticsearch comes with reasonable defaults for most settings. +# Before you set out to tweak and tune the configuration, make sure you +# understand what are you trying to accomplish and the consequences. +# +# The primary way of configuring a node is via this file. This template lists +# the most important settings you may want to configure for a production cluster. +# +# Please consult the documentation for further information on configuration options: +# https://www.elastic.co/guide/en/elasticsearch/reference/index.html +# +# ---------------------------------- Cluster ----------------------------------- +# +# Use a descriptive name for your cluster: +# +cluster.name: <%= @cluster_name %> +# +# ------------------------------------ Node ------------------------------------ +# +# Use a descriptive name for the node: +# +node.name: <%= @node_name %> +# +# Add custom attributes to the node: +# +#node.attr.rack: r1 +# +# ----------------------------------- Paths ------------------------------------ +# +# Path to directory where to store the data (separate multiple locations by comma): +# +path.data: <%= @path_data %> +# +# Path to log files: +# +path.logs: <%= @path_logs %> +# +# ----------------------------------- Memory ----------------------------------- +# +# Lock the memory on startup: +# +bootstrap.memory_lock: true +# +# Make sure that the heap size is set to about half the memory available +# on the system and that the owner of the process is allowed to use this +# limit. +# +# Elasticsearch performs poorly when the system is swapping the memory. +# +# ---------------------------------- Network ----------------------------------- +# +# Set the bind address to a specific IP (IPv4 or IPv6): +# +network.host: <%= @network_host %> +# +# Set a custom port for HTTP: +# +http.port: <%= @http_port %> +# +# For more information, consult the network module documentation. +# +# --------------------------------- Discovery ---------------------------------- +# +# Pass an initial list of hosts to perform discovery when this node is started: +# The default list of hosts is ["127.0.0.1", "[::1]"] +# +#discovery.seed_hosts: ["host1", "host2"] +# +# Bootstrap the cluster using an initial set of master-eligible nodes: +# +cluster.initial_master_nodes: [ + <% @initial_master_nodes.each do |node| %> + "<%= node %>" + <% end %> +] +# +# For more information, consult the discovery and cluster formation module documentation. +# +# ---------------------------------- Gateway ----------------------------------- +# +# Block initial recovery after a full cluster restart until N nodes are started: +# +#gateway.recover_after_nodes: 3 +# +# For more information, consult the gateway module documentation. +# +# ---------------------------------- Various ----------------------------------- +# +# Require explicit names when deleting indices: +# +#action.destructive_requires_name: true \ No newline at end of file diff --git a/cookbooks/elastic-stack/templates/jvm.options.erb b/cookbooks/elastic-stack/templates/jvm.options.erb new file mode 100644 index 00000000..0a0b8c70 --- /dev/null +++ b/cookbooks/elastic-stack/templates/jvm.options.erb @@ -0,0 +1,77 @@ +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space + +-Xms<%= @memmory %> +-Xmx<%= @memmory %> + +################################################################ +## Expert settings +################################################################ +## +## All settings below this section are considered +## expert settings. Don't tamper with them unless +## you understand what you are doing +## +################################################################ + +## GC configuration +8-13:-XX:+UseConcMarkSweepGC +8-13:-XX:CMSInitiatingOccupancyFraction=75 +8-13:-XX:+UseCMSInitiatingOccupancyOnly + +## G1GC Configuration +# NOTE: G1 GC is only supported on JDK version 10 or later +# to use G1GC, uncomment the next two lines and update the version on the +# following three lines to your version of the JDK +# 10-13:-XX:-UseConcMarkSweepGC +# 10-13:-XX:-UseCMSInitiatingOccupancyOnly +14-:-XX:+UseG1GC +14-:-XX:G1ReservePercent=25 +14-:-XX:InitiatingHeapOccupancyPercent=30 + +## JVM temporary directory +-Djava.io.tmpdir=${ES_TMPDIR} + +## heap dumps + +# generate a heap dump when an allocation from the Java heap fails +# heap dumps are created in the working directory of the JVM +-XX:+HeapDumpOnOutOfMemoryError + +# specify an alternative path for heap dumps; ensure the directory exists and +# has sufficient space +-XX:HeapDumpPath=/var/lib/elasticsearch + +# specify an alternative path for JVM fatal error logs +-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log + +## JDK 8 GC logging +8:-XX:+PrintGCDetails +8:-XX:+PrintGCDateStamps +8:-XX:+PrintTenuringDistribution +8:-XX:+PrintGCApplicationStoppedTime +8:-Xloggc:/var/log/elasticsearch/gc.log +8:-XX:+UseGCLogFileRotation +8:-XX:NumberOfGCLogFiles=32 +8:-XX:GCLogFileSize=64m + +# JDK 9+ GC logging +9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m \ No newline at end of file diff --git a/cookbooks/elastic-stack/templates/kibana.yml.erb b/cookbooks/elastic-stack/templates/kibana.yml.erb new file mode 100644 index 00000000..38846331 --- /dev/null +++ b/cookbooks/elastic-stack/templates/kibana.yml.erb @@ -0,0 +1,119 @@ +# Kibana is served by a back end server. This setting specifies the port to use. +server.port: <%= @server_port %> + +# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. +# The default is 'localhost', which usually means remote machines will not be able to connect. +# To allow connections from remote users, set this parameter to a non-loopback address. +server.host: <%= @server_host %> + +# Enables you to specify a path to mount Kibana at if you are running behind a proxy. +# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath +# from requests it receives, and to prevent a deprecation warning at startup. +# This setting cannot end in a slash. +#server.basePath: "" + +# Specifies whether Kibana should rewrite requests that are prefixed with +# `server.basePath` or require that they are rewritten by your reverse proxy. +# This setting was effectively always `false` before Kibana 6.3 and will +# default to `true` starting in Kibana 7.0. +#server.rewriteBasePath: false + +# The maximum payload size in bytes for incoming server requests. +#server.maxPayloadBytes: 1048576 + +# The Kibana server's name. This is used for display purposes. +#server.name: "your-hostname" + +# The URLs of the Elasticsearch instances to use for all your queries. +elasticsearch.hosts: [ + <% @elasticsearch_hosts.each do |node| %> + "<%= node %>" + <% end %> +] + +# When this setting's value is true Kibana uses the hostname specified in the server.host +# setting. When the value of this setting is false, Kibana uses the hostname of the host +# that connects to this Kibana instance. +#elasticsearch.preserveHost: true + +# Kibana uses an index in Elasticsearch to store saved searches, visualizations and +# dashboards. Kibana creates a new index if the index doesn't already exist. +#kibana.index: ".kibana" + +# The default application to load. +#kibana.defaultAppId: "home" + +# If your Elasticsearch is protected with basic authentication, these settings provide +# the username and password that the Kibana server uses to perform maintenance on the Kibana +# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which +# is proxied through the Kibana server. +#elasticsearch.username: "kibana_system" +#elasticsearch.password: "pass" + +# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. +# These settings enable SSL for outgoing requests from the Kibana server to the browser. +#server.ssl.enabled: false +#server.ssl.certificate: /path/to/your/server.crt +#server.ssl.key: /path/to/your/server.key + +# Optional settings that provide the paths to the PEM-format SSL certificate and key files. +# These files are used to verify the identity of Kibana to Elasticsearch and are required when +# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required. +#elasticsearch.ssl.certificate: /path/to/your/client.crt +#elasticsearch.ssl.key: /path/to/your/client.key + +# Optional setting that enables you to specify a path to the PEM file for the certificate +# authority for your Elasticsearch instance. +#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] + +# To disregard the validity of SSL certificates, change this setting's value to 'none'. +#elasticsearch.ssl.verificationMode: full + +# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of +# the elasticsearch.requestTimeout setting. +#elasticsearch.pingTimeout: 1500 + +# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value +# must be a positive integer. +#elasticsearch.requestTimeout: 30000 + +# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side +# headers, set this value to [] (an empty list). +#elasticsearch.requestHeadersWhitelist: [ authorization ] + +# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten +# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. +#elasticsearch.customHeaders: {} + +# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. +#elasticsearch.shardTimeout: 30000 + +# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. +#elasticsearch.startupTimeout: 5000 + +# Logs queries sent to Elasticsearch. Requires logging.verbose set to true. +#elasticsearch.logQueries: false + +# Specifies the path where Kibana creates the process ID file. +#pid.file: /var/run/kibana.pid + +# Enables you to specify a file where Kibana stores log output. +#logging.dest: stdout + +# Set the value of this setting to true to suppress all logging output. +#logging.silent: false + +# Set the value of this setting to true to suppress all logging output other than error messages. +#logging.quiet: false + +# Set the value of this setting to true to log all events, including system usage information +# and all requests. +#logging.verbose: false + +# Set the interval in milliseconds to sample system and process performance +# metrics. Minimum is 100ms. Defaults to 5000. +#ops.interval: 5000 + +# Specifies locale to be used for all localizable strings, dates and number formats. +# Supported languages are the following: English - en , by default , Chinese - zh-CN . +#i18n.locale: "en" \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/api.json b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/api.json similarity index 100% rename from cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/api.json rename to cookbooks/elastic-stack/test/data_bags/wazuh_secrets/api.json diff --git a/cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/logstash_certificate.json similarity index 100% rename from cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/logstash_certificate.json rename to cookbooks/elastic-stack/test/data_bags/wazuh_secrets/logstash_certificate.json diff --git a/cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/nginx_certificate.json b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/nginx_certificate.json similarity index 100% rename from cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/nginx_certificate.json rename to cookbooks/elastic-stack/test/data_bags/wazuh_secrets/nginx_certificate.json diff --git a/cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/test_data_bag_key similarity index 100% rename from cookbooks/wazuh_elastic/test/data_bags/wazuh_secrets/test_data_bag_key rename to cookbooks/elastic-stack/test/data_bags/wazuh_secrets/test_data_bag_key diff --git a/cookbooks/wazuh_elastic/test/environments/development.json b/cookbooks/elastic-stack/test/environments/development.json similarity index 100% rename from cookbooks/wazuh_elastic/test/environments/development.json rename to cookbooks/elastic-stack/test/environments/development.json diff --git a/cookbooks/wazuh_elastic/test/environments/production.json b/cookbooks/elastic-stack/test/environments/production.json similarity index 100% rename from cookbooks/wazuh_elastic/test/environments/production.json rename to cookbooks/elastic-stack/test/environments/production.json diff --git a/cookbooks/wazuh_elastic/test/integration/default/data_bags/wazuh_secrets/api.json b/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/api.json similarity index 100% rename from cookbooks/wazuh_elastic/test/integration/default/data_bags/wazuh_secrets/api.json rename to cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/api.json diff --git a/cookbooks/wazuh_elastic/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json similarity index 100% rename from cookbooks/wazuh_elastic/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json rename to cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json diff --git a/cookbooks/wazuh_elastic/test/integration/default/encrypted_data_bag_secret b/cookbooks/elastic-stack/test/integration/default/encrypted_data_bag_secret similarity index 100% rename from cookbooks/wazuh_elastic/test/integration/default/encrypted_data_bag_secret rename to cookbooks/elastic-stack/test/integration/default/encrypted_data_bag_secret diff --git a/cookbooks/wazuh_elastic/test/integration/default/serverspec/default_spec.rb b/cookbooks/elastic-stack/test/integration/default/serverspec/default_spec.rb similarity index 100% rename from cookbooks/wazuh_elastic/test/integration/default/serverspec/default_spec.rb rename to cookbooks/elastic-stack/test/integration/default/serverspec/default_spec.rb diff --git a/cookbooks/wazuh_elastic/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/elastic-stack/test/integration/helpers/serverspec/spec_helper.rb similarity index 100% rename from cookbooks/wazuh_elastic/test/integration/helpers/serverspec/spec_helper.rb rename to cookbooks/elastic-stack/test/integration/helpers/serverspec/spec_helper.rb diff --git a/cookbooks/filebeat-oss/.delivery/project.toml b/cookbooks/filebeat-oss/.delivery/project.toml new file mode 100644 index 00000000..c23d1fe7 --- /dev/null +++ b/cookbooks/filebeat-oss/.delivery/project.toml @@ -0,0 +1,32 @@ +# Delivery for Local Phases Execution +# +# This file allows you to execute test phases locally on a workstation or +# in a CI pipeline. The delivery-cli will read this file and execute the +# command(s) that are configured for each phase. You can customize them +# by just modifying the phase key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# + +[local_phases] +unit = "chef exec rspec spec/" +lint = "chef exec cookstyle" +# foodcritic has been deprecated in favor of cookstyle so we skip the syntax +# phase now. +syntax = "echo skipping syntax phase. Use lint phase instead." +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Instead of the local phases above, you may specify a remote URI location for +# the `project.toml` file. This is useful for teams that wish to centrally +# manage the behavior of the `delivery local` command across many different +# projects. +# +# remote_file = "https://url/project.toml" diff --git a/cookbooks/filebeat-oss/.gitignore b/cookbooks/filebeat-oss/.gitignore new file mode 100644 index 00000000..52305e62 --- /dev/null +++ b/cookbooks/filebeat-oss/.gitignore @@ -0,0 +1,22 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json diff --git a/cookbooks/filebeat-oss/.vscode/extensions.json b/cookbooks/filebeat-oss/.vscode/extensions.json new file mode 100644 index 00000000..34f35661 --- /dev/null +++ b/cookbooks/filebeat-oss/.vscode/extensions.json @@ -0,0 +1,5 @@ +{ + "recommendations": [ + "chef-software.chef" + ] +} diff --git a/cookbooks/filebeat-oss/Berksfile b/cookbooks/filebeat-oss/Berksfile new file mode 100644 index 00000000..34fea216 --- /dev/null +++ b/cookbooks/filebeat-oss/Berksfile @@ -0,0 +1,3 @@ +source 'https://supermarket.chef.io' + +metadata diff --git a/cookbooks/filebeat-oss/CHANGELOG.md b/cookbooks/filebeat-oss/CHANGELOG.md new file mode 100644 index 00000000..a09c4754 --- /dev/null +++ b/cookbooks/filebeat-oss/CHANGELOG.md @@ -0,0 +1,10 @@ +# filebeat-oss CHANGELOG + +This file is used to list changes made in each version of the filebeat-oss cookbook. + +## 0.1.0 + +Initial release. + +- change 0 +- change 1 diff --git a/cookbooks/wazuh_server/LICENSE b/cookbooks/filebeat-oss/LICENSE similarity index 100% rename from cookbooks/wazuh_server/LICENSE rename to cookbooks/filebeat-oss/LICENSE diff --git a/cookbooks/filebeat-oss/README.md b/cookbooks/filebeat-oss/README.md new file mode 100644 index 00000000..b32bdcfb --- /dev/null +++ b/cookbooks/filebeat-oss/README.md @@ -0,0 +1,4 @@ +# filebeat-oss + +TODO: Enter the cookbook description here. + diff --git a/cookbooks/filebeat-oss/attributes/default.rb b/cookbooks/filebeat-oss/attributes/default.rb new file mode 100644 index 00000000..bc960a47 --- /dev/null +++ b/cookbooks/filebeat-oss/attributes/default.rb @@ -0,0 +1,11 @@ +# Cookbook Name:: filebeat +# Attribute:: default +# Author:: Wazuh + +default['filebeat']['elasticsearch_server_ip'] = [ + "http://0.0.0.0:9200" +] +default['filebeat']['config_path'] = '/etc/filebeat' +default['filebeat']['alerts_template'] = 'wazuh-template.json' +default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" +default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file diff --git a/cookbooks/filebeat-oss/attributes/versions.rb b/cookbooks/filebeat-oss/attributes/versions.rb new file mode 100644 index 00000000..5cd66ec2 --- /dev/null +++ b/cookbooks/filebeat-oss/attributes/versions.rb @@ -0,0 +1,12 @@ +# Cookbook Name:: filebeat +# Attribute:: versions +# Author:: Wazuh + +# ELK +default['elk']['major_version'] = "7.x" +default['elk']['patch_version'] = "7.9.1" + +# Wazuh +default['wazuh']['major_version'] = "4.x" +default['wazuh']['minor_version'] = "4.0" +default['wazuh']['patch_version'] = "4.0.2" \ No newline at end of file diff --git a/cookbooks/filebeat-oss/chefignore b/cookbooks/filebeat-oss/chefignore new file mode 100644 index 00000000..cc170ea7 --- /dev/null +++ b/cookbooks/filebeat-oss/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/cookbooks/filebeat-oss/kitchen.yml b/cookbooks/filebeat-oss/kitchen.yml new file mode 100644 index 00000000..dbf40352 --- /dev/null +++ b/cookbooks/filebeat-oss/kitchen.yml @@ -0,0 +1,38 @@ +--- +driver: + name: vagrant + +## The forwarded_port port feature lets you connect to ports on the VM guest via +## localhost on the host. +## see also: https://www.vagrantup.com/docs/networking/forwarded_ports.html + +# network: +# - ["forwarded_port", {guest: 80, host: 8080}] + +provisioner: + name: chef_zero + # You may wish to disable always updating cookbooks in CI or other testing environments. + # For example: + # always_update_cookbooks: <%= !ENV['CI'] %> + always_update_cookbooks: true + + ## product_name and product_version specifies a specific Chef product and version to install. + ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/ + # product_name: chef + # product_version: 16 + +verifier: + name: inspec + +platforms: + - name: ubuntu-20.04 + - name: centos-8 + +suites: + - name: default + run_list: + - recipe[filebeat-oss::default] + verifier: + inspec_tests: + - test/integration/default + attributes: diff --git a/cookbooks/filebeat-oss/metadata.rb b/cookbooks/filebeat-oss/metadata.rb new file mode 100644 index 00000000..cfa6d719 --- /dev/null +++ b/cookbooks/filebeat-oss/metadata.rb @@ -0,0 +1,19 @@ +name 'filebeat-oss' +maintainer 'The Authors' +maintainer_email 'you@example.com' +license 'Apache-2.0' +description 'Installs/Configures filebeat-oss' +version '0.1.0' +chef_version '>= 15.0' + +# The `issues_url` points to the location where issues for this cookbook are +# tracked. A `View Issues` link will be displayed on this cookbook's page when +# uploaded to a Supermarket. +# +# issues_url 'https://github.com//filebeat-oss/issues' + +# The `source_url` points to the development repository for this cookbook. A +# `View Source` link will be displayed on this cookbook's page when uploaded to +# a Supermarket. +# +# source_url 'https://github.com//filebeat-oss' diff --git a/cookbooks/filebeat-oss/recipes/default.rb b/cookbooks/filebeat-oss/recipes/default.rb new file mode 100644 index 00000000..9878fe87 --- /dev/null +++ b/cookbooks/filebeat-oss/recipes/default.rb @@ -0,0 +1,7 @@ +# Cookbook Name:: filebeat +# Recipe:: default +# Author:: Wazuh + +include_recipe 'apt::default' +include_recipe 'filebeat::repository' +include_recipe 'filebeat::filebeat' \ No newline at end of file diff --git a/cookbooks/filebeat-oss/recipes/filebeat.rb b/cookbooks/filebeat-oss/recipes/filebeat.rb new file mode 100644 index 00000000..5a99d236 --- /dev/null +++ b/cookbooks/filebeat-oss/recipes/filebeat.rb @@ -0,0 +1,88 @@ +# Cookbook Name:: filebeat +# Recipe:: filebeat-oss +# Author:: Wazuh + +# Install filebeat-oss pacakge + +if platform_family?('debian','ubuntu') + package 'lsb-release' + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end + elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') + if node['platform']['version'] >= '8' + dnf_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end + else + yum_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end + end + elsif platform_family?('opensuse', 'suse') + yum_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end + else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + end + +# Edit the file /etc/filebeat/filebeat.yml + +template "#{node['filebeat']['config_path']}/filebeat.yml" do + source 'filebeat.yml.erb' + owner 'root' + group 'root' + mode '0640' + variables( + hosts: node['filebeat']['elasticsearch_server_ip'] + ) +end + +# Download the alerts template for Elasticsearch + +remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" do + source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['minor_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" + owner 'root' + group 'root' + mode '0644' +end + +# Download the Wazuh module for Filebeat + +remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do + source "https://packages.wazuh.com/#{node['wazuh']['minor_version']}/filebeat/#{node['filebeat']['wazuh_module']}" +end + +archive_file "#{node['filebeat']['wazuh_module']}" do + path "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" + destination "#{node['filebeat']['wazuh_module_path']}" +end + +file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do + action :delete +end + +# Configure Filebeat certificates + +directory "#{node['filebeat']['config_path']}/certs" do + action :create +end + +log 'filebeat-certificates' do + message: "Please move the following files on elasticsearch node to + #{node['filebeat']['config_path']}/certs: + - filebeat.pem + - filebeat.key + - root-ca.pem. + Once uploaded, run the following commands as sudo: + - systemctl daemon-reload + - systemctl enable filebeat + - systemctl start filebeat" + level :warn +end \ No newline at end of file diff --git a/cookbooks/filebeat-oss/recipes/repository.rb b/cookbooks/filebeat-oss/recipes/repository.rb new file mode 100644 index 00000000..ec41b541 --- /dev/null +++ b/cookbooks/filebeat-oss/recipes/repository.rb @@ -0,0 +1,44 @@ +# Cookbook Name:: filebeat +# Recipe:: repository +# Author:: Wazuh + +if platform_family?('ubuntu', 'debian') + package 'lsb-release' + + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_repository 'wazuh' do + key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + uri "http://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" + components ['main'] + distribution 'stable' + action :add + end + + apt_update + + elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') + yum_repository 'wazuh' do + description 'WAZUH Yum Repository - www.wazuh.com' + gpgcheck true + gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + enabled true + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + action :create + end + + elsif platform_family?('opensuseleap', 'suse') + zypper_repository 'wazuh' do + description 'WAZUH Zypper Repository - www.wazuh.com' + gpgcheck true + gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + enabled true + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + action :create + end + else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + end \ No newline at end of file diff --git a/cookbooks/filebeat-oss/spec/spec_helper.rb b/cookbooks/filebeat-oss/spec/spec_helper.rb new file mode 100644 index 00000000..1dd5126b --- /dev/null +++ b/cookbooks/filebeat-oss/spec/spec_helper.rb @@ -0,0 +1,2 @@ +require 'chefspec' +require 'chefspec/berkshelf' diff --git a/cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb b/cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb new file mode 100644 index 00000000..cd23bd14 --- /dev/null +++ b/cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb @@ -0,0 +1,41 @@ +# +# Cookbook:: filebeat-oss +# Spec:: default +# +# Copyright:: 2020, The Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'spec_helper' + +describe 'filebeat-oss::default' do + context 'When all attributes are default, on Ubuntu 20.04' do + # for a complete list of available platforms and versions see: + # https://github.com/chefspec/fauxhai/blob/master/PLATFORMS.md + platform 'ubuntu', '20.04' + + it 'converges successfully' do + expect { chef_run }.to_not raise_error + end + end + + context 'When all attributes are default, on CentOS 8' do + # for a complete list of available platforms and versions see: + # https://github.com/chefspec/fauxhai/blob/master/PLATFORMS.md + platform 'centos', '8' + + it 'converges successfully' do + expect { chef_run }.to_not raise_error + end + end +end diff --git a/cookbooks/wazuh_server/templates/default/filebeat.yml.erb b/cookbooks/filebeat-oss/templates/filebeat.yml.erb similarity index 100% rename from cookbooks/wazuh_server/templates/default/filebeat.yml.erb rename to cookbooks/filebeat-oss/templates/filebeat.yml.erb diff --git a/cookbooks/filebeat-oss/test/integration/default/default_test.rb b/cookbooks/filebeat-oss/test/integration/default/default_test.rb new file mode 100644 index 00000000..adc109db --- /dev/null +++ b/cookbooks/filebeat-oss/test/integration/default/default_test.rb @@ -0,0 +1,16 @@ +# InSpec test for recipe filebeat-oss::default + +# The InSpec reference, with examples and extensive documentation, can be +# found at https://docs.chef.io/inspec/resources/ + +unless os.windows? + # This is an example test, replace with your own test. + describe user('root'), :skip do + it { should exist } + end +end + +# This is an example test, replace it with your own test. +describe port(80), :skip do + it { should_not be_listening } +end diff --git a/cookbooks/filebeat/.gitignore b/cookbooks/filebeat/.gitignore new file mode 100644 index 00000000..ec2a890b --- /dev/null +++ b/cookbooks/filebeat/.gitignore @@ -0,0 +1,16 @@ +.vagrant +Berksfile.lock +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +bin/* +.bundle/* + +.kitchen/ +.kitchen.local.yml diff --git a/cookbooks/filebeat/.kitchen.yml b/cookbooks/filebeat/.kitchen.yml new file mode 100644 index 00000000..6c58a3a3 --- /dev/null +++ b/cookbooks/filebeat/.kitchen.yml @@ -0,0 +1,27 @@ +--- +driver: + name: vagrant + +provisioner: + name: chef_zero + product_version: latest + +verifiers: + name: inspec + +platforms: + - name: ubuntu-20.04 + - name: ubuntu-18.04 + - name: centos-8.0 + - name: centos-7 + +suites: + - name: filebeat + driver: + network: + - ["private_network", {ip: "172.17.10.10"}] + customize: + memory: 512 + cpus: 1 + run_list: + - recipe[filebeat::default] \ No newline at end of file diff --git a/cookbooks/filebeat/Berksfile b/cookbooks/filebeat/Berksfile new file mode 100644 index 00000000..eff5649b --- /dev/null +++ b/cookbooks/filebeat/Berksfile @@ -0,0 +1,9 @@ +source 'https://supermarket.chef.io' + +metadata + +group :integration do + cookbook 'apt' + cookbook 'yum' + cookbook 'zypper' +end diff --git a/cookbooks/filebeat/CHANGELOG.md b/cookbooks/filebeat/CHANGELOG.md new file mode 100644 index 00000000..4b9aee97 --- /dev/null +++ b/cookbooks/filebeat/CHANGELOG.md @@ -0,0 +1,10 @@ +## v0.1.0 +1. Bump to filebeat OSS 7.9.1 +2. Remove repository.rb since it is useless. To install filebeat, you need first to install first +wazuh manager in the same node. Filebeat use the same URI and GPG KEY repository as the latter +to install the package +3. Added suse repository + +*Note*: in future version, filebeat will be included into wazuh-manager cookbook + +* Initial/current release diff --git a/cookbooks/filebeat/README.md b/cookbooks/filebeat/README.md new file mode 100644 index 00000000..0f22658d --- /dev/null +++ b/cookbooks/filebeat/README.md @@ -0,0 +1,69 @@ +# Filebeat cookbook + +## Description +This cookbook installs and configures Filebeat in order on the specified node. + +#### Chef +- Chef 12+ + +#### Cookbooks +- apt +- yum +- zypper + +Attributes +---------- + +Default configuration is defined in ```/attributes/default.rb``` and contains needed parameters to configure the ```filebeat.yml``` file. Check ['Filebeat section'](https://raw.githubusercontent.com/wazuh/wazuh/v4.0.2/extensions/filebeat/7.x/filebeat.yml) to see an example of Filebeat configuration. + +Important attributes: + +* ```node['filebeat']['elasticsearch_server_ip']```: array with URL of elasticsearch nodes + +## Installation + +Create a role, wazuh_filebeat. Add attributes per above as needed to customize the installation. + +``` + { + "name": "wazuh_filebeat", + "description": "Wazuh Manager host", + "json_class": "Chef::Role", + "default_attributes": { + + }, + "override_attributes": { + + }, + "chef_type": "role", + "run_list": [ + "recipe[wazuh_filebeat::filebeat]" + ], + "env_run_lists": { + + } + } +``` + + +Recipes +------- + +#### default.rb + +This recipe imports and executes the recipe *wazuh_filebeat::filebeat* + +#### repository.rb + +Append to repository path the URL and GPG key of Filebeat + +#### filebeat.rb + +* Install the package Filebeats +* Create the configuration of */etc/filebeat/filebeat.yml* with defined attributes in the ```attributes``` folder +* Download the alerts template for Elasticsearch +* Download the Wazuh module for Filebeat + +## References + +Check [Filebeat installation documentation](https://documentation.wazuh.com/4.0/learning-wazuh/build-lab/install-wazuh-manager.html#install-filebeat) for more detail \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/default.rb b/cookbooks/filebeat/attributes/default.rb new file mode 100644 index 00000000..bc960a47 --- /dev/null +++ b/cookbooks/filebeat/attributes/default.rb @@ -0,0 +1,11 @@ +# Cookbook Name:: filebeat +# Attribute:: default +# Author:: Wazuh + +default['filebeat']['elasticsearch_server_ip'] = [ + "http://0.0.0.0:9200" +] +default['filebeat']['config_path'] = '/etc/filebeat' +default['filebeat']['alerts_template'] = 'wazuh-template.json' +default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" +default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/versions.rb b/cookbooks/filebeat/attributes/versions.rb new file mode 100644 index 00000000..5cd66ec2 --- /dev/null +++ b/cookbooks/filebeat/attributes/versions.rb @@ -0,0 +1,12 @@ +# Cookbook Name:: filebeat +# Attribute:: versions +# Author:: Wazuh + +# ELK +default['elk']['major_version'] = "7.x" +default['elk']['patch_version'] = "7.9.1" + +# Wazuh +default['wazuh']['major_version'] = "4.x" +default['wazuh']['minor_version'] = "4.0" +default['wazuh']['patch_version'] = "4.0.2" \ No newline at end of file diff --git a/cookbooks/filebeat/chefignore b/cookbooks/filebeat/chefignore new file mode 100644 index 00000000..80dc2d20 --- /dev/null +++ b/cookbooks/filebeat/chefignore @@ -0,0 +1,95 @@ +# Put files/directories that should be ignored in this file when uploading +# or sharing to the community site. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +Icon? +nohup.out +ehthumbs.db +Thumbs.db + +# SASS # +######## +.sass-cache + +# EDITORS # +########### +\#* +.#* +*~ +*.sw[a-z] +*.bak +REVISION +TAGS* +tmtags +*_flymake.* +*_flymake +*.tmproj +.project +.settings +mkmf.log + +## COMPILED ## +############## +a.out +*.o +*.pyc +*.so +*.com +*.class +*.dll +*.exe +*/rdoc/ + +# Testing # +########### +.watchr +.rspec +spec/* +spec/fixtures/* +test/* +features/* +Guardfile +Procfile + +# SCM # +####### +.git +*/.git +.gitignore +.gitmodules +.gitconfig +.gitattributes +.svn +*/.bzr/* +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Cookbooks # +############# +CONTRIBUTING + +# Strainer # +############ +Colanderfile +Strainerfile +.colander +.strainer + +# Vagrant # +########### +.vagrant +Vagrantfile + +# Travis # +########## +.travis.yml diff --git a/cookbooks/filebeat/libraries/matchers.rb b/cookbooks/filebeat/libraries/matchers.rb new file mode 100644 index 00000000..e69de29b diff --git a/cookbooks/filebeat/metadata.rb b/cookbooks/filebeat/metadata.rb new file mode 100644 index 00000000..d95febd4 --- /dev/null +++ b/cookbooks/filebeat/metadata.rb @@ -0,0 +1,25 @@ +name 'wazuh_filebeat' +maintainer 'Wazuh' +maintainer_email 'info@wazuh.com' +license 'Apache 2.0' +description 'Installs and configures filebeat' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '0.1.0' + +%w(redhat centos oracle).each do |el| + supports el, '>= 6.0' +end +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' +supports 'debian', '>= 7.0' +supports 'ubuntu', '>= 12.04' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' + +depends 'apt' +depends 'yum' +depends 'zypper' + +issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) +chef_version '>= 12.0' if respond_to?(:chef_version) diff --git a/cookbooks/filebeat/providers/default.rb b/cookbooks/filebeat/providers/default.rb new file mode 100644 index 00000000..e69de29b diff --git a/cookbooks/filebeat/recipes/default.rb b/cookbooks/filebeat/recipes/default.rb new file mode 100644 index 00000000..e6bcae73 --- /dev/null +++ b/cookbooks/filebeat/recipes/default.rb @@ -0,0 +1,7 @@ +# Cookbook Name:: filebeat +# Recipe:: default +# Author:: Wazuh + +include_recipe 'apt::default' +include_recipe 'filebeat::repository' +include_recipe 'filebeat::filebeat' diff --git a/cookbooks/filebeat/recipes/filebeat.rb b/cookbooks/filebeat/recipes/filebeat.rb new file mode 100644 index 00000000..576f5b42 --- /dev/null +++ b/cookbooks/filebeat/recipes/filebeat.rb @@ -0,0 +1,94 @@ +# Cookbook Name:: filebeat +# Recipe:: default +# Author:: Wazuh + +# Install Filebeat package + +if platform_family?('debian','ubuntu') + package 'lsb-release' + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end +elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') + if node['platform']['version'] >= '8' + dnf_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end + else + yum_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end + end +elsif platform_family?('opensuse', 'suse') + yum_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end + +# Edit the file /etc/filebeat/filebeat.yml + +template "#{node['filebeat']['config_path']}/filebeat.yml" do + source 'filebeat.yml.erb' + owner 'root' + group 'root' + mode '0640' + variables( + output_elasticsearch_hosts: node['filebeat']['elasticsearch_server_ip'] + ) +end + +# Download the alerts template for Elasticsearch + +remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" do + source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['minor_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" + owner 'root' + group 'root' + mode '0644' +end + +# Download the Wazuh module for Filebeat + +remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do + source "https://packages.wazuh.com/#{node['wazuh']['minor_version']}/filebeat/#{node['filebeat']['wazuh_module']}" +end + +archive_file "#{node['filebeat']['wazuh_module']}" do + path "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" + destination "#{node['filebeat']['wazuh_module_path']}" +end + +file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do + action :delete +end + +# Change module permission + +directory '/usr/share/filebeat/module/wazuh' do + mode '0755' + recursive true +end + +# Enable and start service + +service "filebeat" do + supports :start => true, :stop => true, :restart => true, :reload => true + action [:enable, :start] +end + +# Load the Filebeat template (Elasticsarch must be installed and running) + +bash 'Load the Filebeat template' do + code <<-EOH + filebeat setup --index-management -E setup.template.json.enabled=false + EOH +end + + + diff --git a/cookbooks/filebeat/recipes/repository.rb b/cookbooks/filebeat/recipes/repository.rb new file mode 100644 index 00000000..e30861d7 --- /dev/null +++ b/cookbooks/filebeat/recipes/repository.rb @@ -0,0 +1,49 @@ +# Cookbook Name:: filebeat +# Recipe:: repository +# Author:: Wazuh + +if platform_family?('ubuntu', 'debian') + package 'lsb-release' + + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_repository 'elastic-7.x' do + key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + uri "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/apt" + components ['main'] + distribution 'stable' + not_if do + File.exists?("/etc/apt/sources.list.d/elastic-#{node['elk']['major_version']}.list") + end + action :add + end + + apt_update + + elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') + yum_repository 'elastic' do + description 'Elasticsearch repository for 7.x packages' + gpgcheck true + gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + enabled true + baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" + action :create + end + + elsif platform_family?('opensuseleap', 'suse') + zypper_repository 'elastic' do + description 'Elasticsearch repository for 7.x packages' + gpgcheck true + gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + enabled true + baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" + action :create + end + + else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + end + \ No newline at end of file diff --git a/cookbooks/filebeat/resources/default.rb b/cookbooks/filebeat/resources/default.rb new file mode 100644 index 00000000..e69de29b diff --git a/cookbooks/wazuh_server/spec/spec_helper.rb b/cookbooks/filebeat/spec/spec_helper.rb similarity index 100% rename from cookbooks/wazuh_server/spec/spec_helper.rb rename to cookbooks/filebeat/spec/spec_helper.rb diff --git a/cookbooks/filebeat/spec/unit/recipes/default_spec.rb b/cookbooks/filebeat/spec/unit/recipes/default_spec.rb new file mode 100644 index 00000000..461ed571 --- /dev/null +++ b/cookbooks/filebeat/spec/unit/recipes/default_spec.rb @@ -0,0 +1,45 @@ +# +# Cookbook Name:: wazuh_filebeat +# Spec:: manager +# + +require 'spec_helper' + +describe 'wazuh_filebeat::default' do + cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } + + before do + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( + '{"logstash_certificate": "ossec"}' + ) + end + + it 'includes the wazuh_filebeat:default recipe' do + expect(chef_run).to include_recipe 'wazuh_filebeat::default' + end + + it 'installs filebeat' do + expect(chef_run).to install_package('filebeat') + end + + it 'service restart filebeat' do + expect(chef_run).to start_service('filebeat') + end + + it 'creates template for /etc/filebeat/filebeat.yml' do + expect(chef_run).to create_template('/etc/filebeat/filebeat.yml').with( + mode: '0640', + user: 'root', + group: 'root', + source: 'filebeat.yml.erb' + ) + end + + it 'creates a file /etc/filebeat/logstash_certificate.crt' do + expect(chef_run).to create_file('/etc/filebeat/logstash_certificate.crt').with( + user: 'root', + group: 'root' + ) + end + +end diff --git a/cookbooks/filebeat/templates/default/filebeat.yml.erb b/cookbooks/filebeat/templates/default/filebeat.yml.erb new file mode 100644 index 00000000..241e9b57 --- /dev/null +++ b/cookbooks/filebeat/templates/default/filebeat.yml.erb @@ -0,0 +1,19 @@ +# Wazuh - Filebeat configuration file +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +setup.template.json.enabled: true +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' +setup.template.overwrite: true +setup.ilm.enabled: false + +output.elasticsearch.hosts: [ + <% @output_elasticsearch_hosts.each do |node| %> + "<%= node %>" + <% end %> +] \ No newline at end of file diff --git a/cookbooks/wazuh_server/test/data_bags/wazuh_secrets/api.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets/api.json similarity index 100% rename from cookbooks/wazuh_server/test/data_bags/wazuh_secrets/api.json rename to cookbooks/filebeat/test/data_bags/wazuh_secrets/api.json diff --git a/cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json new file mode 100644 index 00000000..649a6e00 --- /dev/null +++ b/cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json @@ -0,0 +1,9 @@ +{ + "id": "logstash_certificate", + "logstash_certificate": { + "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", + "iv": "9XRPuHdUeXlrs0GccbDJew==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json new file mode 100644 index 00000000..e9a89e98 --- /dev/null +++ b/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json @@ -0,0 +1,15 @@ +{ + "id": "api", + "htpasswd_user": { + "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", + "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "htpasswd_passcode": { + "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", + "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json new file mode 100644 index 00000000..649a6e00 --- /dev/null +++ b/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json @@ -0,0 +1,9 @@ +{ + "id": "logstash_certificate", + "logstash_certificate": { + "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", + "iv": "9XRPuHdUeXlrs0GccbDJew==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/filebeat/test/environments/development.json b/cookbooks/filebeat/test/environments/development.json new file mode 100644 index 00000000..d97c9bdb --- /dev/null +++ b/cookbooks/filebeat/test/environments/development.json @@ -0,0 +1,16 @@ +{ + "name": "development", + "description": "The development environment", + "cookbook_versions": { + }, + "json_class": "Chef::Environment", + "chef_type": "environment", + "default_attributes": { + + }, + "override_attributes": { + "filebeat": { + "logstash_servers": "elk.wazuh-development.com:5000" + } + } +} diff --git a/cookbooks/filebeat/test/environments/production.json b/cookbooks/filebeat/test/environments/production.json new file mode 100644 index 00000000..28faa538 --- /dev/null +++ b/cookbooks/filebeat/test/environments/production.json @@ -0,0 +1,16 @@ +{ + "name": "production", + "description": "The development environment", + "cookbook_versions": { + }, + "json_class": "Chef::Environment", + "chef_type": "environment", + "default_attributes": { + + }, + "override_attributes": { + "filebeat": { + "logstash_servers": "elk.wazuh-production.com:5000" + } + } +} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json new file mode 100644 index 00000000..e9a89e98 --- /dev/null +++ b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json @@ -0,0 +1,15 @@ +{ + "id": "api", + "htpasswd_user": { + "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", + "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "htpasswd_passcode": { + "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", + "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json new file mode 100644 index 00000000..649a6e00 --- /dev/null +++ b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json @@ -0,0 +1,9 @@ +{ + "id": "logstash_certificate", + "logstash_certificate": { + "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", + "iv": "9XRPuHdUeXlrs0GccbDJew==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json new file mode 100644 index 00000000..e9a89e98 --- /dev/null +++ b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json @@ -0,0 +1,15 @@ +{ + "id": "api", + "htpasswd_user": { + "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", + "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "htpasswd_passcode": { + "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", + "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json new file mode 100644 index 00000000..649a6e00 --- /dev/null +++ b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json @@ -0,0 +1,9 @@ +{ + "id": "logstash_certificate", + "logstash_certificate": { + "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", + "iv": "9XRPuHdUeXlrs0GccbDJew==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/wazuh_server/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/filebeat/test/integration/default/encrypted_data_bag_secret similarity index 100% rename from cookbooks/wazuh_server/test/data_bags/wazuh_secrets/test_data_bag_key rename to cookbooks/filebeat/test/integration/default/encrypted_data_bag_secret diff --git a/cookbooks/opendistro/.gitignore b/cookbooks/opendistro/.gitignore new file mode 100644 index 00000000..29e7f280 --- /dev/null +++ b/cookbooks/opendistro/.gitignore @@ -0,0 +1,5 @@ +.kitchen +Berksfile.lock +Gemfile.lock +.kitchen.docker_totvs.yml +.DS_Store diff --git a/cookbooks/opendistro/.kitchen.yml b/cookbooks/opendistro/.kitchen.yml new file mode 100644 index 00000000..cd80b7ae --- /dev/null +++ b/cookbooks/opendistro/.kitchen.yml @@ -0,0 +1,58 @@ +driver: + name: vagrant + +provisioner: + name: chef_zero + environments_path: "test/environments" + data_bags_path: "test/data_bags" + encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" + product_version: latest + +verifiers: + name: inspec + +platforms: + - name: ubuntu-20.04 + - name: ubuntu-18.04 + - name: centos-8.0 + - name: centos-7 + +suites: + - name: elastic + run_list: + - recipe[wazuh_elastic::default] + driver: + network: + - ["private_network", {ip: "172.16.10.11"}] + customize: + memory: 2048 + cpus: 2 + + +#driver: +# name: vagrant +# driver_config: +# require_chef_omnibus: latest +# +#provisioner: +# name: chef_zero +# environments_path: "../../environments" +# data_bags_path: "../../data_bags" +# encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret" +# +# +#platforms: +# - name: ubuntu-12.04 +# run_list: apt::default +# - name: ubuntu-14.04 +# run_list: apt::default +# +#suites: +# - name: default +# driver: +# network: +# - ["private_network", {ip: "172.16.10.10"}] +# run_list: +# - recipe[wazuh_elastic::default] +# attributes: +# \ No newline at end of file diff --git a/cookbooks/opendistro/Berksfile b/cookbooks/opendistro/Berksfile new file mode 100644 index 00000000..1a8f987d --- /dev/null +++ b/cookbooks/opendistro/Berksfile @@ -0,0 +1,7 @@ +# -*- ruby -*- +source 'https://supermarket.getchef.com' + +metadata + +cookbook 'hostsfile' +cookbook 'htpasswd' diff --git a/cookbooks/opendistro/CHANGELOG.md b/cookbooks/opendistro/CHANGELOG.md new file mode 100644 index 00000000..77d190cf --- /dev/null +++ b/cookbooks/opendistro/CHANGELOG.md @@ -0,0 +1,6 @@ +## v0.1.0 +1. Bump to Opendistro for Elasticsearch 7.9.1 +2. Added suse repository +*Note*: in future version, kibana will be in an independent cookbook + +* Initial/current release diff --git a/cookbooks/opendistro/Gemfile b/cookbooks/opendistro/Gemfile new file mode 100644 index 00000000..15eaf962 --- /dev/null +++ b/cookbooks/opendistro/Gemfile @@ -0,0 +1,21 @@ +source 'https://rubygems.org' + +group :lint do + gem 'foodcritic', '~> 5.0' + gem 'rubocop', '~> 0.50.0' +end + +group :unit do + gem 'berkshelf', '~> 4.0' + gem 'chefspec', '~> 4.4' +end + +group :kitchen_common do + gem 'test-kitchen', '~> 1.4' +end + +group :kitchen_vagrant do + gem 'kitchen-vagrant', '~> 0.19' +end + +gem 'psych', '~> 3.2' diff --git a/cookbooks/wazuh_elastic/README.md b/cookbooks/opendistro/README.md similarity index 100% rename from cookbooks/wazuh_elastic/README.md rename to cookbooks/opendistro/README.md diff --git a/cookbooks/opendistro/attributes/api.rb b/cookbooks/opendistro/attributes/api.rb new file mode 100644 index 00000000..2c5c7fa7 --- /dev/null +++ b/cookbooks/opendistro/attributes/api.rb @@ -0,0 +1,12 @@ +default['kibana']['yml'] = { + 'server' => { + 'host' => '0.0.0.0', + 'port' => 5601 + }, + 'elasticsearch' => { + 'hosts' => [ + "https://#{node['wazuh-elastic']['yml']['network']['host']}:#{node['wazuh-elastic']['yml']['http']['port']}" + ] + } +} +default['wazuh-elastic']['kibana_wazuh_api_credentials'] = [ { id: "default", url: "https://localhost", port: "55000", username: "wazuh", password: "wazuh" } ] \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/default.rb b/cookbooks/opendistro/attributes/default.rb new file mode 100644 index 00000000..0cfa5660 --- /dev/null +++ b/cookbooks/opendistro/attributes/default.rb @@ -0,0 +1,16 @@ +# Cookbook Name:: opendistro +# Attributes:: default +# Author:: Wazuh + +# Elastic paths +default['elastic']['config_path'] = "/etc/elasticsearch" +default['elastic']['package_path'] = "/usr/share/elasticsearch" +default['elastic']['plugins_path'] = "#{node['elastic']['package_path']}/plugins" + +# Kibana paths +default['kibana']['package_path'] = "/usr/share/kibana" +default['kibana']['config_path'] = "/etc/kibana" + +# Searchguard paths +default['searchguard']['config_path'] = "/etc/searchguard" + diff --git a/cookbooks/opendistro/attributes/jvm.rb b/cookbooks/opendistro/attributes/jvm.rb new file mode 100644 index 00000000..f30c99c9 --- /dev/null +++ b/cookbooks/opendistro/attributes/jvm.rb @@ -0,0 +1,3 @@ +default['jvm'] = { + 'memory' => "1g" +} \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/search_guard.rb b/cookbooks/opendistro/attributes/search_guard.rb new file mode 100644 index 00000000..eed89037 --- /dev/null +++ b/cookbooks/opendistro/attributes/search_guard.rb @@ -0,0 +1 @@ +default['searchguard']['tls_tool'] = "search-guard-tlstool-1.8.zip" diff --git a/cookbooks/opendistro/attributes/versions.rb b/cookbooks/opendistro/attributes/versions.rb new file mode 100644 index 00000000..02c36d3b --- /dev/null +++ b/cookbooks/opendistro/attributes/versions.rb @@ -0,0 +1,23 @@ +default['wazuh-elastic']['elastic_stack_version'] = "7.9.1" +default['wazuh-elastic']['odfe_version'] = "1.11.0" +default['wazuh-elastic']['kibana_plugin_version'] = "4.0.2_7.9.1-1" +default['wazuh']['major_version'] = "4.x" +default['wazuh']['version'] = "4.0" +default['elastic']['major_version'] = "7.x" + +# Elastic Stavk +default['elk']['patch_version'] = "7.9.1" + +# Opendistro +default['odfe']['patch_version'] = "1.11.0" + +# Wazuh +default['wazuh']['major_version'] = "4.x" +default['wazuh']['minor_version'] = "4.0" +default['wazuh']['patch_version'] = "4.0.2" + +# Kibana +default['wazuh']['kibana_plugin_version'] = "4.0.2_7.9.1" + +# Search guard +default['search_guard']['version'] = "1.8" \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/attributes/search_guard.rb b/cookbooks/opendistro/attributes/yml.rb similarity index 65% rename from cookbooks/wazuh_elastic/attributes/search_guard.rb rename to cookbooks/opendistro/attributes/yml.rb index 5edf1e56..387b18d1 100644 --- a/cookbooks/wazuh_elastic/attributes/search_guard.rb +++ b/cookbooks/opendistro/attributes/yml.rb @@ -1,5 +1,33 @@ -default['search_guard']['tls_tool'] = "search-guard-tlstool-1.8.zip" -default['search_guard']['config_path'] = "/etc/searchguard" +# Elasticsearch-oss configuration file + +default['elastic']['yml'] = { + 'network' => { + 'host' => '0.0.0.0' + }, + 'node' => { + 'name' => "odfe-node-1" + }, + 'cluster' => { + 'initial_master_nodes' => "#{node['elastic']['yml']['node']['name']}" + } +} + +# Kibana-oss configuration file + +default['kibana']['yml'] = { + 'server' => { + 'host' => '0.0.0.0', + 'port' => 5601 + }, + 'elasticsearch' => { + 'hosts' => [ + "https://#{node['wazuh-elastic']['yml']['network']['host']}:#{node['wazuh-elastic']['yml']['http']['port']}" + ] + } +} + +# Searchguard configuraion file + default['search_guard']['yml'] = { "ca" => { diff --git a/cookbooks/opendistro/config/rake.rb b/cookbooks/opendistro/config/rake.rb new file mode 100644 index 00000000..65d7d3a9 --- /dev/null +++ b/cookbooks/opendistro/config/rake.rb @@ -0,0 +1,35 @@ +# Configure the Rakefile's tasks. + +### +# Company and SSL Details +# Used with the ssl_cert task. +### + +# The company name - used for SSL certificates, and in srvious other places +COMPANY_NAME = 'Wazuh'.freeze + +# The Country Name to use for SSL Certificates +SSL_COUNTRY_NAME = 'US'.freeze + +# The State Name to use for SSL Certificates +SSL_STATE_NAME = 'VA'.freeze + +# The Locality Name for SSL - typically, the city +SSL_LOCALITY_NAME = 'Leesburg'.freeze + +# What department? +SSL_ORGANIZATIONAL_UNIT_NAME = 'Operations'.freeze + +# The SSL contact email address +SSL_EMAIL_ADDRESS = 'info@wazuh.com'.freeze + +# License for new Cookbooks +# Can be :apachev2 or :none +NEW_COOKBOOK_LICENSE = :all_rights + +## Useful Extras (which you probably don't need to change) +# The top of the repository checkout +TOPDIR = File.expand_path(File.join(File.dirname(__FILE__), '..')) + +# Where to store certificates generated with ssl_cert +CADIR = File.expand_path(File.join(TOPDIR, 'certificates')) diff --git a/cookbooks/wazuh_elastic/metadata.rb b/cookbooks/opendistro/metadata.rb similarity index 100% rename from cookbooks/wazuh_elastic/metadata.rb rename to cookbooks/opendistro/metadata.rb diff --git a/cookbooks/opendistro/recipes/default.rb b/cookbooks/opendistro/recipes/default.rb new file mode 100644 index 00000000..e13dd712 --- /dev/null +++ b/cookbooks/opendistro/recipes/default.rb @@ -0,0 +1,10 @@ +# Cookbook Name:: opendistro +# Recipe:: default +# Author:: Wazuh + +############################################# +include_recipe 'chef-sugar::default' +include_recipe 'wazuh_elastic::prerequisites' +include_recipe 'wazuh_elastic::repository' +include_recipe 'wazuh_elastic::elasticsearch' +include_recipe 'wazuh_elastic::kibana' diff --git a/cookbooks/opendistro/recipes/elasticsearch.rb b/cookbooks/opendistro/recipes/elasticsearch.rb new file mode 100644 index 00000000..22fdd943 --- /dev/null +++ b/cookbooks/opendistro/recipes/elasticsearch.rb @@ -0,0 +1,184 @@ +# Cookbook Name:: opendistro +# Recipe:: elasticsearch +# Author:: Wazuh + +# Install opendistroforelasticsearch + +if platform_family?('debian', 'ubuntu') + apt_package 'elasticsearch-oss' do + version "#{node['elk']['patch_version']}-1" + end + + apt_package 'opendistroforelasticsearch' do + version "#{node['odfe']['patch_version']}-1" + end + +elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') + if node['platform_version'] >= '8' + dnf_package 'opendistroforelasticsearch' do + version "#{node['odfe']['patch_version']}-1" + end + else + yum_package 'opendistroforelasticsearch' do + version "#{node['odfe']['patch_version']}-1" + end + end + +elsif platform_family?('opensuse', 'suse') + zypper_package 'opendistroforelasticsearch' do + version "#{node['odfe']['patch_version']}-1" + end + +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end + +# Set up opendistro for elasticsearch configuration file + +template "#{node['elastic']['config_path']}/elasticsearch.yml" do + source 'od_elasticsearch.yml.erb' + owner 'root' + group 'elasticsearch' + mode '0660' + variables (content: Psych.dump(node['odfe']['yml'])) +end + +# Add extra roles and users to Wazuh Kibana plugin + +remote_file "#{node['elastic']['plugins_path']}/opendistro_security/securityconfig/roles.yml" do + source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['minor_version']}/resources/open-distro/elasticsearch/roles/roles.yml" +end + +remote_file "#{node['elastic']['plugins_path']}/opendistro_security/securityconfig/roles_mapping.yml" do + source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['minor_version']}/resources/open-distro/elasticsearch/roles/roles_mapping.yml" +end + +remote_file "#{node['elastic']['plugins_path']}/opendistro_security/securityconfig/internal_users.yml" do + source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['minor_version']}/resources/open-distro/elasticsearch/roles/internal_users.yml" +end + +# Certificates creation and deployment + +## Remove the demo certificates + +file "#{node['elastic']['config_path']}/esnode-key.pem" do + action :delete +end + +file "#{node['elastic']['config_path']}/esnode.pem" do + action :delete +end + +file "#{node['elastic']['config_path']}/kirk-key.pem" do + action :delete +end + +file "#{node['elastic']['config_path']}/kirk.pem" do + action :delete +end + +file "#{node['elastic']['config_path']}/root-ca.pem" do + action :delete +end + +## Generate and deploy the certificates + +directory "#{node['elastic']['config_path']}/certs" do + action :create +end + +directory "#{node['searchguard']['config_path']}" do + action :create +end + +remote_file "#{node['searchguard']['config_path']}/#{node['searchguard']['tls_tool']}" do + source "https://maven.search-guard.com/search-guard-tlstool/#{node['search_guard']['version']}/#{node['search_guard']['tls_tool']}" +end + +archive_file "#{node['searchguard']['tls_tool']}" do + path "#{node['searchguard']['config_path']}/#{node['searchguard']['tls_tool']}" + destination "#{node['search_guard']['config_path']}" +end + +template "#{node['search_guard']['config_path']}/search-guard.yml" do + source 'search-guard.yml.erb' + owner 'root' + group 'elasticsearch' + mode '0660' + variables ({ + elastic_node_ip: node['elastic']['yml']['network']['host'], + kibana_node_ip: node['kibana']['yml']['server']['host'] + +end + +execute 'Run the Search Guard’s script to create the certificates' do + command "#{node['searchguard']['config_path']}/tools/sgtlstool.sh -c #{node['searchguard']['config_path']}/search-guard.yml -ca -crt -t #{node['elastic']['config_path']}/certs/" +end + +bash 'Compress all the necessary files to be sent to the all the instances' do + code <<-EOF + cd #{node['elastic']['config_path']}/certs + tar -cf certs.tar * + EOF +end + +log 'Copy certs.tar to all the servers of the distributed deployment' do + message: "Please copy #{node['elastic']['config_path']}/certs/certs.tar to all filebeat nodes" + level :warn +end + +## Remove unnecessary files + +file "#{node['elastic']['config_path']}/certs/client-certificates.readme" do + action :delete +end + +file "#{node['elastic']['config_path']}/certs/elasticsearch_elasticsearch_config_snippet.yml" do + action :delete +end + +file "#{node['searchguard']['config_path']}/#{node['searchguard']['tls_tool']}" do + action :delete +end + +# Verify Elasticsearch folders owner + +directory "#{'elastic']['config_path']}" do + owner 'elasticsearch' + group 'elasticsearch' + recursive true +end + +directory "/usr/share/elasticsearch" do + owner 'elasticsearch' + group 'elasticsearch' + recursive true +end + +directory "/var/lib/elasticsearch" do + owner 'elasticsearch' + group 'elasticsearch' + recursive true +end + +# Run elasticsearch service + +service "elasticsearch" do + supports :start => true, :stop => true, :restart => true, :reload => true + action [:enable, :start] +end + +ruby_block 'wait for elasticsearch' do + block do + loop { break if (TCPSocket.open( + "#{node['elastic']['yml']['network']['host']}", + node['elastic']['yml']['http']['port']) rescue nil + ); puts "Waiting for elasticsearch to start"; sleep 5 } + end +end + +execute 'Run the Elasticsearch’s securityadmin script' do + command "#{node['elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['elastic']['config_path']}/certs/root-ca.pem -cert #{node['elastic']['config_path']}/certs/admin.pem -key #{node['elastic']['config_path']}/certs/admin.key -h #{node['elastic']['elasticsearch_ip']}" +end + + diff --git a/cookbooks/wazuh_elastic/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb similarity index 74% rename from cookbooks/wazuh_elastic/recipes/kibana.rb rename to cookbooks/opendistro/recipes/kibana.rb index 32654669..440b1790 100644 --- a/cookbooks/wazuh_elastic/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -1,18 +1,27 @@ -# Cookbook Name:: wazuh-elastic -# Recipe:: kibana_install - -# Create user and group -# +# Cookbook Name:: opendistro +# Recipe:: kibana +# Author:: Wazuh # Install the Kibana package if platform_family?('debian', 'ubuntu') - apt_package 'opendistroforelasticsearch-kibana' -elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') - yum_package 'opendistroforelasticsearch-kibana' + apt_package 'opendistroforelasticsearch-kibana' do + version "#{node['wazuh-elastic']['odfe_version']}" + end +elsif platform_family?('rhel', 'redhat', 'centos') + if node['platform_version'] >= '8' + dnf_package 'opendistroforelasticsearch-kibana' do + version "#{node['wazuh-elastic']['odfe_version']}" + end + else + yum_package 'opendistroforelasticsearch-kibana' do + version "#{node['wazuh-elastic']['odfe_version']}" + end elsif platform_family?('suse') - zypper_package 'opendistroforelasticsearch-kibana' + zypper_package 'opendistroforelasticsearch-kibana' do + version "#{node['wazuh-elastic']['odfe_version']}" + end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end @@ -87,9 +96,9 @@ bash 'Waiting for elasticsearch curl response...' do code <<-EOH - until (curl -XGET http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}); do - printf 'Waiting for elasticsearch....' - sleep 5 - done + until (curl -XGET http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}); do + printf 'Waiting for elasticsearch....' + sleep 5 + done EOH end \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/recipes/prerequisites.rb b/cookbooks/opendistro/recipes/prerequisites.rb similarity index 90% rename from cookbooks/wazuh_elastic/recipes/prerequisites.rb rename to cookbooks/opendistro/recipes/prerequisites.rb index 86554a21..90d08970 100644 --- a/cookbooks/wazuh_elastic/recipes/prerequisites.rb +++ b/cookbooks/opendistro/recipes/prerequisites.rb @@ -1,9 +1,12 @@ +# Cookbook Name:: opendistro +# Recipe:: prerequisites +# Author:: Wazuh + if platform_family?('debian','ubuntu') package "lsb-release" ohai "reload lsb" do plugin "lsb" - # action :nothing subscribes :reload, "package[lsb-release]", :immediately end @@ -34,9 +37,7 @@ end apt_package 'openjdk-11-jdk' - - -elsif platform_family?('rhel', 'redhat', 'centos') +elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') # Install all the necessary packages for the installation execute 'export JAVA_HOME' do @@ -55,7 +56,7 @@ end end -elsif platform_family?('suse') +elsif platform_family?('opensuse', 'suse') # Install zypper prerequisites zypper_package 'prerequisites' do package_name ['curl', 'unzip', 'wget', 'libcap2'] diff --git a/cookbooks/wazuh_elastic/recipes/repository.rb b/cookbooks/opendistro/recipes/repository.rb similarity index 73% rename from cookbooks/wazuh_elastic/recipes/repository.rb rename to cookbooks/opendistro/recipes/repository.rb index c588e604..3a2f1bee 100644 --- a/cookbooks/wazuh_elastic/recipes/repository.rb +++ b/cookbooks/opendistro/recipes/repository.rb @@ -1,5 +1,5 @@ -# Cookbook Name:: wazuh_elastic -# Recipe:: default +# Cookbook Name:: opendistro +# Recipe:: repository # Author:: Wazuh if platform_family?('debian','ubuntu') @@ -7,13 +7,12 @@ ohai "reload lsb" do plugin "lsb" - # action :nothing subscribes :reload, "package[lsb-release]", :immediately end # Install GPG key and add repository apt_repository "wazuh" do - uri "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/apt/" + uri "https://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" key "https://packages.wazuh.com/key/GPG-KEY-WAZUH" distribution "stable" components ["main"] @@ -25,20 +24,20 @@ # Update the package information apt_update -elsif platform_family?('rhel', 'redhat', 'centos', 'amazon') +elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') yum_repository "wazuh" do description "OpenDistro Elasticseach Yum" - baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum/" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" action :create not_if do File.exists?("/etc/yum.repos.d/wazuh.repo") end end -elsif platform_family?('suse') +elsif platform_family?('opensuse', 'suse') zypper_repository "wazuh" do description "OpenDistro Elasticseach Zypper" - baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum/" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" action :create not_if do diff --git a/cookbooks/opendistro/spec/spec_helper.rb b/cookbooks/opendistro/spec/spec_helper.rb new file mode 100644 index 00000000..c86adfd5 --- /dev/null +++ b/cookbooks/opendistro/spec/spec_helper.rb @@ -0,0 +1,20 @@ +require 'chefspec' +require 'chefspec/berkshelf' + +RSpec.configure do |config| + # Use color in STDOUT + config.color = true + + # Use color not only in STDOUT but also in pagers and files + config.tty = true + + # Use the specified formatter + config.formatter = :documentation # :progress, :html, :textmate + + config.log_level = :error + + config.platform = 'ubuntu' + config.version = '14.04' +end + +at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/opendistro/spec/unit/recipes/default_spec.rb b/cookbooks/opendistro/spec/unit/recipes/default_spec.rb new file mode 100644 index 00000000..a7746378 --- /dev/null +++ b/cookbooks/opendistro/spec/unit/recipes/default_spec.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: wazuh_elastic +# Spec:: default +# + +require 'spec_helper' + +describe 'wazuh_elastic::default' do + cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } + + it 'does not raise an exception' do + stub_command('dpkg -s oracle-java8-installer').and_return(true) + expect { chef_run }.to_not raise_error + end + + before do + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'nginx_certificate').and_return('{"nginx_certificate": "nginx_certificate"}') + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return('{"logstash_certificate": "logstash_certificate"}') + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return('{"htpasswd_user": "htpasswd_user", "htpasswd_passcode": "htpasswd_passcode"}') + end + + it 'includes the wazuh_elastic::default recipe' do + expect(chef_run).to include_recipe 'wazuh_elastic::default' + end +end diff --git a/cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb b/cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb new file mode 100644 index 00000000..abfdd020 --- /dev/null +++ b/cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb @@ -0,0 +1,26 @@ +# +# Cookbook Name:: wazuh_elastic +# Spec:: elasticsearch +# + +require 'spec_helper' + +describe 'wazuh_elastic::elasticsearch' do + cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } + + it 'includes the wazuh_elastic::elasticssearch recipe' do + expect(chef_run).to include_recipe 'wazuh_elastic::elasticsearch' + end + + it 'service elasticsearch' do + expect(chef_run).to start_service('elasticsearch') + end + + it 'create a template elasticsearch.yml' do + expect(chef_run).to create_template('/etc/elasticsearch/elasticsearch.yml').with( + :owner => 'root', + :group => 'elasticsearch', + :source => 'elasticsearch.yml.erb' + ) + end +end diff --git a/cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb b/cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb new file mode 100644 index 00000000..2cc0a86f --- /dev/null +++ b/cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb @@ -0,0 +1,49 @@ +# +# Cookbook Name:: wazuh_elastic +# Spec:: kibana +# + +require 'spec_helper' + +describe 'wazuh_elastic::kibana' do + cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } + + before do + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( + '{"logstash_certificate": "logstash_certificate"}' + ) + end + + it 'includes the wazuh_elastic::kibana recipe' do + expect(chef_run).to include_recipe 'wazuh_elastic::kibana' + end + + it 'installs python-requests' do + expect(chef_run).to install_package('python-requests') + end + + it 'create a template /tmp/wazuh_kibana_installer.py' do + expect(chef_run).to create_template('/tmp/wazuh_kibana_installer.py').with( + :owner => 'root', + :group => 'root', + :mode => '0777', + :source => 'wazuh_kibana_installer.py.erb' + ) + end + + it 'create a template kibana.yml' do + expect(chef_run).to create_template('/opt/kibana/config/kibana.yml').with( + :owner => 'root', + :group => 'root', + :source => 'kibana.yml.erb' + ) + end + + it 'service kibana' do + expect(chef_run).to start_service('kibana') + end + + it 'installs kibana' do + expect(chef_run).to install_package('kibana') + end +end diff --git a/cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb b/cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb new file mode 100644 index 00000000..92d12b67 --- /dev/null +++ b/cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb @@ -0,0 +1,58 @@ +# +# Cookbook Name:: wazuh_elastic +# Spec:: logstash +# + +require 'spec_helper' + +describe 'wazuh_elastic::logstash' do + cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } + + before do + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( + '{"logstash_certificate": "logstash_certificate"}' + ) + end + + it 'includes the wazuh_elastic::logstash recipe' do + expect(chef_run).to include_recipe 'wazuh_elastic::logstash' + end + + it 'service logstash' do + expect(chef_run).to start_service('logstash') + end + + it 'creates a file /etc/logstash/logstash-forwarder.key' do + expect(chef_run).to create_file('/etc/logstash/logstash-forwarder.key').with( + user: 'root', + group: 'root' + ) + end + + it 'creates a file /etc/logstash/logstash-forwarder.crt' do + expect(chef_run).to create_file('/etc/logstash/logstash-forwarder.crt').with( + user: 'root', + group: 'root' + ) + end + + it 'create a template elastic-ossec-template.json' do + expect(chef_run).to create_template('/etc/logstash/elastic-ossec-template.json').with( + owner: 'root', + group: 'root', + source: 'elastic-ossec-template.json.erb' + ) + end + + it 'create a template 01-ossec.conf' do + expect(chef_run).to create_template('/etc/logstash/conf.d/01-ossec.conf').with( + owner: 'root', + group: 'root', + source: '01-ossec.conf.erb' + ) + end + + it 'installs logstash' do + expect(chef_run).to install_package('logstash') + end +end diff --git a/cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb b/cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb new file mode 100644 index 00000000..20c64013 --- /dev/null +++ b/cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb @@ -0,0 +1,60 @@ +# +# Cookbook Name:: wazuh_elastic +# Spec:: nginx +# + +require 'spec_helper' + +describe 'wazuh_elastic::nginx' do + cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } + + before do + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'nginx_certificate').and_return( + '{"nginx_certificate": "nginx_certificate"}' + ) + allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return( + '{"htpasswd_user": "htpasswd_user", "htpasswd_passcode": "htpasswd_passcode"}' + ) + end + + it 'includes the wazuh_elastic::nginx recipe' do + expect(chef_run).to include_recipe 'wazuh_elastic::nginx' + end + + it 'service nginx' do + expect(chef_run).to start_service('nginx') + end + + it 'creates a file /etc/ssl/certs/kibana-access.crt' do + expect(chef_run).to create_file('/etc/ssl/certs/kibana-access.crt').with( + user: 'root', + group: 'root' + ) + end + + it 'creates a file /etc/nginx/conf.d/kibana.htpasswd' do + expect(chef_run).to create_file('/etc/nginx/conf.d/kibana.htpasswd').with( + user: 'root', + group: 'root' + ) + end + + it 'creates a file /etc/ssl/certs/kibana-access.key' do + expect(chef_run).to create_file('/etc/ssl/certs/kibana-access.key').with( + user: 'root', + group: 'root' + ) + end + + it 'create a template default' do + expect(chef_run).to create_template('/etc/nginx/sites-available/default').with( + owner: 'root', + group: 'root', + source: 'nginx-default.erb' + ) + end + + it 'installs nginx' do + expect(chef_run).to install_package('nginx') + end +end diff --git a/cookbooks/opendistro/templates/elasticsearch.yml.erb b/cookbooks/opendistro/templates/elasticsearch.yml.erb new file mode 100644 index 00000000..2fede596 --- /dev/null +++ b/cookbooks/opendistro/templates/elasticsearch.yml.erb @@ -0,0 +1,33 @@ +# ======================== Elasticsearch Configuration ========================= +# +# Please consult the documentation for further information on configuration options: +# https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-configuration +# + +network.host: <%= network_host %> +node.name: <%= node_name %> +cluster.initial_master_nodes: <%= initial_master_nodes %> + +opendistro_security.ssl.transport.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch.pem +opendistro_security.ssl.transport.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch.key +opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem +opendistro_security.ssl.transport.enforce_hostname_verification: false +opendistro_security.ssl.transport.resolve_hostname: false +opendistro_security.ssl.http.enabled: true +opendistro_security.ssl.http.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch_http.pem +opendistro_security.ssl.http.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch_http.key +opendistro_security.ssl.http.pemtrustedcas_filepath: /etc/elasticsearch/certs/root-ca.pem +opendistro_security.nodes_dn: +- CN=node-1,OU=Docu,O=Wazuh,L=California,C=US +opendistro_security.authcz.admin_dn: +- CN=admin,OU=Docu,O=Wazuh,L=California,C=US + +opendistro_security.audit.type: internal_elasticsearch +opendistro_security.enable_snapshot_restore_privilege: true +opendistro_security.check_snapshot_restore_write_privileges: true +opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"] +cluster.routing.allocation.disk.threshold_enabled: false +node.max_local_storage_nodes: 3 + +path.data: /var/lib/elasticsearch +path.logs: /var/log/elasticsearch diff --git a/cookbooks/opendistro/templates/jvm.options.erb b/cookbooks/opendistro/templates/jvm.options.erb new file mode 100644 index 00000000..0a0b8c70 --- /dev/null +++ b/cookbooks/opendistro/templates/jvm.options.erb @@ -0,0 +1,77 @@ +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space + +-Xms<%= @memmory %> +-Xmx<%= @memmory %> + +################################################################ +## Expert settings +################################################################ +## +## All settings below this section are considered +## expert settings. Don't tamper with them unless +## you understand what you are doing +## +################################################################ + +## GC configuration +8-13:-XX:+UseConcMarkSweepGC +8-13:-XX:CMSInitiatingOccupancyFraction=75 +8-13:-XX:+UseCMSInitiatingOccupancyOnly + +## G1GC Configuration +# NOTE: G1 GC is only supported on JDK version 10 or later +# to use G1GC, uncomment the next two lines and update the version on the +# following three lines to your version of the JDK +# 10-13:-XX:-UseConcMarkSweepGC +# 10-13:-XX:-UseCMSInitiatingOccupancyOnly +14-:-XX:+UseG1GC +14-:-XX:G1ReservePercent=25 +14-:-XX:InitiatingHeapOccupancyPercent=30 + +## JVM temporary directory +-Djava.io.tmpdir=${ES_TMPDIR} + +## heap dumps + +# generate a heap dump when an allocation from the Java heap fails +# heap dumps are created in the working directory of the JVM +-XX:+HeapDumpOnOutOfMemoryError + +# specify an alternative path for heap dumps; ensure the directory exists and +# has sufficient space +-XX:HeapDumpPath=/var/lib/elasticsearch + +# specify an alternative path for JVM fatal error logs +-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log + +## JDK 8 GC logging +8:-XX:+PrintGCDetails +8:-XX:+PrintGCDateStamps +8:-XX:+PrintTenuringDistribution +8:-XX:+PrintGCApplicationStoppedTime +8:-Xloggc:/var/log/elasticsearch/gc.log +8:-XX:+UseGCLogFileRotation +8:-XX:NumberOfGCLogFiles=32 +8:-XX:GCLogFileSize=64m + +# JDK 9+ GC logging +9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/templates/default/nginx.erb b/cookbooks/opendistro/templates/nginx.erb similarity index 100% rename from cookbooks/wazuh_elastic/templates/default/nginx.erb rename to cookbooks/opendistro/templates/nginx.erb diff --git a/cookbooks/wazuh_elastic/templates/default/od_kibana.yml.erb b/cookbooks/opendistro/templates/od_kibana.yml.erb similarity index 87% rename from cookbooks/wazuh_elastic/templates/default/od_kibana.yml.erb rename to cookbooks/opendistro/templates/od_kibana.yml.erb index c9345c84..b19af327 100644 --- a/cookbooks/wazuh_elastic/templates/default/od_kibana.yml.erb +++ b/cookbooks/opendistro/templates/od_kibana.yml.erb @@ -1,6 +1,6 @@ -<%= @kibana_server_host %> +server.host: <%= @kibana_server_host %> <%= @kibana_elasticsearch_server_hosts %> -<%= @kibana_server_port %> +server.port: <%= @kibana_server_port %> elasticsearch.ssl.verificationMode: certificate elasticsearch.username: kibanaserver elasticsearch.password: kibanaserver diff --git a/cookbooks/opendistro/templates/search-guard.yml.erb b/cookbooks/opendistro/templates/search-guard.yml.erb new file mode 100644 index 00000000..88864f89 --- /dev/null +++ b/cookbooks/opendistro/templates/search-guard.yml.erb @@ -0,0 +1,40 @@ +# ======================== Searcguard Configuration ========================= +# +# Please consult the documentation for further information on configuration options: +# https://documentation.wazuh.com/4.0/user-manual/certificates.html#user-manual-certificates +# + +# Self-signed certificate authority +ca: + root: + dn: CN=elasticsearch,OU=Docu,O=Wazuh,L=California,C=US + keysize: 2048 + validityDays: 3650 + pkPassword: none + file: root-ca.pem + +# Default values and global settings +defaults: + validityDays: 3650 + pkPassword: none + generatedPasswordLength: 12 + httpsEnabled: true + +# Nodes certificates +nodes: + - name: elasticsearch + dn: CN=node-1,OU=Docu,O=Wazuh,L=California,C=US + ip: + - <%= @elastic_node_ip %> + - name: kibana + dn: CN=kibana,OU=Docu,O=Wazuh,L=California,C=US + ip: + - <%= @kibana_node_ip %> + +# Clients certificates +clients: + - name: admin + dn: CN=admin,OU=Docu,O=Wazuh,L=California,C=US + admin: true + - name: filebeat + dn: CN=filebeat,OU=Docu,O=Wazuh,L=California,C=US \ No newline at end of file diff --git a/cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json b/cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json new file mode 100644 index 00000000..e9a89e98 --- /dev/null +++ b/cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json @@ -0,0 +1,15 @@ +{ + "id": "api", + "htpasswd_user": { + "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", + "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "htpasswd_passcode": { + "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", + "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/wazuh_server/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/opendistro/test/data_bags/wazuh_secrets/logstash_certificate.json similarity index 100% rename from cookbooks/wazuh_server/test/data_bags/wazuh_secrets/logstash_certificate.json rename to cookbooks/opendistro/test/data_bags/wazuh_secrets/logstash_certificate.json diff --git a/cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json b/cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json new file mode 100644 index 00000000..da76d715 --- /dev/null +++ b/cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json @@ -0,0 +1,15 @@ +{ + "id": "nginx_certificate", + "nginx_crt": { + "encrypted_data": "wG/uZ0a9aKXrGoRzR/57dBU1fMevFjSsMmJ0FNWS35DsNuFMiM+cT1pkzKV0\n6oaGpHGlkMeJ1EeV69rO6tTCwmtBGml+16j+yzJpaOzSA4wmiXdqpWx/dtkN\n8yZVdn9GYRx+Dfb2+l//u/r4jdIOw3tYXk29+nW9ltTB1qO+se9ki8lAV7xs\nKzOBjXwdJYlMt3OabBc0LdjfGvJ7dcoUwMJOqw7nI50SfPbpowBLK9tQN8ia\nJmd6glMBdbNFF+vlvjAFbFIDtEbZL66rTqiDyyA9mlwRfIKr3WSMS6cXGdzz\nSpup34zyt0HWQZShGav8azVrcS9h9lo5xJVzz/eCRSnuxEY8cAY9bE5Pu+3Y\nuB5XvrMKgOfiDHy9t0Ksa4iPEgR5Iy/yx79Jb/zQvYSKj6++9Mx5cCLv6EAT\nYO/se7VyfDSl0/n57Ml94mRmPyLJBajn3Xx4MAgaKpEGeJhcvSPo1jOGZNi8\nBHvtz23ZZdcEg0zXBgtAC4QV3EpUnYkPboq32+hygwoMiqalEZBGcjtJvRm7\nGgw2iCYbnWuobUDt9bM+s0lbpVNc+yJYbM6Ou5AI4i/lC1z/iamQQaDZ5NYU\naNlof3ut/NBhylVX+gaXM4T783z4U6qa0wkYQvx/+UasbNVl8faXCT2GAknd\nhG/mlcm6qrTeDKWrQGZBpahL6j8spyqngFjK2Fyvp6rG6qvSLfh/STwgZi3f\n2s/vWL/iigFZO/04POt2mXVbyK3T63wF06GbSauYStzVBu31HW+3MzIisWJl\nqLLhHjz3cXs9IFItZuDca44GR7mVYESidmE9mz5fOhm6x5Zm6/nIqNZBE157\nn5S+LS0vcLkinsWg3WQAjGotESDI0rjOIra3oWag+COhQAZWAKINUOA0eE39\n+EFO0d2ZHJ7IfPJ8af5NyK67AD475QaNQbLKs6w28muZIEKtznONAKciXNaw\nGvX/zDNdAcnzLeOpYOwO1/v28E2kpLZrQut4vblQwcvzgNXOEJ97Den2Ni5U\nCTSyFL58IyrODTSZ85qQUhSBwikegHwczbA0zNTkmh+Xor0=\n", + "iv": "L76cl+YNuGvttdWHCUl4Xg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "nginx_key": { + "encrypted_data": "V7ap5IieGtIpxj59N1g1XInadF5feKdqYc48Vs4X5fybyQoo7AyhtUNggs52\nyDQj8X4RD9F+mI5+86pEH1IXY1bduo7nxW6vORrFcB0YGYqAXG+6MZPbF/93\nQi8CHNaC4qArvvgO/pdbHrZd/YofF2hNfWGBIsSE1gyFbkYX1UhNqhl9gd60\nDUwVlbSokzTyXCe2ODiE33Pa2gD4/tHxyaVyJ7R2JRWWlI1j7gN66D+C0PYD\nv7Et841hOWzoFMfboGJgmBvYVp/Ii9+eL+wWOSwsbH+1clF0BLCjD+msTbkJ\ngOAfrJH7qjaOxHPJRyFmXIoQXhzFgXRaNX/YwDKK7/I3NxXrjwdBjaWbj0qz\njLJRicLFVxmz4fbD2lSjIIhM692hLQI6hhRJUBfmiUvKmx+quXQvaclXx6v8\n41Q49QRhS1il96ICle55oBVhBtDuMAznL55hxgZfjw9mtLCvYup7MCk0IB+T\nM4jscbcdWnk2iSMTSP0tAETlqByPoRk8YtUEY0FrGycwLJ1OF9cnxCMLKetg\nHD08H3QSrypPHNhaE1IPyIYWb/CqQ/qzO5bWiZ21FcQ6E4ttALc81pqKo/f+\n5fysWtO4sfo+pigXdAQG40WOKSUEkcdH+uSfJXN8SNSnsGeWvErOaXrRt4z1\nVFoCyo+DyrAq20md8DVbXbTjxOQliDbpYK0e+Y8Qy+SsluG+fzeiN3eV0UDs\nRf7zUKpuoBuimwNcrqOKD+nvIhdJnmxyUAE0IdxnvfshJw6Nm/v7VWGojaZ9\n1guIMT2/qcwSPS++pGeXYP/T87xzXhYIYd/kHp9AX8g9drhIQdeB0z0Ud1lW\nYA/v5CNwY+nLvDwJhQ6OiZHfHjPMffRLB1ZzPPP9Oq/gUvvIGDv8+rE329J2\n7zmbS7QcrwPwpjykYhy4El1kvwolVjMztPNYpPGER/wTuKkJfQ9ogWi4ZAMM\nq9AAxd4sU20+WF9gpZvLxfV+XzMgfVu07s84i6MlSsFRTvat0SFK+e60SiT1\n5fDyFcu4dYC7bnByDslIKXvOGT1uSYcd9EtynYcNhhuu66YTkg4r8oluLbTI\nGFaUBmUQevp+CDZNe/Ot8hM2OuFnu9TpF7j0ryMptQyE31Ar2x7TGfoV5me9\nV8eNxtWM2mmoND82v7OenKFj5FmUFjsX7lsm2b3UkMKltrny3854nPkFZ6Pa\na1OLWIl1/4PzJwfppF50Zjd12HE0tegwSnb1ZQ==\n", + "iv": "T8XnyjJh5tKQE5ojlUoCsQ==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key new file mode 100644 index 00000000..add836f6 --- /dev/null +++ b/cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key @@ -0,0 +1 @@ +gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/opendistro/test/environments/development.json b/cookbooks/opendistro/test/environments/development.json new file mode 100644 index 00000000..d798d06c --- /dev/null +++ b/cookbooks/opendistro/test/environments/development.json @@ -0,0 +1,17 @@ +{ + "name": "development", + "description": "The development environment", + "cookbook_versions": { + }, + "json_class": "Chef::Environment", + "chef_type": "environment", + "default_attributes": { + + }, + "override_attributes": { + "wazuh-elk": { + "elasticsearch_node_name": "elk.wazuh-development.com", + "elasticsearch_cluster_name": "ossec-development" + } + } +} diff --git a/cookbooks/opendistro/test/environments/production.json b/cookbooks/opendistro/test/environments/production.json new file mode 100644 index 00000000..4567abcf --- /dev/null +++ b/cookbooks/opendistro/test/environments/production.json @@ -0,0 +1,17 @@ +{ + "name": "production", + "description": "The development environment", + "cookbook_versions": { + }, + "json_class": "Chef::Environment", + "chef_type": "environment", + "default_attributes": { + + }, + "override_attributes": { + "wazuh-elk": { + "elasticsearch_node_name": "elk.wazuh-production.com", + "elasticsearch_cluster_name": "ossec-production" + } + } +} diff --git a/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json b/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json new file mode 100644 index 00000000..e9a89e98 --- /dev/null +++ b/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json @@ -0,0 +1,15 @@ +{ + "id": "api", + "htpasswd_user": { + "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", + "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "htpasswd_passcode": { + "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", + "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json new file mode 100644 index 00000000..649a6e00 --- /dev/null +++ b/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json @@ -0,0 +1,9 @@ +{ + "id": "logstash_certificate", + "logstash_certificate": { + "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", + "iv": "9XRPuHdUeXlrs0GccbDJew==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret b/cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret new file mode 100644 index 00000000..add836f6 --- /dev/null +++ b/cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret @@ -0,0 +1 @@ +gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb b/cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb new file mode 100644 index 00000000..fbeed388 --- /dev/null +++ b/cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb @@ -0,0 +1,9 @@ +require 'spec_helper' + +describe 'wazuh_elastic::default' do + # Serverspec examples can be found at + # http://serverspec.org/resource_types.html + it 'does something' do + skip 'Replace this with meaningful tests' + end +end diff --git a/cookbooks/wazuh_server/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/opendistro/test/integration/helpers/serverspec/spec_helper.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/helpers/serverspec/spec_helper.rb rename to cookbooks/opendistro/test/integration/helpers/serverspec/spec_helper.rb diff --git a/cookbooks/wazuh_elastic/.kitchen.yml b/cookbooks/wazuh_elastic/.kitchen.yml deleted file mode 100644 index ab1108ef..00000000 --- a/cookbooks/wazuh_elastic/.kitchen.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: vagrant - driver_config: - require_chef_omnibus: latest - -provisioner: - name: chef_zero - environments_path: "../../environments" - data_bags_path: "../../data_bags" - encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret" - - -platforms: - - name: ubuntu-12.04 - run_list: apt::default - - name: ubuntu-14.04 - run_list: apt::default - -suites: - - name: default - driver: - network: - - ["private_network", {ip: "172.16.10.10"}] - run_list: - - recipe[wazuh_elastic::default] - attributes: diff --git a/cookbooks/wazuh_elastic/attributes/default.rb b/cookbooks/wazuh_elastic/attributes/default.rb deleted file mode 100644 index a01008e8..00000000 --- a/cookbooks/wazuh_elastic/attributes/default.rb +++ /dev/null @@ -1,17 +0,0 @@ -=begin -This attributes define which environment to use: - - Opendistroforelasticsearch - - Elastic Stack -Neither of both variables can be assigned to the same value. One has to be set to "true" and the -other one to "false". -Both are checked inside recipes/default.rb recipe -=end -default['wazuh-elastic']['elasticsearch'] = false -default['wazuh-elastic']['odfe'] = true - -# Setup in role -default['wazuh-elastic']['ip'] = "0.0.0.0" -default['wazuh-kibana']['ip'] = "0.0.0.0" - -default['wazuh-elastic']['config_path'] = "/etc/elasticsearch" -default['wazuh-elastic']['plugins_path'] = "/usr/share/elasticsearch/plugins" \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/attributes/elasticsearch.rb b/cookbooks/wazuh_elastic/attributes/elasticsearch.rb deleted file mode 100644 index ba464c1f..00000000 --- a/cookbooks/wazuh_elastic/attributes/elasticsearch.rb +++ /dev/null @@ -1,23 +0,0 @@ -# jvm.options configuration - -default['wazuh-elastic']['elasticsearch_memmory'] = "1g" - -# Cluster configuration - -default['wazuh-elastic']['elasticsearch_cluster_name'] = 'es-wazuh' -default['wazuh-elastic']['elasticsearch_node_name'] = 'es-node-01' -default['wazuh-elastic']['elasticsearch_node_master'] = 'true' -default['wazuh-elastic']['elasticsearch_node_data'] = 'true' -default['wazuh-elastic']['elasticsearch_node_ingest'] = 'true' -default['wazuh-elastic']['elasticsearch_node_max_local_storage_nodes'] = '1' -default['wazuh-elasticsearch']['elasticsearch_cluster_remote_connect'] = "true" - -# General configuration - -default['wazuh-elastic']['elasticsearch_path_data'] = "/var/lib/elasticsearch" -default['wazuh-elastic']['elasticsearch_path_logs'] = "/var/log/elasticsearch" -default['wazuh-elastic']['elasticsearch_port'] = 9200 -default['wazuh-elastic']['elasticsearch_ip'] = '0.0.0.0' -default['wazuh-elastic']['elasticsearch_discovery_option'] = 'discovery.type: single-node' -default['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes'] = "['es-node-01']" - diff --git a/cookbooks/wazuh_elastic/attributes/kibana.rb b/cookbooks/wazuh_elastic/attributes/kibana.rb deleted file mode 100644 index d44d8504..00000000 --- a/cookbooks/wazuh_elastic/attributes/kibana.rb +++ /dev/null @@ -1,4 +0,0 @@ -default['wazuh-elastic']['kibana_server_host'] = '0.0.0.0' -default['wazuh-elastic']['kibana_server_port'] = 5601 -default['wazuh-elastic']['kibana_elasticsearch_server_hosts'] = "https://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}" -default['wazuh-elastic']['kibana_wazuh_api_credentials'] = [ { id: "default", url: "https://localhost", port: "55000", username: "wazuh", password: "wazuh" } ] diff --git a/cookbooks/wazuh_elastic/attributes/nginx.rb b/cookbooks/wazuh_elastic/attributes/nginx.rb deleted file mode 100644 index cee9b563..00000000 --- a/cookbooks/wazuh_elastic/attributes/nginx.rb +++ /dev/null @@ -1,2 +0,0 @@ -default['mginx']['user'] = 'user1' -default['mginx']['password'] = 'nginx1' \ No newline at end of file diff --git a/cookbooks/wazuh_elastic/attributes/odfe.rb b/cookbooks/wazuh_elastic/attributes/odfe.rb deleted file mode 100644 index efdd0cc7..00000000 --- a/cookbooks/wazuh_elastic/attributes/odfe.rb +++ /dev/null @@ -1,60 +0,0 @@ -# elasticsearch.yml configuration file -default['odfe']['yml'] = { - 'network' => { - 'host' => node['wazuh-elastic']['ip'] - }, - 'node' => { - 'name' => "node-1", - 'max_local_storage_nodes' => 3 - }, - 'cluster' => { - 'initial_master_nodes' => "node-1", - 'routing' => { - 'allocation' => { - 'disk' => { - 'threshold_enabled' => false - } - } - } - }, - 'path' => { - 'data' => "/var/lib/elasticsearch", - 'logs' => "/var/log/elasticsearch" - }, - 'opendistro_security' => { - 'ssl' => { - 'transport' => { - 'pemcert_filepath' => "/etc/elasticsearch/certs/elasticsearch.pem", - 'pemkey_filepath' => "/etc/elasticsearch/certs/elasticsearch.key", - 'pemtrustedcas_filepath' => "/etc/elasticsearch/certs/root-ca.pem", - 'enforce_hostname_verification' => false, - 'resolve_hostname' => false - }, - 'http' => { - 'enabled' => true, - 'pemcert_filepath' => "/etc/elasticsearch/certs/elasticsearch_http.pem", - 'pemkey_filepath' => "/etc/elasticsearch/certs/elasticsearch_http.key", - 'pemtrustedcas_filepath' => "/etc/elasticsearch/certs/root-ca.pem" - } - }, - 'nodes_dn' => [ - "CN=node-1,OU=Docu,O=Wazuh,L=California,C=US" - ], - 'authcz' => { - 'admin_dn' => [ - "CN=admin,OU=Docu,O=Wazuh,L=California,C=US" - ] - }, - 'audit' => { - 'type' => "internal_elasticsearch" - }, - 'enable_snapshot_restore_privilege' => true, - 'check_snapshot_restore_write_privileges' => true, - 'restapi' => { - 'roles_enabled' => [ - "all_access", - "security_rest_api_access" - ] - } - } -} diff --git a/cookbooks/wazuh_elastic/attributes/versions.rb b/cookbooks/wazuh_elastic/attributes/versions.rb deleted file mode 100644 index e1a8f97c..00000000 --- a/cookbooks/wazuh_elastic/attributes/versions.rb +++ /dev/null @@ -1,8 +0,0 @@ -default['wazuh-elastic']['elastic_stack_version'] = "7.9.1" -default['wazuh-elastic']['odfe_version'] = "1.11.0" -default['wazuh-elastic']['wazuh_app_version'] = "4.0.1_7.9.1" -default['wazuh-elastic']['extensions_version'] = "v4.0.1" -default['wazuh']['major']['version'] = "4.x" -default['wazuh']['version'] = "4.0" -default['elastic']['major']['version'] = "7.x" -default['search_guard']['version'] = "1.8" diff --git a/cookbooks/wazuh_elastic/recipes/default.rb b/cookbooks/wazuh_elastic/recipes/default.rb deleted file mode 100644 index b48940b1..00000000 --- a/cookbooks/wazuh_elastic/recipes/default.rb +++ /dev/null @@ -1,16 +0,0 @@ -# -*- encoding: utf-8 -*- -# -# Cookbook Name:: Elastic -# Recipe:: default -# - -############################################# -include_recipe 'chef-sugar::default' -include_recipe 'wazuh_elastic::prerequisites' -if node['wazuh-elastic']['elasticsearch'] - include_recipe 'wazuh_elastic::repository' - include_recipe 'wazuh_elastic::elasticsearch' -elsif node['wazuh-elastic']['odfe'] - include_recipe 'wazuh_elastic::repository' - include_recipe 'wazuh_elastic::odfe' -#include_recipe 'wazuh_elastic::kibana' diff --git a/cookbooks/wazuh_elastic/recipes/elasticsearch.rb b/cookbooks/wazuh_elastic/recipes/elasticsearch.rb deleted file mode 100644 index 9009fff3..00000000 --- a/cookbooks/wazuh_elastic/recipes/elasticsearch.rb +++ /dev/null @@ -1,167 +0,0 @@ -# -*- encoding: utf-8 -*- -# -# Cookbook Name:: wazuh-elastic -# Recipe:: elasticsearch_install -# -###################################################### - -# Install opendistroforelasticsearch - -if platform_family?('debian', 'ubuntu') - apt_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - apt_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end -elsif platform_family?('rhel', 'redhat', 'centos') - if node['platform_version'] >= '8' - dnf_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - dnf_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end - else - yum_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - yum_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end -elsif platform_family?('suse') - zypper_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - zypper_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end -else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" -end - -# Set up opendistro for elasticsearch configuration file - -template '/etc/elasticsearch/elasticsearch.yml' do - source 'od_elasticsearch.yml.erb' - owner 'root' - group 'elasticsearch' - mode '0660' - variables (content: - network_host: "network.host: #{node['wazuh-elastic']['elasticsearch_ip']}", - node_name: "node.name: #{node['wazuh-elastic']['elasticsearch_node_name']}", - cluster_initial_master_nodes: "cluster.initial_master_nodes: #{node['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']}", - path_data: "path.data: #{node['wazuh-elastic']['elasticsearch_path_data']}", - path_logs: "path.logs: #{node['wazuh-elastic']['elasticsearch_path_logs']}", - }) -end - -remote_file '/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml' do - source 'https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/elasticsearch/roles/roles.yml' -end - -remote_file '/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml' do - source 'https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/elasticsearch/roles/roles_mapping.yml' -end - -remote_file '/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml' do - source 'https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/elasticsearch/roles/internal_users.yml' -end - -# Certificates creation and deployment - -execute 'Remove the demo certificates' do - command 'rm /etc/elasticsearch/esnode-key.pem /etc/elasticsearch/esnode.pem /etc/elasticsearch/kirk-key.pem /etc/elasticsearch/kirk.pem /etc/elasticsearch/root-ca.pem -f' -end - -directory '/etc/elasticsearch/certs' do - action :create -end - -remote_file '/tmp/search-guard-tlstool-1.8.zip' do - source 'https://maven.search-guard.com/search-guard-tlstool/1.8/search-guard-tlstool-1.8.zip' -end - -archive_file 'search-guard-tlstool-1.8.zip' do - path '/tmp/search-guard-tlstool-1.8.zip' - destination '/tmp/searchguard' -end - -# --------------Wazuh single-node cluster-------------- - -template '/tmp/searchguard/search-guard.yml' do - source 'search-guard.yml.erb' - owner 'root' - group 'elasticsearch' - mode '0660' - variables ({ - elasticsearch_ip: "#{node['wazuh-elastic']['elasticsearch_ip']}", - kibana_ip: "#{node['wazuh-elastic']['kibana_server_host']}" - }) -end - -# --------------Wazuh multi-node cluster-------------- -# ToDO -# ---------------------------------------------------- - -execute 'Run the Search Guard’s script to create the certificates' do - command "/tmp/searchguard/tools/sgtlstool.sh -c /tmp/searchguard/search-guard.yml -ca -crt -t /etc/elasticsearch/certs/" -end - -bash 'Compress all the necessary files to be sent to the all the instances' do - code <<-EOF - cd /etc/elasticsearch/certs - tar -cf certs.tar * - EOF -end - -execute 'Remove unnecessary files' do - command "rm /etc/elasticsearch/certs/client-certificates.readme /etc/elasticsearch/certs/elasticsearch_elasticsearch_config_snippet.yml /tmp/search-guard-tlstool-1.7.zip -f" -end - -# Configure Filebeat certificates - -bash 'Configure Filebeat certificates' do - code <<-EOH - mkdir /etc/filebeat/certs - cp /etc/elasticsearch/certs/certs.tar /etc/filebeat/certs/ - cd /etc/filebeat/certs/ - tar --extract --file=certs.tar filebeat.pem filebeat.key root-ca.pem - rm certs.tar - EOH -end - -# Run filebeat service - -service "filebeat" do - supports :status => true, :restart => true, :reload => true - action [:start, :enable] -end - -# Run elasticsearch service - -service "elasticsearch" do - supports :start => true, :stop => true, :restart => true, :reload => true - action [:enable, :start] -end - -ruby_block 'wait for elasticsearch' do - block do - loop { break if (TCPSocket.open("#{node['wazuh-elastic']['elasticsearch_ip']}",node['wazuh-elastic']['elasticsearch_port']) rescue nil); puts "Waiting for elasticsearch to start"; sleep 5 } - end -end - -bash 'Verify Elasticsearch folders owner' do - code <<-EOF - chown elasticsearch:elasticsearch -R /etc/elasticsearch - chown elasticsearch:elasticsearch -R /usr/share/elasticsearch - chown elasticsearch:elasticsearch -R /var/lib/elasticsearch - EOF - notifies :restart, "service[elasticsearch]", :delayed -end - -execute 'Run the Elasticsearch’s securityadmin script' do - command "/usr/share/elasticsearch/plugins/opendistro_security/tools/securityadmin.sh -cd /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/ -nhnv -cacert /etc/elasticsearch/certs/root-ca.pem -cert /etc/elasticsearch/certs/admin.pem -key /etc/elasticsearch/certs/admin.key -h #{node['wazuh-elastic']['elasticsearch_ip']}" -end - - diff --git a/cookbooks/wazuh_elastic/recipes/odfe.rb b/cookbooks/wazuh_elastic/recipes/odfe.rb deleted file mode 100644 index bd662123..00000000 --- a/cookbooks/wazuh_elastic/recipes/odfe.rb +++ /dev/null @@ -1,155 +0,0 @@ -# -*- encoding: utf-8 -*- -# -# Cookbook Name:: wazuh-elastic -# Recipe:: elasticsearch_install -# -###################################################### - -# Install opendistroforelasticsearch - -if platform_family?('debian', 'ubuntu') - apt_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - apt_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end -elsif platform_family?('rhel', 'redhat', 'centos') - if node['platform_version'] >= '8' - dnf_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - dnf_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end - else - yum_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - yum_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end -elsif platform_family?('suse') - zypper_package 'elasticsearch-oss' do - version "#{node['wazuh-elastic']['elastic_stack_version']}-1" - end - zypper_package 'opendistroforelasticsearch' do - version "#{node['wazuh-elastic']['odfe_version']}-1" - end -else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" -end - -# Set up opendistro for elasticsearch configuration file -template "#{node['wazuh-elastic']['config_path']}/elasticsearch.yml" do - source 'od_elasticsearch.yml.erb' - owner 'root' - group 'elasticsearch' - mode '0660' - variables (content: Psych.dump(node['odfe']['yml'])) -end - -remote_file "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/roles.yml" do - source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['version']}/resources/open-distro/elasticsearch/roles/roles.yml" -end - -remote_file "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/roles_mapping.yml" do - source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['version']}/resources/open-distro/elasticsearch/roles/roles_mapping.yml" -end - -remote_file "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/internal_users.yml" do - source "https://raw.githubusercontent.com/wazuh/wazuh-documentation/#{node['wazuh']['version']}/resources/open-distro/elasticsearch/roles/internal_users.yml" -end - -# Certificates creation and deployment - -execute 'Remove the demo certificates' do - command "rm #{node['wazuh-elastic']['config_path']}/esnode-key.pem #{node['wazuh-elastic']['config_path']}/esnode.pem #{node['wazuh-elastic']['config_path']}/kirk-key.pem #{node['wazuh-elastic']['config_path']}/kirk.pem #{node['wazuh-elastic']['config_path']}/root-ca.pem -f" -end - -directory "#{node['wazuh-elastic']['config_path']}/certs" do - action :create -end - -directory "#{node['search_guard']['config_path']}" do - action :create -end - -remote_file "/tmp/#{node['search_guard']['tls_tool']}" do - source "https://maven.search-guard.com/search-guard-tlstool/#{node['search_guard']['version']}/#{node['odfe']['search_guard_tls_tool']}" -end - -archive_file "#{node['search_guard']['tls_tool']}" do - path "/tmp/#{node['odfe']['search_guard_tls_tool']}" - destination "#{node['search_guard']['config_path']}" -end - -template "#{node['search_guard']['config_path']}/search-guard.yml" do - source 'search-guard.yml.erb' - owner 'root' - group 'elasticsearch' - mode '0660' - variables (content: Psych.dump(node['search_guard']['yml'])) -end - -execute 'Run the Search Guard’s script to create the certificates' do - command "#{node['search_guard']['config_path']}/tools/sgtlstool.sh -c #{node['search_guard']['config_path']}/search-guard.yml -ca -crt -t #{node['wazuh-elastic']['config_path']}/certs/" -end - -bash 'Compress all the necessary files to be sent to the all the instances' do - code <<-EOF - cd #{node['wazuh-elastic']['config_path']}/certs - tar -cf certs.tar * - EOF -end - -execute 'Remove unnecessary files' do - command "rm #{node['wazuh-elastic']['config_path']}/certs/client-certificates.readme #{node['wazuh-elastic']['config_path']}/certs/elasticsearch_elasticsearch_config_snippet.yml /tmp/#{node['search_guard']['tls_tool']} -f" -end - -# Configure Filebeat certificates - -bash 'Configure Filebeat certificates' do - code <<-EOH - mkdir /etc/filebeat/certs - cp #{node['wazuh-elastic']['config_path']}/certs/certs.tar /etc/filebeat/certs/ - cd /etc/filebeat/certs/ - tar --extract --file=certs.tar filebeat.pem filebeat.key root-ca.pem - rm certs.tar - EOH -end - -# Run filebeat service - -service "filebeat" do - supports :status => true, :restart => true, :reload => true - action [:start, :enable] -end - -# Run elasticsearch service - -service "elasticsearch" do - supports :start => true, :stop => true, :restart => true, :reload => true - action [:enable, :start] -end - -ruby_block 'wait for elasticsearch' do - block do - loop { break if (TCPSocket.open("#{node['wazuh-elastic']['elasticsearch_ip']}",node['wazuh-elastic']['elasticsearch_port']) rescue nil); puts "Waiting for elasticsearch to start"; sleep 5 } - end -end - -bash 'Verify Elasticsearch folders owner' do - code <<-EOF - chown elasticsearch:elasticsearch -R #{node['wazuh-elastic']['config_path']} - chown elasticsearch:elasticsearch -R /usr/share/elasticsearch - chown elasticsearch:elasticsearch -R /var/lib/elasticsearch - EOF - notifies :restart, "service[elasticsearch]", :delayed -end - -execute 'Run the Elasticsearch’s securityadmin script' do - command "#{node['wazuh-elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['wazuh-elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['wazuh-elastic']['config_path']}/certs/root-ca.pem -cert #{node['wazuh-elastic']['config_path']}/certs/admin.pem -key #{node['wazuh-elastic']['config_path']}/certs/admin.key -h #{node['wazuh-elastic']['elasticsearch_ip']}" -end - - diff --git a/cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb b/cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb deleted file mode 100644 index 0677d6b5..00000000 --- a/cookbooks/wazuh_elastic/templates/default/od_elasticsearch.yml.erb +++ /dev/null @@ -1,7 +0,0 @@ -# ======================== Elasticsearch Configuration ========================= -# -# Please consult the documentation for further information on configuration options: -# https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-configuration -# - -<%= @content %> diff --git a/cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb b/cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb deleted file mode 100644 index eb342d80..00000000 --- a/cookbooks/wazuh_elastic/templates/default/search-guard.yml.erb +++ /dev/null @@ -1,8 +0,0 @@ -# ======================== Searcguard Configuration ========================= -# -# Please consult the documentation for further information on configuration options: -# https://documentation.wazuh.com/4.0/user-manual/certificates.html#user-manual-certificates -# - -# Self-signed certificate authority -<%= @content %> \ No newline at end of file diff --git a/cookbooks/wazuh_server/.gitignore b/cookbooks/wazuh_manager/.gitignore similarity index 100% rename from cookbooks/wazuh_server/.gitignore rename to cookbooks/wazuh_manager/.gitignore diff --git a/cookbooks/wazuh_server/.kitchen.yml b/cookbooks/wazuh_manager/.kitchen.yml similarity index 100% rename from cookbooks/wazuh_server/.kitchen.yml rename to cookbooks/wazuh_manager/.kitchen.yml diff --git a/cookbooks/wazuh_server/.rspec b/cookbooks/wazuh_manager/.rspec similarity index 100% rename from cookbooks/wazuh_server/.rspec rename to cookbooks/wazuh_manager/.rspec diff --git a/cookbooks/wazuh_server/.rubocop.yml b/cookbooks/wazuh_manager/.rubocop.yml similarity index 100% rename from cookbooks/wazuh_server/.rubocop.yml rename to cookbooks/wazuh_manager/.rubocop.yml diff --git a/cookbooks/wazuh_server/Berksfile b/cookbooks/wazuh_manager/Berksfile similarity index 100% rename from cookbooks/wazuh_server/Berksfile rename to cookbooks/wazuh_manager/Berksfile diff --git a/cookbooks/wazuh_server/CHANGELOG.md b/cookbooks/wazuh_manager/CHANGELOG.md similarity index 100% rename from cookbooks/wazuh_server/CHANGELOG.md rename to cookbooks/wazuh_manager/CHANGELOG.md diff --git a/cookbooks/wazuh_server/CONTRIBUTING.md b/cookbooks/wazuh_manager/CONTRIBUTING.md similarity index 100% rename from cookbooks/wazuh_server/CONTRIBUTING.md rename to cookbooks/wazuh_manager/CONTRIBUTING.md diff --git a/cookbooks/wazuh_server/Gemfile b/cookbooks/wazuh_manager/Gemfile similarity index 100% rename from cookbooks/wazuh_server/Gemfile rename to cookbooks/wazuh_manager/Gemfile diff --git a/cookbooks/wazuh_manager/LICENSE b/cookbooks/wazuh_manager/LICENSE new file mode 100644 index 00000000..11069edd --- /dev/null +++ b/cookbooks/wazuh_manager/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/cookbooks/wazuh_server/README.md b/cookbooks/wazuh_manager/README.md similarity index 100% rename from cookbooks/wazuh_server/README.md rename to cookbooks/wazuh_manager/README.md diff --git a/cookbooks/wazuh_server/Rakefile b/cookbooks/wazuh_manager/Rakefile similarity index 100% rename from cookbooks/wazuh_server/Rakefile rename to cookbooks/wazuh_manager/Rakefile diff --git a/cookbooks/wazuh_server/TESTING.md b/cookbooks/wazuh_manager/TESTING.md similarity index 100% rename from cookbooks/wazuh_server/TESTING.md rename to cookbooks/wazuh_manager/TESTING.md diff --git a/cookbooks/wazuh_server/attributes/agent_conf.rb b/cookbooks/wazuh_manager/attributes/agent_conf.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/agent_conf.rb rename to cookbooks/wazuh_manager/attributes/agent_conf.rb diff --git a/cookbooks/wazuh_server/attributes/alerts.rb b/cookbooks/wazuh_manager/attributes/alerts.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/alerts.rb rename to cookbooks/wazuh_manager/attributes/alerts.rb diff --git a/cookbooks/wazuh_server/attributes/api.rb b/cookbooks/wazuh_manager/attributes/api.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/api.rb rename to cookbooks/wazuh_manager/attributes/api.rb diff --git a/cookbooks/wazuh_server/attributes/auth.rb b/cookbooks/wazuh_manager/attributes/auth.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/auth.rb rename to cookbooks/wazuh_manager/attributes/auth.rb diff --git a/cookbooks/wazuh_server/attributes/cluster.rb b/cookbooks/wazuh_manager/attributes/cluster.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/cluster.rb rename to cookbooks/wazuh_manager/attributes/cluster.rb diff --git a/cookbooks/wazuh_server/attributes/command.rb b/cookbooks/wazuh_manager/attributes/command.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/command.rb rename to cookbooks/wazuh_manager/attributes/command.rb diff --git a/cookbooks/wazuh_server/attributes/default.rb b/cookbooks/wazuh_manager/attributes/default.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/default.rb rename to cookbooks/wazuh_manager/attributes/default.rb diff --git a/cookbooks/wazuh_server/attributes/filebeat.rb b/cookbooks/wazuh_manager/attributes/filebeat.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/filebeat.rb rename to cookbooks/wazuh_manager/attributes/filebeat.rb diff --git a/cookbooks/wazuh_server/attributes/global.rb b/cookbooks/wazuh_manager/attributes/global.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/global.rb rename to cookbooks/wazuh_manager/attributes/global.rb diff --git a/cookbooks/wazuh_server/attributes/localfile.rb b/cookbooks/wazuh_manager/attributes/localfile.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/localfile.rb rename to cookbooks/wazuh_manager/attributes/localfile.rb diff --git a/cookbooks/wazuh_server/attributes/logging.rb b/cookbooks/wazuh_manager/attributes/logging.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/logging.rb rename to cookbooks/wazuh_manager/attributes/logging.rb diff --git a/cookbooks/wazuh_server/attributes/remote.rb b/cookbooks/wazuh_manager/attributes/remote.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/remote.rb rename to cookbooks/wazuh_manager/attributes/remote.rb diff --git a/cookbooks/wazuh_server/attributes/rootcheck.rb b/cookbooks/wazuh_manager/attributes/rootcheck.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/rootcheck.rb rename to cookbooks/wazuh_manager/attributes/rootcheck.rb diff --git a/cookbooks/wazuh_server/attributes/ruleset.rb b/cookbooks/wazuh_manager/attributes/ruleset.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/ruleset.rb rename to cookbooks/wazuh_manager/attributes/ruleset.rb diff --git a/cookbooks/wazuh_server/attributes/sca.rb b/cookbooks/wazuh_manager/attributes/sca.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/sca.rb rename to cookbooks/wazuh_manager/attributes/sca.rb diff --git a/cookbooks/wazuh_server/attributes/syscheck.rb b/cookbooks/wazuh_manager/attributes/syscheck.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/syscheck.rb rename to cookbooks/wazuh_manager/attributes/syscheck.rb diff --git a/cookbooks/wazuh_server/attributes/versions.rb b/cookbooks/wazuh_manager/attributes/versions.rb similarity index 77% rename from cookbooks/wazuh_server/attributes/versions.rb rename to cookbooks/wazuh_manager/attributes/versions.rb index 90fd3b54..d0906b5a 100644 --- a/cookbooks/wazuh_server/attributes/versions.rb +++ b/cookbooks/wazuh_manager/attributes/versions.rb @@ -1,4 +1,4 @@ -default['wazuh-manager']['version'] = "4.0.1" +default['wazuh-manager']['version'] = "4.0.2" default['packages.wazuh.com']['version'] = "4.x" default['wazuh']['version'] = "4.0" default['filebeat']['version'] = "7.9.1" diff --git a/cookbooks/wazuh_server/attributes/vulnerability-detector.rb b/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/vulnerability-detector.rb rename to cookbooks/wazuh_manager/attributes/vulnerability-detector.rb diff --git a/cookbooks/wazuh_server/attributes/wodle.rb b/cookbooks/wazuh_manager/attributes/wodle.rb similarity index 100% rename from cookbooks/wazuh_server/attributes/wodle.rb rename to cookbooks/wazuh_manager/attributes/wodle.rb diff --git a/cookbooks/wazuh_server/chefignore b/cookbooks/wazuh_manager/chefignore similarity index 100% rename from cookbooks/wazuh_server/chefignore rename to cookbooks/wazuh_manager/chefignore diff --git a/cookbooks/wazuh_server/libraries/helpers.rb b/cookbooks/wazuh_manager/libraries/helpers.rb similarity index 100% rename from cookbooks/wazuh_server/libraries/helpers.rb rename to cookbooks/wazuh_manager/libraries/helpers.rb diff --git a/cookbooks/wazuh_server/metadata.rb b/cookbooks/wazuh_manager/metadata.rb similarity index 100% rename from cookbooks/wazuh_server/metadata.rb rename to cookbooks/wazuh_manager/metadata.rb diff --git a/cookbooks/wazuh_server/recipes/common.rb b/cookbooks/wazuh_manager/recipes/common.rb similarity index 100% rename from cookbooks/wazuh_server/recipes/common.rb rename to cookbooks/wazuh_manager/recipes/common.rb diff --git a/cookbooks/wazuh_server/recipes/default.rb b/cookbooks/wazuh_manager/recipes/default.rb similarity index 100% rename from cookbooks/wazuh_server/recipes/default.rb rename to cookbooks/wazuh_manager/recipes/default.rb diff --git a/cookbooks/wazuh_server/recipes/filebeat.rb b/cookbooks/wazuh_manager/recipes/filebeat.rb similarity index 56% rename from cookbooks/wazuh_server/recipes/filebeat.rb rename to cookbooks/wazuh_manager/recipes/filebeat.rb index 835d00bf..4287557b 100644 --- a/cookbooks/wazuh_server/recipes/filebeat.rb +++ b/cookbooks/wazuh_manager/recipes/filebeat.rb @@ -47,34 +47,4 @@ raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end -# Edit the file /etc/filebeat/filebeat.yml -template "#{node['filebeat']['config_path']}/filebeat.yml" do - source 'filebeat.yml.erb' - owner 'root' - group 'root' - mode '0640' - variables( - hosts: node["filebeat"]["elastic_nodes"] - ) -end - -# Download the alerts template for Elasticsearch: - -remote_file "/etc/filebeat/#{node['filebeat']['wazuh_template']}" do - source "https://raw.githubusercontent.com/wazuh/wazuh/#{node['wazuh']['version']}/extensions/elasticsearch/#{node['elastic']['version']}/#{node['filebeat']['wazuh_template']}" - owner "root" - group "root" - mode "0644" -end - -# Download the Wazuh module for Filebeat: -remote_file "/usr/share/filebeat/module/#{node['filebeat']['wazuh_filebeat_module']}" do - source "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/filebeat/#{node['filebeat']['wazuh_filebeat_module']}" -end - -# Change module permission -directory '/usr/share/filebeat/module/wazuh' do - mode '0755' - recursive true -end diff --git a/cookbooks/wazuh_server/recipes/manager.rb b/cookbooks/wazuh_manager/recipes/manager.rb similarity index 100% rename from cookbooks/wazuh_server/recipes/manager.rb rename to cookbooks/wazuh_manager/recipes/manager.rb diff --git a/cookbooks/wazuh_server/recipes/prerequisites.rb b/cookbooks/wazuh_manager/recipes/prerequisites.rb similarity index 100% rename from cookbooks/wazuh_server/recipes/prerequisites.rb rename to cookbooks/wazuh_manager/recipes/prerequisites.rb diff --git a/cookbooks/wazuh_server/recipes/repository.rb b/cookbooks/wazuh_manager/recipes/repository.rb similarity index 100% rename from cookbooks/wazuh_server/recipes/repository.rb rename to cookbooks/wazuh_manager/recipes/repository.rb diff --git a/cookbooks/wazuh_manager/spec/spec_helper.rb b/cookbooks/wazuh_manager/spec/spec_helper.rb new file mode 100644 index 00000000..c86adfd5 --- /dev/null +++ b/cookbooks/wazuh_manager/spec/spec_helper.rb @@ -0,0 +1,20 @@ +require 'chefspec' +require 'chefspec/berkshelf' + +RSpec.configure do |config| + # Use color in STDOUT + config.color = true + + # Use color not only in STDOUT but also in pagers and files + config.tty = true + + # Use the specified formatter + config.formatter = :documentation # :progress, :html, :textmate + + config.log_level = :error + + config.platform = 'ubuntu' + config.version = '14.04' +end + +at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/wazuh_server/spec/unit/recipes/backups_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb similarity index 100% rename from cookbooks/wazuh_server/spec/unit/recipes/backups_spec.rb rename to cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb diff --git a/cookbooks/wazuh_server/spec/unit/recipes/common_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb similarity index 100% rename from cookbooks/wazuh_server/spec/unit/recipes/common_spec.rb rename to cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb diff --git a/cookbooks/wazuh_server/spec/unit/recipes/manager_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb similarity index 100% rename from cookbooks/wazuh_server/spec/unit/recipes/manager_spec.rb rename to cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb diff --git a/cookbooks/wazuh_server/spec/unit/recipes/wazuhapi_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb similarity index 100% rename from cookbooks/wazuh_server/spec/unit/recipes/wazuhapi_spec.rb rename to cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb diff --git a/cookbooks/wazuh_server/templates/default/api.yaml.erb b/cookbooks/wazuh_manager/templates/default/api.yaml.erb similarity index 100% rename from cookbooks/wazuh_server/templates/default/api.yaml.erb rename to cookbooks/wazuh_manager/templates/default/api.yaml.erb diff --git a/cookbooks/wazuh_server/templates/default/ossec_local_decoder.xml.erb b/cookbooks/wazuh_manager/templates/default/ossec_local_decoder.xml.erb similarity index 100% rename from cookbooks/wazuh_server/templates/default/ossec_local_decoder.xml.erb rename to cookbooks/wazuh_manager/templates/default/ossec_local_decoder.xml.erb diff --git a/cookbooks/wazuh_server/templates/default/ossec_local_rules.xml.erb b/cookbooks/wazuh_manager/templates/default/ossec_local_rules.xml.erb similarity index 100% rename from cookbooks/wazuh_server/templates/default/ossec_local_rules.xml.erb rename to cookbooks/wazuh_manager/templates/default/ossec_local_rules.xml.erb diff --git a/cookbooks/wazuh_server/templates/var/ossec/etc/manager_local_internal_options.conf b/cookbooks/wazuh_manager/templates/var/ossec/etc/manager_local_internal_options.conf similarity index 100% rename from cookbooks/wazuh_server/templates/var/ossec/etc/manager_local_internal_options.conf rename to cookbooks/wazuh_manager/templates/var/ossec/etc/manager_local_internal_options.conf diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json new file mode 100644 index 00000000..e9a89e98 --- /dev/null +++ b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json @@ -0,0 +1,15 @@ +{ + "id": "api", + "htpasswd_user": { + "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", + "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "htpasswd_passcode": { + "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", + "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json new file mode 100644 index 00000000..5e1e892d --- /dev/null +++ b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json @@ -0,0 +1,15 @@ +{ + "id": "logstash_certificate", + "logstash_certificate": { + "encrypted_data": "Hps2D0xEoVjRQWPwcsti71gKX1WIkXvW496YAvhjq+y7F0E1uz/fqb1y6fbr\nHJ2McX2GRDaVV0jdDHdthukq2Be5vv82xyMxHDa+HfZfB8LFD4s1XWdFYXDd\ndc2zBxgFhNkyT4qCFnlJkCY2IBc1MIQThW/eBN5S/v+GLKJw1l+nFH0t+aTS\nbXDaR7FmPD3UNUo+PxqJFbqDYFpLCzcPrRCPaMduo3e+kgegvaEFQJjbglPO\nX7aYgtEuAj8+YOl828gKTpZDAzbU/UtoO2EGwgQJJB4s4VpXb6aJBaZugWf9\nl81yJR1aAn8lDxRow7FU7juGiSlGmxOZY0/2G7WpPgq9hetsIm2WrEhNqj5b\nyKnCRLSM6N4YRyUYUQy/dPQKZW0R14jb08xvkyv4+a40fztUJ9Z67Exv5xqp\nWfmqtd3VMjmFYay2J6d0r5twdLDJ4r4OBP8cqa7wl64R2il/E7Mfg6bnyNf8\nBUWrIhZ5Tp/RlSuJ4yMm/Stb3aDRKLGLHfJXcuEjhqurtaesV2zJoX1HYMjn\nkrfE4FheohTjAqXza1PFdVLhQuLJIlr0hD0UIpAvAcbfAqwvQHsr4sV8EP3c\nnpN8NHiAOaxDq9+tAsbk0+pJa2gs16vhTv8vgEZRihrCUrXi9FEh/Z6ahiN7\nQqQ6iwqWW8ZDkFlKfjZgxI4CUta6Mi5l4yGBfqdy+TdbzuWT/euRBZO16EaG\nI5cqKT2yKTAR2A4Nw0pS8DdHQUn+x1PhOO6G3RSwMTQ0p6v2KWHQerGo1e3+\nEXaWBSNnb0t0mFj4oljXpXxkEtT393Bs/LMZ0MoaE3uWam5IAP/NY121Lm+I\nciPIbFKb1PKpjccnW9N+3cAWARqA8pC86ItdV/Q7gI5XbEIIcCVLwzhUGyo2\n1JfG89VAwNqOuyVGXRMnOHMD0V/czDRTebDCT6DHCG5nxS6MeYDlYUIEfIEo\n/xIDJbhPo6L+nk3yvVABQXBYayxnrCLGMkQ1xWA9UzC73q+Rd34X970qTK0P\nery6zm0WbP5dvRrzZYiDLjRY0MRrWvXXsLjP7uhz6gRKfq1KGfx/m6VDAzrZ\nuRNbyl4zEx0/CXViwNmMs/iLt3H3rKom7vRLs1qDtwyQvGChrbkmNWsD6iEH\nVNhIDVJj8JjDAjeK2CbhPWtt/UJWkoHmn5sGJdrtgYsuMeXIkDuA0v6hT+cl\ndwrR1EhONUWhNMsBMLVZMkTlg6UieaOCm+4EN0tA4J3b45Eo2zuerjkUzXBQ\nhdlxfiPKIDRFBkHzMQI/OnlMT2GFO0CJ3xp71kjaavmEmU7vsdynwekuo4u4\n9q/LHbuwNEtM08RezYmptwblbmNNvengIAPIovpaAbFVyOsZog/GEAIZmrYP\nmzyGEOBdPIQZfyP9e6wIM5XoN2UgwHohiMTGRX6XdGJjW30zPw0dkRhciKBT\nq7yl3/UxZoMF6v5ihhB/LbHM3TFW4XucrnvY930daYVxvUuxlYXy7/9vx6zq\n/kEbC7AkA8zJ3AhP711dk5ROqia9Fvna7juFic7OxZdNnXm+0unxBqHT976w\nCK0KkDfwB6UH5p5wvFCZlvnyquKggJoNn8XXTfUrUo1Qpq/rggDfhIsaeB7B\nNA1uVb2udXSWEw/TL+UQJIgNqz/jtHctfUjz6w7Qx+I1vlXeeuNlMzHDZX8l\nzx8xWIbddmZG7bqVQ/DcigX0Sgj8kzgd8J4cJFrr9MG7BDJMbtkxBCp7RwSQ\nM5FUinkCiQ==\n", + "iv": "Aa90t/SYwXMFVtEnnWhynQ==\n", + "version": 1, + "cipher": "aes-256-cbc" + }, + "logstash_certificate_key": { + "encrypted_data": "GeLqjtWtHWxkppekOd67UdAYo4o81ycv6VrCW1EzFLWxXZJFz/Zqh6Gp6Hxb\n3TnRNjDBEdjlRwdQwtUfVr5T6qPJpDinoVL32tMMFsyY9nRqBqhjkxoobZub\n3aQbrCN2TMrsYscwWnoR8odvHXthZ45DIXeKvSdeVB7oxmwuOV+liXj0SvL9\nbQ8TZhNKKF7AQFjY+fVVbHfqXF4TDSelNidE/a1tutSQFqXWjxpXBJ6JEee1\nBYvnx1Zk0Sg7ghbl7jAd2JgaX4DsFt1DirPFIP5JxuBcHsuCgkZyYoUzFn11\nORJm+1fxAPhHBolObZ86iQtoAsKk5IL4D9/COxAljMK9WYyzGqB6L8uX8C7t\nQWg5T08dtEiy9+ZjJlGi280HENSR4oiOMIHPm9lyiIjmZIqhDq3eEgVWYrRk\n1y0D+1279r81Yq12cAB7aXCou6PavvwjBooMiIEmL0yWG+B4pwEir8ow2InE\n4/xtEuE8qprHtdSpZ+MNSnS9c5wctjs7/g0/FSKQ+OWT/LAubrDeDmmeh8TM\nQ+9hsPhOnYeUTVJ+nFQiOuMJT8i8aU64865BVtymLYSoZfmHt6ZMPhKe2lQ+\nzPz+ykU8xVsqrPdo7byhBaiR/xM0dMWpNVl7C11yllq0Z8ewrcmT3DAddnZQ\naRaae9rKON/V7i+Bo2egBa3wJl9Uvw0C6AVi9UNX7/WflRwsTdZDF+I0sAR7\nKQZP0wByBETAYyRaWNMbabfKAVS7NWWLx3N/KRrRarvd9i5GixVqi7wB+mlM\nNvdPYYATKKV+5EjgI3AOThDLHwO1AoSyOCp9jKhsSuyUHSfkQsQXenlFW8KN\nT5J/cl0066yDBZqhlXQ0B+9BI7vhM5ESKdX5hw/5aa3uFaHCeutuql3aAtXU\na5+At6mxRl6Fi6PrmQhA/oWk6etBlZW4Dscv4SauF66zlmQlqHqc5UPNVrR0\nKT8vjVrY0adbR6JG+qOD1UTYYppijW+HMWiPRDbXe9iPSm+wyrybsmqNblPp\n2iEWoPfsLK1jOWZqo0FDrzSwFCcr0rBpPSc1hjuFZ0MrCmW99HEtEHriMPS1\niIQ5hAlDg/qLNaTwIgmbKkiw/OrcYE41XW7R16wOVDWGgmnoJYgBTpyvFY++\nf2OWg2ChUbxMr3rn4qQQY5K1wyKvlrZsDeP0FB+CiEeNqAc1qVpkBuTlA4Vb\nNXVrhoj3ZxIdIoe1yMKsbtSkDIjiYM6gDgmf3Gm0OGh7QtJjgvq/xpcD85/e\ndO/FzXTINpnbmt+w2L36ksW5INmKDQr/l7TApv6t24dbVm/S7h3YDr1umHX0\njwtAMfrZGDGz+Rtqz6Cq+PWznC42bx5SyFkxRgOeZeCq+AxSE1daLognV7Y3\n/W3hyH5m9akJROej6luPG4u/VgwKdCQWKE7axC7EOznOhWlsMXfbJyvr/ZIK\nVrp0Xp7jrEd65gLRDO/qB1jRFufyVv81AIl9Lkcj+7gNGT4gFRLOdZJR/puH\n3/K2Us6ccA93KDNqut230HXGzDMEI4xBIVFCMb9H7txdfz2YnArvrLlylWK9\nwwn/3bobktAdmSxFe9LZaDpkbnv2dmBgEfmgeGOvKZTTkv636g3W5/pF4Hw2\nbp4IUxWozfOtOT1cA8/TfJ1xyTsob3qIkZiA3ju0yW4ULenu9IjplN+uH+WC\n4+35xHSVvvZr2702ho/aV91nJwiPWjsskXORVVY8Fo4Itv7sW826sbKr/Ja7\njyCQG8yB0jVkur51cjkauxaI+AI3DFTK96bswRzPJ3uJU42ESXm44c/VuklW\nDQTx8DNkhgPZ8odjnwWR1vKxQH41ko3GiJlXx8+2Iht4iA0WQ0fPZqnxStDs\nV/4CW5OUlPwzKVOBgoamgLf0Z2TAV/oQxIlSa/sDsEZfbj+gVG0eRWnWrM3H\nJu8/f45IWleIMBVb6IXvvKpwwGZ6PSerLWa+ePVDqlkSEvp2nSQD5jcKAY30\neojZTNUeDaKTVbkZy5kBhN4T0R+FJ5w/PhtphDSptBQ35DLtyOgVO/zIXgOB\n7fH3B/+ZFSjotRLB3nbGJkaYLmFqTW/AMoAnWpxDU9f1sAWHB4VLcd04Z/SY\n8NsobTGNP9aOMezaIgrtb1udPJjW6UArgNKmThoyX9J437aXDTxIIcvrcDvl\nYZP703Gxhboq3tYwfLugUeZFuAy5/binmcVDGkCGdjuUQ/Drd4VzB72JRlCv\n00LOHS8xIFfD1Rr8mH1AU1LtdjlTy8HFynM/XsZ5pup5zdkl00hxsaMGRNwU\nBWrkUSfhvx88SlSYaIi82pns8jhseVfm28zgetjYDw0i20IcueKw1IHptlFe\nsZAxshw=\n", + "iv": "EyUb/TEyoS/xyfuwTBin3Q==\n", + "version": 1, + "cipher": "aes-256-cbc" + } +} diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key new file mode 100644 index 00000000..add836f6 --- /dev/null +++ b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key @@ -0,0 +1 @@ +gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/wazuh_server/test/environments/development-client.json b/cookbooks/wazuh_manager/test/environments/development-client.json similarity index 100% rename from cookbooks/wazuh_server/test/environments/development-client.json rename to cookbooks/wazuh_manager/test/environments/development-client.json diff --git a/cookbooks/wazuh_server/test/environments/development-master.json b/cookbooks/wazuh_manager/test/environments/development-master.json similarity index 100% rename from cookbooks/wazuh_server/test/environments/development-master.json rename to cookbooks/wazuh_manager/test/environments/development-master.json diff --git a/cookbooks/wazuh_server/test/environments/development.json b/cookbooks/wazuh_manager/test/environments/development.json similarity index 100% rename from cookbooks/wazuh_server/test/environments/development.json rename to cookbooks/wazuh_manager/test/environments/development.json diff --git a/cookbooks/wazuh_server/test/environments/production.json b/cookbooks/wazuh_manager/test/environments/production.json similarity index 100% rename from cookbooks/wazuh_server/test/environments/production.json rename to cookbooks/wazuh_manager/test/environments/production.json diff --git a/cookbooks/wazuh_server/test/integration/agent-development/serverspec/agent_spec.rb b/cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/agent-development/serverspec/agent_spec.rb rename to cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb diff --git a/cookbooks/wazuh_server/test/integration/agent-production/serverspec/agent_spec.rb b/cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/agent-production/serverspec/agent_spec.rb rename to cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb diff --git a/cookbooks/wazuh_server/test/integration/default/encrypted_data_bag_secret b/cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret similarity index 100% rename from cookbooks/wazuh_server/test/integration/default/encrypted_data_bag_secret rename to cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret diff --git a/cookbooks/wazuh_server/test/integration/default/serverspec/default_spec.rb b/cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/default/serverspec/default_spec.rb rename to cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb diff --git a/cookbooks/wazuh_server/test/integration/elk-development/serverspec/elk_spec.rb b/cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/elk-development/serverspec/elk_spec.rb rename to cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb diff --git a/cookbooks/wazuh_server/test/integration/helpers/serverspec/common_agent_tests.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/helpers/serverspec/common_agent_tests.rb rename to cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb diff --git a/cookbooks/wazuh_server/test/integration/helpers/serverspec/common_manager_tests.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/helpers/serverspec/common_manager_tests.rb rename to cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb diff --git a/cookbooks/wazuh_server/test/integration/helpers/serverspec/common_ossec_tests.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/helpers/serverspec/common_ossec_tests.rb rename to cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb new file mode 100644 index 00000000..c1fddf06 --- /dev/null +++ b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb @@ -0,0 +1,8 @@ +require 'serverspec' + +if (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil? + set :backend, :exec +else + set :backend, :cmd + set :os, family: 'windows' +end diff --git a/cookbooks/wazuh_server/test/integration/manager-development/serverspec/manager_spec.rb b/cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/manager-development/serverspec/manager_spec.rb rename to cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb diff --git a/cookbooks/wazuh_server/test/integration/manager-production/serverspec/manager_spec.rb b/cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb similarity index 100% rename from cookbooks/wazuh_server/test/integration/manager-production/serverspec/manager_spec.rb rename to cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb From da457eca7f167258f5b7a1d427dad712fe9383e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:15:53 +0100 Subject: [PATCH 024/260] Change attribute files name --- cookbooks/filebeat/attributes/default.rb | 11 ----------- cookbooks/filebeat/attributes/elastic.rb | 8 ++++++++ cookbooks/filebeat/attributes/files.rb | 6 ++++++ cookbooks/filebeat/attributes/paths.rb | 6 ++++++ cookbooks/filebeat/attributes/versions.rb | 2 +- 5 files changed, 21 insertions(+), 12 deletions(-) delete mode 100644 cookbooks/filebeat/attributes/default.rb create mode 100644 cookbooks/filebeat/attributes/elastic.rb create mode 100644 cookbooks/filebeat/attributes/files.rb create mode 100644 cookbooks/filebeat/attributes/paths.rb diff --git a/cookbooks/filebeat/attributes/default.rb b/cookbooks/filebeat/attributes/default.rb deleted file mode 100644 index bc960a47..00000000 --- a/cookbooks/filebeat/attributes/default.rb +++ /dev/null @@ -1,11 +0,0 @@ -# Cookbook Name:: filebeat -# Attribute:: default -# Author:: Wazuh - -default['filebeat']['elasticsearch_server_ip'] = [ - "http://0.0.0.0:9200" -] -default['filebeat']['config_path'] = '/etc/filebeat' -default['filebeat']['alerts_template'] = 'wazuh-template.json' -default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" -default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/elastic.rb b/cookbooks/filebeat/attributes/elastic.rb new file mode 100644 index 00000000..7479e132 --- /dev/null +++ b/cookbooks/filebeat/attributes/elastic.rb @@ -0,0 +1,8 @@ +# Cookbook Name:: filebeat +# Attribute:: elastic +# Author:: Wazuh + +default['filebeat']['elasticsearch_server_ip'] = [ + "http://0.0.0.0:9200" +] + diff --git a/cookbooks/filebeat/attributes/files.rb b/cookbooks/filebeat/attributes/files.rb new file mode 100644 index 00000000..aed570fd --- /dev/null +++ b/cookbooks/filebeat/attributes/files.rb @@ -0,0 +1,6 @@ +# Cookbook Name:: filebeat +# Attribute:: files +# Author:: Wazuh + +default['filebeat']['alerts_template'] = 'wazuh-template.json' +default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/paths.rb b/cookbooks/filebeat/attributes/paths.rb new file mode 100644 index 00000000..0f851bda --- /dev/null +++ b/cookbooks/filebeat/attributes/paths.rb @@ -0,0 +1,6 @@ +# Cookbook Name:: filebeat +# Attribute:: paths +# Author:: Wazuh + +default['filebeat']['config_path'] = '/etc/filebeat' +default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/versions.rb b/cookbooks/filebeat/attributes/versions.rb index 5cd66ec2..79867beb 100644 --- a/cookbooks/filebeat/attributes/versions.rb +++ b/cookbooks/filebeat/attributes/versions.rb @@ -4,7 +4,7 @@ # ELK default['elk']['major_version'] = "7.x" -default['elk']['patch_version'] = "7.9.1" +default['elk']['patch_version'] = "7.9.2" # Wazuh default['wazuh']['major_version'] = "4.x" From ddbada7f95315b1afb1d4b7c4585a6d996eb76fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:18:37 +0100 Subject: [PATCH 025/260] Remove unnecesary cookbooks --- cookbooks/filebeat/Berksfile | 6 +----- cookbooks/filebeat/metadata.rb | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/cookbooks/filebeat/Berksfile b/cookbooks/filebeat/Berksfile index eff5649b..17e215aa 100644 --- a/cookbooks/filebeat/Berksfile +++ b/cookbooks/filebeat/Berksfile @@ -2,8 +2,4 @@ source 'https://supermarket.chef.io' metadata -group :integration do - cookbook 'apt' - cookbook 'yum' - cookbook 'zypper' -end + diff --git a/cookbooks/filebeat/metadata.rb b/cookbooks/filebeat/metadata.rb index d95febd4..313c31b3 100644 --- a/cookbooks/filebeat/metadata.rb +++ b/cookbooks/filebeat/metadata.rb @@ -1,4 +1,4 @@ -name 'wazuh_filebeat' +name 'filebeat' maintainer 'Wazuh' maintainer_email 'info@wazuh.com' license 'Apache 2.0' @@ -16,10 +16,6 @@ supports 'suse', '>= 12.0' supports 'opensuse', '>= 42.0' -depends 'apt' -depends 'yum' -depends 'zypper' - issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) chef_version '>= 12.0' if respond_to?(:chef_version) From 5d3cd91a990d815b6984a5a8ecd2d0d94288ffa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:18:54 +0100 Subject: [PATCH 026/260] Add more platforms --- cookbooks/filebeat/.kitchen.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cookbooks/filebeat/.kitchen.yml b/cookbooks/filebeat/.kitchen.yml index 6c58a3a3..41d85a8f 100644 --- a/cookbooks/filebeat/.kitchen.yml +++ b/cookbooks/filebeat/.kitchen.yml @@ -11,10 +11,12 @@ verifiers: platforms: - name: ubuntu-20.04 - - name: ubuntu-18.04 - name: centos-8.0 - name: centos-7 - + - name: amazonlinux-2 + - name: debian-7.8 + - name: fedora-23 + - name: opensuse-leap-42.1 suites: - name: filebeat driver: From 265c0c0a95e903d80e55643e1443a47ad3b00fd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:19:13 +0100 Subject: [PATCH 027/260] Update CHANGELOG.md --- cookbooks/filebeat/CHANGELOG.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cookbooks/filebeat/CHANGELOG.md b/cookbooks/filebeat/CHANGELOG.md index 4b9aee97..eaef7bb0 100644 --- a/cookbooks/filebeat/CHANGELOG.md +++ b/cookbooks/filebeat/CHANGELOG.md @@ -1,9 +1,6 @@ ## v0.1.0 1. Bump to filebeat OSS 7.9.1 -2. Remove repository.rb since it is useless. To install filebeat, you need first to install first -wazuh manager in the same node. Filebeat use the same URI and GPG KEY repository as the latter -to install the package -3. Added suse repository +2. Added suse repository *Note*: in future version, filebeat will be included into wazuh-manager cookbook From c4d81c5b1e81de41815a490e80105764bb5d3c3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:21:04 +0100 Subject: [PATCH 028/260] Fix URL and add attrribute --- cookbooks/filebeat/recipes/filebeat.rb | 23 +++++++------------ .../templates/default/filebeat.yml.erb | 2 +- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/cookbooks/filebeat/recipes/filebeat.rb b/cookbooks/filebeat/recipes/filebeat.rb index 576f5b42..31acca39 100644 --- a/cookbooks/filebeat/recipes/filebeat.rb +++ b/cookbooks/filebeat/recipes/filebeat.rb @@ -14,6 +14,7 @@ apt_package 'filebeat' do version "#{node['elk']['patch_version']}" end + elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') if node['platform']['version'] >= '8' dnf_package 'filebeat' do @@ -24,10 +25,12 @@ version "#{node['elk']['patch_version']}" end end + elsif platform_family?('opensuse', 'suse') yum_package 'filebeat' do version "#{node['elk']['patch_version']}" end + else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end @@ -40,14 +43,15 @@ group 'root' mode '0640' variables( - output_elasticsearch_hosts: node['filebeat']['elasticsearch_server_ip'] + output_elasticsearch_hosts: node['filebeat']['elasticsearch_server_ip'], + template_json_path: "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" ) end # Download the alerts template for Elasticsearch remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" do - source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['minor_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" + source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['patch_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" owner 'root' group 'root' mode '0644' @@ -56,7 +60,7 @@ # Download the Wazuh module for Filebeat remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do - source "https://packages.wazuh.com/#{node['wazuh']['minor_version']}/filebeat/#{node['filebeat']['wazuh_module']}" + source "https://packages.wazuh.com/#{node['wazuh']['major_version']}/filebeat/#{node['filebeat']['wazuh_module']}" end archive_file "#{node['filebeat']['wazuh_module']}" do @@ -80,15 +84,4 @@ service "filebeat" do supports :start => true, :stop => true, :restart => true, :reload => true action [:enable, :start] -end - -# Load the Filebeat template (Elasticsarch must be installed and running) - -bash 'Load the Filebeat template' do - code <<-EOH - filebeat setup --index-management -E setup.template.json.enabled=false - EOH -end - - - +end \ No newline at end of file diff --git a/cookbooks/filebeat/templates/default/filebeat.yml.erb b/cookbooks/filebeat/templates/default/filebeat.yml.erb index 241e9b57..09c66f38 100644 --- a/cookbooks/filebeat/templates/default/filebeat.yml.erb +++ b/cookbooks/filebeat/templates/default/filebeat.yml.erb @@ -7,7 +7,7 @@ filebeat.modules: enabled: false setup.template.json.enabled: true -setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.path: '<%= @template_json_path %>' setup.template.json.name: 'wazuh' setup.template.overwrite: true setup.ilm.enabled: false From e26c8d81a528a6d5bec000cd4939020e703d1b1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:21:16 +0100 Subject: [PATCH 029/260] Remove unnecesary cookbook --- cookbooks/filebeat/recipes/default.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/cookbooks/filebeat/recipes/default.rb b/cookbooks/filebeat/recipes/default.rb index e6bcae73..3b5315bd 100644 --- a/cookbooks/filebeat/recipes/default.rb +++ b/cookbooks/filebeat/recipes/default.rb @@ -2,6 +2,5 @@ # Recipe:: default # Author:: Wazuh -include_recipe 'apt::default' include_recipe 'filebeat::repository' include_recipe 'filebeat::filebeat' From 841e1c69c41033bba68848ff82e02a3dc4985cce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:25:18 +0100 Subject: [PATCH 030/260] Change attributes file name and bump to 7.9.2 --- cookbooks/filebeat-oss/attributes/elastic.rb | 9 +++++++++ cookbooks/filebeat-oss/attributes/files.rb | 6 ++++++ cookbooks/filebeat-oss/attributes/paths.rb | 6 ++++++ cookbooks/filebeat-oss/attributes/versions.rb | 2 +- 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 cookbooks/filebeat-oss/attributes/elastic.rb create mode 100644 cookbooks/filebeat-oss/attributes/files.rb create mode 100644 cookbooks/filebeat-oss/attributes/paths.rb diff --git a/cookbooks/filebeat-oss/attributes/elastic.rb b/cookbooks/filebeat-oss/attributes/elastic.rb new file mode 100644 index 00000000..f107a28a --- /dev/null +++ b/cookbooks/filebeat-oss/attributes/elastic.rb @@ -0,0 +1,9 @@ +# Cookbook Name:: filebeat +# Attribute:: elastic +# Author:: Wazuh + +default['filebeat']['elasticsearch_server_ip'] = [ + "http://0.0.0.0:9200" +] + + diff --git a/cookbooks/filebeat-oss/attributes/files.rb b/cookbooks/filebeat-oss/attributes/files.rb new file mode 100644 index 00000000..aed570fd --- /dev/null +++ b/cookbooks/filebeat-oss/attributes/files.rb @@ -0,0 +1,6 @@ +# Cookbook Name:: filebeat +# Attribute:: files +# Author:: Wazuh + +default['filebeat']['alerts_template'] = 'wazuh-template.json' +default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" \ No newline at end of file diff --git a/cookbooks/filebeat-oss/attributes/paths.rb b/cookbooks/filebeat-oss/attributes/paths.rb new file mode 100644 index 00000000..0f851bda --- /dev/null +++ b/cookbooks/filebeat-oss/attributes/paths.rb @@ -0,0 +1,6 @@ +# Cookbook Name:: filebeat +# Attribute:: paths +# Author:: Wazuh + +default['filebeat']['config_path'] = '/etc/filebeat' +default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file diff --git a/cookbooks/filebeat-oss/attributes/versions.rb b/cookbooks/filebeat-oss/attributes/versions.rb index 5cd66ec2..79867beb 100644 --- a/cookbooks/filebeat-oss/attributes/versions.rb +++ b/cookbooks/filebeat-oss/attributes/versions.rb @@ -4,7 +4,7 @@ # ELK default['elk']['major_version'] = "7.x" -default['elk']['patch_version'] = "7.9.1" +default['elk']['patch_version'] = "7.9.2" # Wazuh default['wazuh']['major_version'] = "4.x" From 3fd3d819c0e71581cd648010a2306a63d0d5073d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:25:37 +0100 Subject: [PATCH 031/260] Remove unnceseary files --- cookbooks/filebeat-oss/.delivery/project.toml | 32 ------------------- .../filebeat-oss/.vscode/extensions.json | 5 --- cookbooks/filebeat-oss/attributes/default.rb | 11 ------- 3 files changed, 48 deletions(-) delete mode 100644 cookbooks/filebeat-oss/.delivery/project.toml delete mode 100644 cookbooks/filebeat-oss/.vscode/extensions.json delete mode 100644 cookbooks/filebeat-oss/attributes/default.rb diff --git a/cookbooks/filebeat-oss/.delivery/project.toml b/cookbooks/filebeat-oss/.delivery/project.toml deleted file mode 100644 index c23d1fe7..00000000 --- a/cookbooks/filebeat-oss/.delivery/project.toml +++ /dev/null @@ -1,32 +0,0 @@ -# Delivery for Local Phases Execution -# -# This file allows you to execute test phases locally on a workstation or -# in a CI pipeline. The delivery-cli will read this file and execute the -# command(s) that are configured for each phase. You can customize them -# by just modifying the phase key on this file. -# -# By default these phases are configured for Cookbook Workflow only -# - -[local_phases] -unit = "chef exec rspec spec/" -lint = "chef exec cookstyle" -# foodcritic has been deprecated in favor of cookstyle so we skip the syntax -# phase now. -syntax = "echo skipping syntax phase. Use lint phase instead." -provision = "chef exec kitchen create" -deploy = "chef exec kitchen converge" -smoke = "chef exec kitchen verify" -# The functional phase is optional, you can define it by uncommenting -# the line below and running the command: `delivery local functional` -# functional = "" -cleanup = "chef exec kitchen destroy" - -# Remote project.toml file -# -# Instead of the local phases above, you may specify a remote URI location for -# the `project.toml` file. This is useful for teams that wish to centrally -# manage the behavior of the `delivery local` command across many different -# projects. -# -# remote_file = "https://url/project.toml" diff --git a/cookbooks/filebeat-oss/.vscode/extensions.json b/cookbooks/filebeat-oss/.vscode/extensions.json deleted file mode 100644 index 34f35661..00000000 --- a/cookbooks/filebeat-oss/.vscode/extensions.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "recommendations": [ - "chef-software.chef" - ] -} diff --git a/cookbooks/filebeat-oss/attributes/default.rb b/cookbooks/filebeat-oss/attributes/default.rb deleted file mode 100644 index bc960a47..00000000 --- a/cookbooks/filebeat-oss/attributes/default.rb +++ /dev/null @@ -1,11 +0,0 @@ -# Cookbook Name:: filebeat -# Attribute:: default -# Author:: Wazuh - -default['filebeat']['elasticsearch_server_ip'] = [ - "http://0.0.0.0:9200" -] -default['filebeat']['config_path'] = '/etc/filebeat' -default['filebeat']['alerts_template'] = 'wazuh-template.json' -default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" -default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file From 41e0aec6a7619e49afc43488552c9f5e37b57764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 11:37:43 +0100 Subject: [PATCH 032/260] Bump to 7.9.1 --- cookbooks/filebeat/attributes/versions.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/filebeat/attributes/versions.rb b/cookbooks/filebeat/attributes/versions.rb index 79867beb..5cd66ec2 100644 --- a/cookbooks/filebeat/attributes/versions.rb +++ b/cookbooks/filebeat/attributes/versions.rb @@ -4,7 +4,7 @@ # ELK default['elk']['major_version'] = "7.x" -default['elk']['patch_version'] = "7.9.2" +default['elk']['patch_version'] = "7.9.1" # Wazuh default['wazuh']['major_version'] = "4.x" From ad334bbd5be2e9b8a635b94f9da26fadb5e171a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 12:21:00 +0100 Subject: [PATCH 033/260] Update filebeat-oss cookbook --- .../{kitchen.yml => .kitchen.yml} | 4 +- cookbooks/filebeat-oss/attributes/elastic.rb | 2 +- cookbooks/filebeat-oss/attributes/files.rb | 2 +- cookbooks/filebeat-oss/attributes/paths.rb | 2 +- cookbooks/filebeat-oss/attributes/versions.rb | 4 +- cookbooks/filebeat-oss/metadata.rb | 25 +++--- cookbooks/filebeat-oss/recipes/default.rb | 7 +- cookbooks/filebeat-oss/recipes/filebeat.rb | 62 +++++++-------- cookbooks/filebeat-oss/recipes/repository.rb | 79 +++++++++---------- 9 files changed, 90 insertions(+), 97 deletions(-) rename cookbooks/filebeat-oss/{kitchen.yml => .kitchen.yml} (95%) diff --git a/cookbooks/filebeat-oss/kitchen.yml b/cookbooks/filebeat-oss/.kitchen.yml similarity index 95% rename from cookbooks/filebeat-oss/kitchen.yml rename to cookbooks/filebeat-oss/.kitchen.yml index dbf40352..19e1fc49 100644 --- a/cookbooks/filebeat-oss/kitchen.yml +++ b/cookbooks/filebeat-oss/.kitchen.yml @@ -26,10 +26,10 @@ verifier: platforms: - name: ubuntu-20.04 - - name: centos-8 + - name: centos-8.0 suites: - - name: default + - name: filebeat-oss run_list: - recipe[filebeat-oss::default] verifier: diff --git a/cookbooks/filebeat-oss/attributes/elastic.rb b/cookbooks/filebeat-oss/attributes/elastic.rb index f107a28a..01b09ed8 100644 --- a/cookbooks/filebeat-oss/attributes/elastic.rb +++ b/cookbooks/filebeat-oss/attributes/elastic.rb @@ -1,6 +1,6 @@ # Cookbook Name:: filebeat # Attribute:: elastic -# Author:: Wazuh +# Author:: Wazuh default['filebeat']['elasticsearch_server_ip'] = [ "http://0.0.0.0:9200" diff --git a/cookbooks/filebeat-oss/attributes/files.rb b/cookbooks/filebeat-oss/attributes/files.rb index aed570fd..bcd9a6a0 100644 --- a/cookbooks/filebeat-oss/attributes/files.rb +++ b/cookbooks/filebeat-oss/attributes/files.rb @@ -1,6 +1,6 @@ # Cookbook Name:: filebeat # Attribute:: files -# Author:: Wazuh +# Author:: Wazuh default['filebeat']['alerts_template'] = 'wazuh-template.json' default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" \ No newline at end of file diff --git a/cookbooks/filebeat-oss/attributes/paths.rb b/cookbooks/filebeat-oss/attributes/paths.rb index 0f851bda..dedfa422 100644 --- a/cookbooks/filebeat-oss/attributes/paths.rb +++ b/cookbooks/filebeat-oss/attributes/paths.rb @@ -1,6 +1,6 @@ # Cookbook Name:: filebeat # Attribute:: paths -# Author:: Wazuh +# Author:: Wazuh default['filebeat']['config_path'] = '/etc/filebeat' default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file diff --git a/cookbooks/filebeat-oss/attributes/versions.rb b/cookbooks/filebeat-oss/attributes/versions.rb index 79867beb..1f6f427e 100644 --- a/cookbooks/filebeat-oss/attributes/versions.rb +++ b/cookbooks/filebeat-oss/attributes/versions.rb @@ -1,10 +1,10 @@ # Cookbook Name:: filebeat # Attribute:: versions -# Author:: Wazuh +# Author:: Wazuh # ELK default['elk']['major_version'] = "7.x" -default['elk']['patch_version'] = "7.9.2" +default['elk']['patch_version'] = "7.9.1" # Wazuh default['wazuh']['major_version'] = "4.x" diff --git a/cookbooks/filebeat-oss/metadata.rb b/cookbooks/filebeat-oss/metadata.rb index cfa6d719..96a9c695 100644 --- a/cookbooks/filebeat-oss/metadata.rb +++ b/cookbooks/filebeat-oss/metadata.rb @@ -1,19 +1,20 @@ name 'filebeat-oss' -maintainer 'The Authors' -maintainer_email 'you@example.com' +maintainer 'Wazuh' +maintainer_email 'info@wazuh.com' license 'Apache-2.0' description 'Installs/Configures filebeat-oss' version '0.1.0' chef_version '>= 15.0' -# The `issues_url` points to the location where issues for this cookbook are -# tracked. A `View Issues` link will be displayed on this cookbook's page when -# uploaded to a Supermarket. -# -# issues_url 'https://github.com//filebeat-oss/issues' +%w(redhat centos oracle).each do |el| + supports el, '>= 6.0' +end +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' +supports 'debian', '>= 7.0' +supports 'ubuntu', '>= 12.04' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' -# The `source_url` points to the development repository for this cookbook. A -# `View Source` link will be displayed on this cookbook's page when uploaded to -# a Supermarket. -# -# source_url 'https://github.com//filebeat-oss' +issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) diff --git a/cookbooks/filebeat-oss/recipes/default.rb b/cookbooks/filebeat-oss/recipes/default.rb index 9878fe87..912ed39b 100644 --- a/cookbooks/filebeat-oss/recipes/default.rb +++ b/cookbooks/filebeat-oss/recipes/default.rb @@ -1,7 +1,6 @@ # Cookbook Name:: filebeat # Recipe:: default -# Author:: Wazuh +# Author:: Wazuh -include_recipe 'apt::default' -include_recipe 'filebeat::repository' -include_recipe 'filebeat::filebeat' \ No newline at end of file +include_recipe 'filebeat-oss::repository' +include_recipe 'filebeat-oss::filebeat' \ No newline at end of file diff --git a/cookbooks/filebeat-oss/recipes/filebeat.rb b/cookbooks/filebeat-oss/recipes/filebeat.rb index 5a99d236..fde026f2 100644 --- a/cookbooks/filebeat-oss/recipes/filebeat.rb +++ b/cookbooks/filebeat-oss/recipes/filebeat.rb @@ -1,36 +1,31 @@ # Cookbook Name:: filebeat # Recipe:: filebeat-oss -# Author:: Wazuh +# Author:: Wazuh # Install filebeat-oss pacakge -if platform_family?('debian','ubuntu') - package 'lsb-release' - ohai 'reload lsb' do - plugin 'lsb' - subscribes :reload, 'package[lsb-release]', :immediately - end - - apt_package 'filebeat' do - version "#{node['elk']['patch_version']}" - end - elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') - if node['platform']['version'] >= '8' - dnf_package 'filebeat' do - version "#{node['elk']['patch_version']}" - end - else - yum_package 'filebeat' do - version "#{node['elk']['patch_version']}" - end +case node['platform'] +when 'debian','ubuntu' + apt_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' + if node['platform_version'] >= '8' + dnf_package 'filebeat' do + version "#{node['elk']['patch_version']}" end - elsif platform_family?('opensuse', 'suse') + else yum_package 'filebeat' do version "#{node['elk']['patch_version']}" end - else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end +when 'opensuse', 'suse' + zypper_package 'filebeat' do + version "#{node['elk']['patch_version']}" + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end # Edit the file /etc/filebeat/filebeat.yml @@ -47,7 +42,7 @@ # Download the alerts template for Elasticsearch remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" do - source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['minor_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" + source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['patch_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" owner 'root' group 'root' mode '0644' @@ -56,7 +51,7 @@ # Download the Wazuh module for Filebeat remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do - source "https://packages.wazuh.com/#{node['wazuh']['minor_version']}/filebeat/#{node['filebeat']['wazuh_module']}" + source "https://packages.wazuh.com/#{node['wazuh']['major_version']}/filebeat/#{node['filebeat']['wazuh_module']}" end archive_file "#{node['filebeat']['wazuh_module']}" do @@ -75,14 +70,13 @@ end log 'filebeat-certificates' do - message: "Please move the following files on elasticsearch node to - #{node['filebeat']['config_path']}/certs: - - filebeat.pem - - filebeat.key - - root-ca.pem. - Once uploaded, run the following commands as sudo: - - systemctl daemon-reload - - systemctl enable filebeat - - systemctl start filebeat" + message "Please move the following files on elasticsearch node to #{node['filebeat']['config_path']}/certs: + - filebeat.pem + - filebeat.key + - root-ca.pem. + Once uploaded, run the following commands as sudo: + - systemctl daemon-reload + - systemctl enable filebeat + - systemctl start filebeat" level :warn end \ No newline at end of file diff --git a/cookbooks/filebeat-oss/recipes/repository.rb b/cookbooks/filebeat-oss/recipes/repository.rb index ec41b541..94879e79 100644 --- a/cookbooks/filebeat-oss/recipes/repository.rb +++ b/cookbooks/filebeat-oss/recipes/repository.rb @@ -1,44 +1,43 @@ # Cookbook Name:: filebeat # Recipe:: repository -# Author:: Wazuh +# Author:: Wazuh -if platform_family?('ubuntu', 'debian') - package 'lsb-release' - - ohai 'reload lsb' do - plugin 'lsb' - subscribes :reload, 'package[lsb-release]', :immediately - end - - apt_repository 'wazuh' do - key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - uri "http://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" - components ['main'] - distribution 'stable' - action :add - end - - apt_update +case node['platform'] +when 'ubuntu', 'debian' + package 'lsb-release' - elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') - yum_repository 'wazuh' do - description 'WAZUH Yum Repository - www.wazuh.com' - gpgcheck true - gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - enabled true - baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" - action :create - end - - elsif platform_family?('opensuseleap', 'suse') - zypper_repository 'wazuh' do - description 'WAZUH Zypper Repository - www.wazuh.com' - gpgcheck true - gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - enabled true - baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" - action :create - end - else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" - end \ No newline at end of file + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_repository 'wazuh' do + key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + uri "http://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" + components ['main'] + distribution 'stable' + action :add + end + + apt_update +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' + yum_repository 'wazuh' do + description 'WAZUH Yum Repository - www.wazuh.com' + gpgcheck true + gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + enabled true + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + action :create + end +when 'opensuseleap', 'suse' + zypper_repository 'wazuh' do + description 'WAZUH Zypper Repository - www.wazuh.com' + gpgcheck true + gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + enabled true + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + action :create + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end \ No newline at end of file From 84fe247132d13f298a672fbf2e3b7d98c80c2709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 12:27:28 +0100 Subject: [PATCH 034/260] Add yml attributes --- cookbooks/filebeat-oss/attributes/elastic.rb | 9 --------- cookbooks/filebeat-oss/attributes/yml.rb | 15 +++++++++++++++ cookbooks/filebeat-oss/recipes/filebeat.rb | 2 +- 3 files changed, 16 insertions(+), 10 deletions(-) delete mode 100644 cookbooks/filebeat-oss/attributes/elastic.rb create mode 100644 cookbooks/filebeat-oss/attributes/yml.rb diff --git a/cookbooks/filebeat-oss/attributes/elastic.rb b/cookbooks/filebeat-oss/attributes/elastic.rb deleted file mode 100644 index 01b09ed8..00000000 --- a/cookbooks/filebeat-oss/attributes/elastic.rb +++ /dev/null @@ -1,9 +0,0 @@ -# Cookbook Name:: filebeat -# Attribute:: elastic -# Author:: Wazuh - -default['filebeat']['elasticsearch_server_ip'] = [ - "http://0.0.0.0:9200" -] - - diff --git a/cookbooks/filebeat-oss/attributes/yml.rb b/cookbooks/filebeat-oss/attributes/yml.rb new file mode 100644 index 00000000..8115a76a --- /dev/null +++ b/cookbooks/filebeat-oss/attributes/yml.rb @@ -0,0 +1,15 @@ +# Cookbook Name:: filebeat +# Attribute:: elastic +# Author:: Wazuh + +default['filebeat']['yml'] = [ + 'output' => { + 'elasticsearch' => { + 'hosts' => [ + "http://0.0.0.0:9200" + ] + } + } +] + + diff --git a/cookbooks/filebeat-oss/recipes/filebeat.rb b/cookbooks/filebeat-oss/recipes/filebeat.rb index fde026f2..455814b3 100644 --- a/cookbooks/filebeat-oss/recipes/filebeat.rb +++ b/cookbooks/filebeat-oss/recipes/filebeat.rb @@ -35,7 +35,7 @@ group 'root' mode '0640' variables( - hosts: node['filebeat']['elasticsearch_server_ip'] + hosts: node['filebeat']['yml']['output']['elasticsearch']['hosts'] ) end From a9b2e21adca0a72e4ec6b7a3d9013528a696eb25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 15:20:06 +0100 Subject: [PATCH 035/260] Update elastic-stack cookbook --- cookbooks/elastic-stack/.kitchen.yml | 35 ++-------------- cookbooks/elastic-stack/Berksfile | 3 -- cookbooks/elastic-stack/README.md | 5 +++ cookbooks/elastic-stack/attributes/api.rb | 7 +++- cookbooks/elastic-stack/attributes/jvm.rb | 4 ++ .../attributes/{default.rb => paths.rb} | 4 +- .../elastic-stack/attributes/versions.rb | 8 +++- cookbooks/elastic-stack/attributes/yml.rb | 4 ++ cookbooks/elastic-stack/metadata.rb | 16 ++------ cookbooks/elastic-stack/recipes/default.rb | 1 - .../elastic-stack/recipes/elasticsearch.rb | 17 ++++---- cookbooks/elastic-stack/recipes/kibana.rb | 34 ++++++--------- .../elastic-stack/recipes/prerequisites.rb | 41 +++++++++++++++---- cookbooks/elastic-stack/recipes/repository.rb | 13 ++---- .../templates/elasticsearch.yml.erb | 2 +- 15 files changed, 92 insertions(+), 102 deletions(-) rename cookbooks/elastic-stack/attributes/{default.rb => paths.rb} (78%) diff --git a/cookbooks/elastic-stack/.kitchen.yml b/cookbooks/elastic-stack/.kitchen.yml index cd80b7ae..ae85a60b 100644 --- a/cookbooks/elastic-stack/.kitchen.yml +++ b/cookbooks/elastic-stack/.kitchen.yml @@ -18,41 +18,12 @@ platforms: - name: centos-7 suites: - - name: elastic + - name: elastic-stack run_list: - - recipe[wazuh_elastic::default] + - recipe[elastic-stack::default] driver: network: - ["private_network", {ip: "172.16.10.11"}] customize: memory: 2048 - cpus: 2 - - -#driver: -# name: vagrant -# driver_config: -# require_chef_omnibus: latest -# -#provisioner: -# name: chef_zero -# environments_path: "../../environments" -# data_bags_path: "../../data_bags" -# encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret" -# -# -#platforms: -# - name: ubuntu-12.04 -# run_list: apt::default -# - name: ubuntu-14.04 -# run_list: apt::default -# -#suites: -# - name: default -# driver: -# network: -# - ["private_network", {ip: "172.16.10.10"}] -# run_list: -# - recipe[wazuh_elastic::default] -# attributes: -# \ No newline at end of file + cpus: 2 \ No newline at end of file diff --git a/cookbooks/elastic-stack/Berksfile b/cookbooks/elastic-stack/Berksfile index 1a8f987d..d501fcf9 100644 --- a/cookbooks/elastic-stack/Berksfile +++ b/cookbooks/elastic-stack/Berksfile @@ -2,6 +2,3 @@ source 'https://supermarket.getchef.com' metadata - -cookbook 'hostsfile' -cookbook 'htpasswd' diff --git a/cookbooks/elastic-stack/README.md b/cookbooks/elastic-stack/README.md index 65ea4584..c15d6138 100644 --- a/cookbooks/elastic-stack/README.md +++ b/cookbooks/elastic-stack/README.md @@ -2,6 +2,11 @@ This cookbook installs and configures Elastic Stack. Please note that it's not obligatory to install the whole stack, recipes can work independently. +#### Chef +- Chef 12+ + +#### Cookbooks + ### Attributes The ``attributes`` folder contains all the default configuration files in order to generate ossec.conf file. diff --git a/cookbooks/elastic-stack/attributes/api.rb b/cookbooks/elastic-stack/attributes/api.rb index a7224579..f89bc62e 100644 --- a/cookbooks/elastic-stack/attributes/api.rb +++ b/cookbooks/elastic-stack/attributes/api.rb @@ -1,7 +1,10 @@ +# Cookbook Name:: elastic-stack +# Attributes:: api +# Author:: Wazuh default['kibana']['wazuh_api_credentials'] = { - 'id' => "wazuhapi", - 'url' => "https =>//localhost", + 'id' => "default", + 'url' => "https://localhost", 'port' => "55000", 'username' => "wazuh", 'password' => "wazuh" diff --git a/cookbooks/elastic-stack/attributes/jvm.rb b/cookbooks/elastic-stack/attributes/jvm.rb index f30c99c9..13f26a95 100644 --- a/cookbooks/elastic-stack/attributes/jvm.rb +++ b/cookbooks/elastic-stack/attributes/jvm.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: elastic-stack +# Attributes:: jvm +# Author:: Wazuh + default['jvm'] = { 'memory' => "1g" } \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/default.rb b/cookbooks/elastic-stack/attributes/paths.rb similarity index 78% rename from cookbooks/elastic-stack/attributes/default.rb rename to cookbooks/elastic-stack/attributes/paths.rb index ad1c7ee2..017c7357 100644 --- a/cookbooks/elastic-stack/attributes/default.rb +++ b/cookbooks/elastic-stack/attributes/paths.rb @@ -1,5 +1,5 @@ # Cookbook Name:: elastic-stack -# Attributes:: default +# Attributes:: paths # Author:: Wazuh # Elastic paths @@ -8,5 +8,3 @@ # Kibana paths default['kibana']['package_path'] = "/usr/share/kibana" default['kibana']['config_path'] = "/etc/kibana" - -#Try yo rename this to path.rb and install all \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/versions.rb b/cookbooks/elastic-stack/attributes/versions.rb index 8f272b85..f699fde9 100644 --- a/cookbooks/elastic-stack/attributes/versions.rb +++ b/cookbooks/elastic-stack/attributes/versions.rb @@ -1,6 +1,10 @@ +# Cookbook Name:: elastic-stack +# Attributes:: versions +# Author:: Wazuh + # ELK default['elk']['major_version'] = "7.x" -default['elk']['patch_version'] = "7.9.1" +default['elk']['patch_version'] = "7.9.3" # Wazuh default['wazuh']['major_version'] = "4.x" @@ -8,4 +12,4 @@ default['wazuh']['patch_version'] = "4.0.2" # Kibana -default['wazuh']['kibana_plugin_version'] = "4.0.2_7.9.1" +default['wazuh']['kibana_plugin_version'] = "4.0.2_7.9.3" diff --git a/cookbooks/elastic-stack/attributes/yml.rb b/cookbooks/elastic-stack/attributes/yml.rb index e7bf2c6a..bfb90eaf 100644 --- a/cookbooks/elastic-stack/attributes/yml.rb +++ b/cookbooks/elastic-stack/attributes/yml.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: elastic-stack +# Attributes:: yml +# Author:: Wazuh + # Elasticsearch configuration file default['elastic']['yml'] = { 'cluster' => { diff --git a/cookbooks/elastic-stack/metadata.rb b/cookbooks/elastic-stack/metadata.rb index 4da7c192..a85a4fcb 100644 --- a/cookbooks/elastic-stack/metadata.rb +++ b/cookbooks/elastic-stack/metadata.rb @@ -1,10 +1,11 @@ -name 'wazuh_elastic' +name 'elastic-stack' maintainer 'Wazuh' maintainer_email 'info@wazuh.com' license 'All rights reserved' -description 'setup Elastic: elasticsearch and kibana for Wazuh' +description 'Install/Configures elastic-stack' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0' +chef_version '>= 15.0' %w(redhat centos oracle).each do |el| supports el, '>= 6.0' @@ -16,14 +17,5 @@ supports 'suse', '>= 12.0' supports 'opensuse', '>= 42.0' -depends 'chef-sugar' -depends 'apt' -depends 'poise-python' -depends 'yum' -depends 'hostsfile' -depends 'htpasswd' -depends 'zypper' - issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) -chef_version '>= 12.0' if respond_to?(:chef_version) \ No newline at end of file +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file diff --git a/cookbooks/elastic-stack/recipes/default.rb b/cookbooks/elastic-stack/recipes/default.rb index 413d3d0b..e11a726a 100644 --- a/cookbooks/elastic-stack/recipes/default.rb +++ b/cookbooks/elastic-stack/recipes/default.rb @@ -2,7 +2,6 @@ # Recipe:: default # Author:: Wazuh -############################################# include_recipe 'elastic-stack::prerequisites' include_recipe 'elastic-stack::repository' include_recipe 'elastic-stack::elasticsearch' diff --git a/cookbooks/elastic-stack/recipes/elasticsearch.rb b/cookbooks/elastic-stack/recipes/elasticsearch.rb index 49aa8309..63732b75 100644 --- a/cookbooks/elastic-stack/recipes/elasticsearch.rb +++ b/cookbooks/elastic-stack/recipes/elasticsearch.rb @@ -4,23 +4,24 @@ # Install the Elasticsearch package -if platform_family?('debian', 'ubuntu') +case node['platform'] +when 'debian', 'ubuntu' apt_package 'elasticsearch' do - version "#{node['elastic']['elastic_stack_version']}" + version "#{node['elk']['patch_version']}" end -elsif platform_family?('rhel', 'redhat', 'centos') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'elasticsearch' do - version "#{node['elastic']['elastic_stack_version']}" + version "#{node['elk']['patch_version']}" end else yum_package 'elasticsearch' do - version "#{node['elastic']['elastic_stack_version']}" + version "#{node['elk']['patch_version']}" end end -elsif platform_family?('suse') +when 'opensuseleap', 'suse' zypper_package 'elasticsearch' do - version "#{node['elastic']['elastic_stack_version']}" + version "#{node['elk']['patch_version']}" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" @@ -64,7 +65,7 @@ # Verify Elasticsearch folders owner -directory "#{'elastic']['config_path']}" do +directory "#{node['elastic']['config_path']}" do owner 'elasticsearch' group 'elasticsearch' recursive true diff --git a/cookbooks/elastic-stack/recipes/kibana.rb b/cookbooks/elastic-stack/recipes/kibana.rb index 149490cd..ef5f00ee 100644 --- a/cookbooks/elastic-stack/recipes/kibana.rb +++ b/cookbooks/elastic-stack/recipes/kibana.rb @@ -5,11 +5,12 @@ # Install the Kibana package -if platform_family?('debian', 'ubuntu') +case node['platform'] +when 'debian', 'ubuntu' apt_package 'kibana' do version "#{node['elk']['patch_version']}" end -elsif platform_family?('rhel', 'redhat', 'centos') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'kibana' do version "#{node['elk']['patch_version']}" @@ -19,7 +20,7 @@ version "#{node['elk']['patch_version']}" end end -elsif platform_family?('suse') +when 'opensuseleap', 'suse' zypper_package 'kibana' do version "#{node['elk']['patch_version']}" end @@ -29,28 +30,30 @@ # Update the optimize and plugins directories permissions -directory "#{node['kibana']['package_path'}/optimize" do +directory "#{node['kibana']['package_path']}/optimize" do owner 'kibana' group 'kibana' recursive true end -directory "#{node['kibana']['package_path'}/plugins" do +directory "#{node['kibana']['package_path']}/plugins" do owner 'kibana' group 'kibana' recursive true end +# Install the Wazuh Kibana plugin + bash 'Install the Wazuh app plugin for Kibana' do code <<-EOH - cd #{node['kibana']['package_path'} - sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-#{node['wazuh']['kibana_plugin_version']}.zip + cd #{node['kibana']['package_path']} + sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip EOH end # Set up Kibana configuration file -template "#{node['kibana']['config_path'}/kibana.yml" do +template "#{node['kibana']['config_path']}/kibana.yml" do source 'kibana.yml.erb' owner 'root' group 'kibana' @@ -62,22 +65,9 @@ }) end - -bash 'Allow Kibana to bind to port 443' do - code <<-EOH - setcap 'CAP_NET_BIND_SERVICE=+eip' #{node['kibana']['package_path'}/node/bin/node - EOH -end - -bash 'Optimize Kibana packages' do - code <<-EOH - NODE_OPTIONS="--max-old-space-size=4096" #{node['kibana']['package_path'}/bin/kibana --optimize --allow-root - EOH -end - bash 'Configure the credentials to access the Wazuh API' do code <<-EOH - cat >> #{node['kibana']['package_path'}/optimize/wazuh/config/wazuh.yml << EOF + cat >> #{node['kibana']['package_path']}/optimize/wazuh/config/wazuh.yml << EOF - #{node['kibana']['wazuh_api_credentials']['id']}: url: #{node['kibana']['wazuh_api_credentials']['url']} port: #{node['kibana']['wazuh_api_credentials']['port']} diff --git a/cookbooks/elastic-stack/recipes/prerequisites.rb b/cookbooks/elastic-stack/recipes/prerequisites.rb index f22c936d..f480c22a 100644 --- a/cookbooks/elastic-stack/recipes/prerequisites.rb +++ b/cookbooks/elastic-stack/recipes/prerequisites.rb @@ -2,14 +2,41 @@ # Recipe:: prerequisites # Author:: Wazuh -if platform_family?('debian','ubuntu') - package "lsb-release" +case node['platform'] +when 'debian','ubuntu' + apt_package 'curl' do + action :install + end - ohai "reload lsb" do - plugin "lsb" - subscribes :reload, "package[lsb-release]", :immediately + apt_package 'apt-transport-https' do + action :install + end +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' + if node['platform_version'] >= '8' + dnf_package 'curl' do + action :install end - # Install debian prerequisites - apt_package %w(curl apt-transport-https) + dnf_package 'libcap' do + action :install + end + else + yum_package 'curl' do + action :install + end + + yum_package 'libcap' do + action :install + end + end +when 'opensuseleap', 'suse' + zypper_package 'curl' do + action :install + end + + zypper_package 'libcap2' do + action :install + end +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end diff --git a/cookbooks/elastic-stack/recipes/repository.rb b/cookbooks/elastic-stack/recipes/repository.rb index e5cfc460..de76390a 100644 --- a/cookbooks/elastic-stack/recipes/repository.rb +++ b/cookbooks/elastic-stack/recipes/repository.rb @@ -2,7 +2,8 @@ # Recipe:: repository # Author:: Wazuh -if platform_family?('ubuntu', 'debian') +case node['platform'] +when 'ubuntu', 'debian' package 'lsb-release' ohai 'reload lsb' do @@ -15,15 +16,11 @@ uri "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/apt" components ['main'] distribution 'stable' - not_if do - File.exists?("/etc/apt/sources.list.d/elastic-#{node['elk']['major_version']}.list") - end action :add end apt_update - -elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' yum_repository 'elastic' do description 'Elasticsearch repository for 7.x packages' gpgcheck true @@ -32,8 +29,7 @@ baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" action :create end - -elsif platform_family?('opensuseleap', 'suse') +when 'opensuseleap', 'suse' zypper_repository 'elastic' do description 'Elasticsearch repository for 7.x packages' gpgcheck true @@ -42,7 +38,6 @@ baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" action :create end - else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end \ No newline at end of file diff --git a/cookbooks/elastic-stack/templates/elasticsearch.yml.erb b/cookbooks/elastic-stack/templates/elasticsearch.yml.erb index 31986138..8be218ff 100644 --- a/cookbooks/elastic-stack/templates/elasticsearch.yml.erb +++ b/cookbooks/elastic-stack/templates/elasticsearch.yml.erb @@ -40,7 +40,7 @@ path.logs: <%= @path_logs %> # # Lock the memory on startup: # -bootstrap.memory_lock: true +#bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this From c9632628ac0c11905b2e179c60ac9a78772229f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 27 Nov 2020 15:21:12 +0100 Subject: [PATCH 036/260] Move kibana yml attribute --- cookbooks/opendistro/attributes/api.rb | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/cookbooks/opendistro/attributes/api.rb b/cookbooks/opendistro/attributes/api.rb index 2c5c7fa7..1b07e1e4 100644 --- a/cookbooks/opendistro/attributes/api.rb +++ b/cookbooks/opendistro/attributes/api.rb @@ -1,12 +1,2 @@ -default['kibana']['yml'] = { - 'server' => { - 'host' => '0.0.0.0', - 'port' => 5601 - }, - 'elasticsearch' => { - 'hosts' => [ - "https://#{node['wazuh-elastic']['yml']['network']['host']}:#{node['wazuh-elastic']['yml']['http']['port']}" - ] - } -} + default['wazuh-elastic']['kibana_wazuh_api_credentials'] = [ { id: "default", url: "https://localhost", port: "55000", username: "wazuh", password: "wazuh" } ] \ No newline at end of file From def45a7fcb39f234fb017d8089bb78508f43482a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 3 Dec 2020 13:10:22 +0100 Subject: [PATCH 037/260] Update opendistro cookbook --- cookbooks/opendistro/.kitchen.yml | 6 +- cookbooks/opendistro/Berksfile | 7 +- cookbooks/opendistro/Gemfile | 22 +- cookbooks/opendistro/attributes/api.rb | 11 +- cookbooks/opendistro/attributes/jvm.rb | 4 + .../attributes/{default.rb => paths.rb} | 8 +- .../opendistro/attributes/search_guard.rb | 4 + cookbooks/opendistro/attributes/versions.rb | 17 +- cookbooks/opendistro/attributes/yml.rb | 57 ++--- cookbooks/opendistro/metadata.rb | 31 +-- cookbooks/opendistro/recipes/default.rb | 10 +- cookbooks/opendistro/recipes/elasticsearch.rb | 137 ++++++++---- cookbooks/opendistro/recipes/kibana.rb | 160 ++++++++++---- cookbooks/opendistro/recipes/prerequisites.rb | 21 +- cookbooks/opendistro/recipes/repository.rb | 18 +- .../templates/elasticsearch.yml.erb | 11 +- .../opendistro/templates/jvm.options.erb | 7 +- .../{od_kibana.yml.erb => kibana.yml.erb} | 10 +- cookbooks/opendistro/templates/nginx.erb | 14 -- .../opendistro/templates/search-guard.yml.erb | 10 +- cookbooks/opendistro/templates/wazuh.yml.erb | 198 ++++++++++++++++++ 21 files changed, 530 insertions(+), 233 deletions(-) rename cookbooks/opendistro/attributes/{default.rb => paths.rb} (54%) rename cookbooks/opendistro/templates/{od_kibana.yml.erb => kibana.yml.erb} (76%) delete mode 100644 cookbooks/opendistro/templates/nginx.erb create mode 100644 cookbooks/opendistro/templates/wazuh.yml.erb diff --git a/cookbooks/opendistro/.kitchen.yml b/cookbooks/opendistro/.kitchen.yml index cd80b7ae..396c4f8a 100644 --- a/cookbooks/opendistro/.kitchen.yml +++ b/cookbooks/opendistro/.kitchen.yml @@ -7,6 +7,7 @@ provisioner: data_bags_path: "test/data_bags" encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" product_version: latest + cookbook_path: whatever/path/to/cookbooks verifiers: name: inspec @@ -18,9 +19,10 @@ platforms: - name: centos-7 suites: - - name: elastic + - name: opendistro run_list: - - recipe[wazuh_elastic::default] + - recipe['wazuh_manager::default'] + #- recipe[opendistro::default] driver: network: - ["private_network", {ip: "172.16.10.11"}] diff --git a/cookbooks/opendistro/Berksfile b/cookbooks/opendistro/Berksfile index 1a8f987d..e8e4eb28 100644 --- a/cookbooks/opendistro/Berksfile +++ b/cookbooks/opendistro/Berksfile @@ -1,7 +1,4 @@ # -*- ruby -*- -source 'https://supermarket.getchef.com' +source 'https://supermarket.chef.io' -metadata - -cookbook 'hostsfile' -cookbook 'htpasswd' +metadata \ No newline at end of file diff --git a/cookbooks/opendistro/Gemfile b/cookbooks/opendistro/Gemfile index 15eaf962..79b29108 100644 --- a/cookbooks/opendistro/Gemfile +++ b/cookbooks/opendistro/Gemfile @@ -1,21 +1 @@ -source 'https://rubygems.org' - -group :lint do - gem 'foodcritic', '~> 5.0' - gem 'rubocop', '~> 0.50.0' -end - -group :unit do - gem 'berkshelf', '~> 4.0' - gem 'chefspec', '~> 4.4' -end - -group :kitchen_common do - gem 'test-kitchen', '~> 1.4' -end - -group :kitchen_vagrant do - gem 'kitchen-vagrant', '~> 0.19' -end - -gem 'psych', '~> 3.2' +source 'https://rubygems.org' \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/api.rb b/cookbooks/opendistro/attributes/api.rb index 1b07e1e4..94516c37 100644 --- a/cookbooks/opendistro/attributes/api.rb +++ b/cookbooks/opendistro/attributes/api.rb @@ -1,2 +1,11 @@ +# Cookbook Name:: opendistro +# Attributes:: api +# Author:: Wazuh -default['wazuh-elastic']['kibana_wazuh_api_credentials'] = [ { id: "default", url: "https://localhost", port: "55000", username: "wazuh", password: "wazuh" } ] \ No newline at end of file +default['kibana']['wazuh_api_credentials'] = { + 'id' => "default", + 'url' => "https://localhost", + 'port' => 55000, + 'username' => "wazuh", + 'password' => "wazuh" +} diff --git a/cookbooks/opendistro/attributes/jvm.rb b/cookbooks/opendistro/attributes/jvm.rb index f30c99c9..9962e5e0 100644 --- a/cookbooks/opendistro/attributes/jvm.rb +++ b/cookbooks/opendistro/attributes/jvm.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: opendistro +# Attributes:: jvm +# Author:: Wazuh + default['jvm'] = { 'memory' => "1g" } \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/default.rb b/cookbooks/opendistro/attributes/paths.rb similarity index 54% rename from cookbooks/opendistro/attributes/default.rb rename to cookbooks/opendistro/attributes/paths.rb index 0cfa5660..17421638 100644 --- a/cookbooks/opendistro/attributes/default.rb +++ b/cookbooks/opendistro/attributes/paths.rb @@ -1,16 +1,22 @@ # Cookbook Name:: opendistro -# Attributes:: default +# Attributes:: paths # Author:: Wazuh # Elastic paths default['elastic']['config_path'] = "/etc/elasticsearch" default['elastic']['package_path'] = "/usr/share/elasticsearch" default['elastic']['plugins_path'] = "#{node['elastic']['package_path']}/plugins" +default['elastic']['certs_path'] = "#{node['elastic']['config_path']}/certs" # Kibana paths default['kibana']['package_path'] = "/usr/share/kibana" default['kibana']['config_path'] = "/etc/kibana" +default['kibana']['certs_path'] = "#{node['kibana']['config_path']}/certs" +default['kibana']['optimize_path'] = "#{node['kibana']['package_path']}/optimize" +default['kibana']['plugins_path'] = "#{node['kibana']['package_path']}/plugins" # Searchguard paths default['searchguard']['config_path'] = "/etc/searchguard" +# Filebeat paths +default['filebeat']['certs_path'] = "/etc/filebeat/certs" diff --git a/cookbooks/opendistro/attributes/search_guard.rb b/cookbooks/opendistro/attributes/search_guard.rb index eed89037..e18c60a2 100644 --- a/cookbooks/opendistro/attributes/search_guard.rb +++ b/cookbooks/opendistro/attributes/search_guard.rb @@ -1 +1,5 @@ +# Cookbook Name:: opendistro +# Attributes:: search_guard +# Author:: Wazuh + default['searchguard']['tls_tool'] = "search-guard-tlstool-1.8.zip" diff --git a/cookbooks/opendistro/attributes/versions.rb b/cookbooks/opendistro/attributes/versions.rb index 02c36d3b..d1a9e26d 100644 --- a/cookbooks/opendistro/attributes/versions.rb +++ b/cookbooks/opendistro/attributes/versions.rb @@ -1,11 +1,8 @@ -default['wazuh-elastic']['elastic_stack_version'] = "7.9.1" -default['wazuh-elastic']['odfe_version'] = "1.11.0" -default['wazuh-elastic']['kibana_plugin_version'] = "4.0.2_7.9.1-1" -default['wazuh']['major_version'] = "4.x" -default['wazuh']['version'] = "4.0" -default['elastic']['major_version'] = "7.x" +# Cookbook Name:: opendistro +# Attributes:: versions +# Author:: Wazuh -# Elastic Stavk +# Elastic Stack default['elk']['patch_version'] = "7.9.1" # Opendistro @@ -14,10 +11,10 @@ # Wazuh default['wazuh']['major_version'] = "4.x" default['wazuh']['minor_version'] = "4.0" -default['wazuh']['patch_version'] = "4.0.2" +default['wazuh']['patch_version'] = "4.0.3" # Kibana -default['wazuh']['kibana_plugin_version'] = "4.0.2_7.9.1" +default['wazuh']['kibana_plugin_version'] = "4.0.3_7.9.1" # Search guard -default['search_guard']['version'] = "1.8" \ No newline at end of file +default['searchguard']['version'] = "1.8" \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/yml.rb b/cookbooks/opendistro/attributes/yml.rb index 387b18d1..51449c89 100644 --- a/cookbooks/opendistro/attributes/yml.rb +++ b/cookbooks/opendistro/attributes/yml.rb @@ -4,11 +4,16 @@ 'network' => { 'host' => '0.0.0.0' }, + 'http' => { + 'port' => 9200 + }, 'node' => { 'name' => "odfe-node-1" }, 'cluster' => { - 'initial_master_nodes' => "#{node['elastic']['yml']['node']['name']}" + 'initial_master_nodes' => [ + "odfe-node-1" + ] } } @@ -17,11 +22,11 @@ default['kibana']['yml'] = { 'server' => { 'host' => '0.0.0.0', - 'port' => 5601 + 'port' => 443 }, 'elasticsearch' => { 'hosts' => [ - "https://#{node['wazuh-elastic']['yml']['network']['host']}:#{node['wazuh-elastic']['yml']['http']['port']}" + "https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" ] } } @@ -30,46 +35,16 @@ default['search_guard']['yml'] = { - "ca" => { - "root" => { - "dn" => "CN=elasticsearch,OU=Docu,O=Wazuh,L=California,C=US", - "keysize" => 2048, - "validityDays" => 3650, - "pkPassword" => "none", - "file" => "root-ca.pem" - } - }, - "defaults" => { - "validityDays" => 3650, - "pkPassword" => "none", - "generatedPasswordLength" => 12, - "httpsEnabled" => true - }, - "nodes" => [ - { - "name" => "elasticsearch", - "dn" => "CN=node-1,OU=Docu,O=Wazuh,L=California,C=US", - "ip" => [ - "#{node['wazuh-elastic']['ip']}" + 'nodes' => { + 'elasticsearch' => { + 'ip' => [ + "#{node['elastic']['yml']['network']['host']}" ] }, - { - "name" => "kibana", - "dn" => "CN=kibana,OU=Docu,O=Wazuh,L=California,C=US", - "ip" => [ - "#{node['wazuh-kibana']['ip']}" + 'kibana' => { + 'ip' => [ + "#{node['kibana']['yml']['server']['host']}" ] } - ], - "clients" => [ - { - "name" => "admin", - "dn" => "CN=admin,OU=Docu,O=Wazuh,L=California,C=US", - "admin" => true - }, - { - "name" => "filebeat", - "dn" => "CN=filebeat,OU=Docu,O=Wazuh,L=California,C=US" - } - ] + } } \ No newline at end of file diff --git a/cookbooks/opendistro/metadata.rb b/cookbooks/opendistro/metadata.rb index c1d3df95..7acecf60 100644 --- a/cookbooks/opendistro/metadata.rb +++ b/cookbooks/opendistro/metadata.rb @@ -1,34 +1,23 @@ -name 'wazuh_elastic' +name 'opendistro' maintainer 'Wazuh' maintainer_email 'info@wazuh.com' license 'All rights reserved' -description 'setup Elastic: elasticsearch and kibana for Wazuh' +description 'Install/Configures opendistro' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0' - -%w( apt ).each do |pkg| - depends pkg -end +chef_version '>= 15.0' %w(redhat centos oracle).each do |el| supports el, '>= 6.0' end -supports 'amazon', '>= 2.0' -supports 'fedora', '>= 32.0' +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' supports 'debian', '>= 7.0' -supports 'ubuntu', '>= 14.04' -supports 'suse', '>= 15.0' -supports 'debian', '>= 8.0' -supports 'ubuntu', '>= 14.04' +supports 'ubuntu', '>= 12.04' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' -depends 'chef-sugar' -depends 'apt' -depends 'poise-python' -depends 'yum' -depends 'hostsfile' -depends 'htpasswd' -depends 'zypper' +depends 'wazuh_manager' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) -chef_version '>= 12.0' if respond_to?(:chef_version) \ No newline at end of file +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file diff --git a/cookbooks/opendistro/recipes/default.rb b/cookbooks/opendistro/recipes/default.rb index e13dd712..ec80ddfc 100644 --- a/cookbooks/opendistro/recipes/default.rb +++ b/cookbooks/opendistro/recipes/default.rb @@ -2,9 +2,7 @@ # Recipe:: default # Author:: Wazuh -############################################# -include_recipe 'chef-sugar::default' -include_recipe 'wazuh_elastic::prerequisites' -include_recipe 'wazuh_elastic::repository' -include_recipe 'wazuh_elastic::elasticsearch' -include_recipe 'wazuh_elastic::kibana' +#include_recipe 'opendistro::prerequisites' +#include_recipe 'opendistro::repository' +#include_recipe 'opendistro::elasticsearch' +include_recipe 'opendistro::kibana' diff --git a/cookbooks/opendistro/recipes/elasticsearch.rb b/cookbooks/opendistro/recipes/elasticsearch.rb index 22fdd943..ca9db824 100644 --- a/cookbooks/opendistro/recipes/elasticsearch.rb +++ b/cookbooks/opendistro/recipes/elasticsearch.rb @@ -1,34 +1,40 @@ -# Cookbook Name:: opendistro -# Recipe:: elasticsearch -# Author:: Wazuh +## Cookbook Name:: opendistro +## Recipe:: elasticsearch +## Author:: Wazuh # Install opendistroforelasticsearch -if platform_family?('debian', 'ubuntu') +case node['platform'] +when 'debian','ubuntu' apt_package 'elasticsearch-oss' do - version "#{node['elk']['patch_version']}-1" + version "#{node['elk']['patch_version']}" end - apt_package 'opendistroforelasticsearch' do version "#{node['odfe']['patch_version']}-1" end - -elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' + dnf_package 'elasticsearch-oss' do + version "#{node['elk']['patch_version']}" + end dnf_package 'opendistroforelasticsearch' do version "#{node['odfe']['patch_version']}-1" end else + yum_package 'elasticsearch-oss' do + version "#{node['elk']['patch_version']}" + end yum_package 'opendistroforelasticsearch' do version "#{node['odfe']['patch_version']}-1" end end - -elsif platform_family?('opensuse', 'suse') +when 'opensuseleap', 'suse' + zypper_package 'elasticsearch-oss' do + version "#{node['elk']['patch_version']}" + end zypper_package 'opendistroforelasticsearch' do - version "#{node['odfe']['patch_version']}-1" + version "#{node['odfe']['patch_version']}" end - else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end @@ -36,11 +42,26 @@ # Set up opendistro for elasticsearch configuration file template "#{node['elastic']['config_path']}/elasticsearch.yml" do - source 'od_elasticsearch.yml.erb' + source 'elasticsearch.yml.erb' owner 'root' group 'elasticsearch' mode '0660' - variables (content: Psych.dump(node['odfe']['yml'])) + variables ({ + network_host: node['elastic']['yml']['network']['host'], + http_port: node['elastic']['yml']['http']['port'], + node_name: node['elastic']['yml']['node']['name'], + initial_master_nodes: node['elastic']['yml']['cluster']['initial_master_nodes'] + }) +end + +# Set up jvm options + +template "#{node['elastic']['config_path']}/jvm.options" do + source 'jvm.options.erb' + owner 'root' + group 'elasticsearch' + mode '0660' + variables({memmory: node['jvm']['memory']}) end # Add extra roles and users to Wazuh Kibana plugin @@ -83,7 +104,7 @@ ## Generate and deploy the certificates -directory "#{node['elastic']['config_path']}/certs" do +directory "#{node['elastic']['certs_path']}" do action :create end @@ -91,59 +112,97 @@ action :create end -remote_file "#{node['searchguard']['config_path']}/#{node['searchguard']['tls_tool']}" do - source "https://maven.search-guard.com/search-guard-tlstool/#{node['search_guard']['version']}/#{node['search_guard']['tls_tool']}" +remote_file "/tmp/#{node['searchguard']['tls_tool']}" do + source "https://maven.search-guard.com/search-guard-tlstool/#{node['searchguard']['version']}/#{node['searchguard']['tls_tool']}" end -archive_file "#{node['searchguard']['tls_tool']}" do - path "#{node['searchguard']['config_path']}/#{node['searchguard']['tls_tool']}" - destination "#{node['search_guard']['config_path']}" +execute "Unzip #{node['searchguard']['tls_tool']} on #{node['searchguard']['config_path']}" do + command "unzip -u /tmp/#{node['searchguard']['tls_tool']} -d #{node['searchguard']['config_path']}" end -template "#{node['search_guard']['config_path']}/search-guard.yml" do +template "#{node['searchguard']['config_path']}/search-guard.yml" do source 'search-guard.yml.erb' owner 'root' group 'elasticsearch' mode '0660' variables ({ - elastic_node_ip: node['elastic']['yml']['network']['host'], - kibana_node_ip: node['kibana']['yml']['server']['host'] - + elastic_node_ip: node['search_guard']['yml']['nodes']['elasticsearch']['ip'], + kibana_node_ip: node['search_guard']['yml']['nodes']['kibana']['ip'] + }) end + execute 'Run the Search Guard’s script to create the certificates' do - command "#{node['searchguard']['config_path']}/tools/sgtlstool.sh -c #{node['searchguard']['config_path']}/search-guard.yml -ca -crt -t #{node['elastic']['config_path']}/certs/" + command "#{node['searchguard']['config_path']}/tools/sgtlstool.sh -c #{node['searchguard']['config_path']}/search-guard.yml -ca -crt -t #{node['elastic']['certs_path']}/" end bash 'Compress all the necessary files to be sent to the all the instances' do code <<-EOF - cd #{node['elastic']['config_path']}/certs + cd #{node['elastic']['certs_path']} tar -cf certs.tar * EOF end -log 'Copy certs.tar to all the servers of the distributed deployment' do - message: "Please copy #{node['elastic']['config_path']}/certs/certs.tar to all filebeat nodes" - level :warn +# Copy certs to filebeat and kibana nodes + +# Filebeat +ruby_block 'Copy filebeat certificates' do + block do + if File.exist?("#{node['filebeat']['certs_path']}") + IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.pem", "#{node['filebeat']['certs_path']}/filebeat.pem") + IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.key", "#{node['filebeat']['certs_path']}/filebeat.key") + IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['filebeat']['certs_path']}/root-ca.pem") + else + Chef::Log.fatal("Please copy the following files to #{node['filebeat']['certs_path']} on + filebeat node. Then run on that node as sudo: + - systemctl daemon-reload + - systemctl enable filebeat + - systemctl start filebeat") + end + end + action :run +end + +# Kibana +ruby_block 'Copy kibana certificates' do + block do + if File.exist?("#{node['kibana']['certs_path']}") + IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.key", "#{node['kibana']['certs_path']}/kibana.key") + IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.pem", "#{node['kibana']['certs_path']}/kibana.pem") + IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['kibana']['certs_path']}/root-ca.pem") + else + Chef::Log.fatal("Please copy the following files to #{node['kibana']['certs_path']} where + Kibana is installed: + - #{node['elastic']['certs_path']}/kibana_http.key (rename as kibana.key) + - #{node['elastic']['certs_path']}/kibana_http.pem (rename as kibana.pem) + - #{node['elastic']['certs_path']}/root-ca.pem + Then run on Kibana node as sudo: + - systemctl daemon-reload + - systemctl enable kibana + - systemctl start kibana + Forget this warning in case Kibana will be installed on the same node as Elasticsearch") + end + end + action :run end ## Remove unnecessary files -file "#{node['elastic']['config_path']}/certs/client-certificates.readme" do +file "#{node['elastic']['certs_path']}/client-certificates.readme" do action :delete end -file "#{node['elastic']['config_path']}/certs/elasticsearch_elasticsearch_config_snippet.yml" do +file "#{node['elastic']['certs_path']}/elasticsearch_elasticsearch_config_snippet.yml" do action :delete end -file "#{node['searchguard']['config_path']}/#{node['searchguard']['tls_tool']}" do +file "/tmp/#{node['searchguard']['tls_tool']}" do action :delete end # Verify Elasticsearch folders owner -directory "#{'elastic']['config_path']}" do +directory "#{node['elastic']['config_path']}" do owner 'elasticsearch' group 'elasticsearch' recursive true @@ -168,7 +227,7 @@ action [:enable, :start] end -ruby_block 'wait for elasticsearch' do +ruby_block 'Wait for elasticsearch' do block do loop { break if (TCPSocket.open( "#{node['elastic']['yml']['network']['host']}", @@ -178,7 +237,15 @@ end execute 'Run the Elasticsearch’s securityadmin script' do - command "#{node['elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['elastic']['config_path']}/certs/root-ca.pem -cert #{node['elastic']['config_path']}/certs/admin.pem -key #{node['elastic']['config_path']}/certs/admin.key -h #{node['elastic']['elasticsearch_ip']}" + command "#{node['elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['elastic']['certs_path']}/root-ca.pem -cert #{node['elastic']['certs_path']}/admin.pem -key #{node['elastic']['certs_path']}/admin.key -h #{node['elastic']['yml']['network']['host']}" end +bash 'Waiting for elasticsearch curl response...' do + code <<-EOH + until (curl -XGET https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']} -u admin:admin -k); do + printf 'Waiting for elasticsearch....' + sleep 5 + done + EOH +end diff --git a/cookbooks/opendistro/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb index 440b1790..34c596a9 100644 --- a/cookbooks/opendistro/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -1,104 +1,178 @@ - # Cookbook Name:: opendistro # Recipe:: kibana # Author:: Wazuh # Install the Kibana package -if platform_family?('debian', 'ubuntu') +case node['platform'] +when 'debian', 'ubuntu' apt_package 'opendistroforelasticsearch-kibana' do - version "#{node['wazuh-elastic']['odfe_version']}" + version "#{node['odfe']['patch_version']}" end -elsif platform_family?('rhel', 'redhat', 'centos') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'opendistroforelasticsearch-kibana' do - version "#{node['wazuh-elastic']['odfe_version']}" + version "#{node['odfe']['patch_version']}" end else yum_package 'opendistroforelasticsearch-kibana' do - version "#{node['wazuh-elastic']['odfe_version']}" + version "#{node['odfe']['patch_version']}" end -elsif platform_family?('suse') + end +when 'opensuseleap', 'suse' zypper_package 'opendistroforelasticsearch-kibana' do - version "#{node['wazuh-elastic']['odfe_version']}" + version "#{node['odfe']['patch_version']}" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end -# Download the Kibana configuration file +# Create Kibana configuration file -template '/etc/kibana/kibana.yml' do - source 'od_kibana.yml.erb' +template "#{node['kibana']['config_path']}/kibana.yml" do + source 'kibana.yml.erb' owner 'root' group 'kibana' variables({ - kibana_server_port: "server.port: #{node['wazuh-elastic']['kibana_server_port']}", - kibana_server_host: "server.host: #{node['wazuh-elastic']['kibana_server_host']}", - kibana_elasticsearch_server_hosts: "elasticsearch.hosts: ['#{node['wazuh-elastic']['kibana_elasticsearch_server_hosts']}']" + server_port: "#{node['kibana']['yml']['server']['port']}", + server_host: "#{node['kibana']['yml']['server']['host']}", + elasticsearch_hosts: node['kibana']['yml']['elasticsearch']['hosts'] }) mode 0755 end -# Update the optimize and plugins directories permissions +# Change Kibana folders owner -bash 'Update the optimize and plugins directories permissions' do - code <<-EOH - chown -R kibana:kibana /usr/share/kibana/optimize - chown -R kibana:kibana /usr/share/kibana/plugins - EOH +directory "#{node['kibana']['optimize_path']}" do + owner 'kibana' + group 'kibana' + recursive true +end + +directory "#{node['kibana']['plugins_path']}" do + owner 'kibana' + group 'kibana' + recursive true end # Install the Wazuh Kibana plugin -bash 'Install the Wazuh Kibana plugin' do - code <<-EOH - cd /usr/share/kibana - sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/#{node['wazuh-elastic']['wazuh_app_version']}-1.zip - EOH +execute 'Install Wazuh Kibana plugin' do + command "sudo -u kibana #{node['kibana']['package_path']}/bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip" +end + +# Create Wazuh-Kibana plugin configuration file + +directory "#{node['kibana']['optimize_path']}/wazuh" do + owner 'kibana' + group 'kibana' + action :create +end + +directory "#{node['kibana']['optimize_path']}/wazuh/config" do + owner 'kibana' + group 'kibana' + action :create +end + +directory "#{node['kibana']['optimize_path']}/wazuh/logs" do + owner 'kibana' + group 'kibana' + action :create +end + +template "#{node['kibana']['optimize_path']}/wazuh/config/wazuh.yml" do + source 'wazuh.yml.erb' + owner 'kibana' + group 'kibana' + mode '0600' + action :create + variables ({ + id: node['kibana']['wazuh_api_credentials']['id'], + url: node['kibana']['wazuh_api_credentials']['url'], + port: node['kibana']['wazuh_api_credentials']['port'], + username: node['kibana']['wazuh_api_credentials']['username'], + password: node['kibana']['wazuh_api_credentials']['password'] + }) end # Certificates placement -directory '/etc/kibana/certs' do +directory "#{node['kibana']['certs_path']}" do action :create end -bash 'Copy kibana key and pem files and root-ca pem file' do - code <<-EOH - cp /etc/elasticsearch/certs/certs.tar /etc/kibana/certs/ - cd /etc/kibana/certs/ - tar --extract --file=certs.tar kibana_http.pem kibana_http.key root-ca.pem - mv /etc/kibana/certs/kibana_http.key /etc/kibana/certs/kibana.key - mv /etc/kibana/certs/kibana_http.pem /etc/kibana/certs/kibana.pem - rm -f certs.tar - EOH +ruby_block 'Copy certificate files' do + block do + if File.exist?("#{node['elastic']['certs_path']}") + IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.pem", "#{node['kibana']['certs_path']}/kibana.pem") + IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.key", "#{node['kibana']['certs_path']}/kibana.key") + IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['kibana']['certs_path']}/root-ca.pem") + else + Chef::Log.fatal("Please copy the following files where Elasticsearch is installed to + #{node['kibana']['certs_path']}: + - #{node['elastic']['certs_path']}/kibana_http.key (rename as kibana.key) + - #{node['elastic']['certs_path']}/kibana_http.pem (rename as kibana.pem) + - #{node['elastic']['certs_path']}/root-ca.pem + Then run as sudo: + - systemctl daemon-reload + - systemctl enable kibana + - systemctl start kibana") + end + end + action :run end # Link Kibana’s socket to privileged port 443 execute 'Link kibana socket to 443 port' do - command "setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/node" + command "setcap 'cap_net_bind_service=+ep' #{node['kibana']['package_path']}/node/bin/node" end # Enable and start the Kibana service service "kibana" do supports :start => true, :stop => true, :restart => true, :reload => true - action [:restart] + action [:enable, :start] + only_if { + File.exist?("#{node['kibana']['certs_path']}/kibana.pem") && + File.exist?("#{node['kibana']['certs_path']}/kibana.key") && + File.exist?("#{node['kibana']['certs_path']}/root-ca.pem") + } end ruby_block 'Wait for elasticsearch' do block do - loop { break if (TCPSocket.open("#{node['wazuh-elastic']['elasticsearch_ip']}",node['wazuh-elastic']['elasticsearch_port']) rescue nil); puts "Waiting elasticsearch...."; sleep 1 } + loop { break if (TCPSocket.open( + "#{node['elastic']['yml']['network']['host']}", + node['elastic']['yml']['http']['port']) rescue nil); + puts "Waiting elasticsearch...."; sleep 1 + } end end -bash 'Waiting for elasticsearch curl response...' do +ruby_block 'Wait for kibana' do + block do + loop { break if (TCPSocket.open( + "#{node['kibana']['yml']['server']['host']}", + node['kibana']['yml']['server']['port']) rescue nil); + puts "Waiting kibana...."; sleep 60 + } + end +end + +bash 'Waiting for kibana curl response...' do code <<-EOH - until (curl -XGET http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}); do - printf 'Waiting for elasticsearch....' - sleep 5 - done + until (curl -XGET https://#{node['kibana']['yml']['server']['host']}:#{node['kibana']['yml']['server']['port']} -u admin:admin -k); do + printf 'Waiting for kibana....' + sleep 5 + done EOH +end + +log 'Access Kibana web interface' do + message "URL: https://#{node['kibana']['yml']['server']['host']} + user: admin + password: admin" + level :info end \ No newline at end of file diff --git a/cookbooks/opendistro/recipes/prerequisites.rb b/cookbooks/opendistro/recipes/prerequisites.rb index 90d08970..cc2fddfa 100644 --- a/cookbooks/opendistro/recipes/prerequisites.rb +++ b/cookbooks/opendistro/recipes/prerequisites.rb @@ -2,7 +2,8 @@ # Recipe:: prerequisites # Author:: Wazuh -if platform_family?('debian','ubuntu') +case node['platform'] +when 'debian','ubuntu' package "lsb-release" ohai "reload lsb" do @@ -32,33 +33,31 @@ apt_update # Install all the required utilities - bash 'export JAVA_HOME' do - environment 'JAVA_HOME' => '/usr/' + execute 'export JAVA_HOME' do + command 'export JAVA_HOME=/usr/' end - apt_package 'openjdk-11-jdk' - -elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') + apt_package 'openjdk-11-jdk' +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' # Install all the necessary packages for the installation execute 'export JAVA_HOME' do command 'export JAVA_HOME=/usr/' end if node['platform_version'] >= '8' - dnf_package 'prerequisites' do + dnf_package 'Install prerequisites packages' do package_name ['curl', 'unzip', 'wget', 'java-11-openjdk-devel', 'libcap'] action :install end else - yum_package 'prerequisites' do + yum_package 'Install prerequisites packages' do package_name ['curl', 'unzip', 'wget', 'java-11-openjdk-devel', 'libcap'] action :install end end - -elsif platform_family?('opensuse', 'suse') +when 'opensuseleap', 'suse' # Install zypper prerequisites - zypper_package 'prerequisites' do + zypper_package 'Install prerequisites packages' do package_name ['curl', 'unzip', 'wget', 'libcap2'] end else diff --git a/cookbooks/opendistro/recipes/repository.rb b/cookbooks/opendistro/recipes/repository.rb index 3a2f1bee..45030237 100644 --- a/cookbooks/opendistro/recipes/repository.rb +++ b/cookbooks/opendistro/recipes/repository.rb @@ -2,7 +2,8 @@ # Recipe:: repository # Author:: Wazuh -if platform_family?('debian','ubuntu') +case node['platform'] +when 'debian','ubuntu' package "lsb-release" ohai "reload lsb" do @@ -16,27 +17,20 @@ key "https://packages.wazuh.com/key/GPG-KEY-WAZUH" distribution "stable" components ["main"] - not_if do - File.exists?("/etc/apt/sources.list.d/wazuh.list") - end end # Update the package information apt_update - -elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' yum_repository "wazuh" do - description "OpenDistro Elasticseach Yum" + description "Opendistroforelasticseach Yum" baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" action :create - not_if do - File.exists?("/etc/yum.repos.d/wazuh.repo") - end end -elsif platform_family?('opensuse', 'suse') +when 'opensuseleap', 'suse' zypper_repository "wazuh" do - description "OpenDistro Elasticseach Zypper" + description "Opendistroforelasticseach Zypper" baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" action :create diff --git a/cookbooks/opendistro/templates/elasticsearch.yml.erb b/cookbooks/opendistro/templates/elasticsearch.yml.erb index 2fede596..9ecbaa0f 100644 --- a/cookbooks/opendistro/templates/elasticsearch.yml.erb +++ b/cookbooks/opendistro/templates/elasticsearch.yml.erb @@ -4,9 +4,14 @@ # https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-configuration # -network.host: <%= network_host %> -node.name: <%= node_name %> -cluster.initial_master_nodes: <%= initial_master_nodes %> +network.host: <%= @network_host %> +node.name: <%= @node_name %> +cluster.initial_master_nodes: [ + <% @initial_master_nodes.each do |node| %> + "<%= node %>" + <% end %> +] +http.port: <%= @http_port %> opendistro_security.ssl.transport.pemcert_filepath: /etc/elasticsearch/certs/elasticsearch.pem opendistro_security.ssl.transport.pemkey_filepath: /etc/elasticsearch/certs/elasticsearch.key diff --git a/cookbooks/opendistro/templates/jvm.options.erb b/cookbooks/opendistro/templates/jvm.options.erb index 0a0b8c70..5b82d439 100644 --- a/cookbooks/opendistro/templates/jvm.options.erb +++ b/cookbooks/opendistro/templates/jvm.options.erb @@ -74,4 +74,9 @@ 8:-XX:GCLogFileSize=64m # JDK 9+ GC logging -9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m \ No newline at end of file +9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m + +## OpenDistro Performance Analyzer +-Dclk.tck=100 +-Djdk.attach.allowAttachSelf=true +-Djava.security.policy=file:///usr/share/elasticsearch/plugins/opendistro_performance_analyzer/pa_config/es_security.policy \ No newline at end of file diff --git a/cookbooks/opendistro/templates/od_kibana.yml.erb b/cookbooks/opendistro/templates/kibana.yml.erb similarity index 76% rename from cookbooks/opendistro/templates/od_kibana.yml.erb rename to cookbooks/opendistro/templates/kibana.yml.erb index b19af327..d1e08daf 100644 --- a/cookbooks/opendistro/templates/od_kibana.yml.erb +++ b/cookbooks/opendistro/templates/kibana.yml.erb @@ -1,6 +1,10 @@ -server.host: <%= @kibana_server_host %> -<%= @kibana_elasticsearch_server_hosts %> -server.port: <%= @kibana_server_port %> +server.host: <%= @server_host %> +server.port: <%= @server_port %> +elasticsearch.hosts: [ + <% @elasticsearch_hosts.each do |url| %> + "<%= url %>" + <% end %> +] elasticsearch.ssl.verificationMode: certificate elasticsearch.username: kibanaserver elasticsearch.password: kibanaserver diff --git a/cookbooks/opendistro/templates/nginx.erb b/cookbooks/opendistro/templates/nginx.erb deleted file mode 100644 index 6b65f9e9..00000000 --- a/cookbooks/opendistro/templates/nginx.erb +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 443 default_server; - listen [::]:443; - ssl on; - ssl_certificate /etc/ssl/certs/kibana-access.pem; - ssl_certificate_key /etc/ssl/private/kibana-access.key; - access_log /var/log/nginx/nginx.access.log; - error_log /var/log/nginx/nginx.error.log; - location / { - auth_basic "Restricted"; - auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; - proxy_pass http://localhost:5601/; - } -} \ No newline at end of file diff --git a/cookbooks/opendistro/templates/search-guard.yml.erb b/cookbooks/opendistro/templates/search-guard.yml.erb index 88864f89..57f5f7a3 100644 --- a/cookbooks/opendistro/templates/search-guard.yml.erb +++ b/cookbooks/opendistro/templates/search-guard.yml.erb @@ -24,12 +24,16 @@ defaults: nodes: - name: elasticsearch dn: CN=node-1,OU=Docu,O=Wazuh,L=California,C=US - ip: - - <%= @elastic_node_ip %> + ip: + <% @elastic_node_ip.each do |node| %> + - <%= node %> + <% end %> - name: kibana dn: CN=kibana,OU=Docu,O=Wazuh,L=California,C=US ip: - - <%= @kibana_node_ip %> + <% @kibana_node_ip.each do |node| %> + - <%= node %> + <% end %> # Clients certificates clients: diff --git a/cookbooks/opendistro/templates/wazuh.yml.erb b/cookbooks/opendistro/templates/wazuh.yml.erb new file mode 100644 index 00000000..d90cbd11 --- /dev/null +++ b/cookbooks/opendistro/templates/wazuh.yml.erb @@ -0,0 +1,198 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2020 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +#checks.metaFields: true +#checks.timeFilter: true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.tsc : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.gcp : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Timeout ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# -------------------------------- API selector -------------------------------- +# +# Defines if the user is allowed to change the selected +# API directly from the Wazuh app top menu. +# Default: true +#api.selector: true +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-* +# +# --------------------------------- wazuh-cron ---------------------------------- +# +# Customize the index prefix of predefined jobs +# This change is not retroactive, if you change it new indexes will be created +# cron.prefix: test +# +# --------------------------------- wazuh-sample-alerts ------------------------- +# +# Customize the index name prefix of sample alerts +# This change is not retroactive, if you change it new indexes will be created +# It should match with a valid index template to avoid unknown fields on +# dashboards +#alerts.sample.prefix: wazuh-alerts-4.x- +# +# ------------------------------ wazuh-statistics ------------------------------- +# +# Custom setting to enable/disable statistics tasks. +#cron.statistics.status: true +# +# Enter the ID of the APIs you want to save data from, leave this empty to run +# the task on all configured APIs +#cron.statistics.apis: [] +# +# Define the frequency of task execution using cron schedule expressions +#cron.statistics.interval: 0 */5 * * * * +# +# Define the name of the index in which the documents are to be saved. +#cron.statistics.index.name: statistics +# +# Define the interval in which the index will be created +#cron.statistics.index.creation: w +# +# Configure statistics indices shards and replicas. +#cron.statistics.shards: 2 +#cron.statistics.replicas: 0 +# +# ---------------------------- Hide manager alerts ------------------------------ +# Hide the alerts of the manager in all dashboards and discover +#hideManagerAlerts: false +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +# -------------------------------- Enrollment DNS ------------------------------- +# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. +# Default value: '' +#enrollment.dns: '' +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : + # URL + # API url + # url: http(s):// + + # Port + # API port + # port: + + # Username + # API user's username + # username: + + # Password + # API user's password + # password: + + # Run as + # Define how the app user gets his/her app permissions. + # Values: + # - true: use his/her authentication context. Require Wazuh API user allows run_as. + # - false or not defined: get same permissions of Wazuh API user. + # run_as: + + + +hosts: + - <%= @id %>: + url: <%= @url %> + port: <%= @port %> + username: <%= @username %> + password: <%= @password %> From fe6e94607d593a59bb8b181e1e08333ac0dcbeae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 3 Dec 2020 13:10:51 +0100 Subject: [PATCH 038/260] Update filebeat-oss cookbook --- cookbooks/filebeat-oss/attributes/paths.rb | 5 +- cookbooks/filebeat-oss/attributes/versions.rb | 2 +- cookbooks/filebeat-oss/attributes/yml.rb | 11 ++-- cookbooks/filebeat-oss/recipes/filebeat.rb | 65 +++++++++++-------- .../filebeat-oss/templates/filebeat.yml.erb | 2 +- 5 files changed, 52 insertions(+), 33 deletions(-) diff --git a/cookbooks/filebeat-oss/attributes/paths.rb b/cookbooks/filebeat-oss/attributes/paths.rb index dedfa422..5d77f7de 100644 --- a/cookbooks/filebeat-oss/attributes/paths.rb +++ b/cookbooks/filebeat-oss/attributes/paths.rb @@ -3,4 +3,7 @@ # Author:: Wazuh default['filebeat']['config_path'] = '/etc/filebeat' -default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file +default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' +default['filebeat']['certs_path'] = "#{node['filebeat']['config_path']}/certs" +default['elastic']['config_path'] = "/etc/elasticsearch" +default['elastic']['certs_path'] = "#{node['elastic']['config_path']}/certs" \ No newline at end of file diff --git a/cookbooks/filebeat-oss/attributes/versions.rb b/cookbooks/filebeat-oss/attributes/versions.rb index 1f6f427e..c18f6d58 100644 --- a/cookbooks/filebeat-oss/attributes/versions.rb +++ b/cookbooks/filebeat-oss/attributes/versions.rb @@ -9,4 +9,4 @@ # Wazuh default['wazuh']['major_version'] = "4.x" default['wazuh']['minor_version'] = "4.0" -default['wazuh']['patch_version'] = "4.0.2" \ No newline at end of file +default['wazuh']['patch_version'] = "4.0.3" \ No newline at end of file diff --git a/cookbooks/filebeat-oss/attributes/yml.rb b/cookbooks/filebeat-oss/attributes/yml.rb index 8115a76a..e458a1d7 100644 --- a/cookbooks/filebeat-oss/attributes/yml.rb +++ b/cookbooks/filebeat-oss/attributes/yml.rb @@ -1,15 +1,18 @@ # Cookbook Name:: filebeat -# Attribute:: elastic +# Attribute:: yml # Author:: Wazuh -default['filebeat']['yml'] = [ +default['filebeat']['yml'] = { 'output' => { 'elasticsearch' => { 'hosts' => [ - "http://0.0.0.0:9200" + { + 'ip' => '0.0.0.0', + 'port' => 9200 + } ] } } -] +} diff --git a/cookbooks/filebeat-oss/recipes/filebeat.rb b/cookbooks/filebeat-oss/recipes/filebeat.rb index 455814b3..fadb032a 100644 --- a/cookbooks/filebeat-oss/recipes/filebeat.rb +++ b/cookbooks/filebeat-oss/recipes/filebeat.rb @@ -19,7 +19,7 @@ version "#{node['elk']['patch_version']}" end end -when 'opensuse', 'suse' +when 'opensuseleap', 'suse' zypper_package 'filebeat' do version "#{node['elk']['patch_version']}" end @@ -34,15 +34,15 @@ owner 'root' group 'root' mode '0640' - variables( + variables ({ hosts: node['filebeat']['yml']['output']['elasticsearch']['hosts'] - ) + }) end # Download the alerts template for Elasticsearch remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" do - source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['patch_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" + source "https://raw.githubusercontent.com/wazuh/wazuh/#{node['wazuh']['minor_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" owner 'root' group 'root' mode '0644' @@ -50,33 +50,46 @@ # Download the Wazuh module for Filebeat -remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do - source "https://packages.wazuh.com/#{node['wazuh']['major_version']}/filebeat/#{node['filebeat']['wazuh_module']}" +execute 'Extract Wazuh module' do + command "curl -s https://packages.wazuh.com/#{node['wazuh']['major_version']}/filebeat/#{node['filebeat']['wazuh_module']} | tar -xvz -C #{node['filebeat']['wazuh_module_path']}" + action :run end -archive_file "#{node['filebeat']['wazuh_module']}" do - path "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" - destination "#{node['filebeat']['wazuh_module_path']}" -end +# Configure Filebeat certificates -file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do - action :delete +directory "#{node['filebeat']['certs_path']}" do + action :create end -# Configure Filebeat certificates - -directory "#{node['filebeat']['config_path']}/certs" do - action :create +ruby_block 'Copy certificate files' do + block do + if File.exist?("#{node['elastic']['certs_path']}") + IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.pem", "#{node['filebeat']['certs_path']}/filebeat.pem") + IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.key", "#{node['filebeat']['certs_path']}/filebeat.key") + IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['filebeat']['certs_path']}/root-ca.pem") + else + Chef::Log.fatal("Please copy the following files where Elasticserch is installed to + #{node['filebeat']['certs_path']}: + - #{node['elastic']['certs_path']}/filebeat.pem + - #{node['elastic']['certs_path']}/filebeat.key + - #{node['elastic']['certs_path']}/root-ca.pem + Then run as sudo: + - systemctl daemon-reload + - systemctl enable kibana + - systemctl start kibana") + end + end + action :run end -log 'filebeat-certificates' do - message "Please move the following files on elasticsearch node to #{node['filebeat']['config_path']}/certs: - - filebeat.pem - - filebeat.key - - root-ca.pem. - Once uploaded, run the following commands as sudo: - - systemctl daemon-reload - - systemctl enable filebeat - - systemctl start filebeat" - level :warn +# Enable and start service + +service "filebeat" do + supports :start => true, :stop => true, :restart => true, :reload => true + action [:enable, :start] + only_if { + File.exist?("#{node['filebeat']['certs_path']}/filebeat.pem") && + File.exist?("#{node['filebeat']['certs_path']}/filebeat.key") && + File.exist?("#{node['filebeat']['certs_path']}/root-ca.pem") + } end \ No newline at end of file diff --git a/cookbooks/filebeat-oss/templates/filebeat.yml.erb b/cookbooks/filebeat-oss/templates/filebeat.yml.erb index 9f61795b..aee73724 100644 --- a/cookbooks/filebeat-oss/templates/filebeat.yml.erb +++ b/cookbooks/filebeat-oss/templates/filebeat.yml.erb @@ -2,7 +2,7 @@ output.elasticsearch: hosts: [ <% @hosts.each do |node| %> - "<%= node %>", + "<%= node['ip'] %>:<%= node['port'] %>", <% end %> ] protocol: https From 5c1fbf8f88ba5d8739b7b9c216027ff26d572781 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 3 Dec 2020 13:11:16 +0100 Subject: [PATCH 039/260] Update wazuh-manager cookbook --- cookbooks/wazuh_manager/.kitchen.yml | 47 +++++------------ cookbooks/wazuh_manager/Berksfile | 8 +-- .../wazuh_manager/attributes/agent_conf.rb | 4 ++ cookbooks/wazuh_manager/attributes/alerts.rb | 4 ++ cookbooks/wazuh_manager/attributes/api.rb | 4 ++ cookbooks/wazuh_manager/attributes/auth.rb | 4 ++ cookbooks/wazuh_manager/attributes/cluster.rb | 4 ++ cookbooks/wazuh_manager/attributes/command.rb | 4 ++ cookbooks/wazuh_manager/attributes/default.rb | 20 ++------ .../wazuh_manager/attributes/filebeat.rb | 9 ---- cookbooks/wazuh_manager/attributes/global.rb | 4 ++ .../wazuh_manager/attributes/localfile.rb | 8 ++- cookbooks/wazuh_manager/attributes/logging.rb | 4 ++ cookbooks/wazuh_manager/attributes/remote.rb | 4 ++ .../wazuh_manager/attributes/rootcheck.rb | 4 ++ cookbooks/wazuh_manager/attributes/ruleset.rb | 4 ++ cookbooks/wazuh_manager/attributes/sca.rb | 3 ++ .../wazuh_manager/attributes/syscheck.rb | 4 ++ .../wazuh_manager/attributes/versions.rb | 12 +++-- .../attributes/vulnerability-detector.rb | 4 ++ cookbooks/wazuh_manager/attributes/wodle.rb | 4 ++ cookbooks/wazuh_manager/metadata.rb | 29 +++++------ cookbooks/wazuh_manager/recipes/common.rb | 19 +------ cookbooks/wazuh_manager/recipes/default.rb | 14 ++++-- cookbooks/wazuh_manager/recipes/filebeat.rb | 50 ------------------- cookbooks/wazuh_manager/recipes/manager.rb | 44 ++++++---------- .../wazuh_manager/recipes/prerequisites.rb | 16 +++--- cookbooks/wazuh_manager/recipes/repository.rb | 33 ++++-------- 28 files changed, 145 insertions(+), 223 deletions(-) delete mode 100644 cookbooks/wazuh_manager/attributes/filebeat.rb delete mode 100644 cookbooks/wazuh_manager/recipes/filebeat.rb diff --git a/cookbooks/wazuh_manager/.kitchen.yml b/cookbooks/wazuh_manager/.kitchen.yml index b9f2e3bf..0084a1e8 100644 --- a/cookbooks/wazuh_manager/.kitchen.yml +++ b/cookbooks/wazuh_manager/.kitchen.yml @@ -14,53 +14,32 @@ verifiers: platforms: - name: ubuntu-20.04 - - name: ubuntu-18.04 - - name: centos-8.0 - - name: centos-7 - -suites: - - name: wazuh-server - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - run_list: - - recipe[wazuh_server::default] - #- recipe[wazuh_server::prerequisites] - #- recipe[wazuh_server::repository] - #- recipe[wazuh_server::manager] - #- recipe[wazuh_server::filebeat] driver: network: - ["private_network", {ip: "172.16.10.10"}] - customize: - memory: 2048 - cpus: 1 - - name: elastic - run_list: - - recipe[wazuh_elastic::default] + - name: ubuntu-18.04 driver: network: - ["private_network", {ip: "172.16.10.11"}] - customize: - memory: 2048 - cpus: 2 - - name: kibana - run_list: - - recipe[wazuh_kibana::default] + - name: centos-8.0 driver: network: - ["private_network", {ip: "172.16.10.12"}] - customize: - memory: 4096 - cpus: 2 - - name: agent - run_list: - - recipe[wazuh_agent::default] + - name: centos-7 driver: network: - ["private_network", {ip: "172.16.10.13"}] + +suites: + - name: wazuh-manager + environments_path: "test/environments" + data_bags_path: "test/data_bags" + encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" + run_list: + - recipe[wazuh_manager::default] + driver: customize: - memory: 512 + memory: 2048 cpus: 1 #driver: diff --git a/cookbooks/wazuh_manager/Berksfile b/cookbooks/wazuh_manager/Berksfile index 97ca84b9..8da8fae4 100644 --- a/cookbooks/wazuh_manager/Berksfile +++ b/cookbooks/wazuh_manager/Berksfile @@ -2,9 +2,5 @@ source 'https://supermarket.chef.io' metadata -cookbook 'chef-sugar' -cookbook 'hostsfile' -cookbook 'apt' -cookbook 'yum' -cookbook 'poise-python' -cookbook 'zypper' \ No newline at end of file +cookbook 'filebeat-oss', path: '../filebeat-oss' +cookbook 'opendistro', path: '../opendistro' \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/agent_conf.rb b/cookbooks/wazuh_manager/attributes/agent_conf.rb index 089429c1..7a3b8cc6 100644 --- a/cookbooks/wazuh_manager/attributes/agent_conf.rb +++ b/cookbooks/wazuh_manager/attributes/agent_conf.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: agent_conf +# Author:: Wazuh 'no', 'path' => '/var/ossec/etc/shared/default' diff --git a/cookbooks/wazuh_manager/attributes/alerts.rb b/cookbooks/wazuh_manager/attributes/alerts.rb index e0f4d45d..a3061e88 100644 --- a/cookbooks/wazuh_manager/attributes/alerts.rb +++ b/cookbooks/wazuh_manager/attributes/alerts.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: alerts +# Author:: Wazuh 3, 'email_alert_level' => 12 diff --git a/cookbooks/wazuh_manager/attributes/api.rb b/cookbooks/wazuh_manager/attributes/api.rb index fa19c072..6172f682 100644 --- a/cookbooks/wazuh_manager/attributes/api.rb +++ b/cookbooks/wazuh_manager/attributes/api.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: api +# Author:: Wazuh '0.0.0.0', 'port' => 55000 diff --git a/cookbooks/wazuh_manager/attributes/auth.rb b/cookbooks/wazuh_manager/attributes/auth.rb index 9cddcdc6..79595719 100644 --- a/cookbooks/wazuh_manager/attributes/auth.rb +++ b/cookbooks/wazuh_manager/attributes/auth.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: auth +# Author:: Wazuh false, diff --git a/cookbooks/wazuh_manager/attributes/cluster.rb b/cookbooks/wazuh_manager/attributes/cluster.rb index dd0deab2..20c373a0 100644 --- a/cookbooks/wazuh_manager/attributes/cluster.rb +++ b/cookbooks/wazuh_manager/attributes/cluster.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: cluster +# Author:: Wazuh 'wazuh', diff --git a/cookbooks/wazuh_manager/attributes/command.rb b/cookbooks/wazuh_manager/attributes/command.rb index 2404d335..8f08c244 100644 --- a/cookbooks/wazuh_manager/attributes/command.rb +++ b/cookbooks/wazuh_manager/attributes/command.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: command +# Author:: Wazuh 'disable-account', diff --git a/cookbooks/wazuh_manager/attributes/default.rb b/cookbooks/wazuh_manager/attributes/default.rb index b23ee512..73c13930 100644 --- a/cookbooks/wazuh_manager/attributes/default.rb +++ b/cookbooks/wazuh_manager/attributes/default.rb @@ -1,21 +1,7 @@ -# -# Cookbook Name:: ossec +# Cookbook Name:: wazuh-manager # Attributes:: default -# -# Copyright 2010-2015, Chef Software, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# +# Author:: Wazuh "/etc/filebeat", - "wazuh_filebeat_module" => "wazuh-filebeat-0.1.tar.gz", - "wazuh_template" => "wazuh-template.json", - # Array with Elastic nodes IP - "elastic_nodes" => [ - "0.0.0.0:9200" - ] -} \ No newline at end of file diff --git a/cookbooks/wazuh_manager/attributes/global.rb b/cookbooks/wazuh_manager/attributes/global.rb index 87de353e..98603961 100644 --- a/cookbooks/wazuh_manager/attributes/global.rb +++ b/cookbooks/wazuh_manager/attributes/global.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: global +# Author:: Wazuh true, 'alerts_log' => true, diff --git a/cookbooks/wazuh_manager/attributes/localfile.rb b/cookbooks/wazuh_manager/attributes/localfile.rb index fd528ca6..908bb8f1 100644 --- a/cookbooks/wazuh_manager/attributes/localfile.rb +++ b/cookbooks/wazuh_manager/attributes/localfile.rb @@ -1,5 +1,9 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: localfile +# Author:: Wazuh 'command', @@ -52,7 +56,7 @@ } } ] -elsif platform_family?("centos","redhat","rhel", "amazon") +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' default['ossec']['conf']['localfile'] = [ { 'log_format' => 'command', diff --git a/cookbooks/wazuh_manager/attributes/logging.rb b/cookbooks/wazuh_manager/attributes/logging.rb index 807f3a0f..62b806a3 100644 --- a/cookbooks/wazuh_manager/attributes/logging.rb +++ b/cookbooks/wazuh_manager/attributes/logging.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: logging +# Author:: Wazuh 'plain' diff --git a/cookbooks/wazuh_manager/attributes/remote.rb b/cookbooks/wazuh_manager/attributes/remote.rb index eb008ea8..b843c87c 100644 --- a/cookbooks/wazuh_manager/attributes/remote.rb +++ b/cookbooks/wazuh_manager/attributes/remote.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: remote +# Author:: Wazuh 'secure', diff --git a/cookbooks/wazuh_manager/attributes/rootcheck.rb b/cookbooks/wazuh_manager/attributes/rootcheck.rb index 963bf8fc..fee67b02 100644 --- a/cookbooks/wazuh_manager/attributes/rootcheck.rb +++ b/cookbooks/wazuh_manager/attributes/rootcheck.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: rootcheck +# Author:: Wazuh false, diff --git a/cookbooks/wazuh_manager/attributes/ruleset.rb b/cookbooks/wazuh_manager/attributes/ruleset.rb index 1eb1e604..83404c41 100644 --- a/cookbooks/wazuh_manager/attributes/ruleset.rb +++ b/cookbooks/wazuh_manager/attributes/ruleset.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: ruleset +# Author:: Wazuh [ diff --git a/cookbooks/wazuh_manager/attributes/sca.rb b/cookbooks/wazuh_manager/attributes/sca.rb index 6777b12a..70ef9cd3 100644 --- a/cookbooks/wazuh_manager/attributes/sca.rb +++ b/cookbooks/wazuh_manager/attributes/sca.rb @@ -1,3 +1,6 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: sca +# Author:: Wazuh true, diff --git a/cookbooks/wazuh_manager/attributes/syscheck.rb b/cookbooks/wazuh_manager/attributes/syscheck.rb index 59d003ea..16bb4906 100644 --- a/cookbooks/wazuh_manager/attributes/syscheck.rb +++ b/cookbooks/wazuh_manager/attributes/syscheck.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: syscheck +# Author:: Wazuh false, diff --git a/cookbooks/wazuh_manager/attributes/versions.rb b/cookbooks/wazuh_manager/attributes/versions.rb index d0906b5a..6c4c0d84 100644 --- a/cookbooks/wazuh_manager/attributes/versions.rb +++ b/cookbooks/wazuh_manager/attributes/versions.rb @@ -1,5 +1,7 @@ -default['wazuh-manager']['version'] = "4.0.2" -default['packages.wazuh.com']['version'] = "4.x" -default['wazuh']['version'] = "4.0" -default['filebeat']['version'] = "7.9.1" -default['elastic']['version'] = "7.x" \ No newline at end of file +# Cookbook Name:: wazuh-manager +# Attributes:: versions +# Author:: Wazuh false, 'interval' => '5m', diff --git a/cookbooks/wazuh_manager/attributes/wodle.rb b/cookbooks/wazuh_manager/attributes/wodle.rb index 6e4d5d4e..6741fb1f 100644 --- a/cookbooks/wazuh_manager/attributes/wodle.rb +++ b/cookbooks/wazuh_manager/attributes/wodle.rb @@ -1,3 +1,7 @@ +# Cookbook Name:: wazuh-manager +# Attributes:: woodle +# Author:: Wazuh 'open-scap', 'disabled' => 'yes', diff --git a/cookbooks/wazuh_manager/metadata.rb b/cookbooks/wazuh_manager/metadata.rb index a7e806b5..a054cf7c 100644 --- a/cookbooks/wazuh_manager/metadata.rb +++ b/cookbooks/wazuh_manager/metadata.rb @@ -1,29 +1,24 @@ -name 'wazuh_server' -maintainer 'Wazuh Inc.' +name 'wazuh_manager' +maintainer 'Wazuh' maintainer_email 'info@wazuh.com' license 'Apache 2.0' -description 'Installs and configures Wazuh manager and Filebeat' +description 'Installs/Configures wazuh-manager' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.1' +chef_version '>= 15.0' %w(redhat centos oracle).each do |el| supports el, '>= 6.0' end -supports 'amazon', '>= 2.0' -supports 'fedora', '>= 32.0' +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' supports 'debian', '>= 7.0' -supports 'ubuntu', '>= 14.04' -supports 'suse', '>= 15.0' -supports 'debian', '>= 8.0' -supports 'ubuntu', '>= 14.04' - -depends 'chef-sugar' -depends 'apt' -depends 'poise-python' -depends 'yum' -depends 'hostsfile' -depends 'zypper' +supports 'ubuntu', '>= 12.04' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) -chef_version '>= 12.0' if respond_to?(:chef_version) + +depends 'filebeat-oss' +depends 'opendistro' \ No newline at end of file diff --git a/cookbooks/wazuh_manager/recipes/common.rb b/cookbooks/wazuh_manager/recipes/common.rb index c4db1564..14e48600 100644 --- a/cookbooks/wazuh_manager/recipes/common.rb +++ b/cookbooks/wazuh_manager/recipes/common.rb @@ -1,21 +1,6 @@ -# -# Cookbook Name:: ossec +# Cookbook Name:: wazuh-manager # Recipe:: common -# -# Copyright 2010, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# +# Author:: Wazuh ruby_block 'ossec install_type' do block do diff --git a/cookbooks/wazuh_manager/recipes/default.rb b/cookbooks/wazuh_manager/recipes/default.rb index 2bc68f21..2da76994 100644 --- a/cookbooks/wazuh_manager/recipes/default.rb +++ b/cookbooks/wazuh_manager/recipes/default.rb @@ -1,5 +1,9 @@ -include_recipe 'apt::default' -include_recipe 'wazuh_server::prerequisites' -include_recipe 'wazuh_server::repository' -include_recipe 'wazuh_server::manager' -include_recipe 'wazuh_server::filebeat' \ No newline at end of file +# Cookbook Name:: wazuh-manager +# Recipe:: default +# Author:: Wazuh + +include_recipe 'opendistro::default' +include_recipe 'wazuh_manager::prerequisites' +include_recipe 'wazuh_manager::repository' +include_recipe 'wazuh_manager::manager' +include_recipe 'filebeat-oss::default' diff --git a/cookbooks/wazuh_manager/recipes/filebeat.rb b/cookbooks/wazuh_manager/recipes/filebeat.rb deleted file mode 100644 index 4287557b..00000000 --- a/cookbooks/wazuh_manager/recipes/filebeat.rb +++ /dev/null @@ -1,50 +0,0 @@ -# -# Cookbook Name:: filebeat -# Recipe:: default -# Author:: Wazuh - -# Install Filebeat package -require 'yaml' - -if platform_family?('debian','ubuntu') - package 'lsb-release' - ohai 'reload lsb' do - plugin 'lsb' - # action :nothing - subscribes :reload, 'package[lsb-release]', :immediately - end - - apt_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/apt/sources.list.d/wazuh.list") - end - end -elsif platform_family?('rhel', 'redhat', 'centos') - if node['platform_version'] >= '8' - dnf_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/yum.repos.d/wazuh.repo") - end - end - else - yum_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/yum.repos.d/wazuh.repo") - end - end - end -elsif platform_family?('suse') - yum_package 'filebeat' do - version "#{node['filebeat']['version']}" - only_if do - File.exists?("/etc/zypp/repos.d/wazuh.repo") - end - end -else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" -end - - diff --git a/cookbooks/wazuh_manager/recipes/manager.rb b/cookbooks/wazuh_manager/recipes/manager.rb index 56308e00..58f89e37 100644 --- a/cookbooks/wazuh_manager/recipes/manager.rb +++ b/cookbooks/wazuh_manager/recipes/manager.rb @@ -1,55 +1,39 @@ -# -# Cookbook Name:: wazuh +# Cookbook Name:: wazuh-manager # Recipe:: manager -# -# Copyright 2015, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -#include_recipe 'chef-sugar::default' +# Author:: Wazuh - -if platform_family?('ubuntu', 'debian') +case node['platform'] +when 'ubuntu', 'debian' apt_package 'wazuh-manager' do - version "#{node['wazuh-manager']['version']}-1" + version "#{node['wazuh']['patch_version']}-1" end -elsif platform_family?('redhat', 'rhel','centos') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'wazuh-manager' do - version "#{node['wazuh-manager']['version']}-1" + version "#{node['wazuh']['patch_version']}-1" end else yum_package 'wazuh-manager' do - version "#{node['wazuh-manager']['version']}-1" + version "#{node['wazuh']['patch_version']}-1" end end -elsif platform_family?('suse') +when 'opensuseleap', 'suse' zypper_package 'wazuh-manager' do - version "#{node['wazuh-manager']['version']}-1" + version "#{node['wazuh']['patch_version']}-1" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end - # The dependences should be installed only when the cluster is enabled if node['ossec']['conf']['cluster']['disabled'] == 'no' - if platform_family?('ubuntu', 'debian') + case node['platform'] + when 'ubuntu', 'debian' log 'Wazuh_Cluster_not_compatible' do message "Wazuh cluster is not compatible with this version with #{node['platform']}" level :warn end - elsif platform_family?('redhat', 'rhel','centos', 'amazon') + when 'redhat', 'oracle', 'centos', 'amazon', 'fedora' if node['platform_version'].to_i == 7 package ['python-setuptools', 'python-cryptography'] end @@ -66,7 +50,7 @@ end end -include_recipe 'wazuh_server::common' +include_recipe 'wazuh_manager::common' template "#{node['ossec']['dir']}/etc/local_internal_options.conf" do source 'var/ossec/etc/manager_local_internal_options.conf' diff --git a/cookbooks/wazuh_manager/recipes/prerequisites.rb b/cookbooks/wazuh_manager/recipes/prerequisites.rb index c98e4895..ec62fbf2 100644 --- a/cookbooks/wazuh_manager/recipes/prerequisites.rb +++ b/cookbooks/wazuh_manager/recipes/prerequisites.rb @@ -1,25 +1,27 @@ +# Cookbook Name:: wazuh-manager +# Recipe:: prerequisites +# Author:: Wazuh + # Install all the required utilities -if platform_family?('debian','ubuntu') +case node['platform'] +when 'debian', 'ubuntu' package "lsb-release" ohai "reload lsb" do plugin "lsb" - # action :nothing subscribes :reload, "package[lsb-release]", :immediately end - apt_package %w(curl apt-transport-https) - -elsif platform_family?('rhel', 'redhat', 'centos') + apt_package %w(curl apt-transport-https lsb-release gnupg2) +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'curl' else yum_package 'curl' end -elsif platform_family?('suse') +when 'opensuseleap', 'suse' zypper_package 'curl' - else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end diff --git a/cookbooks/wazuh_manager/recipes/repository.rb b/cookbooks/wazuh_manager/recipes/repository.rb index c1c5b544..670471d0 100644 --- a/cookbooks/wazuh_manager/recipes/repository.rb +++ b/cookbooks/wazuh_manager/recipes/repository.rb @@ -1,56 +1,41 @@ -# -# Cookbook Name:: ossec +# Cookbook Name:: wazuh-manager # Recipe:: repository -# -# Copyright 2015, Opscode, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# +# Author:: Wazuh -if platform_family?('ubuntu', 'debian') +case node['platform'] +when 'debian', 'ubuntu' package 'lsb-release' ohai 'reload lsb' do plugin 'lsb' - # action :nothing subscribes :reload, 'package[lsb-release]', :immediately end apt_repository 'wazuh' do key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - uri "http://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/apt/" + uri "http://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" components ['main'] distribution 'stable' action :add end apt_update -elsif platform_family?('rhel','redhat', 'centos', 'amazon') +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' yum_repository 'wazuh' do description 'WAZUH Yum Repository - www.wazuh.com' gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" action :create end -elsif platform_family?('suse') +when 'opensuseleap', 'suse' zypper_repository 'wazuh' do description 'WAZUH Zypper Repository - www.wazuh.com' gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl "https://packages.wazuh.com/#{node['packages.wazuh.com']['version']}/yum" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" action :create end else From cd8ddd43d145f3d20221aea33d15b90326c2de92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 3 Dec 2020 15:53:51 +0100 Subject: [PATCH 040/260] Update elastic-stack cookbook --- cookbooks/elastic-stack/.kitchen.yml | 16 +- cookbooks/elastic-stack/Berksfile | 5 +- cookbooks/elastic-stack/CHANGELOG.md | 4 +- cookbooks/elastic-stack/README.md | 95 +++++---- cookbooks/elastic-stack/attributes/api.rb | 16 +- .../elastic-stack/attributes/versions.rb | 4 +- cookbooks/elastic-stack/attributes/yml.rb | 4 +- cookbooks/elastic-stack/metadata.rb | 5 +- cookbooks/elastic-stack/recipes/default.rb | 2 + .../elastic-stack/recipes/elasticsearch.rb | 2 +- cookbooks/elastic-stack/recipes/kibana.rb | 66 ++++-- cookbooks/elastic-stack/recipes/repository.rb | 6 +- .../elastic-stack/templates/wazuh.yml.erb | 201 ++++++++++++++++++ 13 files changed, 337 insertions(+), 89 deletions(-) create mode 100644 cookbooks/elastic-stack/templates/wazuh.yml.erb diff --git a/cookbooks/elastic-stack/.kitchen.yml b/cookbooks/elastic-stack/.kitchen.yml index ae85a60b..eb67c2a0 100644 --- a/cookbooks/elastic-stack/.kitchen.yml +++ b/cookbooks/elastic-stack/.kitchen.yml @@ -13,17 +13,27 @@ verifiers: platforms: - name: ubuntu-20.04 + driver: + network: + - ["private_network", {ip: "172.16.11.10"}] - name: ubuntu-18.04 + driver: + network: + - ["private_network", {ip: "172.16.11.11"}] - name: centos-8.0 + driver: + network: + - ["private_network", {ip: "172.16.11.12"}] - name: centos-7 + driver: + network: + - ["private_network", {ip: "172.16.11.13"}] suites: - name: elastic-stack run_list: - recipe[elastic-stack::default] driver: - network: - - ["private_network", {ip: "172.16.10.11"}] customize: - memory: 2048 + memory: 4096 cpus: 2 \ No newline at end of file diff --git a/cookbooks/elastic-stack/Berksfile b/cookbooks/elastic-stack/Berksfile index d501fcf9..9f9e38a4 100644 --- a/cookbooks/elastic-stack/Berksfile +++ b/cookbooks/elastic-stack/Berksfile @@ -1,4 +1,7 @@ # -*- ruby -*- -source 'https://supermarket.getchef.com' +source 'https://supermarket.chef.io' metadata + +cookbook 'filebeat', path: '../filebeat' +cookbook 'wazuh_manager', path: '../wazuh_manager' \ No newline at end of file diff --git a/cookbooks/elastic-stack/CHANGELOG.md b/cookbooks/elastic-stack/CHANGELOG.md index 77d190cf..8e610921 100644 --- a/cookbooks/elastic-stack/CHANGELOG.md +++ b/cookbooks/elastic-stack/CHANGELOG.md @@ -1,6 +1,6 @@ ## v0.1.0 -1. Bump to Opendistro for Elasticsearch 7.9.1 -2. Added suse repository +1. Install Elastic Stack 7.9.3 version +2. Install Wazuh Kibana plugin 4.0.2_7.9.3 version *Note*: in future version, kibana will be in an independent cookbook * Initial/current release diff --git a/cookbooks/elastic-stack/README.md b/cookbooks/elastic-stack/README.md index c15d6138..dbc9252c 100644 --- a/cookbooks/elastic-stack/README.md +++ b/cookbooks/elastic-stack/README.md @@ -9,18 +9,44 @@ This cookbook installs and configures Elastic Stack. Please note that it's not o ### Attributes -The ``attributes`` folder contains all the default configuration files in order to generate ossec.conf file. +You can customize the installation of Elasticsearch and Kibana modifying the following parameters +on attributes files: -Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. +yml.rb +====== +Has the important parameter to configure the YAML file of elastic and kibana. + +**Elasticsearch:** + +* ```['elastic']['yml']['network']['host']```: IP address bound to elasticsearch node +* ```['elastic']['yml']['http']['port']```: port bound to elasticsearch node + +**Kibana:** + +* ```['kibana']['yml']['server']['host']```: IP address bound to kibana node +* ```['kibana']['yml']['server']['port']```: port bound to kibana node +* ```['kibana']['yml']['elasticsearch']['hosts]```: URL of elasticsearch nodes + +versions.rb +=========== +All the versions for wazuh, elk and kibana plugin + +jvm.rb +====== +Java memory limits. + +paths.rb +======== +Default paths for elasticsearch and kibana. Please do not modify. ### Installation -Create a role, `wazuh_elastic`. Modify attributes to customize the installation. +Create a role, `elastic-stack`. Modify attributes to customize the installation. -``` +```json { - "name": "wazuh_elastic", - "description": "Wazuh Elastic Role", + "name": "elastic-stack", + "description": "Elastic Stack role", "json_class": "Chef::Role", "default_attributes": { @@ -30,34 +56,13 @@ Create a role, `wazuh_elastic`. Modify attributes to customize the installation. }, "chef_type": "role", "run_list": [ - "recipe[wazuh_elastic::default]" + "recipe[elastic-stack::default]" ], "env_run_lists": { } } ``` - -#### Customize ELK installation - -You can customize the installation of Elasticsearch and Kibana modifying the following parameters. - - -**Elasticsearch:** - -* ```['wazuh-elastic']['elasticsearch_memmory'] = "1g"``` -* ```['wazuh-elastic']['elasticsearch_cluster_name'] = 'wazuh'``` -* ```['wazuh-elastic']['elasticsearch_node_name'] = 'elk.wazuh-test.com'``` -* ```['wazuh-elastic']['elasticsearch_port'] = 9200``` -* ```['wazuh-elastic']['elasticsearch_ip'] = 'localhost'``` - -**Kibana:** - -* ```['wazuh-elastic']['kibana_host'] = '0.0.0.0'``` -* ```['wazuh-elastic']['kibana_port'] = '5601'``` -* ```['wazuh-elastic']['kibana_elasticsearch_server'] = "http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}"``` - - ### Recipes #### default.rb @@ -66,7 +71,7 @@ Declares all recipes in the cookbook and installs the whole Elastic Stack. #### elasticsearch.rb -Installs Elasticsearch, the Wazuh template will be configured. +Installs Elasticsearch package and configures *elasticsearch.yml*. #### repository.rb @@ -74,7 +79,7 @@ Declares elastic repository and GPG key URLs. ### kibana.rb -Installs Kibana packages and configures *kibana.yml*. You can customize the installation by editing the following attributes. +Installs Kibana packages and configures *kibana.yml*. Also install and configures Wazuh Kibana plugin. ### Elasticsearch 7.x Cluster Changes @@ -86,12 +91,12 @@ You can find more information about such attributes here: [Discovery and cluster In order to make Chef compatible Elasticsearch 7.x, two new attributes have been added. -- `['wazuh-elastic']['discovery_option']` : This option let you set the full line in the *elasticsearch.yml* file so you can declare it to: - - `['wazuh-elastic']['discovery_option']: "discovery.seed.hosts: "` - - `['wazuh-elastic']['discovery_option']: "discovery.host_providers: "` - - `['wazuh-elastic']['discovery_option']: "discovery.type: single-node"` -- `['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. You can declare it like: - - `['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']: "['']"` +1. `['elastic']['discovery_option']` : This option let you set the full line in the *elasticsearch.yml* file so you can declare it to: + * `['elastic']['discovery_option']: "discovery.seed.hosts: "` + * `['elastic']['discovery_option']: "discovery.host_providers: "` + * `['elastic']['discovery_option']: "discovery.type: single-node"` +2. `['elastic']['yml']['cluster']['initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. You can declare it like: + * `['elastic']['yml']['cluster']['initial_master_nodes']: "['']"` **Important note:** In some situations you will need only one of such parameters, that's why it's implemented as the whole line, to allow the declaration of character **#** to disable it. @@ -103,22 +108,24 @@ If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would ```json { - "name": "wazuh_elastic", - "description": "Wazuh Elastic Role", + "name": "elastic-stack", + "description": "Elastic Stack role", "json_class": "Chef::Role", "default_attributes": { }, "override_attributes": { - "wazuh-elastic":{ - "discovery_option": "#", - "elasticsearch_cluster_initial_master_nodes": "192.168.0.1" + "elastic": { + "yml": { + "cluster": { + "initial_master_nodes": "192.168.0.1" + } + } } - }, "chef_type": "role", "run_list": [ - "recipe[wazuh_elastic::default]" + "recipe[elastic-stack::default]" ], "env_run_lists": { @@ -131,4 +138,4 @@ If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would ### References -Check https://documentation.wazuh.com/current/installation-guide/installing-elastic-stack/index.html for more information about Wazuh Elastic. \ No newline at end of file +Check https://documentation.wazuh.com/3.13/installation-guide/installing-elastic-stack/index.html for more information about Wazuh Elastic. \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/api.rb b/cookbooks/elastic-stack/attributes/api.rb index f89bc62e..e12adb77 100644 --- a/cookbooks/elastic-stack/attributes/api.rb +++ b/cookbooks/elastic-stack/attributes/api.rb @@ -2,10 +2,12 @@ # Attributes:: api # Author:: Wazuh -default['kibana']['wazuh_api_credentials'] = { - 'id' => "default", - 'url' => "https://localhost", - 'port' => "55000", - 'username' => "wazuh", - 'password' => "wazuh" -} \ No newline at end of file +default['kibana']['wazuh_api_credentials'] = [ + { + 'id' => "default", + 'url' => "http://localhost", + 'port' => 55000, + 'username' => "wazuh", + 'password' => "wazuh" + } +] \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/versions.rb b/cookbooks/elastic-stack/attributes/versions.rb index f699fde9..852db383 100644 --- a/cookbooks/elastic-stack/attributes/versions.rb +++ b/cookbooks/elastic-stack/attributes/versions.rb @@ -9,7 +9,7 @@ # Wazuh default['wazuh']['major_version'] = "4.x" default['wazuh']['minor_version'] = "4.0" -default['wazuh']['patch_version'] = "4.0.2" +default['wazuh']['patch_version'] = "4.0.3" # Kibana -default['wazuh']['kibana_plugin_version'] = "4.0.2_7.9.3" +default['wazuh']['kibana_plugin_version'] = "4.0.3_7.9.3" diff --git a/cookbooks/elastic-stack/attributes/yml.rb b/cookbooks/elastic-stack/attributes/yml.rb index bfb90eaf..ceb3a056 100644 --- a/cookbooks/elastic-stack/attributes/yml.rb +++ b/cookbooks/elastic-stack/attributes/yml.rb @@ -29,11 +29,11 @@ default['kibana']['yml'] = { 'server' => { 'host' => '0.0.0.0', - 'port' => 443 + 'port' => 5601 }, 'elasticsearch' => { 'hosts' => [ - "https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" + "http://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" ] } } diff --git a/cookbooks/elastic-stack/metadata.rb b/cookbooks/elastic-stack/metadata.rb index a85a4fcb..d8fc6d0d 100644 --- a/cookbooks/elastic-stack/metadata.rb +++ b/cookbooks/elastic-stack/metadata.rb @@ -18,4 +18,7 @@ supports 'opensuse', '>= 42.0' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) + +depends 'filebeat' +depends 'wazuh_manager' \ No newline at end of file diff --git a/cookbooks/elastic-stack/recipes/default.rb b/cookbooks/elastic-stack/recipes/default.rb index e11a726a..1f301f35 100644 --- a/cookbooks/elastic-stack/recipes/default.rb +++ b/cookbooks/elastic-stack/recipes/default.rb @@ -6,3 +6,5 @@ include_recipe 'elastic-stack::repository' include_recipe 'elastic-stack::elasticsearch' include_recipe 'elastic-stack::kibana' +include_recipe 'wazuh_manager::default' +include_recipe 'filebeat::default' \ No newline at end of file diff --git a/cookbooks/elastic-stack/recipes/elasticsearch.rb b/cookbooks/elastic-stack/recipes/elasticsearch.rb index 63732b75..bfbc0ba0 100644 --- a/cookbooks/elastic-stack/recipes/elasticsearch.rb +++ b/cookbooks/elastic-stack/recipes/elasticsearch.rb @@ -90,7 +90,7 @@ action [:enable, :start] end -ruby_block 'wait for elasticsearch' do +ruby_block 'Wait for elasticsearch' do block do loop { break if (TCPSocket.open( "#{node['elastic']['yml']['network']['host']}", diff --git a/cookbooks/elastic-stack/recipes/kibana.rb b/cookbooks/elastic-stack/recipes/kibana.rb index ef5f00ee..fc04e3d8 100644 --- a/cookbooks/elastic-stack/recipes/kibana.rb +++ b/cookbooks/elastic-stack/recipes/kibana.rb @@ -1,4 +1,3 @@ - # Cookbook Name:: elastic-stack # Recipe:: kibana # Author:: Wazuh @@ -44,18 +43,15 @@ # Install the Wazuh Kibana plugin -bash 'Install the Wazuh app plugin for Kibana' do - code <<-EOH - cd #{node['kibana']['package_path']} - sudo -u kibana bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip - EOH +execute 'Install the Wazuh app plugin for Kibana' do + command "sudo -u kibana #{node['kibana']['package_path']}/bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip" end -# Set up Kibana configuration file +# Create Kibana configuration file template "#{node['kibana']['config_path']}/kibana.yml" do source 'kibana.yml.erb' - owner 'root' + owner 'kibana' group 'kibana' mode 0755 variables({ @@ -65,22 +61,29 @@ }) end -bash 'Configure the credentials to access the Wazuh API' do - code <<-EOH - cat >> #{node['kibana']['package_path']}/optimize/wazuh/config/wazuh.yml << EOF - - #{node['kibana']['wazuh_api_credentials']['id']}: - url: #{node['kibana']['wazuh_api_credentials']['url']} - port: #{node['kibana']['wazuh_api_credentials']['port']} - username: #{node['kibana']['wazuh_api_credentials']['username']} - password: #{node['kibana']['wazuh_api_credentials']['password']} - EOF - EOH -end - # Enable and start the Kibana service service "kibana" do supports :start => true, :stop => true, :restart => true, :reload => true + action [:enable, :start] +end + +# Create Wazuh-Kibana plugin configuration file + +template "#{node['kibana']['package_path']}/optimize/wazuh/config/wazuh.yml" do + source 'wazuh.yml.erb' + owner 'kibana' + group 'kibana' + mode 0755 + action :create + variables ({ + api_credentials: node['kibana']['wazuh_api_credentials'] + }) +end + +# Restart Kibana service + +service "kibana" do action [:restart] end @@ -94,11 +97,28 @@ end end -bash 'Waiting for elasticsearch curl response...' do +ruby_block 'Wait for kibana' do + block do + loop { break if (TCPSocket.open( + "#{node['kibana']['yml']['server']['host']}", + node['kibana']['yml']['server']['port']) rescue nil); + puts "Waiting kibana...."; sleep 60 + } + end +end + +bash 'Waiting for kibana curl response...' do code <<-EOH - until (curl -XGET #{node['kibana']['yml']['elasticsearch']['hosts']}); do - printf 'Waiting for elasticsearch....' + until (curl -XGET http://#{node['kibana']['yml']['server']['host']}:#{node['kibana']['yml']['server']['port']}); do + printf 'Waiting for kibana....' sleep 5 done EOH +end + +log 'Access Kibana web interface' do + message "URL: http://#{node['kibana']['yml']['server']['host']}:#{node['kibana']['yml']['server']['port']} + user: admin + password: admin" + level :info end \ No newline at end of file diff --git a/cookbooks/elastic-stack/recipes/repository.rb b/cookbooks/elastic-stack/recipes/repository.rb index de76390a..981d1276 100644 --- a/cookbooks/elastic-stack/recipes/repository.rb +++ b/cookbooks/elastic-stack/recipes/repository.rb @@ -11,7 +11,7 @@ subscribes :reload, 'package[lsb-release]', :immediately end - apt_repository 'elastic-7.x' do + apt_repository "elastic-#{node['elk']['major_version']}" do key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" uri "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/apt" components ['main'] @@ -22,7 +22,7 @@ apt_update when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' yum_repository 'elastic' do - description 'Elasticsearch repository for 7.x packages' + description "Elasticsearch repository for #{node['elk']['major_version']} packages" gpgcheck true gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" enabled true @@ -31,7 +31,7 @@ end when 'opensuseleap', 'suse' zypper_repository 'elastic' do - description 'Elasticsearch repository for 7.x packages' + description "Elasticsearch repository for #{node['elk']['major_version']} packages" gpgcheck true gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" enabled true diff --git a/cookbooks/elastic-stack/templates/wazuh.yml.erb b/cookbooks/elastic-stack/templates/wazuh.yml.erb new file mode 100644 index 00000000..5671eb3f --- /dev/null +++ b/cookbooks/elastic-stack/templates/wazuh.yml.erb @@ -0,0 +1,201 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2020 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +#checks.metaFields: true +#checks.timeFilter: true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.tsc : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.gcp : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Timeout ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# -------------------------------- API selector -------------------------------- +# +# Defines if the user is allowed to change the selected +# API directly from the Wazuh app top menu. +# Default: true +#api.selector: true +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-* +# +# --------------------------------- wazuh-cron ---------------------------------- +# +# Customize the index prefix of predefined jobs +# This change is not retroactive, if you change it new indexes will be created +# cron.prefix: test +# +# --------------------------------- wazuh-sample-alerts ------------------------- +# +# Customize the index name prefix of sample alerts +# This change is not retroactive, if you change it new indexes will be created +# It should match with a valid index template to avoid unknown fields on +# dashboards +#alerts.sample.prefix: wazuh-alerts-4.x- +# +# ------------------------------ wazuh-statistics ------------------------------- +# +# Custom setting to enable/disable statistics tasks. +#cron.statistics.status: true +# +# Enter the ID of the APIs you want to save data from, leave this empty to run +# the task on all configured APIs +#cron.statistics.apis: [] +# +# Define the frequency of task execution using cron schedule expressions +#cron.statistics.interval: 0 */5 * * * * +# +# Define the name of the index in which the documents are to be saved. +#cron.statistics.index.name: statistics +# +# Define the interval in which the index will be created +#cron.statistics.index.creation: w +# +# Configure statistics indices shards and replicas. +#cron.statistics.shards: 2 +#cron.statistics.replicas: 0 +# +# ---------------------------- Hide manager alerts ------------------------------ +# Hide the alerts of the manager in all dashboards and discover +#hideManagerAlerts: false +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +# -------------------------------- Enrollment DNS ------------------------------- +# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment. +# Default value: '' +#enrollment.dns: '' +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : + # URL + # API url + # url: http(s):// + + # Port + # API port + # port: + + # Username + # API user's username + # username: + + # Password + # API user's password + # password: + + # Run as + # Define how the app user gets his/her app permissions. + # Values: + # - true: use his/her authentication context. Require Wazuh API user allows run_as. + # - false or not defined: get same permissions of Wazuh API user. + # run_as: + + + +hosts: +<% @api_credentials.each do |api_user| %> + - <%= api_user['id'] %>: + url: <%= api_user['url'] %> + port: <%= api_user['port'] %> + username: <%= api_user['username'] %> + password: <%= api_user['password'] %> +<% end %> + From bbf33fa0c02490936319ce2626d073d2df54f3f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 3 Dec 2020 15:54:06 +0100 Subject: [PATCH 041/260] Update filebeat cookbook --- cookbooks/filebeat/CHANGELOG.md | 2 +- cookbooks/filebeat/README.md | 25 +++--- cookbooks/filebeat/attributes/elastic.rb | 8 -- cookbooks/filebeat/attributes/files.rb | 2 +- cookbooks/filebeat/attributes/paths.rb | 2 +- cookbooks/filebeat/attributes/versions.rb | 6 +- cookbooks/filebeat/attributes/yml.rb | 17 ++++ cookbooks/filebeat/metadata.rb | 6 +- cookbooks/filebeat/recipes/filebeat.rb | 46 +++-------- cookbooks/filebeat/recipes/repository.rb | 78 +++++++++---------- .../templates/default/filebeat.yml.erb | 6 +- 11 files changed, 86 insertions(+), 112 deletions(-) delete mode 100644 cookbooks/filebeat/attributes/elastic.rb create mode 100644 cookbooks/filebeat/attributes/yml.rb diff --git a/cookbooks/filebeat/CHANGELOG.md b/cookbooks/filebeat/CHANGELOG.md index eaef7bb0..05f37739 100644 --- a/cookbooks/filebeat/CHANGELOG.md +++ b/cookbooks/filebeat/CHANGELOG.md @@ -1,5 +1,5 @@ ## v0.1.0 -1. Bump to filebeat OSS 7.9.1 +1. Bump to filebeat 7.9.3 2. Added suse repository *Note*: in future version, filebeat will be included into wazuh-manager cookbook diff --git a/cookbooks/filebeat/README.md b/cookbooks/filebeat/README.md index 0f22658d..f88d48af 100644 --- a/cookbooks/filebeat/README.md +++ b/cookbooks/filebeat/README.md @@ -3,22 +3,16 @@ ## Description This cookbook installs and configures Filebeat in order on the specified node. -#### Chef -- Chef 12+ - -#### Cookbooks -- apt -- yum -- zypper - Attributes ---------- -Default configuration is defined in ```/attributes/default.rb``` and contains needed parameters to configure the ```filebeat.yml``` file. Check ['Filebeat section'](https://raw.githubusercontent.com/wazuh/wazuh/v4.0.2/extensions/filebeat/7.x/filebeat.yml) to see an example of Filebeat configuration. +Default configuration is defined in ```/attributes/default.rb``` and contains needed parameters to configure the ```filebeat.yml``` file. Important attributes: -* ```node['filebeat']['elasticsearch_server_ip']```: array with URL of elasticsearch nodes +* ```node['filebeat']['yml']['output']['elasticsearch']['hosts']```: array elasticsearch nodes network +parameters (ip and port) + ## Installation @@ -26,8 +20,8 @@ Create a role, wazuh_filebeat. Add attributes per above as needed to customize t ``` { - "name": "wazuh_filebeat", - "description": "Wazuh Manager host", + "name": "filebeat", + "description": "Filebeat host", "json_class": "Chef::Role", "default_attributes": { @@ -37,7 +31,7 @@ Create a role, wazuh_filebeat. Add attributes per above as needed to customize t }, "chef_type": "role", "run_list": [ - "recipe[wazuh_filebeat::filebeat]" + "recipe[filebeat::default]" ], "env_run_lists": { @@ -45,13 +39,14 @@ Create a role, wazuh_filebeat. Add attributes per above as needed to customize t } ``` - Recipes ------- #### default.rb -This recipe imports and executes the recipe *wazuh_filebeat::filebeat* +This recipe imports and executes the following recipes: +* *repository* +* *filebeat* #### repository.rb diff --git a/cookbooks/filebeat/attributes/elastic.rb b/cookbooks/filebeat/attributes/elastic.rb deleted file mode 100644 index 7479e132..00000000 --- a/cookbooks/filebeat/attributes/elastic.rb +++ /dev/null @@ -1,8 +0,0 @@ -# Cookbook Name:: filebeat -# Attribute:: elastic -# Author:: Wazuh - -default['filebeat']['elasticsearch_server_ip'] = [ - "http://0.0.0.0:9200" -] - diff --git a/cookbooks/filebeat/attributes/files.rb b/cookbooks/filebeat/attributes/files.rb index aed570fd..bcd9a6a0 100644 --- a/cookbooks/filebeat/attributes/files.rb +++ b/cookbooks/filebeat/attributes/files.rb @@ -1,6 +1,6 @@ # Cookbook Name:: filebeat # Attribute:: files -# Author:: Wazuh +# Author:: Wazuh default['filebeat']['alerts_template'] = 'wazuh-template.json' default['filebeat']['wazuh_module'] = "wazuh-filebeat-0.1.tar.gz" \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/paths.rb b/cookbooks/filebeat/attributes/paths.rb index 0f851bda..dedfa422 100644 --- a/cookbooks/filebeat/attributes/paths.rb +++ b/cookbooks/filebeat/attributes/paths.rb @@ -1,6 +1,6 @@ # Cookbook Name:: filebeat # Attribute:: paths -# Author:: Wazuh +# Author:: Wazuh default['filebeat']['config_path'] = '/etc/filebeat' default['filebeat']['wazuh_module_path'] = '/usr/share/filebeat/module' \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/versions.rb b/cookbooks/filebeat/attributes/versions.rb index 5cd66ec2..d88c9117 100644 --- a/cookbooks/filebeat/attributes/versions.rb +++ b/cookbooks/filebeat/attributes/versions.rb @@ -1,12 +1,12 @@ # Cookbook Name:: filebeat # Attribute:: versions -# Author:: Wazuh +# Author:: Wazuh # ELK default['elk']['major_version'] = "7.x" -default['elk']['patch_version'] = "7.9.1" +default['elk']['patch_version'] = "7.9.3" # Wazuh default['wazuh']['major_version'] = "4.x" default['wazuh']['minor_version'] = "4.0" -default['wazuh']['patch_version'] = "4.0.2" \ No newline at end of file +default['wazuh']['patch_version'] = "4.0.3" \ No newline at end of file diff --git a/cookbooks/filebeat/attributes/yml.rb b/cookbooks/filebeat/attributes/yml.rb new file mode 100644 index 00000000..15f9cbea --- /dev/null +++ b/cookbooks/filebeat/attributes/yml.rb @@ -0,0 +1,17 @@ +# Cookbook Name:: filebeat +# Attribute:: elastic +# Author:: Wazuh + +default['filebeat']['yml'] = { + 'output' => { + 'elasticsearch' => { + 'hosts' => [ + { + 'ip' => '0.0.0.0', + 'port' => 9200 + } + ] + } + } +} + diff --git a/cookbooks/filebeat/metadata.rb b/cookbooks/filebeat/metadata.rb index 313c31b3..2ce825e6 100644 --- a/cookbooks/filebeat/metadata.rb +++ b/cookbooks/filebeat/metadata.rb @@ -2,9 +2,10 @@ maintainer 'Wazuh' maintainer_email 'info@wazuh.com' license 'Apache 2.0' -description 'Installs and configures filebeat' +description 'Installs/Configures filebeat' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0' +chef_version '>= 15.0' %w(redhat centos oracle).each do |el| supports el, '>= 6.0' @@ -17,5 +18,4 @@ supports 'opensuse', '>= 42.0' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) -chef_version '>= 12.0' if respond_to?(:chef_version) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file diff --git a/cookbooks/filebeat/recipes/filebeat.rb b/cookbooks/filebeat/recipes/filebeat.rb index 31acca39..dbf2ab0e 100644 --- a/cookbooks/filebeat/recipes/filebeat.rb +++ b/cookbooks/filebeat/recipes/filebeat.rb @@ -4,19 +4,13 @@ # Install Filebeat package -if platform_family?('debian','ubuntu') - package 'lsb-release' - ohai 'reload lsb' do - plugin 'lsb' - subscribes :reload, 'package[lsb-release]', :immediately - end - +case node['platform'] +when 'debian','ubuntu' apt_package 'filebeat' do version "#{node['elk']['patch_version']}" end - -elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') - if node['platform']['version'] >= '8' +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' + if node['platform_version'] >= '8' dnf_package 'filebeat' do version "#{node['elk']['patch_version']}" end @@ -25,12 +19,10 @@ version "#{node['elk']['patch_version']}" end end - -elsif platform_family?('opensuse', 'suse') +when 'opensuseleap', 'suse' yum_package 'filebeat' do version "#{node['elk']['patch_version']}" end - else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" end @@ -43,40 +35,24 @@ group 'root' mode '0640' variables( - output_elasticsearch_hosts: node['filebeat']['elasticsearch_server_ip'], - template_json_path: "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" + hosts: node['filebeat']['yml']['output']['elasticsearch']['hosts'] ) end # Download the alerts template for Elasticsearch remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['alerts_template']}" do - source "https://raw.githubusercontent.com/wazuh/wazuh/v#{node['wazuh']['patch_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" + source "https://raw.githubusercontent.com/wazuh/wazuh/#{node['wazuh']['minor_version']}/extensions/elasticsearch/#{node['elk']['major_version']}/#{node['filebeat']['alerts_template']}" owner 'root' group 'root' mode '0644' end -# Download the Wazuh module for Filebeat - -remote_file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do - source "https://packages.wazuh.com/#{node['wazuh']['major_version']}/filebeat/#{node['filebeat']['wazuh_module']}" -end - -archive_file "#{node['filebeat']['wazuh_module']}" do - path "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" - destination "#{node['filebeat']['wazuh_module_path']}" -end - -file "#{node['filebeat']['config_path']}/#{node['filebeat']['wazuh_module']}" do - action :delete -end - -# Change module permission +# Download Wazuh module for Filebeat -directory '/usr/share/filebeat/module/wazuh' do - mode '0755' - recursive true +execute 'Extract Wazuh module' do + command "curl -s https://packages.wazuh.com/#{node['wazuh']['major_version']}/filebeat/#{node['filebeat']['wazuh_module']} | tar -xvz -C #{node['filebeat']['wazuh_module_path']}" + action :run end # Enable and start service diff --git a/cookbooks/filebeat/recipes/repository.rb b/cookbooks/filebeat/recipes/repository.rb index e30861d7..f636cbae 100644 --- a/cookbooks/filebeat/recipes/repository.rb +++ b/cookbooks/filebeat/recipes/repository.rb @@ -2,48 +2,42 @@ # Recipe:: repository # Author:: Wazuh -if platform_family?('ubuntu', 'debian') - package 'lsb-release' - - ohai 'reload lsb' do - plugin 'lsb' - subscribes :reload, 'package[lsb-release]', :immediately - end - - apt_repository 'elastic-7.x' do - key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - uri "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/apt" - components ['main'] - distribution 'stable' - not_if do - File.exists?("/etc/apt/sources.list.d/elastic-#{node['elk']['major_version']}.list") - end - action :add - end - - apt_update +case node['platform'] +when 'ubuntu', 'debian' + package 'lsb-release' - elsif platform_family?('redhat', 'centos', 'amazon', 'fedora', 'oracle') - yum_repository 'elastic' do - description 'Elasticsearch repository for 7.x packages' - gpgcheck true - gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - enabled true - baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" - action :create - end + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end + + apt_repository "elastic-#{node['elk']['major_version']}" do + key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + uri "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/apt" + components ['main'] + distribution 'stable' + action :add + end - elsif platform_family?('opensuseleap', 'suse') - zypper_repository 'elastic' do - description 'Elasticsearch repository for 7.x packages' - gpgcheck true - gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - enabled true - baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" - action :create - end - - else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + apt_update +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' + yum_repository 'elastic' do + description "Elasticsearch repository for #{node['elk']['major_version']} packages" + gpgcheck true + gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + enabled true + baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" + action :create + end +when 'opensuseleap', 'suse' + zypper_repository 'elastic' do + description "Elasticsearch repository for #{node['elk']['major_version']} packages" + gpgcheck true + gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + enabled true + baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" + action :create end - \ No newline at end of file +else + raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" +end diff --git a/cookbooks/filebeat/templates/default/filebeat.yml.erb b/cookbooks/filebeat/templates/default/filebeat.yml.erb index 09c66f38..d7a1c357 100644 --- a/cookbooks/filebeat/templates/default/filebeat.yml.erb +++ b/cookbooks/filebeat/templates/default/filebeat.yml.erb @@ -7,13 +7,13 @@ filebeat.modules: enabled: false setup.template.json.enabled: true -setup.template.json.path: '<%= @template_json_path %>' +setup.template.json.path: '/etc/filebeat/wazuh-template.json' setup.template.json.name: 'wazuh' setup.template.overwrite: true setup.ilm.enabled: false output.elasticsearch.hosts: [ - <% @output_elasticsearch_hosts.each do |node| %> - "<%= node %>" + <% @hosts.each do |node| %> + "http://<%= node['ip'] %>:<%= node['port'] %>" <% end %> ] \ No newline at end of file From 8259f1e5c28330843da594cce6cc96d578d278bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 3 Dec 2020 15:54:27 +0100 Subject: [PATCH 042/260] Update opendistro cookbook --- cookbooks/opendistro/attributes/api.rb | 16 +++--- cookbooks/opendistro/recipes/kibana.rb | 54 +++++++------------- cookbooks/opendistro/templates/wazuh.yml.erb | 13 +++-- 3 files changed, 36 insertions(+), 47 deletions(-) diff --git a/cookbooks/opendistro/attributes/api.rb b/cookbooks/opendistro/attributes/api.rb index 94516c37..c1a7d6c9 100644 --- a/cookbooks/opendistro/attributes/api.rb +++ b/cookbooks/opendistro/attributes/api.rb @@ -2,10 +2,12 @@ # Attributes:: api # Author:: Wazuh -default['kibana']['wazuh_api_credentials'] = { - 'id' => "default", - 'url' => "https://localhost", - 'port' => 55000, - 'username' => "wazuh", - 'password' => "wazuh" -} +default['kibana']['wazuh_api_credentials'] = [ + { + 'id' => "default", + 'url' => "https://localhost", + 'port' => 55000, + 'username' => "wazuh", + 'password' => "wazuh" + } +] diff --git a/cookbooks/opendistro/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb index 34c596a9..79519c7f 100644 --- a/cookbooks/opendistro/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -61,41 +61,6 @@ command "sudo -u kibana #{node['kibana']['package_path']}/bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip" end -# Create Wazuh-Kibana plugin configuration file - -directory "#{node['kibana']['optimize_path']}/wazuh" do - owner 'kibana' - group 'kibana' - action :create -end - -directory "#{node['kibana']['optimize_path']}/wazuh/config" do - owner 'kibana' - group 'kibana' - action :create -end - -directory "#{node['kibana']['optimize_path']}/wazuh/logs" do - owner 'kibana' - group 'kibana' - action :create -end - -template "#{node['kibana']['optimize_path']}/wazuh/config/wazuh.yml" do - source 'wazuh.yml.erb' - owner 'kibana' - group 'kibana' - mode '0600' - action :create - variables ({ - id: node['kibana']['wazuh_api_credentials']['id'], - url: node['kibana']['wazuh_api_credentials']['url'], - port: node['kibana']['wazuh_api_credentials']['port'], - username: node['kibana']['wazuh_api_credentials']['username'], - password: node['kibana']['wazuh_api_credentials']['password'] - }) -end - # Certificates placement directory "#{node['kibana']['certs_path']}" do @@ -141,6 +106,25 @@ } end +# Create Wazuh-Kibana plugin configuration file + +template "#{node['kibana']['optimize_path']}/wazuh/config/wazuh.yml" do + source 'wazuh.yml.erb' + owner 'kibana' + group 'kibana' + mode '0600' + action :create + variables ({ + api_credentials: node['kibana']['wazuh_api_credentials'] + }) +end + +# Restart Kibana service + +service "kibana" do + action [:restart] +end + ruby_block 'Wait for elasticsearch' do block do loop { break if (TCPSocket.open( diff --git a/cookbooks/opendistro/templates/wazuh.yml.erb b/cookbooks/opendistro/templates/wazuh.yml.erb index d90cbd11..d671fb3d 100644 --- a/cookbooks/opendistro/templates/wazuh.yml.erb +++ b/cookbooks/opendistro/templates/wazuh.yml.erb @@ -191,8 +191,11 @@ hosts: - - <%= @id %>: - url: <%= @url %> - port: <%= @port %> - username: <%= @username %> - password: <%= @password %> +<% @api_credentials.each do |api_user| %> + - <%= api_user['id'] %>: + url: <%= api_user['url'] %> + port: <%= api_user['port'] %> + username: <%= api_user['username'] %> + password: <%= api_user['password'] %> +<% end %> + \ No newline at end of file From 74630085788f33ed1e533fb4f01597adefd7bd99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 3 Dec 2020 15:54:58 +0100 Subject: [PATCH 043/260] Update wazuh-manager cookbook --- cookbooks/wazuh_manager/Berksfile | 5 +---- cookbooks/wazuh_manager/metadata.rb | 5 +---- cookbooks/wazuh_manager/recipes/default.rb | 2 -- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/cookbooks/wazuh_manager/Berksfile b/cookbooks/wazuh_manager/Berksfile index 8da8fae4..e66aa216 100644 --- a/cookbooks/wazuh_manager/Berksfile +++ b/cookbooks/wazuh_manager/Berksfile @@ -1,6 +1,3 @@ source 'https://supermarket.chef.io' -metadata - -cookbook 'filebeat-oss', path: '../filebeat-oss' -cookbook 'opendistro', path: '../opendistro' \ No newline at end of file +metadata \ No newline at end of file diff --git a/cookbooks/wazuh_manager/metadata.rb b/cookbooks/wazuh_manager/metadata.rb index a054cf7c..ef46e0fa 100644 --- a/cookbooks/wazuh_manager/metadata.rb +++ b/cookbooks/wazuh_manager/metadata.rb @@ -18,7 +18,4 @@ supports 'opensuse', '>= 42.0' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) - -depends 'filebeat-oss' -depends 'opendistro' \ No newline at end of file +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file diff --git a/cookbooks/wazuh_manager/recipes/default.rb b/cookbooks/wazuh_manager/recipes/default.rb index 2da76994..78f491b9 100644 --- a/cookbooks/wazuh_manager/recipes/default.rb +++ b/cookbooks/wazuh_manager/recipes/default.rb @@ -2,8 +2,6 @@ # Recipe:: default # Author:: Wazuh -include_recipe 'opendistro::default' include_recipe 'wazuh_manager::prerequisites' include_recipe 'wazuh_manager::repository' include_recipe 'wazuh_manager::manager' -include_recipe 'filebeat-oss::default' From 0902d4f804f157133ea620b8d680e81fad611361 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 11 Dec 2020 11:33:21 +0100 Subject: [PATCH 044/260] Update and lint cookbook --- cookbooks/elastic-stack/Berksfile | 4 +- cookbooks/elastic-stack/Gemfile | 24 +--- cookbooks/elastic-stack/attributes/api.rb | 18 +-- cookbooks/elastic-stack/attributes/jvm.rb | 6 +- cookbooks/elastic-stack/attributes/paths.rb | 8 +- .../elastic-stack/attributes/versions.rb | 16 +-- cookbooks/elastic-stack/attributes/yml.rb | 58 ++++----- cookbooks/elastic-stack/config/rake.rb | 14 ++- .../{.kitchen.yml => kitchen.yml} | 10 +- cookbooks/elastic-stack/metadata.rb | 6 +- cookbooks/elastic-stack/recipes/default.rb | 6 +- .../elastic-stack/recipes/elasticsearch.rb | 63 +++++----- cookbooks/elastic-stack/recipes/kibana.rb | 110 ++++++++++-------- .../elastic-stack/recipes/prerequisites.rb | 16 +-- cookbooks/elastic-stack/recipes/repository.rb | 18 +-- cookbooks/elastic-stack/spec/spec_helper.rb | 20 ---- .../spec/unit/recipes/default_spec.rb | 25 ---- .../spec/unit/recipes/elasticsearch_spec.rb | 26 ----- .../spec/unit/recipes/kibana_spec.rb | 49 -------- .../spec/unit/recipes/lostash_spec.rb | 58 --------- .../spec/unit/recipes/nginx_spec.rb | 60 ---------- .../test/data_bags/wazuh_secrets/api.json | 15 --- .../wazuh_secrets/logstash_certificate.json | 15 --- .../wazuh_secrets/nginx_certificate.json | 15 --- .../data_bags/wazuh_secrets/test_data_bag_key | 1 - .../test/environments/development.json | 17 --- .../test/environments/production.json | 17 --- .../default/data_bags/wazuh_secrets/api.json | 15 --- .../wazuh_secrets/logstash_certificate.json | 9 -- .../default/encrypted_data_bag_secret | 1 - .../default/serverspec/default_spec.rb | 9 -- .../elastic-stack/elasticsearch_test.rb | 38 ++++++ .../integration/elastic-stack/kibana_test.rb | 33 ++++++ .../elastic-stack/prerequisites_test.rb | 22 ++++ .../elastic-stack/repository_test.rb | 21 ++++ .../helpers/serverspec/spec_helper.rb | 8 -- 36 files changed, 320 insertions(+), 531 deletions(-) rename cookbooks/elastic-stack/{.kitchen.yml => kitchen.yml} (77%) delete mode 100644 cookbooks/elastic-stack/spec/spec_helper.rb delete mode 100644 cookbooks/elastic-stack/spec/unit/recipes/default_spec.rb delete mode 100644 cookbooks/elastic-stack/spec/unit/recipes/elasticsearch_spec.rb delete mode 100644 cookbooks/elastic-stack/spec/unit/recipes/kibana_spec.rb delete mode 100644 cookbooks/elastic-stack/spec/unit/recipes/lostash_spec.rb delete mode 100644 cookbooks/elastic-stack/spec/unit/recipes/nginx_spec.rb delete mode 100644 cookbooks/elastic-stack/test/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/elastic-stack/test/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/elastic-stack/test/data_bags/wazuh_secrets/nginx_certificate.json delete mode 100644 cookbooks/elastic-stack/test/data_bags/wazuh_secrets/test_data_bag_key delete mode 100644 cookbooks/elastic-stack/test/environments/development.json delete mode 100644 cookbooks/elastic-stack/test/environments/production.json delete mode 100644 cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/elastic-stack/test/integration/default/encrypted_data_bag_secret delete mode 100644 cookbooks/elastic-stack/test/integration/default/serverspec/default_spec.rb create mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb create mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb create mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb create mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb delete mode 100644 cookbooks/elastic-stack/test/integration/helpers/serverspec/spec_helper.rb diff --git a/cookbooks/elastic-stack/Berksfile b/cookbooks/elastic-stack/Berksfile index 9f9e38a4..6aca997c 100644 --- a/cookbooks/elastic-stack/Berksfile +++ b/cookbooks/elastic-stack/Berksfile @@ -1,7 +1,9 @@ +# frozen_string_literal: true + # -*- ruby -*- source 'https://supermarket.chef.io' metadata cookbook 'filebeat', path: '../filebeat' -cookbook 'wazuh_manager', path: '../wazuh_manager' \ No newline at end of file +cookbook 'wazuh_manager', path: '../wazuh_manager' diff --git a/cookbooks/elastic-stack/Gemfile b/cookbooks/elastic-stack/Gemfile index 15eaf962..d0c6e6b7 100644 --- a/cookbooks/elastic-stack/Gemfile +++ b/cookbooks/elastic-stack/Gemfile @@ -1,21 +1,7 @@ source 'https://rubygems.org' -group :lint do - gem 'foodcritic', '~> 5.0' - gem 'rubocop', '~> 0.50.0' -end - -group :unit do - gem 'berkshelf', '~> 4.0' - gem 'chefspec', '~> 4.4' -end - -group :kitchen_common do - gem 'test-kitchen', '~> 1.4' -end - -group :kitchen_vagrant do - gem 'kitchen-vagrant', '~> 0.19' -end - -gem 'psych', '~> 3.2' +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-vagrant' +gem 'kitchen-inspec' +gem 'inspec \ No newline at end of file diff --git a/cookbooks/elastic-stack/attributes/api.rb b/cookbooks/elastic-stack/attributes/api.rb index e12adb77..b1cce7e5 100644 --- a/cookbooks/elastic-stack/attributes/api.rb +++ b/cookbooks/elastic-stack/attributes/api.rb @@ -1,13 +1,15 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Attributes:: api # Author:: Wazuh default['kibana']['wazuh_api_credentials'] = [ - { - 'id' => "default", - 'url' => "http://localhost", - 'port' => 55000, - 'username' => "wazuh", - 'password' => "wazuh" - } -] \ No newline at end of file + { + 'id' => 'default', + 'url' => 'https://localhost', + 'port' => 55000, + 'username' => 'wazuh', + 'password' => 'wazuh', + } +] diff --git a/cookbooks/elastic-stack/attributes/jvm.rb b/cookbooks/elastic-stack/attributes/jvm.rb index 13f26a95..7794bda7 100644 --- a/cookbooks/elastic-stack/attributes/jvm.rb +++ b/cookbooks/elastic-stack/attributes/jvm.rb @@ -1,7 +1,9 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Attributes:: jvm # Author:: Wazuh default['jvm'] = { - 'memory' => "1g" -} \ No newline at end of file + 'memory' => '1g' +} diff --git a/cookbooks/elastic-stack/attributes/paths.rb b/cookbooks/elastic-stack/attributes/paths.rb index 017c7357..8b011510 100644 --- a/cookbooks/elastic-stack/attributes/paths.rb +++ b/cookbooks/elastic-stack/attributes/paths.rb @@ -1,10 +1,12 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Attributes:: paths # Author:: Wazuh # Elastic paths -default['elastic']['config_path'] = "/etc/elasticsearch" +default['elastic']['config_path'] = '/etc/elasticsearch' # Kibana paths -default['kibana']['package_path'] = "/usr/share/kibana" -default['kibana']['config_path'] = "/etc/kibana" +default['kibana']['package_path'] = '/usr/share/kibana' +default['kibana']['config_path'] = '/etc/kibana' diff --git a/cookbooks/elastic-stack/attributes/versions.rb b/cookbooks/elastic-stack/attributes/versions.rb index 852db383..02e18490 100644 --- a/cookbooks/elastic-stack/attributes/versions.rb +++ b/cookbooks/elastic-stack/attributes/versions.rb @@ -1,15 +1,17 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Attributes:: versions # Author:: Wazuh -# ELK -default['elk']['major_version'] = "7.x" -default['elk']['patch_version'] = "7.9.3" +# ELK +default['elk']['major_version'] = '7.x' +default['elk']['patch_version'] = '7.9.3' # Wazuh -default['wazuh']['major_version'] = "4.x" -default['wazuh']['minor_version'] = "4.0" -default['wazuh']['patch_version'] = "4.0.3" +default['wazuh']['major_version'] = '4.x' +default['wazuh']['minor_version'] = '4.0' +default['wazuh']['patch_version'] = '4.0.3' # Kibana -default['wazuh']['kibana_plugin_version'] = "4.0.3_7.9.3" +default['wazuh']['kibana_plugin_version'] = '4.0.3_7.9.3' diff --git a/cookbooks/elastic-stack/attributes/yml.rb b/cookbooks/elastic-stack/attributes/yml.rb index ceb3a056..12b24621 100644 --- a/cookbooks/elastic-stack/attributes/yml.rb +++ b/cookbooks/elastic-stack/attributes/yml.rb @@ -1,39 +1,41 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Attributes:: yml # Author:: Wazuh # Elasticsearch configuration file default['elastic']['yml'] = { - 'cluster' => { - 'name' => 'es-wazuh', - 'initial_master_nodes' => [ - 'es-node-01' - ] - }, - 'node' => { - 'name' => 'es-node-01' - }, - 'path' => { - 'data' => "/var/lib/elasticsearch", - 'logs' => "/var/log/elasticsearch" - }, - 'network' => { - 'host' => '0.0.0.0' - }, - 'http' => { - 'port' => 9200 - } + 'cluster' => { + 'name' => 'es-wazuh', + 'initial_master_nodes' => [ + 'es-node-01' + ] + }, + 'node' => { + 'name' => 'es-node-01' + }, + 'path' => { + 'data' => '/var/lib/elasticsearch', + 'logs' => '/var/log/elasticsearch' + }, + 'network' => { + 'host' => '0.0.0.0' + }, + 'http' => { + 'port' => 9200 + } } # Kibana configuration file default['kibana']['yml'] = { - 'server' => { - 'host' => '0.0.0.0', - 'port' => 5601 - }, - 'elasticsearch' => { - 'hosts' => [ - "http://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" - ] - } + 'server' => { + 'host' => '0.0.0.0', + 'port' => 5601 + }, + 'elasticsearch' => { + 'hosts' => [ + "http://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" + ] + } } diff --git a/cookbooks/elastic-stack/config/rake.rb b/cookbooks/elastic-stack/config/rake.rb index 65d7d3a9..acfa0927 100644 --- a/cookbooks/elastic-stack/config/rake.rb +++ b/cookbooks/elastic-stack/config/rake.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Configure the Rakefile's tasks. ### @@ -6,22 +8,22 @@ ### # The company name - used for SSL certificates, and in srvious other places -COMPANY_NAME = 'Wazuh'.freeze +COMPANY_NAME = 'Wazuh' # The Country Name to use for SSL Certificates -SSL_COUNTRY_NAME = 'US'.freeze +SSL_COUNTRY_NAME = 'US' # The State Name to use for SSL Certificates -SSL_STATE_NAME = 'VA'.freeze +SSL_STATE_NAME = 'VA' # The Locality Name for SSL - typically, the city -SSL_LOCALITY_NAME = 'Leesburg'.freeze +SSL_LOCALITY_NAME = 'Leesburg' # What department? -SSL_ORGANIZATIONAL_UNIT_NAME = 'Operations'.freeze +SSL_ORGANIZATIONAL_UNIT_NAME = 'Operations' # The SSL contact email address -SSL_EMAIL_ADDRESS = 'info@wazuh.com'.freeze +SSL_EMAIL_ADDRESS = 'info@wazuh.com' # License for new Cookbooks # Can be :apachev2 or :none diff --git a/cookbooks/elastic-stack/.kitchen.yml b/cookbooks/elastic-stack/kitchen.yml similarity index 77% rename from cookbooks/elastic-stack/.kitchen.yml rename to cookbooks/elastic-stack/kitchen.yml index eb67c2a0..4c8aae33 100644 --- a/cookbooks/elastic-stack/.kitchen.yml +++ b/cookbooks/elastic-stack/kitchen.yml @@ -3,12 +3,9 @@ driver: provisioner: name: chef_zero - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" product_version: latest -verifiers: +verifier: name: inspec platforms: @@ -36,4 +33,7 @@ suites: driver: customize: memory: 4096 - cpus: 2 \ No newline at end of file + cpus: 2 + verifier: + inspec_tests: + - path: test/integration/elastic-stack/ \ No newline at end of file diff --git a/cookbooks/elastic-stack/metadata.rb b/cookbooks/elastic-stack/metadata.rb index d8fc6d0d..aea9f742 100644 --- a/cookbooks/elastic-stack/metadata.rb +++ b/cookbooks/elastic-stack/metadata.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + name 'elastic-stack' maintainer 'Wazuh' maintainer_email 'info@wazuh.com' @@ -7,7 +9,7 @@ version '0.1.0' chef_version '>= 15.0' -%w(redhat centos oracle).each do |el| +%w[redhat centos oracle].each do |el| supports el, '>= 6.0' end supports 'amazon', '>= 1.0' @@ -21,4 +23,4 @@ source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) depends 'filebeat' -depends 'wazuh_manager' \ No newline at end of file +depends 'wazuh_manager' diff --git a/cookbooks/elastic-stack/recipes/default.rb b/cookbooks/elastic-stack/recipes/default.rb index 1f301f35..a5da2019 100644 --- a/cookbooks/elastic-stack/recipes/default.rb +++ b/cookbooks/elastic-stack/recipes/default.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Recipe:: default # Author:: Wazuh @@ -6,5 +8,5 @@ include_recipe 'elastic-stack::repository' include_recipe 'elastic-stack::elasticsearch' include_recipe 'elastic-stack::kibana' -include_recipe 'wazuh_manager::default' -include_recipe 'filebeat::default' \ No newline at end of file +# include_recipe 'wazuh_manager::default' +# include_recipe 'filebeat::default' diff --git a/cookbooks/elastic-stack/recipes/elasticsearch.rb b/cookbooks/elastic-stack/recipes/elasticsearch.rb index bfbc0ba0..7c7d61f7 100644 --- a/cookbooks/elastic-stack/recipes/elasticsearch.rb +++ b/cookbooks/elastic-stack/recipes/elasticsearch.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Recipe:: elasticsearch # Author:: Wazuh @@ -7,24 +9,24 @@ case node['platform'] when 'debian', 'ubuntu' apt_package 'elasticsearch' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'elasticsearch' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end else yum_package 'elasticsearch' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end end when 'opensuseleap', 'suse' zypper_package 'elasticsearch' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' end # Set up elasticsearch config file @@ -35,14 +37,14 @@ group 'elasticsearch' mode '0660' variables({ - cluster_name: node['elastic']['yml']['cluster']['name'], - node_name: node['elastic']['yml']['node']['name'], - path_data: node['elastic']['yml']['path']['data'], - path_logs: node['elastic']['yml']['path']['logs'], - network_host: node['elastic']['yml']['network']['host'], - http_port: node['elastic']['yml']['http']['port'], - initial_master_nodes: node['elastic']['yml']['cluster']['initial_master_nodes'] - }) + cluster_name: node['elastic']['yml']['cluster']['name'], + node_name: node['elastic']['yml']['node']['name'], + path_data: node['elastic']['yml']['path']['data'], + path_logs: node['elastic']['yml']['path']['logs'], + network_host: node['elastic']['yml']['network']['host'], + http_port: node['elastic']['yml']['http']['port'], + initial_master_nodes: node['elastic']['yml']['cluster']['initial_master_nodes'] + }) end # Set up jvm options @@ -52,7 +54,7 @@ owner 'root' group 'elasticsearch' mode '0660' - variables({memmory: node['jvm']['memory']}) + variables({ memmory: node['jvm']['memory'] }) end bash 'insert_line_limits.conf' do @@ -60,24 +62,24 @@ echo "elasticsearch - nofile 65535" >> /etc/security/limits.conf echo "elasticsearch - memlock unlimited" >> /etc/security/limits.conf EOH - not_if "grep -q elasticsearch /etc/security/limits.conf" + not_if 'grep -q elasticsearch /etc/security/limits.conf' end -# Verify Elasticsearch folders owner +# Verify Elasticsearch folders owner -directory "#{node['elastic']['config_path']}" do +directory (node['elastic']['config_path']).to_s do owner 'elasticsearch' group 'elasticsearch' recursive true end -directory "/usr/share/elasticsearch" do +directory '/usr/share/elasticsearch' do owner 'elasticsearch' group 'elasticsearch' recursive true end -directory "/var/lib/elasticsearch" do +directory '/var/lib/elasticsearch' do owner 'elasticsearch' group 'elasticsearch' recursive true @@ -85,17 +87,24 @@ # Enable and start service -service "elasticsearch" do - supports :start => true, :stop => true, :restart => true, :reload => true - action [:enable, :start] +service 'elasticsearch' do + supports start: true, stop: true, restart: true, reload: true + action %i[enable start] end ruby_block 'Wait for elasticsearch' do block do - loop { break if (TCPSocket.open( - "#{node['elastic']['yml']['network']['host']}", - node['elastic']['yml']['http']['port']) rescue nil - ); puts "Waiting for elasticsearch to start"; sleep 5 } + loop do + break if begin + TCPSocket.open( + (node['elastic']['yml']['network']['host']).to_s, + node['elastic']['yml']['http']['port'] + ) + rescue StandardError + nil + end + + puts 'Waiting for elasticsearch to start'; sleep 5 + end end end - diff --git a/cookbooks/elastic-stack/recipes/kibana.rb b/cookbooks/elastic-stack/recipes/kibana.rb index fc04e3d8..751cce20 100644 --- a/cookbooks/elastic-stack/recipes/kibana.rb +++ b/cookbooks/elastic-stack/recipes/kibana.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Recipe:: kibana # Author:: Wazuh @@ -7,24 +9,38 @@ case node['platform'] when 'debian', 'ubuntu' apt_package 'kibana' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'kibana' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end - else + else yum_package 'kibana' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end end when 'opensuseleap', 'suse' zypper_package 'kibana' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' +end + +# Create Kibana configuration file + +template "#{node['kibana']['config_path']}/kibana.yml" do + source 'kibana.yml.erb' + owner 'kibana' + group 'kibana' + mode 0o755 + variables({ + server_port: node['kibana']['yml']['server']['port'], + server_host: node['kibana']['yml']['server']['host'], + elasticsearch_hosts: node['kibana']['yml']['elasticsearch']['hosts'] + }) end # Update the optimize and plugins directories permissions @@ -45,65 +61,67 @@ execute 'Install the Wazuh app plugin for Kibana' do command "sudo -u kibana #{node['kibana']['package_path']}/bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip" + not_if do + File.exist?("#{node['kibana']['package_path']}/optimize/wazuh/config/wazuh.yml") + end end -# Create Kibana configuration file - -template "#{node['kibana']['config_path']}/kibana.yml" do - source 'kibana.yml.erb' - owner 'kibana' - group 'kibana' - mode 0755 - variables({ - server_port: node['kibana']['yml']['server']['port'], - server_host: node['kibana']['yml']['server']['host'], - elasticsearch_hosts: node['kibana']['yml']['elasticsearch']['hosts'] - }) -end - -# Enable and start the Kibana service - -service "kibana" do - supports :start => true, :stop => true, :restart => true, :reload => true - action [:enable, :start] -end - -# Create Wazuh-Kibana plugin configuration file +# Configure Wazuh-Kibana plugin configuration file template "#{node['kibana']['package_path']}/optimize/wazuh/config/wazuh.yml" do source 'wazuh.yml.erb' owner 'kibana' group 'kibana' - mode 0755 + mode 0o755 action :create - variables ({ - api_credentials: node['kibana']['wazuh_api_credentials'] - }) + variables({ + api_credentials: node['kibana']['wazuh_api_credentials'] + }) + only_if do + File.exist?("#{node['kibana']['package_path']}/optimize/wazuh/config/wazuh.yml") + end end -# Restart Kibana service +# Enable and start the Kibana service -service "kibana" do - action [:restart] +service 'kibana' do + supports start: true, stop: true, restart: true, reload: true + action %i[enable start] end +# Wait for elastic and kibana services + ruby_block 'Wait for elasticsearch' do block do - loop { break if (TCPSocket.open( - "#{node['elastic']['yml']['network']['host']}", - node['elastic']['yml']['http']['port']) rescue nil); - puts "Waiting elasticsearch...."; sleep 1 - } + loop do + break if begin + TCPSocket.open( + (node['elastic']['yml']['network']['host']).to_s, + node['elastic']['yml']['http']['port'] + ) + rescue StandardError + nil + end + + puts 'Waiting elasticsearch....'; sleep 1 + end end end ruby_block 'Wait for kibana' do block do - loop { break if (TCPSocket.open( - "#{node['kibana']['yml']['server']['host']}", - node['kibana']['yml']['server']['port']) rescue nil); - puts "Waiting kibana...."; sleep 60 - } + loop do + break if begin + TCPSocket.open( + (node['kibana']['yml']['server']['host']).to_s, + node['kibana']['yml']['server']['port'] + ) + rescue StandardError + nil + end + + puts 'Waiting kibana....'; sleep 60 + end end end @@ -121,4 +139,4 @@ user: admin password: admin" level :info -end \ No newline at end of file +end diff --git a/cookbooks/elastic-stack/recipes/prerequisites.rb b/cookbooks/elastic-stack/recipes/prerequisites.rb index f480c22a..19abe7cd 100644 --- a/cookbooks/elastic-stack/recipes/prerequisites.rb +++ b/cookbooks/elastic-stack/recipes/prerequisites.rb @@ -1,13 +1,15 @@ +# frozen_string_literal: true + # Cookbook Name:: elastis-stack # Recipe:: prerequisites # Author:: Wazuh -case node['platform'] -when 'debian','ubuntu' +case node['platform'] +when 'debian', 'ubuntu' apt_package 'curl' do action :install end - + apt_package 'apt-transport-https' do action :install end @@ -16,7 +18,7 @@ dnf_package 'curl' do action :install end - + dnf_package 'libcap' do action :install end @@ -24,7 +26,7 @@ yum_package 'curl' do action :install end - + yum_package 'libcap' do action :install end @@ -33,10 +35,10 @@ zypper_package 'curl' do action :install end - + zypper_package 'libcap2' do action :install end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' end diff --git a/cookbooks/elastic-stack/recipes/repository.rb b/cookbooks/elastic-stack/recipes/repository.rb index 981d1276..b14bb911 100644 --- a/cookbooks/elastic-stack/recipes/repository.rb +++ b/cookbooks/elastic-stack/recipes/repository.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Cookbook Name:: elastic-stack # Recipe:: repository # Author:: Wazuh @@ -12,7 +14,7 @@ end apt_repository "elastic-#{node['elk']['major_version']}" do - key "https://artifacts.elastic.co/GPG-KEY-elasticsearch" + key 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' uri "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/apt" components ['main'] distribution 'stable' @@ -24,20 +26,20 @@ yum_repository 'elastic' do description "Elasticsearch repository for #{node['elk']['major_version']} packages" gpgcheck true - gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - enabled true + gpgkey 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + enabled true baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" action :create end when 'opensuseleap', 'suse' - zypper_repository 'elastic' do + zypper_repository 'elastic' do description "Elasticsearch repository for #{node['elk']['major_version']} packages" gpgcheck true - gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch" - enabled true + gpgkey 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' + enabled true baseurl "https://artifacts.elastic.co/packages/#{node['elk']['major_version']}/yum" action :create end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" -end \ No newline at end of file + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' +end diff --git a/cookbooks/elastic-stack/spec/spec_helper.rb b/cookbooks/elastic-stack/spec/spec_helper.rb deleted file mode 100644 index c86adfd5..00000000 --- a/cookbooks/elastic-stack/spec/spec_helper.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' - -RSpec.configure do |config| - # Use color in STDOUT - config.color = true - - # Use color not only in STDOUT but also in pagers and files - config.tty = true - - # Use the specified formatter - config.formatter = :documentation # :progress, :html, :textmate - - config.log_level = :error - - config.platform = 'ubuntu' - config.version = '14.04' -end - -at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/elastic-stack/spec/unit/recipes/default_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/default_spec.rb deleted file mode 100644 index a7746378..00000000 --- a/cookbooks/elastic-stack/spec/unit/recipes/default_spec.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: default -# - -require 'spec_helper' - -describe 'wazuh_elastic::default' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - it 'does not raise an exception' do - stub_command('dpkg -s oracle-java8-installer').and_return(true) - expect { chef_run }.to_not raise_error - end - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'nginx_certificate').and_return('{"nginx_certificate": "nginx_certificate"}') - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return('{"logstash_certificate": "logstash_certificate"}') - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return('{"htpasswd_user": "htpasswd_user", "htpasswd_passcode": "htpasswd_passcode"}') - end - - it 'includes the wazuh_elastic::default recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::default' - end -end diff --git a/cookbooks/elastic-stack/spec/unit/recipes/elasticsearch_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/elasticsearch_spec.rb deleted file mode 100644 index abfdd020..00000000 --- a/cookbooks/elastic-stack/spec/unit/recipes/elasticsearch_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: elasticsearch -# - -require 'spec_helper' - -describe 'wazuh_elastic::elasticsearch' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - it 'includes the wazuh_elastic::elasticssearch recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::elasticsearch' - end - - it 'service elasticsearch' do - expect(chef_run).to start_service('elasticsearch') - end - - it 'create a template elasticsearch.yml' do - expect(chef_run).to create_template('/etc/elasticsearch/elasticsearch.yml').with( - :owner => 'root', - :group => 'elasticsearch', - :source => 'elasticsearch.yml.erb' - ) - end -end diff --git a/cookbooks/elastic-stack/spec/unit/recipes/kibana_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/kibana_spec.rb deleted file mode 100644 index 2cc0a86f..00000000 --- a/cookbooks/elastic-stack/spec/unit/recipes/kibana_spec.rb +++ /dev/null @@ -1,49 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: kibana -# - -require 'spec_helper' - -describe 'wazuh_elastic::kibana' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( - '{"logstash_certificate": "logstash_certificate"}' - ) - end - - it 'includes the wazuh_elastic::kibana recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::kibana' - end - - it 'installs python-requests' do - expect(chef_run).to install_package('python-requests') - end - - it 'create a template /tmp/wazuh_kibana_installer.py' do - expect(chef_run).to create_template('/tmp/wazuh_kibana_installer.py').with( - :owner => 'root', - :group => 'root', - :mode => '0777', - :source => 'wazuh_kibana_installer.py.erb' - ) - end - - it 'create a template kibana.yml' do - expect(chef_run).to create_template('/opt/kibana/config/kibana.yml').with( - :owner => 'root', - :group => 'root', - :source => 'kibana.yml.erb' - ) - end - - it 'service kibana' do - expect(chef_run).to start_service('kibana') - end - - it 'installs kibana' do - expect(chef_run).to install_package('kibana') - end -end diff --git a/cookbooks/elastic-stack/spec/unit/recipes/lostash_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/lostash_spec.rb deleted file mode 100644 index 92d12b67..00000000 --- a/cookbooks/elastic-stack/spec/unit/recipes/lostash_spec.rb +++ /dev/null @@ -1,58 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: logstash -# - -require 'spec_helper' - -describe 'wazuh_elastic::logstash' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( - '{"logstash_certificate": "logstash_certificate"}' - ) - end - - it 'includes the wazuh_elastic::logstash recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::logstash' - end - - it 'service logstash' do - expect(chef_run).to start_service('logstash') - end - - it 'creates a file /etc/logstash/logstash-forwarder.key' do - expect(chef_run).to create_file('/etc/logstash/logstash-forwarder.key').with( - user: 'root', - group: 'root' - ) - end - - it 'creates a file /etc/logstash/logstash-forwarder.crt' do - expect(chef_run).to create_file('/etc/logstash/logstash-forwarder.crt').with( - user: 'root', - group: 'root' - ) - end - - it 'create a template elastic-ossec-template.json' do - expect(chef_run).to create_template('/etc/logstash/elastic-ossec-template.json').with( - owner: 'root', - group: 'root', - source: 'elastic-ossec-template.json.erb' - ) - end - - it 'create a template 01-ossec.conf' do - expect(chef_run).to create_template('/etc/logstash/conf.d/01-ossec.conf').with( - owner: 'root', - group: 'root', - source: '01-ossec.conf.erb' - ) - end - - it 'installs logstash' do - expect(chef_run).to install_package('logstash') - end -end diff --git a/cookbooks/elastic-stack/spec/unit/recipes/nginx_spec.rb b/cookbooks/elastic-stack/spec/unit/recipes/nginx_spec.rb deleted file mode 100644 index 20c64013..00000000 --- a/cookbooks/elastic-stack/spec/unit/recipes/nginx_spec.rb +++ /dev/null @@ -1,60 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: nginx -# - -require 'spec_helper' - -describe 'wazuh_elastic::nginx' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'nginx_certificate').and_return( - '{"nginx_certificate": "nginx_certificate"}' - ) - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return( - '{"htpasswd_user": "htpasswd_user", "htpasswd_passcode": "htpasswd_passcode"}' - ) - end - - it 'includes the wazuh_elastic::nginx recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::nginx' - end - - it 'service nginx' do - expect(chef_run).to start_service('nginx') - end - - it 'creates a file /etc/ssl/certs/kibana-access.crt' do - expect(chef_run).to create_file('/etc/ssl/certs/kibana-access.crt').with( - user: 'root', - group: 'root' - ) - end - - it 'creates a file /etc/nginx/conf.d/kibana.htpasswd' do - expect(chef_run).to create_file('/etc/nginx/conf.d/kibana.htpasswd').with( - user: 'root', - group: 'root' - ) - end - - it 'creates a file /etc/ssl/certs/kibana-access.key' do - expect(chef_run).to create_file('/etc/ssl/certs/kibana-access.key').with( - user: 'root', - group: 'root' - ) - end - - it 'create a template default' do - expect(chef_run).to create_template('/etc/nginx/sites-available/default').with( - owner: 'root', - group: 'root', - source: 'nginx-default.erb' - ) - end - - it 'installs nginx' do - expect(chef_run).to install_package('nginx') - end -end diff --git a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/api.json b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 5e1e892d..00000000 --- a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "Hps2D0xEoVjRQWPwcsti71gKX1WIkXvW496YAvhjq+y7F0E1uz/fqb1y6fbr\nHJ2McX2GRDaVV0jdDHdthukq2Be5vv82xyMxHDa+HfZfB8LFD4s1XWdFYXDd\ndc2zBxgFhNkyT4qCFnlJkCY2IBc1MIQThW/eBN5S/v+GLKJw1l+nFH0t+aTS\nbXDaR7FmPD3UNUo+PxqJFbqDYFpLCzcPrRCPaMduo3e+kgegvaEFQJjbglPO\nX7aYgtEuAj8+YOl828gKTpZDAzbU/UtoO2EGwgQJJB4s4VpXb6aJBaZugWf9\nl81yJR1aAn8lDxRow7FU7juGiSlGmxOZY0/2G7WpPgq9hetsIm2WrEhNqj5b\nyKnCRLSM6N4YRyUYUQy/dPQKZW0R14jb08xvkyv4+a40fztUJ9Z67Exv5xqp\nWfmqtd3VMjmFYay2J6d0r5twdLDJ4r4OBP8cqa7wl64R2il/E7Mfg6bnyNf8\nBUWrIhZ5Tp/RlSuJ4yMm/Stb3aDRKLGLHfJXcuEjhqurtaesV2zJoX1HYMjn\nkrfE4FheohTjAqXza1PFdVLhQuLJIlr0hD0UIpAvAcbfAqwvQHsr4sV8EP3c\nnpN8NHiAOaxDq9+tAsbk0+pJa2gs16vhTv8vgEZRihrCUrXi9FEh/Z6ahiN7\nQqQ6iwqWW8ZDkFlKfjZgxI4CUta6Mi5l4yGBfqdy+TdbzuWT/euRBZO16EaG\nI5cqKT2yKTAR2A4Nw0pS8DdHQUn+x1PhOO6G3RSwMTQ0p6v2KWHQerGo1e3+\nEXaWBSNnb0t0mFj4oljXpXxkEtT393Bs/LMZ0MoaE3uWam5IAP/NY121Lm+I\nciPIbFKb1PKpjccnW9N+3cAWARqA8pC86ItdV/Q7gI5XbEIIcCVLwzhUGyo2\n1JfG89VAwNqOuyVGXRMnOHMD0V/czDRTebDCT6DHCG5nxS6MeYDlYUIEfIEo\n/xIDJbhPo6L+nk3yvVABQXBYayxnrCLGMkQ1xWA9UzC73q+Rd34X970qTK0P\nery6zm0WbP5dvRrzZYiDLjRY0MRrWvXXsLjP7uhz6gRKfq1KGfx/m6VDAzrZ\nuRNbyl4zEx0/CXViwNmMs/iLt3H3rKom7vRLs1qDtwyQvGChrbkmNWsD6iEH\nVNhIDVJj8JjDAjeK2CbhPWtt/UJWkoHmn5sGJdrtgYsuMeXIkDuA0v6hT+cl\ndwrR1EhONUWhNMsBMLVZMkTlg6UieaOCm+4EN0tA4J3b45Eo2zuerjkUzXBQ\nhdlxfiPKIDRFBkHzMQI/OnlMT2GFO0CJ3xp71kjaavmEmU7vsdynwekuo4u4\n9q/LHbuwNEtM08RezYmptwblbmNNvengIAPIovpaAbFVyOsZog/GEAIZmrYP\nmzyGEOBdPIQZfyP9e6wIM5XoN2UgwHohiMTGRX6XdGJjW30zPw0dkRhciKBT\nq7yl3/UxZoMF6v5ihhB/LbHM3TFW4XucrnvY930daYVxvUuxlYXy7/9vx6zq\n/kEbC7AkA8zJ3AhP711dk5ROqia9Fvna7juFic7OxZdNnXm+0unxBqHT976w\nCK0KkDfwB6UH5p5wvFCZlvnyquKggJoNn8XXTfUrUo1Qpq/rggDfhIsaeB7B\nNA1uVb2udXSWEw/TL+UQJIgNqz/jtHctfUjz6w7Qx+I1vlXeeuNlMzHDZX8l\nzx8xWIbddmZG7bqVQ/DcigX0Sgj8kzgd8J4cJFrr9MG7BDJMbtkxBCp7RwSQ\nM5FUinkCiQ==\n", - "iv": "Aa90t/SYwXMFVtEnnWhynQ==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "logstash_certificate_key": { - "encrypted_data": "GeLqjtWtHWxkppekOd67UdAYo4o81ycv6VrCW1EzFLWxXZJFz/Zqh6Gp6Hxb\n3TnRNjDBEdjlRwdQwtUfVr5T6qPJpDinoVL32tMMFsyY9nRqBqhjkxoobZub\n3aQbrCN2TMrsYscwWnoR8odvHXthZ45DIXeKvSdeVB7oxmwuOV+liXj0SvL9\nbQ8TZhNKKF7AQFjY+fVVbHfqXF4TDSelNidE/a1tutSQFqXWjxpXBJ6JEee1\nBYvnx1Zk0Sg7ghbl7jAd2JgaX4DsFt1DirPFIP5JxuBcHsuCgkZyYoUzFn11\nORJm+1fxAPhHBolObZ86iQtoAsKk5IL4D9/COxAljMK9WYyzGqB6L8uX8C7t\nQWg5T08dtEiy9+ZjJlGi280HENSR4oiOMIHPm9lyiIjmZIqhDq3eEgVWYrRk\n1y0D+1279r81Yq12cAB7aXCou6PavvwjBooMiIEmL0yWG+B4pwEir8ow2InE\n4/xtEuE8qprHtdSpZ+MNSnS9c5wctjs7/g0/FSKQ+OWT/LAubrDeDmmeh8TM\nQ+9hsPhOnYeUTVJ+nFQiOuMJT8i8aU64865BVtymLYSoZfmHt6ZMPhKe2lQ+\nzPz+ykU8xVsqrPdo7byhBaiR/xM0dMWpNVl7C11yllq0Z8ewrcmT3DAddnZQ\naRaae9rKON/V7i+Bo2egBa3wJl9Uvw0C6AVi9UNX7/WflRwsTdZDF+I0sAR7\nKQZP0wByBETAYyRaWNMbabfKAVS7NWWLx3N/KRrRarvd9i5GixVqi7wB+mlM\nNvdPYYATKKV+5EjgI3AOThDLHwO1AoSyOCp9jKhsSuyUHSfkQsQXenlFW8KN\nT5J/cl0066yDBZqhlXQ0B+9BI7vhM5ESKdX5hw/5aa3uFaHCeutuql3aAtXU\na5+At6mxRl6Fi6PrmQhA/oWk6etBlZW4Dscv4SauF66zlmQlqHqc5UPNVrR0\nKT8vjVrY0adbR6JG+qOD1UTYYppijW+HMWiPRDbXe9iPSm+wyrybsmqNblPp\n2iEWoPfsLK1jOWZqo0FDrzSwFCcr0rBpPSc1hjuFZ0MrCmW99HEtEHriMPS1\niIQ5hAlDg/qLNaTwIgmbKkiw/OrcYE41XW7R16wOVDWGgmnoJYgBTpyvFY++\nf2OWg2ChUbxMr3rn4qQQY5K1wyKvlrZsDeP0FB+CiEeNqAc1qVpkBuTlA4Vb\nNXVrhoj3ZxIdIoe1yMKsbtSkDIjiYM6gDgmf3Gm0OGh7QtJjgvq/xpcD85/e\ndO/FzXTINpnbmt+w2L36ksW5INmKDQr/l7TApv6t24dbVm/S7h3YDr1umHX0\njwtAMfrZGDGz+Rtqz6Cq+PWznC42bx5SyFkxRgOeZeCq+AxSE1daLognV7Y3\n/W3hyH5m9akJROej6luPG4u/VgwKdCQWKE7axC7EOznOhWlsMXfbJyvr/ZIK\nVrp0Xp7jrEd65gLRDO/qB1jRFufyVv81AIl9Lkcj+7gNGT4gFRLOdZJR/puH\n3/K2Us6ccA93KDNqut230HXGzDMEI4xBIVFCMb9H7txdfz2YnArvrLlylWK9\nwwn/3bobktAdmSxFe9LZaDpkbnv2dmBgEfmgeGOvKZTTkv636g3W5/pF4Hw2\nbp4IUxWozfOtOT1cA8/TfJ1xyTsob3qIkZiA3ju0yW4ULenu9IjplN+uH+WC\n4+35xHSVvvZr2702ho/aV91nJwiPWjsskXORVVY8Fo4Itv7sW826sbKr/Ja7\njyCQG8yB0jVkur51cjkauxaI+AI3DFTK96bswRzPJ3uJU42ESXm44c/VuklW\nDQTx8DNkhgPZ8odjnwWR1vKxQH41ko3GiJlXx8+2Iht4iA0WQ0fPZqnxStDs\nV/4CW5OUlPwzKVOBgoamgLf0Z2TAV/oQxIlSa/sDsEZfbj+gVG0eRWnWrM3H\nJu8/f45IWleIMBVb6IXvvKpwwGZ6PSerLWa+ePVDqlkSEvp2nSQD5jcKAY30\neojZTNUeDaKTVbkZy5kBhN4T0R+FJ5w/PhtphDSptBQ35DLtyOgVO/zIXgOB\n7fH3B/+ZFSjotRLB3nbGJkaYLmFqTW/AMoAnWpxDU9f1sAWHB4VLcd04Z/SY\n8NsobTGNP9aOMezaIgrtb1udPJjW6UArgNKmThoyX9J437aXDTxIIcvrcDvl\nYZP703Gxhboq3tYwfLugUeZFuAy5/binmcVDGkCGdjuUQ/Drd4VzB72JRlCv\n00LOHS8xIFfD1Rr8mH1AU1LtdjlTy8HFynM/XsZ5pup5zdkl00hxsaMGRNwU\nBWrkUSfhvx88SlSYaIi82pns8jhseVfm28zgetjYDw0i20IcueKw1IHptlFe\nsZAxshw=\n", - "iv": "EyUb/TEyoS/xyfuwTBin3Q==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/nginx_certificate.json b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/nginx_certificate.json deleted file mode 100644 index da76d715..00000000 --- a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/nginx_certificate.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "nginx_certificate", - "nginx_crt": { - "encrypted_data": "wG/uZ0a9aKXrGoRzR/57dBU1fMevFjSsMmJ0FNWS35DsNuFMiM+cT1pkzKV0\n6oaGpHGlkMeJ1EeV69rO6tTCwmtBGml+16j+yzJpaOzSA4wmiXdqpWx/dtkN\n8yZVdn9GYRx+Dfb2+l//u/r4jdIOw3tYXk29+nW9ltTB1qO+se9ki8lAV7xs\nKzOBjXwdJYlMt3OabBc0LdjfGvJ7dcoUwMJOqw7nI50SfPbpowBLK9tQN8ia\nJmd6glMBdbNFF+vlvjAFbFIDtEbZL66rTqiDyyA9mlwRfIKr3WSMS6cXGdzz\nSpup34zyt0HWQZShGav8azVrcS9h9lo5xJVzz/eCRSnuxEY8cAY9bE5Pu+3Y\nuB5XvrMKgOfiDHy9t0Ksa4iPEgR5Iy/yx79Jb/zQvYSKj6++9Mx5cCLv6EAT\nYO/se7VyfDSl0/n57Ml94mRmPyLJBajn3Xx4MAgaKpEGeJhcvSPo1jOGZNi8\nBHvtz23ZZdcEg0zXBgtAC4QV3EpUnYkPboq32+hygwoMiqalEZBGcjtJvRm7\nGgw2iCYbnWuobUDt9bM+s0lbpVNc+yJYbM6Ou5AI4i/lC1z/iamQQaDZ5NYU\naNlof3ut/NBhylVX+gaXM4T783z4U6qa0wkYQvx/+UasbNVl8faXCT2GAknd\nhG/mlcm6qrTeDKWrQGZBpahL6j8spyqngFjK2Fyvp6rG6qvSLfh/STwgZi3f\n2s/vWL/iigFZO/04POt2mXVbyK3T63wF06GbSauYStzVBu31HW+3MzIisWJl\nqLLhHjz3cXs9IFItZuDca44GR7mVYESidmE9mz5fOhm6x5Zm6/nIqNZBE157\nn5S+LS0vcLkinsWg3WQAjGotESDI0rjOIra3oWag+COhQAZWAKINUOA0eE39\n+EFO0d2ZHJ7IfPJ8af5NyK67AD475QaNQbLKs6w28muZIEKtznONAKciXNaw\nGvX/zDNdAcnzLeOpYOwO1/v28E2kpLZrQut4vblQwcvzgNXOEJ97Den2Ni5U\nCTSyFL58IyrODTSZ85qQUhSBwikegHwczbA0zNTkmh+Xor0=\n", - "iv": "L76cl+YNuGvttdWHCUl4Xg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "nginx_key": { - "encrypted_data": "V7ap5IieGtIpxj59N1g1XInadF5feKdqYc48Vs4X5fybyQoo7AyhtUNggs52\nyDQj8X4RD9F+mI5+86pEH1IXY1bduo7nxW6vORrFcB0YGYqAXG+6MZPbF/93\nQi8CHNaC4qArvvgO/pdbHrZd/YofF2hNfWGBIsSE1gyFbkYX1UhNqhl9gd60\nDUwVlbSokzTyXCe2ODiE33Pa2gD4/tHxyaVyJ7R2JRWWlI1j7gN66D+C0PYD\nv7Et841hOWzoFMfboGJgmBvYVp/Ii9+eL+wWOSwsbH+1clF0BLCjD+msTbkJ\ngOAfrJH7qjaOxHPJRyFmXIoQXhzFgXRaNX/YwDKK7/I3NxXrjwdBjaWbj0qz\njLJRicLFVxmz4fbD2lSjIIhM692hLQI6hhRJUBfmiUvKmx+quXQvaclXx6v8\n41Q49QRhS1il96ICle55oBVhBtDuMAznL55hxgZfjw9mtLCvYup7MCk0IB+T\nM4jscbcdWnk2iSMTSP0tAETlqByPoRk8YtUEY0FrGycwLJ1OF9cnxCMLKetg\nHD08H3QSrypPHNhaE1IPyIYWb/CqQ/qzO5bWiZ21FcQ6E4ttALc81pqKo/f+\n5fysWtO4sfo+pigXdAQG40WOKSUEkcdH+uSfJXN8SNSnsGeWvErOaXrRt4z1\nVFoCyo+DyrAq20md8DVbXbTjxOQliDbpYK0e+Y8Qy+SsluG+fzeiN3eV0UDs\nRf7zUKpuoBuimwNcrqOKD+nvIhdJnmxyUAE0IdxnvfshJw6Nm/v7VWGojaZ9\n1guIMT2/qcwSPS++pGeXYP/T87xzXhYIYd/kHp9AX8g9drhIQdeB0z0Ud1lW\nYA/v5CNwY+nLvDwJhQ6OiZHfHjPMffRLB1ZzPPP9Oq/gUvvIGDv8+rE329J2\n7zmbS7QcrwPwpjykYhy4El1kvwolVjMztPNYpPGER/wTuKkJfQ9ogWi4ZAMM\nq9AAxd4sU20+WF9gpZvLxfV+XzMgfVu07s84i6MlSsFRTvat0SFK+e60SiT1\n5fDyFcu4dYC7bnByDslIKXvOGT1uSYcd9EtynYcNhhuu66YTkg4r8oluLbTI\nGFaUBmUQevp+CDZNe/Ot8hM2OuFnu9TpF7j0ryMptQyE31Ar2x7TGfoV5me9\nV8eNxtWM2mmoND82v7OenKFj5FmUFjsX7lsm2b3UkMKltrny3854nPkFZ6Pa\na1OLWIl1/4PzJwfppF50Zjd12HE0tegwSnb1ZQ==\n", - "iv": "T8XnyjJh5tKQE5ojlUoCsQ==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/test_data_bag_key deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/elastic-stack/test/data_bags/wazuh_secrets/test_data_bag_key +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/elastic-stack/test/environments/development.json b/cookbooks/elastic-stack/test/environments/development.json deleted file mode 100644 index d798d06c..00000000 --- a/cookbooks/elastic-stack/test/environments/development.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "development", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "wazuh-elk": { - "elasticsearch_node_name": "elk.wazuh-development.com", - "elasticsearch_cluster_name": "ossec-development" - } - } -} diff --git a/cookbooks/elastic-stack/test/environments/production.json b/cookbooks/elastic-stack/test/environments/production.json deleted file mode 100644 index 4567abcf..00000000 --- a/cookbooks/elastic-stack/test/environments/production.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "production", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "wazuh-elk": { - "elasticsearch_node_name": "elk.wazuh-production.com", - "elasticsearch_cluster_name": "ossec-production" - } - } -} diff --git a/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/api.json b/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/elastic-stack/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/elastic-stack/test/integration/default/encrypted_data_bag_secret b/cookbooks/elastic-stack/test/integration/default/encrypted_data_bag_secret deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/elastic-stack/test/integration/default/encrypted_data_bag_secret +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/elastic-stack/test/integration/default/serverspec/default_spec.rb b/cookbooks/elastic-stack/test/integration/default/serverspec/default_spec.rb deleted file mode 100644 index fbeed388..00000000 --- a/cookbooks/elastic-stack/test/integration/default/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'spec_helper' - -describe 'wazuh_elastic::default' do - # Serverspec examples can be found at - # http://serverspec.org/resource_types.html - it 'does something' do - skip 'Replace this with meaningful tests' - end -end diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb new file mode 100644 index 00000000..79f0c573 --- /dev/null +++ b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +describe file('/etc/elasticsearch/elasticsearch.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'elasticsearch' } + its('mode') { should cmp '0660' } +end + +describe elasticsearch do + its('node_name') { should cmp 'es-node-01' } + its('cluster_name') { should cmp 'es-wazuh' } + its('url') { should cmp 'http://localhost:9200' } +end + +describe directory '/etc/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/usr/share/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/var/lib/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe service('elasticsearch') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(9200) do + it { should be_listening } +end diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb new file mode 100644 index 00000000..999d7ea7 --- /dev/null +++ b/cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +describe directory '/usr/share/kibana/optimize' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe directory '/usr/share/kibana/plugins' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe file('/etc/kibana/kibana.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe file('/usr/share/kibana/optimize/wazuh/config/wazuh.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe service('kibana') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(5601) do + it { should be_listening } +end diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb new file mode 100644 index 00000000..22f4bda7 --- /dev/null +++ b/cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +describe 'elastic-stack::prerequisites' do + describe package('curl') do + it { should be_installed } + end + + case os.family + when 'debian' + describe package('apt-transport-https') do + it { should be_installed } + end + when 'redhat' + describe package('libcap') do + it { should be_installed } + end + when 'suse' + describe package('libcap2') do + it { should be_installed } + end + end +end diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb new file mode 100644 index 00000000..ca559548 --- /dev/null +++ b/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +describe 'elastic-stack::repository' do + case os.family + when 'debian' + describe apt('https://artifacts.elastic.co/packages/7.x/apt') do + it { should exist } + it { should be_enabled } + end + when 'redhat' + describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do + it { should exist } + it { should be_enabled } + end + when 'suse' + describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do + it { should exist } + it { should be_enabled } + end + end +end diff --git a/cookbooks/elastic-stack/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/elastic-stack/test/integration/helpers/serverspec/spec_helper.rb deleted file mode 100644 index c1fddf06..00000000 --- a/cookbooks/elastic-stack/test/integration/helpers/serverspec/spec_helper.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'serverspec' - -if (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil? - set :backend, :exec -else - set :backend, :cmd - set :os, family: 'windows' -end From 9049f1931bce80c5bb4bb6c618bde36652375819 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 11 Dec 2020 15:58:15 +0100 Subject: [PATCH 045/260] Update cookbook and create kitchen tests --- cookbooks/opendistro/.kitchen.yml | 60 ---------- cookbooks/opendistro/Berksfile | 4 +- cookbooks/opendistro/Gemfile | 10 +- cookbooks/opendistro/attributes/api.rb | 16 +-- cookbooks/opendistro/attributes/jvm.rb | 6 +- cookbooks/opendistro/attributes/paths.rb | 14 ++- .../opendistro/attributes/search_guard.rb | 4 +- cookbooks/opendistro/attributes/versions.rb | 18 +-- cookbooks/opendistro/attributes/yml.rb | 74 ++++++------ cookbooks/opendistro/config/rake.rb | 14 ++- cookbooks/opendistro/kitchen.yml | 36 ++++++ cookbooks/opendistro/metadata.rb | 6 +- cookbooks/opendistro/recipes/default.rb | 8 +- cookbooks/opendistro/recipes/elasticsearch.rb | 90 ++++++++------- cookbooks/opendistro/recipes/kibana.rb | 98 +++++++++------- cookbooks/opendistro/recipes/prerequisites.rb | 108 +++++++++--------- cookbooks/opendistro/recipes/repository.rb | 40 ++++--- cookbooks/opendistro/spec/spec_helper.rb | 20 ---- .../spec/unit/recipes/default_spec.rb | 25 ---- .../spec/unit/recipes/elasticsearch_spec.rb | 26 ----- .../spec/unit/recipes/kibana_spec.rb | 49 -------- .../spec/unit/recipes/lostash_spec.rb | 58 ---------- .../spec/unit/recipes/nginx_spec.rb | 60 ---------- .../test/data_bags/wazuh_secrets/api.json | 15 --- .../wazuh_secrets/logstash_certificate.json | 15 --- .../wazuh_secrets/nginx_certificate.json | 15 --- .../data_bags/wazuh_secrets/test_data_bag_key | 1 - .../test/environments/development.json | 17 --- .../test/environments/production.json | 17 --- .../default/data_bags/wazuh_secrets/api.json | 15 --- .../wazuh_secrets/logstash_certificate.json | 9 -- .../default/encrypted_data_bag_secret | 1 - .../default/serverspec/default_spec.rb | 9 -- .../helpers/serverspec/spec_helper.rb | 8 -- .../opendistro/elasticsearch_test.rb | 68 +++++++++++ .../integration/opendistro/kibana_test.rb | 33 ++++++ .../opendistro/prerequisites_test.rb | 51 +++++++++ .../integration/opendistro/repository_test.rb | 21 ++++ 38 files changed, 494 insertions(+), 645 deletions(-) delete mode 100644 cookbooks/opendistro/.kitchen.yml create mode 100644 cookbooks/opendistro/kitchen.yml delete mode 100644 cookbooks/opendistro/spec/spec_helper.rb delete mode 100644 cookbooks/opendistro/spec/unit/recipes/default_spec.rb delete mode 100644 cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb delete mode 100644 cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb delete mode 100644 cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb delete mode 100644 cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb delete mode 100644 cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/opendistro/test/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json delete mode 100644 cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key delete mode 100644 cookbooks/opendistro/test/environments/development.json delete mode 100644 cookbooks/opendistro/test/environments/production.json delete mode 100644 cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret delete mode 100644 cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb delete mode 100644 cookbooks/opendistro/test/integration/helpers/serverspec/spec_helper.rb create mode 100644 cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb create mode 100644 cookbooks/opendistro/test/integration/opendistro/kibana_test.rb create mode 100644 cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb create mode 100644 cookbooks/opendistro/test/integration/opendistro/repository_test.rb diff --git a/cookbooks/opendistro/.kitchen.yml b/cookbooks/opendistro/.kitchen.yml deleted file mode 100644 index 396c4f8a..00000000 --- a/cookbooks/opendistro/.kitchen.yml +++ /dev/null @@ -1,60 +0,0 @@ -driver: - name: vagrant - -provisioner: - name: chef_zero - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - product_version: latest - cookbook_path: whatever/path/to/cookbooks - -verifiers: - name: inspec - -platforms: - - name: ubuntu-20.04 - - name: ubuntu-18.04 - - name: centos-8.0 - - name: centos-7 - -suites: - - name: opendistro - run_list: - - recipe['wazuh_manager::default'] - #- recipe[opendistro::default] - driver: - network: - - ["private_network", {ip: "172.16.10.11"}] - customize: - memory: 2048 - cpus: 2 - - -#driver: -# name: vagrant -# driver_config: -# require_chef_omnibus: latest -# -#provisioner: -# name: chef_zero -# environments_path: "../../environments" -# data_bags_path: "../../data_bags" -# encrypted_data_bag_secret_key_path: "test/integration/default/encrypted_data_bag_secret" -# -# -#platforms: -# - name: ubuntu-12.04 -# run_list: apt::default -# - name: ubuntu-14.04 -# run_list: apt::default -# -#suites: -# - name: default -# driver: -# network: -# - ["private_network", {ip: "172.16.10.10"}] -# run_list: -# - recipe[wazuh_elastic::default] -# attributes: -# \ No newline at end of file diff --git a/cookbooks/opendistro/Berksfile b/cookbooks/opendistro/Berksfile index e8e4eb28..f6fcc866 100644 --- a/cookbooks/opendistro/Berksfile +++ b/cookbooks/opendistro/Berksfile @@ -1,4 +1,6 @@ +# frozen_string_literal: true + # -*- ruby -*- source 'https://supermarket.chef.io' -metadata \ No newline at end of file +metadata diff --git a/cookbooks/opendistro/Gemfile b/cookbooks/opendistro/Gemfile index 79b29108..ee658143 100644 --- a/cookbooks/opendistro/Gemfile +++ b/cookbooks/opendistro/Gemfile @@ -1 +1,9 @@ -source 'https://rubygems.org' \ No newline at end of file +# frozen_string_literal: true + +source 'https://rubygems.org' + +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-vagrant' +gem 'kitchen-inspec' +gem 'inspec diff --git a/cookbooks/opendistro/attributes/api.rb b/cookbooks/opendistro/attributes/api.rb index c1a7d6c9..afefcf56 100644 --- a/cookbooks/opendistro/attributes/api.rb +++ b/cookbooks/opendistro/attributes/api.rb @@ -1,13 +1,15 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Attributes:: api # Author:: Wazuh default['kibana']['wazuh_api_credentials'] = [ - { - 'id' => "default", - 'url' => "https://localhost", - 'port' => 55000, - 'username' => "wazuh", - 'password' => "wazuh" - } + { + 'id' => 'default', + 'url' => 'https://localhost', + 'port' => 55000, + 'username' => 'wazuh', + 'password' => 'wazuh' + } ] diff --git a/cookbooks/opendistro/attributes/jvm.rb b/cookbooks/opendistro/attributes/jvm.rb index 9962e5e0..c7fe518e 100644 --- a/cookbooks/opendistro/attributes/jvm.rb +++ b/cookbooks/opendistro/attributes/jvm.rb @@ -1,7 +1,9 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Attributes:: jvm # Author:: Wazuh default['jvm'] = { - 'memory' => "1g" -} \ No newline at end of file + 'memory' => '1g' +} diff --git a/cookbooks/opendistro/attributes/paths.rb b/cookbooks/opendistro/attributes/paths.rb index 17421638..e5e0d3cd 100644 --- a/cookbooks/opendistro/attributes/paths.rb +++ b/cookbooks/opendistro/attributes/paths.rb @@ -1,22 +1,24 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Attributes:: paths # Author:: Wazuh # Elastic paths -default['elastic']['config_path'] = "/etc/elasticsearch" -default['elastic']['package_path'] = "/usr/share/elasticsearch" +default['elastic']['config_path'] = '/etc/elasticsearch' +default['elastic']['package_path'] = '/usr/share/elasticsearch' default['elastic']['plugins_path'] = "#{node['elastic']['package_path']}/plugins" default['elastic']['certs_path'] = "#{node['elastic']['config_path']}/certs" # Kibana paths -default['kibana']['package_path'] = "/usr/share/kibana" -default['kibana']['config_path'] = "/etc/kibana" +default['kibana']['package_path'] = '/usr/share/kibana' +default['kibana']['config_path'] = '/etc/kibana' default['kibana']['certs_path'] = "#{node['kibana']['config_path']}/certs" default['kibana']['optimize_path'] = "#{node['kibana']['package_path']}/optimize" default['kibana']['plugins_path'] = "#{node['kibana']['package_path']}/plugins" # Searchguard paths -default['searchguard']['config_path'] = "/etc/searchguard" +default['searchguard']['config_path'] = '/etc/searchguard' # Filebeat paths -default['filebeat']['certs_path'] = "/etc/filebeat/certs" +default['filebeat']['certs_path'] = '/etc/filebeat/certs' diff --git a/cookbooks/opendistro/attributes/search_guard.rb b/cookbooks/opendistro/attributes/search_guard.rb index e18c60a2..cbda8911 100644 --- a/cookbooks/opendistro/attributes/search_guard.rb +++ b/cookbooks/opendistro/attributes/search_guard.rb @@ -1,5 +1,7 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Attributes:: search_guard # Author:: Wazuh -default['searchguard']['tls_tool'] = "search-guard-tlstool-1.8.zip" +default['searchguard']['tls_tool'] = 'search-guard-tlstool-1.8.zip' diff --git a/cookbooks/opendistro/attributes/versions.rb b/cookbooks/opendistro/attributes/versions.rb index d1a9e26d..739153bf 100644 --- a/cookbooks/opendistro/attributes/versions.rb +++ b/cookbooks/opendistro/attributes/versions.rb @@ -1,20 +1,22 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Attributes:: versions # Author:: Wazuh # Elastic Stack -default['elk']['patch_version'] = "7.9.1" +default['elk']['patch_version'] = '7.9.1' -# Opendistro -default['odfe']['patch_version'] = "1.11.0" +# Opendistro +default['odfe']['patch_version'] = '1.11.0' # Wazuh -default['wazuh']['major_version'] = "4.x" -default['wazuh']['minor_version'] = "4.0" -default['wazuh']['patch_version'] = "4.0.3" +default['wazuh']['major_version'] = '4.x' +default['wazuh']['minor_version'] = '4.0' +default['wazuh']['patch_version'] = '4.0.3' # Kibana -default['wazuh']['kibana_plugin_version'] = "4.0.3_7.9.1" +default['wazuh']['kibana_plugin_version'] = '4.0.3_7.9.1' # Search guard -default['searchguard']['version'] = "1.8" \ No newline at end of file +default['searchguard']['version'] = '1.8' diff --git a/cookbooks/opendistro/attributes/yml.rb b/cookbooks/opendistro/attributes/yml.rb index 51449c89..0e3f1d78 100644 --- a/cookbooks/opendistro/attributes/yml.rb +++ b/cookbooks/opendistro/attributes/yml.rb @@ -1,50 +1,52 @@ +# frozen_string_literal: true + # Elasticsearch-oss configuration file default['elastic']['yml'] = { - 'network' => { - 'host' => '0.0.0.0' - }, - 'http' => { - 'port' => 9200 - }, - 'node' => { - 'name' => "odfe-node-1" - }, - 'cluster' => { - 'initial_master_nodes' => [ - "odfe-node-1" - ] - } + 'network' => { + 'host' => '0.0.0.0' + }, + 'http' => { + 'port' => 9200 + }, + 'node' => { + 'name' => 'odfe-node-1' + }, + 'cluster' => { + 'initial_master_nodes' => [ + 'odfe-node-1' + ] + } } # Kibana-oss configuration file default['kibana']['yml'] = { - 'server' => { - 'host' => '0.0.0.0', - 'port' => 443 - }, - 'elasticsearch' => { - 'hosts' => [ - "https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" - ] - } + 'server' => { + 'host' => '0.0.0.0', + 'port' => 443 + }, + 'elasticsearch' => { + 'hosts' => [ + "https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" + ] + } } # Searchguard configuraion file -default['search_guard']['yml'] = -{ +default['search_guard']['yml'] = + { 'nodes' => { - 'elasticsearch' => { - 'ip' => [ - "#{node['elastic']['yml']['network']['host']}" - ] - }, - 'kibana' => { - 'ip' => [ - "#{node['kibana']['yml']['server']['host']}" - ] - } + 'elasticsearch' => { + 'ip' => [ + (node['elastic']['yml']['network']['host']).to_s + ] + }, + 'kibana' => { + 'ip' => [ + (node['kibana']['yml']['server']['host']).to_s + ] + } } -} \ No newline at end of file + } diff --git a/cookbooks/opendistro/config/rake.rb b/cookbooks/opendistro/config/rake.rb index 65d7d3a9..acfa0927 100644 --- a/cookbooks/opendistro/config/rake.rb +++ b/cookbooks/opendistro/config/rake.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Configure the Rakefile's tasks. ### @@ -6,22 +8,22 @@ ### # The company name - used for SSL certificates, and in srvious other places -COMPANY_NAME = 'Wazuh'.freeze +COMPANY_NAME = 'Wazuh' # The Country Name to use for SSL Certificates -SSL_COUNTRY_NAME = 'US'.freeze +SSL_COUNTRY_NAME = 'US' # The State Name to use for SSL Certificates -SSL_STATE_NAME = 'VA'.freeze +SSL_STATE_NAME = 'VA' # The Locality Name for SSL - typically, the city -SSL_LOCALITY_NAME = 'Leesburg'.freeze +SSL_LOCALITY_NAME = 'Leesburg' # What department? -SSL_ORGANIZATIONAL_UNIT_NAME = 'Operations'.freeze +SSL_ORGANIZATIONAL_UNIT_NAME = 'Operations' # The SSL contact email address -SSL_EMAIL_ADDRESS = 'info@wazuh.com'.freeze +SSL_EMAIL_ADDRESS = 'info@wazuh.com' # License for new Cookbooks # Can be :apachev2 or :none diff --git a/cookbooks/opendistro/kitchen.yml b/cookbooks/opendistro/kitchen.yml new file mode 100644 index 00000000..33d17f80 --- /dev/null +++ b/cookbooks/opendistro/kitchen.yml @@ -0,0 +1,36 @@ +driver: + name: vagrant + +provisioner: + name: chef_zero + product_version: latest + +verifier: + name: inspec + +platforms: + - name: ubuntu-20.04 + driver: + network: + - ["private_network", {ip: "172.16.11.14"}] + - name: ubuntu-18.04 + driver: + network: + - ["private_network", {ip: "172.16.11.15"}] + - name: centos-8.0 + driver: + network: + - ["private_network", {ip: "172.16.11.16"}] + - name: centos-7 + driver: + network: + - ["private_network", {ip: "172.16.11.17"}] + +suites: + - name: opendistro + run_list: + - recipe[opendistro::default] + driver: + customize: + memory: 4096 + cpus: 2 \ No newline at end of file diff --git a/cookbooks/opendistro/metadata.rb b/cookbooks/opendistro/metadata.rb index 7acecf60..2d710cde 100644 --- a/cookbooks/opendistro/metadata.rb +++ b/cookbooks/opendistro/metadata.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + name 'opendistro' maintainer 'Wazuh' maintainer_email 'info@wazuh.com' @@ -7,7 +9,7 @@ version '0.1.0' chef_version '>= 15.0' -%w(redhat centos oracle).each do |el| +%w[redhat centos oracle].each do |el| supports el, '>= 6.0' end supports 'amazon', '>= 1.0' @@ -20,4 +22,4 @@ depends 'wazuh_manager' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) diff --git a/cookbooks/opendistro/recipes/default.rb b/cookbooks/opendistro/recipes/default.rb index ec80ddfc..5ade8ab9 100644 --- a/cookbooks/opendistro/recipes/default.rb +++ b/cookbooks/opendistro/recipes/default.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Recipe:: default # Author:: Wazuh -#include_recipe 'opendistro::prerequisites' -#include_recipe 'opendistro::repository' -#include_recipe 'opendistro::elasticsearch' +include_recipe 'opendistro::prerequisites' +include_recipe 'opendistro::repository' +include_recipe 'opendistro::elasticsearch' include_recipe 'opendistro::kibana' diff --git a/cookbooks/opendistro/recipes/elasticsearch.rb b/cookbooks/opendistro/recipes/elasticsearch.rb index ca9db824..ad569b91 100644 --- a/cookbooks/opendistro/recipes/elasticsearch.rb +++ b/cookbooks/opendistro/recipes/elasticsearch.rb @@ -1,13 +1,15 @@ +# frozen_string_literal: true + ## Cookbook Name:: opendistro ## Recipe:: elasticsearch ## Author:: Wazuh # Install opendistroforelasticsearch -case node['platform'] -when 'debian','ubuntu' +case node['platform'] +when 'debian', 'ubuntu' apt_package 'elasticsearch-oss' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end apt_package 'opendistroforelasticsearch' do version "#{node['odfe']['patch_version']}-1" @@ -15,14 +17,14 @@ when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'elasticsearch-oss' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end dnf_package 'opendistroforelasticsearch' do version "#{node['odfe']['patch_version']}-1" end else yum_package 'elasticsearch-oss' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end yum_package 'opendistroforelasticsearch' do version "#{node['odfe']['patch_version']}-1" @@ -30,13 +32,13 @@ end when 'opensuseleap', 'suse' zypper_package 'elasticsearch-oss' do - version "#{node['elk']['patch_version']}" + version (node['elk']['patch_version']).to_s end zypper_package 'opendistroforelasticsearch' do - version "#{node['odfe']['patch_version']}" + version (node['odfe']['patch_version']).to_s end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' end # Set up opendistro for elasticsearch configuration file @@ -46,12 +48,12 @@ owner 'root' group 'elasticsearch' mode '0660' - variables ({ - network_host: node['elastic']['yml']['network']['host'], - http_port: node['elastic']['yml']['http']['port'], - node_name: node['elastic']['yml']['node']['name'], - initial_master_nodes: node['elastic']['yml']['cluster']['initial_master_nodes'] - }) + variables({ + network_host: node['elastic']['yml']['network']['host'], + http_port: node['elastic']['yml']['http']['port'], + node_name: node['elastic']['yml']['node']['name'], + initial_master_nodes: node['elastic']['yml']['cluster']['initial_master_nodes'] + }) end # Set up jvm options @@ -61,7 +63,7 @@ owner 'root' group 'elasticsearch' mode '0660' - variables({memmory: node['jvm']['memory']}) + variables({ memmory: node['jvm']['memory'] }) end # Add extra roles and users to Wazuh Kibana plugin @@ -104,11 +106,11 @@ ## Generate and deploy the certificates -directory "#{node['elastic']['certs_path']}" do +directory (node['elastic']['certs_path']).to_s do action :create end -directory "#{node['searchguard']['config_path']}" do +directory (node['searchguard']['config_path']).to_s do action :create end @@ -125,20 +127,19 @@ owner 'root' group 'elasticsearch' mode '0660' - variables ({ - elastic_node_ip: node['search_guard']['yml']['nodes']['elasticsearch']['ip'], - kibana_node_ip: node['search_guard']['yml']['nodes']['kibana']['ip'] - }) + variables({ + elastic_node_ip: node['search_guard']['yml']['nodes']['elasticsearch']['ip'], + kibana_node_ip: node['search_guard']['yml']['nodes']['kibana']['ip'] + }) end - execute 'Run the Search Guard’s script to create the certificates' do command "#{node['searchguard']['config_path']}/tools/sgtlstool.sh -c #{node['searchguard']['config_path']}/search-guard.yml -ca -crt -t #{node['elastic']['certs_path']}/" end bash 'Compress all the necessary files to be sent to the all the instances' do code <<-EOF - cd #{node['elastic']['certs_path']} + cd #{node['elastic']['certs_path']}#{' '} tar -cf certs.tar * EOF end @@ -148,12 +149,12 @@ # Filebeat ruby_block 'Copy filebeat certificates' do block do - if File.exist?("#{node['filebeat']['certs_path']}") + if File.exist?((node['filebeat']['certs_path']).to_s) IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.pem", "#{node['filebeat']['certs_path']}/filebeat.pem") IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.key", "#{node['filebeat']['certs_path']}/filebeat.key") IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['filebeat']['certs_path']}/root-ca.pem") else - Chef::Log.fatal("Please copy the following files to #{node['filebeat']['certs_path']} on + Chef::Log.fatal("Please copy the following files to #{node['filebeat']['certs_path']} on filebeat node. Then run on that node as sudo: - systemctl daemon-reload - systemctl enable filebeat @@ -166,14 +167,14 @@ # Kibana ruby_block 'Copy kibana certificates' do block do - if File.exist?("#{node['kibana']['certs_path']}") + if File.exist?((node['kibana']['certs_path']).to_s) IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.key", "#{node['kibana']['certs_path']}/kibana.key") IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.pem", "#{node['kibana']['certs_path']}/kibana.pem") IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['kibana']['certs_path']}/root-ca.pem") else - Chef::Log.fatal("Please copy the following files to #{node['kibana']['certs_path']} where + Chef::Log.fatal("Please copy the following files to #{node['kibana']['certs_path']} where Kibana is installed: - - #{node['elastic']['certs_path']}/kibana_http.key (rename as kibana.key) + - #{node['elastic']['certs_path']}/kibana_http.key (rename as kibana.key) - #{node['elastic']['certs_path']}/kibana_http.pem (rename as kibana.pem) - #{node['elastic']['certs_path']}/root-ca.pem Then run on Kibana node as sudo: @@ -200,21 +201,21 @@ action :delete end -# Verify Elasticsearch folders owner +# Verify Elasticsearch folders owner -directory "#{node['elastic']['config_path']}" do +directory (node['elastic']['config_path']).to_s do owner 'elasticsearch' group 'elasticsearch' recursive true end -directory "/usr/share/elasticsearch" do +directory '/usr/share/elasticsearch' do owner 'elasticsearch' group 'elasticsearch' recursive true end -directory "/var/lib/elasticsearch" do +directory '/var/lib/elasticsearch' do owner 'elasticsearch' group 'elasticsearch' recursive true @@ -222,22 +223,30 @@ # Run elasticsearch service -service "elasticsearch" do - supports :start => true, :stop => true, :restart => true, :reload => true - action [:enable, :start] +service 'elasticsearch' do + supports start: true, stop: true, restart: true, reload: true + action %i[enable start] end ruby_block 'Wait for elasticsearch' do block do - loop { break if (TCPSocket.open( - "#{node['elastic']['yml']['network']['host']}", - node['elastic']['yml']['http']['port']) rescue nil - ); puts "Waiting for elasticsearch to start"; sleep 5 } + loop do + break if begin + TCPSocket.open( + (node['elastic']['yml']['network']['host']).to_s, + node['elastic']['yml']['http']['port'] + ) + rescue StandardError + nil + end + + puts 'Waiting for elasticsearch to start'; sleep 5 + end end end execute 'Run the Elasticsearch’s securityadmin script' do - command "#{node['elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['elastic']['certs_path']}/root-ca.pem -cert #{node['elastic']['certs_path']}/admin.pem -key #{node['elastic']['certs_path']}/admin.key -h #{node['elastic']['yml']['network']['host']}" + command "#{node['elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['elastic']['certs_path']}/root-ca.pem -cert #{node['elastic']['certs_path']}/admin.pem -key #{node['elastic']['certs_path']}/admin.key -h #{node['elastic']['yml']['network']['host']}" end bash 'Waiting for elasticsearch curl response...' do @@ -248,4 +257,3 @@ done EOH end - diff --git a/cookbooks/opendistro/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb index 79519c7f..9b99d9d1 100644 --- a/cookbooks/opendistro/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Recipe:: kibana # Author:: Wazuh @@ -7,24 +9,24 @@ case node['platform'] when 'debian', 'ubuntu' apt_package 'opendistroforelasticsearch-kibana' do - version "#{node['odfe']['patch_version']}" + version (node['odfe']['patch_version']).to_s end when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'opendistroforelasticsearch-kibana' do - version "#{node['odfe']['patch_version']}" + version (node['odfe']['patch_version']).to_s end else yum_package 'opendistroforelasticsearch-kibana' do - version "#{node['odfe']['patch_version']}" + version (node['odfe']['patch_version']).to_s end end when 'opensuseleap', 'suse' zypper_package 'opendistroforelasticsearch-kibana' do - version "#{node['odfe']['patch_version']}" + version (node['odfe']['patch_version']).to_s end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' end # Create Kibana configuration file @@ -34,25 +36,25 @@ owner 'root' group 'kibana' variables({ - server_port: "#{node['kibana']['yml']['server']['port']}", - server_host: "#{node['kibana']['yml']['server']['host']}", - elasticsearch_hosts: node['kibana']['yml']['elasticsearch']['hosts'] - }) - mode 0755 + server_port: (node['kibana']['yml']['server']['port']).to_s, + server_host: (node['kibana']['yml']['server']['host']).to_s, + elasticsearch_hosts: node['kibana']['yml']['elasticsearch']['hosts'] + }) + mode 0o755 end -# Change Kibana folders owner +# Change Kibana folders owner -directory "#{node['kibana']['optimize_path']}" do +directory (node['kibana']['optimize_path']).to_s do owner 'kibana' group 'kibana' - recursive true + recursive true end -directory "#{node['kibana']['plugins_path']}" do +directory (node['kibana']['plugins_path']).to_s do owner 'kibana' group 'kibana' - recursive true + recursive true end # Install the Wazuh Kibana plugin @@ -63,20 +65,20 @@ # Certificates placement -directory "#{node['kibana']['certs_path']}" do +directory (node['kibana']['certs_path']).to_s do action :create end ruby_block 'Copy certificate files' do block do - if File.exist?("#{node['elastic']['certs_path']}") + if File.exist?((node['elastic']['certs_path']).to_s) IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.pem", "#{node['kibana']['certs_path']}/kibana.pem") IO.copy_stream("#{node['elastic']['certs_path']}/kibana_http.key", "#{node['kibana']['certs_path']}/kibana.key") IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['kibana']['certs_path']}/root-ca.pem") else - Chef::Log.fatal("Please copy the following files where Elasticsearch is installed to + Chef::Log.fatal("Please copy the following files where Elasticsearch is installed to #{node['kibana']['certs_path']}: - - #{node['elastic']['certs_path']}/kibana_http.key (rename as kibana.key) + - #{node['elastic']['certs_path']}/kibana_http.key (rename as kibana.key) - #{node['elastic']['certs_path']}/kibana_http.pem (rename as kibana.pem) - #{node['elastic']['certs_path']}/root-ca.pem Then run as sudo: @@ -96,14 +98,14 @@ # Enable and start the Kibana service -service "kibana" do - supports :start => true, :stop => true, :restart => true, :reload => true - action [:enable, :start] - only_if { +service 'kibana' do + supports start: true, stop: true, restart: true, reload: true + action %i[enable start] + only_if do File.exist?("#{node['kibana']['certs_path']}/kibana.pem") && - File.exist?("#{node['kibana']['certs_path']}/kibana.key") && - File.exist?("#{node['kibana']['certs_path']}/root-ca.pem") - } + File.exist?("#{node['kibana']['certs_path']}/kibana.key") && + File.exist?("#{node['kibana']['certs_path']}/root-ca.pem") + end end # Create Wazuh-Kibana plugin configuration file @@ -114,34 +116,48 @@ group 'kibana' mode '0600' action :create - variables ({ - api_credentials: node['kibana']['wazuh_api_credentials'] - }) + variables({ + api_credentials: node['kibana']['wazuh_api_credentials'] + }) end # Restart Kibana service -service "kibana" do +service 'kibana' do action [:restart] end ruby_block 'Wait for elasticsearch' do block do - loop { break if (TCPSocket.open( - "#{node['elastic']['yml']['network']['host']}", - node['elastic']['yml']['http']['port']) rescue nil); - puts "Waiting elasticsearch...."; sleep 1 - } + loop do + break if begin + TCPSocket.open( + (node['elastic']['yml']['network']['host']).to_s, + node['elastic']['yml']['http']['port'] + ) + rescue StandardError + nil + end + + puts 'Waiting elasticsearch....'; sleep 1 + end end end ruby_block 'Wait for kibana' do block do - loop { break if (TCPSocket.open( - "#{node['kibana']['yml']['server']['host']}", - node['kibana']['yml']['server']['port']) rescue nil); - puts "Waiting kibana...."; sleep 60 - } + loop do + break if begin + TCPSocket.open( + (node['kibana']['yml']['server']['host']).to_s, + node['kibana']['yml']['server']['port'] + ) + rescue StandardError + nil + end + + puts 'Waiting kibana....'; sleep 60 + end end end @@ -159,4 +175,4 @@ user: admin password: admin" level :info -end \ No newline at end of file +end diff --git a/cookbooks/opendistro/recipes/prerequisites.rb b/cookbooks/opendistro/recipes/prerequisites.rb index cc2fddfa..5e0409ef 100644 --- a/cookbooks/opendistro/recipes/prerequisites.rb +++ b/cookbooks/opendistro/recipes/prerequisites.rb @@ -1,65 +1,71 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Recipe:: prerequisites # Author:: Wazuh -case node['platform'] -when 'debian','ubuntu' - package "lsb-release" - - ohai "reload lsb" do - plugin "lsb" - subscribes :reload, "package[lsb-release]", :immediately - end - - # Install apt prerequisites - apt_package %w(curl apt-transport-https unzip wget software-properties-common libcap2-bin) +package '%w(curl unzip wget)' do + action :install +end - # Add the repository for Java Development Kit (JDK) - case platform_family? - when 'debian' - bash 'add backports.list' do - code <<-EOH - echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list - EOH - end - when 'ubuntu' - execute 'add apt repository' do - command 'add-apt-repository ppa:openjdk-r/ppa' - end - else 'Error: cannot install JDK dependancie' - end +case node['platform'] +when 'debian', 'ubuntu' + package 'lsb-release' + + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately + end - # Update repository data - apt_update + # Install apt prerequisites + apt_package %w[apt-transport-https software-properties-common libcap2-bin] - # Install all the required utilities - execute 'export JAVA_HOME' do - command 'export JAVA_HOME=/usr/' + # Add the repository for Java Development Kit (JDK) + case platform_family? + when 'debian' + bash 'add backports.list' do + code <<-EOH + echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list + EOH end - - apt_package 'openjdk-11-jdk' -when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' - # Install all the necessary packages for the installation - execute 'export JAVA_HOME' do - command 'export JAVA_HOME=/usr/' + when 'ubuntu' + execute 'add apt repository' do + command 'add-apt-repository ppa:openjdk-r/ppa' end + else 'Error: cannot install JDK dependancie' + end + + # Update repository data + apt_update + + # Install all the required utilities + execute 'export JAVA_HOME' do + command 'export JAVA_HOME=/usr/' + end - if node['platform_version'] >= '8' - dnf_package 'Install prerequisites packages' do - package_name ['curl', 'unzip', 'wget', 'java-11-openjdk-devel', 'libcap'] - action :install - end - else - yum_package 'Install prerequisites packages' do - package_name ['curl', 'unzip', 'wget', 'java-11-openjdk-devel', 'libcap'] - action :install - end + apt_package 'openjdk-11-jdk' +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' + # Install all the necessary packages for the installation + execute 'export JAVA_HOME' do + command 'export JAVA_HOME=/usr/' + end + + if node['platform_version'] >= '8' + dnf_package 'Install prerequisites packages' do + package_name %w[java-11-openjdk-devel libcap] + action :install end -when 'opensuseleap', 'suse' - # Install zypper prerequisites - zypper_package 'Install prerequisites packages' do - package_name ['curl', 'unzip', 'wget', 'libcap2'] + else + yum_package 'Install prerequisites packages' do + package_name %w[java-11-openjdk-devel libcap] + action :install end + end +when 'opensuseleap', 'suse' + # Install zypper prerequisites + zypper_package 'Install prerequisites packages' do + package_name %w[libcap2 java-11-openjdk-devel] + end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' end diff --git a/cookbooks/opendistro/recipes/repository.rb b/cookbooks/opendistro/recipes/repository.rb index 45030237..ca61f788 100644 --- a/cookbooks/opendistro/recipes/repository.rb +++ b/cookbooks/opendistro/recipes/repository.rb @@ -1,43 +1,45 @@ +# frozen_string_literal: true + # Cookbook Name:: opendistro # Recipe:: repository # Author:: Wazuh -case node['platform'] -when 'debian','ubuntu' - package "lsb-release" +case node['platform'] +when 'debian', 'ubuntu' + package 'lsb-release' - ohai "reload lsb" do - plugin "lsb" - subscribes :reload, "package[lsb-release]", :immediately + ohai 'reload lsb' do + plugin 'lsb' + subscribes :reload, 'package[lsb-release]', :immediately end # Install GPG key and add repository - apt_repository "wazuh" do + apt_repository 'wazuh' do uri "https://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" - key "https://packages.wazuh.com/key/GPG-KEY-WAZUH" - distribution "stable" - components ["main"] - end + key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' + distribution 'stable' + components ['main'] + end # Update the package information apt_update when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' - yum_repository "wazuh" do - description "Opendistroforelasticseach Yum" + yum_repository 'wazuh' do + description 'Opendistroforelasticseach Yum' baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" - gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" + gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' action :create end when 'opensuseleap', 'suse' - zypper_repository "wazuh" do - description "Opendistroforelasticseach Zypper" + zypper_repository 'wazuh' do + description 'Opendistroforelasticseach Zypper' baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" - gpgkey "https://packages.wazuh.com/key/GPG-KEY-WAZUH" + gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' action :create not_if do - File.exists?("/etc/zypp/repos.d/wazuh.repo") + File.exist?('/etc/zypp/repos.d/wazuh.repo') end end else - raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" + raise 'Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added' end diff --git a/cookbooks/opendistro/spec/spec_helper.rb b/cookbooks/opendistro/spec/spec_helper.rb deleted file mode 100644 index c86adfd5..00000000 --- a/cookbooks/opendistro/spec/spec_helper.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' - -RSpec.configure do |config| - # Use color in STDOUT - config.color = true - - # Use color not only in STDOUT but also in pagers and files - config.tty = true - - # Use the specified formatter - config.formatter = :documentation # :progress, :html, :textmate - - config.log_level = :error - - config.platform = 'ubuntu' - config.version = '14.04' -end - -at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/opendistro/spec/unit/recipes/default_spec.rb b/cookbooks/opendistro/spec/unit/recipes/default_spec.rb deleted file mode 100644 index a7746378..00000000 --- a/cookbooks/opendistro/spec/unit/recipes/default_spec.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: default -# - -require 'spec_helper' - -describe 'wazuh_elastic::default' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - it 'does not raise an exception' do - stub_command('dpkg -s oracle-java8-installer').and_return(true) - expect { chef_run }.to_not raise_error - end - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'nginx_certificate').and_return('{"nginx_certificate": "nginx_certificate"}') - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return('{"logstash_certificate": "logstash_certificate"}') - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return('{"htpasswd_user": "htpasswd_user", "htpasswd_passcode": "htpasswd_passcode"}') - end - - it 'includes the wazuh_elastic::default recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::default' - end -end diff --git a/cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb b/cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb deleted file mode 100644 index abfdd020..00000000 --- a/cookbooks/opendistro/spec/unit/recipes/elasticsearch_spec.rb +++ /dev/null @@ -1,26 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: elasticsearch -# - -require 'spec_helper' - -describe 'wazuh_elastic::elasticsearch' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - it 'includes the wazuh_elastic::elasticssearch recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::elasticsearch' - end - - it 'service elasticsearch' do - expect(chef_run).to start_service('elasticsearch') - end - - it 'create a template elasticsearch.yml' do - expect(chef_run).to create_template('/etc/elasticsearch/elasticsearch.yml').with( - :owner => 'root', - :group => 'elasticsearch', - :source => 'elasticsearch.yml.erb' - ) - end -end diff --git a/cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb b/cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb deleted file mode 100644 index 2cc0a86f..00000000 --- a/cookbooks/opendistro/spec/unit/recipes/kibana_spec.rb +++ /dev/null @@ -1,49 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: kibana -# - -require 'spec_helper' - -describe 'wazuh_elastic::kibana' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( - '{"logstash_certificate": "logstash_certificate"}' - ) - end - - it 'includes the wazuh_elastic::kibana recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::kibana' - end - - it 'installs python-requests' do - expect(chef_run).to install_package('python-requests') - end - - it 'create a template /tmp/wazuh_kibana_installer.py' do - expect(chef_run).to create_template('/tmp/wazuh_kibana_installer.py').with( - :owner => 'root', - :group => 'root', - :mode => '0777', - :source => 'wazuh_kibana_installer.py.erb' - ) - end - - it 'create a template kibana.yml' do - expect(chef_run).to create_template('/opt/kibana/config/kibana.yml').with( - :owner => 'root', - :group => 'root', - :source => 'kibana.yml.erb' - ) - end - - it 'service kibana' do - expect(chef_run).to start_service('kibana') - end - - it 'installs kibana' do - expect(chef_run).to install_package('kibana') - end -end diff --git a/cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb b/cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb deleted file mode 100644 index 92d12b67..00000000 --- a/cookbooks/opendistro/spec/unit/recipes/lostash_spec.rb +++ /dev/null @@ -1,58 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: logstash -# - -require 'spec_helper' - -describe 'wazuh_elastic::logstash' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( - '{"logstash_certificate": "logstash_certificate"}' - ) - end - - it 'includes the wazuh_elastic::logstash recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::logstash' - end - - it 'service logstash' do - expect(chef_run).to start_service('logstash') - end - - it 'creates a file /etc/logstash/logstash-forwarder.key' do - expect(chef_run).to create_file('/etc/logstash/logstash-forwarder.key').with( - user: 'root', - group: 'root' - ) - end - - it 'creates a file /etc/logstash/logstash-forwarder.crt' do - expect(chef_run).to create_file('/etc/logstash/logstash-forwarder.crt').with( - user: 'root', - group: 'root' - ) - end - - it 'create a template elastic-ossec-template.json' do - expect(chef_run).to create_template('/etc/logstash/elastic-ossec-template.json').with( - owner: 'root', - group: 'root', - source: 'elastic-ossec-template.json.erb' - ) - end - - it 'create a template 01-ossec.conf' do - expect(chef_run).to create_template('/etc/logstash/conf.d/01-ossec.conf').with( - owner: 'root', - group: 'root', - source: '01-ossec.conf.erb' - ) - end - - it 'installs logstash' do - expect(chef_run).to install_package('logstash') - end -end diff --git a/cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb b/cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb deleted file mode 100644 index 20c64013..00000000 --- a/cookbooks/opendistro/spec/unit/recipes/nginx_spec.rb +++ /dev/null @@ -1,60 +0,0 @@ -# -# Cookbook Name:: wazuh_elastic -# Spec:: nginx -# - -require 'spec_helper' - -describe 'wazuh_elastic::nginx' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'nginx_certificate').and_return( - '{"nginx_certificate": "nginx_certificate"}' - ) - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return( - '{"htpasswd_user": "htpasswd_user", "htpasswd_passcode": "htpasswd_passcode"}' - ) - end - - it 'includes the wazuh_elastic::nginx recipe' do - expect(chef_run).to include_recipe 'wazuh_elastic::nginx' - end - - it 'service nginx' do - expect(chef_run).to start_service('nginx') - end - - it 'creates a file /etc/ssl/certs/kibana-access.crt' do - expect(chef_run).to create_file('/etc/ssl/certs/kibana-access.crt').with( - user: 'root', - group: 'root' - ) - end - - it 'creates a file /etc/nginx/conf.d/kibana.htpasswd' do - expect(chef_run).to create_file('/etc/nginx/conf.d/kibana.htpasswd').with( - user: 'root', - group: 'root' - ) - end - - it 'creates a file /etc/ssl/certs/kibana-access.key' do - expect(chef_run).to create_file('/etc/ssl/certs/kibana-access.key').with( - user: 'root', - group: 'root' - ) - end - - it 'create a template default' do - expect(chef_run).to create_template('/etc/nginx/sites-available/default').with( - owner: 'root', - group: 'root', - source: 'nginx-default.erb' - ) - end - - it 'installs nginx' do - expect(chef_run).to install_package('nginx') - end -end diff --git a/cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json b/cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/opendistro/test/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/opendistro/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/opendistro/test/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 5e1e892d..00000000 --- a/cookbooks/opendistro/test/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "Hps2D0xEoVjRQWPwcsti71gKX1WIkXvW496YAvhjq+y7F0E1uz/fqb1y6fbr\nHJ2McX2GRDaVV0jdDHdthukq2Be5vv82xyMxHDa+HfZfB8LFD4s1XWdFYXDd\ndc2zBxgFhNkyT4qCFnlJkCY2IBc1MIQThW/eBN5S/v+GLKJw1l+nFH0t+aTS\nbXDaR7FmPD3UNUo+PxqJFbqDYFpLCzcPrRCPaMduo3e+kgegvaEFQJjbglPO\nX7aYgtEuAj8+YOl828gKTpZDAzbU/UtoO2EGwgQJJB4s4VpXb6aJBaZugWf9\nl81yJR1aAn8lDxRow7FU7juGiSlGmxOZY0/2G7WpPgq9hetsIm2WrEhNqj5b\nyKnCRLSM6N4YRyUYUQy/dPQKZW0R14jb08xvkyv4+a40fztUJ9Z67Exv5xqp\nWfmqtd3VMjmFYay2J6d0r5twdLDJ4r4OBP8cqa7wl64R2il/E7Mfg6bnyNf8\nBUWrIhZ5Tp/RlSuJ4yMm/Stb3aDRKLGLHfJXcuEjhqurtaesV2zJoX1HYMjn\nkrfE4FheohTjAqXza1PFdVLhQuLJIlr0hD0UIpAvAcbfAqwvQHsr4sV8EP3c\nnpN8NHiAOaxDq9+tAsbk0+pJa2gs16vhTv8vgEZRihrCUrXi9FEh/Z6ahiN7\nQqQ6iwqWW8ZDkFlKfjZgxI4CUta6Mi5l4yGBfqdy+TdbzuWT/euRBZO16EaG\nI5cqKT2yKTAR2A4Nw0pS8DdHQUn+x1PhOO6G3RSwMTQ0p6v2KWHQerGo1e3+\nEXaWBSNnb0t0mFj4oljXpXxkEtT393Bs/LMZ0MoaE3uWam5IAP/NY121Lm+I\nciPIbFKb1PKpjccnW9N+3cAWARqA8pC86ItdV/Q7gI5XbEIIcCVLwzhUGyo2\n1JfG89VAwNqOuyVGXRMnOHMD0V/czDRTebDCT6DHCG5nxS6MeYDlYUIEfIEo\n/xIDJbhPo6L+nk3yvVABQXBYayxnrCLGMkQ1xWA9UzC73q+Rd34X970qTK0P\nery6zm0WbP5dvRrzZYiDLjRY0MRrWvXXsLjP7uhz6gRKfq1KGfx/m6VDAzrZ\nuRNbyl4zEx0/CXViwNmMs/iLt3H3rKom7vRLs1qDtwyQvGChrbkmNWsD6iEH\nVNhIDVJj8JjDAjeK2CbhPWtt/UJWkoHmn5sGJdrtgYsuMeXIkDuA0v6hT+cl\ndwrR1EhONUWhNMsBMLVZMkTlg6UieaOCm+4EN0tA4J3b45Eo2zuerjkUzXBQ\nhdlxfiPKIDRFBkHzMQI/OnlMT2GFO0CJ3xp71kjaavmEmU7vsdynwekuo4u4\n9q/LHbuwNEtM08RezYmptwblbmNNvengIAPIovpaAbFVyOsZog/GEAIZmrYP\nmzyGEOBdPIQZfyP9e6wIM5XoN2UgwHohiMTGRX6XdGJjW30zPw0dkRhciKBT\nq7yl3/UxZoMF6v5ihhB/LbHM3TFW4XucrnvY930daYVxvUuxlYXy7/9vx6zq\n/kEbC7AkA8zJ3AhP711dk5ROqia9Fvna7juFic7OxZdNnXm+0unxBqHT976w\nCK0KkDfwB6UH5p5wvFCZlvnyquKggJoNn8XXTfUrUo1Qpq/rggDfhIsaeB7B\nNA1uVb2udXSWEw/TL+UQJIgNqz/jtHctfUjz6w7Qx+I1vlXeeuNlMzHDZX8l\nzx8xWIbddmZG7bqVQ/DcigX0Sgj8kzgd8J4cJFrr9MG7BDJMbtkxBCp7RwSQ\nM5FUinkCiQ==\n", - "iv": "Aa90t/SYwXMFVtEnnWhynQ==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "logstash_certificate_key": { - "encrypted_data": "GeLqjtWtHWxkppekOd67UdAYo4o81ycv6VrCW1EzFLWxXZJFz/Zqh6Gp6Hxb\n3TnRNjDBEdjlRwdQwtUfVr5T6qPJpDinoVL32tMMFsyY9nRqBqhjkxoobZub\n3aQbrCN2TMrsYscwWnoR8odvHXthZ45DIXeKvSdeVB7oxmwuOV+liXj0SvL9\nbQ8TZhNKKF7AQFjY+fVVbHfqXF4TDSelNidE/a1tutSQFqXWjxpXBJ6JEee1\nBYvnx1Zk0Sg7ghbl7jAd2JgaX4DsFt1DirPFIP5JxuBcHsuCgkZyYoUzFn11\nORJm+1fxAPhHBolObZ86iQtoAsKk5IL4D9/COxAljMK9WYyzGqB6L8uX8C7t\nQWg5T08dtEiy9+ZjJlGi280HENSR4oiOMIHPm9lyiIjmZIqhDq3eEgVWYrRk\n1y0D+1279r81Yq12cAB7aXCou6PavvwjBooMiIEmL0yWG+B4pwEir8ow2InE\n4/xtEuE8qprHtdSpZ+MNSnS9c5wctjs7/g0/FSKQ+OWT/LAubrDeDmmeh8TM\nQ+9hsPhOnYeUTVJ+nFQiOuMJT8i8aU64865BVtymLYSoZfmHt6ZMPhKe2lQ+\nzPz+ykU8xVsqrPdo7byhBaiR/xM0dMWpNVl7C11yllq0Z8ewrcmT3DAddnZQ\naRaae9rKON/V7i+Bo2egBa3wJl9Uvw0C6AVi9UNX7/WflRwsTdZDF+I0sAR7\nKQZP0wByBETAYyRaWNMbabfKAVS7NWWLx3N/KRrRarvd9i5GixVqi7wB+mlM\nNvdPYYATKKV+5EjgI3AOThDLHwO1AoSyOCp9jKhsSuyUHSfkQsQXenlFW8KN\nT5J/cl0066yDBZqhlXQ0B+9BI7vhM5ESKdX5hw/5aa3uFaHCeutuql3aAtXU\na5+At6mxRl6Fi6PrmQhA/oWk6etBlZW4Dscv4SauF66zlmQlqHqc5UPNVrR0\nKT8vjVrY0adbR6JG+qOD1UTYYppijW+HMWiPRDbXe9iPSm+wyrybsmqNblPp\n2iEWoPfsLK1jOWZqo0FDrzSwFCcr0rBpPSc1hjuFZ0MrCmW99HEtEHriMPS1\niIQ5hAlDg/qLNaTwIgmbKkiw/OrcYE41XW7R16wOVDWGgmnoJYgBTpyvFY++\nf2OWg2ChUbxMr3rn4qQQY5K1wyKvlrZsDeP0FB+CiEeNqAc1qVpkBuTlA4Vb\nNXVrhoj3ZxIdIoe1yMKsbtSkDIjiYM6gDgmf3Gm0OGh7QtJjgvq/xpcD85/e\ndO/FzXTINpnbmt+w2L36ksW5INmKDQr/l7TApv6t24dbVm/S7h3YDr1umHX0\njwtAMfrZGDGz+Rtqz6Cq+PWznC42bx5SyFkxRgOeZeCq+AxSE1daLognV7Y3\n/W3hyH5m9akJROej6luPG4u/VgwKdCQWKE7axC7EOznOhWlsMXfbJyvr/ZIK\nVrp0Xp7jrEd65gLRDO/qB1jRFufyVv81AIl9Lkcj+7gNGT4gFRLOdZJR/puH\n3/K2Us6ccA93KDNqut230HXGzDMEI4xBIVFCMb9H7txdfz2YnArvrLlylWK9\nwwn/3bobktAdmSxFe9LZaDpkbnv2dmBgEfmgeGOvKZTTkv636g3W5/pF4Hw2\nbp4IUxWozfOtOT1cA8/TfJ1xyTsob3qIkZiA3ju0yW4ULenu9IjplN+uH+WC\n4+35xHSVvvZr2702ho/aV91nJwiPWjsskXORVVY8Fo4Itv7sW826sbKr/Ja7\njyCQG8yB0jVkur51cjkauxaI+AI3DFTK96bswRzPJ3uJU42ESXm44c/VuklW\nDQTx8DNkhgPZ8odjnwWR1vKxQH41ko3GiJlXx8+2Iht4iA0WQ0fPZqnxStDs\nV/4CW5OUlPwzKVOBgoamgLf0Z2TAV/oQxIlSa/sDsEZfbj+gVG0eRWnWrM3H\nJu8/f45IWleIMBVb6IXvvKpwwGZ6PSerLWa+ePVDqlkSEvp2nSQD5jcKAY30\neojZTNUeDaKTVbkZy5kBhN4T0R+FJ5w/PhtphDSptBQ35DLtyOgVO/zIXgOB\n7fH3B/+ZFSjotRLB3nbGJkaYLmFqTW/AMoAnWpxDU9f1sAWHB4VLcd04Z/SY\n8NsobTGNP9aOMezaIgrtb1udPJjW6UArgNKmThoyX9J437aXDTxIIcvrcDvl\nYZP703Gxhboq3tYwfLugUeZFuAy5/binmcVDGkCGdjuUQ/Drd4VzB72JRlCv\n00LOHS8xIFfD1Rr8mH1AU1LtdjlTy8HFynM/XsZ5pup5zdkl00hxsaMGRNwU\nBWrkUSfhvx88SlSYaIi82pns8jhseVfm28zgetjYDw0i20IcueKw1IHptlFe\nsZAxshw=\n", - "iv": "EyUb/TEyoS/xyfuwTBin3Q==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json b/cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json deleted file mode 100644 index da76d715..00000000 --- a/cookbooks/opendistro/test/data_bags/wazuh_secrets/nginx_certificate.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "nginx_certificate", - "nginx_crt": { - "encrypted_data": "wG/uZ0a9aKXrGoRzR/57dBU1fMevFjSsMmJ0FNWS35DsNuFMiM+cT1pkzKV0\n6oaGpHGlkMeJ1EeV69rO6tTCwmtBGml+16j+yzJpaOzSA4wmiXdqpWx/dtkN\n8yZVdn9GYRx+Dfb2+l//u/r4jdIOw3tYXk29+nW9ltTB1qO+se9ki8lAV7xs\nKzOBjXwdJYlMt3OabBc0LdjfGvJ7dcoUwMJOqw7nI50SfPbpowBLK9tQN8ia\nJmd6glMBdbNFF+vlvjAFbFIDtEbZL66rTqiDyyA9mlwRfIKr3WSMS6cXGdzz\nSpup34zyt0HWQZShGav8azVrcS9h9lo5xJVzz/eCRSnuxEY8cAY9bE5Pu+3Y\nuB5XvrMKgOfiDHy9t0Ksa4iPEgR5Iy/yx79Jb/zQvYSKj6++9Mx5cCLv6EAT\nYO/se7VyfDSl0/n57Ml94mRmPyLJBajn3Xx4MAgaKpEGeJhcvSPo1jOGZNi8\nBHvtz23ZZdcEg0zXBgtAC4QV3EpUnYkPboq32+hygwoMiqalEZBGcjtJvRm7\nGgw2iCYbnWuobUDt9bM+s0lbpVNc+yJYbM6Ou5AI4i/lC1z/iamQQaDZ5NYU\naNlof3ut/NBhylVX+gaXM4T783z4U6qa0wkYQvx/+UasbNVl8faXCT2GAknd\nhG/mlcm6qrTeDKWrQGZBpahL6j8spyqngFjK2Fyvp6rG6qvSLfh/STwgZi3f\n2s/vWL/iigFZO/04POt2mXVbyK3T63wF06GbSauYStzVBu31HW+3MzIisWJl\nqLLhHjz3cXs9IFItZuDca44GR7mVYESidmE9mz5fOhm6x5Zm6/nIqNZBE157\nn5S+LS0vcLkinsWg3WQAjGotESDI0rjOIra3oWag+COhQAZWAKINUOA0eE39\n+EFO0d2ZHJ7IfPJ8af5NyK67AD475QaNQbLKs6w28muZIEKtznONAKciXNaw\nGvX/zDNdAcnzLeOpYOwO1/v28E2kpLZrQut4vblQwcvzgNXOEJ97Den2Ni5U\nCTSyFL58IyrODTSZ85qQUhSBwikegHwczbA0zNTkmh+Xor0=\n", - "iv": "L76cl+YNuGvttdWHCUl4Xg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "nginx_key": { - "encrypted_data": "V7ap5IieGtIpxj59N1g1XInadF5feKdqYc48Vs4X5fybyQoo7AyhtUNggs52\nyDQj8X4RD9F+mI5+86pEH1IXY1bduo7nxW6vORrFcB0YGYqAXG+6MZPbF/93\nQi8CHNaC4qArvvgO/pdbHrZd/YofF2hNfWGBIsSE1gyFbkYX1UhNqhl9gd60\nDUwVlbSokzTyXCe2ODiE33Pa2gD4/tHxyaVyJ7R2JRWWlI1j7gN66D+C0PYD\nv7Et841hOWzoFMfboGJgmBvYVp/Ii9+eL+wWOSwsbH+1clF0BLCjD+msTbkJ\ngOAfrJH7qjaOxHPJRyFmXIoQXhzFgXRaNX/YwDKK7/I3NxXrjwdBjaWbj0qz\njLJRicLFVxmz4fbD2lSjIIhM692hLQI6hhRJUBfmiUvKmx+quXQvaclXx6v8\n41Q49QRhS1il96ICle55oBVhBtDuMAznL55hxgZfjw9mtLCvYup7MCk0IB+T\nM4jscbcdWnk2iSMTSP0tAETlqByPoRk8YtUEY0FrGycwLJ1OF9cnxCMLKetg\nHD08H3QSrypPHNhaE1IPyIYWb/CqQ/qzO5bWiZ21FcQ6E4ttALc81pqKo/f+\n5fysWtO4sfo+pigXdAQG40WOKSUEkcdH+uSfJXN8SNSnsGeWvErOaXrRt4z1\nVFoCyo+DyrAq20md8DVbXbTjxOQliDbpYK0e+Y8Qy+SsluG+fzeiN3eV0UDs\nRf7zUKpuoBuimwNcrqOKD+nvIhdJnmxyUAE0IdxnvfshJw6Nm/v7VWGojaZ9\n1guIMT2/qcwSPS++pGeXYP/T87xzXhYIYd/kHp9AX8g9drhIQdeB0z0Ud1lW\nYA/v5CNwY+nLvDwJhQ6OiZHfHjPMffRLB1ZzPPP9Oq/gUvvIGDv8+rE329J2\n7zmbS7QcrwPwpjykYhy4El1kvwolVjMztPNYpPGER/wTuKkJfQ9ogWi4ZAMM\nq9AAxd4sU20+WF9gpZvLxfV+XzMgfVu07s84i6MlSsFRTvat0SFK+e60SiT1\n5fDyFcu4dYC7bnByDslIKXvOGT1uSYcd9EtynYcNhhuu66YTkg4r8oluLbTI\nGFaUBmUQevp+CDZNe/Ot8hM2OuFnu9TpF7j0ryMptQyE31Ar2x7TGfoV5me9\nV8eNxtWM2mmoND82v7OenKFj5FmUFjsX7lsm2b3UkMKltrny3854nPkFZ6Pa\na1OLWIl1/4PzJwfppF50Zjd12HE0tegwSnb1ZQ==\n", - "iv": "T8XnyjJh5tKQE5ojlUoCsQ==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/opendistro/test/data_bags/wazuh_secrets/test_data_bag_key +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/opendistro/test/environments/development.json b/cookbooks/opendistro/test/environments/development.json deleted file mode 100644 index d798d06c..00000000 --- a/cookbooks/opendistro/test/environments/development.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "development", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "wazuh-elk": { - "elasticsearch_node_name": "elk.wazuh-development.com", - "elasticsearch_cluster_name": "ossec-development" - } - } -} diff --git a/cookbooks/opendistro/test/environments/production.json b/cookbooks/opendistro/test/environments/production.json deleted file mode 100644 index 4567abcf..00000000 --- a/cookbooks/opendistro/test/environments/production.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "name": "production", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "wazuh-elk": { - "elasticsearch_node_name": "elk.wazuh-production.com", - "elasticsearch_cluster_name": "ossec-production" - } - } -} diff --git a/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json b/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/opendistro/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret b/cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/opendistro/test/integration/default/encrypted_data_bag_secret +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb b/cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb deleted file mode 100644 index fbeed388..00000000 --- a/cookbooks/opendistro/test/integration/default/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'spec_helper' - -describe 'wazuh_elastic::default' do - # Serverspec examples can be found at - # http://serverspec.org/resource_types.html - it 'does something' do - skip 'Replace this with meaningful tests' - end -end diff --git a/cookbooks/opendistro/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/opendistro/test/integration/helpers/serverspec/spec_helper.rb deleted file mode 100644 index c1fddf06..00000000 --- a/cookbooks/opendistro/test/integration/helpers/serverspec/spec_helper.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'serverspec' - -if (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil? - set :backend, :exec -else - set :backend, :cmd - set :os, family: 'windows' -end diff --git a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb new file mode 100644 index 00000000..df6f27fe --- /dev/null +++ b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: true + +describe packages(/elasticsearch-oss/) do + its('statuses') { should cmp 'installed' } +end + +describe packages(/opendistroforelasticsearch/) do + its('statuses') { should cmp 'installed' } +end + +describe elasticsearch do + its('node_name') { should cmp 'es-node-01' } + its('cluster_name') { should cmp 'es-wazuh' } + its('url') { should cmp 'http://localhost:9200' } +end + +describe directory '/etc/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/usr/share/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/var/lib/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe file('/etc/elasticsearch/elasticsearch.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'elasticsearch' } + its('mode') { should cmp '0660' } +end + +describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml') do + it { should exist } +end + +describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml') do + it { should exist } +end + +describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml') do + it { should exist } +end + +describe file('/etc/searchguard/search-guard.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'elasticsearch' } + its('mode') { should cmp '0660' } +end + +describe file('/etc/elasticsearch/root-ca.pem') do + it { should exist } +end + +describe service('elasticsearch') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(9200) do + it { should be_listening } +end diff --git a/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb new file mode 100644 index 00000000..999d7ea7 --- /dev/null +++ b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +describe directory '/usr/share/kibana/optimize' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe directory '/usr/share/kibana/plugins' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe file('/etc/kibana/kibana.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe file('/usr/share/kibana/optimize/wazuh/config/wazuh.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe service('kibana') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(5601) do + it { should be_listening } +end diff --git a/cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb b/cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb new file mode 100644 index 00000000..9fce6529 --- /dev/null +++ b/cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +describe 'elastic-stack::prerequisites' do + describe package('curl') do + it { should be_installed } + end + + describe package('unzip') do + it { should be_installed } + end + + describe package('wget') do + it { should be_installed } + end + + case os.family + when 'debian' + describe package('apt-transport-https') do + it { should be_installed } + end + + describe package('software-properties-common') do + it { should be_installed } + end + + describe package('libcap2-bin') do + it { should be_installed } + end + + describe package('openjdk-11-jdk') do + it { should be_installed } + end + + when 'redhat' + describe package('libcap') do + it { should be_installed } + end + + describe package('java-11-openjdk-devel') do + it { should be_installed } + end + when 'suse' + describe package('libcap2') do + it { should be_installed } + end + + describe package('java-11-openjdk-devel') do + it { should be_installed } + end + end +end diff --git a/cookbooks/opendistro/test/integration/opendistro/repository_test.rb b/cookbooks/opendistro/test/integration/opendistro/repository_test.rb new file mode 100644 index 00000000..eaf6acbc --- /dev/null +++ b/cookbooks/opendistro/test/integration/opendistro/repository_test.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +describe 'opendistro::repository' do + case os.family + when 'debian' + describe apt('https://packages.wazuh.com/4.x/apt/') do + it { should exist } + it { should be_enabled } + end + when 'redhat' + describe yum.repo('https://packages.wazuh.com/4.x/yum') do + it { should exist } + it { should be_enabled } + end + when 'suse' + describe yum.repo('https://packages.wazuh.com/4.x/yum') do + it { should exist } + it { should be_enabled } + end + end +end From ba7ee400cd398f41f2a7a1fa60db1e91b2ae1e12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 10:50:38 +0100 Subject: [PATCH 046/260] Add ruby setup workflow --- .github/workflows/ruby.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/ruby.yml diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml new file mode 100644 index 00000000..038610ef --- /dev/null +++ b/.github/workflows/ruby.yml @@ -0,0 +1,26 @@ +name: Ruby + +on: + push: + branches: + - feature-cookbooks + pull_request: + branches: + - feature-cookbooks + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Set up Ruby + # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, + # change this to (see https://github.com/ruby/setup-ruby#versioning): + uses: ruby/setup-ruby@v1.59.1 + # uses: ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0 + with: + ruby-version: 2.6 + - name: Install dependencies + run: bundle install + - name: Run tests + run: bundle exec rake \ No newline at end of file From dd878c0aeb46a9b245c8541008f2960ff2c789f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 10:53:41 +0100 Subject: [PATCH 047/260] Add bundler-cache and change tag version --- .github/workflows/ruby.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 038610ef..7989c3d0 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -16,10 +16,11 @@ jobs: - name: Set up Ruby # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, # change this to (see https://github.com/ruby/setup-ruby#versioning): - uses: ruby/setup-ruby@v1.59.1 + uses: ruby/setup-ruby@v1 # uses: ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0 with: ruby-version: 2.6 + bundler-cache: true - name: Install dependencies run: bundle install - name: Run tests From 7b8772fa6a479c75d777db73485e787b99e6d85c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 10:58:37 +0100 Subject: [PATCH 048/260] Add Gemfile --- Gemfile | 1 + 1 file changed, 1 insertion(+) create mode 100644 Gemfile diff --git a/Gemfile b/Gemfile new file mode 100644 index 00000000..20b4d4ae --- /dev/null +++ b/Gemfile @@ -0,0 +1 @@ +source 'https://rubygems.org' From ff50d6187389eb1131900e29a5512b0246c879c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 11:00:10 +0100 Subject: [PATCH 049/260] Add rake gem --- Gemfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Gemfile b/Gemfile index 20b4d4ae..3a14c729 100644 --- a/Gemfile +++ b/Gemfile @@ -1 +1,3 @@ source 'https://rubygems.org' + +gem "rake" \ No newline at end of file From 946c9f6b6309da95d4cad54fe8bd67b9ceae8279 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 11:05:50 +0100 Subject: [PATCH 050/260] Delete run test step --- .github/workflows/ruby.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 7989c3d0..2b5b39a7 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -22,6 +22,4 @@ jobs: ruby-version: 2.6 bundler-cache: true - name: Install dependencies - run: bundle install - - name: Run tests - run: bundle exec rake \ No newline at end of file + run: bundle install \ No newline at end of file From 13704ccb5c7034a1e2195c65477ba8cea3029104 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 11:15:39 +0100 Subject: [PATCH 051/260] Add install CW step --- .github/workflows/ruby.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ruby.yml b/.github/workflows/ruby.yml index 2b5b39a7..46527820 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/ruby.yml @@ -12,14 +12,14 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - name: Check out code + uses: actions/checkout@v2 - name: Set up Ruby - # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby, - # change this to (see https://github.com/ruby/setup-ruby#versioning): uses: ruby/setup-ruby@v1 - # uses: ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0 with: ruby-version: 2.6 bundler-cache: true - name: Install dependencies - run: bundle install \ No newline at end of file + run: bundle install + - name: Install Chef Workstation + uses: actionshub/chef-install@main \ No newline at end of file From dc10fca771bd1f2b26c995cd63b232e6dd1ccaf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:07:52 +0100 Subject: [PATCH 052/260] Create gh action for manager --- .github/actions/manager/Dockerfile | 5 +++++ .github/actions/manager/entrypoint.sh | 17 +++++++++++++++++ .github/actions/manager/manager.yml | 5 +++++ .github/workflows/{ruby.yml => main.yml} | 14 +++++++++----- 4 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 .github/actions/manager/Dockerfile create mode 100644 .github/actions/manager/entrypoint.sh create mode 100644 .github/actions/manager/manager.yml rename .github/workflows/{ruby.yml => main.yml} (56%) diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile new file mode 100644 index 00000000..04b6c34c --- /dev/null +++ b/.github/actions/manager/Dockerfile @@ -0,0 +1,5 @@ +FROM chef/chefdk:4.9.17 + +COPY entrypoint.sh /entrypoint.sh + +ENTRYPOINT [ "/entrpoint.sh" ] \ No newline at end of file diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh new file mode 100644 index 00000000..adbe52d4 --- /dev/null +++ b/.github/actions/manager/entrypoint.sh @@ -0,0 +1,17 @@ +#! /usr/bin/env bash +set -e + +echo "Env var value: IMAGE " +echo $IMAGE +echo "Env var value: PLATFORM " +echo $PLATFORM +echo "Env var value: RELEASE" +echo $RELEASE + +cd kitchen + +echo "Installing dependencies" +bundle install + +echo "Kitchen is creating the new instances" +bundle exec kitchen create $VAGRANT_INSTANCE \ No newline at end of file diff --git a/.github/actions/manager/manager.yml b/.github/actions/manager/manager.yml new file mode 100644 index 00000000..9105b1e6 --- /dev/null +++ b/.github/actions/manager/manager.yml @@ -0,0 +1,5 @@ +name: test-manager +description: Test Wazuh manager Chef install +runs: + using: docker + image: 'Dockerfile' \ No newline at end of file diff --git a/.github/workflows/ruby.yml b/.github/workflows/main.yml similarity index 56% rename from .github/workflows/ruby.yml rename to .github/workflows/main.yml index 46527820..09d777a2 100644 --- a/.github/workflows/ruby.yml +++ b/.github/workflows/main.yml @@ -9,7 +9,7 @@ on: - feature-cookbooks jobs: - test: + ubuntu18: runs-on: ubuntu-latest steps: - name: Check out code @@ -19,7 +19,11 @@ jobs: with: ruby-version: 2.6 bundler-cache: true - - name: Install dependencies - run: bundle install - - name: Install Chef Workstation - uses: actionshub/chef-install@main \ No newline at end of file + - name: Ubuntu 18.04 - Wazuh Manager + uses: ./.github/actions/manager + env: + IMAGE: jrei/systemd-ubuntu:18.04 + PLATFORM: ubuntu + RELEASE: 18 + RUN_COMMAND: /sbin/init + VAGRANT_INSTANCE: elastic-stack-ubuntu-1804 \ No newline at end of file From b6b4b8b645412a5f31f4a4ec6283c919a2b6729c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:08:10 +0100 Subject: [PATCH 053/260] gh action manager --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 09d777a2..6e0c6f3e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,4 +26,4 @@ jobs: PLATFORM: ubuntu RELEASE: 18 RUN_COMMAND: /sbin/init - VAGRANT_INSTANCE: elastic-stack-ubuntu-1804 \ No newline at end of file + VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 \ No newline at end of file From efff8c6c202dd4e85bbf454dff1dbd26f7288dd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:09:46 +0100 Subject: [PATCH 054/260] Remove test (moved to wazuh-chef/kitchen) --- cookbooks/elastic-stack/kitchen.yml | 39 ------ .../elastic-stack/elasticsearch_test.rb | 38 ------ .../integration/elastic-stack/kibana_test.rb | 33 ----- .../elastic-stack/prerequisites_test.rb | 22 --- .../elastic-stack/repository_test.rb | 21 --- cookbooks/filebeat-oss/.kitchen.yml | 38 ------ .../test/integration/default/default_test.rb | 16 --- .../test/data_bags/wazuh_secrets/api.json | 15 --- .../wazuh_secrets/logstash_certificate.json | 9 -- .../data_bags/wazuh_secrets_delete/api.json | 15 --- .../logstash_certificate.json | 9 -- .../test/environments/development.json | 16 --- .../test/environments/production.json | 16 --- .../default/data_bags/wazuh_secrets/api.json | 15 --- .../wazuh_secrets/logstash_certificate.json | 9 -- .../data_bags/wazuh_secrets_delete/api.json | 15 --- .../logstash_certificate.json | 9 -- .../default/encrypted_data_bag_secret | 1 - cookbooks/opendistro/kitchen.yml | 36 ----- .../opendistro/elasticsearch_test.rb | 68 ---------- .../integration/opendistro/kibana_test.rb | 33 ----- .../opendistro/prerequisites_test.rb | 51 ------- .../integration/opendistro/repository_test.rb | 21 --- cookbooks/wazuh_manager/.kitchen.yml | 127 ------------------ 24 files changed, 672 deletions(-) delete mode 100644 cookbooks/elastic-stack/kitchen.yml delete mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb delete mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb delete mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb delete mode 100644 cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb delete mode 100644 cookbooks/filebeat-oss/.kitchen.yml delete mode 100644 cookbooks/filebeat-oss/test/integration/default/default_test.rb delete mode 100644 cookbooks/filebeat/test/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json delete mode 100644 cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json delete mode 100644 cookbooks/filebeat/test/environments/development.json delete mode 100644 cookbooks/filebeat/test/environments/production.json delete mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json delete mode 100644 cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json delete mode 100644 cookbooks/filebeat/test/integration/default/encrypted_data_bag_secret delete mode 100644 cookbooks/opendistro/kitchen.yml delete mode 100644 cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb delete mode 100644 cookbooks/opendistro/test/integration/opendistro/kibana_test.rb delete mode 100644 cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb delete mode 100644 cookbooks/opendistro/test/integration/opendistro/repository_test.rb delete mode 100644 cookbooks/wazuh_manager/.kitchen.yml diff --git a/cookbooks/elastic-stack/kitchen.yml b/cookbooks/elastic-stack/kitchen.yml deleted file mode 100644 index 4c8aae33..00000000 --- a/cookbooks/elastic-stack/kitchen.yml +++ /dev/null @@ -1,39 +0,0 @@ -driver: - name: vagrant - -provisioner: - name: chef_zero - product_version: latest - -verifier: - name: inspec - -platforms: - - name: ubuntu-20.04 - driver: - network: - - ["private_network", {ip: "172.16.11.10"}] - - name: ubuntu-18.04 - driver: - network: - - ["private_network", {ip: "172.16.11.11"}] - - name: centos-8.0 - driver: - network: - - ["private_network", {ip: "172.16.11.12"}] - - name: centos-7 - driver: - network: - - ["private_network", {ip: "172.16.11.13"}] - -suites: - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] - driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: test/integration/elastic-stack/ \ No newline at end of file diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb deleted file mode 100644 index 79f0c573..00000000 --- a/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb +++ /dev/null @@ -1,38 +0,0 @@ -# frozen_string_literal: true - -describe file('/etc/elasticsearch/elasticsearch.yml') do - its('owner') { should cmp 'root' } - its('group') { should cmp 'elasticsearch' } - its('mode') { should cmp '0660' } -end - -describe elasticsearch do - its('node_name') { should cmp 'es-node-01' } - its('cluster_name') { should cmp 'es-wazuh' } - its('url') { should cmp 'http://localhost:9200' } -end - -describe directory '/etc/elasticsearch' do - its('owner') { should cmp 'elasticsearch' } - its('group') { should cmp 'elasticsearch' } -end - -describe directory '/usr/share/elasticsearch' do - its('owner') { should cmp 'elasticsearch' } - its('group') { should cmp 'elasticsearch' } -end - -describe directory '/var/lib/elasticsearch' do - its('owner') { should cmp 'elasticsearch' } - its('group') { should cmp 'elasticsearch' } -end - -describe service('elasticsearch') do - it { should be_installed } - it { should be_enabled } - it { should be_running } -end - -describe port(9200) do - it { should be_listening } -end diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb deleted file mode 100644 index 999d7ea7..00000000 --- a/cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb +++ /dev/null @@ -1,33 +0,0 @@ -# frozen_string_literal: true - -describe directory '/usr/share/kibana/optimize' do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } -end - -describe directory '/usr/share/kibana/plugins' do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } -end - -describe file('/etc/kibana/kibana.yml') do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } - its('mode') { should cmp '0755' } -end - -describe file('/usr/share/kibana/optimize/wazuh/config/wazuh.yml') do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } - its('mode') { should cmp '0755' } -end - -describe service('kibana') do - it { should be_installed } - it { should be_enabled } - it { should be_running } -end - -describe port(5601) do - it { should be_listening } -end diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb deleted file mode 100644 index 22f4bda7..00000000 --- a/cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb +++ /dev/null @@ -1,22 +0,0 @@ -# frozen_string_literal: true - -describe 'elastic-stack::prerequisites' do - describe package('curl') do - it { should be_installed } - end - - case os.family - when 'debian' - describe package('apt-transport-https') do - it { should be_installed } - end - when 'redhat' - describe package('libcap') do - it { should be_installed } - end - when 'suse' - describe package('libcap2') do - it { should be_installed } - end - end -end diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb deleted file mode 100644 index ca559548..00000000 --- a/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb +++ /dev/null @@ -1,21 +0,0 @@ -# frozen_string_literal: true - -describe 'elastic-stack::repository' do - case os.family - when 'debian' - describe apt('https://artifacts.elastic.co/packages/7.x/apt') do - it { should exist } - it { should be_enabled } - end - when 'redhat' - describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do - it { should exist } - it { should be_enabled } - end - when 'suse' - describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do - it { should exist } - it { should be_enabled } - end - end -end diff --git a/cookbooks/filebeat-oss/.kitchen.yml b/cookbooks/filebeat-oss/.kitchen.yml deleted file mode 100644 index 19e1fc49..00000000 --- a/cookbooks/filebeat-oss/.kitchen.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -driver: - name: vagrant - -## The forwarded_port port feature lets you connect to ports on the VM guest via -## localhost on the host. -## see also: https://www.vagrantup.com/docs/networking/forwarded_ports.html - -# network: -# - ["forwarded_port", {guest: 80, host: 8080}] - -provisioner: - name: chef_zero - # You may wish to disable always updating cookbooks in CI or other testing environments. - # For example: - # always_update_cookbooks: <%= !ENV['CI'] %> - always_update_cookbooks: true - - ## product_name and product_version specifies a specific Chef product and version to install. - ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/ - # product_name: chef - # product_version: 16 - -verifier: - name: inspec - -platforms: - - name: ubuntu-20.04 - - name: centos-8.0 - -suites: - - name: filebeat-oss - run_list: - - recipe[filebeat-oss::default] - verifier: - inspec_tests: - - test/integration/default - attributes: diff --git a/cookbooks/filebeat-oss/test/integration/default/default_test.rb b/cookbooks/filebeat-oss/test/integration/default/default_test.rb deleted file mode 100644 index adc109db..00000000 --- a/cookbooks/filebeat-oss/test/integration/default/default_test.rb +++ /dev/null @@ -1,16 +0,0 @@ -# InSpec test for recipe filebeat-oss::default - -# The InSpec reference, with examples and extensive documentation, can be -# found at https://docs.chef.io/inspec/resources/ - -unless os.windows? - # This is an example test, replace with your own test. - describe user('root'), :skip do - it { should exist } - end -end - -# This is an example test, replace it with your own test. -describe port(80), :skip do - it { should_not be_listening } -end diff --git a/cookbooks/filebeat/test/data_bags/wazuh_secrets/api.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/filebeat/test/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/filebeat/test/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json b/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/filebeat/test/data_bags/wazuh_secrets_delete/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/environments/development.json b/cookbooks/filebeat/test/environments/development.json deleted file mode 100644 index d97c9bdb..00000000 --- a/cookbooks/filebeat/test/environments/development.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "development", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "filebeat": { - "logstash_servers": "elk.wazuh-development.com:5000" - } - } -} diff --git a/cookbooks/filebeat/test/environments/production.json b/cookbooks/filebeat/test/environments/production.json deleted file mode 100644 index 28faa538..00000000 --- a/cookbooks/filebeat/test/environments/production.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "production", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "filebeat": { - "logstash_servers": "elk.wazuh-production.com:5000" - } - } -} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json b/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json deleted file mode 100644 index 649a6e00..00000000 --- a/cookbooks/filebeat/test/integration/default/data_bags/wazuh_secrets_delete/logstash_certificate.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "DFyya20x1DQvXNFOBLe33CPMFAwyQC0rdXCG+utx6Fq32uCsiH1amuuIAx4H\nKkWghIUXYIh1KvNu5edq/iiBp9NXcq6hAiw1lUTKEw+QXPGaLNSnvIka4lBH\n3DDbk35yu9XcL1bO3HzF+bWckOeR+KJs5notvpNEuve3xW59pxoQbakdkxbm\nCJP9cG0VWcEIRakK3+ji/LxgH2Xg9radCn9ZYJjp9v8FSI6farqRk47w59S4\n9/6iJu1slqryP4xPfsffCj1HYYXL7M7JxksOpP+3h4GJ/VVLrQDUWorQXPf1\nh+JDOWTfw+7bzpfcb1Cj2vOZaSkjC/JN3oDiisfb+cgHaHW5s/bNSbIcBZ1D\ns7t3Z0q0/oA+pU49oCpYd5JhrAC9bhBtV6oqBozavXdLpPdP+O3xL5ePukj4\nv2YF456cY+iVBFu5ZTTXmyIc4/wt+BplilU0z/mwCG5vnhrPk8MCrekA9/Fg\n8/i+2ZaNywLSjHr1gUsTrK80355zGsCM7tKTbpJ32W1icINByKw7UX8fXYj2\nizaMyoG6WYNOTyuJJ5dzdyQlK1iMEh+U5IkWiSTw8+HhXKYhGjmwnRCLdmPz\newJ/gkYg4osYDqHBxiImvMrfs33WHVMHgjpmNtAex5pOCQSOb+bErb29oD7Q\nMcpCHd2h5rbgrpbGyjJSr9I8qLYYnmIVKSvNgmBGKh/58an+Cg3RFaNeJJ/v\nT75B2T2Qqut3xPR/rR1Ta46zJKmwJDmEN6M88pRoHtf0R27UFutREd3pZb25\nc6gNcaIKxbZOFZF/6QZh+R+A8KBfQ3P1JIUp/MdxOwUgeoGsURWwc3j6gcPL\nNdt56kGnKRTKQ1BE8JyKc/Azg1NByXkVO4Tg7u8Iw5eSBjwnfCz91JNQ+pcq\nKCVdOWEj9kEkfh+rALy6G5TBn6S70WF9fVq+7Hw8r/WYlYFE4mK9Wp940ZWj\nCGNNiUzyrigxw7Dea8ho+IcZWhvh9AsnOSk6nHlTgCyQk5hgJM06PqtRQhJk\n4ib6IwdcDyFlSJcqrls+S8BshpkobQjOec5bqnseCL86NHlY+DOrurSBTLco\nZ33gTa029+1OuFpr4m8m70+5hHBsNsrjwYZ3rcGwiW7O+l924ZwbtVefAxar\nTCJXrQHW81JDvV3ckrv581a33h1jzdNtD7JqmBzqelaRL2+xV/QVRgwb0Eyf\nLK6CRr7BdxbicF19EWM51EndsuSb+7UJpCEI5OQ4sJyOkIToY+pjKQyy0nuy\nt2wU2EDeHtLeXQBimgwecoMsne8g1DMHp89krfZ5xkCypGRdzcelArtPDeIO\n7GZjjEhMH5oN/LX93ua6NmPCkL/ndfL8Mwx4UUMXB6aTxdGPqKi/Ah0eF5Aj\nvtIbc/VYFN7x3+98LZqiHzF78peNIjRxjnRPOeTIlPyVFJrEXV8ddEJsW38A\nlK42Mr4r9k9U8XLlgCjHkkRgpp9GXWxJLbyoiNuQKuZsMt6jEtmVdf5ebbP3\n6SHPy8RKloD7pASva5bEJPawTEFeJ6lQuzAUqqEf9IDBYmE6ZzWU7KagiGdU\nE1XgMJcFKciCx3gYRgMjDq9U1D5u8W0lrxcTOVlumbnIp8Rwzbhtu7QeOS6U\nwJkJsQwUvAUtIL8yjk4OOhbKx/cgtTODpqpEtNmELc+9RcjQxU/9+bUI42Kf\nVZU+s5pMMkjejnKh+wlDP4SFy9khsSeHgoqso5jhwFGYwmrDUbLSZZotElI6\nq+lrXvTfJg==\n", - "iv": "9XRPuHdUeXlrs0GccbDJew==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/filebeat/test/integration/default/encrypted_data_bag_secret b/cookbooks/filebeat/test/integration/default/encrypted_data_bag_secret deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/filebeat/test/integration/default/encrypted_data_bag_secret +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/opendistro/kitchen.yml b/cookbooks/opendistro/kitchen.yml deleted file mode 100644 index 33d17f80..00000000 --- a/cookbooks/opendistro/kitchen.yml +++ /dev/null @@ -1,36 +0,0 @@ -driver: - name: vagrant - -provisioner: - name: chef_zero - product_version: latest - -verifier: - name: inspec - -platforms: - - name: ubuntu-20.04 - driver: - network: - - ["private_network", {ip: "172.16.11.14"}] - - name: ubuntu-18.04 - driver: - network: - - ["private_network", {ip: "172.16.11.15"}] - - name: centos-8.0 - driver: - network: - - ["private_network", {ip: "172.16.11.16"}] - - name: centos-7 - driver: - network: - - ["private_network", {ip: "172.16.11.17"}] - -suites: - - name: opendistro - run_list: - - recipe[opendistro::default] - driver: - customize: - memory: 4096 - cpus: 2 \ No newline at end of file diff --git a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb deleted file mode 100644 index df6f27fe..00000000 --- a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb +++ /dev/null @@ -1,68 +0,0 @@ -# frozen_string_literal: true - -describe packages(/elasticsearch-oss/) do - its('statuses') { should cmp 'installed' } -end - -describe packages(/opendistroforelasticsearch/) do - its('statuses') { should cmp 'installed' } -end - -describe elasticsearch do - its('node_name') { should cmp 'es-node-01' } - its('cluster_name') { should cmp 'es-wazuh' } - its('url') { should cmp 'http://localhost:9200' } -end - -describe directory '/etc/elasticsearch' do - its('owner') { should cmp 'elasticsearch' } - its('group') { should cmp 'elasticsearch' } -end - -describe directory '/usr/share/elasticsearch' do - its('owner') { should cmp 'elasticsearch' } - its('group') { should cmp 'elasticsearch' } -end - -describe directory '/var/lib/elasticsearch' do - its('owner') { should cmp 'elasticsearch' } - its('group') { should cmp 'elasticsearch' } -end - -describe file('/etc/elasticsearch/elasticsearch.yml') do - its('owner') { should cmp 'root' } - its('group') { should cmp 'elasticsearch' } - its('mode') { should cmp '0660' } -end - -describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml') do - it { should exist } -end - -describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml') do - it { should exist } -end - -describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml') do - it { should exist } -end - -describe file('/etc/searchguard/search-guard.yml') do - its('owner') { should cmp 'root' } - its('group') { should cmp 'elasticsearch' } - its('mode') { should cmp '0660' } -end - -describe file('/etc/elasticsearch/root-ca.pem') do - it { should exist } -end - -describe service('elasticsearch') do - it { should be_installed } - it { should be_enabled } - it { should be_running } -end - -describe port(9200) do - it { should be_listening } -end diff --git a/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb deleted file mode 100644 index 999d7ea7..00000000 --- a/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb +++ /dev/null @@ -1,33 +0,0 @@ -# frozen_string_literal: true - -describe directory '/usr/share/kibana/optimize' do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } -end - -describe directory '/usr/share/kibana/plugins' do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } -end - -describe file('/etc/kibana/kibana.yml') do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } - its('mode') { should cmp '0755' } -end - -describe file('/usr/share/kibana/optimize/wazuh/config/wazuh.yml') do - its('owner') { should cmp 'kibana' } - its('group') { should cmp 'kibana' } - its('mode') { should cmp '0755' } -end - -describe service('kibana') do - it { should be_installed } - it { should be_enabled } - it { should be_running } -end - -describe port(5601) do - it { should be_listening } -end diff --git a/cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb b/cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb deleted file mode 100644 index 9fce6529..00000000 --- a/cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb +++ /dev/null @@ -1,51 +0,0 @@ -# frozen_string_literal: true - -describe 'elastic-stack::prerequisites' do - describe package('curl') do - it { should be_installed } - end - - describe package('unzip') do - it { should be_installed } - end - - describe package('wget') do - it { should be_installed } - end - - case os.family - when 'debian' - describe package('apt-transport-https') do - it { should be_installed } - end - - describe package('software-properties-common') do - it { should be_installed } - end - - describe package('libcap2-bin') do - it { should be_installed } - end - - describe package('openjdk-11-jdk') do - it { should be_installed } - end - - when 'redhat' - describe package('libcap') do - it { should be_installed } - end - - describe package('java-11-openjdk-devel') do - it { should be_installed } - end - when 'suse' - describe package('libcap2') do - it { should be_installed } - end - - describe package('java-11-openjdk-devel') do - it { should be_installed } - end - end -end diff --git a/cookbooks/opendistro/test/integration/opendistro/repository_test.rb b/cookbooks/opendistro/test/integration/opendistro/repository_test.rb deleted file mode 100644 index eaf6acbc..00000000 --- a/cookbooks/opendistro/test/integration/opendistro/repository_test.rb +++ /dev/null @@ -1,21 +0,0 @@ -# frozen_string_literal: true - -describe 'opendistro::repository' do - case os.family - when 'debian' - describe apt('https://packages.wazuh.com/4.x/apt/') do - it { should exist } - it { should be_enabled } - end - when 'redhat' - describe yum.repo('https://packages.wazuh.com/4.x/yum') do - it { should exist } - it { should be_enabled } - end - when 'suse' - describe yum.repo('https://packages.wazuh.com/4.x/yum') do - it { should exist } - it { should be_enabled } - end - end -end diff --git a/cookbooks/wazuh_manager/.kitchen.yml b/cookbooks/wazuh_manager/.kitchen.yml deleted file mode 100644 index 0084a1e8..00000000 --- a/cookbooks/wazuh_manager/.kitchen.yml +++ /dev/null @@ -1,127 +0,0 @@ ---- -driver: - name: vagrant - -provisioner: - name: chef_zero - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - product_version: latest - -verifiers: - name: inspec - -platforms: - - name: ubuntu-20.04 - driver: - network: - - ["private_network", {ip: "172.16.10.10"}] - - name: ubuntu-18.04 - driver: - network: - - ["private_network", {ip: "172.16.10.11"}] - - name: centos-8.0 - driver: - network: - - ["private_network", {ip: "172.16.10.12"}] - - name: centos-7 - driver: - network: - - ["private_network", {ip: "172.16.10.13"}] - -suites: - - name: wazuh-manager - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - run_list: - - recipe[wazuh_manager::default] - driver: - customize: - memory: 2048 - cpus: 1 - -#driver: -# name: vagrant -#driver_config: -# require_chef_omnibus: latest -# -#provisioner: -# name: chef_zero -# environments_path: "test/environments" -# data_bags_path: "test/data_bags" -# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" -# -#platforms: -# - name: ubuntu-12.04 -# run_list: apt::default -# - name: ubuntu-14.04 -# run_list: apt::default -# - name: ubuntu-16.04 -# run_list: apt::default -# - name: centos-6.7 -# - name: centos-7.2 -#suites: -# - name: manager-development-master -# environments_path: "test/environments" -# data_bags_path: "test/data_bags" -# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" -# driver: -# network: -# - ["private_network", {ip: "172.16.10.10"}] -# run_list: -# - recipe[wazuh::testenvsetup] -# - recipe[wazuh::manager] -# - recipe[wazuh_filebeat::default] -# attributes: -# provisioner: -# client_rb: -# environment: development-master -# -# - name: manager-development-client -# environments_path: "test/environments" -# data_bags_path: "test/data_bags" -# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" -# driver: -# network: -# - ["private_network", {ip: "172.16.10.11"}] -# run_list: -# - recipe[wazuh::testenvsetup] -# - recipe[wazuh::manager] -# - recipe[wazuh_filebeat::default] -# attributes: -# provisioner: -# client_rb: -# environment: development-client -# -# - name: elastic-development -# environments_path: "test/environments" -# data_bags_path: "test/data_bags" -# encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" -# driver: -# network: -# - ["private_network", {ip: "172.16.10.12"}] -# customize: -# memory: 2048 -# cpus: 2 -# run_list: -# - recipe[wazuh::testenvsetup] -# - recipe[wazuh_elastic::default] -# attributes: -# provisioner: -# client_rb: -# environment: development-master -# -# - name: agent-development -# driver: -# network: -# - ["private_network", { type: "dhcp" }] -# run_list: -# - recipe[wazuh::testenvsetup] -# - recipe[wazuh::agent] -# attributes: -# vagrant: -# provisioner: -# client_rb: -# environment: development From f767373bb328b0bd331fd4184e4d4e4c36d36588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:10:20 +0100 Subject: [PATCH 055/260] Add kitchen folder with all tests --- kitchen/kitchen.yml | 94 +++++++++++++++++++ .../elastic-stack/elasticsearch_test.rb | 38 ++++++++ .../integration/elastic-stack/kibana_test.rb | 33 +++++++ .../elastic-stack/prerequisites_test.rb | 22 +++++ .../elastic-stack/repository_test.rb | 21 +++++ .../opendistro/elasticsearch_test.rb | 68 ++++++++++++++ .../integration/opendistro/kibana_test.rb | 33 +++++++ .../opendistro/prerequisites_test.rb | 51 ++++++++++ .../integration/opendistro/repository_test.rb | 21 +++++ 9 files changed, 381 insertions(+) create mode 100644 kitchen/kitchen.yml create mode 100644 kitchen/test/integration/elastic-stack/elasticsearch_test.rb create mode 100644 kitchen/test/integration/elastic-stack/kibana_test.rb create mode 100644 kitchen/test/integration/elastic-stack/prerequisites_test.rb create mode 100644 kitchen/test/integration/elastic-stack/repository_test.rb create mode 100644 kitchen/test/integration/opendistro/elasticsearch_test.rb create mode 100644 kitchen/test/integration/opendistro/kibana_test.rb create mode 100644 kitchen/test/integration/opendistro/prerequisites_test.rb create mode 100644 kitchen/test/integration/opendistro/repository_test.rb diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml new file mode 100644 index 00000000..4a22e06c --- /dev/null +++ b/kitchen/kitchen.yml @@ -0,0 +1,94 @@ +driver: + name: vagrant + +provisioner: + name: chef_zero + product_version: latest + +verifier: + name: inspec + +platforms: + - name: ubuntu-20.04 + driver: + network: + - ["private_network", {ip: "172.16.11.10"}] + - name: ubuntu-18.04 + driver: + network: + - ["private_network", {ip: "172.16.11.11"}] + - name: centos-8.0 + driver: + network: + - ["private_network", {ip: "172.16.11.12"}] + - name: centos-7 + driver: + network: + - ["private_network", {ip: "172.16.11.13"}] + +suites: + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: test/integration/elastic-stack/ + + - name: opendistro + run_list: + - recipe['opendistro::default'] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: test/integration/opendistro/ + + - name: filebeat + run_list: + - recipe['filebeat::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/filebeat/ + + - name: filebeat-oss + run_list: + - recipe['filebeat-oss::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/filebeat-oss/ + + - name: wazuh-manager + run_list: + - recipe['wazuh-manager::default'] + driver: + customize: + memory: 2048 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/wazuh-manager/ + + - name: wazuh-agent + run_list: + - recipe['wazuh-agent::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/wazuh-agent/ \ No newline at end of file diff --git a/kitchen/test/integration/elastic-stack/elasticsearch_test.rb b/kitchen/test/integration/elastic-stack/elasticsearch_test.rb new file mode 100644 index 00000000..79f0c573 --- /dev/null +++ b/kitchen/test/integration/elastic-stack/elasticsearch_test.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +describe file('/etc/elasticsearch/elasticsearch.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'elasticsearch' } + its('mode') { should cmp '0660' } +end + +describe elasticsearch do + its('node_name') { should cmp 'es-node-01' } + its('cluster_name') { should cmp 'es-wazuh' } + its('url') { should cmp 'http://localhost:9200' } +end + +describe directory '/etc/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/usr/share/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/var/lib/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe service('elasticsearch') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(9200) do + it { should be_listening } +end diff --git a/kitchen/test/integration/elastic-stack/kibana_test.rb b/kitchen/test/integration/elastic-stack/kibana_test.rb new file mode 100644 index 00000000..999d7ea7 --- /dev/null +++ b/kitchen/test/integration/elastic-stack/kibana_test.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +describe directory '/usr/share/kibana/optimize' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe directory '/usr/share/kibana/plugins' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe file('/etc/kibana/kibana.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe file('/usr/share/kibana/optimize/wazuh/config/wazuh.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe service('kibana') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(5601) do + it { should be_listening } +end diff --git a/kitchen/test/integration/elastic-stack/prerequisites_test.rb b/kitchen/test/integration/elastic-stack/prerequisites_test.rb new file mode 100644 index 00000000..22f4bda7 --- /dev/null +++ b/kitchen/test/integration/elastic-stack/prerequisites_test.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +describe 'elastic-stack::prerequisites' do + describe package('curl') do + it { should be_installed } + end + + case os.family + when 'debian' + describe package('apt-transport-https') do + it { should be_installed } + end + when 'redhat' + describe package('libcap') do + it { should be_installed } + end + when 'suse' + describe package('libcap2') do + it { should be_installed } + end + end +end diff --git a/kitchen/test/integration/elastic-stack/repository_test.rb b/kitchen/test/integration/elastic-stack/repository_test.rb new file mode 100644 index 00000000..ca559548 --- /dev/null +++ b/kitchen/test/integration/elastic-stack/repository_test.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +describe 'elastic-stack::repository' do + case os.family + when 'debian' + describe apt('https://artifacts.elastic.co/packages/7.x/apt') do + it { should exist } + it { should be_enabled } + end + when 'redhat' + describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do + it { should exist } + it { should be_enabled } + end + when 'suse' + describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do + it { should exist } + it { should be_enabled } + end + end +end diff --git a/kitchen/test/integration/opendistro/elasticsearch_test.rb b/kitchen/test/integration/opendistro/elasticsearch_test.rb new file mode 100644 index 00000000..df6f27fe --- /dev/null +++ b/kitchen/test/integration/opendistro/elasticsearch_test.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: true + +describe packages(/elasticsearch-oss/) do + its('statuses') { should cmp 'installed' } +end + +describe packages(/opendistroforelasticsearch/) do + its('statuses') { should cmp 'installed' } +end + +describe elasticsearch do + its('node_name') { should cmp 'es-node-01' } + its('cluster_name') { should cmp 'es-wazuh' } + its('url') { should cmp 'http://localhost:9200' } +end + +describe directory '/etc/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/usr/share/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe directory '/var/lib/elasticsearch' do + its('owner') { should cmp 'elasticsearch' } + its('group') { should cmp 'elasticsearch' } +end + +describe file('/etc/elasticsearch/elasticsearch.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'elasticsearch' } + its('mode') { should cmp '0660' } +end + +describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml') do + it { should exist } +end + +describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml') do + it { should exist } +end + +describe file('/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml') do + it { should exist } +end + +describe file('/etc/searchguard/search-guard.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'elasticsearch' } + its('mode') { should cmp '0660' } +end + +describe file('/etc/elasticsearch/root-ca.pem') do + it { should exist } +end + +describe service('elasticsearch') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(9200) do + it { should be_listening } +end diff --git a/kitchen/test/integration/opendistro/kibana_test.rb b/kitchen/test/integration/opendistro/kibana_test.rb new file mode 100644 index 00000000..999d7ea7 --- /dev/null +++ b/kitchen/test/integration/opendistro/kibana_test.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +describe directory '/usr/share/kibana/optimize' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe directory '/usr/share/kibana/plugins' do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } +end + +describe file('/etc/kibana/kibana.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe file('/usr/share/kibana/optimize/wazuh/config/wazuh.yml') do + its('owner') { should cmp 'kibana' } + its('group') { should cmp 'kibana' } + its('mode') { should cmp '0755' } +end + +describe service('kibana') do + it { should be_installed } + it { should be_enabled } + it { should be_running } +end + +describe port(5601) do + it { should be_listening } +end diff --git a/kitchen/test/integration/opendistro/prerequisites_test.rb b/kitchen/test/integration/opendistro/prerequisites_test.rb new file mode 100644 index 00000000..9fce6529 --- /dev/null +++ b/kitchen/test/integration/opendistro/prerequisites_test.rb @@ -0,0 +1,51 @@ +# frozen_string_literal: true + +describe 'elastic-stack::prerequisites' do + describe package('curl') do + it { should be_installed } + end + + describe package('unzip') do + it { should be_installed } + end + + describe package('wget') do + it { should be_installed } + end + + case os.family + when 'debian' + describe package('apt-transport-https') do + it { should be_installed } + end + + describe package('software-properties-common') do + it { should be_installed } + end + + describe package('libcap2-bin') do + it { should be_installed } + end + + describe package('openjdk-11-jdk') do + it { should be_installed } + end + + when 'redhat' + describe package('libcap') do + it { should be_installed } + end + + describe package('java-11-openjdk-devel') do + it { should be_installed } + end + when 'suse' + describe package('libcap2') do + it { should be_installed } + end + + describe package('java-11-openjdk-devel') do + it { should be_installed } + end + end +end diff --git a/kitchen/test/integration/opendistro/repository_test.rb b/kitchen/test/integration/opendistro/repository_test.rb new file mode 100644 index 00000000..eaf6acbc --- /dev/null +++ b/kitchen/test/integration/opendistro/repository_test.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +describe 'opendistro::repository' do + case os.family + when 'debian' + describe apt('https://packages.wazuh.com/4.x/apt/') do + it { should exist } + it { should be_enabled } + end + when 'redhat' + describe yum.repo('https://packages.wazuh.com/4.x/yum') do + it { should exist } + it { should be_enabled } + end + when 'suse' + describe yum.repo('https://packages.wazuh.com/4.x/yum') do + it { should exist } + it { should be_enabled } + end + end +end From 48d973d6cb353fe588087756b0375e67cb0bc6a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:11:01 +0100 Subject: [PATCH 056/260] Add and update required ruby files --- .gitignore | 59 +++++++++++++++++++++++---- Berksfile | 15 +++++++ Gemfile | 5 ++- chefignore | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++ metadata.rb | 30 ++++++++++++++ 5 files changed, 214 insertions(+), 10 deletions(-) create mode 100644 Berksfile create mode 100644 chefignore create mode 100644 metadata.rb diff --git a/.gitignore b/.gitignore index a668f89f..cf9e4b8b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,50 @@ -.kitchen/* -./cookbooks/wazuh_agent/.kitchen -./cookbooks/wazuh_agent/.kitchen/* -./cookbooks/wazuh_manager/.kitchen -./cookbooks/wazuh_manager/.kitchen/* -./cookbooks/wazuh_elastic/.kitchen -./cookbooks/wazuh_elastic/.kitchen/* -./cookbooks/wazuh_filebeat/.kitchen -./cookbooks/wazuh_filebeat/.kitchen/* \ No newline at end of file +*.rbc +.config +InstalledFiles +lib/bundler/man +pkg +test/tmp +test/version_tmp +tmp +_Store +*~ +*# +.#* +\#*# +*.un~ +*.tmp +*.bk +*.bkup + +# editor temp files +.idea +.*.sw[a-z] + +# ruby/bundler files +.ruby-version +.ruby-gemset +.rvmrc +Gemfile.lock +.bundle +*.gem +coverage +spec/reports + +# YARD / rdoc artifacts +.yardoc +_yardoc +doc/ +rdoc + +# chef infra stuff +Berksfile.lock +.kitchen +kitchen.local.yml +vendor/ +.coverage/ +.zero-knife.rb +Policyfile.lock.json + +# vagrant stuff +.vagrant/ +.vagrant.d/ \ No newline at end of file diff --git a/Berksfile b/Berksfile new file mode 100644 index 00000000..35c4520c --- /dev/null +++ b/Berksfile @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +# -*- ruby -*- +source 'https://supermarket.chef.io' + +metadata + +group :cookbooks do + cookbook 'filebeat', path: './cookbooks/filebeat' + cookbook 'filebeat-oss', path: './cookbooks/filebeat-oss' + cookbook 'wazuh_manager', path: './cookbooks/wazuh_manager' + cookbook 'wazuh_agent', path: './cookbooks/wazuh_agent' + cookbook 'elastic-stack', path: './cookbooks/elastic-stack' + cookbook 'opendistro', path: './cookbooks/opendistro' +end diff --git a/Gemfile b/Gemfile index 3a14c729..0b084cb5 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,6 @@ source 'https://rubygems.org' -gem "rake" \ No newline at end of file +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-vagrant' +gem 'kitchen-inspec' \ No newline at end of file diff --git a/chefignore b/chefignore new file mode 100644 index 00000000..6a4264c0 --- /dev/null +++ b/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile \ No newline at end of file diff --git a/metadata.rb b/metadata.rb new file mode 100644 index 00000000..922a1c58 --- /dev/null +++ b/metadata.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +name 'wazuh-chef' +maintainer 'Wazuh' +maintainer_email 'info@wazuh.com' +license 'All rights reserved' +description 'Install/Configures wazuh-chef cookbooks' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '0.1.0' +chef_version '>= 15.0' + +%w[redhat centos oracle].each do |el| + supports el, '>= 6.0' +end +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' +supports 'debian', '>= 7.0' +supports 'ubuntu', '>= 12.04' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' + +issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) + +depends 'filebeat' +depends 'filebeat-oss' +depends 'wazuh_manager' +depends 'wazuh_agent' +depends 'elastic-stack' +depends 'opendistro' From 1d59f27df90b5d1a1e05b5e602af0ae3b4a21e9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:13:58 +0100 Subject: [PATCH 057/260] Fixed entrypoint name --- .github/actions/manager/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile index 04b6c34c..c5070074 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/manager/Dockerfile @@ -2,4 +2,4 @@ FROM chef/chefdk:4.9.17 COPY entrypoint.sh /entrypoint.sh -ENTRYPOINT [ "/entrpoint.sh" ] \ No newline at end of file +ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file From 486e397bc7bbdd0beb573283b27bab14de1b8bbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:16:25 +0100 Subject: [PATCH 058/260] Add permissions to entrypoint.sh --- .github/actions/manager/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile index c5070074..65cd5296 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/manager/Dockerfile @@ -1,5 +1,5 @@ FROM chef/chefdk:4.9.17 COPY entrypoint.sh /entrypoint.sh - +RUN chmod 755 /entrypoint.sh ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file From 0d4222ac929bfc907bbdd675623baccf368e34d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 14:19:55 +0100 Subject: [PATCH 059/260] Add bundler gem --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 0b084cb5..904169cf 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,5 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-vagrant' -gem 'kitchen-inspec' \ No newline at end of file +gem 'kitchen-inspec' +gem 'bundler' \ No newline at end of file From 762f9994441a4e9cb884e5065fa02440ffefd646 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 16:18:19 +0100 Subject: [PATCH 060/260] Change create to test --- .github/actions/manager/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh index adbe52d4..90ce7659 100644 --- a/.github/actions/manager/entrypoint.sh +++ b/.github/actions/manager/entrypoint.sh @@ -14,4 +14,4 @@ echo "Installing dependencies" bundle install echo "Kitchen is creating the new instances" -bundle exec kitchen create $VAGRANT_INSTANCE \ No newline at end of file +bundle exec kitchen test $VAGRANT_INSTANCE \ No newline at end of file From 1c66327f542e7dd864942cf073dafb879f874805 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 16:32:42 +0100 Subject: [PATCH 061/260] Remove bundler-cache and chefdk version docker img --- .github/actions/manager/Dockerfile | 2 +- .github/workflows/main.yml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile index 65cd5296..0506edf6 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/manager/Dockerfile @@ -1,4 +1,4 @@ -FROM chef/chefdk:4.9.17 +FROM chef/chefdk COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6e0c6f3e..2938716b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,4 @@ -name: Ruby +name: Kitchen tests for Wazuh Chef on: push: @@ -18,9 +18,8 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: 2.6 - bundler-cache: true - name: Ubuntu 18.04 - Wazuh Manager - uses: ./.github/actions/manager + uses: .github/actions/manager env: IMAGE: jrei/systemd-ubuntu:18.04 PLATFORM: ubuntu From 830367d0f01c556f83bd67d8daa6c13292c2140c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 16:34:11 +0100 Subject: [PATCH 062/260] Fix manager action path --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 2938716b..afb83498 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,7 +19,7 @@ jobs: with: ruby-version: 2.6 - name: Ubuntu 18.04 - Wazuh Manager - uses: .github/actions/manager + uses: ./.github/actions/manager env: IMAGE: jrei/systemd-ubuntu:18.04 PLATFORM: ubuntu From 666667d730b7cdfa70561c431763e5397f3b7b46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 16:37:33 +0100 Subject: [PATCH 063/260] Remove unnecesary gems --- Gemfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 904169cf..bade24de 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,4 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' -gem 'kitchen-vagrant' -gem 'kitchen-inspec' -gem 'bundler' \ No newline at end of file +gem 'kitchen-vagrant' \ No newline at end of file From 653a5959b3f72f5014f453abb71796b93d403beb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 16:42:44 +0100 Subject: [PATCH 064/260] Change driver --- kitchen/kitchen.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 4a22e06c..35f06614 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,5 +1,8 @@ driver: - name: vagrant + name: docker + use_sudo: false + use_internal_docker_network: true + remove_images: true provisioner: name: chef_zero @@ -48,7 +51,7 @@ suites: verifier: inspec_tests: - path: test/integration/opendistro/ - + - name: filebeat run_list: - recipe['filebeat::default'] From 99a6a68b53bf05ae7f0592405cce299af75be693 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 16:54:04 +0100 Subject: [PATCH 065/260] Update to dokken --- kitchen/kitchen.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 35f06614..0b9df9f3 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,31 +1,31 @@ driver: - name: docker - use_sudo: false - use_internal_docker_network: true - remove_images: true + name: dokken + chef_version: latest + +transport: + name: dokken provisioner: - name: chef_zero - product_version: latest + name: dokken verifier: name: inspec platforms: - - name: ubuntu-20.04 - driver: + - driver: + image: dokken/ubuntu-20.04 network: - ["private_network", {ip: "172.16.11.10"}] - - name: ubuntu-18.04 - driver: + - driver: + image: dokken/ubuntu-18.04 network: - ["private_network", {ip: "172.16.11.11"}] - - name: centos-8.0 - driver: + - driver: + image: dokken/centos-8 network: - ["private_network", {ip: "172.16.11.12"}] - - name: centos-7 - driver: + - driver: + image: dokken/centos-7 network: - ["private_network", {ip: "172.16.11.13"}] From f87dba02b7cc46972cfe91d41eda2bf2323ba61f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 16:56:19 +0100 Subject: [PATCH 066/260] Add kitchen-dokken gem --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index bade24de..d0cb0f05 100644 --- a/Gemfile +++ b/Gemfile @@ -2,4 +2,4 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' -gem 'kitchen-vagrant' \ No newline at end of file +gem 'kitchen-dokken' \ No newline at end of file From e2b492d72d38807c9f8caa4522f4523df12f783f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 17:00:15 +0100 Subject: [PATCH 067/260] Add :name to kitchen.yml --- kitchen/kitchen.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 0b9df9f3..59c5dd1d 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -12,19 +12,23 @@ verifier: name: inspec platforms: - - driver: + - name: ubuntu-20.04 + driver: image: dokken/ubuntu-20.04 network: - ["private_network", {ip: "172.16.11.10"}] - - driver: + - name: ubuntu-18.04 + driver: image: dokken/ubuntu-18.04 network: - ["private_network", {ip: "172.16.11.11"}] - - driver: + - name: centos-8 + driver: image: dokken/centos-8 network: - ["private_network", {ip: "172.16.11.12"}] - - driver: + - name: centos-7 + driver: image: dokken/centos-7 network: - ["private_network", {ip: "172.16.11.13"}] From 990a11693d83b7ff8fddc8ce1b834467a81244fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 17:03:48 +0100 Subject: [PATCH 068/260] Add inspec gem --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index d0cb0f05..106c41a2 100644 --- a/Gemfile +++ b/Gemfile @@ -2,4 +2,5 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' -gem 'kitchen-dokken' \ No newline at end of file +gem 'kitchen-dokken' +gem 'inspec' \ No newline at end of file From 7b13575e5e0538a6aee8018d5033c8ee1f1f5c66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 17:08:32 +0100 Subject: [PATCH 069/260] Chane to kitchen-inspec --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 106c41a2..feff0662 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,4 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-dokken' -gem 'inspec' \ No newline at end of file +gem 'kitchen-inspec' \ No newline at end of file From 5ad34b8242de19d0c33f0866a74b3cb196a1d3c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 17:23:16 +0100 Subject: [PATCH 070/260] Change to vagrant --- kitchen/kitchen.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 59c5dd1d..8b22aec4 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,12 +1,8 @@ driver: - name: dokken - chef_version: latest - -transport: - name: dokken + name: vagrant provisioner: - name: dokken + name: chef_zero verifier: name: inspec @@ -14,22 +10,25 @@ verifier: platforms: - name: ubuntu-20.04 driver: - image: dokken/ubuntu-20.04 + box: bento/ubuntu-20.04 network: - ["private_network", {ip: "172.16.11.10"}] + - name: ubuntu-18.04 driver: - image: dokken/ubuntu-18.04 + box: bento/ubuntu-18.04 network: - ["private_network", {ip: "172.16.11.11"}] + - name: centos-8 driver: - image: dokken/centos-8 + box: bento/centos-8 network: - ["private_network", {ip: "172.16.11.12"}] + - name: centos-7 driver: - image: dokken/centos-7 + box: bento/centos-7 network: - ["private_network", {ip: "172.16.11.13"}] From 9232e361b962b590cbf2bb67c0fca7a80194b937 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 17:25:14 +0100 Subject: [PATCH 071/260] Add kitchen-vagrant gem --- Gemfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index feff0662..3bbc28bc 100644 --- a/Gemfile +++ b/Gemfile @@ -2,5 +2,5 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' -gem 'kitchen-dokken' -gem 'kitchen-inspec' \ No newline at end of file +gem 'kitchen-inspec' +gem 'kitchen-vagrant' \ No newline at end of file From 4c561d8ec394a442d8ee44608f5fcc854d2027d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 14 Dec 2020 17:36:49 +0100 Subject: [PATCH 072/260] Change chef dockerfile image --- .github/actions/manager/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile index 0506edf6..7518e92f 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/manager/Dockerfile @@ -1,4 +1,4 @@ -FROM chef/chefdk +FROM chef/chefworkstation COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh From 6a5cf46011d1b5be94e41bc32487861ae968f219 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 10:33:03 +0100 Subject: [PATCH 073/260] Test kitchen entrypoint --- .github/actions/manager/Dockerfile | 2 +- .github/actions/manager/entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile index 7518e92f..e63c3705 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/manager/Dockerfile @@ -2,4 +2,4 @@ FROM chef/chefworkstation COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh -ENTRYPOINT [ "/entrypoint.sh" ] \ No newline at end of file +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh index 90ce7659..7130602c 100644 --- a/.github/actions/manager/entrypoint.sh +++ b/.github/actions/manager/entrypoint.sh @@ -14,4 +14,4 @@ echo "Installing dependencies" bundle install echo "Kitchen is creating the new instances" -bundle exec kitchen test $VAGRANT_INSTANCE \ No newline at end of file +kitchen test $VAGRANT_INSTANCE \ No newline at end of file From 9b1b5ec100a660ef746d9ddf6f2bf3de1b707a03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 10:44:35 +0100 Subject: [PATCH 074/260] add vagrant gem --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 3bbc28bc..a5b7fddc 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,5 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' -gem 'kitchen-vagrant' \ No newline at end of file +gem 'kitchen-vagrant' +gem 'vagrant' \ No newline at end of file From c957b617b15c77e2c9aefb54fffb10c08b0eda2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 10:52:07 +0100 Subject: [PATCH 075/260] Remove vagrant gem and install manually --- .github/actions/manager/entrypoint.sh | 5 +++++ Gemfile | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh index 7130602c..907e70e6 100644 --- a/.github/actions/manager/entrypoint.sh +++ b/.github/actions/manager/entrypoint.sh @@ -13,5 +13,10 @@ cd kitchen echo "Installing dependencies" bundle install +echo "Install vagrant" +git clone https://github.com/hashicorp/vagrant.git ~ +cd ~/vagrant +bundle install + echo "Kitchen is creating the new instances" kitchen test $VAGRANT_INSTANCE \ No newline at end of file diff --git a/Gemfile b/Gemfile index a5b7fddc..3bbc28bc 100644 --- a/Gemfile +++ b/Gemfile @@ -3,5 +3,4 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' -gem 'kitchen-vagrant' -gem 'vagrant' \ No newline at end of file +gem 'kitchen-vagrant' \ No newline at end of file From 1ffe616f66cbc7ff37f3d42c918e97ec70103321 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 11:00:07 +0100 Subject: [PATCH 076/260] chef-dokken --- Gemfile | 2 +- kitchen/kitchen.yml | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 3bbc28bc..702c66f9 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,4 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' -gem 'kitchen-vagrant' \ No newline at end of file +gem 'kitchen-dokken' \ No newline at end of file diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 8b22aec4..1f86717f 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,5 +1,9 @@ driver: - name: vagrant + name: dokken + chef_version: latest + +transport: + name: dokken provisioner: name: chef_zero From ca5dc3c84ee02d3d69f9610354f05d097db72f7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 11:03:45 +0100 Subject: [PATCH 077/260] Remove vagrant --- .github/actions/manager/entrypoint.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh index 907e70e6..7130602c 100644 --- a/.github/actions/manager/entrypoint.sh +++ b/.github/actions/manager/entrypoint.sh @@ -13,10 +13,5 @@ cd kitchen echo "Installing dependencies" bundle install -echo "Install vagrant" -git clone https://github.com/hashicorp/vagrant.git ~ -cd ~/vagrant -bundle install - echo "Kitchen is creating the new instances" kitchen test $VAGRANT_INSTANCE \ No newline at end of file From 8adf6bedbc6eaedbf9325f77f952fecbf55e0c15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 12:12:09 +0100 Subject: [PATCH 078/260] Update kitchen.yml --- kitchen/kitchen.yml | 57 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 50 insertions(+), 7 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 1f86717f..c6f25cb4 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,12 +1,12 @@ driver: name: dokken - chef_version: latest + chef_version: latest # or 15 or 15.0 or 15.0.300 or curent transport: name: dokken provisioner: - name: chef_zero + name: dokken verifier: name: inspec @@ -14,25 +14,25 @@ verifier: platforms: - name: ubuntu-20.04 driver: - box: bento/ubuntu-20.04 + image: dokken/ubuntu-20.04 network: - ["private_network", {ip: "172.16.11.10"}] - name: ubuntu-18.04 driver: - box: bento/ubuntu-18.04 + image: dokken/ubuntu-18.04 network: - ["private_network", {ip: "172.16.11.11"}] - name: centos-8 driver: - box: bento/centos-8 + image: dokken/centos-8 network: - ["private_network", {ip: "172.16.11.12"}] - name: centos-7 driver: - box: bento/centos-7 + image: dokken/centos-7 network: - ["private_network", {ip: "172.16.11.13"}] @@ -101,4 +101,47 @@ suites: cpus: 1 verifier: inspec_tests: - - path: test/integration/wazuh-agent/ \ No newline at end of file + - path: test/integration/wazuh-agent/ + + + + + + + + + + + + + +#driver: +# name: vagrant +# +#verifier: +# name: inspec +# +#platforms: +# - name: ubuntu-20.04 +# driver: +# box: bento/ubuntu-20.04 +# network: +# - ["private_network", {ip: "172.16.11.10"}] +# +# - name: ubuntu-18.04 +# driver: +# box: bento/ubuntu-18.04 +# network: +# - ["private_network", {ip: "172.16.11.11"}] +# +# - name: centos-8 +# driver: +# box: bento/centos-8 +# network: +# - ["private_network", {ip: "172.16.11.12"}] +# +# - name: centos-7 +# driver: +# box: bento/centos-7 +# network: +# - ["private_network", {ip: "172.16.11.13"}] \ No newline at end of file From 5113ba642d2dfdaf445e039cfd4e3f8755ce46ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 12:42:37 +0100 Subject: [PATCH 079/260] Use vagrant --- .github/actions/manager/entrypoint.sh | 5 +++ kitchen/kitchen.yml | 49 +++------------------------ 2 files changed, 10 insertions(+), 44 deletions(-) diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh index 7130602c..89bd8018 100644 --- a/.github/actions/manager/entrypoint.sh +++ b/.github/actions/manager/entrypoint.sh @@ -13,5 +13,10 @@ cd kitchen echo "Installing dependencies" bundle install +echo "Install vagrant" +git clone https://github.com/dotcloud/docker.git +cd vagrant +bundle install + echo "Kitchen is creating the new instances" kitchen test $VAGRANT_INSTANCE \ No newline at end of file diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index c6f25cb4..a283e191 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,12 +1,5 @@ driver: - name: dokken - chef_version: latest # or 15 or 15.0 or 15.0.300 or curent - -transport: - name: dokken - -provisioner: - name: dokken + name: vagrant verifier: name: inspec @@ -14,25 +7,25 @@ verifier: platforms: - name: ubuntu-20.04 driver: - image: dokken/ubuntu-20.04 + box: bento/ubuntu-20.04 network: - ["private_network", {ip: "172.16.11.10"}] - name: ubuntu-18.04 driver: - image: dokken/ubuntu-18.04 + box: bento/ubuntu-18.04 network: - ["private_network", {ip: "172.16.11.11"}] - name: centos-8 driver: - image: dokken/centos-8 + box: bento/centos-8 network: - ["private_network", {ip: "172.16.11.12"}] - name: centos-7 driver: - image: dokken/centos-7 + box: bento/centos-7 network: - ["private_network", {ip: "172.16.11.13"}] @@ -113,35 +106,3 @@ suites: - - -#driver: -# name: vagrant -# -#verifier: -# name: inspec -# -#platforms: -# - name: ubuntu-20.04 -# driver: -# box: bento/ubuntu-20.04 -# network: -# - ["private_network", {ip: "172.16.11.10"}] -# -# - name: ubuntu-18.04 -# driver: -# box: bento/ubuntu-18.04 -# network: -# - ["private_network", {ip: "172.16.11.11"}] -# -# - name: centos-8 -# driver: -# box: bento/centos-8 -# network: -# - ["private_network", {ip: "172.16.11.12"}] -# -# - name: centos-7 -# driver: -# box: bento/centos-7 -# network: -# - ["private_network", {ip: "172.16.11.13"}] \ No newline at end of file From c63d583351345644f5eaa549e379acf0d04ae316 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 12:43:04 +0100 Subject: [PATCH 080/260] add kitchen-vagrant gem --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 702c66f9..3bbc28bc 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,4 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' -gem 'kitchen-dokken' \ No newline at end of file +gem 'kitchen-vagrant' \ No newline at end of file From 0711867200f89a51c739698c23e94181ce5b8056 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 12:46:49 +0100 Subject: [PATCH 081/260] fix vagrant url --- .github/actions/manager/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh index 89bd8018..e8ed5954 100644 --- a/.github/actions/manager/entrypoint.sh +++ b/.github/actions/manager/entrypoint.sh @@ -14,7 +14,7 @@ echo "Installing dependencies" bundle install echo "Install vagrant" -git clone https://github.com/dotcloud/docker.git +git clone https://github.com/hashicorp/vagrant.git cd vagrant bundle install From 0ba923c14b3cdfd51938a57a33f45aa84fe67bb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 13:01:00 +0100 Subject: [PATCH 082/260] kitchen-dokken --- .github/workflows/main.yml | 41 ++++++++++++----- Gemfile | 3 +- kitchen/kitchen.dokken.yml | 93 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+), 13 deletions(-) create mode 100644 kitchen/kitchen.dokken.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index afb83498..e9ee117d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,20 +9,37 @@ on: - feature-cookbooks jobs: - ubuntu18: + kitchen-test: runs-on: ubuntu-latest + strategy: + matrix: + os: ['debian-8', 'debian-9', 'centos-7', 'fedora-latest', 'ubuntu-1604', 'ubuntu-1804'] + suite: ['default'] + fail-fast: false steps: + #- name: Check out code + # uses: actions/checkout@v2 + #- name: Set up Ruby + # uses: ruby/setup-ruby@v1 + # with: + # ruby-version: 2.6 + #- name: Ubuntu 18.04 - Wazuh Manager + # uses: ./.github/actions/manager + # env: + # IMAGE: jrei/systemd-ubuntu:18.04 + # PLATFORM: ubuntu + # RELEASE: 18 + # RUN_COMMAND: /sbin/init + # VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 - name: Check out code - uses: actions/checkout@v2 - - name: Set up Ruby - uses: ruby/setup-ruby@v1 + uses: actions/checkout@main + - name: Install Chef + uses: actionshub/chef-install@main + - name: Test-Kitchen + uses: actionshub/test-kitchen@main with: - ruby-version: 2.6 - - name: Ubuntu 18.04 - Wazuh Manager - uses: ./.github/actions/manager + suite: ${{ matrix.suite }} + os: ${{ matrix.os }} env: - IMAGE: jrei/systemd-ubuntu:18.04 - PLATFORM: ubuntu - RELEASE: 18 - RUN_COMMAND: /sbin/init - VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 \ No newline at end of file + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: ./kitchen/kitchen.dokken.yml \ No newline at end of file diff --git a/Gemfile b/Gemfile index 3bbc28bc..5c8cda0e 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,5 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' -gem 'kitchen-vagrant' \ No newline at end of file +gem 'kitchen-vagrant' +gem 'kitchen-dokken' \ No newline at end of file diff --git a/kitchen/kitchen.dokken.yml b/kitchen/kitchen.dokken.yml new file mode 100644 index 00000000..2e91e3ee --- /dev/null +++ b/kitchen/kitchen.dokken.yml @@ -0,0 +1,93 @@ +driver: + name: dokken + # because Docker and SystemD/Upstart + privileged: true + +provisioner: + name: dokken + +transport: + name: dokken + +verifier: + name: inspec + +platforms: + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + +suites: + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: test/integration/elastic-stack/ + + - name: opendistro + run_list: + - recipe['opendistro::default'] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: test/integration/opendistro/ + + - name: filebeat + run_list: + - recipe['filebeat::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/filebeat/ + + - name: filebeat-oss + run_list: + - recipe['filebeat-oss::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/filebeat-oss/ + + - name: wazuh-manager + run_list: + - recipe['wazuh-manager::default'] + driver: + customize: + memory: 2048 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/wazuh-manager/ + + - name: wazuh-agent + run_list: + - recipe['wazuh-agent::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration/wazuh-agent/ From 02fb8bc075db5f7dc99e9b1a572d8d03f08ac34b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 13:17:01 +0100 Subject: [PATCH 083/260] Use actionshub/test-kitchen --- .github/actions/manager/Dockerfile | 2 +- .github/actions/manager/entrypoint.sh | 7 +- .github/workflows/main.yml | 2 +- kitchen.dokken.yml | 94 +++++++++++++++++++++++++++ kitchen/kitchen.dokken.yml | 93 -------------------------- 5 files changed, 97 insertions(+), 101 deletions(-) create mode 100644 kitchen.dokken.yml delete mode 100644 kitchen/kitchen.dokken.yml diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile index e63c3705..a4692a04 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/manager/Dockerfile @@ -1,4 +1,4 @@ -FROM chef/chefworkstation +FROM ubuntu:latest COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh index e8ed5954..a10e4b59 100644 --- a/.github/actions/manager/entrypoint.sh +++ b/.github/actions/manager/entrypoint.sh @@ -8,15 +8,10 @@ echo $PLATFORM echo "Env var value: RELEASE" echo $RELEASE -cd kitchen - echo "Installing dependencies" bundle install -echo "Install vagrant" -git clone https://github.com/hashicorp/vagrant.git -cd vagrant -bundle install +cd kitchen echo "Kitchen is creating the new instances" kitchen test $VAGRANT_INSTANCE \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e9ee117d..4bd92e4b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,4 +42,4 @@ jobs: os: ${{ matrix.os }} env: CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: ./kitchen/kitchen.dokken.yml \ No newline at end of file + KITCHEN_LOCAL_YAML: kitchen.dokken.yml \ No newline at end of file diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml new file mode 100644 index 00000000..35dfe090 --- /dev/null +++ b/kitchen.dokken.yml @@ -0,0 +1,94 @@ +driver: + name: dokken + # because Docker and SystemD/Upstart + privileged: true + +provisioner: + name: dokken + +transport: + name: dokken + +verifier: + name: inspec + +platforms: + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + +# - name: centos-7 +# driver: +# image: dokken/centos-7 +# pid_one_command: /usr/lib/systemd/systemd + +suites: + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: kitchen/test/integration/elastic-stack/ + +# - name: opendistro +# run_list: +# - recipe['opendistro::default'] +# driver: +# customize: +# memory: 4096 +# cpus: 2 +# verifier: +# inspec_tests: +# - path: test/integration/opendistro/ +# +# - name: filebeat +# run_list: +# - recipe['filebeat::default'] +# driver: +# customize: +# memory: 512 +# cpus: 1 +# verifier: +# inspec_tests: +# - path: test/integration/filebeat/ +# +# - name: filebeat-oss +# run_list: +# - recipe['filebeat-oss::default'] +# driver: +# customize: +# memory: 512 +# cpus: 1 +# verifier: +# inspec_tests: +# - path: test/integration/filebeat-oss/ +# +# - name: wazuh-manager +# run_list: +# - recipe['wazuh-manager::default'] +# driver: +# customize: +# memory: 2048 +# cpus: 1 +# verifier: +# inspec_tests: +# - path: test/integration/wazuh-manager/ +# +# - name: wazuh-agent +# run_list: +# - recipe['wazuh-agent::default'] +# driver: +# customize: +# memory: 512 +# cpus: 1 +# verifier: +# inspec_tests: +# - path: test/integration/wazuh-agent/ +# \ No newline at end of file diff --git a/kitchen/kitchen.dokken.yml b/kitchen/kitchen.dokken.yml deleted file mode 100644 index 2e91e3ee..00000000 --- a/kitchen/kitchen.dokken.yml +++ /dev/null @@ -1,93 +0,0 @@ -driver: - name: dokken - # because Docker and SystemD/Upstart - privileged: true - -provisioner: - name: dokken - -transport: - name: dokken - -verifier: - name: inspec - -platforms: - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - -suites: - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] - driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: test/integration/elastic-stack/ - - - name: opendistro - run_list: - - recipe['opendistro::default'] - driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: test/integration/opendistro/ - - - name: filebeat - run_list: - - recipe['filebeat::default'] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration/filebeat/ - - - name: filebeat-oss - run_list: - - recipe['filebeat-oss::default'] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration/filebeat-oss/ - - - name: wazuh-manager - run_list: - - recipe['wazuh-manager::default'] - driver: - customize: - memory: 2048 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration/wazuh-manager/ - - - name: wazuh-agent - run_list: - - recipe['wazuh-agent::default'] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration/wazuh-agent/ From a3be8ca808befaf29352d1ff23b2087928855b17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 13:36:18 +0100 Subject: [PATCH 084/260] Try kitchen dokken --- .github/actions/manager/Dockerfile | 2 +- .github/workflows/main.yml | 59 ++++++++++--------- kitchen.dokken.yml | 94 ------------------------------ kitchen/kitchen.dokken.yml | 33 +++++++++++ 4 files changed, 64 insertions(+), 124 deletions(-) delete mode 100644 kitchen.dokken.yml create mode 100644 kitchen/kitchen.dokken.yml diff --git a/.github/actions/manager/Dockerfile b/.github/actions/manager/Dockerfile index a4692a04..e63c3705 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/manager/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:latest +FROM chef/chefworkstation COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4bd92e4b..3b690fb7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,37 +9,38 @@ on: - feature-cookbooks jobs: - kitchen-test: + kitchen-tests: runs-on: ubuntu-latest strategy: matrix: - os: ['debian-8', 'debian-9', 'centos-7', 'fedora-latest', 'ubuntu-1604', 'ubuntu-1804'] - suite: ['default'] + os: + #- 'debian-9' + #- 'debian-10' + #- 'centos-7' + #- 'centos-8' + #- 'ubuntu-1604' + - 'ubuntu-1804' + #- 'opensuse-leap-15' + suite: + - 'default' fail-fast: false + steps: - #- name: Check out code - # uses: actions/checkout@v2 - #- name: Set up Ruby - # uses: ruby/setup-ruby@v1 - # with: - # ruby-version: 2.6 - #- name: Ubuntu 18.04 - Wazuh Manager - # uses: ./.github/actions/manager - # env: - # IMAGE: jrei/systemd-ubuntu:18.04 - # PLATFORM: ubuntu - # RELEASE: 18 - # RUN_COMMAND: /sbin/init - # VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 - - name: Check out code - uses: actions/checkout@main - - name: Install Chef - uses: actionshub/chef-install@main - - name: Test-Kitchen - uses: actionshub/test-kitchen@main - with: - suite: ${{ matrix.suite }} - os: ${{ matrix.os }} - env: - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml \ No newline at end of file + - name: Check out code + uses: actions/checkout@master + - name: Install Chef + uses: actionshub/chef-install@master + - name: Dokken + uses: actionshub/kitchen-dokken@master + env: + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: ./kitchen/kitchen.dokken.yml + with: + suite: ${{ matrix.suite }} + os: ${{ matrix.os }} + - name: Print debug output on failure + if: failure() + run: | + set -x + sudo journalctl -l --since today + KITCHEN_LOCAL_YAML=kitchen.dokken.yml /usr/bin/kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "journalctl -l" \ No newline at end of file diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml deleted file mode 100644 index 35dfe090..00000000 --- a/kitchen.dokken.yml +++ /dev/null @@ -1,94 +0,0 @@ -driver: - name: dokken - # because Docker and SystemD/Upstart - privileged: true - -provisioner: - name: dokken - -transport: - name: dokken - -verifier: - name: inspec - -platforms: - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - -# - name: centos-7 -# driver: -# image: dokken/centos-7 -# pid_one_command: /usr/lib/systemd/systemd - -suites: - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] - driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: kitchen/test/integration/elastic-stack/ - -# - name: opendistro -# run_list: -# - recipe['opendistro::default'] -# driver: -# customize: -# memory: 4096 -# cpus: 2 -# verifier: -# inspec_tests: -# - path: test/integration/opendistro/ -# -# - name: filebeat -# run_list: -# - recipe['filebeat::default'] -# driver: -# customize: -# memory: 512 -# cpus: 1 -# verifier: -# inspec_tests: -# - path: test/integration/filebeat/ -# -# - name: filebeat-oss -# run_list: -# - recipe['filebeat-oss::default'] -# driver: -# customize: -# memory: 512 -# cpus: 1 -# verifier: -# inspec_tests: -# - path: test/integration/filebeat-oss/ -# -# - name: wazuh-manager -# run_list: -# - recipe['wazuh-manager::default'] -# driver: -# customize: -# memory: 2048 -# cpus: 1 -# verifier: -# inspec_tests: -# - path: test/integration/wazuh-manager/ -# -# - name: wazuh-agent -# run_list: -# - recipe['wazuh-agent::default'] -# driver: -# customize: -# memory: 512 -# cpus: 1 -# verifier: -# inspec_tests: -# - path: test/integration/wazuh-agent/ -# \ No newline at end of file diff --git a/kitchen/kitchen.dokken.yml b/kitchen/kitchen.dokken.yml new file mode 100644 index 00000000..3a80c85c --- /dev/null +++ b/kitchen/kitchen.dokken.yml @@ -0,0 +1,33 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + +suites: + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: test/integration/elastic-stack/ From a3985f3ef7b6c50e5ccaf12c221f2daf30aa9152 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 13:42:01 +0100 Subject: [PATCH 085/260] Change main.yml --- .github/workflows/main.yml | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3b690fb7..0be3a6d2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,7 +9,7 @@ on: - feature-cookbooks jobs: - kitchen-tests: + kitchen-test: runs-on: ubuntu-latest strategy: matrix: @@ -30,17 +30,13 @@ jobs: uses: actions/checkout@master - name: Install Chef uses: actionshub/chef-install@master - - name: Dokken - uses: actionshub/kitchen-dokken@master + - name: Ubuntu 18.04 - Wazuh Manager + uses: ./.github/actions/manager env: - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: ./kitchen/kitchen.dokken.yml - with: - suite: ${{ matrix.suite }} - os: ${{ matrix.os }} - - name: Print debug output on failure - if: failure() - run: | - set -x - sudo journalctl -l --since today - KITCHEN_LOCAL_YAML=kitchen.dokken.yml /usr/bin/kitchen exec ${{ matrix.suite }}-${{ matrix.os }} -c "journalctl -l" \ No newline at end of file + IMAGE: jrei/systemd-ubuntu:18.04 + PLATFORM: ubuntu + RELEASE: 18 + RUN_COMMAND: /sbin/init + VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 + + \ No newline at end of file From 4bfb4f8fdb5c9f2cd4afe9812d236ed6e8569fc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 13:58:59 +0100 Subject: [PATCH 086/260] kitchen-dokken --- .github/workflows/main.yml | 14 -------- kitchen/kitchen.yml | 66 ++++++++++++++++++++++++-------------- 2 files changed, 42 insertions(+), 38 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0be3a6d2..79b5e1f6 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,20 +11,6 @@ on: jobs: kitchen-test: runs-on: ubuntu-latest - strategy: - matrix: - os: - #- 'debian-9' - #- 'debian-10' - #- 'centos-7' - #- 'centos-8' - #- 'ubuntu-1604' - - 'ubuntu-1804' - #- 'opensuse-leap-15' - suite: - - 'default' - fail-fast: false - steps: - name: Check out code uses: actions/checkout@master diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index a283e191..704a9e65 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,33 +1,51 @@ +#driver: +# name: vagrant +# +#verifier: +# name: inspec +# +#platforms: +# - name: ubuntu-20.04 +# driver: +# box: bento/ubuntu-20.04 +# network: +# - ["private_network", {ip: "172.16.11.10"}] +# +# - name: ubuntu-18.04 +# driver: +# box: bento/ubuntu-18.04 +# network: +# - ["private_network", {ip: "172.16.11.11"}] +# +# - name: centos-8 +# driver: +# box: bento/centos-8 +# network: +# - ["private_network", {ip: "172.16.11.12"}] +# +# - name: centos-7 +# driver: +# box: bento/centos-7 +# network: +# - ["private_network", {ip: "172.16.11.13"}] + driver: - name: vagrant + name: dokken + chef_version: latest # or 15 or 15.0 or 15.0.300 or curent + +transport: + name: dokken + +provisioner: + name: dokken verifier: name: inspec platforms: - - name: ubuntu-20.04 - driver: - box: bento/ubuntu-20.04 - network: - - ["private_network", {ip: "172.16.11.10"}] - - - name: ubuntu-18.04 - driver: - box: bento/ubuntu-18.04 - network: - - ["private_network", {ip: "172.16.11.11"}] - - - name: centos-8 - driver: - box: bento/centos-8 - network: - - ["private_network", {ip: "172.16.11.12"}] - - - name: centos-7 - driver: - box: bento/centos-7 - network: - - ["private_network", {ip: "172.16.11.13"}] +- name: centos-7 + driver: + image: dokken/centos-7 suites: - name: elastic-stack From 0587409a24eb044052e056dd521a6abff166f93a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 14:03:28 +0100 Subject: [PATCH 087/260] add ubuntu18 --- kitchen/kitchen.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 704a9e65..be1ac103 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -43,9 +43,12 @@ verifier: name: inspec platforms: -- name: centos-7 - driver: - image: dokken/centos-7 + - name: centos-7 + driver: + image: dokken/centos-7 + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 suites: - name: elastic-stack From 0af3ac142721da87c1066e06b475c49f28c76f7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 14:10:06 +0100 Subject: [PATCH 088/260] accept chef client license --- kitchen/kitchen.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index be1ac103..3eaeb232 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -38,6 +38,7 @@ transport: provisioner: name: dokken + chef_license: accept verifier: name: inspec @@ -46,6 +47,7 @@ platforms: - name: centos-7 driver: image: dokken/centos-7 + - name: ubuntu-18.04 driver: image: dokken/ubuntu-18.04 From 420f6157ec1f3bd36aa471fe9a3dba3ba8906465 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 14:36:15 +0100 Subject: [PATCH 089/260] kitchen-dokken --- .github/workflows/main.yml | 21 ++++++++++++------- .../kitchen.dokken.yml => kitchen.dokken.yml | 2 +- 2 files changed, 15 insertions(+), 8 deletions(-) rename kitchen/kitchen.dokken.yml => kitchen.dokken.yml (91%) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 79b5e1f6..51220839 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,13 +16,20 @@ jobs: uses: actions/checkout@master - name: Install Chef uses: actionshub/chef-install@master - - name: Ubuntu 18.04 - Wazuh Manager - uses: ./.github/actions/manager + - name: Dokken + uses: actionshub/kitchen-dokken@creation env: - IMAGE: jrei/systemd-ubuntu:18.04 - PLATFORM: ubuntu - RELEASE: 18 - RUN_COMMAND: /sbin/init - VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 + suite: default + os: ubuntu-1804 + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.dokken.yml + #- name: Ubuntu 18.04 - Wazuh Manager + # uses: ./.github/actions/manager + # env: + # IMAGE: jrei/systemd-ubuntu:18.04 + # PLATFORM: ubuntu + # RELEASE: 18 + # RUN_COMMAND: /sbin/init + # VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 \ No newline at end of file diff --git a/kitchen/kitchen.dokken.yml b/kitchen.dokken.yml similarity index 91% rename from kitchen/kitchen.dokken.yml rename to kitchen.dokken.yml index 3a80c85c..ab4fe99b 100644 --- a/kitchen/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -30,4 +30,4 @@ suites: cpus: 2 verifier: inspec_tests: - - path: test/integration/elastic-stack/ + - path: kitchen/test/integration/elastic-stack/ From 3778b350e851a0d5d0d46d03286c131b7dabe9b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 14:41:10 +0100 Subject: [PATCH 090/260] Change main.yml --- .github/workflows/main.yml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 51220839..d2130f70 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -16,13 +16,9 @@ jobs: uses: actions/checkout@master - name: Install Chef uses: actionshub/chef-install@master - - name: Dokken - uses: actionshub/kitchen-dokken@creation - env: - suite: default - os: ubuntu-1804 - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml + - name: Test-Kitchen + run: kitchen create elastic-stack-ubuntu-1804 + #- name: Ubuntu 18.04 - Wazuh Manager # uses: ./.github/actions/manager # env: From 40169a5a8c4ea2c55416dbfbe87047405fe4e1fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 14:43:43 +0100 Subject: [PATCH 091/260] move kitchen.yml --- kitchen/kitchen.yml => kitchen.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename kitchen/kitchen.yml => kitchen.yml (100%) diff --git a/kitchen/kitchen.yml b/kitchen.yml similarity index 100% rename from kitchen/kitchen.yml rename to kitchen.yml From 08f57dbafc77057055ed465e84588dc741944427 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 15 Dec 2020 14:48:08 +0100 Subject: [PATCH 092/260] Test kitchen --- .github/workflows/main.yml | 2 +- .../integration/elastic-stack/elasticsearch_test.rb | 0 {kitchen/test => test}/integration/elastic-stack/kibana_test.rb | 0 .../integration/elastic-stack/prerequisites_test.rb | 0 .../test => test}/integration/elastic-stack/repository_test.rb | 0 .../test => test}/integration/opendistro/elasticsearch_test.rb | 0 {kitchen/test => test}/integration/opendistro/kibana_test.rb | 0 .../test => test}/integration/opendistro/prerequisites_test.rb | 0 .../test => test}/integration/opendistro/repository_test.rb | 0 9 files changed, 1 insertion(+), 1 deletion(-) rename {kitchen/test => test}/integration/elastic-stack/elasticsearch_test.rb (100%) rename {kitchen/test => test}/integration/elastic-stack/kibana_test.rb (100%) rename {kitchen/test => test}/integration/elastic-stack/prerequisites_test.rb (100%) rename {kitchen/test => test}/integration/elastic-stack/repository_test.rb (100%) rename {kitchen/test => test}/integration/opendistro/elasticsearch_test.rb (100%) rename {kitchen/test => test}/integration/opendistro/kibana_test.rb (100%) rename {kitchen/test => test}/integration/opendistro/prerequisites_test.rb (100%) rename {kitchen/test => test}/integration/opendistro/repository_test.rb (100%) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d2130f70..9b98733c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,7 +17,7 @@ jobs: - name: Install Chef uses: actionshub/chef-install@master - name: Test-Kitchen - run: kitchen create elastic-stack-ubuntu-1804 + run: kitchen test elastic-stack-ubuntu-1804 #- name: Ubuntu 18.04 - Wazuh Manager # uses: ./.github/actions/manager diff --git a/kitchen/test/integration/elastic-stack/elasticsearch_test.rb b/test/integration/elastic-stack/elasticsearch_test.rb similarity index 100% rename from kitchen/test/integration/elastic-stack/elasticsearch_test.rb rename to test/integration/elastic-stack/elasticsearch_test.rb diff --git a/kitchen/test/integration/elastic-stack/kibana_test.rb b/test/integration/elastic-stack/kibana_test.rb similarity index 100% rename from kitchen/test/integration/elastic-stack/kibana_test.rb rename to test/integration/elastic-stack/kibana_test.rb diff --git a/kitchen/test/integration/elastic-stack/prerequisites_test.rb b/test/integration/elastic-stack/prerequisites_test.rb similarity index 100% rename from kitchen/test/integration/elastic-stack/prerequisites_test.rb rename to test/integration/elastic-stack/prerequisites_test.rb diff --git a/kitchen/test/integration/elastic-stack/repository_test.rb b/test/integration/elastic-stack/repository_test.rb similarity index 100% rename from kitchen/test/integration/elastic-stack/repository_test.rb rename to test/integration/elastic-stack/repository_test.rb diff --git a/kitchen/test/integration/opendistro/elasticsearch_test.rb b/test/integration/opendistro/elasticsearch_test.rb similarity index 100% rename from kitchen/test/integration/opendistro/elasticsearch_test.rb rename to test/integration/opendistro/elasticsearch_test.rb diff --git a/kitchen/test/integration/opendistro/kibana_test.rb b/test/integration/opendistro/kibana_test.rb similarity index 100% rename from kitchen/test/integration/opendistro/kibana_test.rb rename to test/integration/opendistro/kibana_test.rb diff --git a/kitchen/test/integration/opendistro/prerequisites_test.rb b/test/integration/opendistro/prerequisites_test.rb similarity index 100% rename from kitchen/test/integration/opendistro/prerequisites_test.rb rename to test/integration/opendistro/prerequisites_test.rb diff --git a/kitchen/test/integration/opendistro/repository_test.rb b/test/integration/opendistro/repository_test.rb similarity index 100% rename from kitchen/test/integration/opendistro/repository_test.rb rename to test/integration/opendistro/repository_test.rb From 6296bd02a5a2f20c42f03dc1bc7bb611e690b55f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 09:49:59 +0100 Subject: [PATCH 093/260] Add ci.yml --- .github/workflows/ci.yml | 64 ++++++++++++++++++++++++++++++++++++++ .github/workflows/main.yml | 31 ------------------ 2 files changed, 64 insertions(+), 31 deletions(-) create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..32af9524 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,64 @@ +name: Kitchen tests for Wazuh Chef + +on: + push: + branches: + - feature-cookbooks + pull_request: + branches: + - feature-cookbooks + +jobs: + ruby: + strategy: + fail-fast: false + matrix: + ruby: [2.4, 2.5, 2.6] + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + - name: Install dependencies + run: bundle install + kitchen-test: + runs-on: ubuntu-latest + strategy: + matrix: + os: + #- 'debian-9' + #- 'debian-10' + #- 'centos-7' + #- 'centos-8' + - 'ubuntu-2004' + #- 'ubuntu-1804' + #- 'opensuse-leap-15' + suite: + - 'default' + steps: + - name: Check out code + uses: actions/checkout@master + - name: Install Chef + uses: actionshub/chef-install@master + - name: Dokken + uses: actionshub/kitchen-dokken@master + env: + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.dokken.yml + with: + suite: ${{ matrix.suite }} + os: ${{ matrix.os }} + + #- name: Ubuntu 18.04 - Wazuh Manager + # uses: ./.github/actions/manager + # env: + # IMAGE: jrei/systemd-ubuntu:18.04 + # PLATFORM: ubuntu + # RELEASE: 18 + # RUN_COMMAND: /sbin/init + # VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 + + \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 9b98733c..00000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Kitchen tests for Wazuh Chef - -on: - push: - branches: - - feature-cookbooks - pull_request: - branches: - - feature-cookbooks - -jobs: - kitchen-test: - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@master - - name: Install Chef - uses: actionshub/chef-install@master - - name: Test-Kitchen - run: kitchen test elastic-stack-ubuntu-1804 - - #- name: Ubuntu 18.04 - Wazuh Manager - # uses: ./.github/actions/manager - # env: - # IMAGE: jrei/systemd-ubuntu:18.04 - # PLATFORM: ubuntu - # RELEASE: 18 - # RUN_COMMAND: /sbin/init - # VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 - - \ No newline at end of file From 7bb17a06373ee98e4a3e48935f4ac6728a4fd641 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 09:50:19 +0100 Subject: [PATCH 094/260] Move test integration location --- .../elastic-stack/test/integration}/elasticsearch_test.rb | 0 .../elastic-stack/test/integration}/kibana_test.rb | 0 .../elastic-stack/test/integration}/prerequisites_test.rb | 0 .../elastic-stack/test/integration}/repository_test.rb | 0 .../opendistro/test/integration}/elasticsearch_test.rb | 0 .../opendistro/test/integration}/kibana_test.rb | 0 .../opendistro/test/integration}/prerequisites_test.rb | 0 .../opendistro/test/integration}/repository_test.rb | 0 8 files changed, 0 insertions(+), 0 deletions(-) rename {test/integration/elastic-stack => cookbooks/elastic-stack/test/integration}/elasticsearch_test.rb (100%) rename {test/integration/elastic-stack => cookbooks/elastic-stack/test/integration}/kibana_test.rb (100%) rename {test/integration/elastic-stack => cookbooks/elastic-stack/test/integration}/prerequisites_test.rb (100%) rename {test/integration/elastic-stack => cookbooks/elastic-stack/test/integration}/repository_test.rb (100%) rename {test/integration/opendistro => cookbooks/opendistro/test/integration}/elasticsearch_test.rb (100%) rename {test/integration/opendistro => cookbooks/opendistro/test/integration}/kibana_test.rb (100%) rename {test/integration/opendistro => cookbooks/opendistro/test/integration}/prerequisites_test.rb (100%) rename {test/integration/opendistro => cookbooks/opendistro/test/integration}/repository_test.rb (100%) diff --git a/test/integration/elastic-stack/elasticsearch_test.rb b/cookbooks/elastic-stack/test/integration/elasticsearch_test.rb similarity index 100% rename from test/integration/elastic-stack/elasticsearch_test.rb rename to cookbooks/elastic-stack/test/integration/elasticsearch_test.rb diff --git a/test/integration/elastic-stack/kibana_test.rb b/cookbooks/elastic-stack/test/integration/kibana_test.rb similarity index 100% rename from test/integration/elastic-stack/kibana_test.rb rename to cookbooks/elastic-stack/test/integration/kibana_test.rb diff --git a/test/integration/elastic-stack/prerequisites_test.rb b/cookbooks/elastic-stack/test/integration/prerequisites_test.rb similarity index 100% rename from test/integration/elastic-stack/prerequisites_test.rb rename to cookbooks/elastic-stack/test/integration/prerequisites_test.rb diff --git a/test/integration/elastic-stack/repository_test.rb b/cookbooks/elastic-stack/test/integration/repository_test.rb similarity index 100% rename from test/integration/elastic-stack/repository_test.rb rename to cookbooks/elastic-stack/test/integration/repository_test.rb diff --git a/test/integration/opendistro/elasticsearch_test.rb b/cookbooks/opendistro/test/integration/elasticsearch_test.rb similarity index 100% rename from test/integration/opendistro/elasticsearch_test.rb rename to cookbooks/opendistro/test/integration/elasticsearch_test.rb diff --git a/test/integration/opendistro/kibana_test.rb b/cookbooks/opendistro/test/integration/kibana_test.rb similarity index 100% rename from test/integration/opendistro/kibana_test.rb rename to cookbooks/opendistro/test/integration/kibana_test.rb diff --git a/test/integration/opendistro/prerequisites_test.rb b/cookbooks/opendistro/test/integration/prerequisites_test.rb similarity index 100% rename from test/integration/opendistro/prerequisites_test.rb rename to cookbooks/opendistro/test/integration/prerequisites_test.rb diff --git a/test/integration/opendistro/repository_test.rb b/cookbooks/opendistro/test/integration/repository_test.rb similarity index 100% rename from test/integration/opendistro/repository_test.rb rename to cookbooks/opendistro/test/integration/repository_test.rb From e59b56efe01cb9375926518943e4cdd9fe8d4835 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 10:01:56 +0100 Subject: [PATCH 095/260] Update kitchen yml files --- kitchen.dokken.yml | 57 ++++++++++++++++++++++++++++++++++- kitchen.yml | 75 ++++++++++++++++------------------------------ 2 files changed, 82 insertions(+), 50 deletions(-) diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index ab4fe99b..4aa94851 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -30,4 +30,59 @@ suites: cpus: 2 verifier: inspec_tests: - - path: kitchen/test/integration/elastic-stack/ + - path: cookbooks/elastic-stack/test/integration + + - name: opendistro + run_list: + - recipe['opendistro::default'] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: cookbooks/opendistro/test/integration + + - name: filebeat + run_list: + - recipe['filebeat::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: cookbooks/filebeat/test/integration + + - name: filebeat-oss + run_list: + - recipe['filebeat-oss::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: cookbooks/filebeat-oss/test/integration + + - name: wazuh-manager + run_list: + - recipe['wazuh-manager::default'] + driver: + customize: + memory: 2048 + cpus: 1 + verifier: + inspec_tests: + - path: cookbooks/wazuh-manager/test/integration + + - name: wazuh-agent + run_list: + - recipe['wazuh-agent::default'] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: cookbooks/wazuh-agent/test/integration diff --git a/kitchen.yml b/kitchen.yml index 3eaeb232..b4cf0eb0 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -1,56 +1,33 @@ -#driver: -# name: vagrant -# -#verifier: -# name: inspec -# -#platforms: -# - name: ubuntu-20.04 -# driver: -# box: bento/ubuntu-20.04 -# network: -# - ["private_network", {ip: "172.16.11.10"}] -# -# - name: ubuntu-18.04 -# driver: -# box: bento/ubuntu-18.04 -# network: -# - ["private_network", {ip: "172.16.11.11"}] -# -# - name: centos-8 -# driver: -# box: bento/centos-8 -# network: -# - ["private_network", {ip: "172.16.11.12"}] -# -# - name: centos-7 -# driver: -# box: bento/centos-7 -# network: -# - ["private_network", {ip: "172.16.11.13"}] - driver: - name: dokken - chef_version: latest # or 15 or 15.0 or 15.0.300 or curent - -transport: - name: dokken - -provisioner: - name: dokken - chef_license: accept + name: vagrant verifier: name: inspec platforms: - - name: centos-7 + - name: ubuntu-20.04 driver: - image: dokken/centos-7 + box: bento/ubuntu-20.04 + network: + - ["private_network", {ip: "172.16.11.10"}] - name: ubuntu-18.04 driver: - image: dokken/ubuntu-18.04 + box: bento/ubuntu-18.04 + network: + - ["private_network", {ip: "172.16.11.11"}] + + - name: centos-8 + driver: + box: bento/centos-8 + network: + - ["private_network", {ip: "172.16.11.12"}] + + - name: centos-7 + driver: + box: bento/centos-7 + network: + - ["private_network", {ip: "172.16.11.13"}] suites: - name: elastic-stack @@ -62,7 +39,7 @@ suites: cpus: 2 verifier: inspec_tests: - - path: test/integration/elastic-stack/ + - path: cookbooks/elastic-stack/test/integration - name: opendistro run_list: @@ -73,7 +50,7 @@ suites: cpus: 2 verifier: inspec_tests: - - path: test/integration/opendistro/ + - path: cookbooks/opendistro/test/integration - name: filebeat run_list: @@ -84,7 +61,7 @@ suites: cpus: 1 verifier: inspec_tests: - - path: test/integration/filebeat/ + - path: cookbooks/filebeat/test/integration - name: filebeat-oss run_list: @@ -95,7 +72,7 @@ suites: cpus: 1 verifier: inspec_tests: - - path: test/integration/filebeat-oss/ + - path: cookbooks/filebeat-oss/test/integration - name: wazuh-manager run_list: @@ -106,7 +83,7 @@ suites: cpus: 1 verifier: inspec_tests: - - path: test/integration/wazuh-manager/ + - path: cookbooks/wazuh-manager/test/integration - name: wazuh-agent run_list: @@ -117,7 +94,7 @@ suites: cpus: 1 verifier: inspec_tests: - - path: test/integration/wazuh-agent/ + - path: cookbooks/wazuh-agent/test/integration From 03e08d9c4fcf4d2395481ac0a7054f8a6a1fc80c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 10:14:45 +0100 Subject: [PATCH 096/260] Remove suites from dokken yml --- .github/workflows/ci.yml | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 32af9524..2dedfe8f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,20 +10,21 @@ on: jobs: ruby: - strategy: - fail-fast: false - matrix: - ruby: [2.4, 2.5, 2.6] - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - - name: Install dependencies - run: bundle install + strategy: + fail-fast: false + matrix: + ruby: [2.4, 2.5, 2.6] + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + - name: Install dependencies + run: bundle install + kitchen-test: runs-on: ubuntu-latest strategy: @@ -42,7 +43,7 @@ jobs: - name: Check out code uses: actions/checkout@master - name: Install Chef - uses: actionshub/chef-install@master + uses: actionshub/chef-install@main - name: Dokken uses: actionshub/kitchen-dokken@master env: @@ -52,13 +53,4 @@ jobs: suite: ${{ matrix.suite }} os: ${{ matrix.os }} - #- name: Ubuntu 18.04 - Wazuh Manager - # uses: ./.github/actions/manager - # env: - # IMAGE: jrei/systemd-ubuntu:18.04 - # PLATFORM: ubuntu - # RELEASE: 18 - # RUN_COMMAND: /sbin/init - # VAGRANT_INSTANCE: wazuh-manager-ubuntu-1804 - \ No newline at end of file From 8aeb3e27aba96886c1c3e135cc2d99f3a59fe42e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 10:15:19 +0100 Subject: [PATCH 097/260] Add more platforms --- kitchen.dokken.yml | 95 +++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 57 deletions(-) diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml index 4aa94851..390c513d 100644 --- a/kitchen.dokken.yml +++ b/kitchen.dokken.yml @@ -13,76 +13,57 @@ provisioner: name: dokken platforms: - - name: ubuntu-18.04 + - name: amazonlinux-2 driver: - image: dokken/ubuntu-18.04 + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 pid_one_command: /bin/systemd intermediate_instructions: - RUN /usr/bin/apt-get update -suites: - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] + - name: centos-7 driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: cookbooks/elastic-stack/test/integration + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd - - name: opendistro - run_list: - - recipe['opendistro::default'] + - name: centos-8 driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: cookbooks/opendistro/test/integration + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd - - name: filebeat - run_list: - - recipe['filebeat::default'] + - name: ubuntu-16.04 driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/filebeat/test/integration + image: dokken/ubuntu-16.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update - - name: filebeat-oss - run_list: - - recipe['filebeat-oss::default'] + - name: ubuntu-18.04 driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/filebeat-oss/test/integration + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update - - name: wazuh-manager - run_list: - - recipe['wazuh-manager::default'] + - name: ubuntu-20.04 driver: - customize: - memory: 2048 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/wazuh-manager/test/integration + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update - - name: wazuh-agent - run_list: - - recipe['wazuh-agent::default'] + - name: opensuse-leap-15 driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/wazuh-agent/test/integration + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd \ No newline at end of file From dd8c6724e19be35a342aae203f7d3e9f8ed9dde1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 10:16:11 +0100 Subject: [PATCH 098/260] Chamge to default (test) --- Berksfile | 2 ++ kitchen.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Berksfile b/Berksfile index 35c4520c..b0ebb1e2 100644 --- a/Berksfile +++ b/Berksfile @@ -13,3 +13,5 @@ group :cookbooks do cookbook 'elastic-stack', path: './cookbooks/elastic-stack' cookbook 'opendistro', path: './cookbooks/opendistro' end + +g \ No newline at end of file diff --git a/kitchen.yml b/kitchen.yml index b4cf0eb0..ab1580f4 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -30,7 +30,7 @@ platforms: - ["private_network", {ip: "172.16.11.13"}] suites: - - name: elastic-stack + - name: default run_list: - recipe[elastic-stack::default] driver: From d5551776217e388076b295ae19525ade9106a95b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 10:24:45 +0100 Subject: [PATCH 099/260] Fix berksfile --- Berksfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Berksfile b/Berksfile index b0ebb1e2..c0928817 100644 --- a/Berksfile +++ b/Berksfile @@ -12,6 +12,4 @@ group :cookbooks do cookbook 'wazuh_agent', path: './cookbooks/wazuh_agent' cookbook 'elastic-stack', path: './cookbooks/elastic-stack' cookbook 'opendistro', path: './cookbooks/opendistro' -end - -g \ No newline at end of file +end \ No newline at end of file From 604ff6030c160dad91e83b6c09722afd40c2c645 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 10:32:05 +0100 Subject: [PATCH 100/260] Remove ait kibana bash code --- cookbooks/elastic-stack/recipes/kibana.rb | 9 --------- 1 file changed, 9 deletions(-) diff --git a/cookbooks/elastic-stack/recipes/kibana.rb b/cookbooks/elastic-stack/recipes/kibana.rb index 751cce20..cfe8e713 100644 --- a/cookbooks/elastic-stack/recipes/kibana.rb +++ b/cookbooks/elastic-stack/recipes/kibana.rb @@ -125,15 +125,6 @@ end end -bash 'Waiting for kibana curl response...' do - code <<-EOH - until (curl -XGET http://#{node['kibana']['yml']['server']['host']}:#{node['kibana']['yml']['server']['port']}); do - printf 'Waiting for kibana....' - sleep 5 - done - EOH -end - log 'Access Kibana web interface' do message "URL: http://#{node['kibana']['yml']['server']['host']}:#{node['kibana']['yml']['server']['port']} user: admin From 1606d58c275308c9e2ed39f668712ebb80e2b6cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:21:22 +0100 Subject: [PATCH 101/260] Change to execute keyword --- cookbooks/elastic-stack/recipes/kibana.rb | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/cookbooks/elastic-stack/recipes/kibana.rb b/cookbooks/elastic-stack/recipes/kibana.rb index cfe8e713..302b4b95 100644 --- a/cookbooks/elastic-stack/recipes/kibana.rb +++ b/cookbooks/elastic-stack/recipes/kibana.rb @@ -45,16 +45,12 @@ # Update the optimize and plugins directories permissions -directory "#{node['kibana']['package_path']}/optimize" do - owner 'kibana' - group 'kibana' - recursive true +execute "Change #{node['kibana']['package_path']}/optimize owner" do + command "sudo chown -R kibana:kibana #{node['kibana']['package_path']}/optimize" end -directory "#{node['kibana']['package_path']}/plugins" do - owner 'kibana' - group 'kibana' - recursive true +execute "Change #{node['kibana']['package_path']}/plugins owner" do + command "sudo chown -R kibana:kibana #{node['kibana']['package_path']}/plugins" end # Install the Wazuh Kibana plugin @@ -72,7 +68,7 @@ source 'wazuh.yml.erb' owner 'kibana' group 'kibana' - mode 0o755 + mode 0755 action :create variables({ api_credentials: node['kibana']['wazuh_api_credentials'] From 5fb1eaeaf7684d86e6cc64bbbd64d61bb6b9206c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:21:55 +0100 Subject: [PATCH 102/260] Move test to test/integration/elastic-stack path --- .../test/integration/{ => elastic-stack}/elasticsearch_test.rb | 0 .../test/integration/{ => elastic-stack}/kibana_test.rb | 0 .../test/integration/{ => elastic-stack}/prerequisites_test.rb | 0 .../test/integration/{ => elastic-stack}/repository_test.rb | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename cookbooks/elastic-stack/test/integration/{ => elastic-stack}/elasticsearch_test.rb (100%) rename cookbooks/elastic-stack/test/integration/{ => elastic-stack}/kibana_test.rb (100%) rename cookbooks/elastic-stack/test/integration/{ => elastic-stack}/prerequisites_test.rb (100%) rename cookbooks/elastic-stack/test/integration/{ => elastic-stack}/repository_test.rb (100%) diff --git a/cookbooks/elastic-stack/test/integration/elasticsearch_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb similarity index 100% rename from cookbooks/elastic-stack/test/integration/elasticsearch_test.rb rename to cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb diff --git a/cookbooks/elastic-stack/test/integration/kibana_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb similarity index 100% rename from cookbooks/elastic-stack/test/integration/kibana_test.rb rename to cookbooks/elastic-stack/test/integration/elastic-stack/kibana_test.rb diff --git a/cookbooks/elastic-stack/test/integration/prerequisites_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb similarity index 100% rename from cookbooks/elastic-stack/test/integration/prerequisites_test.rb rename to cookbooks/elastic-stack/test/integration/elastic-stack/prerequisites_test.rb diff --git a/cookbooks/elastic-stack/test/integration/repository_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb similarity index 100% rename from cookbooks/elastic-stack/test/integration/repository_test.rb rename to cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb From 30f3a41d65aca6ab6a5b9f9012b9428b56622ee3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:22:12 +0100 Subject: [PATCH 103/260] Add chefignore --- cookbooks/elastic-stack/chefignore | 115 +++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 cookbooks/elastic-stack/chefignore diff --git a/cookbooks/elastic-stack/chefignore b/cookbooks/elastic-stack/chefignore new file mode 100644 index 00000000..6a4264c0 --- /dev/null +++ b/cookbooks/elastic-stack/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile \ No newline at end of file From d5322085ab84636823683bff8cf94aaf09b534d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:22:30 +0100 Subject: [PATCH 104/260] Update gemfile --- cookbooks/elastic-stack/Gemfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cookbooks/elastic-stack/Gemfile b/cookbooks/elastic-stack/Gemfile index d0c6e6b7..702c66f9 100644 --- a/cookbooks/elastic-stack/Gemfile +++ b/cookbooks/elastic-stack/Gemfile @@ -2,6 +2,5 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' -gem 'kitchen-vagrant' gem 'kitchen-inspec' -gem 'inspec \ No newline at end of file +gem 'kitchen-dokken' \ No newline at end of file From b2022f7885136369514862e765b1698544ea0d49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:22:59 +0100 Subject: [PATCH 105/260] Add kitchen.yml --- cookbooks/elastic-stack/kitchen.yml | 75 +++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) create mode 100644 cookbooks/elastic-stack/kitchen.yml diff --git a/cookbooks/elastic-stack/kitchen.yml b/cookbooks/elastic-stack/kitchen.yml new file mode 100644 index 00000000..4909818c --- /dev/null +++ b/cookbooks/elastic-stack/kitchen.yml @@ -0,0 +1,75 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + driver: + +verifier: + name: inspec + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + +suites: + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + driver: + verifier: + inspec_tests: + - path: test/integration/elastic-stack \ No newline at end of file From 70e71bfdd28460c1a6dc1fe9eb26e6dc8053d6c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:23:28 +0100 Subject: [PATCH 106/260] Update metadata --- cookbooks/elastic-stack/metadata.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cookbooks/elastic-stack/metadata.rb b/cookbooks/elastic-stack/metadata.rb index aea9f742..5f91c769 100644 --- a/cookbooks/elastic-stack/metadata.rb +++ b/cookbooks/elastic-stack/metadata.rb @@ -20,7 +20,4 @@ supports 'opensuse', '>= 42.0' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) - -depends 'filebeat' -depends 'wazuh_manager' +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file From 71bfaf4fb80dbd04dc240d6069f828db06fa7e3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:23:53 +0100 Subject: [PATCH 107/260] Remove data_bags --- data_bags/wazuh_secrets/README.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 data_bags/wazuh_secrets/README.md diff --git a/data_bags/wazuh_secrets/README.md b/data_bags/wazuh_secrets/README.md deleted file mode 100644 index 36246dde..00000000 --- a/data_bags/wazuh_secrets/README.md +++ /dev/null @@ -1,3 +0,0 @@ -## Wazuh Secrets - -This folders will contain the logstash_certificate and api secrets that can be used through the installation. \ No newline at end of file From 5871ef468ae007ac4e689a2440f71fe456f9c859 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:24:27 +0100 Subject: [PATCH 108/260] Remove unnecesary files --- Berksfile | 15 ------ Gemfile | 7 --- chefignore | 115 --------------------------------------------- kitchen.dokken.yml | 69 --------------------------- kitchen.yml | 108 ------------------------------------------ metadata.rb | 30 ------------ 6 files changed, 344 deletions(-) delete mode 100644 Berksfile delete mode 100644 Gemfile delete mode 100644 chefignore delete mode 100644 kitchen.dokken.yml delete mode 100644 kitchen.yml delete mode 100644 metadata.rb diff --git a/Berksfile b/Berksfile deleted file mode 100644 index c0928817..00000000 --- a/Berksfile +++ /dev/null @@ -1,15 +0,0 @@ -# frozen_string_literal: true - -# -*- ruby -*- -source 'https://supermarket.chef.io' - -metadata - -group :cookbooks do - cookbook 'filebeat', path: './cookbooks/filebeat' - cookbook 'filebeat-oss', path: './cookbooks/filebeat-oss' - cookbook 'wazuh_manager', path: './cookbooks/wazuh_manager' - cookbook 'wazuh_agent', path: './cookbooks/wazuh_agent' - cookbook 'elastic-stack', path: './cookbooks/elastic-stack' - cookbook 'opendistro', path: './cookbooks/opendistro' -end \ No newline at end of file diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 5c8cda0e..00000000 --- a/Gemfile +++ /dev/null @@ -1,7 +0,0 @@ -source 'https://rubygems.org' - -gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-vagrant' -gem 'kitchen-dokken' \ No newline at end of file diff --git a/chefignore b/chefignore deleted file mode 100644 index 6a4264c0..00000000 --- a/chefignore +++ /dev/null @@ -1,115 +0,0 @@ -# Put files/directories that should be ignored in this file when uploading -# to a Chef Infra Server or Supermarket. -# Lines that start with '# ' are comments. - -# OS generated files # -###################### -.DS_Store -ehthumbs.db -Icon? -nohup.out -Thumbs.db -.envrc - -# EDITORS # -########### -.#* -.project -.settings -*_flymake -*_flymake.* -*.bak -*.sw[a-z] -*.tmproj -*~ -\#* -REVISION -TAGS* -tmtags -.vscode -.editorconfig - -## COMPILED ## -############## -*.class -*.com -*.dll -*.exe -*.o -*.pyc -*.so -*/rdoc/ -a.out -mkmf.log - -# Testing # -########### -.circleci/* -.codeclimate.yml -.delivery/* -.foodcritic -.kitchen* -.mdlrc -.overcommit.yml -.rspec -.rubocop.yml -.travis.yml -.watchr -.yamllint -azure-pipelines.yml -Dangerfile -examples/* -features/* -Guardfile -kitchen.yml* -mlc_config.json -Procfile -Rakefile -spec/* -test/* - -# SCM # -####### -.git -.gitattributes -.gitconfig -.github/* -.gitignore -.gitkeep -.gitmodules -.svn -*/.bzr/* -*/.git -*/.hg/* -*/.svn/* - -# Berkshelf # -############# -Berksfile -Berksfile.lock -cookbooks/* -tmp - -# Bundler # -########### -vendor/* -Gemfile -Gemfile.lock - -# Policyfile # -############## -Policyfile.rb -Policyfile.lock.json - -# Documentation # -############# -CODE_OF_CONDUCT* -CONTRIBUTING* -documentation/* -TESTING* -UPGRADING* - -# Vagrant # -########### -.vagrant -Vagrantfile \ No newline at end of file diff --git a/kitchen.dokken.yml b/kitchen.dokken.yml deleted file mode 100644 index 390c513d..00000000 --- a/kitchen.dokken.yml +++ /dev/null @@ -1,69 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-16.04 - driver: - image: dokken/ubuntu-16.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd \ No newline at end of file diff --git a/kitchen.yml b/kitchen.yml deleted file mode 100644 index ab1580f4..00000000 --- a/kitchen.yml +++ /dev/null @@ -1,108 +0,0 @@ -driver: - name: vagrant - -verifier: - name: inspec - -platforms: - - name: ubuntu-20.04 - driver: - box: bento/ubuntu-20.04 - network: - - ["private_network", {ip: "172.16.11.10"}] - - - name: ubuntu-18.04 - driver: - box: bento/ubuntu-18.04 - network: - - ["private_network", {ip: "172.16.11.11"}] - - - name: centos-8 - driver: - box: bento/centos-8 - network: - - ["private_network", {ip: "172.16.11.12"}] - - - name: centos-7 - driver: - box: bento/centos-7 - network: - - ["private_network", {ip: "172.16.11.13"}] - -suites: - - name: default - run_list: - - recipe[elastic-stack::default] - driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: cookbooks/elastic-stack/test/integration - - - name: opendistro - run_list: - - recipe['opendistro::default'] - driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: cookbooks/opendistro/test/integration - - - name: filebeat - run_list: - - recipe['filebeat::default'] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/filebeat/test/integration - - - name: filebeat-oss - run_list: - - recipe['filebeat-oss::default'] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/filebeat-oss/test/integration - - - name: wazuh-manager - run_list: - - recipe['wazuh-manager::default'] - driver: - customize: - memory: 2048 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/wazuh-manager/test/integration - - - name: wazuh-agent - run_list: - - recipe['wazuh-agent::default'] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: cookbooks/wazuh-agent/test/integration - - - - - - - - - - - diff --git a/metadata.rb b/metadata.rb deleted file mode 100644 index 922a1c58..00000000 --- a/metadata.rb +++ /dev/null @@ -1,30 +0,0 @@ -# frozen_string_literal: true - -name 'wazuh-chef' -maintainer 'Wazuh' -maintainer_email 'info@wazuh.com' -license 'All rights reserved' -description 'Install/Configures wazuh-chef cookbooks' -long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '0.1.0' -chef_version '>= 15.0' - -%w[redhat centos oracle].each do |el| - supports el, '>= 6.0' -end -supports 'amazon', '>= 1.0' -supports 'fedora', '>= 22.0' -supports 'debian', '>= 7.0' -supports 'ubuntu', '>= 12.04' -supports 'suse', '>= 12.0' -supports 'opensuse', '>= 42.0' - -issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) - -depends 'filebeat' -depends 'filebeat-oss' -depends 'wazuh_manager' -depends 'wazuh_agent' -depends 'elastic-stack' -depends 'opendistro' From 3a650840c178f6b94d53d4b83958a0a75e836ac1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:24:39 +0100 Subject: [PATCH 109/260] remove environmentes --- environments/development.json | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 environments/development.json diff --git a/environments/development.json b/environments/development.json deleted file mode 100644 index 3064a7f7..00000000 --- a/environments/development.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "development", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "hostname_server_ip": "manager.wazuh-test.com" - }, - "filebeat": { - "ossec_type": "ossec-alerts-development", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} From 652677feef45f60c109fb8c5c4a66b33059ce448 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:25:36 +0100 Subject: [PATCH 110/260] Update gh actions --- .github/actions/{manager => }/Dockerfile | 2 +- .../{manager/manager.yml => action.yml} | 2 +- .github/actions/entrypoint.sh | 25 +++ .github/actions/manager/entrypoint.sh | 17 -- .github/workflows/ci.yml | 171 +++++++++++++++--- 5 files changed, 175 insertions(+), 42 deletions(-) rename .github/actions/{manager => }/Dockerfile (78%) rename .github/actions/{manager/manager.yml => action.yml} (57%) create mode 100644 .github/actions/entrypoint.sh delete mode 100644 .github/actions/manager/entrypoint.sh diff --git a/.github/actions/manager/Dockerfile b/.github/actions/Dockerfile similarity index 78% rename from .github/actions/manager/Dockerfile rename to .github/actions/Dockerfile index e63c3705..a4692a04 100644 --- a/.github/actions/manager/Dockerfile +++ b/.github/actions/Dockerfile @@ -1,4 +1,4 @@ -FROM chef/chefworkstation +FROM ubuntu:latest COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh diff --git a/.github/actions/manager/manager.yml b/.github/actions/action.yml similarity index 57% rename from .github/actions/manager/manager.yml rename to .github/actions/action.yml index 9105b1e6..075c0294 100644 --- a/.github/actions/manager/manager.yml +++ b/.github/actions/action.yml @@ -1,5 +1,5 @@ name: test-manager -description: Test Wazuh manager Chef install +description: Test Wazuh Chef cookbooks runs: using: docker image: 'Dockerfile' \ No newline at end of file diff --git a/.github/actions/entrypoint.sh b/.github/actions/entrypoint.sh new file mode 100644 index 00000000..790e9197 --- /dev/null +++ b/.github/actions/entrypoint.sh @@ -0,0 +1,25 @@ +#! /usr/bin/env bash +set -e + +echo "Cookbook to test: " +echo $COOKBOOK_NAME + +cd cookbooks/$COOKBOOK_NAME + +echo "Installing dependencies" +bundle install + +case $OS in + ubuntu-18.04) + $OS=ubuntu-1804 + ;; + ubuntu-20.04) + $OS=ubuntu-2004 + ;; + *) + echo -n "Not Ubuntu OS" + ;; +esac + +echo "Test cookbook with kitchen... (create, converge, verify and destroy)" +kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file diff --git a/.github/actions/manager/entrypoint.sh b/.github/actions/manager/entrypoint.sh deleted file mode 100644 index a10e4b59..00000000 --- a/.github/actions/manager/entrypoint.sh +++ /dev/null @@ -1,17 +0,0 @@ -#! /usr/bin/env bash -set -e - -echo "Env var value: IMAGE " -echo $IMAGE -echo "Env var value: PLATFORM " -echo $PLATFORM -echo "Env var value: RELEASE" -echo $RELEASE - -echo "Installing dependencies" -bundle install - -cd kitchen - -echo "Kitchen is creating the new instances" -kitchen test $VAGRANT_INSTANCE \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2dedfe8f..9bbb19d2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - ruby: [2.4, 2.5, 2.6] + ruby: [2.5, 2.6, 2.7] runs-on: ubuntu-latest steps: - name: Checkout repository @@ -24,33 +24,158 @@ jobs: ruby-version: ${{ matrix.ruby }} - name: Install dependencies run: bundle install - - kitchen-test: + + chef: + needs: ruby + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@master + - name: Install Chef + uses: actionshub/chef-install@main + + elastic-stack: + needs: [ruby, chef] runs-on: ubuntu-latest strategy: matrix: - os: - #- 'debian-9' - #- 'debian-10' - #- 'centos-7' - #- 'centos-8' - - 'ubuntu-2004' - #- 'ubuntu-1804' - #- 'opensuse-leap-15' - suite: - - 'default' + os: [ + # amazonlinux-2, + # debian-9, + # debian-10, + # centos-7, + # centos-8, + ubuntu-20.04, + # ubuntu-18.04, + # opensuse-leap-15, + ] steps: - name: Check out code uses: actions/checkout@master - - name: Install Chef - uses: actionshub/chef-install@main - - name: Dokken - uses: actionshub/kitchen-dokken@master + - name: Elastic-Stack + uses: ./.github/actions env: - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml - with: - suite: ${{ matrix.suite }} - os: ${{ matrix.os }} - + COOKBOOK_NAME: elastic-stack + OS: ${{ matrix.os }} + + #opendistro: + # needs: [ruby, chef] + # runs-on: ubuntu-latest + # strategy: + # matrix: + # os: [ + # # debian-9, + # # debian-10, + # # centos-7, + # # centos-8, + # ubuntu-20.04, + # # ubuntu-18.04, + # # opensuse-leap-15, + # # fedora-latest + # ] + # steps: + # - name: Check out code + # uses: actions/checkout@master + # - name: Opendistro + # uses: ./.github/actions + # env: + # COOKBOOK_NAME: opendistro + # OS: ${{ matrix.os }} + # + #filebeat: + # needs: [ruby, chef] + # runs-on: ubuntu-latest + # strategy: + # matrix: + # os: [ + # # debian-9, + # # debian-10, + # # centos-7, + # # centos-8, + # ubuntu-20.04, + # # ubuntu-18.04, + # # opensuse-leap-15, + # # fedora-latest + # ] + # steps: + # - name: Check out code + # uses: actions/checkout@master + # - name: Filebeat + # uses: ./.github/actions + # env: + # COOKBOOK_NAME: filebeat + # OS: ${{ matrix.os }} + # + # + #filebeat-oss: + # needs: [ruby, chef] + # runs-on: ubuntu-latest + # strategy: + # matrix: + # os: [ + # # debian-9, + # # debian-10, + # # centos-7, + # # centos-8, + # ubuntu-20.04, + # # ubuntu-18.04, + # # opensuse-leap-15, + # # fedora-latest + # ] + # steps: + # - name: Check out code + # uses: actions/checkout@master + # - name: Filebeat-OSS + # uses: ./.github/actions + # env: + # COOKBOOK_NAME: filebeat-oss + # OS: ${{ matrix.os }} + # + #wazuh-manager: + # needs: [ruby, chef] + # runs-on: ubuntu-latest + # strategy: + # matrix: + # os: [ + # # debian-9, + # # debian-10, + # # centos-7, + # # centos-8, + # ubuntu-20.04, + # # ubuntu-18.04, + # # opensuse-leap-15, + # # fedora-latest + # ] + # steps: + # - name: Check out code + # uses: actions/checkout@master + # - name: Wazuh Manager + # uses: ./.github/actions + # env: + # COOKBOOK_NAME: wazuh_manager + # OS: ${{ matrix.os }} + # + #wazuh-agent: + # needs: [ruby, chef] + # runs-on: ubuntu-latest + # strategy: + # matrix: + # os: [ + # # debian-9, + # # debian-10, + # # centos-7, + # # centos-8, + # ubuntu-20.04, + # # ubuntu-18.04, + # # opensuse-leap-15, + # # fedora-latest + # ] + # steps: + # - name: Check out code + # uses: actions/checkout@master + # - name: Wazuh Agent + # uses: ./.github/actions + # env: + # COOKBOOK_NAME: wazuh_agent + # OS: ${{ matrix.os }} \ No newline at end of file From 15ddfcf86041d2a79825c6fd86bbfbf982edfb9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 19:54:47 +0100 Subject: [PATCH 111/260] Remove install dependancies step --- .github/workflows/ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9bbb19d2..63244cf3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,8 +22,6 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} - - name: Install dependencies - run: bundle install chef: needs: ruby From 0ba321946f028a30980b5da66c6be4cef3f56b51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 20:04:19 +0100 Subject: [PATCH 112/260] Update gh action --- .github/workflows/ci.yml | 45 ++++++++++++++-------------------------- 1 file changed, 15 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 63244cf3..5c90f94e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,29 +9,6 @@ on: - feature-cookbooks jobs: - ruby: - strategy: - fail-fast: false - matrix: - ruby: [2.5, 2.6, 2.7] - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - name: Setup Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ matrix.ruby }} - - chef: - needs: ruby - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@master - - name: Install Chef - uses: actionshub/chef-install@main - elastic-stack: needs: [ruby, chef] runs-on: ubuntu-latest @@ -48,13 +25,21 @@ jobs: # opensuse-leap-15, ] steps: - - name: Check out code - uses: actions/checkout@master - - name: Elastic-Stack - uses: ./.github/actions - env: - COOKBOOK_NAME: elastic-stack - OS: ${{ matrix.os }} + - name: Checkout repository + uses: actions/checkout@v2 + - name: Check out code + uses: actions/checkout@master + - name: Setup Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ matrix.ruby }} + - name: Install Chef + uses: actionshub/chef-install@main + - name: Test elastic-stack cookbook + uses: ./.github/actions + env: + COOKBOOK_NAME: elastic-stack + OS: ${{ matrix.os }} #opendistro: # needs: [ruby, chef] From 98baea60f953b1f2fed54c3259f988a507070191 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 20:09:03 +0100 Subject: [PATCH 113/260] Remove need and add ruby version --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5c90f94e..80aaa37e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,6 @@ on: jobs: elastic-stack: - needs: [ruby, chef] runs-on: ubuntu-latest strategy: matrix: @@ -32,7 +31,7 @@ jobs: - name: Setup Ruby uses: ruby/setup-ruby@v1 with: - ruby-version: ${{ matrix.ruby }} + ruby-version: 2.7 - name: Install Chef uses: actionshub/chef-install@main - name: Test elastic-stack cookbook From b32534aded5cd09dc350f20675c48edb60ffc626 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 16 Dec 2020 20:15:11 +0100 Subject: [PATCH 114/260] Fix ci.yml --- .github/workflows/ci.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 80aaa37e..dceb9158 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -24,14 +24,12 @@ jobs: # opensuse-leap-15, ] steps: - - name: Checkout repository - uses: actions/checkout@v2 - name: Check out code - uses: actions/checkout@master + uses: actions/checkout@v2 - name: Setup Ruby - uses: ruby/setup-ruby@v1 + uses: actions/setup-ruby@v1 with: - ruby-version: 2.7 + ruby-version: '2.7' - name: Install Chef uses: actionshub/chef-install@main - name: Test elastic-stack cookbook From 9bdd176021ada2e8fbeee0959d1dc99e16ee7e98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 09:54:47 +0100 Subject: [PATCH 115/260] Chenge from image --- .github/actions/Dockerfile | 2 +- cookbooks/filebeat-oss/Gemfile | 6 ++ cookbooks/filebeat-oss/kitchen.yml | 74 ++++++++++++++++++ cookbooks/filebeat/.kitchen.yml | 29 ------- cookbooks/filebeat/Gemfile | 7 ++ cookbooks/filebeat/kitchen.yml | 74 ++++++++++++++++++ cookbooks/opendistro/Gemfile | 5 +- cookbooks/opendistro/chefignore | 115 ++++++++++++++++++++++++++++ cookbooks/opendistro/kitchen.yml | 74 ++++++++++++++++++ cookbooks/wazuh_agent/.kitchen.yml | 84 -------------------- cookbooks/wazuh_agent/Gemfile | 21 +---- cookbooks/wazuh_agent/kitchen.yml | 74 ++++++++++++++++++ cookbooks/wazuh_manager/Gemfile | 23 +----- cookbooks/wazuh_manager/kitchen.yml | 74 ++++++++++++++++++ 14 files changed, 508 insertions(+), 154 deletions(-) create mode 100644 cookbooks/filebeat-oss/Gemfile create mode 100644 cookbooks/filebeat-oss/kitchen.yml delete mode 100644 cookbooks/filebeat/.kitchen.yml create mode 100644 cookbooks/filebeat/Gemfile create mode 100644 cookbooks/filebeat/kitchen.yml create mode 100644 cookbooks/opendistro/chefignore create mode 100644 cookbooks/opendistro/kitchen.yml delete mode 100644 cookbooks/wazuh_agent/.kitchen.yml create mode 100644 cookbooks/wazuh_agent/kitchen.yml create mode 100644 cookbooks/wazuh_manager/kitchen.yml diff --git a/.github/actions/Dockerfile b/.github/actions/Dockerfile index a4692a04..af5f2c96 100644 --- a/.github/actions/Dockerfile +++ b/.github/actions/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:latest +FROM chef/chefworkstation:latest COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh diff --git a/cookbooks/filebeat-oss/Gemfile b/cookbooks/filebeat-oss/Gemfile new file mode 100644 index 00000000..702c66f9 --- /dev/null +++ b/cookbooks/filebeat-oss/Gemfile @@ -0,0 +1,6 @@ +source 'https://rubygems.org' + +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-inspec' +gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/filebeat-oss/kitchen.yml b/cookbooks/filebeat-oss/kitchen.yml new file mode 100644 index 00000000..50121cd2 --- /dev/null +++ b/cookbooks/filebeat-oss/kitchen.yml @@ -0,0 +1,74 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + +suites: + - name: filebeat-oss + run_list: + - recipe[filebeat-oss::default] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration \ No newline at end of file diff --git a/cookbooks/filebeat/.kitchen.yml b/cookbooks/filebeat/.kitchen.yml deleted file mode 100644 index 41d85a8f..00000000 --- a/cookbooks/filebeat/.kitchen.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -driver: - name: vagrant - -provisioner: - name: chef_zero - product_version: latest - -verifiers: - name: inspec - -platforms: - - name: ubuntu-20.04 - - name: centos-8.0 - - name: centos-7 - - name: amazonlinux-2 - - name: debian-7.8 - - name: fedora-23 - - name: opensuse-leap-42.1 -suites: - - name: filebeat - driver: - network: - - ["private_network", {ip: "172.17.10.10"}] - customize: - memory: 512 - cpus: 1 - run_list: - - recipe[filebeat::default] \ No newline at end of file diff --git a/cookbooks/filebeat/Gemfile b/cookbooks/filebeat/Gemfile new file mode 100644 index 00000000..5c8cda0e --- /dev/null +++ b/cookbooks/filebeat/Gemfile @@ -0,0 +1,7 @@ +source 'https://rubygems.org' + +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-inspec' +gem 'kitchen-vagrant' +gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/filebeat/kitchen.yml b/cookbooks/filebeat/kitchen.yml new file mode 100644 index 00000000..487879d0 --- /dev/null +++ b/cookbooks/filebeat/kitchen.yml @@ -0,0 +1,74 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + +suites: + - name: filebeat + run_list: + - recipe[filebeat::default] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration \ No newline at end of file diff --git a/cookbooks/opendistro/Gemfile b/cookbooks/opendistro/Gemfile index ee658143..702c66f9 100644 --- a/cookbooks/opendistro/Gemfile +++ b/cookbooks/opendistro/Gemfile @@ -1,9 +1,6 @@ -# frozen_string_literal: true - source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' -gem 'kitchen-vagrant' gem 'kitchen-inspec' -gem 'inspec +gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/opendistro/chefignore b/cookbooks/opendistro/chefignore new file mode 100644 index 00000000..6a4264c0 --- /dev/null +++ b/cookbooks/opendistro/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile \ No newline at end of file diff --git a/cookbooks/opendistro/kitchen.yml b/cookbooks/opendistro/kitchen.yml new file mode 100644 index 00000000..693d4ca8 --- /dev/null +++ b/cookbooks/opendistro/kitchen.yml @@ -0,0 +1,74 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + +suites: + - name: opendistro + run_list: + - recipe[opendistro::default] + driver: + customize: + memory: 4096 + cpus: 2 + verifier: + inspec_tests: + - path: test/integration \ No newline at end of file diff --git a/cookbooks/wazuh_agent/.kitchen.yml b/cookbooks/wazuh_agent/.kitchen.yml deleted file mode 100644 index bbbb6579..00000000 --- a/cookbooks/wazuh_agent/.kitchen.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -driver: - name: vagrant -driver_config: - require_chef_omnibus: latest - -provisioner: - name: chef_zero - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - -platforms: - - name: ubuntu-12.04 - run_list: apt::default - - name: ubuntu-14.04 - run_list: apt::default - - name: ubuntu-16.04 - run_list: apt::default - - name: centos-6.7 - - name: centos-7.2 -suites: - - name: manager-development-master - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - driver: - network: - - ["private_network", {ip: "172.16.10.10"}] - run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh::manager] - - recipe[wazuh_filebeat::default] - attributes: - provisioner: - client_rb: - environment: development-master - - - name: manager-development-client - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - driver: - network: - - ["private_network", {ip: "172.16.10.11"}] - run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh::manager] - - recipe[wazuh_filebeat::default] - attributes: - provisioner: - client_rb: - environment: development-client - - - name: elastic-development - environments_path: "test/environments" - data_bags_path: "test/data_bags" - encrypted_data_bag_secret_key_path: "test/data_bags/wazuh_secrets/test_data_bag_key" - driver: - network: - - ["private_network", {ip: "172.16.10.12"}] - customize: - memory: 2048 - cpus: 2 - run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh_elastic::default] - attributes: - provisioner: - client_rb: - environment: development-master - - - name: agent-development - driver: - network: - - ["private_network", { type: "dhcp" }] - run_list: - - recipe[wazuh::testenvsetup] - - recipe[wazuh::agent] - attributes: - vagrant: - provisioner: - client_rb: - environment: development diff --git a/cookbooks/wazuh_agent/Gemfile b/cookbooks/wazuh_agent/Gemfile index 518b772e..702c66f9 100644 --- a/cookbooks/wazuh_agent/Gemfile +++ b/cookbooks/wazuh_agent/Gemfile @@ -1,19 +1,6 @@ source 'https://rubygems.org' -group :lint do - gem 'foodcritic', '~> 5.0' - gem 'rubocop', '~> 0.50.0' -end - -group :unit do - gem 'berkshelf', '~> 4.0' - gem 'chefspec', '~> 4.4' -end - -group :kitchen_common do - gem 'test-kitchen', '~> 1.4' -end - -group :kitchen_vagrant do - gem 'kitchen-vagrant', '~> 0.19' -end +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-inspec' +gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/wazuh_agent/kitchen.yml b/cookbooks/wazuh_agent/kitchen.yml new file mode 100644 index 00000000..7e2b0ee3 --- /dev/null +++ b/cookbooks/wazuh_agent/kitchen.yml @@ -0,0 +1,74 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + +suites: + - name: wazuh_agent + run_list: + - recipe[wazuh_agent::default] + driver: + customize: + memory: 512 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration \ No newline at end of file diff --git a/cookbooks/wazuh_manager/Gemfile b/cookbooks/wazuh_manager/Gemfile index 1dc2730c..702c66f9 100644 --- a/cookbooks/wazuh_manager/Gemfile +++ b/cookbooks/wazuh_manager/Gemfile @@ -1,21 +1,6 @@ source 'https://rubygems.org' -group :lint do - gem 'foodcritic', '~> 16.3' - gem 'rubocop', '~> 1.3', '>= 1.3.1' -end - -group :unit do - gem 'berkshelf', '~> 7.1' - gem 'chefspec', '~> 9.2', '>= 9.2.1' -end - -group :kitchen_common do - gem 'test-kitchen', '~> 2.7', '>= 2.7.2' -end - -group :kitchen_vagrant do - gem 'kitchen-vagrant', '~> 1.7', '>= 1.7.2' -end - -gem 'yaml', '~> 0.1.0' +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-inspec' +gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/wazuh_manager/kitchen.yml b/cookbooks/wazuh_manager/kitchen.yml new file mode 100644 index 00000000..70ece152 --- /dev/null +++ b/cookbooks/wazuh_manager/kitchen.yml @@ -0,0 +1,74 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + env: [CHEF_LICENSE=accept] + +transport: + name: dokken + +provisioner: + name: dokken + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + +suites: + - name: wazuh_manager + run_list: + - recipe[wazuh_manager::default] + driver: + customize: + memory: 2048 + cpus: 1 + verifier: + inspec_tests: + - path: test/integration \ No newline at end of file From aa9b843c76b10d7285907c173936bd55a6a57d31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 09:59:47 +0100 Subject: [PATCH 116/260] Fix entrypoint.sh --- .github/actions/entrypoint.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/entrypoint.sh b/.github/actions/entrypoint.sh index 790e9197..30a3f8c5 100644 --- a/.github/actions/entrypoint.sh +++ b/.github/actions/entrypoint.sh @@ -11,15 +11,15 @@ bundle install case $OS in ubuntu-18.04) - $OS=ubuntu-1804 + OS_NAME=ubuntu-1804 ;; ubuntu-20.04) - $OS=ubuntu-2004 + OS_NAME=ubuntu-2004 ;; *) - echo -n "Not Ubuntu OS" + OS_NAME=$OS ;; esac echo "Test cookbook with kitchen... (create, converge, verify and destroy)" -kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file +kitchen test $COOKBOOK_NAME-$OS_NAME \ No newline at end of file From ae02e3325e1dbddb53dc3fda12085c0b1b75033d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 10:05:50 +0100 Subject: [PATCH 117/260] Accept license --- cookbooks/elastic-stack/kitchen.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cookbooks/elastic-stack/kitchen.yml b/cookbooks/elastic-stack/kitchen.yml index 4909818c..1b744dd3 100644 --- a/cookbooks/elastic-stack/kitchen.yml +++ b/cookbooks/elastic-stack/kitchen.yml @@ -4,14 +4,13 @@ driver: # because Docker and SystemD privileged: true chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] transport: name: dokken provisioner: name: dokken - driver: + chef_license: accept verifier: name: inspec From 22c12b98d0780044a77bf91438a22a8db51a12f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 11:15:42 +0100 Subject: [PATCH 118/260] Add fail test --- .github/actions/failure.sh | 18 ++++++++++++++++++ .github/workflows/ci.yml | 6 ++++++ 2 files changed, 24 insertions(+) create mode 100644 .github/actions/failure.sh diff --git a/.github/actions/failure.sh b/.github/actions/failure.sh new file mode 100644 index 00000000..8aa4dc42 --- /dev/null +++ b/.github/actions/failure.sh @@ -0,0 +1,18 @@ +#! /usr/bin/env bash +set -e + +case $OS in + ubuntu-18.04) + OS_NAME=ubuntu-1804 + ;; + ubuntu-20.04) + OS_NAME=ubuntu-2004 + ;; + *) + OS_NAME=$OS + ;; +esac + +LOG_FILE=elastic-stack-$OS_NAME.log +echo "Print out logs" +cat .kitchen/logs/$LOG_FILE \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dceb9158..c0058669 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -37,6 +37,12 @@ jobs: env: COOKBOOK_NAME: elastic-stack OS: ${{ matrix.os }} + - name: Print out logs if fail + if: ${{ failure() }} + working-directory: ./.github/actions + run: ./failure.sh + env: + OS: ${{ matrix.os }} #opendistro: # needs: [ruby, chef] From 05ff404ea7dc65dc557f0be076cbadf276f86de8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 11:20:52 +0100 Subject: [PATCH 119/260] Change action name --- .github/actions/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/action.yml b/.github/actions/action.yml index 075c0294..705627d4 100644 --- a/.github/actions/action.yml +++ b/.github/actions/action.yml @@ -1,4 +1,4 @@ -name: test-manager +name: test-wazuh-chef-cookbooks description: Test Wazuh Chef cookbooks runs: using: docker From 43a496a75d1ff40224f599fe132e2911d5b716a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 11:21:05 +0100 Subject: [PATCH 120/260] Change permission failure.sh --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c0058669..c290eacc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,7 +40,9 @@ jobs: - name: Print out logs if fail if: ${{ failure() }} working-directory: ./.github/actions - run: ./failure.sh + run: | + chmod 755 failure.sh + ./failure.sh env: OS: ${{ matrix.os }} From 2f1b51d6a7d6504a305401e473aac7f3074c35b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 11:39:27 +0100 Subject: [PATCH 121/260] Use test-kitchen --- .github/workflows/ci.yml | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c290eacc..6043a974 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: # debian-10, # centos-7, # centos-8, - ubuntu-20.04, + ubuntu-2004, # ubuntu-18.04, # opensuse-leap-15, ] @@ -32,19 +32,29 @@ jobs: ruby-version: '2.7' - name: Install Chef uses: actionshub/chef-install@main - - name: Test elastic-stack cookbook - uses: ./.github/actions - env: - COOKBOOK_NAME: elastic-stack - OS: ${{ matrix.os }} - - name: Print out logs if fail - if: ${{ failure() }} - working-directory: ./.github/actions - run: | - chmod 755 failure.sh - ./failure.sh + with: + version: latest + - name: Test-Kitchen + uses: actionshub/test-kitchen@main + with: + suite: ${{ matrix.suite }} + os: ${{ matrix.os }} env: - OS: ${{ matrix.os }} + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: ./cookbooks/elastic-stack/kitchen.yml + #- name: Test elastic-stack cookbook + # uses: ./.github/actions + # env: + # COOKBOOK_NAME: elastic-stack + # OS: ${{ matrix.os }} + #- name: Print out logs if fail + # if: ${{ failure() }} + # working-directory: ./.github/actions + # run: | + # chmod 755 failure.sh + # ./failure.sh + # env: + # OS: ${{ matrix.os }} #opendistro: # needs: [ruby, chef] From 262f755cf81cf531d2c8808252e1b622738149b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 11:48:54 +0100 Subject: [PATCH 122/260] Update gh action --- .github/actions/entrypoint.sh | 19 +++---------------- .github/workflows/ci.yml | 28 ++++++++-------------------- 2 files changed, 11 insertions(+), 36 deletions(-) diff --git a/.github/actions/entrypoint.sh b/.github/actions/entrypoint.sh index 30a3f8c5..53a816bd 100644 --- a/.github/actions/entrypoint.sh +++ b/.github/actions/entrypoint.sh @@ -1,25 +1,12 @@ #! /usr/bin/env bash set -e -echo "Cookbook to test: " -echo $COOKBOOK_NAME +echo "Cookbook to test: ${COOKBOOK_NAME}" cd cookbooks/$COOKBOOK_NAME -echo "Installing dependencies" +echo "Installing dependencies..." bundle install -case $OS in - ubuntu-18.04) - OS_NAME=ubuntu-1804 - ;; - ubuntu-20.04) - OS_NAME=ubuntu-2004 - ;; - *) - OS_NAME=$OS - ;; -esac - echo "Test cookbook with kitchen... (create, converge, verify and destroy)" -kitchen test $COOKBOOK_NAME-$OS_NAME \ No newline at end of file +kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6043a974..c575195a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,27 +34,15 @@ jobs: uses: actionshub/chef-install@main with: version: latest - - name: Test-Kitchen - uses: actionshub/test-kitchen@main - with: - suite: ${{ matrix.suite }} - os: ${{ matrix.os }} + - name: Test elastic-stack cookbook + uses: ./.github/actions env: - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: ./cookbooks/elastic-stack/kitchen.yml - #- name: Test elastic-stack cookbook - # uses: ./.github/actions - # env: - # COOKBOOK_NAME: elastic-stack - # OS: ${{ matrix.os }} - #- name: Print out logs if fail - # if: ${{ failure() }} - # working-directory: ./.github/actions - # run: | - # chmod 755 failure.sh - # ./failure.sh - # env: - # OS: ${{ matrix.os }} + COOKBOOK_NAME: elastic-stack + OS: ${{ matrix.os }} + - name: Print out logs if fail + if: ${{ failure() }} + working-directory: ./cookbooks/elastic-stack + run: kitchen diagnose --all #opendistro: # needs: [ruby, chef] From c84063c15b82fc84c771133a3689371d4ac1d961 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 12:00:02 +0100 Subject: [PATCH 123/260] Update platform kithcen yml --- cookbooks/elastic-stack/kitchen.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/cookbooks/elastic-stack/kitchen.yml b/cookbooks/elastic-stack/kitchen.yml index 1b744dd3..d41af11d 100644 --- a/cookbooks/elastic-stack/kitchen.yml +++ b/cookbooks/elastic-stack/kitchen.yml @@ -55,9 +55,10 @@ platforms: - name: ubuntu-20.04 driver: image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update + #pid_one_command: /bin/systemd + #intermediate_instructions: + # - RUN /usr/bin/apt-get update + #run_command: /sbin/init - name: opensuse-leap-15 driver: From b89deb490d5c0d27d8a197ea287b1deff17fc833 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 12:11:35 +0100 Subject: [PATCH 124/260] Add fail test --- .github/actions/failure.sh | 15 +++------------ .github/workflows/ci.yml | 7 +++++-- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/.github/actions/failure.sh b/.github/actions/failure.sh index 8aa4dc42..b60e3cc5 100644 --- a/.github/actions/failure.sh +++ b/.github/actions/failure.sh @@ -1,18 +1,9 @@ #! /usr/bin/env bash set -e -case $OS in - ubuntu-18.04) - OS_NAME=ubuntu-1804 - ;; - ubuntu-20.04) - OS_NAME=ubuntu-2004 - ;; - *) - OS_NAME=$OS - ;; -esac +cd cookbooks/$COOKBOOK_NAME + +LOG_FILE=$COOKBOOK_NAME-$OS.log -LOG_FILE=elastic-stack-$OS_NAME.log echo "Print out logs" cat .kitchen/logs/$LOG_FILE \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c575195a..12f85145 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,8 +41,11 @@ jobs: OS: ${{ matrix.os }} - name: Print out logs if fail if: ${{ failure() }} - working-directory: ./cookbooks/elastic-stack - run: kitchen diagnose --all + working-directory: ./.github/actions + run: ./failure.sh + env: + COOKBOOK_NAME: elastic-stack + OS: ${{ matrix.os }} #opendistro: # needs: [ruby, chef] From 851579066feb8d985108dcc9c2203e4bc9b351ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 12:20:11 +0100 Subject: [PATCH 125/260] test --- .github/actions/Dockerfile | 2 +- .github/workflows/ci.yml | 4 +++- cookbooks/elastic-stack/Gemfile | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/actions/Dockerfile b/.github/actions/Dockerfile index af5f2c96..a4692a04 100644 --- a/.github/actions/Dockerfile +++ b/.github/actions/Dockerfile @@ -1,4 +1,4 @@ -FROM chef/chefworkstation:latest +FROM ubuntu:latest COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 12f85145..b0afc288 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,9 @@ jobs: - name: Print out logs if fail if: ${{ failure() }} working-directory: ./.github/actions - run: ./failure.sh + run: | + chmod 755 failure.sh + ./failure.sh env: COOKBOOK_NAME: elastic-stack OS: ${{ matrix.os }} diff --git a/cookbooks/elastic-stack/Gemfile b/cookbooks/elastic-stack/Gemfile index 702c66f9..b8ad60f0 100644 --- a/cookbooks/elastic-stack/Gemfile +++ b/cookbooks/elastic-stack/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org' -gem 'rubocop' +#gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' gem 'kitchen-dokken' \ No newline at end of file From 503c1085ed23811743810d065334db4ee90c3be0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 12:24:34 +0100 Subject: [PATCH 126/260] Remove chef gh action --- .github/actions/Dockerfile | 2 +- .github/workflows/ci.yml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/actions/Dockerfile b/.github/actions/Dockerfile index a4692a04..af5f2c96 100644 --- a/.github/actions/Dockerfile +++ b/.github/actions/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:latest +FROM chef/chefworkstation:latest COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b0afc288..260ffbc3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,10 +30,10 @@ jobs: uses: actions/setup-ruby@v1 with: ruby-version: '2.7' - - name: Install Chef - uses: actionshub/chef-install@main - with: - version: latest + #- name: Install Chef + # uses: actionshub/chef-install@main + # with: + # version: latest - name: Test elastic-stack cookbook uses: ./.github/actions env: From 1c06a4a2a7aa4b064bdfae252e17551e611cb756 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 12:32:07 +0100 Subject: [PATCH 127/260] run_command --- .github/actions/entrypoint.sh | 2 +- .github/workflows/ci.yml | 8 ++++---- cookbooks/elastic-stack/kitchen.yml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/actions/entrypoint.sh b/.github/actions/entrypoint.sh index 53a816bd..e25d0076 100644 --- a/.github/actions/entrypoint.sh +++ b/.github/actions/entrypoint.sh @@ -9,4 +9,4 @@ echo "Installing dependencies..." bundle install echo "Test cookbook with kitchen... (create, converge, verify and destroy)" -kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file +bundle exec kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 260ffbc3..e0abf52d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,10 +26,10 @@ jobs: steps: - name: Check out code uses: actions/checkout@v2 - - name: Setup Ruby - uses: actions/setup-ruby@v1 - with: - ruby-version: '2.7' + #- name: Setup Ruby + # uses: actions/setup-ruby@v1 + # with: + # ruby-version: '2.7' #- name: Install Chef # uses: actionshub/chef-install@main # with: diff --git a/cookbooks/elastic-stack/kitchen.yml b/cookbooks/elastic-stack/kitchen.yml index d41af11d..507b10fd 100644 --- a/cookbooks/elastic-stack/kitchen.yml +++ b/cookbooks/elastic-stack/kitchen.yml @@ -58,7 +58,7 @@ platforms: #pid_one_command: /bin/systemd #intermediate_instructions: # - RUN /usr/bin/apt-get update - #run_command: /sbin/init + run_command: /sbin/init - name: opensuse-leap-15 driver: From 298202f646c0f61cf7ee8c1871c9ead0011b21a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 12:35:18 +0100 Subject: [PATCH 128/260] add berksfile gem --- cookbooks/elastic-stack/Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cookbooks/elastic-stack/Gemfile b/cookbooks/elastic-stack/Gemfile index b8ad60f0..69bfe846 100644 --- a/cookbooks/elastic-stack/Gemfile +++ b/cookbooks/elastic-stack/Gemfile @@ -3,4 +3,5 @@ source 'https://rubygems.org' #gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' -gem 'kitchen-dokken' \ No newline at end of file +gem 'kitchen-dokken' +gem 'berkshelf' \ No newline at end of file From 9dc714532d8734085887418587301313f25048eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 16:39:02 +0100 Subject: [PATCH 129/260] Add fileebat tests --- .../integration/filebeat/filebeat_test.rb | 23 +++++++++++++++++++ .../integration/filebeat/repository_test.rb | 16 +++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb create mode 100644 cookbooks/filebeat/test/integration/filebeat/repository_test.rb diff --git a/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb b/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb new file mode 100644 index 00000000..21dc28ed --- /dev/null +++ b/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb @@ -0,0 +1,23 @@ +describe package('filebeat') do + it { should be_installed } +end + +describe file('/etc/filebeat/filebeat.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'root' } + its('mode') { should cmp '0640'} +end + +describe file('/etc/filebeat/wazuh-template.json') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'root' } + its('mode') { should cmp '0644'} +end + +describe directory('/usr/share/filebeat/module/wazuh') do + it { should exist } +end + +describe service('filebeat') do + it { should be_running } +end \ No newline at end of file diff --git a/cookbooks/filebeat/test/integration/filebeat/repository_test.rb b/cookbooks/filebeat/test/integration/filebeat/repository_test.rb new file mode 100644 index 00000000..b69ebd50 --- /dev/null +++ b/cookbooks/filebeat/test/integration/filebeat/repository_test.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +describe 'filebeat::repository' do + case os.family + when 'debian' + describe apt('https://artifacts.elastic.co/packages/7.x/apt') do + it { should exist } + it { should be_enabled } + end + when 'redhat', 'suse' + describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do + it { should exist } + it { should be_enabled } + end + end +end \ No newline at end of file From a38e949e5b1dc2f9e4fd3b1b7bec2398d1227522 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 17:00:22 +0100 Subject: [PATCH 130/260] Add filebeat-oss testt --- .../filebeat-oss/filebeat-oss_test.rb | 23 +++++++++++++++++++ .../filebeat-oss/respository_test.rb | 14 +++++++++++ 2 files changed, 37 insertions(+) create mode 100644 cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb create mode 100644 cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb diff --git a/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb b/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb new file mode 100644 index 00000000..2fd9857d --- /dev/null +++ b/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb @@ -0,0 +1,23 @@ +describe package('filebeat') do + it { should be_installed } +end + +describe file('/etc/filebeat/filebeat.yml') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'root' } + its('mode') { should cmp '0640'} +end + +describe file('/etc/filebeat/wazuh-template.json') do + its('owner') { should cmp 'root' } + its('group') { should cmp 'root' } + its('mode') { should cmp '0644'} +end + +describe directory('/usr/share/filebeat/module/wazuh') do + it { should exist } +end + +describe directory('/etc/filebeat/certs') do + it { should exist } +end \ No newline at end of file diff --git a/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb b/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb new file mode 100644 index 00000000..711003c5 --- /dev/null +++ b/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +describe 'filebeat::repository' do + case os.family + when 'debian' + describe apt('http://packages.wazuh.com/4.x/apt/') do + it { should exist } + end + when 'redhat', 'suse' + describe yum.repo('http://packages.wazuh.com/4.x/yum/') do + it { should exist } + end + end +end \ No newline at end of file From 3399a275a4956fe5a791085a774ee29995272166 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 17:46:04 +0100 Subject: [PATCH 131/260] Fix describe package --- .../test/integration/elastic-stack/elasticsearch_test.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb index 79f0c573..05e1b4a0 100644 --- a/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb +++ b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb @@ -1,5 +1,10 @@ # frozen_string_literal: true +describe package('elasticsearch') do + it { should be_installed } + it { should be_enabled } +end + describe file('/etc/elasticsearch/elasticsearch.yml') do its('owner') { should cmp 'root' } its('group') { should cmp 'elasticsearch' } From 308d607cc066bae63e01b193cbf747c3078b65d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 17:46:17 +0100 Subject: [PATCH 132/260] Add test opendistro --- .../{ => opendistro}/elasticsearch_test.rb | 12 ++++++------ .../test/integration/{ => opendistro}/kibana_test.rb | 0 .../{ => opendistro}/prerequisites_test.rb | 0 .../integration/{ => opendistro}/repository_test.rb | 0 4 files changed, 6 insertions(+), 6 deletions(-) rename cookbooks/opendistro/test/integration/{ => opendistro}/elasticsearch_test.rb (90%) rename cookbooks/opendistro/test/integration/{ => opendistro}/kibana_test.rb (100%) rename cookbooks/opendistro/test/integration/{ => opendistro}/prerequisites_test.rb (100%) rename cookbooks/opendistro/test/integration/{ => opendistro}/repository_test.rb (100%) diff --git a/cookbooks/opendistro/test/integration/elasticsearch_test.rb b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb similarity index 90% rename from cookbooks/opendistro/test/integration/elasticsearch_test.rb rename to cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb index df6f27fe..c10dc7b8 100644 --- a/cookbooks/opendistro/test/integration/elasticsearch_test.rb +++ b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb @@ -1,11 +1,13 @@ # frozen_string_literal: true -describe packages(/elasticsearch-oss/) do - its('statuses') { should cmp 'installed' } +describe package('elasticsearch-oss') do + it { should be_installed } + it { should be_enabled } end -describe packages(/opendistroforelasticsearch/) do - its('statuses') { should cmp 'installed' } +describe package('opendistroforelasticsearch') do + it { should be_installed } + it { should be_enabled } end describe elasticsearch do @@ -58,8 +60,6 @@ end describe service('elasticsearch') do - it { should be_installed } - it { should be_enabled } it { should be_running } end diff --git a/cookbooks/opendistro/test/integration/kibana_test.rb b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb similarity index 100% rename from cookbooks/opendistro/test/integration/kibana_test.rb rename to cookbooks/opendistro/test/integration/opendistro/kibana_test.rb diff --git a/cookbooks/opendistro/test/integration/prerequisites_test.rb b/cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb similarity index 100% rename from cookbooks/opendistro/test/integration/prerequisites_test.rb rename to cookbooks/opendistro/test/integration/opendistro/prerequisites_test.rb diff --git a/cookbooks/opendistro/test/integration/repository_test.rb b/cookbooks/opendistro/test/integration/opendistro/repository_test.rb similarity index 100% rename from cookbooks/opendistro/test/integration/repository_test.rb rename to cookbooks/opendistro/test/integration/opendistro/repository_test.rb From 6519bedc08adb254ba1db0f70d0795147cf8c290 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 17:46:50 +0100 Subject: [PATCH 133/260] Fix package resource --- cookbooks/opendistro/recipes/prerequisites.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/opendistro/recipes/prerequisites.rb b/cookbooks/opendistro/recipes/prerequisites.rb index 5e0409ef..d874f1f7 100644 --- a/cookbooks/opendistro/recipes/prerequisites.rb +++ b/cookbooks/opendistro/recipes/prerequisites.rb @@ -4,7 +4,7 @@ # Recipe:: prerequisites # Author:: Wazuh -package '%w(curl unzip wget)' do +package %w(curl unzip wget) do action :install end From 384f3886fa4fc8d2e6c7616c0567acf29c4f8fcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 17:47:12 +0100 Subject: [PATCH 134/260] Add insert_line_limits.conf --- cookbooks/opendistro/recipes/elasticsearch.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cookbooks/opendistro/recipes/elasticsearch.rb b/cookbooks/opendistro/recipes/elasticsearch.rb index ad569b91..930d7786 100644 --- a/cookbooks/opendistro/recipes/elasticsearch.rb +++ b/cookbooks/opendistro/recipes/elasticsearch.rb @@ -66,6 +66,14 @@ variables({ memmory: node['jvm']['memory'] }) end +bash 'insert_line_limits.conf' do + code <<-EOH + echo "elasticsearch - nofile 65535" >> /etc/security/limits.conf + echo "elasticsearch - memlock unlimited" >> /etc/security/limits.conf + EOH + not_if 'grep -q elasticsearch /etc/security/limits.conf' +end + # Add extra roles and users to Wazuh Kibana plugin remote_file "#{node['elastic']['plugins_path']}/opendistro_security/securityconfig/roles.yml" do From ec30015d363d5a9e8ce2b2156fc538959bb8d7d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 17 Dec 2020 17:47:38 +0100 Subject: [PATCH 135/260] Change kibana folder owner method --- cookbooks/opendistro/recipes/kibana.rb | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/cookbooks/opendistro/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb index 9b99d9d1..8432a14c 100644 --- a/cookbooks/opendistro/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -43,18 +43,14 @@ mode 0o755 end -# Change Kibana folders owner +# Update the optimize and plugins directories permissions -directory (node['kibana']['optimize_path']).to_s do - owner 'kibana' - group 'kibana' - recursive true +execute "Change #{node['kibana']['package_path']}/optimize owner" do + command "sudo chown -R kibana:kibana #{node['kibana']['package_path']}/optimize" end -directory (node['kibana']['plugins_path']).to_s do - owner 'kibana' - group 'kibana' - recursive true +execute "Change #{node['kibana']['package_path']}/plugins owner" do + command "sudo chown -R kibana:kibana #{node['kibana']['package_path']}/plugins" end # Install the Wazuh Kibana plugin From cd29d7c2004688a3ff4023e1b3f814e72ca49da5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 13:01:58 +0100 Subject: [PATCH 136/260] Add inspec test wazuh-manager --- .../integration/wazuh-manager/common_test.rb | 121 ++++++++++++++++++ .../integration/wazuh-manager/manager_test.rb | 22 ++++ .../wazuh-manager/prerequisites_test.rb | 18 +++ .../wazuh-manager/repository_test.rb | 0 4 files changed, 161 insertions(+) create mode 100644 cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb create mode 100644 cookbooks/wazuh_manager/test/integration/wazuh-manager/manager_test.rb create mode 100644 cookbooks/wazuh_manager/test/integration/wazuh-manager/prerequisites_test.rb create mode 100644 cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb new file mode 100644 index 00000000..71a5da1c --- /dev/null +++ b/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb @@ -0,0 +1,121 @@ +# Check ossec users +describe user('ossec') do + it { should exist } +end + +describe user('ossecm') do + it { should exist } +end + +describe user('ossecr') do + it { should exist } +end + +# Check processes + +describe command('ps -ef | grep ossec-moduless') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-monitord') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-logcollector') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-remoted') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-syscheckd') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-analysisd') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-execd') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep wazuh-db') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-authd') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-apid') do + its('exit_status') { should eq 0 } +end + +# Check OSSEC dir + +describe file('/var/ossec') do + it { should be_directory } + its('mode') { should cmp '0750' } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } +end + +describe file('/var/ossec/etc') do + it { should be_directory } + its('mode') { should cmp '0770' } + its('owner') { should cmp 'ossec' } + its('group') { should cmp 'ossec' } +end + +describe file('/etc/ossec-init.conf') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0640' } +end + +describe file('/var/ossec/etc/ossec.conf') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0440' } +end + +describe file('/var/ossec/etc/shared/default/agent.conf') do + it { should exist } + its('owner') { should cmp 'ossec' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0660' } +end + +describe file('/var/ossec/etc/local_internal_options.conf') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0640' } +end + +describe file('/var/ossec/etc/rules/local_rules.xml') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0640' } +end + +describe file('/var/ossec/etc/decoders/local_decoder.xml') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0640' } +end + +describe file('/var/ossec/api/configuration/api.yaml') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0660' } +end + + diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/manager_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh-manager/manager_test.rb new file mode 100644 index 00000000..4a0c1322 --- /dev/null +++ b/cookbooks/wazuh_manager/test/integration/wazuh-manager/manager_test.rb @@ -0,0 +1,22 @@ +describe package('wazuh-manager') do + it { should be_installed } +end + +describe service('wazuh-manager') do + it { should be_running } +end + +describe port(55000) do + it { should be_listening } + its('processes') {should include 'python3'} +end + +describe port(1515) do + it { should be_listening } + its('processes') {should include 'ossec-authd'} +end + +describe port(1514) do + it { should be_listening } + its('processes') {should include 'ossec-remoted'} +end diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/prerequisites_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh-manager/prerequisites_test.rb new file mode 100644 index 00000000..508f317a --- /dev/null +++ b/cookbooks/wazuh_manager/test/integration/wazuh-manager/prerequisites_test.rb @@ -0,0 +1,18 @@ +describe package('curl') do + it { should be_installed } +end + +case os.family +when 'debian' + describe package('apt-transport-https') do + it { should be_installed } + end + + describe package('lsb-release') do + it { should be_installed } + end + + describe package('gnupg2') do + it { should be_installed } + end +end diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb new file mode 100644 index 00000000..e69de29b From 1e6b60ad595e12bb0f2d3c3ce5b98030bd98a138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 13:02:55 +0100 Subject: [PATCH 137/260] Fix repository_test.rb --- .../wazuh-manager/repository_test.rb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb index e69de29b..36f759a5 100644 --- a/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb +++ b/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb @@ -0,0 +1,17 @@ +case os.family +when 'debian' + describe apt('https://packages.wazuh.com/4.x/apt/') do + it { should exist } + it { should be_enabled } + end +when 'redhat' + describe yum.repo('https://packages.wazuh.com/4.x/yum/') do + it { should exist } + it { should be_enabled } + end +when 'suse' + describe yum.repo('https://packages.wazuh.com/4.x/yum/') do + it { should exist } + it { should be_enabled } + end +end \ No newline at end of file From bd06ed23b3f3aca0f16c8676e78204b02b6d4891 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 13:03:26 +0100 Subject: [PATCH 138/260] Update base url repositories --- cookbooks/wazuh_manager/recipes/repository.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cookbooks/wazuh_manager/recipes/repository.rb b/cookbooks/wazuh_manager/recipes/repository.rb index 670471d0..9b4ddc49 100644 --- a/cookbooks/wazuh_manager/recipes/repository.rb +++ b/cookbooks/wazuh_manager/recipes/repository.rb @@ -13,7 +13,7 @@ apt_repository 'wazuh' do key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - uri "http://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" + uri "https://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" components ['main'] distribution 'stable' action :add @@ -26,7 +26,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" action :create end when 'opensuseleap', 'suse' @@ -35,7 +35,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" action :create end else From 86ed3ed7bb0ead8a41b9d51bdfde1393d941a9ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 13:03:59 +0100 Subject: [PATCH 139/260] Add mode resource --- cookbooks/wazuh_manager/recipes/manager.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/wazuh_manager/recipes/manager.rb b/cookbooks/wazuh_manager/recipes/manager.rb index 58f89e37..d18527fe 100644 --- a/cookbooks/wazuh_manager/recipes/manager.rb +++ b/cookbooks/wazuh_manager/recipes/manager.rb @@ -56,7 +56,7 @@ source 'var/ossec/etc/manager_local_internal_options.conf' owner 'root' group 'ossec' - action :create + mode '0640' end template "#{node['ossec']['dir']}/etc/rules/local_rules.xml" do From 8992ceb29708b919e22d7108607ed3b85ea29e6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 13:05:03 +0100 Subject: [PATCH 140/260] Remove old files and relocate others --- cookbooks/elastic-stack/.gitignore | 5 - cookbooks/elastic-stack/kitchen.yml | 8 +- cookbooks/filebeat-oss/.gitignore | 22 -- cookbooks/filebeat-oss/Berksfile | 3 - cookbooks/filebeat-oss/kitchen.yml | 5 +- cookbooks/filebeat-oss/spec/spec_helper.rb | 2 - .../spec/unit/recipes/default_spec.rb | 41 ---- cookbooks/filebeat/.gitignore | 16 -- cookbooks/filebeat/kitchen.yml | 5 +- cookbooks/opendistro/.gitignore | 5 - cookbooks/opendistro/Berksfile | 6 - cookbooks/opendistro/Gemfile | 6 - cookbooks/opendistro/chefignore | 115 ---------- cookbooks/opendistro/config/rake.rb | 37 ---- cookbooks/opendistro/kitchen.yml | 5 +- cookbooks/opendistro/metadata.rb | 2 - cookbooks/opendistro/recipes/kibana.rb | 27 ++- cookbooks/wazuh_manager/.gitignore | 16 -- cookbooks/wazuh_manager/.rspec | 2 - cookbooks/wazuh_manager/.rubocop.yml | 36 ---- cookbooks/wazuh_manager/Berksfile | 3 - cookbooks/wazuh_manager/CONTRIBUTING.md | 1 - cookbooks/wazuh_manager/Gemfile | 6 - cookbooks/wazuh_manager/LICENSE | 201 ------------------ cookbooks/wazuh_manager/Rakefile | 11 - cookbooks/wazuh_manager/TESTING.md | 1 - cookbooks/wazuh_manager/chefignore | 102 --------- cookbooks/wazuh_manager/kitchen.yml | 3 + cookbooks/wazuh_manager/spec/spec_helper.rb | 20 -- .../spec/unit/recipes/backups_spec.rb | 39 ---- .../spec/unit/recipes/common_spec.rb | 41 ---- .../spec/unit/recipes/manager_spec.rb | 60 ------ .../spec/unit/recipes/wazuhapi_spec.rb | 70 ------ .../test/data_bags/wazuh_secrets/api.json | 15 -- .../wazuh_secrets/logstash_certificate.json | 15 -- .../data_bags/wazuh_secrets/test_data_bag_key | 1 - .../test/environments/development-client.json | 35 --- .../test/environments/development-master.json | 35 --- .../test/environments/development.json | 21 -- .../test/environments/production.json | 20 -- .../serverspec/agent_spec.rb | 3 - .../agent-production/serverspec/agent_spec.rb | 3 - .../default/encrypted_data_bag_secret | 11 - .../default/serverspec/default_spec.rb | 9 - .../elk-development/serverspec/elk_spec.rb | 83 -------- .../helpers/serverspec/common_agent_tests.rb | 33 --- .../serverspec/common_manager_tests.rb | 65 ------ .../helpers/serverspec/common_ossec_tests.rb | 24 --- .../helpers/serverspec/spec_helper.rb | 8 - .../serverspec/manager_spec.rb | 3 - .../serverspec/manager_spec.rb | 3 - 51 files changed, 35 insertions(+), 1274 deletions(-) delete mode 100644 cookbooks/elastic-stack/.gitignore delete mode 100644 cookbooks/filebeat-oss/.gitignore delete mode 100644 cookbooks/filebeat-oss/Berksfile delete mode 100644 cookbooks/filebeat-oss/spec/spec_helper.rb delete mode 100644 cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb delete mode 100644 cookbooks/filebeat/.gitignore delete mode 100644 cookbooks/opendistro/.gitignore delete mode 100644 cookbooks/opendistro/Berksfile delete mode 100644 cookbooks/opendistro/Gemfile delete mode 100644 cookbooks/opendistro/chefignore delete mode 100644 cookbooks/opendistro/config/rake.rb delete mode 100644 cookbooks/wazuh_manager/.gitignore delete mode 100644 cookbooks/wazuh_manager/.rspec delete mode 100644 cookbooks/wazuh_manager/.rubocop.yml delete mode 100644 cookbooks/wazuh_manager/Berksfile delete mode 100644 cookbooks/wazuh_manager/CONTRIBUTING.md delete mode 100644 cookbooks/wazuh_manager/Gemfile delete mode 100644 cookbooks/wazuh_manager/LICENSE delete mode 100644 cookbooks/wazuh_manager/Rakefile delete mode 100644 cookbooks/wazuh_manager/TESTING.md delete mode 100644 cookbooks/wazuh_manager/chefignore delete mode 100644 cookbooks/wazuh_manager/spec/spec_helper.rb delete mode 100644 cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb delete mode 100644 cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb delete mode 100644 cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb delete mode 100644 cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb delete mode 100644 cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key delete mode 100644 cookbooks/wazuh_manager/test/environments/development-client.json delete mode 100644 cookbooks/wazuh_manager/test/environments/development-master.json delete mode 100644 cookbooks/wazuh_manager/test/environments/development.json delete mode 100644 cookbooks/wazuh_manager/test/environments/production.json delete mode 100644 cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret delete mode 100644 cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb delete mode 100644 cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb diff --git a/cookbooks/elastic-stack/.gitignore b/cookbooks/elastic-stack/.gitignore deleted file mode 100644 index 29e7f280..00000000 --- a/cookbooks/elastic-stack/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -.kitchen -Berksfile.lock -Gemfile.lock -.kitchen.docker_totvs.yml -.DS_Store diff --git a/cookbooks/elastic-stack/kitchen.yml b/cookbooks/elastic-stack/kitchen.yml index 507b10fd..c7f7a0b9 100644 --- a/cookbooks/elastic-stack/kitchen.yml +++ b/cookbooks/elastic-stack/kitchen.yml @@ -55,10 +55,10 @@ platforms: - name: ubuntu-20.04 driver: image: dokken/ubuntu-20.04 - #pid_one_command: /bin/systemd - #intermediate_instructions: - # - RUN /usr/bin/apt-get update - run_command: /sbin/init + privileged: true + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update - name: opensuse-leap-15 driver: diff --git a/cookbooks/filebeat-oss/.gitignore b/cookbooks/filebeat-oss/.gitignore deleted file mode 100644 index 52305e62..00000000 --- a/cookbooks/filebeat-oss/.gitignore +++ /dev/null @@ -1,22 +0,0 @@ -.vagrant -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ - -# Bundler -Gemfile.lock -gems.locked -bin/* -.bundle/* - -# test kitchen -.kitchen/ -kitchen.local.yml - -# Chef Infra -Berksfile.lock -.zero-knife.rb -Policyfile.lock.json diff --git a/cookbooks/filebeat-oss/Berksfile b/cookbooks/filebeat-oss/Berksfile deleted file mode 100644 index 34fea216..00000000 --- a/cookbooks/filebeat-oss/Berksfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://supermarket.chef.io' - -metadata diff --git a/cookbooks/filebeat-oss/kitchen.yml b/cookbooks/filebeat-oss/kitchen.yml index 50121cd2..1fbb9fa3 100644 --- a/cookbooks/filebeat-oss/kitchen.yml +++ b/cookbooks/filebeat-oss/kitchen.yml @@ -12,6 +12,9 @@ transport: provisioner: name: dokken +verifier: + name: inspec + platforms: - name: amazonlinux-2 driver: @@ -71,4 +74,4 @@ suites: cpus: 1 verifier: inspec_tests: - - path: test/integration \ No newline at end of file + - path: test/integration/filebeat-oss \ No newline at end of file diff --git a/cookbooks/filebeat-oss/spec/spec_helper.rb b/cookbooks/filebeat-oss/spec/spec_helper.rb deleted file mode 100644 index 1dd5126b..00000000 --- a/cookbooks/filebeat-oss/spec/spec_helper.rb +++ /dev/null @@ -1,2 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' diff --git a/cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb b/cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb deleted file mode 100644 index cd23bd14..00000000 --- a/cookbooks/filebeat-oss/spec/unit/recipes/default_spec.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -# Cookbook:: filebeat-oss -# Spec:: default -# -# Copyright:: 2020, The Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -require 'spec_helper' - -describe 'filebeat-oss::default' do - context 'When all attributes are default, on Ubuntu 20.04' do - # for a complete list of available platforms and versions see: - # https://github.com/chefspec/fauxhai/blob/master/PLATFORMS.md - platform 'ubuntu', '20.04' - - it 'converges successfully' do - expect { chef_run }.to_not raise_error - end - end - - context 'When all attributes are default, on CentOS 8' do - # for a complete list of available platforms and versions see: - # https://github.com/chefspec/fauxhai/blob/master/PLATFORMS.md - platform 'centos', '8' - - it 'converges successfully' do - expect { chef_run }.to_not raise_error - end - end -end diff --git a/cookbooks/filebeat/.gitignore b/cookbooks/filebeat/.gitignore deleted file mode 100644 index ec2a890b..00000000 --- a/cookbooks/filebeat/.gitignore +++ /dev/null @@ -1,16 +0,0 @@ -.vagrant -Berksfile.lock -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ - -# Bundler -Gemfile.lock -bin/* -.bundle/* - -.kitchen/ -.kitchen.local.yml diff --git a/cookbooks/filebeat/kitchen.yml b/cookbooks/filebeat/kitchen.yml index 487879d0..eeccf1b1 100644 --- a/cookbooks/filebeat/kitchen.yml +++ b/cookbooks/filebeat/kitchen.yml @@ -12,6 +12,9 @@ transport: provisioner: name: dokken +verifier: + name: inspec + platforms: - name: amazonlinux-2 driver: @@ -71,4 +74,4 @@ suites: cpus: 1 verifier: inspec_tests: - - path: test/integration \ No newline at end of file + - path: test/integration/filebeat \ No newline at end of file diff --git a/cookbooks/opendistro/.gitignore b/cookbooks/opendistro/.gitignore deleted file mode 100644 index 29e7f280..00000000 --- a/cookbooks/opendistro/.gitignore +++ /dev/null @@ -1,5 +0,0 @@ -.kitchen -Berksfile.lock -Gemfile.lock -.kitchen.docker_totvs.yml -.DS_Store diff --git a/cookbooks/opendistro/Berksfile b/cookbooks/opendistro/Berksfile deleted file mode 100644 index f6fcc866..00000000 --- a/cookbooks/opendistro/Berksfile +++ /dev/null @@ -1,6 +0,0 @@ -# frozen_string_literal: true - -# -*- ruby -*- -source 'https://supermarket.chef.io' - -metadata diff --git a/cookbooks/opendistro/Gemfile b/cookbooks/opendistro/Gemfile deleted file mode 100644 index 702c66f9..00000000 --- a/cookbooks/opendistro/Gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source 'https://rubygems.org' - -gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/opendistro/chefignore b/cookbooks/opendistro/chefignore deleted file mode 100644 index 6a4264c0..00000000 --- a/cookbooks/opendistro/chefignore +++ /dev/null @@ -1,115 +0,0 @@ -# Put files/directories that should be ignored in this file when uploading -# to a Chef Infra Server or Supermarket. -# Lines that start with '# ' are comments. - -# OS generated files # -###################### -.DS_Store -ehthumbs.db -Icon? -nohup.out -Thumbs.db -.envrc - -# EDITORS # -########### -.#* -.project -.settings -*_flymake -*_flymake.* -*.bak -*.sw[a-z] -*.tmproj -*~ -\#* -REVISION -TAGS* -tmtags -.vscode -.editorconfig - -## COMPILED ## -############## -*.class -*.com -*.dll -*.exe -*.o -*.pyc -*.so -*/rdoc/ -a.out -mkmf.log - -# Testing # -########### -.circleci/* -.codeclimate.yml -.delivery/* -.foodcritic -.kitchen* -.mdlrc -.overcommit.yml -.rspec -.rubocop.yml -.travis.yml -.watchr -.yamllint -azure-pipelines.yml -Dangerfile -examples/* -features/* -Guardfile -kitchen.yml* -mlc_config.json -Procfile -Rakefile -spec/* -test/* - -# SCM # -####### -.git -.gitattributes -.gitconfig -.github/* -.gitignore -.gitkeep -.gitmodules -.svn -*/.bzr/* -*/.git -*/.hg/* -*/.svn/* - -# Berkshelf # -############# -Berksfile -Berksfile.lock -cookbooks/* -tmp - -# Bundler # -########### -vendor/* -Gemfile -Gemfile.lock - -# Policyfile # -############## -Policyfile.rb -Policyfile.lock.json - -# Documentation # -############# -CODE_OF_CONDUCT* -CONTRIBUTING* -documentation/* -TESTING* -UPGRADING* - -# Vagrant # -########### -.vagrant -Vagrantfile \ No newline at end of file diff --git a/cookbooks/opendistro/config/rake.rb b/cookbooks/opendistro/config/rake.rb deleted file mode 100644 index acfa0927..00000000 --- a/cookbooks/opendistro/config/rake.rb +++ /dev/null @@ -1,37 +0,0 @@ -# frozen_string_literal: true - -# Configure the Rakefile's tasks. - -### -# Company and SSL Details -# Used with the ssl_cert task. -### - -# The company name - used for SSL certificates, and in srvious other places -COMPANY_NAME = 'Wazuh' - -# The Country Name to use for SSL Certificates -SSL_COUNTRY_NAME = 'US' - -# The State Name to use for SSL Certificates -SSL_STATE_NAME = 'VA' - -# The Locality Name for SSL - typically, the city -SSL_LOCALITY_NAME = 'Leesburg' - -# What department? -SSL_ORGANIZATIONAL_UNIT_NAME = 'Operations' - -# The SSL contact email address -SSL_EMAIL_ADDRESS = 'info@wazuh.com' - -# License for new Cookbooks -# Can be :apachev2 or :none -NEW_COOKBOOK_LICENSE = :all_rights - -## Useful Extras (which you probably don't need to change) -# The top of the repository checkout -TOPDIR = File.expand_path(File.join(File.dirname(__FILE__), '..')) - -# Where to store certificates generated with ssl_cert -CADIR = File.expand_path(File.join(TOPDIR, 'certificates')) diff --git a/cookbooks/opendistro/kitchen.yml b/cookbooks/opendistro/kitchen.yml index 693d4ca8..28cb8e6d 100644 --- a/cookbooks/opendistro/kitchen.yml +++ b/cookbooks/opendistro/kitchen.yml @@ -12,6 +12,9 @@ transport: provisioner: name: dokken +verifier: + name: inspec + platforms: - name: amazonlinux-2 driver: @@ -71,4 +74,4 @@ suites: cpus: 2 verifier: inspec_tests: - - path: test/integration \ No newline at end of file + - path: test/integration/opendistro \ No newline at end of file diff --git a/cookbooks/opendistro/metadata.rb b/cookbooks/opendistro/metadata.rb index 2d710cde..ceb3c1f5 100644 --- a/cookbooks/opendistro/metadata.rb +++ b/cookbooks/opendistro/metadata.rb @@ -19,7 +19,5 @@ supports 'suse', '>= 12.0' supports 'opensuse', '>= 42.0' -depends 'wazuh_manager' - issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) diff --git a/cookbooks/opendistro/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb index 8432a14c..9305ad13 100644 --- a/cookbooks/opendistro/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -59,6 +59,22 @@ command "sudo -u kibana #{node['kibana']['package_path']}/bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip" end +# Create Wazuh-Kibana plugin configuration file + +template "#{node['kibana']['optimize_path']}/wazuh/config/wazuh.yml" do + source 'wazuh.yml.erb' + owner 'kibana' + group 'kibana' + mode '0600' + action :create + variables({ + api_credentials: node['kibana']['wazuh_api_credentials'] + }) + only_if { + Dir.exist?("#{node['kibana']['optimize_path']}/wazuh/config") + } +end + # Certificates placement directory (node['kibana']['certs_path']).to_s do @@ -104,18 +120,7 @@ end end -# Create Wazuh-Kibana plugin configuration file -template "#{node['kibana']['optimize_path']}/wazuh/config/wazuh.yml" do - source 'wazuh.yml.erb' - owner 'kibana' - group 'kibana' - mode '0600' - action :create - variables({ - api_credentials: node['kibana']['wazuh_api_credentials'] - }) -end # Restart Kibana service diff --git a/cookbooks/wazuh_manager/.gitignore b/cookbooks/wazuh_manager/.gitignore deleted file mode 100644 index 8a6736d2..00000000 --- a/cookbooks/wazuh_manager/.gitignore +++ /dev/null @@ -1,16 +0,0 @@ -.vagrant -Berksfile.lock -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ - -# Bundler -Gemfile.lock -bin/* -.bundle/* - -.kitchen/* -.kitchen.local.yml diff --git a/cookbooks/wazuh_manager/.rspec b/cookbooks/wazuh_manager/.rspec deleted file mode 100644 index 83e16f80..00000000 --- a/cookbooks/wazuh_manager/.rspec +++ /dev/null @@ -1,2 +0,0 @@ ---color ---require spec_helper diff --git a/cookbooks/wazuh_manager/.rubocop.yml b/cookbooks/wazuh_manager/.rubocop.yml deleted file mode 100644 index e04a2d30..00000000 --- a/cookbooks/wazuh_manager/.rubocop.yml +++ /dev/null @@ -1,36 +0,0 @@ -AllCops: - Exclude: - - vendor/**/* - - /**/files/**/* - - test/**/* - - Guardfile - - lib/**/* - - config/**/* - -#Style/WordArray: -# MinSize: 2 -# Don't force hash style -Style/HashSyntax: - Enabled: false - -## Disabled Checks -Encoding: - Enabled: false -Style/SpaceBeforeFirtArg: - Enabled: false -NumericLiterals: - Enabled: false -LineLength: - Enabled: false -Style/RescueModifier: - Enabled: false -Style/PercentLiteralDelimiters: - Enabled: false -Style/BracesAroundHashParameters: - Enabled: false -Style/IndentHash: - Enabled: false -Style/SignalException: - Enabled: false -Style/WordArray: - Enabled: false diff --git a/cookbooks/wazuh_manager/Berksfile b/cookbooks/wazuh_manager/Berksfile deleted file mode 100644 index e66aa216..00000000 --- a/cookbooks/wazuh_manager/Berksfile +++ /dev/null @@ -1,3 +0,0 @@ -source 'https://supermarket.chef.io' - -metadata \ No newline at end of file diff --git a/cookbooks/wazuh_manager/CONTRIBUTING.md b/cookbooks/wazuh_manager/CONTRIBUTING.md deleted file mode 100644 index b99c1ce8..00000000 --- a/cookbooks/wazuh_manager/CONTRIBUTING.md +++ /dev/null @@ -1 +0,0 @@ -Please refer to https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/wazuh_manager/Gemfile b/cookbooks/wazuh_manager/Gemfile deleted file mode 100644 index 702c66f9..00000000 --- a/cookbooks/wazuh_manager/Gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source 'https://rubygems.org' - -gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/wazuh_manager/LICENSE b/cookbooks/wazuh_manager/LICENSE deleted file mode 100644 index 11069edd..00000000 --- a/cookbooks/wazuh_manager/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/cookbooks/wazuh_manager/Rakefile b/cookbooks/wazuh_manager/Rakefile deleted file mode 100644 index 5ed9f32b..00000000 --- a/cookbooks/wazuh_manager/Rakefile +++ /dev/null @@ -1,11 +0,0 @@ -require 'rspec/core/rake_task' -require 'rubocop/rake_task' - -# Rspec and ChefSpec -desc 'Run ChefSpec unit tests' -RSpec::Core::RakeTask.new(:spec) do |t, _args| - t.rspec_opts = 'spec/unit' -end - -# Rubocop -RuboCop::RakeTask.new diff --git a/cookbooks/wazuh_manager/TESTING.md b/cookbooks/wazuh_manager/TESTING.md deleted file mode 100644 index 66d780fd..00000000 --- a/cookbooks/wazuh_manager/TESTING.md +++ /dev/null @@ -1 +0,0 @@ -Please refer to https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD diff --git a/cookbooks/wazuh_manager/chefignore b/cookbooks/wazuh_manager/chefignore deleted file mode 100644 index a9769175..00000000 --- a/cookbooks/wazuh_manager/chefignore +++ /dev/null @@ -1,102 +0,0 @@ -# Put files/directories that should be ignored in this file when uploading -# to a chef-server or supermarket. -# Lines that start with '# ' are comments. - -# OS generated files # -###################### -.DS_Store -Icon? -nohup.out -ehthumbs.db -Thumbs.db - -# SASS # -######## -.sass-cache - -# EDITORS # -########### -\#* -.#* -*~ -*.sw[a-z] -*.bak -REVISION -TAGS* -tmtags -*_flymake.* -*_flymake -*.tmproj -.project -.settings -mkmf.log - -## COMPILED ## -############## -a.out -*.o -*.pyc -*.so -*.com -*.class -*.dll -*.exe -*/rdoc/ - -# Testing # -########### -.watchr -.rspec -spec/* -spec/fixtures/* -test/* -features/* -examples/* -Guardfile -Procfile -.kitchen* -.rubocop.yml -spec/* -Rakefile -.travis.yml -.foodcritic -.codeclimate.yml - -# SCM # -####### -.git -*/.git -.gitignore -.gitmodules -.gitconfig -.gitattributes -.svn -*/.bzr/* -*/.hg/* -*/.svn/* - -# Berkshelf # -############# -Berksfile -Berksfile.lock -cookbooks/* -tmp - -# Cookbooks # -############# -CONTRIBUTING* -CHANGELOG* -TESTING* -MAINTAINERS.toml - -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer - -# Vagrant # -########### -.vagrant -Vagrantfile diff --git a/cookbooks/wazuh_manager/kitchen.yml b/cookbooks/wazuh_manager/kitchen.yml index 70ece152..abdf97c3 100644 --- a/cookbooks/wazuh_manager/kitchen.yml +++ b/cookbooks/wazuh_manager/kitchen.yml @@ -12,6 +12,9 @@ transport: provisioner: name: dokken +verifier: + name: inspec + platforms: - name: amazonlinux-2 driver: diff --git a/cookbooks/wazuh_manager/spec/spec_helper.rb b/cookbooks/wazuh_manager/spec/spec_helper.rb deleted file mode 100644 index c86adfd5..00000000 --- a/cookbooks/wazuh_manager/spec/spec_helper.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' - -RSpec.configure do |config| - # Use color in STDOUT - config.color = true - - # Use color not only in STDOUT but also in pagers and files - config.tty = true - - # Use the specified formatter - config.formatter = :documentation # :progress, :html, :textmate - - config.log_level = :error - - config.platform = 'ubuntu' - config.version = '14.04' -end - -at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb deleted file mode 100644 index b26c1e57..00000000 --- a/cookbooks/wazuh_manager/spec/unit/recipes/backups_spec.rb +++ /dev/null @@ -1,39 +0,0 @@ -# -# Cookbook Name:: wazuh -# Spec:: backups -# - -require 'spec_helper' - -describe 'wazuh::backups' do - context 'When all attributes are default' do - before do - Chef::Config[:encrypted_data_bag_secret] = 'test/data_bags/wazuh_secrets/test_data_bag_key' - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return( - '{"htpasswd_user": "ossec","htpasswd_passcode": "ossec"}' - ) - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'backups', 'gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g=').and_return( - 'development' => { 'access_key_id' => 'foo', 'secret_access_key' => 'bar', 'encryption_password' => 'zoom' } - ) - end - cached(:chef_run) do - runner = ChefSpec::ServerRunner.new do |node, server| - server.create_environment('development', { - 'name' => 'kitchen-env', 'description' => 'Spec Production Text Env' - }) - node.chef_environment = 'development' - end - runner.converge(described_recipe) - end - - it 'includes the backup::default' do - expect(chef_run).to include_recipe 'backup::default' - end - - it 'to install gem_package fog' do - expect(chef_run).to install_gem_package('fog').with( - version: '~> 1.4.0' - ) - end - end -end diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb deleted file mode 100644 index 95474b3f..00000000 --- a/cookbooks/wazuh_manager/spec/unit/recipes/common_spec.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -# Cookbook Name:: wazuh -# Spec:: common -# - -require 'spec_helper' -describe 'wazuh::common' do - context 'When all attributes are default, on an unspecified platform' do - cached(:chef_run) do - runner = ChefSpec::ServerRunner.new - runner.converge(described_recipe) - end - - it 'includes the wazuh::common recipe' do - expect(chef_run).to include_recipe 'wazuh::common' - end - - it 'creates a file /var/ossec/etc/ossec.conf' do - expect(chef_run).to create_file('/var/ossec/etc/ossec.conf').with( - user: 'root', - group: 'ossec' - ) - end - - it 'creates a file /var/ossec/etc/shared/agent.conf' do - expect(chef_run).to create_file('/var/ossec/etc/shared/agent.conf').with( - user: 'root', - group: 'ossec' - ) - end - - it 'installs a chef_gem gyoku' do - expect(chef_run).to install_chef_gem('gyoku') - expect(chef_run).to_not install_chef_gem('non_gyoku') - end - - it 'runs a ruby_block when specifying the identity attribute' do - expect(chef_run).to run_ruby_block('ossec install_type') - end - end -end diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb deleted file mode 100644 index fe01cd74..00000000 --- a/cookbooks/wazuh_manager/spec/unit/recipes/manager_spec.rb +++ /dev/null @@ -1,60 +0,0 @@ -# -# Cookbook Name:: wazuh -# Spec:: manager -# - -require 'spec_helper' - -describe 'wazuh::manager' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - stub_command("openssl x509 -checkend 864000 -in /var/ossec/api/ssl/server.crt").and_return(false) - end - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return( - '{"htpasswd_user": "ossec","htpasswd_passcode": "ossec"}' - ) - end - - it 'includes the wazuh::manager recipe' do - expect(chef_run).to include_recipe 'wazuh::manager' - end - - it 'creates a remote_file /tmp/ossec-wazuh-1.1.1.tar.gz' do - expect(chef_run).to create_remote_file('/tmp/ossec-wazuh-1.1.1.tar.gz') - end - - it 'creates a remote_file /tmp/ossec-wazuh-1.1.1/etc/preloaded-vars.conf' do - expect(chef_run).to create_template('/tmp/ossec-wazuh-1.1.1/etc/preloaded-vars.conf') - end - - it '/var/ossec/etc/internal_options.conf' do - expect(chef_run).to create_template('/var/ossec/etc/internal_options.conf').with( - user: 'root', - group: 'ossec' - ) - end - - it 'installs a package libssl-dev' do - expect(chef_run).to install_package('libssl-dev') - expect(chef_run).to_not install_package('not_libssl-dev') - end - - it 'runs a bash script Creating ossec-authd key and cert' do - expect(chef_run).to run_bash('Creating ossec-authd key and cert') - end - - it 'runs a bash script Install nodejs' do - expect(chef_run).to run_bash('Install nodejs') - end - - it 'service restart ossec-authd' do - expect(chef_run).to start_service('ossec-authd') - end - - it 'packages to compile Wazuh-ossec Ubuntu' do - expect(chef_run).to install_package(['gcc', 'make', 'curl']) - end -end diff --git a/cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb b/cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb deleted file mode 100644 index 00abe7a8..00000000 --- a/cookbooks/wazuh_manager/spec/unit/recipes/wazuhapi_spec.rb +++ /dev/null @@ -1,70 +0,0 @@ -# -# Cookbook Name:: wazuh -# Spec:: wazuh_api -# - -require 'spec_helper' - -describe 'wazuh::wazuh_api' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - - before do - stub_command("openssl x509 -checkend 864000 -in /var/ossec/api/ssl/server.crt").and_return(false) - end - - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return( - '{"htpasswd_user": "ossec","htpasswd_passcode": "ossec"}' - ) - end - - it 'includes the wazuh::wazuh_api recipe' do - expect(chef_run).to include_recipe 'wazuh::wazuh_api' - end - - it 'creates a remote_file /tmp/1.2.tar.gz' do - expect(chef_run).to create_remote_file('/tmp/1.2.tar.gz') - end - - it 'creates a file /var/ossec/api/ssl/htpasswd' do - expect(chef_run).to create_file('/var/ossec/api/ssl/htpasswd').with( - user: 'root', - group: 'root' - ) - end - - it 'service restart wazuh-api' do - expect(chef_run).to start_service('wazuh-api') - end - - it 'runs a bash script Install_npm_RESful API' do - expect(chef_run).to run_bash('Install_npm_RESful API') - end - - it 'runs a bash script Install_RESful API' do - expect(chef_run).to run_bash('Install_RESful API') - end - - it 'runs a bash script extract_RESful API' do - expect(chef_run).to run_bash('extract_RESful API') - end - - it 'runs a bash script Install nodejs' do - expect(chef_run).to run_bash('Install nodejs') - end - - it 'packages for RESTful API' do - expect(chef_run).to install_package('nodejs') - end - - it 'creates a template Create_Certificate' do - expect(chef_run).to create_template('/tmp/generatecert.sh') - end - - it 'run bash Verify_API' do - expect(chef_run).to run_bash('Install nodejs') - end - -end diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 5e1e892d..00000000 --- a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "Hps2D0xEoVjRQWPwcsti71gKX1WIkXvW496YAvhjq+y7F0E1uz/fqb1y6fbr\nHJ2McX2GRDaVV0jdDHdthukq2Be5vv82xyMxHDa+HfZfB8LFD4s1XWdFYXDd\ndc2zBxgFhNkyT4qCFnlJkCY2IBc1MIQThW/eBN5S/v+GLKJw1l+nFH0t+aTS\nbXDaR7FmPD3UNUo+PxqJFbqDYFpLCzcPrRCPaMduo3e+kgegvaEFQJjbglPO\nX7aYgtEuAj8+YOl828gKTpZDAzbU/UtoO2EGwgQJJB4s4VpXb6aJBaZugWf9\nl81yJR1aAn8lDxRow7FU7juGiSlGmxOZY0/2G7WpPgq9hetsIm2WrEhNqj5b\nyKnCRLSM6N4YRyUYUQy/dPQKZW0R14jb08xvkyv4+a40fztUJ9Z67Exv5xqp\nWfmqtd3VMjmFYay2J6d0r5twdLDJ4r4OBP8cqa7wl64R2il/E7Mfg6bnyNf8\nBUWrIhZ5Tp/RlSuJ4yMm/Stb3aDRKLGLHfJXcuEjhqurtaesV2zJoX1HYMjn\nkrfE4FheohTjAqXza1PFdVLhQuLJIlr0hD0UIpAvAcbfAqwvQHsr4sV8EP3c\nnpN8NHiAOaxDq9+tAsbk0+pJa2gs16vhTv8vgEZRihrCUrXi9FEh/Z6ahiN7\nQqQ6iwqWW8ZDkFlKfjZgxI4CUta6Mi5l4yGBfqdy+TdbzuWT/euRBZO16EaG\nI5cqKT2yKTAR2A4Nw0pS8DdHQUn+x1PhOO6G3RSwMTQ0p6v2KWHQerGo1e3+\nEXaWBSNnb0t0mFj4oljXpXxkEtT393Bs/LMZ0MoaE3uWam5IAP/NY121Lm+I\nciPIbFKb1PKpjccnW9N+3cAWARqA8pC86ItdV/Q7gI5XbEIIcCVLwzhUGyo2\n1JfG89VAwNqOuyVGXRMnOHMD0V/czDRTebDCT6DHCG5nxS6MeYDlYUIEfIEo\n/xIDJbhPo6L+nk3yvVABQXBYayxnrCLGMkQ1xWA9UzC73q+Rd34X970qTK0P\nery6zm0WbP5dvRrzZYiDLjRY0MRrWvXXsLjP7uhz6gRKfq1KGfx/m6VDAzrZ\nuRNbyl4zEx0/CXViwNmMs/iLt3H3rKom7vRLs1qDtwyQvGChrbkmNWsD6iEH\nVNhIDVJj8JjDAjeK2CbhPWtt/UJWkoHmn5sGJdrtgYsuMeXIkDuA0v6hT+cl\ndwrR1EhONUWhNMsBMLVZMkTlg6UieaOCm+4EN0tA4J3b45Eo2zuerjkUzXBQ\nhdlxfiPKIDRFBkHzMQI/OnlMT2GFO0CJ3xp71kjaavmEmU7vsdynwekuo4u4\n9q/LHbuwNEtM08RezYmptwblbmNNvengIAPIovpaAbFVyOsZog/GEAIZmrYP\nmzyGEOBdPIQZfyP9e6wIM5XoN2UgwHohiMTGRX6XdGJjW30zPw0dkRhciKBT\nq7yl3/UxZoMF6v5ihhB/LbHM3TFW4XucrnvY930daYVxvUuxlYXy7/9vx6zq\n/kEbC7AkA8zJ3AhP711dk5ROqia9Fvna7juFic7OxZdNnXm+0unxBqHT976w\nCK0KkDfwB6UH5p5wvFCZlvnyquKggJoNn8XXTfUrUo1Qpq/rggDfhIsaeB7B\nNA1uVb2udXSWEw/TL+UQJIgNqz/jtHctfUjz6w7Qx+I1vlXeeuNlMzHDZX8l\nzx8xWIbddmZG7bqVQ/DcigX0Sgj8kzgd8J4cJFrr9MG7BDJMbtkxBCp7RwSQ\nM5FUinkCiQ==\n", - "iv": "Aa90t/SYwXMFVtEnnWhynQ==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "logstash_certificate_key": { - "encrypted_data": "GeLqjtWtHWxkppekOd67UdAYo4o81ycv6VrCW1EzFLWxXZJFz/Zqh6Gp6Hxb\n3TnRNjDBEdjlRwdQwtUfVr5T6qPJpDinoVL32tMMFsyY9nRqBqhjkxoobZub\n3aQbrCN2TMrsYscwWnoR8odvHXthZ45DIXeKvSdeVB7oxmwuOV+liXj0SvL9\nbQ8TZhNKKF7AQFjY+fVVbHfqXF4TDSelNidE/a1tutSQFqXWjxpXBJ6JEee1\nBYvnx1Zk0Sg7ghbl7jAd2JgaX4DsFt1DirPFIP5JxuBcHsuCgkZyYoUzFn11\nORJm+1fxAPhHBolObZ86iQtoAsKk5IL4D9/COxAljMK9WYyzGqB6L8uX8C7t\nQWg5T08dtEiy9+ZjJlGi280HENSR4oiOMIHPm9lyiIjmZIqhDq3eEgVWYrRk\n1y0D+1279r81Yq12cAB7aXCou6PavvwjBooMiIEmL0yWG+B4pwEir8ow2InE\n4/xtEuE8qprHtdSpZ+MNSnS9c5wctjs7/g0/FSKQ+OWT/LAubrDeDmmeh8TM\nQ+9hsPhOnYeUTVJ+nFQiOuMJT8i8aU64865BVtymLYSoZfmHt6ZMPhKe2lQ+\nzPz+ykU8xVsqrPdo7byhBaiR/xM0dMWpNVl7C11yllq0Z8ewrcmT3DAddnZQ\naRaae9rKON/V7i+Bo2egBa3wJl9Uvw0C6AVi9UNX7/WflRwsTdZDF+I0sAR7\nKQZP0wByBETAYyRaWNMbabfKAVS7NWWLx3N/KRrRarvd9i5GixVqi7wB+mlM\nNvdPYYATKKV+5EjgI3AOThDLHwO1AoSyOCp9jKhsSuyUHSfkQsQXenlFW8KN\nT5J/cl0066yDBZqhlXQ0B+9BI7vhM5ESKdX5hw/5aa3uFaHCeutuql3aAtXU\na5+At6mxRl6Fi6PrmQhA/oWk6etBlZW4Dscv4SauF66zlmQlqHqc5UPNVrR0\nKT8vjVrY0adbR6JG+qOD1UTYYppijW+HMWiPRDbXe9iPSm+wyrybsmqNblPp\n2iEWoPfsLK1jOWZqo0FDrzSwFCcr0rBpPSc1hjuFZ0MrCmW99HEtEHriMPS1\niIQ5hAlDg/qLNaTwIgmbKkiw/OrcYE41XW7R16wOVDWGgmnoJYgBTpyvFY++\nf2OWg2ChUbxMr3rn4qQQY5K1wyKvlrZsDeP0FB+CiEeNqAc1qVpkBuTlA4Vb\nNXVrhoj3ZxIdIoe1yMKsbtSkDIjiYM6gDgmf3Gm0OGh7QtJjgvq/xpcD85/e\ndO/FzXTINpnbmt+w2L36ksW5INmKDQr/l7TApv6t24dbVm/S7h3YDr1umHX0\njwtAMfrZGDGz+Rtqz6Cq+PWznC42bx5SyFkxRgOeZeCq+AxSE1daLognV7Y3\n/W3hyH5m9akJROej6luPG4u/VgwKdCQWKE7axC7EOznOhWlsMXfbJyvr/ZIK\nVrp0Xp7jrEd65gLRDO/qB1jRFufyVv81AIl9Lkcj+7gNGT4gFRLOdZJR/puH\n3/K2Us6ccA93KDNqut230HXGzDMEI4xBIVFCMb9H7txdfz2YnArvrLlylWK9\nwwn/3bobktAdmSxFe9LZaDpkbnv2dmBgEfmgeGOvKZTTkv636g3W5/pF4Hw2\nbp4IUxWozfOtOT1cA8/TfJ1xyTsob3qIkZiA3ju0yW4ULenu9IjplN+uH+WC\n4+35xHSVvvZr2702ho/aV91nJwiPWjsskXORVVY8Fo4Itv7sW826sbKr/Ja7\njyCQG8yB0jVkur51cjkauxaI+AI3DFTK96bswRzPJ3uJU42ESXm44c/VuklW\nDQTx8DNkhgPZ8odjnwWR1vKxQH41ko3GiJlXx8+2Iht4iA0WQ0fPZqnxStDs\nV/4CW5OUlPwzKVOBgoamgLf0Z2TAV/oQxIlSa/sDsEZfbj+gVG0eRWnWrM3H\nJu8/f45IWleIMBVb6IXvvKpwwGZ6PSerLWa+ePVDqlkSEvp2nSQD5jcKAY30\neojZTNUeDaKTVbkZy5kBhN4T0R+FJ5w/PhtphDSptBQ35DLtyOgVO/zIXgOB\n7fH3B/+ZFSjotRLB3nbGJkaYLmFqTW/AMoAnWpxDU9f1sAWHB4VLcd04Z/SY\n8NsobTGNP9aOMezaIgrtb1udPJjW6UArgNKmThoyX9J437aXDTxIIcvrcDvl\nYZP703Gxhboq3tYwfLugUeZFuAy5/binmcVDGkCGdjuUQ/Drd4VzB72JRlCv\n00LOHS8xIFfD1Rr8mH1AU1LtdjlTy8HFynM/XsZ5pup5zdkl00hxsaMGRNwU\nBWrkUSfhvx88SlSYaIi82pns8jhseVfm28zgetjYDw0i20IcueKw1IHptlFe\nsZAxshw=\n", - "iv": "EyUb/TEyoS/xyfuwTBin3Q==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/wazuh_manager/test/data_bags/wazuh_secrets/test_data_bag_key +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/wazuh_manager/test/environments/development-client.json b/cookbooks/wazuh_manager/test/environments/development-client.json deleted file mode 100644 index e99634ae..00000000 --- a/cookbooks/wazuh_manager/test/environments/development-client.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "development-client", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "master": "manager-master.wazuh-test.com", - "address": ["manager-master.wazuh-test.com", "manager-client.wazuh-test.com"], - "cluster_disabled": "no", - "conf": { - "server": { - "cluster": { - "node_name": "node02", - "node_type": "client", - "disabled": "no", - "nodes": { - "node": ["172.16.10.10", "172.16.10.11"] - }, - "key": "596f6b328c8ca831a03f7c7ca8203e8b" - } - } - } - }, - "filebeat": { - "ossec_type": "ossec-alerts-development", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_manager/test/environments/development-master.json b/cookbooks/wazuh_manager/test/environments/development-master.json deleted file mode 100644 index 7ce35145..00000000 --- a/cookbooks/wazuh_manager/test/environments/development-master.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "development-master", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "registration_address": "manager-master.wazuh-test.com", - "address": ["manager-master.wazuh-test.com", "manager-client.wazuh-test.com"], - "cluster_disabled": "no", - "conf": { - "server": { - "cluster": { - "node_name": "node01", - "node_type": "master", - "disabled": "no", - "nodes": { - "node": ["172.16.10.10", "172.16.10.11"] - }, - "key": "596f6b328c8ca831a03f7c7ca8203e8b" - } - } - } - }, - "filebeat": { - "ossec_type": "ossec-alerts-development", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_manager/test/environments/development.json b/cookbooks/wazuh_manager/test/environments/development.json deleted file mode 100644 index e80a3ac8..00000000 --- a/cookbooks/wazuh_manager/test/environments/development.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "name": "development", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "registration_address": "manager-master.wazuh-test.com", - "address": ["manager-master.wazuh-test.com", "manager-client.wazuh-test.com"] - }, - "filebeat": { - "ossec_type": "ossec-alerts-development", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_manager/test/environments/production.json b/cookbooks/wazuh_manager/test/environments/production.json deleted file mode 100644 index e0f88881..00000000 --- a/cookbooks/wazuh_manager/test/environments/production.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "production", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "address": "manager.wazuh-production.com" - }, - "filebeat": { - "ossec_type": "ossec-alerts-production", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb b/cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb deleted file mode 100644 index d54b973a..00000000 --- a/cookbooks/wazuh_manager/test/integration/agent-development/serverspec/agent_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_agent_tests' diff --git a/cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb b/cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb deleted file mode 100644 index d54b973a..00000000 --- a/cookbooks/wazuh_manager/test/integration/agent-production/serverspec/agent_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_agent_tests' diff --git a/cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret b/cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret deleted file mode 100644 index 64910338..00000000 --- a/cookbooks/wazuh_manager/test/integration/default/encrypted_data_bag_secret +++ /dev/null @@ -1,11 +0,0 @@ -tJwThuXenbq6EawKhp6GjHuFyaDrK3J2zLDh+Lg4p+THlM8q3qy2XgtUHhv7FCBQ -UmZ7YBtN9O+q0rFGZ0Wctak4vs1oe/PghbuSjBEp93/DWFdUGlRRvMrcaTfbkSqk -0loq2VrvhyRHh2EzFcKeiLjc5NaCGlrepoWB8gO2YDdcinSmNvTfgNOF2IhdAv/7 -4T4x8SdZgvz+eX1HQUQAeswTWfMdNNt/Dlohe8mzoV3s8KYqNav4XxCThMFy3yvn -lOuHWPEIKmw5toVN0MWgaBkcChitg+d+pG50ZjQUvHcOyCCqXToLrIDM1441GAep -n4AiXYAaMcGSX3zaU7OB8pPt8ddwule08FOxKZ0WnevQKSqzJjQ7VIiBZViYuyRW -wAcj2/X0uddyBrlOCt+N2LXGcvYMHlc4VBtqcCXRQk932AZZZbZbgc4MJxe9/SLq -F6hkAyxjX7o3GByMtxI7JN3rutZBLC8ia4qbl/5z4GYoM/3otA99on/p3GUkHo3u -EEqJFahkHLfj5BKbyZPN9mobhvVmstSpG17Znpma7AbhKJrJ7/OKMn3VRpCtI0VT -Zx6QYVNyOgc+Y7P/4b2aNdJquiVlPvzFKblseku4wtlLScGVv0rRw/FjTdpLGUW5 -tPwcQcMkSUMETNl/8kkyQukmRMj3tCD7ntHPoz4vhkA= diff --git a/cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb b/cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb deleted file mode 100644 index f700b45c..00000000 --- a/cookbooks/wazuh_manager/test/integration/default/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' - -describe 'wazuh::default' do - # This is just a sample integration test - describe file('/etc/passwd') do - it { should be_file } - end -end diff --git a/cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb b/cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb deleted file mode 100644 index c337c5ff..00000000 --- a/cookbooks/wazuh_manager/test/integration/elk-development/serverspec/elk_spec.rb +++ /dev/null @@ -1,83 +0,0 @@ -require 'spec_helper' - -describe 'wazuh_elk::default' do - describe user('elasticsearch') do - it { should exist } - end - describe user('logstash') do - it { should exist } - end - describe file('/etc/init.d/elasticsearch') do - it { should exist } - it { should be_mode 755 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/init.d/logstash') do - it { should exist } - it { should be_mode 775 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/default/elasticsearch') do - it { should exist } - it { should be_mode 644 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/elasticsearch') do - it { should be_directory } - it { should be_mode 750 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'elasticsearch' } - end - describe file('/usr/share/elasticsearch') do - it { should be_directory } - it { should be_mode 755 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/var/lib/elasticsearch') do - it { should be_directory } - it { should be_mode 755 } - it { should be_owned_by 'elasticsearch' } - it { should be_grouped_into 'elasticsearch' } - end - describe file('/var/log/elasticsearch') do - it { should be_directory } - it { should be_mode 755 } - it { should be_owned_by 'elasticsearch' } - it { should be_grouped_into 'elasticsearch' } - end - describe file('/etc/logstash') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/logstash/conf.d') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/var/lib/logstash') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'logstash' } - it { should be_grouped_into 'logstash' } - end - describe file('/var/log/logstash') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'logstash' } - it { should be_grouped_into 'root' } - end - describe service('elasticsearch') do - it { should be_running } - end - # The following lines are commented due to known issue testing logstash - # describe service('logstash') do - # it { should be_running } - # end -end diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb deleted file mode 100644 index 9286796a..00000000 --- a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_agent_tests.rb +++ /dev/null @@ -1,33 +0,0 @@ - -describe 'wazuh::agent' do - describe package('ossec-hids-agent') do - it { should be_installed } - end - describe file('/etc/ossec-init.conf') do - it { should be_symlink } - end - describe file('/var/ossec/etc/ossec.conf') do - it { should exist } - it { should be_mode 440 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/var/ossec/etc/ossec-init.conf') do - it { should exist } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe process('ossec-syscheckd') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-agentd') do - it { should be_running } - its(:user) { should eq 'ossec' } - end - describe process('ossec-logcollector') do - it { should be_running } - its(:user) { should eq 'root' } - end -end diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb deleted file mode 100644 index d42d077d..00000000 --- a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_manager_tests.rb +++ /dev/null @@ -1,65 +0,0 @@ - -describe 'wazuh::manager' do - describe user('ossecm') do - it { should exist } - end - describe user('ossecr') do - it { should exist } - end - describe file('/var/ossec/etc/wazuh_decoders') do - it { should be_directory } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/etc/ossec-init.conf') do - it { should exist } - it { should be_mode 600 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/var/ossec/etc/ossec.conf') do - it { should exist } - it { should be_mode 440 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/var/ossec/etc/ossec-init.conf') do - it { should exist } - it { should be_mode 640 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe process('ossec-integratord') do - it { should be_running } - its(:user) { should eq 'ossecm' } - end - describe process('ossec-authd') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-analysisd') do - it { should be_running } - its(:user) { should eq 'ossec' } - end - describe process('ossec-logcollector') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-remoted') do - it { should be_running } - its(:user) { should eq 'ossecr' } - end - describe process('ossec-syscheckd') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-monitord') do - it { should be_running } - its(:user) { should eq 'ossec' } - end - describe process('nodejs') do - it { should be_running } - its(:user) { should eq 'root' } - end -end diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb deleted file mode 100644 index 8de7fdc3..00000000 --- a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/common_ossec_tests.rb +++ /dev/null @@ -1,24 +0,0 @@ - -describe 'wazuh::common' do - describe package('chef') do - it { should be_installed } - end - describe user('ossec') do - it { should exist } - end - describe group('ossec') do - it { should exist } - end - describe file('/var/ossec') do - it { should be_directory } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/var/ossec/etc') do - it { should be_directory } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end -end diff --git a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb deleted file mode 100644 index c1fddf06..00000000 --- a/cookbooks/wazuh_manager/test/integration/helpers/serverspec/spec_helper.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'serverspec' - -if (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil? - set :backend, :exec -else - set :backend, :cmd - set :os, family: 'windows' -end diff --git a/cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb b/cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb deleted file mode 100644 index fc086db3..00000000 --- a/cookbooks/wazuh_manager/test/integration/manager-development/serverspec/manager_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_manager_tests' diff --git a/cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb b/cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb deleted file mode 100644 index fc086db3..00000000 --- a/cookbooks/wazuh_manager/test/integration/manager-production/serverspec/manager_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_manager_tests' From 107a0045fcf8648fad8bffa7ceb3eebbe5a07e63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 13:05:18 +0100 Subject: [PATCH 141/260] Add import files root path --- .rubocop.yml | 36 +++++++++ CONTRIBUTING.md | 1 + LICENSE | 201 ++++++++++++++++++++++++++++++++++++++++++++++++ TESTING.md | 1 + chefignore | 115 +++++++++++++++++++++++++++ kitchen.yml | 31 ++++++++ 6 files changed, 385 insertions(+) create mode 100644 .rubocop.yml create mode 100644 CONTRIBUTING.md create mode 100644 LICENSE create mode 100644 TESTING.md create mode 100644 chefignore create mode 100644 kitchen.yml diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 00000000..e04a2d30 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,36 @@ +AllCops: + Exclude: + - vendor/**/* + - /**/files/**/* + - test/**/* + - Guardfile + - lib/**/* + - config/**/* + +#Style/WordArray: +# MinSize: 2 +# Don't force hash style +Style/HashSyntax: + Enabled: false + +## Disabled Checks +Encoding: + Enabled: false +Style/SpaceBeforeFirtArg: + Enabled: false +NumericLiterals: + Enabled: false +LineLength: + Enabled: false +Style/RescueModifier: + Enabled: false +Style/PercentLiteralDelimiters: + Enabled: false +Style/BracesAroundHashParameters: + Enabled: false +Style/IndentHash: + Enabled: false +Style/SignalException: + Enabled: false +Style/WordArray: + Enabled: false diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..b99c1ce8 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1 @@ +Please refer to https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..11069edd --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS + +APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + +Copyright [yyyy] [name of copyright owner] + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/TESTING.md b/TESTING.md new file mode 100644 index 00000000..66d780fd --- /dev/null +++ b/TESTING.md @@ -0,0 +1 @@ +Please refer to https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD diff --git a/chefignore b/chefignore new file mode 100644 index 00000000..6a4264c0 --- /dev/null +++ b/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile \ No newline at end of file diff --git a/kitchen.yml b/kitchen.yml new file mode 100644 index 00000000..f5928a36 --- /dev/null +++ b/kitchen.yml @@ -0,0 +1,31 @@ +--- +driver: + name: dokken + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + +transport: + name: dokken + +provisioner: + name: dokken + chef_license: accept + +verifier: + name: inspec + +platforms: + - name: <%= ENV['PLATFORM'] %> + driver: + image: dokken/<%= ENV['PLATFORM'] %> + hostname: <%= ENV['COOKBOOK'] %>_<%= ENV['PLATFORM'] %> + run_command: <%= ENV['RUN_COMMAND'] %> + privileged: true + +suites: + - name: <%= ENV['COOKBOOK'] %> + run_list: + - recipe[<%= ENV['COOKBOOK'] %>::default] + verifier: + inspec_tests: + - path: cookbooks/<%= ENV['COOKBOOK'] %>/test/integration/<%= ENV['COOKBOOK'] %> \ No newline at end of file From 4157ce3566a4475374d9b224512243a107e0d3d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:14:36 +0100 Subject: [PATCH 142/260] Remove only_if and not_if start service --- cookbooks/wazuh_agent/recipes/agent.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/cookbooks/wazuh_agent/recipes/agent.rb b/cookbooks/wazuh_agent/recipes/agent.rb index a8489bb4..f46c7ad2 100644 --- a/cookbooks/wazuh_agent/recipes/agent.rb +++ b/cookbooks/wazuh_agent/recipes/agent.rb @@ -108,6 +108,4 @@ service_name 'wazuh-agent' supports status: true, restart: true action [:enable, :restart] - only_if "test -s #{dir}/etc/client.keys" - not_if ("ps axu | grep ossec-agentd | grep -v grep && ps axu | grep ossec-logcollector | grep -v grep && ps axu | grep ossec-syscheckd | grep -v grep ") end From 32ac7f11b5f57f2d7c19170db117ebd7ef623d17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:15:11 +0100 Subject: [PATCH 143/260] Add respoitory.rb to default.rb --- cookbooks/wazuh_agent/recipes/default.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/cookbooks/wazuh_agent/recipes/default.rb b/cookbooks/wazuh_agent/recipes/default.rb index 474fa6b2..845c9c03 100644 --- a/cookbooks/wazuh_agent/recipes/default.rb +++ b/cookbooks/wazuh_agent/recipes/default.rb @@ -1 +1,2 @@ +include_recipe 'wazuh_agent::repository' include_recipe 'wazuh_agent::agent' \ No newline at end of file From 6704f2b4f7ce6555ddea77412f03125107d5d53d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:15:35 +0100 Subject: [PATCH 144/260] Fix uri apt wazuh package --- cookbooks/wazuh_agent/recipes/repository.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/wazuh_agent/recipes/repository.rb b/cookbooks/wazuh_agent/recipes/repository.rb index b9541d94..ae1f1047 100644 --- a/cookbooks/wazuh_agent/recipes/repository.rb +++ b/cookbooks/wazuh_agent/recipes/repository.rb @@ -27,7 +27,7 @@ end apt_repository 'wazuh' do - uri 'http://packages.wazuh.com/4.x/apt/' + uri 'https://packages.wazuh.com/4.x/apt/' key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' components ['main'] distribution 'stable' From 618e1fc7b3f6c9a76a88a77f900d675fa22c3873 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:16:02 +0100 Subject: [PATCH 145/260] Add inspec test agent --- .../integration/wazuh-agent/agent_test.rb | 7 ++ .../integration/wazuh-agent/common_test.rb | 74 +++++++++++++++++++ .../wazuh-agent/respoitory_test.rb | 17 +++++ 3 files changed, 98 insertions(+) create mode 100644 cookbooks/wazuh_agent/test/integration/wazuh-agent/agent_test.rb create mode 100644 cookbooks/wazuh_agent/test/integration/wazuh-agent/common_test.rb create mode 100644 cookbooks/wazuh_agent/test/integration/wazuh-agent/respoitory_test.rb diff --git a/cookbooks/wazuh_agent/test/integration/wazuh-agent/agent_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh-agent/agent_test.rb new file mode 100644 index 00000000..a95c4df5 --- /dev/null +++ b/cookbooks/wazuh_agent/test/integration/wazuh-agent/agent_test.rb @@ -0,0 +1,7 @@ +describe package('wazuh-agent') do + it { should be_installed } +end + +describe service('wazuh-agent') do + it { should be_running } +end \ No newline at end of file diff --git a/cookbooks/wazuh_agent/test/integration/wazuh-agent/common_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh-agent/common_test.rb new file mode 100644 index 00000000..fc1023f4 --- /dev/null +++ b/cookbooks/wazuh_agent/test/integration/wazuh-agent/common_test.rb @@ -0,0 +1,74 @@ +# Check ossec user +describe user('ossec') do + it { should exist } +end + +# Check processes + +describe command('ps -ef | grep wazuh-modulesd') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-logcollector') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-syscheckd') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-execd') do + its('exit_status') { should eq 0 } +end + +describe command('ps -ef | grep ossec-agentd') do + its('exit_status') { should eq 0 } +end + +# Check OSSEC dir + +describe file('/var/ossec/etc/ossec-init.conf') do + it { should be_symlink } +end + +describe file('/var/ossec') do + it { should be_directory } + its('mode') { should cmp '0750' } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } +end + +describe file('/var/ossec/etc') do + it { should be_directory } + its('mode') { should cmp '0770' } + its('owner') { should cmp 'ossec' } + its('group') { should cmp 'ossec' } +end + +describe file('/etc/ossec-init.conf') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0640' } +end + +describe file('/var/ossec/etc/ossec.conf') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0440' } +end + +describe file('/var/ossec/etc/shared/agent.conf') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0440' } +end + +describe file('/var/ossec/etc/local_internal_options.conf') do + it { should exist } + its('owner') { should cmp 'root' } + its('group') { should cmp 'ossec' } + its('mode') { should cmp '0640' } +end \ No newline at end of file diff --git a/cookbooks/wazuh_agent/test/integration/wazuh-agent/respoitory_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh-agent/respoitory_test.rb new file mode 100644 index 00000000..36f759a5 --- /dev/null +++ b/cookbooks/wazuh_agent/test/integration/wazuh-agent/respoitory_test.rb @@ -0,0 +1,17 @@ +case os.family +when 'debian' + describe apt('https://packages.wazuh.com/4.x/apt/') do + it { should exist } + it { should be_enabled } + end +when 'redhat' + describe yum.repo('https://packages.wazuh.com/4.x/yum/') do + it { should exist } + it { should be_enabled } + end +when 'suse' + describe yum.repo('https://packages.wazuh.com/4.x/yum/') do + it { should exist } + it { should be_enabled } + end +end \ No newline at end of file From 2a8713d3f6362e62eb2fc8f4950b5c5e7c344879 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:16:52 +0100 Subject: [PATCH 146/260] Remove old files agent cookbook --- cookbooks/wazuh_agent/.gitignore | 16 -- cookbooks/wazuh_agent/.rspec | 2 - cookbooks/wazuh_agent/.rubocop.yml | 36 ---- cookbooks/wazuh_agent/Berksfile | 9 - cookbooks/wazuh_agent/CONTRIBUTING.md | 1 - cookbooks/wazuh_agent/Gemfile | 6 - cookbooks/wazuh_agent/LICENSE | 201 ------------------ cookbooks/wazuh_agent/Rakefile | 11 - cookbooks/wazuh_agent/TESTING.md | 1 - cookbooks/wazuh_agent/kitchen.yml | 3 + cookbooks/wazuh_agent/metadata.rb | 29 +-- cookbooks/wazuh_agent/spec/spec_helper.rb | 20 -- .../spec/unit/recipes/agent_spec.rb | 31 --- .../spec/unit/recipes/backups_spec.rb | 39 ---- .../spec/unit/recipes/common_spec.rb | 41 ---- .../test/data_bags/wazuh_secrets/api.json | 15 -- .../wazuh_secrets/logstash_certificate.json | 15 -- .../data_bags/wazuh_secrets/test_data_bag_key | 1 - .../test/environments/development-client.json | 35 --- .../test/environments/development-master.json | 35 --- .../test/environments/development.json | 21 -- .../test/environments/production.json | 20 -- .../serverspec/agent_spec.rb | 3 - .../agent-production/serverspec/agent_spec.rb | 3 - .../default/encrypted_data_bag_secret | 11 - .../default/serverspec/default_spec.rb | 9 - .../elk-development/serverspec/elk_spec.rb | 83 -------- .../helpers/serverspec/common_agent_tests.rb | 33 --- .../serverspec/common_manager_tests.rb | 65 ------ .../helpers/serverspec/common_ossec_tests.rb | 24 --- .../helpers/serverspec/spec_helper.rb | 8 - .../serverspec/manager_spec.rb | 3 - .../serverspec/manager_spec.rb | 3 - 33 files changed, 11 insertions(+), 822 deletions(-) delete mode 100644 cookbooks/wazuh_agent/.gitignore delete mode 100644 cookbooks/wazuh_agent/.rspec delete mode 100644 cookbooks/wazuh_agent/.rubocop.yml delete mode 100644 cookbooks/wazuh_agent/Berksfile delete mode 100644 cookbooks/wazuh_agent/CONTRIBUTING.md delete mode 100644 cookbooks/wazuh_agent/Gemfile delete mode 100644 cookbooks/wazuh_agent/LICENSE delete mode 100644 cookbooks/wazuh_agent/Rakefile delete mode 100644 cookbooks/wazuh_agent/TESTING.md delete mode 100644 cookbooks/wazuh_agent/spec/spec_helper.rb delete mode 100644 cookbooks/wazuh_agent/spec/unit/recipes/agent_spec.rb delete mode 100644 cookbooks/wazuh_agent/spec/unit/recipes/backups_spec.rb delete mode 100644 cookbooks/wazuh_agent/spec/unit/recipes/common_spec.rb delete mode 100644 cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/api.json delete mode 100644 cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/logstash_certificate.json delete mode 100644 cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/test_data_bag_key delete mode 100644 cookbooks/wazuh_agent/test/environments/development-client.json delete mode 100644 cookbooks/wazuh_agent/test/environments/development-master.json delete mode 100644 cookbooks/wazuh_agent/test/environments/development.json delete mode 100644 cookbooks/wazuh_agent/test/environments/production.json delete mode 100644 cookbooks/wazuh_agent/test/integration/agent-development/serverspec/agent_spec.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/agent-production/serverspec/agent_spec.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/default/encrypted_data_bag_secret delete mode 100644 cookbooks/wazuh_agent/test/integration/default/serverspec/default_spec.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/elk-development/serverspec/elk_spec.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_agent_tests.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_manager_tests.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_ossec_tests.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/helpers/serverspec/spec_helper.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/manager-development/serverspec/manager_spec.rb delete mode 100644 cookbooks/wazuh_agent/test/integration/manager-production/serverspec/manager_spec.rb diff --git a/cookbooks/wazuh_agent/.gitignore b/cookbooks/wazuh_agent/.gitignore deleted file mode 100644 index 8a6736d2..00000000 --- a/cookbooks/wazuh_agent/.gitignore +++ /dev/null @@ -1,16 +0,0 @@ -.vagrant -Berksfile.lock -*~ -*# -.#* -\#*# -.*.sw[a-z] -*.un~ - -# Bundler -Gemfile.lock -bin/* -.bundle/* - -.kitchen/* -.kitchen.local.yml diff --git a/cookbooks/wazuh_agent/.rspec b/cookbooks/wazuh_agent/.rspec deleted file mode 100644 index 83e16f80..00000000 --- a/cookbooks/wazuh_agent/.rspec +++ /dev/null @@ -1,2 +0,0 @@ ---color ---require spec_helper diff --git a/cookbooks/wazuh_agent/.rubocop.yml b/cookbooks/wazuh_agent/.rubocop.yml deleted file mode 100644 index e04a2d30..00000000 --- a/cookbooks/wazuh_agent/.rubocop.yml +++ /dev/null @@ -1,36 +0,0 @@ -AllCops: - Exclude: - - vendor/**/* - - /**/files/**/* - - test/**/* - - Guardfile - - lib/**/* - - config/**/* - -#Style/WordArray: -# MinSize: 2 -# Don't force hash style -Style/HashSyntax: - Enabled: false - -## Disabled Checks -Encoding: - Enabled: false -Style/SpaceBeforeFirtArg: - Enabled: false -NumericLiterals: - Enabled: false -LineLength: - Enabled: false -Style/RescueModifier: - Enabled: false -Style/PercentLiteralDelimiters: - Enabled: false -Style/BracesAroundHashParameters: - Enabled: false -Style/IndentHash: - Enabled: false -Style/SignalException: - Enabled: false -Style/WordArray: - Enabled: false diff --git a/cookbooks/wazuh_agent/Berksfile b/cookbooks/wazuh_agent/Berksfile deleted file mode 100644 index 341f0d90..00000000 --- a/cookbooks/wazuh_agent/Berksfile +++ /dev/null @@ -1,9 +0,0 @@ -source 'https://supermarket.chef.io' - -metadata - -cookbook 'chef-sugar' -cookbook 'hostsfile' -cookbook 'apt' -cookbook 'yum' -cookbook 'poise-python' diff --git a/cookbooks/wazuh_agent/CONTRIBUTING.md b/cookbooks/wazuh_agent/CONTRIBUTING.md deleted file mode 100644 index b99c1ce8..00000000 --- a/cookbooks/wazuh_agent/CONTRIBUTING.md +++ /dev/null @@ -1 +0,0 @@ -Please refer to https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD diff --git a/cookbooks/wazuh_agent/Gemfile b/cookbooks/wazuh_agent/Gemfile deleted file mode 100644 index 702c66f9..00000000 --- a/cookbooks/wazuh_agent/Gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source 'https://rubygems.org' - -gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/wazuh_agent/LICENSE b/cookbooks/wazuh_agent/LICENSE deleted file mode 100644 index 11069edd..00000000 --- a/cookbooks/wazuh_agent/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/cookbooks/wazuh_agent/Rakefile b/cookbooks/wazuh_agent/Rakefile deleted file mode 100644 index 5ed9f32b..00000000 --- a/cookbooks/wazuh_agent/Rakefile +++ /dev/null @@ -1,11 +0,0 @@ -require 'rspec/core/rake_task' -require 'rubocop/rake_task' - -# Rspec and ChefSpec -desc 'Run ChefSpec unit tests' -RSpec::Core::RakeTask.new(:spec) do |t, _args| - t.rspec_opts = 'spec/unit' -end - -# Rubocop -RuboCop::RakeTask.new diff --git a/cookbooks/wazuh_agent/TESTING.md b/cookbooks/wazuh_agent/TESTING.md deleted file mode 100644 index 66d780fd..00000000 --- a/cookbooks/wazuh_agent/TESTING.md +++ /dev/null @@ -1 +0,0 @@ -Please refer to https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD diff --git a/cookbooks/wazuh_agent/kitchen.yml b/cookbooks/wazuh_agent/kitchen.yml index 7e2b0ee3..eb5efa52 100644 --- a/cookbooks/wazuh_agent/kitchen.yml +++ b/cookbooks/wazuh_agent/kitchen.yml @@ -12,6 +12,9 @@ transport: provisioner: name: dokken +verifier: + name: inspec + platforms: - name: amazonlinux-2 driver: diff --git a/cookbooks/wazuh_agent/metadata.rb b/cookbooks/wazuh_agent/metadata.rb index 984bde0c..3007b00d 100644 --- a/cookbooks/wazuh_agent/metadata.rb +++ b/cookbooks/wazuh_agent/metadata.rb @@ -1,34 +1,21 @@ name 'wazuh_agent' -maintainer 'Wazuh Inc.' +maintainer 'Wazuh' maintainer_email 'info@wazuh.com' license 'Apache 2.0' -description 'Installs and onfigures ossec' +description 'Installs/Configures wazuh-agent' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) version '0.1.0' +chef_version '>= 15.0' %w(redhat centos oracle).each do |el| supports el, '>= 6.0' end - -supports 'amazon' -supports 'fedora' +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' supports 'debian', '>= 7.0' supports 'ubuntu', '>= 12.04' - -%w( apt ).each do |pkg| - depends pkg -end - -%w( debian ubuntu ).each do |os| - supports os -end - -depends 'chef-sugar' -depends 'apt' -depends 'poise-python' -depends 'yum' -depends 'hostsfile' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) -source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) -chef_version '>= 12.7' if respond_to?(:chef_version) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file diff --git a/cookbooks/wazuh_agent/spec/spec_helper.rb b/cookbooks/wazuh_agent/spec/spec_helper.rb deleted file mode 100644 index c86adfd5..00000000 --- a/cookbooks/wazuh_agent/spec/spec_helper.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' - -RSpec.configure do |config| - # Use color in STDOUT - config.color = true - - # Use color not only in STDOUT but also in pagers and files - config.tty = true - - # Use the specified formatter - config.formatter = :documentation # :progress, :html, :textmate - - config.log_level = :error - - config.platform = 'ubuntu' - config.version = '14.04' -end - -at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/wazuh_agent/spec/unit/recipes/agent_spec.rb b/cookbooks/wazuh_agent/spec/unit/recipes/agent_spec.rb deleted file mode 100644 index 18c02589..00000000 --- a/cookbooks/wazuh_agent/spec/unit/recipes/agent_spec.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Cookbook Name:: wazuh -# Spec:: agent - -require 'spec_helper' - -describe 'wazuh::agent' do - context 'When all attributes are default, on an unspecified platform' do - cached(:chef_run) do - runner = ChefSpec::ServerRunner.new - runner.converge(described_recipe) - end - - it 'includes the wazuh::install_agent recipe' do - expect(chef_run).to include_recipe 'wazuh::install_agent' - end - - it 'installs ossec-hids-agent' do - expect(chef_run).to install_package('ossec-hids-agent') - end - - it 'service restart ossec' do - expect(chef_run).to start_service('ossec') - end - - it 'reloads a ohai reload lsb' do - expect(chef_run).to reload_ohai('reload lsb') - expect(chef_run).to_not reload_ohai('not_default_action') - end - end -end diff --git a/cookbooks/wazuh_agent/spec/unit/recipes/backups_spec.rb b/cookbooks/wazuh_agent/spec/unit/recipes/backups_spec.rb deleted file mode 100644 index b26c1e57..00000000 --- a/cookbooks/wazuh_agent/spec/unit/recipes/backups_spec.rb +++ /dev/null @@ -1,39 +0,0 @@ -# -# Cookbook Name:: wazuh -# Spec:: backups -# - -require 'spec_helper' - -describe 'wazuh::backups' do - context 'When all attributes are default' do - before do - Chef::Config[:encrypted_data_bag_secret] = 'test/data_bags/wazuh_secrets/test_data_bag_key' - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'api').and_return( - '{"htpasswd_user": "ossec","htpasswd_passcode": "ossec"}' - ) - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'backups', 'gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g=').and_return( - 'development' => { 'access_key_id' => 'foo', 'secret_access_key' => 'bar', 'encryption_password' => 'zoom' } - ) - end - cached(:chef_run) do - runner = ChefSpec::ServerRunner.new do |node, server| - server.create_environment('development', { - 'name' => 'kitchen-env', 'description' => 'Spec Production Text Env' - }) - node.chef_environment = 'development' - end - runner.converge(described_recipe) - end - - it 'includes the backup::default' do - expect(chef_run).to include_recipe 'backup::default' - end - - it 'to install gem_package fog' do - expect(chef_run).to install_gem_package('fog').with( - version: '~> 1.4.0' - ) - end - end -end diff --git a/cookbooks/wazuh_agent/spec/unit/recipes/common_spec.rb b/cookbooks/wazuh_agent/spec/unit/recipes/common_spec.rb deleted file mode 100644 index 95474b3f..00000000 --- a/cookbooks/wazuh_agent/spec/unit/recipes/common_spec.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -# Cookbook Name:: wazuh -# Spec:: common -# - -require 'spec_helper' -describe 'wazuh::common' do - context 'When all attributes are default, on an unspecified platform' do - cached(:chef_run) do - runner = ChefSpec::ServerRunner.new - runner.converge(described_recipe) - end - - it 'includes the wazuh::common recipe' do - expect(chef_run).to include_recipe 'wazuh::common' - end - - it 'creates a file /var/ossec/etc/ossec.conf' do - expect(chef_run).to create_file('/var/ossec/etc/ossec.conf').with( - user: 'root', - group: 'ossec' - ) - end - - it 'creates a file /var/ossec/etc/shared/agent.conf' do - expect(chef_run).to create_file('/var/ossec/etc/shared/agent.conf').with( - user: 'root', - group: 'ossec' - ) - end - - it 'installs a chef_gem gyoku' do - expect(chef_run).to install_chef_gem('gyoku') - expect(chef_run).to_not install_chef_gem('non_gyoku') - end - - it 'runs a ruby_block when specifying the identity attribute' do - expect(chef_run).to run_ruby_block('ossec install_type') - end - end -end diff --git a/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/api.json b/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/api.json deleted file mode 100644 index e9a89e98..00000000 --- a/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/api.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "api", - "htpasswd_user": { - "encrypted_data": "44KmfVdj/ttHvGecsv5M7+uCvqcc0Cs/RvXJeLQMZkE=\n", - "iv": "RRP7S4Tt6B9y366P+hMbwg==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "htpasswd_passcode": { - "encrypted_data": "ps9xA2QJKd3KE6jjpn69rNJhf6sRCWoeK/0kHZfo3incyILK+TJPmRq92PK0\n3e8Ngv0HJHn8pp5QA1FT4zX/wg==\n", - "iv": "gC9cyqCgQq/5icvUOfW0Iw==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/logstash_certificate.json b/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/logstash_certificate.json deleted file mode 100644 index 5e1e892d..00000000 --- a/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/logstash_certificate.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "id": "logstash_certificate", - "logstash_certificate": { - "encrypted_data": "Hps2D0xEoVjRQWPwcsti71gKX1WIkXvW496YAvhjq+y7F0E1uz/fqb1y6fbr\nHJ2McX2GRDaVV0jdDHdthukq2Be5vv82xyMxHDa+HfZfB8LFD4s1XWdFYXDd\ndc2zBxgFhNkyT4qCFnlJkCY2IBc1MIQThW/eBN5S/v+GLKJw1l+nFH0t+aTS\nbXDaR7FmPD3UNUo+PxqJFbqDYFpLCzcPrRCPaMduo3e+kgegvaEFQJjbglPO\nX7aYgtEuAj8+YOl828gKTpZDAzbU/UtoO2EGwgQJJB4s4VpXb6aJBaZugWf9\nl81yJR1aAn8lDxRow7FU7juGiSlGmxOZY0/2G7WpPgq9hetsIm2WrEhNqj5b\nyKnCRLSM6N4YRyUYUQy/dPQKZW0R14jb08xvkyv4+a40fztUJ9Z67Exv5xqp\nWfmqtd3VMjmFYay2J6d0r5twdLDJ4r4OBP8cqa7wl64R2il/E7Mfg6bnyNf8\nBUWrIhZ5Tp/RlSuJ4yMm/Stb3aDRKLGLHfJXcuEjhqurtaesV2zJoX1HYMjn\nkrfE4FheohTjAqXza1PFdVLhQuLJIlr0hD0UIpAvAcbfAqwvQHsr4sV8EP3c\nnpN8NHiAOaxDq9+tAsbk0+pJa2gs16vhTv8vgEZRihrCUrXi9FEh/Z6ahiN7\nQqQ6iwqWW8ZDkFlKfjZgxI4CUta6Mi5l4yGBfqdy+TdbzuWT/euRBZO16EaG\nI5cqKT2yKTAR2A4Nw0pS8DdHQUn+x1PhOO6G3RSwMTQ0p6v2KWHQerGo1e3+\nEXaWBSNnb0t0mFj4oljXpXxkEtT393Bs/LMZ0MoaE3uWam5IAP/NY121Lm+I\nciPIbFKb1PKpjccnW9N+3cAWARqA8pC86ItdV/Q7gI5XbEIIcCVLwzhUGyo2\n1JfG89VAwNqOuyVGXRMnOHMD0V/czDRTebDCT6DHCG5nxS6MeYDlYUIEfIEo\n/xIDJbhPo6L+nk3yvVABQXBYayxnrCLGMkQ1xWA9UzC73q+Rd34X970qTK0P\nery6zm0WbP5dvRrzZYiDLjRY0MRrWvXXsLjP7uhz6gRKfq1KGfx/m6VDAzrZ\nuRNbyl4zEx0/CXViwNmMs/iLt3H3rKom7vRLs1qDtwyQvGChrbkmNWsD6iEH\nVNhIDVJj8JjDAjeK2CbhPWtt/UJWkoHmn5sGJdrtgYsuMeXIkDuA0v6hT+cl\ndwrR1EhONUWhNMsBMLVZMkTlg6UieaOCm+4EN0tA4J3b45Eo2zuerjkUzXBQ\nhdlxfiPKIDRFBkHzMQI/OnlMT2GFO0CJ3xp71kjaavmEmU7vsdynwekuo4u4\n9q/LHbuwNEtM08RezYmptwblbmNNvengIAPIovpaAbFVyOsZog/GEAIZmrYP\nmzyGEOBdPIQZfyP9e6wIM5XoN2UgwHohiMTGRX6XdGJjW30zPw0dkRhciKBT\nq7yl3/UxZoMF6v5ihhB/LbHM3TFW4XucrnvY930daYVxvUuxlYXy7/9vx6zq\n/kEbC7AkA8zJ3AhP711dk5ROqia9Fvna7juFic7OxZdNnXm+0unxBqHT976w\nCK0KkDfwB6UH5p5wvFCZlvnyquKggJoNn8XXTfUrUo1Qpq/rggDfhIsaeB7B\nNA1uVb2udXSWEw/TL+UQJIgNqz/jtHctfUjz6w7Qx+I1vlXeeuNlMzHDZX8l\nzx8xWIbddmZG7bqVQ/DcigX0Sgj8kzgd8J4cJFrr9MG7BDJMbtkxBCp7RwSQ\nM5FUinkCiQ==\n", - "iv": "Aa90t/SYwXMFVtEnnWhynQ==\n", - "version": 1, - "cipher": "aes-256-cbc" - }, - "logstash_certificate_key": { - "encrypted_data": "GeLqjtWtHWxkppekOd67UdAYo4o81ycv6VrCW1EzFLWxXZJFz/Zqh6Gp6Hxb\n3TnRNjDBEdjlRwdQwtUfVr5T6qPJpDinoVL32tMMFsyY9nRqBqhjkxoobZub\n3aQbrCN2TMrsYscwWnoR8odvHXthZ45DIXeKvSdeVB7oxmwuOV+liXj0SvL9\nbQ8TZhNKKF7AQFjY+fVVbHfqXF4TDSelNidE/a1tutSQFqXWjxpXBJ6JEee1\nBYvnx1Zk0Sg7ghbl7jAd2JgaX4DsFt1DirPFIP5JxuBcHsuCgkZyYoUzFn11\nORJm+1fxAPhHBolObZ86iQtoAsKk5IL4D9/COxAljMK9WYyzGqB6L8uX8C7t\nQWg5T08dtEiy9+ZjJlGi280HENSR4oiOMIHPm9lyiIjmZIqhDq3eEgVWYrRk\n1y0D+1279r81Yq12cAB7aXCou6PavvwjBooMiIEmL0yWG+B4pwEir8ow2InE\n4/xtEuE8qprHtdSpZ+MNSnS9c5wctjs7/g0/FSKQ+OWT/LAubrDeDmmeh8TM\nQ+9hsPhOnYeUTVJ+nFQiOuMJT8i8aU64865BVtymLYSoZfmHt6ZMPhKe2lQ+\nzPz+ykU8xVsqrPdo7byhBaiR/xM0dMWpNVl7C11yllq0Z8ewrcmT3DAddnZQ\naRaae9rKON/V7i+Bo2egBa3wJl9Uvw0C6AVi9UNX7/WflRwsTdZDF+I0sAR7\nKQZP0wByBETAYyRaWNMbabfKAVS7NWWLx3N/KRrRarvd9i5GixVqi7wB+mlM\nNvdPYYATKKV+5EjgI3AOThDLHwO1AoSyOCp9jKhsSuyUHSfkQsQXenlFW8KN\nT5J/cl0066yDBZqhlXQ0B+9BI7vhM5ESKdX5hw/5aa3uFaHCeutuql3aAtXU\na5+At6mxRl6Fi6PrmQhA/oWk6etBlZW4Dscv4SauF66zlmQlqHqc5UPNVrR0\nKT8vjVrY0adbR6JG+qOD1UTYYppijW+HMWiPRDbXe9iPSm+wyrybsmqNblPp\n2iEWoPfsLK1jOWZqo0FDrzSwFCcr0rBpPSc1hjuFZ0MrCmW99HEtEHriMPS1\niIQ5hAlDg/qLNaTwIgmbKkiw/OrcYE41XW7R16wOVDWGgmnoJYgBTpyvFY++\nf2OWg2ChUbxMr3rn4qQQY5K1wyKvlrZsDeP0FB+CiEeNqAc1qVpkBuTlA4Vb\nNXVrhoj3ZxIdIoe1yMKsbtSkDIjiYM6gDgmf3Gm0OGh7QtJjgvq/xpcD85/e\ndO/FzXTINpnbmt+w2L36ksW5INmKDQr/l7TApv6t24dbVm/S7h3YDr1umHX0\njwtAMfrZGDGz+Rtqz6Cq+PWznC42bx5SyFkxRgOeZeCq+AxSE1daLognV7Y3\n/W3hyH5m9akJROej6luPG4u/VgwKdCQWKE7axC7EOznOhWlsMXfbJyvr/ZIK\nVrp0Xp7jrEd65gLRDO/qB1jRFufyVv81AIl9Lkcj+7gNGT4gFRLOdZJR/puH\n3/K2Us6ccA93KDNqut230HXGzDMEI4xBIVFCMb9H7txdfz2YnArvrLlylWK9\nwwn/3bobktAdmSxFe9LZaDpkbnv2dmBgEfmgeGOvKZTTkv636g3W5/pF4Hw2\nbp4IUxWozfOtOT1cA8/TfJ1xyTsob3qIkZiA3ju0yW4ULenu9IjplN+uH+WC\n4+35xHSVvvZr2702ho/aV91nJwiPWjsskXORVVY8Fo4Itv7sW826sbKr/Ja7\njyCQG8yB0jVkur51cjkauxaI+AI3DFTK96bswRzPJ3uJU42ESXm44c/VuklW\nDQTx8DNkhgPZ8odjnwWR1vKxQH41ko3GiJlXx8+2Iht4iA0WQ0fPZqnxStDs\nV/4CW5OUlPwzKVOBgoamgLf0Z2TAV/oQxIlSa/sDsEZfbj+gVG0eRWnWrM3H\nJu8/f45IWleIMBVb6IXvvKpwwGZ6PSerLWa+ePVDqlkSEvp2nSQD5jcKAY30\neojZTNUeDaKTVbkZy5kBhN4T0R+FJ5w/PhtphDSptBQ35DLtyOgVO/zIXgOB\n7fH3B/+ZFSjotRLB3nbGJkaYLmFqTW/AMoAnWpxDU9f1sAWHB4VLcd04Z/SY\n8NsobTGNP9aOMezaIgrtb1udPJjW6UArgNKmThoyX9J437aXDTxIIcvrcDvl\nYZP703Gxhboq3tYwfLugUeZFuAy5/binmcVDGkCGdjuUQ/Drd4VzB72JRlCv\n00LOHS8xIFfD1Rr8mH1AU1LtdjlTy8HFynM/XsZ5pup5zdkl00hxsaMGRNwU\nBWrkUSfhvx88SlSYaIi82pns8jhseVfm28zgetjYDw0i20IcueKw1IHptlFe\nsZAxshw=\n", - "iv": "EyUb/TEyoS/xyfuwTBin3Q==\n", - "version": 1, - "cipher": "aes-256-cbc" - } -} diff --git a/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/test_data_bag_key b/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/test_data_bag_key deleted file mode 100644 index add836f6..00000000 --- a/cookbooks/wazuh_agent/test/data_bags/wazuh_secrets/test_data_bag_key +++ /dev/null @@ -1 +0,0 @@ -gPTbum6NpTwIVZop5w5TzehVh/ElS52smpao+bSxKX+SRNbvnLSHwC22EZt5Q7pPamCpEBD2ycH4fEpLGCp7FCSa/RLquQNls4TiVp54DJcfbSCiRA+lFL1e7YJqX4az1I1nzj+/3RlOjpfMvEhJ9gmubGMgnXZboDG5yiv34O2CdbybpMk9wQCC11RaeJUSFuvToQlnV2jK3HvymIHivm5Ax30PvyIMj6Mpp+YlJpBj70+vvk/rLmmXCsOHHV3g6hmZJph1mJrcjQZJVM9/foqiadrFJ9HLPFn0+LMXea69q4RvPDAIl914pXnE3pJBSYL9bZuDge/krbynQNosr3yNTLs1VoV9cw2yJinYY5GoOxjFnf66nCj1bnj5uFsN8FrK7w/hi07A/EBjiOFMAGHei1+ZGKKfHVKve67CNMHsaItjgc2njyRdOWTdxAvNw7AYSF4ST8vXBJZeBQyGizd2c73Hs4B640j7PWPKBu3Tfqvig6TxSPjwN9hO/a2/pOTRSJ4RfW2cXe0ZRbUb4O6hLv4F4kXjSuiW/ckvIpSOI3G04aqvXVLBcgDiKbqwH1poqKvpRPEahu+HGAf8C4Flhm6UXrawssIEp9WC5YHMLhsu1dSx8Hi6vCXqEOWobWWuh7VhItE0ySKl/LTxB2DWn12AYs1RXkYSBL4Gz/g= diff --git a/cookbooks/wazuh_agent/test/environments/development-client.json b/cookbooks/wazuh_agent/test/environments/development-client.json deleted file mode 100644 index e99634ae..00000000 --- a/cookbooks/wazuh_agent/test/environments/development-client.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "development-client", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "master": "manager-master.wazuh-test.com", - "address": ["manager-master.wazuh-test.com", "manager-client.wazuh-test.com"], - "cluster_disabled": "no", - "conf": { - "server": { - "cluster": { - "node_name": "node02", - "node_type": "client", - "disabled": "no", - "nodes": { - "node": ["172.16.10.10", "172.16.10.11"] - }, - "key": "596f6b328c8ca831a03f7c7ca8203e8b" - } - } - } - }, - "filebeat": { - "ossec_type": "ossec-alerts-development", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_agent/test/environments/development-master.json b/cookbooks/wazuh_agent/test/environments/development-master.json deleted file mode 100644 index 7ce35145..00000000 --- a/cookbooks/wazuh_agent/test/environments/development-master.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "name": "development-master", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "registration_address": "manager-master.wazuh-test.com", - "address": ["manager-master.wazuh-test.com", "manager-client.wazuh-test.com"], - "cluster_disabled": "no", - "conf": { - "server": { - "cluster": { - "node_name": "node01", - "node_type": "master", - "disabled": "no", - "nodes": { - "node": ["172.16.10.10", "172.16.10.11"] - }, - "key": "596f6b328c8ca831a03f7c7ca8203e8b" - } - } - } - }, - "filebeat": { - "ossec_type": "ossec-alerts-development", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_agent/test/environments/development.json b/cookbooks/wazuh_agent/test/environments/development.json deleted file mode 100644 index e80a3ac8..00000000 --- a/cookbooks/wazuh_agent/test/environments/development.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "name": "development", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "registration_address": "manager-master.wazuh-test.com", - "address": ["manager-master.wazuh-test.com", "manager-client.wazuh-test.com"] - }, - "filebeat": { - "ossec_type": "ossec-alerts-development", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_agent/test/environments/production.json b/cookbooks/wazuh_agent/test/environments/production.json deleted file mode 100644 index e0f88881..00000000 --- a/cookbooks/wazuh_agent/test/environments/production.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "name": "production", - "description": "The development environment", - "cookbook_versions": { - }, - "json_class": "Chef::Environment", - "chef_type": "environment", - "default_attributes": { - - }, - "override_attributes": { - "ossec": { - "address": "manager.wazuh-production.com" - }, - "filebeat": { - "ossec_type": "ossec-alerts-production", - "logstash_servers": "elk.wazuh-test.com:5000" - } - } -} diff --git a/cookbooks/wazuh_agent/test/integration/agent-development/serverspec/agent_spec.rb b/cookbooks/wazuh_agent/test/integration/agent-development/serverspec/agent_spec.rb deleted file mode 100644 index d54b973a..00000000 --- a/cookbooks/wazuh_agent/test/integration/agent-development/serverspec/agent_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_agent_tests' diff --git a/cookbooks/wazuh_agent/test/integration/agent-production/serverspec/agent_spec.rb b/cookbooks/wazuh_agent/test/integration/agent-production/serverspec/agent_spec.rb deleted file mode 100644 index d54b973a..00000000 --- a/cookbooks/wazuh_agent/test/integration/agent-production/serverspec/agent_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_agent_tests' diff --git a/cookbooks/wazuh_agent/test/integration/default/encrypted_data_bag_secret b/cookbooks/wazuh_agent/test/integration/default/encrypted_data_bag_secret deleted file mode 100644 index 64910338..00000000 --- a/cookbooks/wazuh_agent/test/integration/default/encrypted_data_bag_secret +++ /dev/null @@ -1,11 +0,0 @@ -tJwThuXenbq6EawKhp6GjHuFyaDrK3J2zLDh+Lg4p+THlM8q3qy2XgtUHhv7FCBQ -UmZ7YBtN9O+q0rFGZ0Wctak4vs1oe/PghbuSjBEp93/DWFdUGlRRvMrcaTfbkSqk -0loq2VrvhyRHh2EzFcKeiLjc5NaCGlrepoWB8gO2YDdcinSmNvTfgNOF2IhdAv/7 -4T4x8SdZgvz+eX1HQUQAeswTWfMdNNt/Dlohe8mzoV3s8KYqNav4XxCThMFy3yvn -lOuHWPEIKmw5toVN0MWgaBkcChitg+d+pG50ZjQUvHcOyCCqXToLrIDM1441GAep -n4AiXYAaMcGSX3zaU7OB8pPt8ddwule08FOxKZ0WnevQKSqzJjQ7VIiBZViYuyRW -wAcj2/X0uddyBrlOCt+N2LXGcvYMHlc4VBtqcCXRQk932AZZZbZbgc4MJxe9/SLq -F6hkAyxjX7o3GByMtxI7JN3rutZBLC8ia4qbl/5z4GYoM/3otA99on/p3GUkHo3u -EEqJFahkHLfj5BKbyZPN9mobhvVmstSpG17Znpma7AbhKJrJ7/OKMn3VRpCtI0VT -Zx6QYVNyOgc+Y7P/4b2aNdJquiVlPvzFKblseku4wtlLScGVv0rRw/FjTdpLGUW5 -tPwcQcMkSUMETNl/8kkyQukmRMj3tCD7ntHPoz4vhkA= diff --git a/cookbooks/wazuh_agent/test/integration/default/serverspec/default_spec.rb b/cookbooks/wazuh_agent/test/integration/default/serverspec/default_spec.rb deleted file mode 100644 index f700b45c..00000000 --- a/cookbooks/wazuh_agent/test/integration/default/serverspec/default_spec.rb +++ /dev/null @@ -1,9 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' - -describe 'wazuh::default' do - # This is just a sample integration test - describe file('/etc/passwd') do - it { should be_file } - end -end diff --git a/cookbooks/wazuh_agent/test/integration/elk-development/serverspec/elk_spec.rb b/cookbooks/wazuh_agent/test/integration/elk-development/serverspec/elk_spec.rb deleted file mode 100644 index c337c5ff..00000000 --- a/cookbooks/wazuh_agent/test/integration/elk-development/serverspec/elk_spec.rb +++ /dev/null @@ -1,83 +0,0 @@ -require 'spec_helper' - -describe 'wazuh_elk::default' do - describe user('elasticsearch') do - it { should exist } - end - describe user('logstash') do - it { should exist } - end - describe file('/etc/init.d/elasticsearch') do - it { should exist } - it { should be_mode 755 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/init.d/logstash') do - it { should exist } - it { should be_mode 775 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/default/elasticsearch') do - it { should exist } - it { should be_mode 644 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/elasticsearch') do - it { should be_directory } - it { should be_mode 750 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'elasticsearch' } - end - describe file('/usr/share/elasticsearch') do - it { should be_directory } - it { should be_mode 755 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/var/lib/elasticsearch') do - it { should be_directory } - it { should be_mode 755 } - it { should be_owned_by 'elasticsearch' } - it { should be_grouped_into 'elasticsearch' } - end - describe file('/var/log/elasticsearch') do - it { should be_directory } - it { should be_mode 755 } - it { should be_owned_by 'elasticsearch' } - it { should be_grouped_into 'elasticsearch' } - end - describe file('/etc/logstash') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/etc/logstash/conf.d') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/var/lib/logstash') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'logstash' } - it { should be_grouped_into 'logstash' } - end - describe file('/var/log/logstash') do - it { should be_directory } - it { should be_mode 775 } - it { should be_owned_by 'logstash' } - it { should be_grouped_into 'root' } - end - describe service('elasticsearch') do - it { should be_running } - end - # The following lines are commented due to known issue testing logstash - # describe service('logstash') do - # it { should be_running } - # end -end diff --git a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_agent_tests.rb b/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_agent_tests.rb deleted file mode 100644 index 9286796a..00000000 --- a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_agent_tests.rb +++ /dev/null @@ -1,33 +0,0 @@ - -describe 'wazuh::agent' do - describe package('ossec-hids-agent') do - it { should be_installed } - end - describe file('/etc/ossec-init.conf') do - it { should be_symlink } - end - describe file('/var/ossec/etc/ossec.conf') do - it { should exist } - it { should be_mode 440 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/var/ossec/etc/ossec-init.conf') do - it { should exist } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe process('ossec-syscheckd') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-agentd') do - it { should be_running } - its(:user) { should eq 'ossec' } - end - describe process('ossec-logcollector') do - it { should be_running } - its(:user) { should eq 'root' } - end -end diff --git a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_manager_tests.rb b/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_manager_tests.rb deleted file mode 100644 index d42d077d..00000000 --- a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_manager_tests.rb +++ /dev/null @@ -1,65 +0,0 @@ - -describe 'wazuh::manager' do - describe user('ossecm') do - it { should exist } - end - describe user('ossecr') do - it { should exist } - end - describe file('/var/ossec/etc/wazuh_decoders') do - it { should be_directory } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/etc/ossec-init.conf') do - it { should exist } - it { should be_mode 600 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe file('/var/ossec/etc/ossec.conf') do - it { should exist } - it { should be_mode 440 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/var/ossec/etc/ossec-init.conf') do - it { should exist } - it { should be_mode 640 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'root' } - end - describe process('ossec-integratord') do - it { should be_running } - its(:user) { should eq 'ossecm' } - end - describe process('ossec-authd') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-analysisd') do - it { should be_running } - its(:user) { should eq 'ossec' } - end - describe process('ossec-logcollector') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-remoted') do - it { should be_running } - its(:user) { should eq 'ossecr' } - end - describe process('ossec-syscheckd') do - it { should be_running } - its(:user) { should eq 'root' } - end - describe process('ossec-monitord') do - it { should be_running } - its(:user) { should eq 'ossec' } - end - describe process('nodejs') do - it { should be_running } - its(:user) { should eq 'root' } - end -end diff --git a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_ossec_tests.rb b/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_ossec_tests.rb deleted file mode 100644 index 8de7fdc3..00000000 --- a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/common_ossec_tests.rb +++ /dev/null @@ -1,24 +0,0 @@ - -describe 'wazuh::common' do - describe package('chef') do - it { should be_installed } - end - describe user('ossec') do - it { should exist } - end - describe group('ossec') do - it { should exist } - end - describe file('/var/ossec') do - it { should be_directory } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end - describe file('/var/ossec/etc') do - it { should be_directory } - it { should be_mode 550 } - it { should be_owned_by 'root' } - it { should be_grouped_into 'ossec' } - end -end diff --git a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/spec_helper.rb b/cookbooks/wazuh_agent/test/integration/helpers/serverspec/spec_helper.rb deleted file mode 100644 index c1fddf06..00000000 --- a/cookbooks/wazuh_agent/test/integration/helpers/serverspec/spec_helper.rb +++ /dev/null @@ -1,8 +0,0 @@ -require 'serverspec' - -if (/cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM).nil? - set :backend, :exec -else - set :backend, :cmd - set :os, family: 'windows' -end diff --git a/cookbooks/wazuh_agent/test/integration/manager-development/serverspec/manager_spec.rb b/cookbooks/wazuh_agent/test/integration/manager-development/serverspec/manager_spec.rb deleted file mode 100644 index fc086db3..00000000 --- a/cookbooks/wazuh_agent/test/integration/manager-development/serverspec/manager_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_manager_tests' diff --git a/cookbooks/wazuh_agent/test/integration/manager-production/serverspec/manager_spec.rb b/cookbooks/wazuh_agent/test/integration/manager-production/serverspec/manager_spec.rb deleted file mode 100644 index fc086db3..00000000 --- a/cookbooks/wazuh_agent/test/integration/manager-production/serverspec/manager_spec.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'spec_helper' -require 'common_ossec_tests' -require 'common_manager_tests' From dcdd8cf0daf36e5dcc02b989f7e7c21ed0893792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:17:12 +0100 Subject: [PATCH 147/260] Fix daemon name --- .../test/integration/wazuh-manager/common_test.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb index 71a5da1c..807d6471 100644 --- a/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb +++ b/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb @@ -13,7 +13,7 @@ # Check processes -describe command('ps -ef | grep ossec-moduless') do +describe command('ps -ef | grep wazuh-modulesd') do its('exit_status') { should eq 0 } end @@ -55,6 +55,10 @@ # Check OSSEC dir +describe file('/etc/ossec-init.conf') do + it { should be_symlink } +end + describe file('/var/ossec') do it { should be_directory } its('mode') { should cmp '0750' } From 48eac12ebefde95e726f58559894f2f2c64b149c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:17:28 +0100 Subject: [PATCH 148/260] Add Gemfile to root path --- Gemfile | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 Gemfile diff --git a/Gemfile b/Gemfile new file mode 100644 index 00000000..702c66f9 --- /dev/null +++ b/Gemfile @@ -0,0 +1,6 @@ +source 'https://rubygems.org' + +gem 'rubocop' +gem 'test-kitchen' +gem 'kitchen-inspec' +gem 'kitchen-dokken' \ No newline at end of file From 50da62cd4fd126d22e5d5fca58f3dd88ce4d3e93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:17:46 +0100 Subject: [PATCH 149/260] Remove old files --- cookbooks/elastic-stack/Berksfile | 9 ------- cookbooks/elastic-stack/config/rake.rb | 37 -------------------------- 2 files changed, 46 deletions(-) delete mode 100644 cookbooks/elastic-stack/Berksfile delete mode 100644 cookbooks/elastic-stack/config/rake.rb diff --git a/cookbooks/elastic-stack/Berksfile b/cookbooks/elastic-stack/Berksfile deleted file mode 100644 index 6aca997c..00000000 --- a/cookbooks/elastic-stack/Berksfile +++ /dev/null @@ -1,9 +0,0 @@ -# frozen_string_literal: true - -# -*- ruby -*- -source 'https://supermarket.chef.io' - -metadata - -cookbook 'filebeat', path: '../filebeat' -cookbook 'wazuh_manager', path: '../wazuh_manager' diff --git a/cookbooks/elastic-stack/config/rake.rb b/cookbooks/elastic-stack/config/rake.rb deleted file mode 100644 index acfa0927..00000000 --- a/cookbooks/elastic-stack/config/rake.rb +++ /dev/null @@ -1,37 +0,0 @@ -# frozen_string_literal: true - -# Configure the Rakefile's tasks. - -### -# Company and SSL Details -# Used with the ssl_cert task. -### - -# The company name - used for SSL certificates, and in srvious other places -COMPANY_NAME = 'Wazuh' - -# The Country Name to use for SSL Certificates -SSL_COUNTRY_NAME = 'US' - -# The State Name to use for SSL Certificates -SSL_STATE_NAME = 'VA' - -# The Locality Name for SSL - typically, the city -SSL_LOCALITY_NAME = 'Leesburg' - -# What department? -SSL_ORGANIZATIONAL_UNIT_NAME = 'Operations' - -# The SSL contact email address -SSL_EMAIL_ADDRESS = 'info@wazuh.com' - -# License for new Cookbooks -# Can be :apachev2 or :none -NEW_COOKBOOK_LICENSE = :all_rights - -## Useful Extras (which you probably don't need to change) -# The top of the repository checkout -TOPDIR = File.expand_path(File.join(File.dirname(__FILE__), '..')) - -# Where to store certificates generated with ssl_cert -CADIR = File.expand_path(File.join(TOPDIR, 'certificates')) From fa5abb9b3383906e553e3bacf5282c523147a0ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:40:43 +0100 Subject: [PATCH 150/260] Rename to wazuh_agent --- .../test/integration/{wazuh-agent => wazuh_agent}/agent_test.rb | 0 .../test/integration/{wazuh-agent => wazuh_agent}/common_test.rb | 0 .../integration/{wazuh-agent => wazuh_agent}/respoitory_test.rb | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename cookbooks/wazuh_agent/test/integration/{wazuh-agent => wazuh_agent}/agent_test.rb (100%) rename cookbooks/wazuh_agent/test/integration/{wazuh-agent => wazuh_agent}/common_test.rb (100%) rename cookbooks/wazuh_agent/test/integration/{wazuh-agent => wazuh_agent}/respoitory_test.rb (100%) diff --git a/cookbooks/wazuh_agent/test/integration/wazuh-agent/agent_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh_agent/agent_test.rb similarity index 100% rename from cookbooks/wazuh_agent/test/integration/wazuh-agent/agent_test.rb rename to cookbooks/wazuh_agent/test/integration/wazuh_agent/agent_test.rb diff --git a/cookbooks/wazuh_agent/test/integration/wazuh-agent/common_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh_agent/common_test.rb similarity index 100% rename from cookbooks/wazuh_agent/test/integration/wazuh-agent/common_test.rb rename to cookbooks/wazuh_agent/test/integration/wazuh_agent/common_test.rb diff --git a/cookbooks/wazuh_agent/test/integration/wazuh-agent/respoitory_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh_agent/respoitory_test.rb similarity index 100% rename from cookbooks/wazuh_agent/test/integration/wazuh-agent/respoitory_test.rb rename to cookbooks/wazuh_agent/test/integration/wazuh_agent/respoitory_test.rb From 312c3348371035b5eece24abd517e75d790cca25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:47:55 +0100 Subject: [PATCH 151/260] Remove unnecesary files --- cookbooks/elastic-stack/Gemfile | 7 - cookbooks/elastic-stack/kitchen.yml | 75 ----------- cookbooks/filebeat-oss/Gemfile | 6 - cookbooks/filebeat-oss/LICENSE | 201 ---------------------------- cookbooks/filebeat-oss/kitchen.yml | 77 ----------- cookbooks/filebeat/Berksfile | 5 - cookbooks/filebeat/Gemfile | 7 - cookbooks/filebeat/kitchen.yml | 77 ----------- cookbooks/opendistro/kitchen.yml | 77 ----------- cookbooks/wazuh_agent/kitchen.yml | 77 ----------- cookbooks/wazuh_manager/kitchen.yml | 77 ----------- 11 files changed, 686 deletions(-) delete mode 100644 cookbooks/elastic-stack/Gemfile delete mode 100644 cookbooks/elastic-stack/kitchen.yml delete mode 100644 cookbooks/filebeat-oss/Gemfile delete mode 100644 cookbooks/filebeat-oss/LICENSE delete mode 100644 cookbooks/filebeat-oss/kitchen.yml delete mode 100644 cookbooks/filebeat/Berksfile delete mode 100644 cookbooks/filebeat/Gemfile delete mode 100644 cookbooks/filebeat/kitchen.yml delete mode 100644 cookbooks/opendistro/kitchen.yml delete mode 100644 cookbooks/wazuh_agent/kitchen.yml delete mode 100644 cookbooks/wazuh_manager/kitchen.yml diff --git a/cookbooks/elastic-stack/Gemfile b/cookbooks/elastic-stack/Gemfile deleted file mode 100644 index 69bfe846..00000000 --- a/cookbooks/elastic-stack/Gemfile +++ /dev/null @@ -1,7 +0,0 @@ -source 'https://rubygems.org' - -#gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-dokken' -gem 'berkshelf' \ No newline at end of file diff --git a/cookbooks/elastic-stack/kitchen.yml b/cookbooks/elastic-stack/kitchen.yml deleted file mode 100644 index c7f7a0b9..00000000 --- a/cookbooks/elastic-stack/kitchen.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - -transport: - name: dokken - -provisioner: - name: dokken - chef_license: accept - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - privileged: true - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - -suites: - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] - driver: - verifier: - inspec_tests: - - path: test/integration/elastic-stack \ No newline at end of file diff --git a/cookbooks/filebeat-oss/Gemfile b/cookbooks/filebeat-oss/Gemfile deleted file mode 100644 index 702c66f9..00000000 --- a/cookbooks/filebeat-oss/Gemfile +++ /dev/null @@ -1,6 +0,0 @@ -source 'https://rubygems.org' - -gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/filebeat-oss/LICENSE b/cookbooks/filebeat-oss/LICENSE deleted file mode 100644 index 11069edd..00000000 --- a/cookbooks/filebeat-oss/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/cookbooks/filebeat-oss/kitchen.yml b/cookbooks/filebeat-oss/kitchen.yml deleted file mode 100644 index 1fbb9fa3..00000000 --- a/cookbooks/filebeat-oss/kitchen.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - -suites: - - name: filebeat-oss - run_list: - - recipe[filebeat-oss::default] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration/filebeat-oss \ No newline at end of file diff --git a/cookbooks/filebeat/Berksfile b/cookbooks/filebeat/Berksfile deleted file mode 100644 index 17e215aa..00000000 --- a/cookbooks/filebeat/Berksfile +++ /dev/null @@ -1,5 +0,0 @@ -source 'https://supermarket.chef.io' - -metadata - - diff --git a/cookbooks/filebeat/Gemfile b/cookbooks/filebeat/Gemfile deleted file mode 100644 index 5c8cda0e..00000000 --- a/cookbooks/filebeat/Gemfile +++ /dev/null @@ -1,7 +0,0 @@ -source 'https://rubygems.org' - -gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-vagrant' -gem 'kitchen-dokken' \ No newline at end of file diff --git a/cookbooks/filebeat/kitchen.yml b/cookbooks/filebeat/kitchen.yml deleted file mode 100644 index eeccf1b1..00000000 --- a/cookbooks/filebeat/kitchen.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - -suites: - - name: filebeat - run_list: - - recipe[filebeat::default] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration/filebeat \ No newline at end of file diff --git a/cookbooks/opendistro/kitchen.yml b/cookbooks/opendistro/kitchen.yml deleted file mode 100644 index 28cb8e6d..00000000 --- a/cookbooks/opendistro/kitchen.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - -suites: - - name: opendistro - run_list: - - recipe[opendistro::default] - driver: - customize: - memory: 4096 - cpus: 2 - verifier: - inspec_tests: - - path: test/integration/opendistro \ No newline at end of file diff --git a/cookbooks/wazuh_agent/kitchen.yml b/cookbooks/wazuh_agent/kitchen.yml deleted file mode 100644 index eb5efa52..00000000 --- a/cookbooks/wazuh_agent/kitchen.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - -suites: - - name: wazuh_agent - run_list: - - recipe[wazuh_agent::default] - driver: - customize: - memory: 512 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration \ No newline at end of file diff --git a/cookbooks/wazuh_manager/kitchen.yml b/cookbooks/wazuh_manager/kitchen.yml deleted file mode 100644 index abdf97c3..00000000 --- a/cookbooks/wazuh_manager/kitchen.yml +++ /dev/null @@ -1,77 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - env: [CHEF_LICENSE=accept] - -transport: - name: dokken - -provisioner: - name: dokken - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - -suites: - - name: wazuh_manager - run_list: - - recipe[wazuh_manager::default] - driver: - customize: - memory: 2048 - cpus: 1 - verifier: - inspec_tests: - - path: test/integration \ No newline at end of file From f0bbd88b659b0471880736d2cdfd72722caf792d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:48:17 +0100 Subject: [PATCH 152/260] Add chefignore --- cookbooks/filebeat/chefignore | 102 +++++++++++++++---------- cookbooks/opendistro/chefignore | 115 +++++++++++++++++++++++++++++ cookbooks/wazuh_agent/chefignore | 103 +++++++++++++++----------- cookbooks/wazuh_manager/chefignore | 115 +++++++++++++++++++++++++++++ 4 files changed, 349 insertions(+), 86 deletions(-) create mode 100644 cookbooks/opendistro/chefignore create mode 100644 cookbooks/wazuh_manager/chefignore diff --git a/cookbooks/filebeat/chefignore b/cookbooks/filebeat/chefignore index 80dc2d20..6a4264c0 100644 --- a/cookbooks/filebeat/chefignore +++ b/cookbooks/filebeat/chefignore @@ -1,69 +1,85 @@ # Put files/directories that should be ignored in this file when uploading -# or sharing to the community site. +# to a Chef Infra Server or Supermarket. # Lines that start with '# ' are comments. # OS generated files # ###################### .DS_Store +ehthumbs.db Icon? nohup.out -ehthumbs.db Thumbs.db - -# SASS # -######## -.sass-cache +.envrc # EDITORS # ########### -\#* .#* -*~ -*.sw[a-z] +.project +.settings +*_flymake +*_flymake.* *.bak +*.sw[a-z] +*.tmproj +*~ +\#* REVISION TAGS* tmtags -*_flymake.* -*_flymake -*.tmproj -.project -.settings -mkmf.log +.vscode +.editorconfig ## COMPILED ## ############## -a.out -*.o -*.pyc -*.so -*.com *.class +*.com *.dll *.exe +*.o +*.pyc +*.so */rdoc/ +a.out +mkmf.log # Testing # ########### -.watchr +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml .rspec -spec/* -spec/fixtures/* -test/* +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* features/* Guardfile +kitchen.yml* +mlc_config.json Procfile +Rakefile +spec/* +test/* # SCM # ####### .git -*/.git +.gitattributes +.gitconfig +.github/* .gitignore +.gitkeep .gitmodules -.gitconfig -.gitattributes .svn */.bzr/* +*/.git */.hg/* */.svn/* @@ -74,22 +90,26 @@ Berksfile.lock cookbooks/* tmp -# Cookbooks # -############# -CONTRIBUTING +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* # Vagrant # ########### .vagrant -Vagrantfile - -# Travis # -########## -.travis.yml +Vagrantfile \ No newline at end of file diff --git a/cookbooks/opendistro/chefignore b/cookbooks/opendistro/chefignore new file mode 100644 index 00000000..6a4264c0 --- /dev/null +++ b/cookbooks/opendistro/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile \ No newline at end of file diff --git a/cookbooks/wazuh_agent/chefignore b/cookbooks/wazuh_agent/chefignore index a9769175..6a4264c0 100644 --- a/cookbooks/wazuh_agent/chefignore +++ b/cookbooks/wazuh_agent/chefignore @@ -1,77 +1,85 @@ # Put files/directories that should be ignored in this file when uploading -# to a chef-server or supermarket. +# to a Chef Infra Server or Supermarket. # Lines that start with '# ' are comments. # OS generated files # ###################### .DS_Store +ehthumbs.db Icon? nohup.out -ehthumbs.db Thumbs.db - -# SASS # -######## -.sass-cache +.envrc # EDITORS # ########### -\#* .#* -*~ -*.sw[a-z] +.project +.settings +*_flymake +*_flymake.* *.bak +*.sw[a-z] +*.tmproj +*~ +\#* REVISION TAGS* tmtags -*_flymake.* -*_flymake -*.tmproj -.project -.settings -mkmf.log +.vscode +.editorconfig ## COMPILED ## ############## -a.out -*.o -*.pyc -*.so -*.com *.class +*.com *.dll *.exe +*.o +*.pyc +*.so */rdoc/ +a.out +mkmf.log # Testing # ########### -.watchr +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml .rspec -spec/* -spec/fixtures/* -test/* -features/* +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile examples/* +features/* Guardfile +kitchen.yml* +mlc_config.json Procfile -.kitchen* -.rubocop.yml -spec/* Rakefile -.travis.yml -.foodcritic -.codeclimate.yml +spec/* +test/* # SCM # ####### .git -*/.git +.gitattributes +.gitconfig +.github/* .gitignore +.gitkeep .gitmodules -.gitconfig -.gitattributes .svn */.bzr/* +*/.git */.hg/* */.svn/* @@ -82,21 +90,26 @@ Berksfile.lock cookbooks/* tmp -# Cookbooks # +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # ############# +CODE_OF_CONDUCT* CONTRIBUTING* -CHANGELOG* +documentation/* TESTING* -MAINTAINERS.toml - -# Strainer # -############ -Colanderfile -Strainerfile -.colander -.strainer +UPGRADING* # Vagrant # ########### .vagrant -Vagrantfile +Vagrantfile \ No newline at end of file diff --git a/cookbooks/wazuh_manager/chefignore b/cookbooks/wazuh_manager/chefignore new file mode 100644 index 00000000..6a4264c0 --- /dev/null +++ b/cookbooks/wazuh_manager/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile \ No newline at end of file From b8f3cbaa6477e574116696084b4162452bfede81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:48:46 +0100 Subject: [PATCH 153/260] Remove apt cookbook dependancie --- cookbooks/wazuh_agent/recipes/agent.rb | 1 - cookbooks/wazuh_agent/recipes/default.rb | 1 - 2 files changed, 2 deletions(-) diff --git a/cookbooks/wazuh_agent/recipes/agent.rb b/cookbooks/wazuh_agent/recipes/agent.rb index f46c7ad2..d00ebcda 100644 --- a/cookbooks/wazuh_agent/recipes/agent.rb +++ b/cookbooks/wazuh_agent/recipes/agent.rb @@ -16,7 +16,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # -include_recipe 'apt::default' include_recipe 'wazuh_agent::repository' if platform_family?('ubuntu', 'debian') diff --git a/cookbooks/wazuh_agent/recipes/default.rb b/cookbooks/wazuh_agent/recipes/default.rb index 845c9c03..474fa6b2 100644 --- a/cookbooks/wazuh_agent/recipes/default.rb +++ b/cookbooks/wazuh_agent/recipes/default.rb @@ -1,2 +1 @@ -include_recipe 'wazuh_agent::repository' include_recipe 'wazuh_agent::agent' \ No newline at end of file From 207cf920e33b9c3e108c8e1e295b9146f62a9f1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:48:56 +0100 Subject: [PATCH 154/260] Add Berksfile to root path --- Berksfile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 Berksfile diff --git a/Berksfile b/Berksfile new file mode 100644 index 00000000..30d2b3bc --- /dev/null +++ b/Berksfile @@ -0,0 +1,14 @@ +source 'https://supermarket.chef.io' + +metadata + +group 'cookbooks' do + cookbook 'elastic-stack', path: 'cookbooks/elastic-stack' + cookbook 'opendistro', path: 'cookbooks/opendistro' + cookbook 'filebeat', path: 'cookbooks/filebeat' + cookbook 'filebeat-oss', path: 'cookbooks/filebeat-oss' + cookbook 'wazuh_agent', path: 'cookbooks/wazuh_agent' + cookbook 'wazuh_manager', path: 'cookbooks/wazuh_manager' +end + + From c2fa43d873f5df20b1f599f4f580e6d7c8e499c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:49:13 +0100 Subject: [PATCH 155/260] Add kitchen.yml --- kitchen.yml | 61 ++++++++++++++++++++++++++++++++++++++++------- kitchen_fixed.yml | 31 ++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 9 deletions(-) create mode 100644 kitchen_fixed.yml diff --git a/kitchen.yml b/kitchen.yml index f5928a36..86cdcad0 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -1,6 +1,7 @@ --- driver: name: dokken + # because Docker and SystemD privileged: true chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> @@ -13,19 +14,61 @@ provisioner: verifier: name: inspec - + platforms: - - name: <%= ENV['PLATFORM'] %> + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 driver: - image: dokken/<%= ENV['PLATFORM'] %> - hostname: <%= ENV['COOKBOOK'] %>_<%= ENV['PLATFORM'] %> - run_command: <%= ENV['RUN_COMMAND'] %> - privileged: true + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd suites: - - name: <%= ENV['COOKBOOK'] %> + - name: wazuh_agent run_list: - - recipe[<%= ENV['COOKBOOK'] %>::default] + - recipe[wazuh_agent::default] + driver: verifier: inspec_tests: - - path: cookbooks/<%= ENV['COOKBOOK'] %>/test/integration/<%= ENV['COOKBOOK'] %> \ No newline at end of file + - path: cookbooks/wazuh_agent/test/integration/wazuh_agent \ No newline at end of file diff --git a/kitchen_fixed.yml b/kitchen_fixed.yml new file mode 100644 index 00000000..f5928a36 --- /dev/null +++ b/kitchen_fixed.yml @@ -0,0 +1,31 @@ +--- +driver: + name: dokken + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + +transport: + name: dokken + +provisioner: + name: dokken + chef_license: accept + +verifier: + name: inspec + +platforms: + - name: <%= ENV['PLATFORM'] %> + driver: + image: dokken/<%= ENV['PLATFORM'] %> + hostname: <%= ENV['COOKBOOK'] %>_<%= ENV['PLATFORM'] %> + run_command: <%= ENV['RUN_COMMAND'] %> + privileged: true + +suites: + - name: <%= ENV['COOKBOOK'] %> + run_list: + - recipe[<%= ENV['COOKBOOK'] %>::default] + verifier: + inspec_tests: + - path: cookbooks/<%= ENV['COOKBOOK'] %>/test/integration/<%= ENV['COOKBOOK'] %> \ No newline at end of file From 23c4eb8a9f73e9c2be1c99048444e2f9a9c5e248 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Fri, 18 Dec 2020 14:49:23 +0100 Subject: [PATCH 156/260] Add metadata to root path --- metadata.rb | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 metadata.rb diff --git a/metadata.rb b/metadata.rb new file mode 100644 index 00000000..67145f88 --- /dev/null +++ b/metadata.rb @@ -0,0 +1,21 @@ +name 'wazuh-chef' +maintainer 'Wazuh' +maintainer_email 'info@wazuh.com' +license 'Apache 2.0' +description 'Installs/Configures Wazuh with chef cookbooks' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version '4.0.1' +chef_version '>= 15.0' + +%w(redhat centos oracle).each do |el| + supports el, '>= 6.0' +end +supports 'amazon', '>= 1.0' +supports 'fedora', '>= 22.0' +supports 'debian', '>= 7.0' +supports 'ubuntu', '>= 12.04' +supports 'suse', '>= 12.0' +supports 'opensuse', '>= 42.0' + +issues_url 'https://github.com/wazuh/wazuh-chef/issues' if respond_to?(:issues_url) +source_url 'https://github.com/wazuh/wazuh-chef' if respond_to?(:source_url) \ No newline at end of file From 34990133aa442e4645fe662043b5d34ef45f943e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:27:31 +0100 Subject: [PATCH 157/260] Remove install dependancies --- .github/actions/entrypoint.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/actions/entrypoint.sh b/.github/actions/entrypoint.sh index e25d0076..47c64388 100644 --- a/.github/actions/entrypoint.sh +++ b/.github/actions/entrypoint.sh @@ -3,10 +3,5 @@ set -e echo "Cookbook to test: ${COOKBOOK_NAME}" -cd cookbooks/$COOKBOOK_NAME - -echo "Installing dependencies..." -bundle install - echo "Test cookbook with kitchen... (create, converge, verify and destroy)" -bundle exec kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file +kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file From 5c5d5dad24a37134cc912d993888cf79c5488d96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:27:49 +0100 Subject: [PATCH 158/260] Add fedora and remove comments --- .github/workflows/ci.yml | 148 ++++----------------------------------- 1 file changed, 15 insertions(+), 133 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e0abf52d..d1b0d3cd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: - feature-cookbooks jobs: - elastic-stack: + kitchen-tests: runs-on: ubuntu-latest strategy: matrix: @@ -20,8 +20,9 @@ jobs: # centos-7, # centos-8, ubuntu-2004, - # ubuntu-18.04, + # ubuntu-1804, # opensuse-leap-15, + # fedora-latest ] steps: - name: Check out code @@ -34,139 +35,20 @@ jobs: # uses: actionshub/chef-install@main # with: # version: latest - - name: Test elastic-stack cookbook + - name: Test filebeat cookbook uses: ./.github/actions env: - COOKBOOK_NAME: elastic-stack - OS: ${{ matrix.os }} - - name: Print out logs if fail - if: ${{ failure() }} - working-directory: ./.github/actions - run: | - chmod 755 failure.sh - ./failure.sh - env: - COOKBOOK_NAME: elastic-stack + COOKBOOK_NAME: filebeat OS: ${{ matrix.os }} + #- name: Print out logs if fail + # if: ${{ failure() }} + # working-directory: ./.github/actions + # run: | + # chmod 755 failure.sh + # ./failure.sh + # env: + # COOKBOOK_NAME: elastic-stack + # OS: ${{ matrix.os }} - #opendistro: - # needs: [ruby, chef] - # runs-on: ubuntu-latest - # strategy: - # matrix: - # os: [ - # # debian-9, - # # debian-10, - # # centos-7, - # # centos-8, - # ubuntu-20.04, - # # ubuntu-18.04, - # # opensuse-leap-15, - # # fedora-latest - # ] - # steps: - # - name: Check out code - # uses: actions/checkout@master - # - name: Opendistro - # uses: ./.github/actions - # env: - # COOKBOOK_NAME: opendistro - # OS: ${{ matrix.os }} - # - #filebeat: - # needs: [ruby, chef] - # runs-on: ubuntu-latest - # strategy: - # matrix: - # os: [ - # # debian-9, - # # debian-10, - # # centos-7, - # # centos-8, - # ubuntu-20.04, - # # ubuntu-18.04, - # # opensuse-leap-15, - # # fedora-latest - # ] - # steps: - # - name: Check out code - # uses: actions/checkout@master - # - name: Filebeat - # uses: ./.github/actions - # env: - # COOKBOOK_NAME: filebeat - # OS: ${{ matrix.os }} - # - # - #filebeat-oss: - # needs: [ruby, chef] - # runs-on: ubuntu-latest - # strategy: - # matrix: - # os: [ - # # debian-9, - # # debian-10, - # # centos-7, - # # centos-8, - # ubuntu-20.04, - # # ubuntu-18.04, - # # opensuse-leap-15, - # # fedora-latest - # ] - # steps: - # - name: Check out code - # uses: actions/checkout@master - # - name: Filebeat-OSS - # uses: ./.github/actions - # env: - # COOKBOOK_NAME: filebeat-oss - # OS: ${{ matrix.os }} - # - #wazuh-manager: - # needs: [ruby, chef] - # runs-on: ubuntu-latest - # strategy: - # matrix: - # os: [ - # # debian-9, - # # debian-10, - # # centos-7, - # # centos-8, - # ubuntu-20.04, - # # ubuntu-18.04, - # # opensuse-leap-15, - # # fedora-latest - # ] - # steps: - # - name: Check out code - # uses: actions/checkout@master - # - name: Wazuh Manager - # uses: ./.github/actions - # env: - # COOKBOOK_NAME: wazuh_manager - # OS: ${{ matrix.os }} - # - #wazuh-agent: - # needs: [ruby, chef] - # runs-on: ubuntu-latest - # strategy: - # matrix: - # os: [ - # # debian-9, - # # debian-10, - # # centos-7, - # # centos-8, - # ubuntu-20.04, - # # ubuntu-18.04, - # # opensuse-leap-15, - # # fedora-latest - # ] - # steps: - # - name: Check out code - # uses: actions/checkout@master - # - name: Wazuh Agent - # uses: ./.github/actions - # env: - # COOKBOOK_NAME: wazuh_agent - # OS: ${{ matrix.os }} + \ No newline at end of file From 3526d630a9daf35a6faeefe33d6360168e46ade4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:30:25 +0100 Subject: [PATCH 159/260] Fix ym.repo resource --- .../elastic-stack/repository_test.rb | 9 ++------ .../filebeat-oss/respository_test.rb | 20 ++++++++--------- .../integration/filebeat/repository_test.rb | 22 +++++++++---------- .../integration/opendistro/repository_test.rb | 9 ++------ .../wazuh_agent/respoitory_test.rb | 9 ++------ .../wazuh-manager/repository_test.rb | 9 ++------ 6 files changed, 28 insertions(+), 50 deletions(-) diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb index ca559548..fcfb489f 100644 --- a/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb +++ b/cookbooks/elastic-stack/test/integration/elastic-stack/repository_test.rb @@ -7,13 +7,8 @@ it { should exist } it { should be_enabled } end - when 'redhat' - describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do - it { should exist } - it { should be_enabled } - end - when 'suse' - describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do + when 'redhat', 'suse' + describe yum.repo('elastic') do it { should exist } it { should be_enabled } end diff --git a/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb b/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb index 711003c5..abc5de97 100644 --- a/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb +++ b/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb @@ -1,14 +1,14 @@ # frozen_string_literal: true -describe 'filebeat::repository' do - case os.family - when 'debian' - describe apt('http://packages.wazuh.com/4.x/apt/') do - it { should exist } - end - when 'redhat', 'suse' - describe yum.repo('http://packages.wazuh.com/4.x/yum/') do - it { should exist } - end +case os.family +when 'debian' + describe apt('http://packages.wazuh.com/4.x/apt/') do + it { should exist } + it { should be_enabled } end +when 'redhat', 'suse' + describe yum.repo('wazuh') do + it { should exist } + it { should be_enabled } + end end \ No newline at end of file diff --git a/cookbooks/filebeat/test/integration/filebeat/repository_test.rb b/cookbooks/filebeat/test/integration/filebeat/repository_test.rb index b69ebd50..fb78133a 100644 --- a/cookbooks/filebeat/test/integration/filebeat/repository_test.rb +++ b/cookbooks/filebeat/test/integration/filebeat/repository_test.rb @@ -1,16 +1,14 @@ # frozen_string_literal: true -describe 'filebeat::repository' do - case os.family - when 'debian' - describe apt('https://artifacts.elastic.co/packages/7.x/apt') do - it { should exist } - it { should be_enabled } - end - when 'redhat', 'suse' - describe yum.repo('https://artifacts.elastic.co/packages/7.x/yum') do - it { should exist } - it { should be_enabled } - end +case os.family +when 'debian' + describe apt('https://artifacts.elastic.co/packages/7.x/apt/') do + it { should exist } + it { should be_enabled } end +when 'redhat' + describe yum.repo('elastic') do + it { should exist } + it { should be_enabled } + end end \ No newline at end of file diff --git a/cookbooks/opendistro/test/integration/opendistro/repository_test.rb b/cookbooks/opendistro/test/integration/opendistro/repository_test.rb index eaf6acbc..d60e9471 100644 --- a/cookbooks/opendistro/test/integration/opendistro/repository_test.rb +++ b/cookbooks/opendistro/test/integration/opendistro/repository_test.rb @@ -7,13 +7,8 @@ it { should exist } it { should be_enabled } end - when 'redhat' - describe yum.repo('https://packages.wazuh.com/4.x/yum') do - it { should exist } - it { should be_enabled } - end - when 'suse' - describe yum.repo('https://packages.wazuh.com/4.x/yum') do + when 'redhat', 'suse' + describe yum.repo('wazuh') do it { should exist } it { should be_enabled } end diff --git a/cookbooks/wazuh_agent/test/integration/wazuh_agent/respoitory_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh_agent/respoitory_test.rb index 36f759a5..0fdddc17 100644 --- a/cookbooks/wazuh_agent/test/integration/wazuh_agent/respoitory_test.rb +++ b/cookbooks/wazuh_agent/test/integration/wazuh_agent/respoitory_test.rb @@ -4,13 +4,8 @@ it { should exist } it { should be_enabled } end -when 'redhat' - describe yum.repo('https://packages.wazuh.com/4.x/yum/') do - it { should exist } - it { should be_enabled } - end -when 'suse' - describe yum.repo('https://packages.wazuh.com/4.x/yum/') do +when 'redhat', 'suse' + describe yum.repo('wazuh') do it { should exist } it { should be_enabled } end diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb index 36f759a5..0fdddc17 100644 --- a/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb +++ b/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb @@ -4,13 +4,8 @@ it { should exist } it { should be_enabled } end -when 'redhat' - describe yum.repo('https://packages.wazuh.com/4.x/yum/') do - it { should exist } - it { should be_enabled } - end -when 'suse' - describe yum.repo('https://packages.wazuh.com/4.x/yum/') do +when 'redhat', 'suse' + describe yum.repo('wazuh') do it { should exist } it { should be_enabled } end From 3ea20269e830de6419c0814234224363df13fbba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:30:50 +0100 Subject: [PATCH 160/260] Remove unnecesary files --- cookbooks/filebeat/libraries/matchers.rb | 0 cookbooks/filebeat/providers/default.rb | 0 cookbooks/filebeat/resources/default.rb | 0 cookbooks/filebeat/spec/spec_helper.rb | 20 --------- .../spec/unit/recipes/default_spec.rb | 45 ------------------- 5 files changed, 65 deletions(-) delete mode 100644 cookbooks/filebeat/libraries/matchers.rb delete mode 100644 cookbooks/filebeat/providers/default.rb delete mode 100644 cookbooks/filebeat/resources/default.rb delete mode 100644 cookbooks/filebeat/spec/spec_helper.rb delete mode 100644 cookbooks/filebeat/spec/unit/recipes/default_spec.rb diff --git a/cookbooks/filebeat/libraries/matchers.rb b/cookbooks/filebeat/libraries/matchers.rb deleted file mode 100644 index e69de29b..00000000 diff --git a/cookbooks/filebeat/providers/default.rb b/cookbooks/filebeat/providers/default.rb deleted file mode 100644 index e69de29b..00000000 diff --git a/cookbooks/filebeat/resources/default.rb b/cookbooks/filebeat/resources/default.rb deleted file mode 100644 index e69de29b..00000000 diff --git a/cookbooks/filebeat/spec/spec_helper.rb b/cookbooks/filebeat/spec/spec_helper.rb deleted file mode 100644 index c86adfd5..00000000 --- a/cookbooks/filebeat/spec/spec_helper.rb +++ /dev/null @@ -1,20 +0,0 @@ -require 'chefspec' -require 'chefspec/berkshelf' - -RSpec.configure do |config| - # Use color in STDOUT - config.color = true - - # Use color not only in STDOUT but also in pagers and files - config.tty = true - - # Use the specified formatter - config.formatter = :documentation # :progress, :html, :textmate - - config.log_level = :error - - config.platform = 'ubuntu' - config.version = '14.04' -end - -at_exit { ChefSpec::Coverage.report! } diff --git a/cookbooks/filebeat/spec/unit/recipes/default_spec.rb b/cookbooks/filebeat/spec/unit/recipes/default_spec.rb deleted file mode 100644 index 461ed571..00000000 --- a/cookbooks/filebeat/spec/unit/recipes/default_spec.rb +++ /dev/null @@ -1,45 +0,0 @@ -# -# Cookbook Name:: wazuh_filebeat -# Spec:: manager -# - -require 'spec_helper' - -describe 'wazuh_filebeat::default' do - cached(:chef_run) { ChefSpec::ServerRunner.new.converge(described_recipe) } - - before do - allow(Chef::EncryptedDataBagItem).to receive(:load).with('wazuh_secrets', 'logstash_certificate').and_return( - '{"logstash_certificate": "ossec"}' - ) - end - - it 'includes the wazuh_filebeat:default recipe' do - expect(chef_run).to include_recipe 'wazuh_filebeat::default' - end - - it 'installs filebeat' do - expect(chef_run).to install_package('filebeat') - end - - it 'service restart filebeat' do - expect(chef_run).to start_service('filebeat') - end - - it 'creates template for /etc/filebeat/filebeat.yml' do - expect(chef_run).to create_template('/etc/filebeat/filebeat.yml').with( - mode: '0640', - user: 'root', - group: 'root', - source: 'filebeat.yml.erb' - ) - end - - it 'creates a file /etc/filebeat/logstash_certificate.crt' do - expect(chef_run).to create_file('/etc/filebeat/logstash_certificate.crt').with( - user: 'root', - group: 'root' - ) - end - -end From f844f22ef0b46a70b995aff0d7868f8e8fc37a7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:31:12 +0100 Subject: [PATCH 161/260] Change yum to zypper resource --- cookbooks/filebeat/recipes/filebeat.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/filebeat/recipes/filebeat.rb b/cookbooks/filebeat/recipes/filebeat.rb index dbf2ab0e..493e31cd 100644 --- a/cookbooks/filebeat/recipes/filebeat.rb +++ b/cookbooks/filebeat/recipes/filebeat.rb @@ -20,7 +20,7 @@ end end when 'opensuseleap', 'suse' - yum_package 'filebeat' do + zypper_package 'filebeat' do version "#{node['elk']['patch_version']}" end else From fc4364b81ca297c6f9a0d53a863c0eafa307704f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:31:39 +0100 Subject: [PATCH 162/260] Change platform check --- cookbooks/wazuh_agent/recipes/agent.rb | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/cookbooks/wazuh_agent/recipes/agent.rb b/cookbooks/wazuh_agent/recipes/agent.rb index d00ebcda..8509cadf 100644 --- a/cookbooks/wazuh_agent/recipes/agent.rb +++ b/cookbooks/wazuh_agent/recipes/agent.rb @@ -18,12 +18,23 @@ # include_recipe 'wazuh_agent::repository' -if platform_family?('ubuntu', 'debian') +case node['platform'] +when 'debian', 'ubuntu' apt_package 'wazuh-agent' do version "#{node['wazuh-agent']['version']}-1" end -elsif platform_family?('rhel','centos', 'amazon') - yum_package 'wazuh-agent' do +when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' + if node['platform_version'] >= '8' + dnf_package 'wazuh-agent' do + version "#{node['wazuh-agent']['version']}-1" + end + else + yum_package 'wazuh-agent' do + version "#{node['wazuh-agent']['version']}-1" + end + end +when 'opensuseleap', 'suse' + zypper_package 'wazuh-agent' do version "#{node['wazuh-agent']['version']}-1" end else @@ -71,7 +82,6 @@ args << ' -P ' + agent_auth['password'] end - if agent_auth['ca'] && File.exist?(agent_auth['ca']) args << ' -v ' + agent_auth['ca'] end @@ -84,11 +94,8 @@ args << ' -k ' + agent_auth['key'] end -if agent_auth['password'] - args << ' -P ' + agent_auth['password'] -end - -execute "#{dir}/bin/agent-auth #{args}" do +execute 'wazuh agent auth' do + command "#{dir}/bin/agent-auth #{args}" timeout 30 ignore_failure node['ossec']['ignore_failure'] only_if { agent_auth['register'] == 'yes' && agent_auth['host'] && !File.size?("#{dir}/etc/client.keys") } From e9acf03e7b2d886babd47c3dbe4d4a285f97cef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:32:05 +0100 Subject: [PATCH 163/260] Add fedora and rest of cookbooks --- kitchen.yml | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/kitchen.yml b/kitchen.yml index 86cdcad0..3b4806c9 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -63,6 +63,11 @@ platforms: driver: image: dokken/opensuse-leap-15 pid_one_command: /bin/systemd + + - name: fedora-latest + driver: + image: dokken/fedora-latest + pid_one_command: /usr/lib/systemd/systemd suites: - name: wazuh_agent @@ -71,4 +76,39 @@ suites: driver: verifier: inspec_tests: - - path: cookbooks/wazuh_agent/test/integration/wazuh_agent \ No newline at end of file + - path: cookbooks/wazuh_agent/test/integration/wazuh_agent + - name: wazuh_manager + run_list: + - recipe[wazuh_manager::default] + driver: + verifier: + inspec_tests: + - path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: opendistro + run_list: + - recipe[opendistro::default] + driver: + verifier: + inspec_tests: + - path: cookbooks/opendistro/test/integration/opendistro + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + driver: + verifier: + inspec_tests: + - path: cookbooks/elastic-stack/test/integration/elastic-stack + - name: filebeat + run_list: + - recipe[filebeat::default] + driver: + verifier: + inspec_tests: + - path: cookbooks/filebeat/test/integration/filebeat + - name: filebeat-oss + run_list: + - recipe[filebeat-oss::default] + driver: + verifier: + inspec_tests: + - path: cookbooks/filebeat-oss/test/integration/filebeat-oss \ No newline at end of file From 3a4ab4c2daa7bd0f11405cc01fb0e915aecc49cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 11:50:26 +0100 Subject: [PATCH 164/260] Add fial test gh action --- .github/actions/failure.sh | 2 +- .github/workflows/ci.yml | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/actions/failure.sh b/.github/actions/failure.sh index b60e3cc5..866d5f22 100644 --- a/.github/actions/failure.sh +++ b/.github/actions/failure.sh @@ -6,4 +6,4 @@ cd cookbooks/$COOKBOOK_NAME LOG_FILE=$COOKBOOK_NAME-$OS.log echo "Print out logs" -cat .kitchen/logs/$LOG_FILE \ No newline at end of file +cat ~/wazuh-chef/.kitchen/logs/$LOG_FILE \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d1b0d3cd..0f914644 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -40,15 +40,15 @@ jobs: env: COOKBOOK_NAME: filebeat OS: ${{ matrix.os }} - #- name: Print out logs if fail - # if: ${{ failure() }} - # working-directory: ./.github/actions - # run: | - # chmod 755 failure.sh - # ./failure.sh - # env: - # COOKBOOK_NAME: elastic-stack - # OS: ${{ matrix.os }} + - name: Print out logs if fail + if: ${{ failure() }} + working-directory: ./.github/actions + run: | + chmod 755 failure.sh + ./failure.sh + env: + COOKBOOK_NAME: filebeat + OS: ${{ matrix.os }} \ No newline at end of file From c2171c49e359ff97b35a0b26abf98cbe1ad2c160 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 12:03:48 +0100 Subject: [PATCH 165/260] Use actionshub/test-kitchen@main --- .github/actions/failure.sh | 2 -- .github/workflows/ci.yml | 50 ++++++++++++++++++++------------------ 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/.github/actions/failure.sh b/.github/actions/failure.sh index 866d5f22..31299994 100644 --- a/.github/actions/failure.sh +++ b/.github/actions/failure.sh @@ -1,8 +1,6 @@ #! /usr/bin/env bash set -e -cd cookbooks/$COOKBOOK_NAME - LOG_FILE=$COOKBOOK_NAME-$OS.log echo "Print out logs" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0f914644..5435460c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: - feature-cookbooks jobs: - kitchen-tests: + filebeat: runs-on: ubuntu-latest strategy: matrix: @@ -22,33 +22,37 @@ jobs: ubuntu-2004, # ubuntu-1804, # opensuse-leap-15, - # fedora-latest + # fedora-latest, ] steps: - name: Check out code uses: actions/checkout@v2 - #- name: Setup Ruby - # uses: actions/setup-ruby@v1 - # with: - # ruby-version: '2.7' - #- name: Install Chef - # uses: actionshub/chef-install@main - # with: - # version: latest - - name: Test filebeat cookbook - uses: ./.github/actions + - name: Install Chef + uses: actionshub/chef-install@main + - name: Kitchen Test + uses: actionshub/test-kitchen@main env: - COOKBOOK_NAME: filebeat - OS: ${{ matrix.os }} - - name: Print out logs if fail - if: ${{ failure() }} - working-directory: ./.github/actions - run: | - chmod 755 failure.sh - ./failure.sh - env: - COOKBOOK_NAME: filebeat - OS: ${{ matrix.os }} + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.yml + with: + suite: filebeat + os: ${{ matrix.os }} + action: test + + #- name: Test filebeat cookbook + # uses: ./.github/actions + # env: + # COOKBOOK_NAME: filebeat + # OS: ${{ matrix.os }} + #- name: Print out logs if fail + # if: ${{ failure() }} + # working-directory: ./.github/actions + # run: | + # chmod 755 failure.sh + # ./failure.sh + # env: + # COOKBOOK_NAME: filebeat + # OS: ${{ matrix.os }} \ No newline at end of file From 2c8e69d7ae0a22629bf9def56c867c2848d2192d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 12:13:37 +0100 Subject: [PATCH 166/260] Uncomment more distributions --- .github/workflows/ci.yml | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5435460c..1d986177 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,11 +14,11 @@ jobs: strategy: matrix: os: [ - # amazonlinux-2, + amazonlinux-2, # debian-9, # debian-10, # centos-7, - # centos-8, + centos-8, ubuntu-2004, # ubuntu-1804, # opensuse-leap-15, @@ -38,21 +38,4 @@ jobs: suite: filebeat os: ${{ matrix.os }} action: test - - #- name: Test filebeat cookbook - # uses: ./.github/actions - # env: - # COOKBOOK_NAME: filebeat - # OS: ${{ matrix.os }} - #- name: Print out logs if fail - # if: ${{ failure() }} - # working-directory: ./.github/actions - # run: | - # chmod 755 failure.sh - # ./failure.sh - # env: - # COOKBOOK_NAME: filebeat - # OS: ${{ matrix.os }} - - \ No newline at end of file From 30ef9b11c7d56604e9bec5c51c4b36117b48690a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 12:13:49 +0100 Subject: [PATCH 167/260] Fix apt url --- cookbooks/filebeat/test/integration/filebeat/repository_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/filebeat/test/integration/filebeat/repository_test.rb b/cookbooks/filebeat/test/integration/filebeat/repository_test.rb index fb78133a..92e54406 100644 --- a/cookbooks/filebeat/test/integration/filebeat/repository_test.rb +++ b/cookbooks/filebeat/test/integration/filebeat/repository_test.rb @@ -2,7 +2,7 @@ case os.family when 'debian' - describe apt('https://artifacts.elastic.co/packages/7.x/apt/') do + describe apt('https://artifacts.elastic.co/packages/7.x/apt') do it { should exist } it { should be_enabled } end From 7a97ae2d8d1c354fa62eaa199e648c49804c2aab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 12:21:21 +0100 Subject: [PATCH 168/260] Fix yum repo url --- cookbooks/filebeat-oss/recipes/repository.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cookbooks/filebeat-oss/recipes/repository.rb b/cookbooks/filebeat-oss/recipes/repository.rb index 94879e79..f590e87e 100644 --- a/cookbooks/filebeat-oss/recipes/repository.rb +++ b/cookbooks/filebeat-oss/recipes/repository.rb @@ -26,7 +26,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" action :create end when 'opensuseleap', 'suse' @@ -35,7 +35,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum" + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" action :create end else From 799aabf46156475f3b9e72fdc0625bc06ab7e3da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 12:21:39 +0100 Subject: [PATCH 169/260] Remove comments --- .github/workflows/ci.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1d986177..9569bca8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,14 +15,8 @@ jobs: matrix: os: [ amazonlinux-2, - # debian-9, - # debian-10, - # centos-7, centos-8, ubuntu-2004, - # ubuntu-1804, - # opensuse-leap-15, - # fedora-latest, ] steps: - name: Check out code @@ -38,4 +32,5 @@ jobs: suite: filebeat os: ${{ matrix.os }} action: test + \ No newline at end of file From 3ee38f6e79887fdd50a3b4e4dc10817bd8dd16b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 12:23:10 +0100 Subject: [PATCH 170/260] Add filebeat-oss test gh action --- .github/workflows/ci.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9569bca8..181fd0db 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,5 +32,28 @@ jobs: suite: filebeat os: ${{ matrix.os }} action: test - + + filebeat-oss: + runs-on: ubuntu-latest + strategy: + matrix: + os: [ + amazonlinux-2, + centos-8, + ubuntu-2004, + ] + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: Install Chef + uses: actionshub/chef-install@main + - name: Kitchen Test + uses: actionshub/test-kitchen@main + env: + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.yml + with: + suite: filebeat-oss + os: ${{ matrix.os }} + action: test \ No newline at end of file From 5d4a1b7b518d186cfa1e80d95f9cb1b508dc4a7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 12:32:14 +0100 Subject: [PATCH 171/260] Use strategy for cookbooks --- .github/workflows/ci.yml | 59 ++++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 26 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 181fd0db..2e2244a1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,46 +14,53 @@ jobs: strategy: matrix: os: [ - amazonlinux-2, centos-8, ubuntu-2004, ] - steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install Chef - uses: actionshub/chef-install@main - - name: Kitchen Test - uses: actionshub/test-kitchen@main - env: - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.yml - with: - suite: filebeat - os: ${{ matrix.os }} - action: test - - filebeat-oss: - runs-on: ubuntu-latest - strategy: - matrix: - os: [ - amazonlinux-2, - centos-8, - ubuntu-2004, + cookbook: [ + filebeat, + filebeat-oss, + #wazuh_agent, + #wazuh_manager, + #elastic-stack, + #opendistro ] steps: - name: Check out code uses: actions/checkout@v2 - name: Install Chef uses: actionshub/chef-install@main - - name: Kitchen Test + - name: Test ${{ matrix.cookbook }} cookbook uses: actionshub/test-kitchen@main env: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.yml with: - suite: filebeat-oss + suite: ${{ matrix.cookbook }} os: ${{ matrix.os }} action: test + + #filebeat-oss: + # runs-on: ubuntu-latest + # strategy: + # matrix: + # os: [ + # amazonlinux-2, + # centos-8, + # ubuntu-2004, + # ] + # steps: + # - name: Check out code + # uses: actions/checkout@v2 + # - name: Install Chef + # uses: actionshub/chef-install@main + # - name: Kitchen Test + # uses: actionshub/test-kitchen@main + # env: + # CHEF_LICENSE: accept-no-persist + # KITCHEN_LOCAL_YAML: kitchen.yml + # with: + # suite: filebeat-oss + # os: ${{ matrix.os }} + # action: test \ No newline at end of file From 3ff69a52927032900bd7d12becec424db9c8f350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:00:13 +0100 Subject: [PATCH 172/260] Add version --- cookbooks/wazuh_agent/attributes/version.rb | 7 ++++++- cookbooks/wazuh_agent/recipes/agent.rb | 8 ++++---- cookbooks/wazuh_agent/recipes/repository.rb | 7 +++---- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/cookbooks/wazuh_agent/attributes/version.rb b/cookbooks/wazuh_agent/attributes/version.rb index ce63a91b..247f186d 100644 --- a/cookbooks/wazuh_agent/attributes/version.rb +++ b/cookbooks/wazuh_agent/attributes/version.rb @@ -1,2 +1,7 @@ -default['wazuh-agent']['version'] = "4.0.1" +# Cookbook Name:: wazuh-agent +# Attributes:: versions +# Author:: Wazuh = '8' dnf_package 'wazuh-agent' do - version "#{node['wazuh-agent']['version']}-1" + version "#{node['wazuh']['patch-version']}-1" end else yum_package 'wazuh-agent' do - version "#{node['wazuh-agent']['version']}-1" + version "#{node['wazuh']['patch-version']}-1" end end when 'opensuseleap', 'suse' zypper_package 'wazuh-agent' do - version "#{node['wazuh-agent']['version']}-1" + version "#{node['wazuh']['patch-version']}-1" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" diff --git a/cookbooks/wazuh_agent/recipes/repository.rb b/cookbooks/wazuh_agent/recipes/repository.rb index ae1f1047..0435a23d 100644 --- a/cookbooks/wazuh_agent/recipes/repository.rb +++ b/cookbooks/wazuh_agent/recipes/repository.rb @@ -22,12 +22,11 @@ ohai 'reload lsb' do plugin 'lsb' - # action :nothing subscribes :reload, 'package[lsb-release]', :immediately end apt_repository 'wazuh' do - uri 'https://packages.wazuh.com/4.x/apt/' + uri "https://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' components ['main'] distribution 'stable' @@ -40,7 +39,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl 'https://packages.wazuh.com/4.x/yum' + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" action :create end elsif @@ -49,7 +48,7 @@ gpgcheck true gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' enabled true - baseurl 'https://packages.wazuh.com/4.x/yum' + baseurl "https://packages.wazuh.com/#{node['wazuh']['major_version']}/yum/" action :create end else From 980d401a24e1abac1e6fd912a53961abb11e3c27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:00:36 +0100 Subject: [PATCH 173/260] Rename test path --- .../integration/{wazuh-manager => wazuh_manager}/common_test.rb | 0 .../integration/{wazuh-manager => wazuh_manager}/manager_test.rb | 0 .../{wazuh-manager => wazuh_manager}/prerequisites_test.rb | 0 .../{wazuh-manager => wazuh_manager}/repository_test.rb | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename cookbooks/wazuh_manager/test/integration/{wazuh-manager => wazuh_manager}/common_test.rb (100%) rename cookbooks/wazuh_manager/test/integration/{wazuh-manager => wazuh_manager}/manager_test.rb (100%) rename cookbooks/wazuh_manager/test/integration/{wazuh-manager => wazuh_manager}/prerequisites_test.rb (100%) rename cookbooks/wazuh_manager/test/integration/{wazuh-manager => wazuh_manager}/repository_test.rb (100%) diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh_manager/common_test.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/wazuh-manager/common_test.rb rename to cookbooks/wazuh_manager/test/integration/wazuh_manager/common_test.rb diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/manager_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh_manager/manager_test.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/wazuh-manager/manager_test.rb rename to cookbooks/wazuh_manager/test/integration/wazuh_manager/manager_test.rb diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/prerequisites_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh_manager/prerequisites_test.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/wazuh-manager/prerequisites_test.rb rename to cookbooks/wazuh_manager/test/integration/wazuh_manager/prerequisites_test.rb diff --git a/cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh_manager/repository_test.rb similarity index 100% rename from cookbooks/wazuh_manager/test/integration/wazuh-manager/repository_test.rb rename to cookbooks/wazuh_manager/test/integration/wazuh_manager/repository_test.rb From b06ffa30d3ce1720e6dad82e3fd71694011aba06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:01:07 +0100 Subject: [PATCH 174/260] Add agent and manager to workflow --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2e2244a1..c6c8ce0a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: - feature-cookbooks jobs: - filebeat: + kitchen-test: runs-on: ubuntu-latest strategy: matrix: @@ -20,8 +20,8 @@ jobs: cookbook: [ filebeat, filebeat-oss, - #wazuh_agent, - #wazuh_manager, + wazuh_agent, + wazuh_manager, #elastic-stack, #opendistro ] From 458d8a5816c081633b7424a85f5334d89f869beb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:04:44 +0100 Subject: [PATCH 175/260] Fix suites name --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c6c8ce0a..0b5581e5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,8 +20,8 @@ jobs: cookbook: [ filebeat, filebeat-oss, - wazuh_agent, - wazuh_manager, + wazuh-agent, + wazuh-manager, #elastic-stack, #opendistro ] From e59fa602718b635fa30fcb2125e92f42d1d5147c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:12:37 +0100 Subject: [PATCH 176/260] Fix wazuh version --- TESTING.md | 10 +++++++++- cookbooks/wazuh_agent/recipes/agent.rb | 6 +++--- cookbooks/wazuh_manager/recipes/manager.rb | 8 ++++---- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/TESTING.md b/TESTING.md index 66d780fd..f22aa46c 100644 --- a/TESTING.md +++ b/TESTING.md @@ -1 +1,9 @@ -Please refer to https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/TESTING.MD +Test Wazuh Chef cookbooks +========================= + +# Prerequisites +- +- Docker +- Chef DK + +# How to use diff --git a/cookbooks/wazuh_agent/recipes/agent.rb b/cookbooks/wazuh_agent/recipes/agent.rb index 5aeb2ec2..8c65eb5b 100644 --- a/cookbooks/wazuh_agent/recipes/agent.rb +++ b/cookbooks/wazuh_agent/recipes/agent.rb @@ -26,16 +26,16 @@ when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'wazuh-agent' do - version "#{node['wazuh']['patch-version']}-1" + version "#{node['wazuh']['patch-version']}" end else yum_package 'wazuh-agent' do - version "#{node['wazuh']['patch-version']}-1" + version "#{node['wazuh']['patch-version']}" end end when 'opensuseleap', 'suse' zypper_package 'wazuh-agent' do - version "#{node['wazuh']['patch-version']}-1" + version "#{node['wazuh']['patch-version']}" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" diff --git a/cookbooks/wazuh_manager/recipes/manager.rb b/cookbooks/wazuh_manager/recipes/manager.rb index d18527fe..0b6310c5 100644 --- a/cookbooks/wazuh_manager/recipes/manager.rb +++ b/cookbooks/wazuh_manager/recipes/manager.rb @@ -5,21 +5,21 @@ case node['platform'] when 'ubuntu', 'debian' apt_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}-1" + version "#{node['wazuh']['patch_version']}" end when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}-1" + version "#{node['wazuh']['patch_version']}" end else yum_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}-1" + version "#{node['wazuh']['patch_version']}" end end when 'opensuseleap', 'suse' zypper_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}-1" + version "#{node['wazuh']['patch_version']}" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" From f038b97bd5f54f99c7de526c5227e729eb322fbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:26:23 +0100 Subject: [PATCH 177/260] Fix symlink check --- .../test/integration/wazuh_manager/common_test.rb | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/cookbooks/wazuh_manager/test/integration/wazuh_manager/common_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh_manager/common_test.rb index 807d6471..de9526f0 100644 --- a/cookbooks/wazuh_manager/test/integration/wazuh_manager/common_test.rb +++ b/cookbooks/wazuh_manager/test/integration/wazuh_manager/common_test.rb @@ -55,7 +55,7 @@ # Check OSSEC dir -describe file('/etc/ossec-init.conf') do +describe file('/var/ossec/etc/ossec-init.conf') do it { should be_symlink } end @@ -80,13 +80,6 @@ its('mode') { should cmp '0640' } end -describe file('/var/ossec/etc/ossec.conf') do - it { should exist } - its('owner') { should cmp 'root' } - its('group') { should cmp 'ossec' } - its('mode') { should cmp '0440' } -end - describe file('/var/ossec/etc/shared/default/agent.conf') do it { should exist } its('owner') { should cmp 'ossec' } From a9a494e1a3738bc3ecc881721fe61bd7bbd1fd8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:40:05 +0100 Subject: [PATCH 178/260] Fix wazuh version --- cookbooks/wazuh_agent/recipes/agent.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cookbooks/wazuh_agent/recipes/agent.rb b/cookbooks/wazuh_agent/recipes/agent.rb index 8c65eb5b..6d86c72d 100644 --- a/cookbooks/wazuh_agent/recipes/agent.rb +++ b/cookbooks/wazuh_agent/recipes/agent.rb @@ -21,7 +21,7 @@ case node['platform'] when 'debian', 'ubuntu' apt_package 'wazuh-agent' do - version "#{node['wazuh']['patch-version']}" + version "#{node['wazuh']['patch_version']}" end when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' @@ -30,12 +30,12 @@ end else yum_package 'wazuh-agent' do - version "#{node['wazuh']['patch-version']}" + version "#{node['wazuh']['patch_version']}" end end when 'opensuseleap', 'suse' zypper_package 'wazuh-agent' do - version "#{node['wazuh']['patch-version']}" + version "#{node['wazuh']['patch_version']}" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" From 5c0505dc849a394188e1e0770f159144ebbb5540 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:44:52 +0100 Subject: [PATCH 179/260] Fix wazuh version --- cookbooks/wazuh_agent/recipes/agent.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/wazuh_agent/recipes/agent.rb b/cookbooks/wazuh_agent/recipes/agent.rb index 6d86c72d..a736aec0 100644 --- a/cookbooks/wazuh_agent/recipes/agent.rb +++ b/cookbooks/wazuh_agent/recipes/agent.rb @@ -26,7 +26,7 @@ when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'wazuh-agent' do - version "#{node['wazuh']['patch-version']}" + version "#{node['wazuh']['patch_version']}" end else yum_package 'wazuh-agent' do From ef27faa32de6323c8e244e6f45d49eae807bedd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 14:54:34 +0100 Subject: [PATCH 180/260] Fix wazuh agent and manager version --- cookbooks/wazuh_agent/recipes/agent.rb | 2 +- cookbooks/wazuh_manager/recipes/manager.rb | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cookbooks/wazuh_agent/recipes/agent.rb b/cookbooks/wazuh_agent/recipes/agent.rb index a736aec0..da9c639b 100644 --- a/cookbooks/wazuh_agent/recipes/agent.rb +++ b/cookbooks/wazuh_agent/recipes/agent.rb @@ -21,7 +21,7 @@ case node['platform'] when 'debian', 'ubuntu' apt_package 'wazuh-agent' do - version "#{node['wazuh']['patch_version']}" + version "#{node['wazuh']['patch_version']}-1" end when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' diff --git a/cookbooks/wazuh_manager/recipes/manager.rb b/cookbooks/wazuh_manager/recipes/manager.rb index 0b6310c5..d18527fe 100644 --- a/cookbooks/wazuh_manager/recipes/manager.rb +++ b/cookbooks/wazuh_manager/recipes/manager.rb @@ -5,21 +5,21 @@ case node['platform'] when 'ubuntu', 'debian' apt_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}" + version "#{node['wazuh']['patch_version']}-1" end when 'redhat', 'centos', 'amazon', 'fedora', 'oracle' if node['platform_version'] >= '8' dnf_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}" + version "#{node['wazuh']['patch_version']}-1" end else yum_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}" + version "#{node['wazuh']['patch_version']}-1" end end when 'opensuseleap', 'suse' zypper_package 'wazuh-manager' do - version "#{node['wazuh']['patch_version']}" + version "#{node['wazuh']['patch_version']}-1" end else raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added" From 151c602ea0ac91b6ad69635811b73f073eb2abdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 15:59:28 +0100 Subject: [PATCH 181/260] Add command create wazuh.yml parents folder --- cookbooks/elastic-stack/recipes/kibana.rb | 10 +++++----- cookbooks/opendistro/recipes/kibana.rb | 17 ++++++----------- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/cookbooks/elastic-stack/recipes/kibana.rb b/cookbooks/elastic-stack/recipes/kibana.rb index 302b4b95..8508c084 100644 --- a/cookbooks/elastic-stack/recipes/kibana.rb +++ b/cookbooks/elastic-stack/recipes/kibana.rb @@ -55,6 +55,11 @@ # Install the Wazuh Kibana plugin +execute 'Create wazuh.yml parent folders' do + command "sudo -u kibana mkdir -p #{node['kibana']['package_path']}/optimize/wazuh && \ + sudo -u kibana mkdir -p #{node['kibana']['package_path']}/optimize/wazuh/config" +end + execute 'Install the Wazuh app plugin for Kibana' do command "sudo -u kibana #{node['kibana']['package_path']}/bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip" not_if do @@ -73,9 +78,6 @@ variables({ api_credentials: node['kibana']['wazuh_api_credentials'] }) - only_if do - File.exist?("#{node['kibana']['package_path']}/optimize/wazuh/config/wazuh.yml") - end end # Enable and start the Kibana service @@ -115,8 +117,6 @@ rescue StandardError nil end - - puts 'Waiting kibana....'; sleep 60 end end end diff --git a/cookbooks/opendistro/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb index 9305ad13..5bb0b103 100644 --- a/cookbooks/opendistro/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -61,6 +61,11 @@ # Create Wazuh-Kibana plugin configuration file +execute 'Create wazuh.yml parent folders' do + command "sudo -u kibana mkdir -p #{node['kibana']['package_path']}/optimize/wazuh && \ + sudo -u kibana mkdir -p #{node['kibana']['package_path']}/optimize/wazuh/config" +end + template "#{node['kibana']['optimize_path']}/wazuh/config/wazuh.yml" do source 'wazuh.yml.erb' owner 'kibana' @@ -120,13 +125,7 @@ end end - - -# Restart Kibana service - -service 'kibana' do - action [:restart] -end +# Wait for elastic and kibana services ruby_block 'Wait for elasticsearch' do block do @@ -139,8 +138,6 @@ rescue StandardError nil end - - puts 'Waiting elasticsearch....'; sleep 1 end end end @@ -156,8 +153,6 @@ rescue StandardError nil end - - puts 'Waiting kibana....'; sleep 60 end end end From 0e9652186a4a152ab0ef26e9f9b651154381492f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 21 Dec 2020 15:59:45 +0100 Subject: [PATCH 182/260] Remove should b_enabled --- .../test/integration/elastic-stack/elasticsearch_test.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb index 05e1b4a0..c234350c 100644 --- a/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb +++ b/cookbooks/elastic-stack/test/integration/elastic-stack/elasticsearch_test.rb @@ -2,7 +2,6 @@ describe package('elasticsearch') do it { should be_installed } - it { should be_enabled } end describe file('/etc/elasticsearch/elasticsearch.yml') do From c1c17022f98144ee41f5469599b8146b82950cf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:31:49 +0100 Subject: [PATCH 183/260] Remove comments and change kitchen file --- .github/workflows/ci.yml | 33 ++++----------------------------- 1 file changed, 4 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0b5581e5..2bab6816 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,8 +22,8 @@ jobs: filebeat-oss, wazuh-agent, wazuh-manager, - #elastic-stack, - #opendistro + elastic-stack, + opendistro ] steps: - name: Check out code @@ -34,33 +34,8 @@ jobs: uses: actionshub/test-kitchen@main env: CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.yml + KITCHEN_LOCAL_YAML: kitchen.dokken.yml with: suite: ${{ matrix.cookbook }} os: ${{ matrix.os }} - action: test - - #filebeat-oss: - # runs-on: ubuntu-latest - # strategy: - # matrix: - # os: [ - # amazonlinux-2, - # centos-8, - # ubuntu-2004, - # ] - # steps: - # - name: Check out code - # uses: actions/checkout@v2 - # - name: Install Chef - # uses: actionshub/chef-install@main - # - name: Kitchen Test - # uses: actionshub/test-kitchen@main - # env: - # CHEF_LICENSE: accept-no-persist - # KITCHEN_LOCAL_YAML: kitchen.yml - # with: - # suite: filebeat-oss - # os: ${{ matrix.os }} - # action: test - \ No newline at end of file + action: test \ No newline at end of file From 0991e780354e18a1bb03defec4e4d8d92c38773c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:32:02 +0100 Subject: [PATCH 184/260] Fix cert path --- .../test/integration/opendistro/elasticsearch_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb index c10dc7b8..13c86ace 100644 --- a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb +++ b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb @@ -55,7 +55,7 @@ its('mode') { should cmp '0660' } end -describe file('/etc/elasticsearch/root-ca.pem') do +describe file('/etc/elasticsearch/certs/root-ca.pem') do it { should exist } end From 8b71471df9d6d07a1a6fe936d8122d210e6cdee2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:32:23 +0100 Subject: [PATCH 185/260] Change owner and mode test --- .../opendistro/test/integration/opendistro/kibana_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb index 999d7ea7..2a1138a0 100644 --- a/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb +++ b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb @@ -11,7 +11,7 @@ end describe file('/etc/kibana/kibana.yml') do - its('owner') { should cmp 'kibana' } + its('owner') { should cmp 'root' } its('group') { should cmp 'kibana' } its('mode') { should cmp '0755' } end @@ -19,7 +19,7 @@ describe file('/usr/share/kibana/optimize/wazuh/config/wazuh.yml') do its('owner') { should cmp 'kibana' } its('group') { should cmp 'kibana' } - its('mode') { should cmp '0755' } + its('mode') { should cmp '0600' } end describe service('kibana') do From 8c42258c769e73b54fead2e929c1115c2e69ae7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:33:00 +0100 Subject: [PATCH 186/260] Add Dockerfile and entrypoint.sh --- Dockerfile | 11 +++++++++++ entrypoint.sh | 14 ++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 Dockerfile create mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..ef2f6e11 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM chef/chefworkstation + +LABEL "maintainer"="Wazuh" +LABEL "version"="0.0.1" +LABEL "repository"="https://github.com/wazuh/wazuh-chef" +LABEL "name"="Wazuh Chef Dockerfile" + +COPY entrypoint.sh /entrypoint.sh +RUN chmod 755 /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] + diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 00000000..70f22dc4 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,14 @@ +#! /usr/bin/env bash + +RESPOSITORY="wazuh-chef" +BRANCH="feature-cookbooks" + +echo "Clone wazuh-chef repository" +git clone https://github.com/wazuh/${RESPOSITORY}.git +cd ${RESPOSITORY} +git checkout ${BRANCH} + +echo "List kitchen instances" +kitchen list + +/bin/bash \ No newline at end of file From 9e9c1b7c8af078cae29fbf1adecde268d9c101d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:33:08 +0100 Subject: [PATCH 187/260] Add TESTING.md --- TESTING.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/TESTING.md b/TESTING.md index f22aa46c..a416edfd 100644 --- a/TESTING.md +++ b/TESTING.md @@ -2,8 +2,22 @@ Test Wazuh Chef cookbooks ========================= # Prerequisites -- - Docker -- Chef DK # How to use +To create an environment with Wazuh Chef cookbooks just run the following command: + +docker build -t . wazuh-chef:0.1 +docker run -v /var/run/docker.sock:/var/run/docker.sock -it \ + +Inside, you have the wazuh-chef repository in features-cookbook branch. Important commands: + +1. ``kitchen list``: list all kitchen instances +2. ``kitchen create -``: create an instance just with OS +3. ``kitchen create -``: create an instance with all cookbooks declared +in \ inside a \ node +4. ``kitchen verify -``: run tests in the instance specified +5. ``kitchen destroy -``: destroy in the instance specified +6. ``kitchen login -``: login in the instance specified + + From ff2cc3f34e59015eb508d6d09d812d6a57620002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:33:20 +0100 Subject: [PATCH 188/260] Update kitchen files --- kitchen.dokken..yml | 114 ++++++++++++++++++++++++++++++++++++++++++++ kitchen.yml | 51 ++++++++++---------- kitchen_fixed.yml | 31 ------------ 3 files changed, 138 insertions(+), 58 deletions(-) create mode 100644 kitchen.dokken..yml delete mode 100644 kitchen_fixed.yml diff --git a/kitchen.dokken..yml b/kitchen.dokken..yml new file mode 100644 index 00000000..ea8691e0 --- /dev/null +++ b/kitchen.dokken..yml @@ -0,0 +1,114 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + +transport: + name: dokken + +provisioner: + name: dokken + chef_license: accept + +verifier: + name: inspec + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + + - name: fedora-latest + driver: + image: dokken/fedora-latest + pid_one_command: /usr/lib/systemd/systemd + +suites: + - name: wazuh_agent + run_list: + - recipe[wazuh_agent::default] + verifier: + inspec_tests: + - path: cookbooks/wazuh_agent/test/integration/wazuh_agent + + - name: wazuh_server + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat tests + path: cookbooks/filebeat/test/integration/filebeat + + - name: wazuh_server_oss + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat-oss::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat-oss tests + path: cookbooks/filebeat-oss/test/integration/filebeat-oss + + - name: opendistro + run_list: + - recipe[opendistro::default] + verifier: + inspec_tests: + - path: cookbooks/opendistro/test/integration/opendistro + + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + verifier: + inspec_tests: + - path: cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file diff --git a/kitchen.yml b/kitchen.yml index 3b4806c9..5f86a695 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -1,15 +1,12 @@ --- driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + name: vagrant transport: - name: dokken + name: ssh provisioner: - name: dokken + name: chez-zero chef_license: accept verifier: @@ -73,42 +70,42 @@ suites: - name: wazuh_agent run_list: - recipe[wazuh_agent::default] - driver: verifier: inspec_tests: - path: cookbooks/wazuh_agent/test/integration/wazuh_agent - - name: wazuh_manager + + - name: wazuh_server run_list: - recipe[wazuh_manager::default] - driver: + - recipe[filebeat::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat tests + path: cookbooks/filebeat/test/integration/filebeat + + - name: wazuh_server_oss + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat-oss::default] verifier: inspec_tests: - - path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat-oss tests + path: cookbooks/filebeat-oss/test/integration/filebeat-oss + - name: opendistro run_list: - recipe[opendistro::default] - driver: verifier: inspec_tests: - path: cookbooks/opendistro/test/integration/opendistro + - name: elastic-stack run_list: - recipe[elastic-stack::default] - driver: - verifier: - inspec_tests: - - path: cookbooks/elastic-stack/test/integration/elastic-stack - - name: filebeat - run_list: - - recipe[filebeat::default] - driver: - verifier: - inspec_tests: - - path: cookbooks/filebeat/test/integration/filebeat - - name: filebeat-oss - run_list: - - recipe[filebeat-oss::default] - driver: verifier: inspec_tests: - - path: cookbooks/filebeat-oss/test/integration/filebeat-oss \ No newline at end of file + - path: cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file diff --git a/kitchen_fixed.yml b/kitchen_fixed.yml deleted file mode 100644 index f5928a36..00000000 --- a/kitchen_fixed.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -driver: - name: dokken - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - -transport: - name: dokken - -provisioner: - name: dokken - chef_license: accept - -verifier: - name: inspec - -platforms: - - name: <%= ENV['PLATFORM'] %> - driver: - image: dokken/<%= ENV['PLATFORM'] %> - hostname: <%= ENV['COOKBOOK'] %>_<%= ENV['PLATFORM'] %> - run_command: <%= ENV['RUN_COMMAND'] %> - privileged: true - -suites: - - name: <%= ENV['COOKBOOK'] %> - run_list: - - recipe[<%= ENV['COOKBOOK'] %>::default] - verifier: - inspec_tests: - - path: cookbooks/<%= ENV['COOKBOOK'] %>/test/integration/<%= ENV['COOKBOOK'] %> \ No newline at end of file From 1d04becc2ddbe2d7317ca0c8d064d198bd3f317e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:37:36 +0100 Subject: [PATCH 189/260] Remove action folder --- .github/actions/Dockerfile | 5 ----- .github/actions/action.yml | 5 ----- .github/actions/entrypoint.sh | 7 ------- .github/actions/failure.sh | 7 ------- 4 files changed, 24 deletions(-) delete mode 100644 .github/actions/Dockerfile delete mode 100644 .github/actions/action.yml delete mode 100644 .github/actions/entrypoint.sh delete mode 100644 .github/actions/failure.sh diff --git a/.github/actions/Dockerfile b/.github/actions/Dockerfile deleted file mode 100644 index af5f2c96..00000000 --- a/.github/actions/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM chef/chefworkstation:latest - -COPY entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/.github/actions/action.yml b/.github/actions/action.yml deleted file mode 100644 index 705627d4..00000000 --- a/.github/actions/action.yml +++ /dev/null @@ -1,5 +0,0 @@ -name: test-wazuh-chef-cookbooks -description: Test Wazuh Chef cookbooks -runs: - using: docker - image: 'Dockerfile' \ No newline at end of file diff --git a/.github/actions/entrypoint.sh b/.github/actions/entrypoint.sh deleted file mode 100644 index 47c64388..00000000 --- a/.github/actions/entrypoint.sh +++ /dev/null @@ -1,7 +0,0 @@ -#! /usr/bin/env bash -set -e - -echo "Cookbook to test: ${COOKBOOK_NAME}" - -echo "Test cookbook with kitchen... (create, converge, verify and destroy)" -kitchen test $COOKBOOK_NAME-$OS \ No newline at end of file diff --git a/.github/actions/failure.sh b/.github/actions/failure.sh deleted file mode 100644 index 31299994..00000000 --- a/.github/actions/failure.sh +++ /dev/null @@ -1,7 +0,0 @@ -#! /usr/bin/env bash -set -e - -LOG_FILE=$COOKBOOK_NAME-$OS.log - -echo "Print out logs" -cat ~/wazuh-chef/.kitchen/logs/$LOG_FILE \ No newline at end of file From 78b5eac9dbc54356e5ec7deb39a3ad526d005b03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:37:57 +0100 Subject: [PATCH 190/260] Update kithchen.yml --- kitchen.yml | 45 +-------------------------------------------- 1 file changed, 1 insertion(+), 44 deletions(-) diff --git a/kitchen.yml b/kitchen.yml index 5f86a695..d0d93e85 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -14,58 +14,15 @@ verifier: platforms: - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - - name: fedora-latest - driver: - image: dokken/fedora-latest - pid_one_command: /usr/lib/systemd/systemd - + suites: - name: wazuh_agent run_list: From b2c9e0d2a48f7daa298a921e9fe4702d49d58cb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:47:53 +0100 Subject: [PATCH 191/260] Use kitchen-dokken --- .github/workflows/ci.yml | 48 +++++++++++++++++++++++++++++----------- 1 file changed, 35 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2bab6816..dbd39c95 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,25 +17,47 @@ jobs: centos-8, ubuntu-2004, ] - cookbook: [ - filebeat, - filebeat-oss, - wazuh-agent, - wazuh-manager, - elastic-stack, - opendistro - ] steps: - name: Check out code uses: actions/checkout@v2 - name: Install Chef uses: actionshub/chef-install@main - - name: Test ${{ matrix.cookbook }} cookbook - uses: actionshub/test-kitchen@main + - name: Wazuh server (manager, filebeat) + uses: actionshub/kithcen-dokken@main + env: + suite: wazuh-server + os: ${{ matrix.os }} + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.dokken.yml + + - name: Wazuh server OSS (manager, filebeat-oss) + uses: actionshub/kitchen-dokken@main env: + suite: wazuh-server-oss + os: ${{ matrix.os }} CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml - with: - suite: ${{ matrix.cookbook }} + + - name: Opendistro + uses: actionshub/kitchen-dokken@main + env: + suite: opendistro os: ${{ matrix.os }} - action: test \ No newline at end of file + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.dokken.yml + + - name: Elastic Stack + uses: actionshub/kitchen-dokken@main + env: + suite: elastic-stack + os: ${{ matrix.os }} + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.dokken.yml + + - name: Wazuh agent + uses: actionshub/kithcen-dokken@main + env: + suite: wazuh-agent + os: ${{ matrix.os }} + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.dokken.yml \ No newline at end of file From c725590d758e58fc18dfb083b44833e8e8ffe7ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:48:07 +0100 Subject: [PATCH 192/260] Update TESTING.md --- TESTING.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/TESTING.md b/TESTING.md index a416edfd..31997b15 100644 --- a/TESTING.md +++ b/TESTING.md @@ -2,15 +2,11 @@ Test Wazuh Chef cookbooks ========================= # Prerequisites -- Docker +- Vagrant +- Virtualbox # How to use -To create an environment with Wazuh Chef cookbooks just run the following command: - -docker build -t . wazuh-chef:0.1 -docker run -v /var/run/docker.sock:/var/run/docker.sock -it \ - -Inside, you have the wazuh-chef repository in features-cookbook branch. Important commands: +Kitchen commands To create an environment with Wazuh Chef cookbooks: 1. ``kitchen list``: list all kitchen instances 2. ``kitchen create -``: create an instance just with OS From 0563b2b47f1cba08611a8d22bf28888d266fba4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 16:52:10 +0100 Subject: [PATCH 193/260] Update kitchen.dokken.yml --- .github/workflows/ci.yml | 60 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dbd39c95..4e77bf10 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: - feature-cookbooks jobs: - kitchen-test: + wazuh-server: runs-on: ubuntu-latest strategy: matrix: @@ -23,13 +23,26 @@ jobs: - name: Install Chef uses: actionshub/chef-install@main - name: Wazuh server (manager, filebeat) - uses: actionshub/kithcen-dokken@main + uses: actionshub/kitchen-dokken@main env: suite: wazuh-server os: ${{ matrix.os }} CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml + wazuh-server-oss: + runs-on: ubuntu-latest + strategy: + matrix: + os: [ + centos-8, + ubuntu-2004, + ] + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: Install Chef + uses: actionshub/chef-install@main - name: Wazuh server OSS (manager, filebeat-oss) uses: actionshub/kitchen-dokken@main env: @@ -38,6 +51,19 @@ jobs: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml + opendistro: + runs-on: ubuntu-latest + strategy: + matrix: + os: [ + centos-8, + ubuntu-2004, + ] + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: Install Chef + uses: actionshub/chef-install@main - name: Opendistro uses: actionshub/kitchen-dokken@main env: @@ -45,7 +71,20 @@ jobs: os: ${{ matrix.os }} CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml - + + elastic-stack: + runs-on: ubuntu-latest + strategy: + matrix: + os: [ + centos-8, + ubuntu-2004, + ] + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: Install Chef + uses: actionshub/chef-install@main - name: Elastic Stack uses: actionshub/kitchen-dokken@main env: @@ -54,8 +93,21 @@ jobs: CHEF_LICENSE: accept-no-persist KITCHEN_LOCAL_YAML: kitchen.dokken.yml + wazuh-agent: + runs-on: ubuntu-latest + strategy: + matrix: + os: [ + centos-8, + ubuntu-2004, + ] + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: Install Chef + uses: actionshub/chef-install@main - name: Wazuh agent - uses: actionshub/kithcen-dokken@main + uses: actionshub/kitchen-dokken@main env: suite: wazuh-agent os: ${{ matrix.os }} From d2c8b554146f957cb1026a05ba186de522e09349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:01:53 +0100 Subject: [PATCH 194/260] Update ci.yml --- .github/workflows/ci.yml | 102 ++++++--------------------------------- 1 file changed, 14 insertions(+), 88 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4e77bf10..6579d9a4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: - feature-cookbooks jobs: - wazuh-server: + kitchen-test: runs-on: ubuntu-latest strategy: matrix: @@ -17,99 +17,25 @@ jobs: centos-8, ubuntu-2004, ] - steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install Chef - uses: actionshub/chef-install@main - - name: Wazuh server (manager, filebeat) - uses: actionshub/kitchen-dokken@main - env: - suite: wazuh-server - os: ${{ matrix.os }} - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml - - wazuh-server-oss: - runs-on: ubuntu-latest - strategy: - matrix: - os: [ - centos-8, - ubuntu-2004, - ] - steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install Chef - uses: actionshub/chef-install@main - - name: Wazuh server OSS (manager, filebeat-oss) - uses: actionshub/kitchen-dokken@main - env: - suite: wazuh-server-oss - os: ${{ matrix.os }} - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml - - opendistro: - runs-on: ubuntu-latest - strategy: - matrix: - os: [ - centos-8, - ubuntu-2004, + suite: [ + wazuh-server, + wazuh-server-oss, + wazuh-agent, + opendistro, + elastic-stack ] steps: - name: Check out code uses: actions/checkout@v2 - name: Install Chef uses: actionshub/chef-install@main - - name: Opendistro - uses: actionshub/kitchen-dokken@main + - name: Test ${{ matrix.suite }} cookbook + uses: actionshub/test-kitchen@main env: - suite: opendistro - os: ${{ matrix.os }} CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml - - elastic-stack: - runs-on: ubuntu-latest - strategy: - matrix: - os: [ - centos-8, - ubuntu-2004, - ] - steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install Chef - uses: actionshub/chef-install@main - - name: Elastic Stack - uses: actionshub/kitchen-dokken@main - env: - suite: elastic-stack + KITCHEN_LOCAL_YAML: kitchen.yml + with: + suite: ${{ matrix.suite }} os: ${{ matrix.os }} - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml - - wazuh-agent: - runs-on: ubuntu-latest - strategy: - matrix: - os: [ - centos-8, - ubuntu-2004, - ] - steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install Chef - uses: actionshub/chef-install@main - - name: Wazuh agent - uses: actionshub/kitchen-dokken@main - env: - suite: wazuh-agent - os: ${{ matrix.os }} - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.dokken.yml \ No newline at end of file + action: test + \ No newline at end of file From bbd191527c43cab6d9679367a90a2aeaaf8053de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:02:37 +0100 Subject: [PATCH 195/260] Add kitche.yml with vagrant --- kitchen-vagrant/kitchen.yml | 68 +++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 kitchen-vagrant/kitchen.yml diff --git a/kitchen-vagrant/kitchen.yml b/kitchen-vagrant/kitchen.yml new file mode 100644 index 00000000..d0d93e85 --- /dev/null +++ b/kitchen-vagrant/kitchen.yml @@ -0,0 +1,68 @@ +--- +driver: + name: vagrant + +transport: + name: ssh + +provisioner: + name: chez-zero + chef_license: accept + +verifier: + name: inspec + +platforms: + - name: amazonlinux-2 + - name: debian-9 + - name: debian-10 + - name: centos-7 + - name: centos-8 + - name: ubuntu-18.04 + - name: ubuntu-20.04 + - name: opensuse-leap-15 + - name: fedora-latest + +suites: + - name: wazuh_agent + run_list: + - recipe[wazuh_agent::default] + verifier: + inspec_tests: + - path: cookbooks/wazuh_agent/test/integration/wazuh_agent + + - name: wazuh_server + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat tests + path: cookbooks/filebeat/test/integration/filebeat + + - name: wazuh_server_oss + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat-oss::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat-oss tests + path: cookbooks/filebeat-oss/test/integration/filebeat-oss + + - name: opendistro + run_list: + - recipe[opendistro::default] + verifier: + inspec_tests: + - path: cookbooks/opendistro/test/integration/opendistro + + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + verifier: + inspec_tests: + - path: cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file From 57fa03426c164b79e815c4eb6f7f280270af1c79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:03:00 +0100 Subject: [PATCH 196/260] Update kithcen.ymll --- kitchen..yml | 114 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 kitchen..yml diff --git a/kitchen..yml b/kitchen..yml new file mode 100644 index 00000000..ea8691e0 --- /dev/null +++ b/kitchen..yml @@ -0,0 +1,114 @@ +--- +driver: + name: dokken + # because Docker and SystemD + privileged: true + chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> + +transport: + name: dokken + +provisioner: + name: dokken + chef_license: accept + +verifier: + name: inspec + +platforms: + - name: amazonlinux-2 + driver: + image: dokken/amazonlinux-2 + pid_one_command: /usr/lib/systemd/systemd + + - name: debian-9 + driver: + image: dokken/debian-9 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: debian-10 + driver: + image: dokken/debian-10 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: centos-7 + driver: + image: dokken/centos-7 + pid_one_command: /usr/lib/systemd/systemd + + - name: centos-8 + driver: + image: dokken/centos-8 + pid_one_command: /usr/lib/systemd/systemd + + - name: ubuntu-18.04 + driver: + image: dokken/ubuntu-18.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + pid_one_command: /bin/systemd + intermediate_instructions: + - RUN /usr/bin/apt-get update + + - name: opensuse-leap-15 + driver: + image: dokken/opensuse-leap-15 + pid_one_command: /bin/systemd + + - name: fedora-latest + driver: + image: dokken/fedora-latest + pid_one_command: /usr/lib/systemd/systemd + +suites: + - name: wazuh_agent + run_list: + - recipe[wazuh_agent::default] + verifier: + inspec_tests: + - path: cookbooks/wazuh_agent/test/integration/wazuh_agent + + - name: wazuh_server + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat tests + path: cookbooks/filebeat/test/integration/filebeat + + - name: wazuh_server_oss + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat-oss::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat-oss tests + path: cookbooks/filebeat-oss/test/integration/filebeat-oss + + - name: opendistro + run_list: + - recipe[opendistro::default] + verifier: + inspec_tests: + - path: cookbooks/opendistro/test/integration/opendistro + + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + verifier: + inspec_tests: + - path: cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file From 0025e72b0b62c673f0f5ccf7bc72262f2837e260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:03:05 +0100 Subject: [PATCH 197/260] Remove files --- kitchen.dokken..yml | 114 -------------------------------------------- kitchen.yml | 68 -------------------------- 2 files changed, 182 deletions(-) delete mode 100644 kitchen.dokken..yml delete mode 100644 kitchen.yml diff --git a/kitchen.dokken..yml b/kitchen.dokken..yml deleted file mode 100644 index ea8691e0..00000000 --- a/kitchen.dokken..yml +++ /dev/null @@ -1,114 +0,0 @@ ---- -driver: - name: dokken - # because Docker and SystemD - privileged: true - chef_version: <%= ENV['CHEF_VERSION'] || 'current' %> - -transport: - name: dokken - -provisioner: - name: dokken - chef_license: accept - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - driver: - image: dokken/amazonlinux-2 - pid_one_command: /usr/lib/systemd/systemd - - - name: debian-9 - driver: - image: dokken/debian-9 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: debian-10 - driver: - image: dokken/debian-10 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: centos-7 - driver: - image: dokken/centos-7 - pid_one_command: /usr/lib/systemd/systemd - - - name: centos-8 - driver: - image: dokken/centos-8 - pid_one_command: /usr/lib/systemd/systemd - - - name: ubuntu-18.04 - driver: - image: dokken/ubuntu-18.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: ubuntu-20.04 - driver: - image: dokken/ubuntu-20.04 - pid_one_command: /bin/systemd - intermediate_instructions: - - RUN /usr/bin/apt-get update - - - name: opensuse-leap-15 - driver: - image: dokken/opensuse-leap-15 - pid_one_command: /bin/systemd - - - name: fedora-latest - driver: - image: dokken/fedora-latest - pid_one_command: /usr/lib/systemd/systemd - -suites: - - name: wazuh_agent - run_list: - - recipe[wazuh_agent::default] - verifier: - inspec_tests: - - path: cookbooks/wazuh_agent/test/integration/wazuh_agent - - - name: wazuh_server - run_list: - - recipe[wazuh_manager::default] - - recipe[filebeat::default] - verifier: - inspec_tests: - - name: wazuh-manager tests - path: cookbooks/wazuh_manager/test/integration/wazuh_manager - - name: filebeat tests - path: cookbooks/filebeat/test/integration/filebeat - - - name: wazuh_server_oss - run_list: - - recipe[wazuh_manager::default] - - recipe[filebeat-oss::default] - verifier: - inspec_tests: - - name: wazuh-manager tests - path: cookbooks/wazuh_manager/test/integration/wazuh_manager - - name: filebeat-oss tests - path: cookbooks/filebeat-oss/test/integration/filebeat-oss - - - name: opendistro - run_list: - - recipe[opendistro::default] - verifier: - inspec_tests: - - path: cookbooks/opendistro/test/integration/opendistro - - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] - verifier: - inspec_tests: - - path: cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file diff --git a/kitchen.yml b/kitchen.yml deleted file mode 100644 index d0d93e85..00000000 --- a/kitchen.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -driver: - name: vagrant - -transport: - name: ssh - -provisioner: - name: chez-zero - chef_license: accept - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - - name: debian-9 - - name: debian-10 - - name: centos-7 - - name: centos-8 - - name: ubuntu-18.04 - - name: ubuntu-20.04 - - name: opensuse-leap-15 - - name: fedora-latest - -suites: - - name: wazuh_agent - run_list: - - recipe[wazuh_agent::default] - verifier: - inspec_tests: - - path: cookbooks/wazuh_agent/test/integration/wazuh_agent - - - name: wazuh_server - run_list: - - recipe[wazuh_manager::default] - - recipe[filebeat::default] - verifier: - inspec_tests: - - name: wazuh-manager tests - path: cookbooks/wazuh_manager/test/integration/wazuh_manager - - name: filebeat tests - path: cookbooks/filebeat/test/integration/filebeat - - - name: wazuh_server_oss - run_list: - - recipe[wazuh_manager::default] - - recipe[filebeat-oss::default] - verifier: - inspec_tests: - - name: wazuh-manager tests - path: cookbooks/wazuh_manager/test/integration/wazuh_manager - - name: filebeat-oss tests - path: cookbooks/filebeat-oss/test/integration/filebeat-oss - - - name: opendistro - run_list: - - recipe[opendistro::default] - verifier: - inspec_tests: - - path: cookbooks/opendistro/test/integration/opendistro - - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] - verifier: - inspec_tests: - - path: cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file From d00f05827fe56196826c3a4b8b9df7c7bc9e7745 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:04:37 +0100 Subject: [PATCH 198/260] Fix name --- kitchen..yml => kitchen.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename kitchen..yml => kitchen.yml (100%) diff --git a/kitchen..yml b/kitchen.yml similarity index 100% rename from kitchen..yml rename to kitchen.yml From b62f837a7a1fd8b5f07c8cd9c32eb4088a4d8332 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:20:45 +0100 Subject: [PATCH 199/260] Add kitchen-vagrant --- Gemfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 702c66f9..e107510d 100644 --- a/Gemfile +++ b/Gemfile @@ -3,4 +3,5 @@ source 'https://rubygems.org' gem 'rubocop' gem 'test-kitchen' gem 'kitchen-inspec' -gem 'kitchen-dokken' \ No newline at end of file +gem 'kitchen-dokken' +gem 'kitchen-vagrant' \ No newline at end of file From 2943ce925773a89557dd192e832f81b833f8f398 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:21:00 +0100 Subject: [PATCH 200/260] Fix apt url --- .../test/integration/filebeat-oss/respository_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb b/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb index abc5de97..b43da5be 100644 --- a/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb +++ b/cookbooks/filebeat-oss/test/integration/filebeat-oss/respository_test.rb @@ -2,7 +2,7 @@ case os.family when 'debian' - describe apt('http://packages.wazuh.com/4.x/apt/') do + describe apt('https://packages.wazuh.com/4.x/apt/') do it { should exist } it { should be_enabled } end From c5cd68739aeb30d7ff62a943e6dc75583dd1826f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:21:18 +0100 Subject: [PATCH 201/260] Fix tests path --- kitchen-vagrant/kitchen.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/kitchen-vagrant/kitchen.yml b/kitchen-vagrant/kitchen.yml index d0d93e85..80b14018 100644 --- a/kitchen-vagrant/kitchen.yml +++ b/kitchen-vagrant/kitchen.yml @@ -29,7 +29,7 @@ suites: - recipe[wazuh_agent::default] verifier: inspec_tests: - - path: cookbooks/wazuh_agent/test/integration/wazuh_agent + - path: ../cookbooks/wazuh_agent/test/integration/wazuh_agent - name: wazuh_server run_list: @@ -38,9 +38,9 @@ suites: verifier: inspec_tests: - name: wazuh-manager tests - path: cookbooks/wazuh_manager/test/integration/wazuh_manager + path: ../cookbooks/wazuh_manager/test/integration/wazuh_manager - name: filebeat tests - path: cookbooks/filebeat/test/integration/filebeat + path: ../cookbooks/filebeat/test/integration/filebeat - name: wazuh_server_oss run_list: @@ -49,20 +49,20 @@ suites: verifier: inspec_tests: - name: wazuh-manager tests - path: cookbooks/wazuh_manager/test/integration/wazuh_manager + path: ../cookbooks/wazuh_manager/test/integration/wazuh_manager - name: filebeat-oss tests - path: cookbooks/filebeat-oss/test/integration/filebeat-oss + path: ../cookbooks/filebeat-oss/test/integration/filebeat-oss - name: opendistro run_list: - recipe[opendistro::default] verifier: inspec_tests: - - path: cookbooks/opendistro/test/integration/opendistro + - path: ../cookbooks/opendistro/test/integration/opendistro - name: elastic-stack run_list: - recipe[elastic-stack::default] verifier: inspec_tests: - - path: cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file + - path: ../cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file From 0729db9a6e1273a530f02423d15d1e6eda8ee91e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:40:34 +0100 Subject: [PATCH 202/260] Fix apt url and add condition --- cookbooks/filebeat-oss/recipes/repository.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cookbooks/filebeat-oss/recipes/repository.rb b/cookbooks/filebeat-oss/recipes/repository.rb index f590e87e..53778499 100644 --- a/cookbooks/filebeat-oss/recipes/repository.rb +++ b/cookbooks/filebeat-oss/recipes/repository.rb @@ -13,10 +13,13 @@ apt_repository 'wazuh' do key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - uri "http://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" + uri "https://packages.wazuh.com/#{node['wazuh']['major_version']}/apt/" components ['main'] distribution 'stable' action :add + not_if { + File.exist?('/etc/apt/sources.list.d/wazuh.list') + } end apt_update From 7ff4f7dd2aa32b55766e12785aa009e5ca5dbe3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:40:47 +0100 Subject: [PATCH 203/260] Add groups to gems --- Gemfile | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index e107510d..f627c39c 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,18 @@ source 'https://rubygems.org' -gem 'rubocop' -gem 'test-kitchen' -gem 'kitchen-inspec' -gem 'kitchen-dokken' -gem 'kitchen-vagrant' \ No newline at end of file +group :lint do + gem 'rubocop' +end + +group :kitchen do + gem 'test-kitchen' + gem 'kitchen-inspec' +end + +group :dokken do + gem 'kitchen-dokken' +end + +group :vagrant do + gem 'kitchen-vagrant' +end \ No newline at end of file From 7b98a4f87e1935543ee78eaa6cc5ce935ee5900a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 17:41:12 +0100 Subject: [PATCH 204/260] Update TESTING.md --- TESTING.md | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/TESTING.md b/TESTING.md index 31997b15..8131c351 100644 --- a/TESTING.md +++ b/TESTING.md @@ -1,17 +1,46 @@ Test Wazuh Chef cookbooks ========================= -# Prerequisites +# Global prerequisistes +- Ruby +- ChefDK + +There are two ways of creating a chef environment and tests cookbooks depending on what driver to use: +- [kitchen-vagrant](https://github.com/test-kitchen/kitchen-vagrant) +- [kitchen-dokken](https://github.com/test-kitchen/kitchen-dokken) + +Kitchen-vagrant +=============== + +## Prerequisites - Vagrant - Virtualbox -# How to use +## Hot to use? +First install dependancies: ``bundle config set without 'dokken'`` + +Then go to ``wazuh-chef/kitchen-vagrant`` folder and execute kitchen commands. + +Kitchen dokken +============== + +## Prerequisites +- Docker + +## How to use? +First install dependancies: ``bundle config set without 'vagrant'`` + +Then execute kithcen commands. + +Kitchen command +=============== + Kitchen commands To create an environment with Wazuh Chef cookbooks: 1. ``kitchen list``: list all kitchen instances -2. ``kitchen create -``: create an instance just with OS +2. ``kitchen create -``: create an instance just with a \ node initialized. 3. ``kitchen create -``: create an instance with all cookbooks declared -in \ inside a \ node +in \ inside a \ node 4. ``kitchen verify -``: run tests in the instance specified 5. ``kitchen destroy -``: destroy in the instance specified 6. ``kitchen login -``: login in the instance specified From 054c0a7dd5d6c3b3e496a68dd1b124cc80603dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 18:12:14 +0100 Subject: [PATCH 205/260] Update TESTING.md --- TESTING.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/TESTING.md b/TESTING.md index 8131c351..10d6495c 100644 --- a/TESTING.md +++ b/TESTING.md @@ -17,7 +17,9 @@ Kitchen-vagrant - Virtualbox ## Hot to use? -First install dependancies: ``bundle config set without 'dokken'`` +First install dependancies: +``bundle config set without dokken`` +``bundle install`` Then go to ``wazuh-chef/kitchen-vagrant`` folder and execute kitchen commands. @@ -28,7 +30,9 @@ Kitchen dokken - Docker ## How to use? -First install dependancies: ``bundle config set without 'vagrant'`` +First install dependancies: +``bundle config set without vagrant`` +``bundle install`` Then execute kithcen commands. From 6c122ae5feab47e593e88334705545b03eb44efd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 22 Dec 2020 18:12:34 +0100 Subject: [PATCH 206/260] Remove be_enabled package test --- .../test/integration/opendistro/elasticsearch_test.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb index 13c86ace..c2925682 100644 --- a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb +++ b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb @@ -2,12 +2,10 @@ describe package('elasticsearch-oss') do it { should be_installed } - it { should be_enabled } end describe package('opendistroforelasticsearch') do it { should be_installed } - it { should be_enabled } end describe elasticsearch do From b7fa4b7194c4ee049e6a0bac532a40568f8aa7e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 10:16:06 +0100 Subject: [PATCH 207/260] Check if search guard is installed --- cookbooks/opendistro/recipes/elasticsearch.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cookbooks/opendistro/recipes/elasticsearch.rb b/cookbooks/opendistro/recipes/elasticsearch.rb index 930d7786..642862f6 100644 --- a/cookbooks/opendistro/recipes/elasticsearch.rb +++ b/cookbooks/opendistro/recipes/elasticsearch.rb @@ -143,6 +143,9 @@ execute 'Run the Search Guard’s script to create the certificates' do command "#{node['searchguard']['config_path']}/tools/sgtlstool.sh -c #{node['searchguard']['config_path']}/search-guard.yml -ca -crt -t #{node['elastic']['certs_path']}/" + not_if { + File.exist?("#{node['elastic']['certs_path']}/root-ca.key") + } end bash 'Compress all the necessary files to be sent to the all the instances' do From f273d9b4ab2db90bc916c9448f8d2020b18ca431 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 10:16:26 +0100 Subject: [PATCH 208/260] Check if kibana plugin is installed --- cookbooks/opendistro/recipes/kibana.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cookbooks/opendistro/recipes/kibana.rb b/cookbooks/opendistro/recipes/kibana.rb index 5bb0b103..f37e1661 100644 --- a/cookbooks/opendistro/recipes/kibana.rb +++ b/cookbooks/opendistro/recipes/kibana.rb @@ -57,6 +57,9 @@ execute 'Install Wazuh Kibana plugin' do command "sudo -u kibana #{node['kibana']['package_path']}/bin/kibana-plugin install https://packages.wazuh.com/#{node['wazuh']['major_version']}/ui/kibana/wazuh_kibana-#{node['wazuh']['kibana_plugin_version']}-1.zip" + not_if { + Dir.exist?("#{node['kibana']['plugins_path']}/wazuh") + } end # Create Wazuh-Kibana plugin configuration file From 92ca0fceaf33069e4075712611a3c46b5c31d95d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 10:16:44 +0100 Subject: [PATCH 209/260] Fix kibana open port --- cookbooks/opendistro/test/integration/opendistro/kibana_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb index 2a1138a0..8518d90a 100644 --- a/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb +++ b/cookbooks/opendistro/test/integration/opendistro/kibana_test.rb @@ -28,6 +28,6 @@ it { should be_running } end -describe port(5601) do +describe port(443) do it { should be_listening } end From a999648e976b041a83683abef8190a07951ee8ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 13:52:28 +0100 Subject: [PATCH 210/260] Remove local cookbooks CHANGELOGS --- cookbooks/elastic-stack/CHANGELOG.md | 6 ------ cookbooks/filebeat-oss/CHANGELOG.md | 10 ---------- cookbooks/filebeat/CHANGELOG.md | 7 ------- cookbooks/opendistro/CHANGELOG.md | 6 ------ cookbooks/wazuh_agent/CHANGELOG.md | 10 ---------- cookbooks/wazuh_manager/CHANGELOG.md | 13 ------------- 6 files changed, 52 deletions(-) delete mode 100644 cookbooks/elastic-stack/CHANGELOG.md delete mode 100644 cookbooks/filebeat-oss/CHANGELOG.md delete mode 100644 cookbooks/filebeat/CHANGELOG.md delete mode 100644 cookbooks/opendistro/CHANGELOG.md delete mode 100644 cookbooks/wazuh_agent/CHANGELOG.md delete mode 100644 cookbooks/wazuh_manager/CHANGELOG.md diff --git a/cookbooks/elastic-stack/CHANGELOG.md b/cookbooks/elastic-stack/CHANGELOG.md deleted file mode 100644 index 8e610921..00000000 --- a/cookbooks/elastic-stack/CHANGELOG.md +++ /dev/null @@ -1,6 +0,0 @@ -## v0.1.0 -1. Install Elastic Stack 7.9.3 version -2. Install Wazuh Kibana plugin 4.0.2_7.9.3 version -*Note*: in future version, kibana will be in an independent cookbook - -* Initial/current release diff --git a/cookbooks/filebeat-oss/CHANGELOG.md b/cookbooks/filebeat-oss/CHANGELOG.md deleted file mode 100644 index a09c4754..00000000 --- a/cookbooks/filebeat-oss/CHANGELOG.md +++ /dev/null @@ -1,10 +0,0 @@ -# filebeat-oss CHANGELOG - -This file is used to list changes made in each version of the filebeat-oss cookbook. - -## 0.1.0 - -Initial release. - -- change 0 -- change 1 diff --git a/cookbooks/filebeat/CHANGELOG.md b/cookbooks/filebeat/CHANGELOG.md deleted file mode 100644 index 05f37739..00000000 --- a/cookbooks/filebeat/CHANGELOG.md +++ /dev/null @@ -1,7 +0,0 @@ -## v0.1.0 -1. Bump to filebeat 7.9.3 -2. Added suse repository - -*Note*: in future version, filebeat will be included into wazuh-manager cookbook - -* Initial/current release diff --git a/cookbooks/opendistro/CHANGELOG.md b/cookbooks/opendistro/CHANGELOG.md deleted file mode 100644 index 77d190cf..00000000 --- a/cookbooks/opendistro/CHANGELOG.md +++ /dev/null @@ -1,6 +0,0 @@ -## v0.1.0 -1. Bump to Opendistro for Elasticsearch 7.9.1 -2. Added suse repository -*Note*: in future version, kibana will be in an independent cookbook - -* Initial/current release diff --git a/cookbooks/wazuh_agent/CHANGELOG.md b/cookbooks/wazuh_agent/CHANGELOG.md deleted file mode 100644 index 907a53a7..00000000 --- a/cookbooks/wazuh_agent/CHANGELOG.md +++ /dev/null @@ -1,10 +0,0 @@ -## v0.1.0 -1. Bump to wazuh 4.0.1 version -2. Added suse repository -## v0.0.9 -Amazon Linux OS included in repository.rb -## v0.0.8 -Fixed bugs in ossec_to_xml #4 Thanks @smith3v -## v0.0.1 - -* Initial/current release diff --git a/cookbooks/wazuh_manager/CHANGELOG.md b/cookbooks/wazuh_manager/CHANGELOG.md deleted file mode 100644 index 3b9b261a..00000000 --- a/cookbooks/wazuh_manager/CHANGELOG.md +++ /dev/null @@ -1,13 +0,0 @@ -## v0.1.1 -1. Included filebeat into manager cookbook -2. Change cookbook name from wazuih_manager to wazuh_server -## v0.1.0 -1. Bump to wazuh 4.0.1 version -2. Added suse repository -## v0.0.9 -Amazon Linux OS included in repository.rb -## v0.0.8 -Fixed bugs in ossec_to_xml #4 Thanks @smith3v -## v0.0.1 - -* Initial/current release From 12f9c5e8e3fa02cbd053cdb3afa1078efd9d6d80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 13:54:41 +0100 Subject: [PATCH 211/260] Fix cookboo name comment --- cookbooks/filebeat-oss/attributes/files.rb | 2 +- cookbooks/filebeat-oss/attributes/paths.rb | 2 +- cookbooks/filebeat-oss/attributes/versions.rb | 2 +- cookbooks/filebeat-oss/attributes/yml.rb | 2 +- cookbooks/filebeat-oss/recipes/default.rb | 2 +- cookbooks/filebeat-oss/recipes/filebeat.rb | 2 +- cookbooks/filebeat-oss/recipes/repository.rb | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cookbooks/filebeat-oss/attributes/files.rb b/cookbooks/filebeat-oss/attributes/files.rb index bcd9a6a0..3af6fa6b 100644 --- a/cookbooks/filebeat-oss/attributes/files.rb +++ b/cookbooks/filebeat-oss/attributes/files.rb @@ -1,4 +1,4 @@ -# Cookbook Name:: filebeat +# Cookbook Name:: filebeat-oss # Attribute:: files # Author:: Wazuh diff --git a/cookbooks/filebeat-oss/attributes/paths.rb b/cookbooks/filebeat-oss/attributes/paths.rb index 5d77f7de..e9d0ee3a 100644 --- a/cookbooks/filebeat-oss/attributes/paths.rb +++ b/cookbooks/filebeat-oss/attributes/paths.rb @@ -1,4 +1,4 @@ -# Cookbook Name:: filebeat +# Cookbook Name:: filebeat-oss # Attribute:: paths # Author:: Wazuh diff --git a/cookbooks/filebeat-oss/attributes/versions.rb b/cookbooks/filebeat-oss/attributes/versions.rb index c18f6d58..ecfd693c 100644 --- a/cookbooks/filebeat-oss/attributes/versions.rb +++ b/cookbooks/filebeat-oss/attributes/versions.rb @@ -1,4 +1,4 @@ -# Cookbook Name:: filebeat +# Cookbook Name:: filebeat-oss # Attribute:: versions # Author:: Wazuh diff --git a/cookbooks/filebeat-oss/attributes/yml.rb b/cookbooks/filebeat-oss/attributes/yml.rb index e458a1d7..b54baf69 100644 --- a/cookbooks/filebeat-oss/attributes/yml.rb +++ b/cookbooks/filebeat-oss/attributes/yml.rb @@ -1,4 +1,4 @@ -# Cookbook Name:: filebeat +# Cookbook Name:: filebeat-oss # Attribute:: yml # Author:: Wazuh diff --git a/cookbooks/filebeat-oss/recipes/default.rb b/cookbooks/filebeat-oss/recipes/default.rb index 912ed39b..a345eebc 100644 --- a/cookbooks/filebeat-oss/recipes/default.rb +++ b/cookbooks/filebeat-oss/recipes/default.rb @@ -1,4 +1,4 @@ -# Cookbook Name:: filebeat +# Cookbook Name:: filebeat-oss # Recipe:: default # Author:: Wazuh diff --git a/cookbooks/filebeat-oss/recipes/filebeat.rb b/cookbooks/filebeat-oss/recipes/filebeat.rb index fadb032a..cb14aa22 100644 --- a/cookbooks/filebeat-oss/recipes/filebeat.rb +++ b/cookbooks/filebeat-oss/recipes/filebeat.rb @@ -1,4 +1,4 @@ -# Cookbook Name:: filebeat +# Cookbook Name:: filebeat-oss # Recipe:: filebeat-oss # Author:: Wazuh diff --git a/cookbooks/filebeat-oss/recipes/repository.rb b/cookbooks/filebeat-oss/recipes/repository.rb index 53778499..835c2f35 100644 --- a/cookbooks/filebeat-oss/recipes/repository.rb +++ b/cookbooks/filebeat-oss/recipes/repository.rb @@ -1,4 +1,4 @@ -# Cookbook Name:: filebeat +# Cookbook Name:: filebeat-oss # Recipe:: repository # Author:: Wazuh From 9beda9174813a69efb74b87e9a78b29f23a085e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 13:55:52 +0100 Subject: [PATCH 212/260] Update README.md and CHANGELOG.md --- CHANGELOG.md | 9 ++++ cookbooks/elastic-stack/README.md | 60 +++++---------------- cookbooks/filebeat-oss/README.md | 35 +++++++++++- cookbooks/filebeat/README.md | 51 ++++-------------- cookbooks/opendistro/README.md | 88 ++++++++++++------------------- cookbooks/wazuh_agent/README.md | 15 +++--- cookbooks/wazuh_manager/README.md | 52 ++++++++++-------- roles/README.md | 33 ++++++++---- 8 files changed, 164 insertions(+), 179 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 380909c0..396392c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,15 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Chef v4.0.3_1.11.0 + +### Added +- Update to Wazuh version 4.0.3 +- Add Opendistro with version 1.11.0 +- Update Elastic Stack to version 7.9.3 +- Install Wazuh Kibana plugin 4.0.3_7.9.3 version +- Add support for SUSE repository + ## Wazuh Chef v4.0.1 ### Added diff --git a/cookbooks/elastic-stack/README.md b/cookbooks/elastic-stack/README.md index dbc9252c..ce3e040c 100644 --- a/cookbooks/elastic-stack/README.md +++ b/cookbooks/elastic-stack/README.md @@ -2,44 +2,15 @@ This cookbook installs and configures Elastic Stack. Please note that it's not obligatory to install the whole stack, recipes can work independently. -#### Chef -- Chef 12+ - -#### Cookbooks - ### Attributes -You can customize the installation of Elasticsearch and Kibana modifying the following parameters -on attributes files: - -yml.rb -====== -Has the important parameter to configure the YAML file of elastic and kibana. - -**Elasticsearch:** - -* ```['elastic']['yml']['network']['host']```: IP address bound to elasticsearch node -* ```['elastic']['yml']['http']['port']```: port bound to elasticsearch node - -**Kibana:** - -* ```['kibana']['yml']['server']['host']```: IP address bound to kibana node -* ```['kibana']['yml']['server']['port']```: port bound to kibana node -* ```['kibana']['yml']['elasticsearch']['hosts]```: URL of elasticsearch nodes +* ``api.rb``: declare API credentials for all manager installed +* ``jvm.rb``: declare the amount of memory RAM JVM will use +* ``paths.rb``: initialize different paths used during installation +* ``versions.rb``: versions for Wazuh and ELK +* ``yml.rb``: customize YAML configuration file for Elasticsearch and Kibana services -versions.rb -=========== -All the versions for wazuh, elk and kibana plugin - -jvm.rb -====== -Java memory limits. - -paths.rb -======== -Default paths for elasticsearch and kibana. Please do not modify. - -### Installation +### Usage Create a role, `elastic-stack`. Modify attributes to customize the installation. @@ -89,16 +60,14 @@ Elastic adds new parameters that customize the cluster formation: `discovery.see You can find more information about such attributes here: [Discovery and cluster formation settings](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery-settings.html) -In order to make Chef compatible Elasticsearch 7.x, two new attributes have been added. +In order to make Chef compatible Elasticsearch 7.x, two new attributes could be added. -1. `['elastic']['discovery_option']` : This option let you set the full line in the *elasticsearch.yml* file so you can declare it to: - * `['elastic']['discovery_option']: "discovery.seed.hosts: "` - * `['elastic']['discovery_option']: "discovery.host_providers: "` - * `['elastic']['discovery_option']: "discovery.type: single-node"` +1. `['elastic']['yml']['discovery']` : This option let you set the full line in the *elasticsearch.yml* file so you can declare it to: + - `['elastic']['yml']['discovery']['seed_hosts']: "` + - `['elastic']['yml']['discovery']['seed_providers']: "` + - `['elastic']['yml']['discovery']['type']: single-node"` 2. `['elastic']['yml']['cluster']['initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. You can declare it like: - * `['elastic']['yml']['cluster']['initial_master_nodes']: "['']"` - -**Important note:** In some situations you will need only one of such parameters, that's why it's implemented as the whole line, to allow the declaration of character **#** to disable it. + - `['elastic']['yml']['cluster']['initial_master_nodes']: "['']"` #### Example: @@ -134,8 +103,7 @@ If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would ``` - - ### References -Check https://documentation.wazuh.com/3.13/installation-guide/installing-elastic-stack/index.html for more information about Wazuh Elastic. \ No newline at end of file +Check https://documentation.wazuh.com/4.0/learning-wazuh/build-lab/install-elastic-stack.html for more information about +how to install Elastic Stack. \ No newline at end of file diff --git a/cookbooks/filebeat-oss/README.md b/cookbooks/filebeat-oss/README.md index b32bdcfb..ce36c783 100644 --- a/cookbooks/filebeat-oss/README.md +++ b/cookbooks/filebeat-oss/README.md @@ -1,4 +1,35 @@ -# filebeat-oss +# Filebeat OSS cookbook -TODO: Enter the cookbook description here. +This cookbook installs and configures Filebeat OSS on the specified node. +## Attributes + +* `files.rb`: initialize needed file names to install Filebeat +* `paths.rb`: initialize some main paths +* `versions.rb`: initialize versions for Wazuh and ELK +* `yml.rb`: customize *filebeat.yml* configuration file + +## Usage + +See `wazuh-manager` cookbook documentation. + +## Recipes + +### default.rb + +Declares all recipes in the cookbook and installs Filebeat. + +#### repository.rb + +Append to repository path the URL and GPG key of Filebeat + +#### filebeat.rb + +* Install the package Filebeats OSS +* Create the configuration of */etc/filebeat/filebeat.yml* with defined attributes in the ```attributes``` folder +* Download the alerts template for Elasticsearch +* Download the Wazuh module for Filebeat + +## References + +Check [Filebeat installation documentation](https://documentation.wazuh.com/4.0/learning-wazuh/build-lab/install-wazuh-manager.html#install-filebeat) for more detail \ No newline at end of file diff --git a/cookbooks/filebeat/README.md b/cookbooks/filebeat/README.md index f88d48af..ca7ba760 100644 --- a/cookbooks/filebeat/README.md +++ b/cookbooks/filebeat/README.md @@ -1,52 +1,23 @@ # Filebeat cookbook -## Description -This cookbook installs and configures Filebeat in order on the specified node. +This cookbook installs and configures Filebeat on the specified node. -Attributes ----------- +## Attributes -Default configuration is defined in ```/attributes/default.rb``` and contains needed parameters to configure the ```filebeat.yml``` file. +* `files.rb`: initialize needed file names to install Filebeat +* `paths.rb`: initialize some main paths +* `versions.rb`: initialize versions for Wazuh and ELK +* `yml.rb`: customize *filebeat.yml* configuration file -Important attributes: +## Usage -* ```node['filebeat']['yml']['output']['elasticsearch']['hosts']```: array elasticsearch nodes network -parameters (ip and port) +See `wazuh-manager` cookbook documentation. +## Recipes -## Installation +### default.rb -Create a role, wazuh_filebeat. Add attributes per above as needed to customize the installation. - -``` - { - "name": "filebeat", - "description": "Filebeat host", - "json_class": "Chef::Role", - "default_attributes": { - - }, - "override_attributes": { - - }, - "chef_type": "role", - "run_list": [ - "recipe[filebeat::default]" - ], - "env_run_lists": { - - } - } -``` - -Recipes -------- - -#### default.rb - -This recipe imports and executes the following recipes: -* *repository* -* *filebeat* +Declares all recipes in the cookbook and installs Filebeat. #### repository.rb diff --git a/cookbooks/opendistro/README.md b/cookbooks/opendistro/README.md index 05e178a6..d3fb34ba 100644 --- a/cookbooks/opendistro/README.md +++ b/cookbooks/opendistro/README.md @@ -1,21 +1,24 @@ -# Wazuh Elasticsearch cookbook +# Opendistro cookbook -This cookbook installs and configures Elastic Stack. Please note that it's not obligatory to install the whole stack, recipes can work independently. +This cookbook installs and configures Opendistroforleasticsearch. Please note that it's not obligatory to install the whole stack, recipes can work independently. ### Attributes -The ``attributes`` folder contains all the default configuration files in order to generate ossec.conf file. +* ``api.rb``: declare API credentials for all manager installed +* ``jvm.rb``: declare the amount of memory RAM JVM will use +* ``paths.rb``: initialize different paths used during installation +* ``search_guard.rb``: declare search guard ZIP filename +* ``versions.rb``: versions for Wazuh, ODFE, ELK and Search Guard +* ``yml.rb``: customize YAML configuration file for Elasticsearch, Kibana and Search Guard services -Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. +### Usage -### Installation +Create a role, `opendistro`. Modify attributes to customize the installation. -Create a role, `wazuh_elastic`. Modify attributes to customize the installation. - -``` +```json { - "name": "wazuh_elastic", - "description": "Wazuh Elastic Role", + "name": "opendistro", + "description": "Opendistro Role", "json_class": "Chef::Role", "default_attributes": { @@ -25,7 +28,7 @@ Create a role, `wazuh_elastic`. Modify attributes to customize the installation. }, "chef_type": "role", "run_list": [ - "recipe[wazuh_elastic::default]" + "recipe[opendistro::default]" ], "env_run_lists": { @@ -33,26 +36,6 @@ Create a role, `wazuh_elastic`. Modify attributes to customize the installation. } ``` -#### Customize ELK installation - -You can customize the installation of Elasticsearch and Kibana modifying the following parameters. - - -**Elasticsearch:** - -* ```['wazuh-elastic']['elasticsearch_memmory'] = "1g"``` -* ```['wazuh-elastic']['elasticsearch_cluster_name'] = 'wazuh'``` -* ```['wazuh-elastic']['elasticsearch_node_name'] = 'elk.wazuh-test.com'``` -* ```['wazuh-elastic']['elasticsearch_port'] = 9200``` -* ```['wazuh-elastic']['elasticsearch_ip'] = 'localhost'``` - -**Kibana:** - -* ```['wazuh-elastic']['kibana_host'] = '0.0.0.0'``` -* ```['wazuh-elastic']['kibana_port'] = '5601'``` -* ```['wazuh-elastic']['kibana_elasticsearch_server'] = "http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}"``` - - ### Recipes #### default.rb @@ -61,15 +44,15 @@ Declares all recipes in the cookbook and installs the whole Elastic Stack. #### elasticsearch.rb -Installs Elasticsearch, the Wazuh template will be configured. +Installs and configures Elasticsearch. Also install mandatory certificates. #### repository.rb -Declares elastic repository and GPG key URLs. +Declares elastic repository and GPG key URI. ### kibana.rb -Installs Kibana packages and configures *kibana.yml*. You can customize the installation by editing the following attributes. +Installs and configures Kibana. You can customize the installation by editing the following attributes. ### Elasticsearch 7.x Cluster Changes @@ -79,16 +62,14 @@ Elastic adds new parameters that customize the cluster formation: `discovery.see You can find more information about such attributes here: [Discovery and cluster formation settings](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery-settings.html) -In order to make Chef compatible Elasticsearch 7.x, two new attributes have been added. - -- `['wazuh-elastic']['discovery_option']` : This option let you set the full line in the *elasticsearch.yml* file so you can declare it to: - - `['wazuh-elastic']['discovery_option']: "discovery.seed.hosts: "` - - `['wazuh-elastic']['discovery_option']: "discovery.host_providers: "` - - `['wazuh-elastic']['discovery_option']: "discovery.type: single-node"` -- `['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. You can declare it like: - - `['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes']: "['']"` +In order to make Chef compatible Elasticsearch 7.x, two new attributes could be added. -**Important note:** In some situations you will need only one of such parameters, that's why it's implemented as the whole line, to allow the declaration of character **#** to disable it. +1. `['elastic']['yml']['discovery']` : This option let you set the full line in the *elasticsearch.yml* file so you can declare it to: + - `['elastic']['yml']['discovery']['seed_hosts']: "` + - `['elastic']['yml']['discovery']['seed_providers']: "` + - `['elastic']['yml']['discovery']['type']: single-node"` +2. `['elastic']['yml']['cluster']['initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. You can declare it like: + - `['elastic']['yml']['cluster']['initial_master_nodes']: "['']"` #### Example: @@ -98,22 +79,24 @@ If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would ```json { - "name": "wazuh_elastic", - "description": "Wazuh Elastic Role", + "name": "opendistro", + "description": "Opendistro Role", "json_class": "Chef::Role", "default_attributes": { }, "override_attributes": { - "wazuh-elastic":{ - "discovery_option": "#", - "elasticsearch_cluster_initial_master_nodes": "192.168.0.1" + "elastic": { + "yml": { + "cluster": { + "initial_master_nodes": "192.168.0.1" + } + } } - }, "chef_type": "role", "run_list": [ - "recipe[wazuh_elastic::default]" + "recipe[opendistro::default]" ], "env_run_lists": { @@ -122,8 +105,7 @@ If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would ``` - - ### References -Check https://documentation.wazuh.com/current/installation-guide/installing-elastic-stack/index.html for more information about Wazuh Elastic. \ No newline at end of file +Check https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html for more information about +how to install step-by-step a Elasticsearch single-node cluster. \ No newline at end of file diff --git a/cookbooks/wazuh_agent/README.md b/cookbooks/wazuh_agent/README.md index 23f7a45d..be7c888f 100644 --- a/cookbooks/wazuh_agent/README.md +++ b/cookbooks/wazuh_agent/README.md @@ -2,7 +2,14 @@ These cookbooks install and configure a Wazuh Agent on specified nodes. -Agent is automatically registered in the specified address by using ['agent authd'](https://documentation.wazuh.com/current/user-manual/agents/registering-agents/register-agent-authd.html#simple-method) (```['ossec']['registration_address']``` and connects with the manager address ```['ossec']['address']```). You can set this attributes by default on attributes folder or specify it in the ['wazuh_agent role'](https://github.com/wazuh/wazuh-chef/blob/3.9-repository-refactor/roles/wazuh_agent.json). +Agent is automatically registered in the specified address by using ['agent authd'](https://documentation.wazuh.com/current/user-manual/agents/registering-agents/register-agent-authd.html#simple-method) ( ```['ossec']['address']``` specify mnager IP address). You can set this attributes by default on attributes folder or specify it in the ['wazuh_agent role'](https://github.com/wazuh/wazuh-chef/blob/3.9-repository-refactor/roles/wazuh_agent.json). + +### Attributes + +* ``versions.rb`` contains version attributes to make it easier when it comes to bump version +* The rest of files contains all the default configuration files in order to generate ossec.conf + +Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. ### Usage @@ -23,7 +30,6 @@ For example: }, "override_attributes": { "ossec": { - "registration_address": "172.19.0.211", "address": "172.19.0.211", "agent_auth": { "name" : "Agent_01", @@ -65,11 +71,6 @@ The agent_auth parameters are the following: You can use any of the quoted attributes, as stated in the previous example. Flags options must be set to "true" or "false". -### Attributes - -The ``attributes`` folder contains all the default configuration files in order to generate ossec.conf file. - -Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. ### Recipes diff --git a/cookbooks/wazuh_manager/README.md b/cookbooks/wazuh_manager/README.md index d4ac1e44..422441f6 100644 --- a/cookbooks/wazuh_manager/README.md +++ b/cookbooks/wazuh_manager/README.md @@ -1,20 +1,24 @@ -# Wazuh Server cookbook +# Wazuh Manager cookbook -This cookbook installs and configure Wazuh Manager, API and Filebeat on specified nodes. +This cookbook installs and configure Wazuh Manager on specified nodes. + +There are two types of manager installations: + +1. Without filebeat-oss +2. With filebeat-oss + +Dependending on your choice, install elastic-stack or opendistro cookbooks respectively. ### Attributes -* ``filebeat.rb`` contains configuration variables and filebeat.yml content +* ``api.rb`` contains API IP and port * ``versions.rb`` contains version attributes to make it easier when it comes to bump version * The rest of files contains all the default configuration files in order to generate ossec.conf - -Check ['Filebeat section'](https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/filebeat/7.x/filebeat.yml) to see an example of Filebeat configuration. - Check ['ossec.conf'](https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/) documentation to see all configuration sections. -### Installation +### Usage Create a role, `wazuh_server`. Add attributes per above as needed to customize the installation. @@ -31,7 +35,8 @@ Create a role, `wazuh_server`. Add attributes per above as needed to customize t }, "chef_type": "role", "run_list": [ - "recipe[wazuh_server::default]" + "recipe[wazuh_manager::default]", + "recipe['filebeat::default]" ], "env_run_lists": { @@ -39,12 +44,12 @@ Create a role, `wazuh_server`. Add attributes per above as needed to customize t } ``` -If you want to build a Wazuh cluster, you need to create two roles, one role for the **Master** and another one for **Client**: +If you want to build a Wazuh cluster, you need to create two roles, one role for the **Master** and another one for **Worker**: ``` { - "name": "wazuh_server_master", - "description": "Wazuh Server master node", + "name": "wazuh_manager_master", + "description": "Wazuh Manager master node", "json_class": "Chef::Role", "default_attributes": { @@ -55,7 +60,7 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for "conf": { "server": { "cluster": { - "node_name": "node01", + "node_name": "master01", "node_type": "master", "disabled": "no", "nodes": { @@ -67,15 +72,17 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for }, "chef_type": "role", "run_list": [ - "recipe[wazuh_server::default]" + "recipe[wazuh_manager::default]", + "recipe[filebeat::default]" ], "env_run_lists": { } } + { - "name": "wazuh_server_client", - "description": "Wazuh Server client node", + "name": "wazuh_manager_worker", + "description": "Wazuh Manager worker node", "json_class": "Chef::Role", "default_attributes": { @@ -86,8 +93,8 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for "conf": { "server": { "cluster": { - "node_name": "node02", - "node_type": "client", + "node_name": "worker01", + "node_type": "worker", "disabled": "no", "nodes": { "node": ["172.16.10.10", "172.16.10.11"] @@ -98,7 +105,8 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for }, "chef_type": "role", "run_list": [ - "recipe[wazuh_server::default]" + "recipe[wazuh_manager::default]", + "recipe[filebeat::default]" ], "env_run_lists": { @@ -114,16 +122,16 @@ Check [cluster documentation](https://documentation.wazuh.com/4.0/user-manual/co Installs the wazuh-manager and required dependencies. Also creates the *local_rules.xml* and *local_decoder.xml* files. -#### filebeat.yml - -Install the package Filebeats, create the configuration of */etc/filebeat/filebeat.yml* with defined attributes in the ```attributes``` folder. #### common.rb Generates the ossec.conf file using Gyoku. #### repository.rb -Declares wazuh repository and gpg key urls. +Declares wazuh repository and GPG key URIs. + +#### prerequisites.rb +Install prerequisites to install Wazuh manager ### References diff --git a/roles/README.md b/roles/README.md index 3a4ef0c6..c44ab566 100644 --- a/roles/README.md +++ b/roles/README.md @@ -1,12 +1,19 @@ -Wazuh roles -==================================== +# Wazuh roles -# Attrributes +There are 5 types of roles: -Manager ------------- +1. **wazuh_server**: Wazuh Manager and Filebeat +2. **wazhu_server_oss**: Wazuh Manager and Filebeat OSS +3. **wazuh_agent**: Wazuh Agent +4. **elastic_stack**: Elasticsearch and Kibana +5. **opendistro**: Elasticsearch OSS and Kiban OSS -### How to bind a specific IP address to manager? +## Important attributes + +### wazuh-manager +----------------- + +**How to bind a specific IP address to manager?** In case you have a non single-node installation and want to bind a specifi IP address to the manager the followig attributes must be override: @@ -14,7 +21,15 @@ the followig attributes must be override: * ```node['api]['ip']```: the IP address bind to the API * ```node['api]['port']```: the port bind to the API -Filebeat ------------- +### filebeat and filebeat-oss +----------------------------- + +* ```node['filebeat']['yml']['elasticsearch']['hosts']```: array with all Elastic nodes IP and port -* ```node['filebeat']['elastic_nodes']```: array with all Elastic nodes IP and port (:) \ No newline at end of file +### elastic-stack and opendistro +-------------------------------- +* ``node['elastic']['yml']['network']['host']``: IP address bind to elasticsearch node +* ``node['elastic']['yml']['http']['port']``: port bind to elasticsearch node +* ``node['kibana']['yml']['server']['host']``: IP address bind to kibana node +* ``node['kibana']['yml']['server']['port']``: port bind to elasticsearch node +* ``node['kibana']['wazuh_api_credentials']``: array with all wazuh manager nodes, specifying api credentials \ No newline at end of file From a1f54c389ac542df21f3c92e6b5859cc290a2380 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 14:01:36 +0100 Subject: [PATCH 213/260] Remove old roles and add new ones --- ...{wazuh_elastic.json => elastic_stack.json} | 4 +-- .../{wazuh_filebeat.json => opendistro.json} | 6 ++-- roles/wazuh_server.json | 29 ++++++++++--------- roles/wazuh_server_oss.json | 19 ++++++++++++ 4 files changed, 39 insertions(+), 19 deletions(-) rename roles/{wazuh_elastic.json => elastic_stack.json} (72%) rename roles/{wazuh_filebeat.json => opendistro.json} (63%) create mode 100644 roles/wazuh_server_oss.json diff --git a/roles/wazuh_elastic.json b/roles/elastic_stack.json similarity index 72% rename from roles/wazuh_elastic.json rename to roles/elastic_stack.json index 807adfb0..1a75bf17 100644 --- a/roles/wazuh_elastic.json +++ b/roles/elastic_stack.json @@ -1,6 +1,6 @@ { "name": "wazuh_elastic", - "description": "Wazuh Elastic Role", + "description": "Elastic Stack Role", "json_class": "Chef::Role", "default_attributes": { @@ -10,7 +10,7 @@ }, "chef_type": "role", "run_list": [ - "recipe[wazuh_elastic::default]" + "recipe[elastic-stack::default]" ], "env_run_lists": { diff --git a/roles/wazuh_filebeat.json b/roles/opendistro.json similarity index 63% rename from roles/wazuh_filebeat.json rename to roles/opendistro.json index 7aec1d56..6d733dab 100644 --- a/roles/wazuh_filebeat.json +++ b/roles/opendistro.json @@ -1,6 +1,6 @@ { - "name": "wazuh_filebeat", - "description": "Wazuh Filebeat Role", + "name": "opendistro", + "description": "Opendistro Role", "json_class": "Chef::Role", "default_attributes": { @@ -10,7 +10,7 @@ }, "chef_type": "role", "run_list": [ - "recipe[wazuh_filebeat::default]" + "recipe[opendistro::default]" ], "env_run_lists": { diff --git a/roles/wazuh_server.json b/roles/wazuh_server.json index df13d264..d98a85ca 100644 --- a/roles/wazuh_server.json +++ b/roles/wazuh_server.json @@ -1,18 +1,19 @@ { - "name": "wazuh_server", - "description": "Wazuh Server host", - "json_class": "Chef::Role", - "default_attributes": { + "name": "wazuh_server", + "description": "Wazuh Server Role", + "json_class": "Chef::Role", + "default_attributes": { - }, - "override_attributes": { + }, + "override_attributes": { - }, - "chef_type": "role", - "run_list": [ - "recipe[wazuh_server::default]" - ], - "env_run_lists": { + }, + "chef_type": "role", + "run_list": [ + "recipe[wazuh_manager::default]", + "recipe[filebeat::default]" + ], + "env_run_lists": { - } - } \ No newline at end of file + } +} \ No newline at end of file diff --git a/roles/wazuh_server_oss.json b/roles/wazuh_server_oss.json new file mode 100644 index 00000000..2085efa4 --- /dev/null +++ b/roles/wazuh_server_oss.json @@ -0,0 +1,19 @@ +{ + "name": "wazuh_server_oss", + "description": "Wazuh Server OSS Role", + "json_class": "Chef::Role", + "default_attributes": { + + }, + "override_attributes": { + + }, + "chef_type": "role", + "run_list": [ + "recipe[wazuh_manager::default]", + "recipe[filebeat-oss::default]" + ], + "env_run_lists": { + + } + } \ No newline at end of file From f061751502322ef6085547b8ccf00fc3f6ab7cf3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 14:02:12 +0100 Subject: [PATCH 214/260] Remove white space --- cookbooks/wazuh_agent/attributes/authd.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cookbooks/wazuh_agent/attributes/authd.rb b/cookbooks/wazuh_agent/attributes/authd.rb index 215255a6..4bc33065 100644 --- a/cookbooks/wazuh_agent/attributes/authd.rb +++ b/cookbooks/wazuh_agent/attributes/authd.rb @@ -19,9 +19,8 @@ default['ossec']['agent_auth']['register'] = 'yes' default['ossec']['agent_auth']['name'] = node['hostname'] -default['ossec']['agent_auth']['host'] = node['ossec']['registration_address'] +default['ossec']['agent_auth']['host'] = node['ossec']['address'] default['ossec']['agent_auth']['port'] = 1515 - default['ossec']['agent_auth']['ca'] = nil default['ossec']['agent_auth']['certificate'] = nil default['ossec']['agent_auth']['key'] = nil From cbf08352bd9589ea35881ec654903e8145f1dc1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 14:11:11 +0100 Subject: [PATCH 215/260] Update README.md --- README.md | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 6b32adbc..e3b79973 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Deploy the Wazuh platform using Chef cookbooks. Chef recipes are prepared for in | Wazuh version | Elastic | ODFE | |---------------|---------|--------| -| v4.0.1 | - | v1.11.0| +| v4.0.3 | v7.9.3 | v1.11.0| ## Dependencies @@ -27,21 +27,24 @@ all the software products they have. ## Cookbooks -* [Wazuh Agent ](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_agent) -* [Wazuh Server (Manager, API and Filebeat)](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_server) -* [Elasticsearch](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_elastic) -* Kibana (*future version*) +* Wazuh Agent +* Wazuh Manager +* Filebeat +* Filebeat OSS +* Elastic Stack (Elasticsearch and Kibana) +* Opendistro (Elasticsearch OSS and Kibana OSS) Each cookbook has its README.md ## Roles -You can find predefined roles for a default installation of Wazuh Agent and Manager in the roles folder. +You can find predefined roles for a default installation of: -- [Wazuh Agent Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_agent.json) -- [Wazuh Server Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_server.json) -- [Wazuh Elastic Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_elastic.json) -- [Wazuh Kibana Role](https://github.com/wazuh/wazuh-chef/tree/master/roles/wazuh_kibana.json) +1. **wazuh_server**: Wazuh Manager and Filebeat +2. **wazhu_server_oss**: Wazuh Manager and Filebeat OSS +3. **wazuh_agent**: Wazuh Agent +4. **elastic_stack**: Elasticsearch and Kibana +5. **opendistro**: Elasticsearch OSS and Kiban OSS Check roles README for more information about default attributes and how to customize your installation. @@ -58,8 +61,10 @@ The easiest way to making use of these cookbooks is by including in your `Berks ```ruby cookbook "wazuh_agent", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_agent' cookbook "wazuh_server", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_manager' -cookbook 'wazuh_kibana', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_kibana' -cookbook 'wazuh_elastic', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_elastic' +cookbook 'opendistro', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/opendistro' +cookbook 'elastic-stack', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/elastic-stack' +cookbook 'filebeat', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat' +cookbook 'filebeat-oss', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat-oss' ``` You can specify tags, branches, and revisions. More info on https://docs.chef.io/berkshelf.html @@ -82,7 +87,6 @@ Example of a configuration file `api_configuration.json` before encryption: "htpasswd_user": "", "htpasswd_passcode": "" } - ``` #### Using Data Bags @@ -122,7 +126,6 @@ After encryption, the previous JSON files will have new fields that describe the } ``` - #### Using Chef Vault Chef Vault provides an easier way to manage Data bags and configure them. To configure it you can follow these steps: @@ -134,6 +137,7 @@ Chef Vault provides an easier way to manage Data bags and configure them. To con ``` knife vault create wazuh_secrets api '{"id": "api", "htpasswd_user": "user", "htpasswd_passcode": "password"}' -A "username" -C "manager-1" ``` + Where `-A` defines the workstation users authorized to modify/edit the vault and `-C` defines the nodes that have access to the defined vault. After that, the vault will be created and synced with the server. The defined nodes will store the required keys to decrypt the vault content and consume it. From acd537a50ece4ca203075b33b92af7977acf68ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 14:11:27 +0100 Subject: [PATCH 216/260] Fix command --- cookbooks/opendistro/recipes/elasticsearch.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/cookbooks/opendistro/recipes/elasticsearch.rb b/cookbooks/opendistro/recipes/elasticsearch.rb index 642862f6..e6e6df25 100644 --- a/cookbooks/opendistro/recipes/elasticsearch.rb +++ b/cookbooks/opendistro/recipes/elasticsearch.rb @@ -257,7 +257,13 @@ end execute 'Run the Elasticsearch’s securityadmin script' do - command "#{node['elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh -cd #{node['elastic']['plugins_path']}/opendistro_security/securityconfig/ -nhnv -cacert #{node['elastic']['certs_path']}/root-ca.pem -cert #{node['elastic']['certs_path']}/admin.pem -key #{node['elastic']['certs_path']}/admin.key -h #{node['elastic']['yml']['network']['host']}" + command "#{node['elastic']['plugins_path']}/opendistro_security/tools/securityadmin.sh \ + -cd #{node['elastic']['plugins_path']}/opendistro_security/securityconfig/ \ + -nhnv \ + -cacert #{node['elastic']['certs_path']}/root-ca.pem \ + -cert #{node['elastic']['certs_path']}/admin.pem \ + -key #{node['elastic']['certs_path']}/admin.key \ + -h #{node['elastic']['yml']['network']['host']}" end bash 'Waiting for elasticsearch curl response...' do From aa0a666546c53f421c012aec2d3c4c38fa41e515 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 14:14:34 +0100 Subject: [PATCH 217/260] Update README.md --- cookbooks/README.md | 117 +++++++++++++++++++++----------------------- 1 file changed, 56 insertions(+), 61 deletions(-) diff --git a/cookbooks/README.md b/cookbooks/README.md index 365bc236..ea189215 100644 --- a/cookbooks/README.md +++ b/cookbooks/README.md @@ -7,17 +7,7 @@ Requirements #### Platforms Tested on Ubuntu and CentOS, but should work on any Unix/Linux platform supported by Wazuh. Installation by default is done from packages. -These cookbooks don't configure Windows systems yet. For manual agent installation on Windows, check the [documentation](https://documentation.wazuh.com/current/installation-guide/installing-wazuh-agent/wazuh_agent_windows.html) - -#### Chef -- Chef 12+ - -#### Cookbooks Dependencies -- chef-sugar -- hostsfile -- apt -- yum -- poise-python +These cookbooks don't configure Windows systems yet. For manual agent installation on Windows, check the [documentation](https://documentation.wazuh.com/4.0/installation-guide/wazuh-agent/wazuh_agent_package_windows.html) Attributes ---------- @@ -41,10 +31,12 @@ default['ossec']['conf']['all']['syscheck']['directories'] = [ This produces: - - /bin,/sbin - /etc,/usr/bin,/usr/sbin - +```xml + + /bin,/sbin + /etc,/usr/bin,/usr/sbin + +``` ## Customize Installation @@ -52,10 +44,13 @@ This produces: If you want to add new fields to customize your installation, you can declare it as a default attribute in its respective .rb file in the attributes folder or add it manually to the role. -For example: To enable cluster configuration, the following lane would be added to ```/cookbooks/wazuh_server/attributes/cluster.rb ```. +For example: To enable cluster configuration, the following line would be changed in ```/cookbooks/wazuh_manager/attributes/cluster.rb ``` file: `````` ruby -default['ossec']['conf']['cluster']['disabled'] == false +default['ossec']['conf']['cluster'] = { + ... + 'disabled' => false +} `````` This will transform the **disabled** field of from: @@ -94,36 +89,35 @@ To: ``` - - In case you want to customize your installation using roles, you can declare attributes like this: ```json { - "name": "wazuh_server", - "description": "Wazuh Server host", - "json_class": "Chef::Role", - "default_attributes": { - "ossec": { - "cluster":{ - "disabled" : "false" - } + "name": "wazuh_server", + "description": "Wazuh Server Role", + "json_class": "Chef::Role", + "default_attributes": { + "ossec": { + "cluster":{ + "disabled" : "false" } - }, - "override_attributes": { + } + }, + "override_attributes": { - }, - "chef_type": "role", - "run_list": [ - "recipe[wazuh_server::manager]" - ], - "env_run_lists": { + }, + "chef_type": "role", + "run_list": [ + "recipe[wazuh_manager::default]", + "recipe[filebeat::default]" + ], + "env_run_lists": { - } } +} ``` -The same example applies for Wazuh Agent and it's own attributes. +The same example applies for the rest of cookbooks and it's own attributes. You can get more info about attributes and how the work on the chef documentation: https://docs.chef.io/attributes.html @@ -137,30 +131,31 @@ In order to achieve this, the following steps are required: The easiest way to achieve this is to modify the Wazuh Manager attributes in the role -``` +```json { - "name": "wazuh_server", - "description": "Wazuh Server host", - "json_class": "Chef::Role", - "default_attributes": { - "ossec": { - "centralized_configuration":{ - "enabled" : "yes", - "path": "/var/ossec/etc/shared/default", - } + "name": "wazuh_server", + "description": "Wazuh Server Role", + "json_class": "Chef::Role", + "default_attributes": { + "ossec": { + "centralized_configuration":{ + "enabled" : "yes", + "path": "/var/ossec/etc/shared/default", } + } }, - "override_attributes": { + "override_attributes": { - }, - "chef_type": "role", - "run_list": [ - "recipe[wazuh_server::manager]" - ], - "env_run_lists": { + }, + "chef_type": "role", + "run_list": [ + "recipe[wazuh_manager::default]", + "recipe[filebeat::default]" + ], + "env_run_lists": { - } } +} ``` This, will render all `['ossec']['centralized_configuration']['conf']['agent_config']` variables and convert them to XML using Gyoku @@ -169,12 +164,12 @@ For example, the following attribute: ```ruby default['ossec']['centralized_configuration']['conf']['agent_config']= [ - { "@os" => "Linux", - "localfile" => { - "location" => "/var/log/linux.log", - "log_format" => "syslog" - } - } + { "@os" => "Linux", + "localfile" => { + "location" => "/var/log/linux.log", + "log_format" => "syslog" + } + } ] ``` From eb944a1369f7c86c4d34277d8ccaf24a7b5c94fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 17:52:01 +0100 Subject: [PATCH 218/260] Fix doc README.md --- README.md | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index e3b79973..5f5de781 100644 --- a/README.md +++ b/README.md @@ -27,14 +27,12 @@ all the software products they have. ## Cookbooks -* Wazuh Agent -* Wazuh Manager -* Filebeat -* Filebeat OSS -* Elastic Stack (Elasticsearch and Kibana) -* Opendistro (Elasticsearch OSS and Kibana OSS) - -Each cookbook has its README.md +* [Wazuh Agent](cookbooks/wazuh_agent) +* [Wazuh Manager](cookbooks/wazuh_manager) +* [Filebeat](cookbooks/filebeat) +* [Filebeat OSS](cookbooks/filebeat-oss) +* [Elastic Stack (Elasticsearch and Kibana)](cookbooks/elastic-stack) +* [Opendistro (Elasticsearch OSS and Kibana OSS)](cookbooks/opendistro) ## Roles @@ -61,10 +59,10 @@ The easiest way to making use of these cookbooks is by including in your `Berks ```ruby cookbook "wazuh_agent", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_agent' cookbook "wazuh_server", git: "https://github.com/wazuh/wazuh-chef.git", rel: 'cookbooks/wazuh_manager' -cookbook 'opendistro', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/opendistro' -cookbook 'elastic-stack', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/elastic-stack' -cookbook 'filebeat', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat' -cookbook 'filebeat-oss', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat-oss' +cookbook 'opendistro', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/opendistro' +cookbook 'elastic-stack', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/elastic-stack' +cookbook 'filebeat', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat' +cookbook 'filebeat-oss', git: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/filebeat-oss' ``` You can specify tags, branches, and revisions. More info on https://docs.chef.io/berkshelf.html From 89c72ced3634128d6bd4636842b34af04c63e0cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 18:13:49 +0100 Subject: [PATCH 219/260] Remove comments --- cookbooks/elastic-stack/recipes/default.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/cookbooks/elastic-stack/recipes/default.rb b/cookbooks/elastic-stack/recipes/default.rb index a5da2019..b0cf847a 100644 --- a/cookbooks/elastic-stack/recipes/default.rb +++ b/cookbooks/elastic-stack/recipes/default.rb @@ -8,5 +8,3 @@ include_recipe 'elastic-stack::repository' include_recipe 'elastic-stack::elasticsearch' include_recipe 'elastic-stack::kibana' -# include_recipe 'wazuh_manager::default' -# include_recipe 'filebeat::default' From ec1dbca44d0602182b62a863cb0ae93d5ad2fcec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 28 Dec 2020 18:14:20 +0100 Subject: [PATCH 220/260] Change 4.0 to current --- cookbooks/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cookbooks/README.md b/cookbooks/README.md index ea189215..15a239a5 100644 --- a/cookbooks/README.md +++ b/cookbooks/README.md @@ -7,7 +7,7 @@ Requirements #### Platforms Tested on Ubuntu and CentOS, but should work on any Unix/Linux platform supported by Wazuh. Installation by default is done from packages. -These cookbooks don't configure Windows systems yet. For manual agent installation on Windows, check the [documentation](https://documentation.wazuh.com/4.0/installation-guide/wazuh-agent/wazuh_agent_package_windows.html) +These cookbooks don't configure Windows systems yet. For manual agent installation on Windows, check the [documentation](https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh_agent_package_windows.html) Attributes ---------- @@ -44,7 +44,7 @@ This produces: If you want to add new fields to customize your installation, you can declare it as a default attribute in its respective .rb file in the attributes folder or add it manually to the role. -For example: To enable cluster configuration, the following line would be changed in ```/cookbooks/wazuh_manager/attributes/cluster.rb ``` file: +For example: To enable cluster configuration, the following line would be replaced in ```/cookbooks/wazuh_manager/attributes/cluster.rb ``` file: `````` ruby default['ossec']['conf']['cluster'] = { From b1799d20842c8901e01934594c3a97c4d57091dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 29 Dec 2020 09:32:42 +0100 Subject: [PATCH 221/260] Change File to Dir resource and log comment --- cookbooks/filebeat-oss/recipes/filebeat.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cookbooks/filebeat-oss/recipes/filebeat.rb b/cookbooks/filebeat-oss/recipes/filebeat.rb index cb14aa22..1c9243df 100644 --- a/cookbooks/filebeat-oss/recipes/filebeat.rb +++ b/cookbooks/filebeat-oss/recipes/filebeat.rb @@ -63,7 +63,7 @@ ruby_block 'Copy certificate files' do block do - if File.exist?("#{node['elastic']['certs_path']}") + if Dir.exist?("#{node['elastic']['certs_path']}") IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.pem", "#{node['filebeat']['certs_path']}/filebeat.pem") IO.copy_stream("#{node['elastic']['certs_path']}/filebeat.key", "#{node['filebeat']['certs_path']}/filebeat.key") IO.copy_stream("#{node['elastic']['certs_path']}/root-ca.pem", "#{node['filebeat']['certs_path']}/root-ca.pem") @@ -75,8 +75,8 @@ - #{node['elastic']['certs_path']}/root-ca.pem Then run as sudo: - systemctl daemon-reload - - systemctl enable kibana - - systemctl start kibana") + - systemctl enable filebeat + - systemctl start filebeat") end end action :run From be5d15189c96e661e1bc0b8deb79ee0751294771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 29 Dec 2020 09:33:02 +0100 Subject: [PATCH 222/260] Update README.md --- cookbooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/README.md b/cookbooks/README.md index 15a239a5..5964cc32 100644 --- a/cookbooks/README.md +++ b/cookbooks/README.md @@ -123,7 +123,7 @@ You can get more info about attributes and how the work on the chef documentatio ### Centralized Configuration -You can configure your Wazuh [Centralized Configuration](https://documentation.wazuh.com/4.0/user-manual/reference/centralized-configuration.html#centralized-configuration-process) with Chef. +You can set up your Wazuh [Centralized Configuration](https://documentation.wazuh.com/4.0/user-manual/reference/centralized-configuration.html#centralized-configuration-process) with Chef. In order to achieve this, the following steps are required: From e6ff1fe36440f088a02c6235fedef0049f820235 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Tue, 29 Dec 2020 20:02:06 +0100 Subject: [PATCH 223/260] Check service is installed, enabled and running --- .../test/integration/opendistro/elasticsearch_test.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb index c2925682..ab1ae9fb 100644 --- a/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb +++ b/cookbooks/opendistro/test/integration/opendistro/elasticsearch_test.rb @@ -58,7 +58,10 @@ end describe service('elasticsearch') do + it { should be_installed } + it { should be_enabled} it { should be_running } + end describe port(9200) do From f9edb721d09fe21337a24dc6bfa485f03ef01dc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 12:59:45 +0100 Subject: [PATCH 224/260] Add gh action manager-agent --- .../actions/test_manager_and_agent/Dockerfile | 14 +++++++ .../actions/test_manager_and_agent/action.yml | 5 +++ .../test_manager_and_agent/entrypoint.sh | 42 +++++++++++++++++++ .github/workflows/manager_agent.yml | 22 ++++++++++ 4 files changed, 83 insertions(+) create mode 100644 .github/actions/test_manager_and_agent/Dockerfile create mode 100644 .github/actions/test_manager_and_agent/action.yml create mode 100644 .github/actions/test_manager_and_agent/entrypoint.sh create mode 100644 .github/workflows/manager_agent.yml diff --git a/.github/actions/test_manager_and_agent/Dockerfile b/.github/actions/test_manager_and_agent/Dockerfile new file mode 100644 index 00000000..b73da031 --- /dev/null +++ b/.github/actions/test_manager_and_agent/Dockerfile @@ -0,0 +1,14 @@ +FROM chef/chefworkstation + +LABEL "maintainer"="Wazuh" +LABEL "version"="0.0.1" +LABEL "repository"="https://github.com/wazuh/wazuh-chef" +LABEL "name"="Wazuh Chef Dockerfile" + +# Adding systemd compatibility. +VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock" ] + +COPY entrypoint.sh /entrypoint.sh +RUN chmod 755 /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] + diff --git a/.github/actions/test_manager_and_agent/action.yml b/.github/actions/test_manager_and_agent/action.yml new file mode 100644 index 00000000..b0af3f77 --- /dev/null +++ b/.github/actions/test_manager_and_agent/action.yml @@ -0,0 +1,5 @@ +name: kitchen-test +description: Test Wazuh manager and agent +runs: + using: docker + image: 'Dockerfile' \ No newline at end of file diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh new file mode 100644 index 00000000..02e496c1 --- /dev/null +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -0,0 +1,42 @@ +#! /usr/bin/env bash +set -e + +echo "Env var value: PLATFORM " +echo $PLATFORM +echo "Env var value: RELEASE" +echo $RELEASE + +echo "Installing dependencies" +chef gem install test-kitchen +chef gem install kitchen-dokken +chef gem install kitchen-inspec + +echo "Kitchen create manager..." +kitchen create wazuh-manager-$PLATFORM-$RELEASE + +container-id="$(docker ps -aqf \"name=wazuh-manager-$PLATFORM-$RELEASE$\")" + +echo "Getting Wazuh managers IPs to the agents" +manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $container_id)" + +echo "wazuh-manager IP" +echo $manager_ip + +echo "Kitchen converge manager ..." +kitchen converge wazuh-manager-$PLATFORM-$RELEASE + +echo "Sleeping while the agent is starting" +sleep 15 + +echo "Kitchen create agent..." +kitchen create wazuh-agent-$PLATFORM-$RELEASE + +echo "Kitchen converge agent..." +kitchen converge wazuh-agent-$PLATFORM-$RELEASE + +echo "Change IP manager address in ossec.conf..." +kitchen exec wazuh-agent-$PLATFORM-$RELEASE -c "sed -i \"s/
*<\/address>/
${manager_ip}<\/address>/g\" ossec.conf" + +echo "Connect agent with manager" +kitchen exec +/bin/bash \ No newline at end of file diff --git a/.github/workflows/manager_agent.yml b/.github/workflows/manager_agent.yml new file mode 100644 index 00000000..2d3fb6af --- /dev/null +++ b/.github/workflows/manager_agent.yml @@ -0,0 +1,22 @@ +name: Wazuh Chef - Manager and Agnet test + +on: + push: + branches: + - feature-cookbooks + pull_request: + branches: + - feature-cookbooks + +jobs: + manager-and-agent: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + - name: CentOS 8 - (Manager + Agent) + uses: './.github/actions/test_manager_and_agent' + env: + PLATFORM: centos + RELEASE: 8 + \ No newline at end of file From bcf2bb8486fac9d23c83eb81c14ed9eda30409bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 13:00:04 +0100 Subject: [PATCH 225/260] Fix role name --- roles/elastic_stack.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/elastic_stack.json b/roles/elastic_stack.json index 1a75bf17..36fc7229 100644 --- a/roles/elastic_stack.json +++ b/roles/elastic_stack.json @@ -1,5 +1,5 @@ { - "name": "wazuh_elastic", + "name": "elastic_stack", "description": "Elastic Stack Role", "json_class": "Chef::Role", "default_attributes": { From d9b06438a05ff33fd41299be476a3ebb69387fbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 13:00:42 +0100 Subject: [PATCH 226/260] Remove dockerfile and entrypoint.sh --- Dockerfile | 11 ----------- entrypoint.sh | 14 -------------- 2 files changed, 25 deletions(-) delete mode 100644 Dockerfile delete mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index ef2f6e11..00000000 --- a/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM chef/chefworkstation - -LABEL "maintainer"="Wazuh" -LABEL "version"="0.0.1" -LABEL "repository"="https://github.com/wazuh/wazuh-chef" -LABEL "name"="Wazuh Chef Dockerfile" - -COPY entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] - diff --git a/entrypoint.sh b/entrypoint.sh deleted file mode 100644 index 70f22dc4..00000000 --- a/entrypoint.sh +++ /dev/null @@ -1,14 +0,0 @@ -#! /usr/bin/env bash - -RESPOSITORY="wazuh-chef" -BRANCH="feature-cookbooks" - -echo "Clone wazuh-chef repository" -git clone https://github.com/wazuh/${RESPOSITORY}.git -cd ${RESPOSITORY} -git checkout ${BRANCH} - -echo "List kitchen instances" -kitchen list - -/bin/bash \ No newline at end of file From 7fae6ea7a05360151934ceac094d9afc1e43b1ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 13:47:37 +0100 Subject: [PATCH 227/260] Fix gh action --- .github/actions/test_manager_and_agent/entrypoint.sh | 6 +++--- .github/workflows/manager_agent.yml | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index 02e496c1..cd86f97a 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -6,10 +6,10 @@ echo $PLATFORM echo "Env var value: RELEASE" echo $RELEASE +cd kitchen + echo "Installing dependencies" -chef gem install test-kitchen -chef gem install kitchen-dokken -chef gem install kitchen-inspec +bundle install echo "Kitchen create manager..." kitchen create wazuh-manager-$PLATFORM-$RELEASE diff --git a/.github/workflows/manager_agent.yml b/.github/workflows/manager_agent.yml index 2d3fb6af..2d31f680 100644 --- a/.github/workflows/manager_agent.yml +++ b/.github/workflows/manager_agent.yml @@ -19,4 +19,6 @@ jobs: env: PLATFORM: centos RELEASE: 8 + IMAGE: centos:8 + RUN_COMMAND: /sbin/init \ No newline at end of file From 8fb4ba9a3b2e073331f9d542a4fd8ff26952fb8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 13:47:51 +0100 Subject: [PATCH 228/260] Add kitchen-docker --- kitchen/Berksfile | 14 ++++++++ .../kitchen.vagrant.yml | 0 kitchen/kitchen.yml | 35 +++++++++++++++++++ 3 files changed, 49 insertions(+) create mode 100644 kitchen/Berksfile rename kitchen-vagrant/kitchen.yml => kitchen/kitchen.vagrant.yml (100%) create mode 100644 kitchen/kitchen.yml diff --git a/kitchen/Berksfile b/kitchen/Berksfile new file mode 100644 index 00000000..ed6d5438 --- /dev/null +++ b/kitchen/Berksfile @@ -0,0 +1,14 @@ +source 'https://supermarket.chef.io' + +metadata + +group 'cookbooks' do + cookbook 'elastic-stack', path: '../cookbooks/elastic-stack' + cookbook 'opendistro', path: '../cookbooks/opendistro' + cookbook 'filebeat', path: '../cookbooks/filebeat' + cookbook 'filebeat-oss', path: '../cookbooks/filebeat-oss' + cookbook 'wazuh_agent', path: '../cookbooks/wazuh_agent' + cookbook 'wazuh_manager', path: '../cookbooks/wazuh_manager' +end + + diff --git a/kitchen-vagrant/kitchen.yml b/kitchen/kitchen.vagrant.yml similarity index 100% rename from kitchen-vagrant/kitchen.yml rename to kitchen/kitchen.vagrant.yml diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml new file mode 100644 index 00000000..b8e95d39 --- /dev/null +++ b/kitchen/kitchen.yml @@ -0,0 +1,35 @@ +driver: + name: docker + use_sudo: false + use_internal_docker_network: true + remove_images: true + +transport: + name: docker + +provisioner: + chef_license: accept + +verifier: + name: inspec + +platforms: + - name: <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %> + driver_config: + image: <%= ENV['IMAGE'] %> + platform: <%= ENV['PLATFORM'] %> + hostname: manager_<%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %> + run_command: <%= ENV['RUN_COMMAND'] %> + privileged: true + volume: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + +suites: + - name: wazuh_server + run_list: + - recipe[wazuh_manager::default] + - recipe[filebeat::default] + + - name: wazuh_agent + run_list: + - recipe[wazuh_agent::default] \ No newline at end of file From 9057eb552c8550eb6e01929247c9bc484a20701c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 13:51:08 +0100 Subject: [PATCH 229/260] Add dependancies with chef --- .github/actions/test_manager_and_agent/entrypoint.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index cd86f97a..3224f223 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -9,7 +9,10 @@ echo $RELEASE cd kitchen echo "Installing dependencies" -bundle install +chef gem install kitchen-docker +chef gem install test-kitchen +chef gem install kitchen-inspec +chef gem install inspec echo "Kitchen create manager..." kitchen create wazuh-manager-$PLATFORM-$RELEASE From 26b1934bcf00296f50b2910a939357a94809a547 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 14:04:51 +0100 Subject: [PATCH 230/260] Accept chef license --- .github/actions/test_manager_and_agent/entrypoint.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index 3224f223..0369aa1c 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -9,7 +9,8 @@ echo $RELEASE cd kitchen echo "Installing dependencies" -chef gem install kitchen-docker +chef env --chef-license accept +chef gem install kitchen-docker chef gem install test-kitchen chef gem install kitchen-inspec chef gem install inspec From 6275522c5a45d3b0392fe2acae6c3d94dfa828ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 14:09:43 +0100 Subject: [PATCH 231/260] Install docker entrypoint.sh --- .github/actions/test_manager_and_agent/entrypoint.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index 0369aa1c..56e48cc6 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -15,6 +15,10 @@ chef gem install test-kitchen chef gem install kitchen-inspec chef gem install inspec +echo "Install docker..." +curl -fsSL https://get.docker.com -o get-docker.sh +sh get-docker.sh + echo "Kitchen create manager..." kitchen create wazuh-manager-$PLATFORM-$RELEASE From c75bcb08049f1150d77cda3ee2074c7fc6a7e8b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 14:21:16 +0100 Subject: [PATCH 232/260] Fix bash command and initialize MANAGER_IP --- .../test_manager_and_agent/entrypoint.sh | 19 ++++++++++--------- kitchen/kitchen.yml | 5 ++++- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index 56e48cc6..d8202c48 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -20,15 +20,17 @@ curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh echo "Kitchen create manager..." -kitchen create wazuh-manager-$PLATFORM-$RELEASE +kitchen create wazuh-server-$PLATFORM-$RELEASE -container-id="$(docker ps -aqf \"name=wazuh-manager-$PLATFORM-$RELEASE$\")" +echo "Getting wazuh-server-$PLATFORM-$RELEASE container ID" +container_id="$(docker ps -aqf "name=wazuh-server-$PLATFORM-$RELEASE$")" -echo "Getting Wazuh managers IPs to the agents" +echo "Getting Wazuh managers IP" manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $container_id)" echo "wazuh-manager IP" echo $manager_ip +MANAGER_IP=$manager_ip echo "Kitchen converge manager ..." kitchen converge wazuh-manager-$PLATFORM-$RELEASE @@ -42,9 +44,8 @@ kitchen create wazuh-agent-$PLATFORM-$RELEASE echo "Kitchen converge agent..." kitchen converge wazuh-agent-$PLATFORM-$RELEASE -echo "Change IP manager address in ossec.conf..." -kitchen exec wazuh-agent-$PLATFORM-$RELEASE -c "sed -i \"s/
*<\/address>/
${manager_ip}<\/address>/g\" ossec.conf" - -echo "Connect agent with manager" -kitchen exec -/bin/bash \ No newline at end of file +#echo "Change IP manager address in ossec.conf..." +#kitchen exec wazuh-agent-$PLATFORM-$RELEASE -c "sed -i \"s/
*<\/address>/
${manager_ip}<\/address>/g\" ossec.conf" +# +#echo "Connect agent with manager" +#kitchen converge \ No newline at end of file diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index b8e95d39..d97a178f 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -32,4 +32,7 @@ suites: - name: wazuh_agent run_list: - - recipe[wazuh_agent::default] \ No newline at end of file + - recipe[wazuh_agent::default] + atttributes: + ossec: + address: <%= ENV['MANAGER_IP'] %> \ No newline at end of file From f25114f52c0596bedf33cabbaf9a7f76d8088587 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 14:33:27 +0100 Subject: [PATCH 233/260] Debug entrypoint.sh --- .github/actions/test_manager_and_agent/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index d8202c48..09497731 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -22,11 +22,11 @@ sh get-docker.sh echo "Kitchen create manager..." kitchen create wazuh-server-$PLATFORM-$RELEASE -echo "Getting wazuh-server-$PLATFORM-$RELEASE container ID" container_id="$(docker ps -aqf "name=wazuh-server-$PLATFORM-$RELEASE$")" +echo "Getting wazuh-server-$PLATFORM-$RELEASE container ID: $container_id" -echo "Getting Wazuh managers IP" manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $container_id)" +echo "Getting Wazuh managers IP: $manager_ip" echo "wazuh-manager IP" echo $manager_ip From 2d58cee6deebe8e48965ef5e1df47662d868fc90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 14:44:17 +0100 Subject: [PATCH 234/260] Fix bash command get ip --- .github/actions/test_manager_and_agent/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index 09497731..48dd602b 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -25,7 +25,7 @@ kitchen create wazuh-server-$PLATFORM-$RELEASE container_id="$(docker ps -aqf "name=wazuh-server-$PLATFORM-$RELEASE$")" echo "Getting wazuh-server-$PLATFORM-$RELEASE container ID: $container_id" -manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $container_id)" +manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' `docker ps | awk '{print $NF}' | grep wazuh-server`)" echo "Getting Wazuh managers IP: $manager_ip" echo "wazuh-manager IP" From 1674c3a019d15de4fed10fa2621cc5d80a12d22e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 14:44:28 +0100 Subject: [PATCH 235/260] Fix workflow name --- .github/workflows/manager_agent.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/manager_agent.yml b/.github/workflows/manager_agent.yml index 2d31f680..10a43dc8 100644 --- a/.github/workflows/manager_agent.yml +++ b/.github/workflows/manager_agent.yml @@ -1,4 +1,4 @@ -name: Wazuh Chef - Manager and Agnet test +name: Wazuh Chef - Manager and Agent test on: push: From ba89686d46636ec4e2c2b2176a13a0224bf332c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 16:44:03 +0100 Subject: [PATCH 236/260] Update gh action test_manager_agent --- .../test_manager_and_agent/entrypoint.sh | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index 48dd602b..e42ad35c 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -1,6 +1,8 @@ #! /usr/bin/env bash set -e +echo "Env var value: IMAGE " +echo $IMAGE echo "Env var value: PLATFORM " echo $PLATFORM echo "Env var value: RELEASE" @@ -10,10 +12,9 @@ cd kitchen echo "Installing dependencies" chef env --chef-license accept -chef gem install kitchen-docker -chef gem install test-kitchen +chef gem install kitchen-docker -v 2.3 +chef gem install test-kitchen chef gem install kitchen-inspec -chef gem install inspec echo "Install docker..." curl -fsSL https://get.docker.com -o get-docker.sh @@ -22,15 +23,9 @@ sh get-docker.sh echo "Kitchen create manager..." kitchen create wazuh-server-$PLATFORM-$RELEASE -container_id="$(docker ps -aqf "name=wazuh-server-$PLATFORM-$RELEASE$")" -echo "Getting wazuh-server-$PLATFORM-$RELEASE container ID: $container_id" - manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' `docker ps | awk '{print $NF}' | grep wazuh-server`)" -echo "Getting Wazuh managers IP: $manager_ip" - -echo "wazuh-manager IP" -echo $manager_ip -MANAGER_IP=$manager_ip +export MANAGER_IP=$manager_ip +echo "Getting Wazuh manager IP: $manager_ip" echo "Kitchen converge manager ..." kitchen converge wazuh-manager-$PLATFORM-$RELEASE From 1b897ae70b2200c54fe67f06e588e80a7b17a3af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Wed, 30 Dec 2020 16:44:41 +0100 Subject: [PATCH 237/260] Remove transport --- kitchen/kitchen.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index d97a178f..394e7add 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -4,9 +4,6 @@ driver: use_internal_docker_network: true remove_images: true -transport: - name: docker - provisioner: chef_license: accept From 74b9869044b43b0e9f47c6d4bc65c723a94a6c30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 31 Dec 2020 13:19:59 +0100 Subject: [PATCH 238/260] Add Dockerfile wazuh-chef --- .../actions/test_manager_and_agent/Dockerfile | 30 +++++++++++++++++-- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/.github/actions/test_manager_and_agent/Dockerfile b/.github/actions/test_manager_and_agent/Dockerfile index b73da031..ea0e9b56 100644 --- a/.github/actions/test_manager_and_agent/Dockerfile +++ b/.github/actions/test_manager_and_agent/Dockerfile @@ -1,12 +1,36 @@ -FROM chef/chefworkstation +FROM ruby LABEL "maintainer"="Wazuh" LABEL "version"="0.0.1" LABEL "repository"="https://github.com/wazuh/wazuh-chef" LABEL "name"="Wazuh Chef Dockerfile" -# Adding systemd compatibility. -VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock" ] +RUN apt-get update && apt install docker.io git curl wget -y && \ + apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +RUN gem install kitchen-docker && \ + gem install rbnacl && \ + gem install rbnacl-libsodium && \ + gem install bcrypt_pbkdf && \ + gem install berkshelf && \ + gem install httpclient + +RUN cd $HOME && \ + git clone https://github.com/wazuh/wazuh-qa.git && \ + cd $HOME/wazuh-qa && \ + git fetch --all && \ + git checkout devel && \ + git pull origin devel + +RUN cd $HOME/wazuh-qa/kitchen/wazuh-chef/ && \ + bundle install + +RUN gem_name=`ls /usr/local/bundle/gems | grep 'kitchen-docker'` && \ + rm -rf /usr/local/bundle/gems/$gem_name/* && \ + cp -rf $HOME/wazuh-qa/kitchen/kitchen-docker/* /usr/local/bundle/gems/$gem_name/ + +# Standard SSH port +EXPOSE 22 COPY entrypoint.sh /entrypoint.sh RUN chmod 755 /entrypoint.sh From caab807bb505daf84345a5c1f4b8c8cbcd33f5a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 31 Dec 2020 13:20:36 +0100 Subject: [PATCH 239/260] Update entrypoint.sh --- .../test_manager_and_agent/entrypoint.sh | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index e42ad35c..a92fb4cf 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -8,17 +8,20 @@ echo $PLATFORM echo "Env var value: RELEASE" echo $RELEASE -cd kitchen +echo "Clone wazuh-chef repository" +git clone https://github.com/wazuh/wazuh-chef.git && \ +cd wazuh-chef && \ +git fetch --all && \ +git checkout feature-cookbooks && \ +git pull origin feature-cookbooks + +echo "Accept chef license" +chef env --chef-license accept echo "Installing dependencies" -chef env --chef-license accept -chef gem install kitchen-docker -v 2.3 -chef gem install test-kitchen -chef gem install kitchen-inspec +bundle install --without vagrant -echo "Install docker..." -curl -fsSL https://get.docker.com -o get-docker.sh -sh get-docker.sh +cd kitchen echo "Kitchen create manager..." kitchen create wazuh-server-$PLATFORM-$RELEASE From 2e142853456584afc8e8d234b46bbe431ed38045 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 31 Dec 2020 13:20:54 +0100 Subject: [PATCH 240/260] Update kitchen.yml --- kitchen/kitchen.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 394e7add..acf4055a 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -3,33 +3,35 @@ driver: use_sudo: false use_internal_docker_network: true remove_images: true + use_cache: false provisioner: - chef_license: accept - -verifier: - name: inspec + name: chef_zero + chef_license: accept-no-persist platforms: - - name: <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %> + - name: <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_kitchen_chef driver_config: image: <%= ENV['IMAGE'] %> platform: <%= ENV['PLATFORM'] %> - hostname: manager_<%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %> + publish_all: true run_command: <%= ENV['RUN_COMMAND'] %> privileged: true volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro + provision_command: + - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config + - awk -F= '/^NAME/{print $2}' /etc/os-release | grep -qi 'debian\|ubuntu' && apt-get install -y apt-transport-https gnupg2 ca-certificates|| yum install -y openssl suites: - - name: wazuh_server + - name: manager run_list: - recipe[wazuh_manager::default] - recipe[filebeat::default] - - name: wazuh_agent + - name: agent run_list: - recipe[wazuh_agent::default] - atttributes: + attributes: ossec: address: <%= ENV['MANAGER_IP'] %> \ No newline at end of file From 00da7747fe7658d2bed9b70fdece3ff17ace2335 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 31 Dec 2020 13:30:39 +0100 Subject: [PATCH 241/260] Remove cehf lciense acept --- .github/actions/test_manager_and_agent/entrypoint.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh index a92fb4cf..e8aad8ec 100644 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ b/.github/actions/test_manager_and_agent/entrypoint.sh @@ -15,9 +15,6 @@ git fetch --all && \ git checkout feature-cookbooks && \ git pull origin feature-cookbooks -echo "Accept chef license" -chef env --chef-license accept - echo "Installing dependencies" bundle install --without vagrant From e02ab4e4c4af15f5fbebe7cb0de676da382de260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 31 Dec 2020 13:48:58 +0100 Subject: [PATCH 242/260] Groupd drivers gem --- Gemfile | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index f627c39c..b821f9f9 100644 --- a/Gemfile +++ b/Gemfile @@ -9,10 +9,8 @@ group :kitchen do gem 'kitchen-inspec' end -group :dokken do - gem 'kitchen-dokken' -end - -group :vagrant do +group :drivers do + gem 'kitchen-docker' gem 'kitchen-vagrant' + gem 'kitchen-dokken' end \ No newline at end of file From 49d9ab79200b77c6c985ded9aed6cbc02301a9a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 31 Dec 2020 14:11:47 +0100 Subject: [PATCH 243/260] Update kitchen.yml --- kitchen/kitchen.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index acf4055a..9bc7730f 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -10,7 +10,7 @@ provisioner: chef_license: accept-no-persist platforms: - - name: <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %>_kitchen_chef + - name: <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %> driver_config: image: <%= ENV['IMAGE'] %> platform: <%= ENV['PLATFORM'] %> @@ -19,17 +19,14 @@ platforms: privileged: true volume: - /sys/fs/cgroup:/sys/fs/cgroup:ro - provision_command: - - sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config - - awk -F= '/^NAME/{print $2}' /etc/os-release | grep -qi 'debian\|ubuntu' && apt-get install -y apt-transport-https gnupg2 ca-certificates|| yum install -y openssl - + suites: - - name: manager + - name: wazuh-manager run_list: - recipe[wazuh_manager::default] - recipe[filebeat::default] - - name: agent + - name: wazuh-agent run_list: - recipe[wazuh_agent::default] attributes: From 6c8d7f0546e4ab41b6736cf231b37189c312ce1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Thu, 31 Dec 2020 14:13:00 +0100 Subject: [PATCH 244/260] Update manger to server --- kitchen/kitchen.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 9bc7730f..5cd7bbb6 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -21,7 +21,7 @@ platforms: - /sys/fs/cgroup:/sys/fs/cgroup:ro suites: - - name: wazuh-manager + - name: wazuh-server run_list: - recipe[wazuh_manager::default] - recipe[filebeat::default] From 85ab7d7c9705e986f05675eccdbf564cb66a8b1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 4 Jan 2021 07:43:18 +0100 Subject: [PATCH 245/260] Add test files --- test/Dockerfile | 17 +++++++++++++++++ test/entrypoint.sh | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 test/Dockerfile create mode 100644 test/entrypoint.sh diff --git a/test/Dockerfile b/test/Dockerfile new file mode 100644 index 00000000..15945655 --- /dev/null +++ b/test/Dockerfile @@ -0,0 +1,17 @@ +FROM chef/chefworkstation + +RUN curl -fsSL https://get.docker.com -o get-docker.sh && \ + sh get-docker.sh + +RUN cd $HOME && \ + git clone https://github.com/wazuh/wazuh-chef.git && \ + cd wazuh-chef && \ + git fetch --all + +RUN gem install test-kitchen && \ + gem install kitchen-inspec && \ + gem install kitchen-docker -v 2.3 + +COPY entrypoint.sh /entrypoint.sh +RUN chmod 755 /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/test/entrypoint.sh b/test/entrypoint.sh new file mode 100644 index 00000000..ba893cb2 --- /dev/null +++ b/test/entrypoint.sh @@ -0,0 +1,38 @@ +#! /usr/bin/env bash +set -e + +echo "Get into feature-cookbooks" +cd $HOME/wazuh-chef && \ +git checkout feature-cookbooks && \ +git pull origin feature-cookbooks + +#echo "Installing dependencies" +#bundle install + +export PLATFORM="centos" +export RELEASE="8" +export IMAGE="centos:8" +export RUN_COMMAND="/sbin/init" + +cd kitchen + +echo "List kitchen instances" +kitchen list + +/bin/bash + +#echo "Kitchen create manager..." +#kitchen create wazuh-server-$PLATFORM-$RELEASE +# +#manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' `docker ps | awk '{print $NF}' | grep wazuh-server`)" +#export MANAGER_IP=$manager_ip +#echo "Getting Wazuh manager IP: $manager_ip" +# +#echo "Kitchen converge manager ..." +#kitchen converge wazuh-manager-$PLATFORM-$RELEASE +# +#echo "Kitchen create agent..." +#kitchen create wazuh-agent-$PLATFORM-$RELEASE +# +#echo "Kitchen converge agent..." +#kitchen converge wazuh-agent-$PLATFORM-$RELEASE \ No newline at end of file From 2f36b1903b4705ccd5831559d03aa97de44df8d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa=20Prados?= Date: Mon, 4 Jan 2021 07:43:36 +0100 Subject: [PATCH 246/260] Update manager_agent.yml --- .github/workflows/manager_agent.yml | 30 +++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/.github/workflows/manager_agent.yml b/.github/workflows/manager_agent.yml index 10a43dc8..87df6cf2 100644 --- a/.github/workflows/manager_agent.yml +++ b/.github/workflows/manager_agent.yml @@ -1,4 +1,4 @@ -name: Wazuh Chef - Manager and Agent test +name: Kitchen tests for Wazuh Chef on: push: @@ -9,16 +9,22 @@ on: - feature-cookbooks jobs: - manager-and-agent: + wazuh-manager: runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v2 - - name: CentOS 8 - (Manager + Agent) - uses: './.github/actions/test_manager_and_agent' - env: - PLATFORM: centos - RELEASE: 8 - IMAGE: centos:8 - RUN_COMMAND: /sbin/init - \ No newline at end of file + - name: Check out code + uses: actions/checkout@v2 + - name: Install Chef + uses: actionshub/chef-install@main + - name: Test ${{ matrix.suite }} cookbook + uses: actionshub/test-kitchen@main + env: + CHEF_LICENSE: accept-no-persist + KITCHEN_LOCAL_YAML: kitchen.yml + with: + suite: wazuh-manager + os: centos-8 + action: converge + wazuh-agent: + runs-on: ubuntu-latest + needs: wazuh-manager \ No newline at end of file From bf705c301f52ac22d6542b5f37e6eff86c644f58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 09:42:13 +0100 Subject: [PATCH 247/260] Comment dev gems --- Gemfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Gemfile b/Gemfile index b821f9f9..1c52615d 100644 --- a/Gemfile +++ b/Gemfile @@ -1,8 +1,8 @@ source 'https://rubygems.org' -group :lint do - gem 'rubocop' -end +#group :lint do +# gem 'rubocop' +#end group :kitchen do gem 'test-kitchen' @@ -10,7 +10,7 @@ group :kitchen do end group :drivers do - gem 'kitchen-docker' - gem 'kitchen-vagrant' + #gem 'kitchen-docker' + #gem 'kitchen-vagrant' gem 'kitchen-dokken' end \ No newline at end of file From 3a0ca7c737ee29b764d77c521f12839b22063ce0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 10:04:37 +0100 Subject: [PATCH 248/260] Fix PR request changes --- README.md | 11 +++++++---- cookbooks/README.md | 2 +- cookbooks/elastic-stack/README.md | 8 ++++---- cookbooks/filebeat-oss/README.md | 2 +- .../integration/filebeat-oss/filebeat-oss_test.rb | 6 ++++++ cookbooks/filebeat/README.md | 2 +- .../test/integration/filebeat/filebeat_test.rb | 2 ++ cookbooks/opendistro/README.md | 2 +- cookbooks/opendistro/templates/elasticsearch.yml.erb | 2 +- cookbooks/opendistro/templates/search-guard.yml.erb | 2 +- .../test/integration/wazuh_agent/agent_test.rb | 2 ++ cookbooks/wazuh_manager/README.md | 6 +++--- .../test/integration/wazuh_manager/manager_test.rb | 2 ++ 13 files changed, 32 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 5f5de781..040e865a 100644 --- a/README.md +++ b/README.md @@ -15,15 +15,18 @@ Deploy the Wazuh platform using Chef cookbooks. Chef recipes are prepared for in ## Dependencies -Every cookbook will install its own required dependencies, *Berksfile* and *metadata.rb* contains all the information about which dependencies will be installed. +All the dependencies necessary to install cookbooks are listed inside the following files: +- *Berksfile*: has defined the cookbooks path for Kitchen tests +- *metadata.rb*: minimum distributions verions +- *Gemfile.rb*: Ruby gems for testing There is software that must be installed to ensure the correct installation. ## Chef Chef gives plenty of software packages solution depending on how you want to distribute the software. Please -refer to the [platform overview documentation](https://docs.chef.io/platform_overview/) to know -all the software products they have. +refer to the [platform overview documentation](https://docs.chef.io/platform_overview/) for further information. +We recommend using Chef Workstation for testing. ## Cookbooks @@ -152,7 +155,7 @@ manager IP address: "address": "" ``` -Since Wazuh 4.0, by default, the agent registers automatically with the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html#reference-ossec-client). +Since Wazuh 4.0, by default, the agent registers automatically with the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#reference-ossec-client). ## Contribute diff --git a/cookbooks/README.md b/cookbooks/README.md index 5964cc32..b3fde0b0 100644 --- a/cookbooks/README.md +++ b/cookbooks/README.md @@ -123,7 +123,7 @@ You can get more info about attributes and how the work on the chef documentatio ### Centralized Configuration -You can set up your Wazuh [Centralized Configuration](https://documentation.wazuh.com/4.0/user-manual/reference/centralized-configuration.html#centralized-configuration-process) with Chef. +You can set up your Wazuh [Centralized Configuration](https://documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html#centralized-configuration-process) with Chef. In order to achieve this, the following steps are required: diff --git a/cookbooks/elastic-stack/README.md b/cookbooks/elastic-stack/README.md index ce3e040c..d47ef2cb 100644 --- a/cookbooks/elastic-stack/README.md +++ b/cookbooks/elastic-stack/README.md @@ -66,14 +66,14 @@ In order to make Chef compatible Elasticsearch 7.x, two new attributes could be - `['elastic']['yml']['discovery']['seed_hosts']: "` - `['elastic']['yml']['discovery']['seed_providers']: "` - `['elastic']['yml']['discovery']['type']: single-node"` -2. `['elastic']['yml']['cluster']['initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. You can declare it like: +2. `['elastic']['yml']['cluster']['initial_master_nodes']`: Allows to insert the whole line for the initial master nodes. Usage example: - `['elastic']['yml']['cluster']['initial_master_nodes']: "['']"` #### Example: -One example of the previously stated configuration would be the following. +One example of the previously stated configuration would be the following: -If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would be wanted, the Elastic role needs to be adapted like this: +The hereunder example shows a simple configuration override for `initial_master_nodes` variable: ```json { @@ -105,5 +105,5 @@ If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would ### References -Check https://documentation.wazuh.com/4.0/learning-wazuh/build-lab/install-elastic-stack.html for more information about +Check https://documentation.wazuh.com/current/learning-wazuh/build-lab/install-elastic-stack.html for more information about how to install Elastic Stack. \ No newline at end of file diff --git a/cookbooks/filebeat-oss/README.md b/cookbooks/filebeat-oss/README.md index ce36c783..2d5a4a26 100644 --- a/cookbooks/filebeat-oss/README.md +++ b/cookbooks/filebeat-oss/README.md @@ -32,4 +32,4 @@ Append to repository path the URL and GPG key of Filebeat ## References -Check [Filebeat installation documentation](https://documentation.wazuh.com/4.0/learning-wazuh/build-lab/install-wazuh-manager.html#install-filebeat) for more detail \ No newline at end of file +Check [Filebeat installation documentation](https://documentation.wazuh.com/current/learning-wazuh/build-lab/install-wazuh-manager.html#install-filebeat) for more detail \ No newline at end of file diff --git a/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb b/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb index 2fd9857d..e69c0ce3 100644 --- a/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb +++ b/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb @@ -20,4 +20,10 @@ describe directory('/etc/filebeat/certs') do it { should exist } +end + +describe service('filebeat') do + it { should be_installed } + it { should be_enabled } + it { should be_running } end \ No newline at end of file diff --git a/cookbooks/filebeat/README.md b/cookbooks/filebeat/README.md index ca7ba760..0e7e46f9 100644 --- a/cookbooks/filebeat/README.md +++ b/cookbooks/filebeat/README.md @@ -32,4 +32,4 @@ Append to repository path the URL and GPG key of Filebeat ## References -Check [Filebeat installation documentation](https://documentation.wazuh.com/4.0/learning-wazuh/build-lab/install-wazuh-manager.html#install-filebeat) for more detail \ No newline at end of file +Check [Filebeat installation documentation](https://documentation.wazuh.com/current/learning-wazuh/build-lab/install-wazuh-manager.html#install-filebeat) for more detail \ No newline at end of file diff --git a/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb b/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb index 21dc28ed..eb8faab9 100644 --- a/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb +++ b/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb @@ -19,5 +19,7 @@ end describe service('filebeat') do + it { should be_installed } + it { should be_enabled } it { should be_running } end \ No newline at end of file diff --git a/cookbooks/opendistro/README.md b/cookbooks/opendistro/README.md index d3fb34ba..d481e596 100644 --- a/cookbooks/opendistro/README.md +++ b/cookbooks/opendistro/README.md @@ -107,5 +107,5 @@ If only the declaration of `cluster.initial_master_nodes` to *192.168.0.1* would ### References -Check https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html for more information about +Check https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html for more information about how to install step-by-step a Elasticsearch single-node cluster. \ No newline at end of file diff --git a/cookbooks/opendistro/templates/elasticsearch.yml.erb b/cookbooks/opendistro/templates/elasticsearch.yml.erb index 9ecbaa0f..1142f082 100644 --- a/cookbooks/opendistro/templates/elasticsearch.yml.erb +++ b/cookbooks/opendistro/templates/elasticsearch.yml.erb @@ -1,7 +1,7 @@ # ======================== Elasticsearch Configuration ========================= # # Please consult the documentation for further information on configuration options: -# https://documentation.wazuh.com/4.0/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-configuration +# https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/step-by-step-installation/elasticsearch-cluster/elasticsearch-single-node-cluster.html#elasticsearch-configuration # network.host: <%= @network_host %> diff --git a/cookbooks/opendistro/templates/search-guard.yml.erb b/cookbooks/opendistro/templates/search-guard.yml.erb index 57f5f7a3..4e94fa75 100644 --- a/cookbooks/opendistro/templates/search-guard.yml.erb +++ b/cookbooks/opendistro/templates/search-guard.yml.erb @@ -1,7 +1,7 @@ # ======================== Searcguard Configuration ========================= # # Please consult the documentation for further information on configuration options: -# https://documentation.wazuh.com/4.0/user-manual/certificates.html#user-manual-certificates +# https://documentation.wazuh.com/current/user-manual/certificates.html#user-manual-certificates # # Self-signed certificate authority diff --git a/cookbooks/wazuh_agent/test/integration/wazuh_agent/agent_test.rb b/cookbooks/wazuh_agent/test/integration/wazuh_agent/agent_test.rb index a95c4df5..c80c5a1f 100644 --- a/cookbooks/wazuh_agent/test/integration/wazuh_agent/agent_test.rb +++ b/cookbooks/wazuh_agent/test/integration/wazuh_agent/agent_test.rb @@ -3,5 +3,7 @@ end describe service('wazuh-agent') do + it { should be_installed } + it { should be_enabled } it { should be_running } end \ No newline at end of file diff --git a/cookbooks/wazuh_manager/README.md b/cookbooks/wazuh_manager/README.md index 422441f6..e5e97915 100644 --- a/cookbooks/wazuh_manager/README.md +++ b/cookbooks/wazuh_manager/README.md @@ -15,7 +15,7 @@ Dependending on your choice, install elastic-stack or opendistro cookbooks respe * ``versions.rb`` contains version attributes to make it easier when it comes to bump version * The rest of files contains all the default configuration files in order to generate ossec.conf -Check ['ossec.conf'](https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/) documentation +Check ['ossec.conf'](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/) documentation to see all configuration sections. ### Usage @@ -114,7 +114,7 @@ If you want to build a Wazuh cluster, you need to create two roles, one role for } ``` -Check [cluster documentation](https://documentation.wazuh.com/4.0/user-manual/configuring-cluster/index.html) for more details +Check [cluster documentation](https://documentation.wazuh.com/current/user-manual/configuring-cluster/index.html) for more details ### Recipes @@ -135,4 +135,4 @@ Install prerequisites to install Wazuh manager ### References -Check [Wazuh server administration](https://documentation.wazuh.com/4.0/user-manual/manager/index.html) for more information about Wazuh Server. +Check [Wazuh server administration](https://documentation.wazuh.com/current/user-manual/manager/index.html) for more information about Wazuh Server. diff --git a/cookbooks/wazuh_manager/test/integration/wazuh_manager/manager_test.rb b/cookbooks/wazuh_manager/test/integration/wazuh_manager/manager_test.rb index 4a0c1322..32a7f5ca 100644 --- a/cookbooks/wazuh_manager/test/integration/wazuh_manager/manager_test.rb +++ b/cookbooks/wazuh_manager/test/integration/wazuh_manager/manager_test.rb @@ -3,6 +3,8 @@ end describe service('wazuh-manager') do + it { should be_installed } + it { should be_enabled } it { should be_running } end From ed7015b63a2ceab4f3ab4e5f1d643515ebb0137e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 10:16:53 +0100 Subject: [PATCH 249/260] Remove unnecesary actions --- .../actions/test_manager_and_agent/Dockerfile | 38 --------------- .../actions/test_manager_and_agent/action.yml | 5 -- .../test_manager_and_agent/entrypoint.sh | 46 ------------------- .github/workflows/manager_agent.yml | 30 ------------ kitchen.yml | 10 ++++ 5 files changed, 10 insertions(+), 119 deletions(-) delete mode 100644 .github/actions/test_manager_and_agent/Dockerfile delete mode 100644 .github/actions/test_manager_and_agent/action.yml delete mode 100644 .github/actions/test_manager_and_agent/entrypoint.sh delete mode 100644 .github/workflows/manager_agent.yml diff --git a/.github/actions/test_manager_and_agent/Dockerfile b/.github/actions/test_manager_and_agent/Dockerfile deleted file mode 100644 index ea0e9b56..00000000 --- a/.github/actions/test_manager_and_agent/Dockerfile +++ /dev/null @@ -1,38 +0,0 @@ -FROM ruby - -LABEL "maintainer"="Wazuh" -LABEL "version"="0.0.1" -LABEL "repository"="https://github.com/wazuh/wazuh-chef" -LABEL "name"="Wazuh Chef Dockerfile" - -RUN apt-get update && apt install docker.io git curl wget -y && \ - apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -RUN gem install kitchen-docker && \ - gem install rbnacl && \ - gem install rbnacl-libsodium && \ - gem install bcrypt_pbkdf && \ - gem install berkshelf && \ - gem install httpclient - -RUN cd $HOME && \ - git clone https://github.com/wazuh/wazuh-qa.git && \ - cd $HOME/wazuh-qa && \ - git fetch --all && \ - git checkout devel && \ - git pull origin devel - -RUN cd $HOME/wazuh-qa/kitchen/wazuh-chef/ && \ - bundle install - -RUN gem_name=`ls /usr/local/bundle/gems | grep 'kitchen-docker'` && \ - rm -rf /usr/local/bundle/gems/$gem_name/* && \ - cp -rf $HOME/wazuh-qa/kitchen/kitchen-docker/* /usr/local/bundle/gems/$gem_name/ - -# Standard SSH port -EXPOSE 22 - -COPY entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] - diff --git a/.github/actions/test_manager_and_agent/action.yml b/.github/actions/test_manager_and_agent/action.yml deleted file mode 100644 index b0af3f77..00000000 --- a/.github/actions/test_manager_and_agent/action.yml +++ /dev/null @@ -1,5 +0,0 @@ -name: kitchen-test -description: Test Wazuh manager and agent -runs: - using: docker - image: 'Dockerfile' \ No newline at end of file diff --git a/.github/actions/test_manager_and_agent/entrypoint.sh b/.github/actions/test_manager_and_agent/entrypoint.sh deleted file mode 100644 index e8aad8ec..00000000 --- a/.github/actions/test_manager_and_agent/entrypoint.sh +++ /dev/null @@ -1,46 +0,0 @@ -#! /usr/bin/env bash -set -e - -echo "Env var value: IMAGE " -echo $IMAGE -echo "Env var value: PLATFORM " -echo $PLATFORM -echo "Env var value: RELEASE" -echo $RELEASE - -echo "Clone wazuh-chef repository" -git clone https://github.com/wazuh/wazuh-chef.git && \ -cd wazuh-chef && \ -git fetch --all && \ -git checkout feature-cookbooks && \ -git pull origin feature-cookbooks - -echo "Installing dependencies" -bundle install --without vagrant - -cd kitchen - -echo "Kitchen create manager..." -kitchen create wazuh-server-$PLATFORM-$RELEASE - -manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' `docker ps | awk '{print $NF}' | grep wazuh-server`)" -export MANAGER_IP=$manager_ip -echo "Getting Wazuh manager IP: $manager_ip" - -echo "Kitchen converge manager ..." -kitchen converge wazuh-manager-$PLATFORM-$RELEASE - -echo "Sleeping while the agent is starting" -sleep 15 - -echo "Kitchen create agent..." -kitchen create wazuh-agent-$PLATFORM-$RELEASE - -echo "Kitchen converge agent..." -kitchen converge wazuh-agent-$PLATFORM-$RELEASE - -#echo "Change IP manager address in ossec.conf..." -#kitchen exec wazuh-agent-$PLATFORM-$RELEASE -c "sed -i \"s/
*<\/address>/
${manager_ip}<\/address>/g\" ossec.conf" -# -#echo "Connect agent with manager" -#kitchen converge \ No newline at end of file diff --git a/.github/workflows/manager_agent.yml b/.github/workflows/manager_agent.yml deleted file mode 100644 index 87df6cf2..00000000 --- a/.github/workflows/manager_agent.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Kitchen tests for Wazuh Chef - -on: - push: - branches: - - feature-cookbooks - pull_request: - branches: - - feature-cookbooks - -jobs: - wazuh-manager: - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v2 - - name: Install Chef - uses: actionshub/chef-install@main - - name: Test ${{ matrix.suite }} cookbook - uses: actionshub/test-kitchen@main - env: - CHEF_LICENSE: accept-no-persist - KITCHEN_LOCAL_YAML: kitchen.yml - with: - suite: wazuh-manager - os: centos-8 - action: converge - wazuh-agent: - runs-on: ubuntu-latest - needs: wazuh-manager \ No newline at end of file diff --git a/kitchen.yml b/kitchen.yml index ea8691e0..871990c7 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -70,12 +70,22 @@ platforms: pid_one_command: /usr/lib/systemd/systemd suites: + - name: opendistro-single-node + run_list: + - recipe[opendistro::default] + - recipe[wazuh_manager::default] + - recipe[filebeat-oss::default] + attributes: + ipaddress: 172.18.12.11 + - name: wazuh_agent run_list: - recipe[wazuh_agent::default] verifier: inspec_tests: - path: cookbooks/wazuh_agent/test/integration/wazuh_agent + attributes: + ipaddress: 172.18.12.11 - name: wazuh_server run_list: From 0179b45675ae8aa6290cd029c61c037d728c23bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 10:57:33 +0100 Subject: [PATCH 250/260] Add kitchen-vagrant gem --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 1c52615d..2424de0b 100644 --- a/Gemfile +++ b/Gemfile @@ -11,6 +11,6 @@ end group :drivers do #gem 'kitchen-docker' - #gem 'kitchen-vagrant' + gem 'kitchen-vagrant' gem 'kitchen-dokken' end \ No newline at end of file From 153385ccb62c88b9f8ab459ca8b76732bf641732 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 10:57:48 +0100 Subject: [PATCH 251/260] Update TESTING.md --- TESTING.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/TESTING.md b/TESTING.md index 10d6495c..79c5132e 100644 --- a/TESTING.md +++ b/TESTING.md @@ -2,8 +2,8 @@ Test Wazuh Chef cookbooks ========================= # Global prerequisistes -- Ruby -- ChefDK +- [Ruby](https://www.ruby-lang.org/es/documentation/installation/) +- [Chef Workstation](https://downloads.chef.io/products/workstation) There are two ways of creating a chef environment and tests cookbooks depending on what driver to use: - [kitchen-vagrant](https://github.com/test-kitchen/kitchen-vagrant) @@ -18,7 +18,6 @@ Kitchen-vagrant ## Hot to use? First install dependancies: -``bundle config set without dokken`` ``bundle install`` Then go to ``wazuh-chef/kitchen-vagrant`` folder and execute kitchen commands. @@ -31,7 +30,6 @@ Kitchen dokken ## How to use? First install dependancies: -``bundle config set without vagrant`` ``bundle install`` Then execute kithcen commands. From 4487ae58e1d288e709a0bfcf4d6d7c0c3ebc9002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 11:01:01 +0100 Subject: [PATCH 252/260] Remove dev files --- kitchen/kitchen.vagrant.yml | 68 ------------------------------- kitchen/kitchen.yml | 80 ++++++++++++++++++++++++++----------- test/Dockerfile | 17 -------- test/entrypoint.sh | 38 ------------------ 4 files changed, 57 insertions(+), 146 deletions(-) delete mode 100644 kitchen/kitchen.vagrant.yml delete mode 100644 test/Dockerfile delete mode 100644 test/entrypoint.sh diff --git a/kitchen/kitchen.vagrant.yml b/kitchen/kitchen.vagrant.yml deleted file mode 100644 index 80b14018..00000000 --- a/kitchen/kitchen.vagrant.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -driver: - name: vagrant - -transport: - name: ssh - -provisioner: - name: chez-zero - chef_license: accept - -verifier: - name: inspec - -platforms: - - name: amazonlinux-2 - - name: debian-9 - - name: debian-10 - - name: centos-7 - - name: centos-8 - - name: ubuntu-18.04 - - name: ubuntu-20.04 - - name: opensuse-leap-15 - - name: fedora-latest - -suites: - - name: wazuh_agent - run_list: - - recipe[wazuh_agent::default] - verifier: - inspec_tests: - - path: ../cookbooks/wazuh_agent/test/integration/wazuh_agent - - - name: wazuh_server - run_list: - - recipe[wazuh_manager::default] - - recipe[filebeat::default] - verifier: - inspec_tests: - - name: wazuh-manager tests - path: ../cookbooks/wazuh_manager/test/integration/wazuh_manager - - name: filebeat tests - path: ../cookbooks/filebeat/test/integration/filebeat - - - name: wazuh_server_oss - run_list: - - recipe[wazuh_manager::default] - - recipe[filebeat-oss::default] - verifier: - inspec_tests: - - name: wazuh-manager tests - path: ../cookbooks/wazuh_manager/test/integration/wazuh_manager - - name: filebeat-oss tests - path: ../cookbooks/filebeat-oss/test/integration/filebeat-oss - - - name: opendistro - run_list: - - recipe[opendistro::default] - verifier: - inspec_tests: - - path: ../cookbooks/opendistro/test/integration/opendistro - - - name: elastic-stack - run_list: - - recipe[elastic-stack::default] - verifier: - inspec_tests: - - path: ../cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file diff --git a/kitchen/kitchen.yml b/kitchen/kitchen.yml index 5cd7bbb6..80b14018 100644 --- a/kitchen/kitchen.yml +++ b/kitchen/kitchen.yml @@ -1,34 +1,68 @@ +--- driver: - name: docker - use_sudo: false - use_internal_docker_network: true - remove_images: true - use_cache: false + name: vagrant + +transport: + name: ssh provisioner: - name: chef_zero - chef_license: accept-no-persist + name: chez-zero + chef_license: accept + +verifier: + name: inspec platforms: - - name: <%= ENV['PLATFORM'] %>_<%= ENV['RELEASE'] %> - driver_config: - image: <%= ENV['IMAGE'] %> - platform: <%= ENV['PLATFORM'] %> - publish_all: true - run_command: <%= ENV['RUN_COMMAND'] %> - privileged: true - volume: - - /sys/fs/cgroup:/sys/fs/cgroup:ro - + - name: amazonlinux-2 + - name: debian-9 + - name: debian-10 + - name: centos-7 + - name: centos-8 + - name: ubuntu-18.04 + - name: ubuntu-20.04 + - name: opensuse-leap-15 + - name: fedora-latest + suites: - - name: wazuh-server + - name: wazuh_agent + run_list: + - recipe[wazuh_agent::default] + verifier: + inspec_tests: + - path: ../cookbooks/wazuh_agent/test/integration/wazuh_agent + + - name: wazuh_server run_list: - recipe[wazuh_manager::default] - recipe[filebeat::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: ../cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat tests + path: ../cookbooks/filebeat/test/integration/filebeat - - name: wazuh-agent + - name: wazuh_server_oss run_list: - - recipe[wazuh_agent::default] - attributes: - ossec: - address: <%= ENV['MANAGER_IP'] %> \ No newline at end of file + - recipe[wazuh_manager::default] + - recipe[filebeat-oss::default] + verifier: + inspec_tests: + - name: wazuh-manager tests + path: ../cookbooks/wazuh_manager/test/integration/wazuh_manager + - name: filebeat-oss tests + path: ../cookbooks/filebeat-oss/test/integration/filebeat-oss + + - name: opendistro + run_list: + - recipe[opendistro::default] + verifier: + inspec_tests: + - path: ../cookbooks/opendistro/test/integration/opendistro + + - name: elastic-stack + run_list: + - recipe[elastic-stack::default] + verifier: + inspec_tests: + - path: ../cookbooks/elastic-stack/test/integration/elastic-stack \ No newline at end of file diff --git a/test/Dockerfile b/test/Dockerfile deleted file mode 100644 index 15945655..00000000 --- a/test/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM chef/chefworkstation - -RUN curl -fsSL https://get.docker.com -o get-docker.sh && \ - sh get-docker.sh - -RUN cd $HOME && \ - git clone https://github.com/wazuh/wazuh-chef.git && \ - cd wazuh-chef && \ - git fetch --all - -RUN gem install test-kitchen && \ - gem install kitchen-inspec && \ - gem install kitchen-docker -v 2.3 - -COPY entrypoint.sh /entrypoint.sh -RUN chmod 755 /entrypoint.sh -ENTRYPOINT ["/entrypoint.sh"] \ No newline at end of file diff --git a/test/entrypoint.sh b/test/entrypoint.sh deleted file mode 100644 index ba893cb2..00000000 --- a/test/entrypoint.sh +++ /dev/null @@ -1,38 +0,0 @@ -#! /usr/bin/env bash -set -e - -echo "Get into feature-cookbooks" -cd $HOME/wazuh-chef && \ -git checkout feature-cookbooks && \ -git pull origin feature-cookbooks - -#echo "Installing dependencies" -#bundle install - -export PLATFORM="centos" -export RELEASE="8" -export IMAGE="centos:8" -export RUN_COMMAND="/sbin/init" - -cd kitchen - -echo "List kitchen instances" -kitchen list - -/bin/bash - -#echo "Kitchen create manager..." -#kitchen create wazuh-server-$PLATFORM-$RELEASE -# -#manager_ip="$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' `docker ps | awk '{print $NF}' | grep wazuh-server`)" -#export MANAGER_IP=$manager_ip -#echo "Getting Wazuh manager IP: $manager_ip" -# -#echo "Kitchen converge manager ..." -#kitchen converge wazuh-manager-$PLATFORM-$RELEASE -# -#echo "Kitchen create agent..." -#kitchen create wazuh-agent-$PLATFORM-$RELEASE -# -#echo "Kitchen converge agent..." -#kitchen converge wazuh-agent-$PLATFORM-$RELEASE \ No newline at end of file From 6129adbfd57819b43c42e631e941b00bbf8c2bbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 11:10:57 +0100 Subject: [PATCH 253/260] Remove some service tests --- .../test/integration/filebeat-oss/filebeat-oss_test.rb | 4 ++-- cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb b/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb index e69c0ce3..2557897b 100644 --- a/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb +++ b/cookbooks/filebeat-oss/test/integration/filebeat-oss/filebeat-oss_test.rb @@ -24,6 +24,6 @@ describe service('filebeat') do it { should be_installed } - it { should be_enabled } - it { should be_running } + #it { should be_enabled } + #it { should be_running } end \ No newline at end of file diff --git a/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb b/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb index eb8faab9..283187ea 100644 --- a/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb +++ b/cookbooks/filebeat/test/integration/filebeat/filebeat_test.rb @@ -20,6 +20,6 @@ describe service('filebeat') do it { should be_installed } - it { should be_enabled } - it { should be_running } + #it { should be_enabled } + #it { should be_running } end \ No newline at end of file From ebded60436e4ac1e8ae1a677a9bd5b314d6c9703 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 11:49:34 +0100 Subject: [PATCH 254/260] Remove ip address --- kitchen.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/kitchen.yml b/kitchen.yml index 871990c7..e9866b62 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -75,8 +75,6 @@ suites: - recipe[opendistro::default] - recipe[wazuh_manager::default] - recipe[filebeat-oss::default] - attributes: - ipaddress: 172.18.12.11 - name: wazuh_agent run_list: @@ -84,8 +82,6 @@ suites: verifier: inspec_tests: - path: cookbooks/wazuh_agent/test/integration/wazuh_agent - attributes: - ipaddress: 172.18.12.11 - name: wazuh_server run_list: From 56016b0588c6affc0e8dc62fa6d273b592fe95fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Mon, 4 Jan 2021 12:42:59 +0100 Subject: [PATCH 255/260] Fix PR 115 request changes --- CHANGELOG.md | 11 ++-- README.md | 12 ++--- cookbooks/elastic-stack/README.md | 3 +- .../{yml.rb => elasticsearch.yml copy.rb} | 15 +----- .../elastic-stack/attributes/kibana.yml.rb | 18 +++++++ cookbooks/filebeat-oss/README.md | 2 +- .../attributes/{yml.rb => filebeat.yml.rb} | 2 +- cookbooks/filebeat/README.md | 2 +- .../attributes/{yml.rb => filebeat.yml.rb} | 2 +- cookbooks/opendistro/README.md | 4 +- .../attributes/elasticsearch.yml.rb | 24 +++++++++ cookbooks/opendistro/attributes/kibana.yml.rb | 19 +++++++ .../opendistro/attributes/searchguard.yml.rb | 22 ++++++++ cookbooks/opendistro/attributes/yml.rb | 52 ------------------- cookbooks/wazuh_agent/README.md | 9 ++-- 15 files changed, 111 insertions(+), 86 deletions(-) rename cookbooks/elastic-stack/attributes/{yml.rb => elasticsearch.yml copy.rb} (62%) create mode 100644 cookbooks/elastic-stack/attributes/kibana.yml.rb rename cookbooks/filebeat-oss/attributes/{yml.rb => filebeat.yml.rb} (92%) rename cookbooks/filebeat/attributes/{yml.rb => filebeat.yml.rb} (91%) create mode 100644 cookbooks/opendistro/attributes/elasticsearch.yml.rb create mode 100644 cookbooks/opendistro/attributes/kibana.yml.rb create mode 100644 cookbooks/opendistro/attributes/searchguard.yml.rb delete mode 100644 cookbooks/opendistro/attributes/yml.rb diff --git a/CHANGELOG.md b/CHANGELOG.md index 396392c1..649f60b7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,11 +4,12 @@ All notable changes to this project will be documented in this file. ## Wazuh Chef v4.0.3_1.11.0 ### Added -- Update to Wazuh version 4.0.3 -- Add Opendistro with version 1.11.0 -- Update Elastic Stack to version 7.9.3 -- Install Wazuh Kibana plugin 4.0.3_7.9.3 version -- Add support for SUSE repository +- Add feature-cookbooks ([@sergiogp98](https://github.com/sergiogp98)) [PR#115](https://github.com/wazuh/wazuh-chef/pull/115) + - Update to Wazuh version 4.0.3 + - Add Opendistro with version 1.11.0 + - Update Elastic Stack to version 7.9.3 + - Install Wazuh Kibana plugin 4.0.3_7.9.3 version + - Add support for SUSE repository ## Wazuh Chef v4.0.1 diff --git a/README.md b/README.md index 040e865a..44b9f8e1 100644 --- a/README.md +++ b/README.md @@ -41,11 +41,11 @@ We recommend using Chef Workstation for testing. You can find predefined roles for a default installation of: -1. **wazuh_server**: Wazuh Manager and Filebeat -2. **wazhu_server_oss**: Wazuh Manager and Filebeat OSS -3. **wazuh_agent**: Wazuh Agent -4. **elastic_stack**: Elasticsearch and Kibana -5. **opendistro**: Elasticsearch OSS and Kiban OSS +1. [wazuh_server](roles/wazuh_server.json): Wazuh Manager and Filebeat +2. [wazhu_server_oss](roles/wazuh_server_oss.json): Wazuh Manager and Filebeat OSS +3. [wazuh_agent](roles/wazuh_agent.json): Wazuh Agent +4. [elastic_stack](roles/elastic_stack.json): Elasticsearch and Kibana +5. [opendistro](roles/opendistro.json): Elasticsearch OSS and Kiban OSS Check roles README for more information about default attributes and how to customize your installation. @@ -155,7 +155,7 @@ manager IP address: "address": "" ``` -Since Wazuh 4.0, by default, the agent registers automatically with the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#reference-ossec-client). +Since Wazuh 4.0, by default, the agent registers automatically registers against the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#reference-ossec-client). ## Contribute diff --git a/cookbooks/elastic-stack/README.md b/cookbooks/elastic-stack/README.md index d47ef2cb..4d7d4427 100644 --- a/cookbooks/elastic-stack/README.md +++ b/cookbooks/elastic-stack/README.md @@ -8,7 +8,8 @@ This cookbook installs and configures Elastic Stack. Please note that it's not o * ``jvm.rb``: declare the amount of memory RAM JVM will use * ``paths.rb``: initialize different paths used during installation * ``versions.rb``: versions for Wazuh and ELK -* ``yml.rb``: customize YAML configuration file for Elasticsearch and Kibana services +* ``elasticsearch.yml.rb``: customize YAML configuration file for Elasticsearch +* ``filebeat.yml.rb``: customize YAML configuration file for Filebeat ### Usage diff --git a/cookbooks/elastic-stack/attributes/yml.rb b/cookbooks/elastic-stack/attributes/elasticsearch.yml copy.rb similarity index 62% rename from cookbooks/elastic-stack/attributes/yml.rb rename to cookbooks/elastic-stack/attributes/elasticsearch.yml copy.rb index 12b24621..5e1660a0 100644 --- a/cookbooks/elastic-stack/attributes/yml.rb +++ b/cookbooks/elastic-stack/attributes/elasticsearch.yml copy.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true # Cookbook Name:: elastic-stack -# Attributes:: yml +# Attributes:: elasticsearch.yml # Author:: Wazuh # Elasticsearch configuration file @@ -26,16 +26,3 @@ 'port' => 9200 } } - -# Kibana configuration file -default['kibana']['yml'] = { - 'server' => { - 'host' => '0.0.0.0', - 'port' => 5601 - }, - 'elasticsearch' => { - 'hosts' => [ - "http://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" - ] - } -} diff --git a/cookbooks/elastic-stack/attributes/kibana.yml.rb b/cookbooks/elastic-stack/attributes/kibana.yml.rb new file mode 100644 index 00000000..c51e99a5 --- /dev/null +++ b/cookbooks/elastic-stack/attributes/kibana.yml.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +# Cookbook Name:: elastic-stack +# Attributes:: kibana.yml +# Author:: Wazuh + +# Kibana configuration file +default['kibana']['yml'] = { + 'server' => { + 'host' => '0.0.0.0', + 'port' => 5601 + }, + 'elasticsearch' => { + 'hosts' => [ + "http://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" + ] + } +} diff --git a/cookbooks/filebeat-oss/README.md b/cookbooks/filebeat-oss/README.md index 2d5a4a26..11e28f53 100644 --- a/cookbooks/filebeat-oss/README.md +++ b/cookbooks/filebeat-oss/README.md @@ -7,7 +7,7 @@ This cookbook installs and configures Filebeat OSS on the specified node. * `files.rb`: initialize needed file names to install Filebeat * `paths.rb`: initialize some main paths * `versions.rb`: initialize versions for Wazuh and ELK -* `yml.rb`: customize *filebeat.yml* configuration file +* `filebeat.yml.rb`: customize YAML configuration file for Filebeat ## Usage diff --git a/cookbooks/filebeat-oss/attributes/yml.rb b/cookbooks/filebeat-oss/attributes/filebeat.yml.rb similarity index 92% rename from cookbooks/filebeat-oss/attributes/yml.rb rename to cookbooks/filebeat-oss/attributes/filebeat.yml.rb index b54baf69..4e4789d6 100644 --- a/cookbooks/filebeat-oss/attributes/yml.rb +++ b/cookbooks/filebeat-oss/attributes/filebeat.yml.rb @@ -1,5 +1,5 @@ # Cookbook Name:: filebeat-oss -# Attribute:: yml +# Attribute:: filebeat.yml # Author:: Wazuh default['filebeat']['yml'] = { diff --git a/cookbooks/filebeat/README.md b/cookbooks/filebeat/README.md index 0e7e46f9..e34e4145 100644 --- a/cookbooks/filebeat/README.md +++ b/cookbooks/filebeat/README.md @@ -7,7 +7,7 @@ This cookbook installs and configures Filebeat on the specified node. * `files.rb`: initialize needed file names to install Filebeat * `paths.rb`: initialize some main paths * `versions.rb`: initialize versions for Wazuh and ELK -* `yml.rb`: customize *filebeat.yml* configuration file +* `filebeat.yml.rb`: customize YAML configuration file for Filebeat ## Usage diff --git a/cookbooks/filebeat/attributes/yml.rb b/cookbooks/filebeat/attributes/filebeat.yml.rb similarity index 91% rename from cookbooks/filebeat/attributes/yml.rb rename to cookbooks/filebeat/attributes/filebeat.yml.rb index 15f9cbea..92f189e2 100644 --- a/cookbooks/filebeat/attributes/yml.rb +++ b/cookbooks/filebeat/attributes/filebeat.yml.rb @@ -1,5 +1,5 @@ # Cookbook Name:: filebeat -# Attribute:: elastic +# Attribute:: filebeat.yml # Author:: Wazuh default['filebeat']['yml'] = { diff --git a/cookbooks/opendistro/README.md b/cookbooks/opendistro/README.md index d481e596..95c56fc2 100644 --- a/cookbooks/opendistro/README.md +++ b/cookbooks/opendistro/README.md @@ -9,7 +9,9 @@ This cookbook installs and configures Opendistroforleasticsearch. Please note th * ``paths.rb``: initialize different paths used during installation * ``search_guard.rb``: declare search guard ZIP filename * ``versions.rb``: versions for Wazuh, ODFE, ELK and Search Guard -* ``yml.rb``: customize YAML configuration file for Elasticsearch, Kibana and Search Guard services +* ``elasticsearch.yml.rb``: customize YAML configuration file for Elasticsearch +* ``filebeat.yml.rb``: customize YAML configuration file for Filebeat +* ``searchguard.yml.rb``: customize YAML configuration file for Search Guard ### Usage diff --git a/cookbooks/opendistro/attributes/elasticsearch.yml.rb b/cookbooks/opendistro/attributes/elasticsearch.yml.rb new file mode 100644 index 00000000..3d52bcf6 --- /dev/null +++ b/cookbooks/opendistro/attributes/elasticsearch.yml.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +# Cookbook Name:: opendistro +# Attributes:: elasticsearch.yml +# Author:: Wazuh + +# Elasticsearch-oss configuration file + +default['elastic']['yml'] = { + 'network' => { + 'host' => '0.0.0.0' + }, + 'http' => { + 'port' => 9200 + }, + 'node' => { + 'name' => 'odfe-node-1' + }, + 'cluster' => { + 'initial_master_nodes' => [ + 'odfe-node-1' + ] + } +} \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/kibana.yml.rb b/cookbooks/opendistro/attributes/kibana.yml.rb new file mode 100644 index 00000000..9b8ff72e --- /dev/null +++ b/cookbooks/opendistro/attributes/kibana.yml.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +# Cookbook Name:: opendistro +# Attributes:: kibana.yml +# Author:: Wazuh + +# Kibana-oss configuration file + +default['kibana']['yml'] = { + 'server' => { + 'host' => '0.0.0.0', + 'port' => 443 + }, + 'elasticsearch' => { + 'hosts' => [ + "https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" + ] + } +} \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/searchguard.yml.rb b/cookbooks/opendistro/attributes/searchguard.yml.rb new file mode 100644 index 00000000..e45b2afd --- /dev/null +++ b/cookbooks/opendistro/attributes/searchguard.yml.rb @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +# Cookbook Name:: opendistro +# Attributes:: searchguard.yml +# Author:: Wazuh + +# Searchguard configuraion file + +default['search_guard']['yml'] = { + 'nodes' => { + 'elasticsearch' => { + 'ip' => [ + (node['elastic']['yml']['network']['host']).to_s + ] + }, + 'kibana' => { + 'ip' => [ + (node['kibana']['yml']['server']['host']).to_s + ] + } + } +} \ No newline at end of file diff --git a/cookbooks/opendistro/attributes/yml.rb b/cookbooks/opendistro/attributes/yml.rb deleted file mode 100644 index 0e3f1d78..00000000 --- a/cookbooks/opendistro/attributes/yml.rb +++ /dev/null @@ -1,52 +0,0 @@ -# frozen_string_literal: true - -# Elasticsearch-oss configuration file - -default['elastic']['yml'] = { - 'network' => { - 'host' => '0.0.0.0' - }, - 'http' => { - 'port' => 9200 - }, - 'node' => { - 'name' => 'odfe-node-1' - }, - 'cluster' => { - 'initial_master_nodes' => [ - 'odfe-node-1' - ] - } -} - -# Kibana-oss configuration file - -default['kibana']['yml'] = { - 'server' => { - 'host' => '0.0.0.0', - 'port' => 443 - }, - 'elasticsearch' => { - 'hosts' => [ - "https://#{node['elastic']['yml']['network']['host']}:#{node['elastic']['yml']['http']['port']}" - ] - } -} - -# Searchguard configuraion file - -default['search_guard']['yml'] = - { - 'nodes' => { - 'elasticsearch' => { - 'ip' => [ - (node['elastic']['yml']['network']['host']).to_s - ] - }, - 'kibana' => { - 'ip' => [ - (node['kibana']['yml']['server']['host']).to_s - ] - } - } - } diff --git a/cookbooks/wazuh_agent/README.md b/cookbooks/wazuh_agent/README.md index be7c888f..6e95afb8 100644 --- a/cookbooks/wazuh_agent/README.md +++ b/cookbooks/wazuh_agent/README.md @@ -2,18 +2,21 @@ These cookbooks install and configure a Wazuh Agent on specified nodes. -Agent is automatically registered in the specified address by using ['agent authd'](https://documentation.wazuh.com/current/user-manual/agents/registering-agents/register-agent-authd.html#simple-method) ( ```['ossec']['address']``` specify mnager IP address). You can set this attributes by default on attributes folder or specify it in the ['wazuh_agent role'](https://github.com/wazuh/wazuh-chef/blob/3.9-repository-refactor/roles/wazuh_agent.json). +Currently, the agent is automatically registered using enrollment. check the [documentation](https://documentation.wazuh.com/4.0/user-manual/registering/) for further information. + +Agent is automatically registered against manager using ['agent authd'](https://documentation.wazuh.com/4.0/user-manual/agents/agent-connection.html) tool. The manager IP address has to be declared in the `node['ossec']['address']` attribute. This can be overwriten in two ways: modifyng that attribute in [agent role](../../roles/wazuh_agent.json) or directly in the `node['ossec']['agent_auth']['host']` specific attribute. + ### Attributes * ``versions.rb`` contains version attributes to make it easier when it comes to bump version -* The rest of files contains all the default configuration files in order to generate ossec.conf +* The rest of files contains all the default configuration files in order to generate *ossec.conf* Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. ### Usage -Create a role following the ['wazuh_agent'](https://github.com/wazuh/wazuh-chef/roles/wazuh_agent.json) role structure and specify your desired configuration attributes. Note that **address** and **registration_address** are mandatory. +Create a role following the ['wazuh_agent'](https://github.com/wazuh/wazuh-chef/roles/wazuh_agent.json) role structure and specify your desired configuration attributes. Note that **address** is mandatory. Assign the current role to desired nodes and run ```chef-client``` on them. From 14eac4a7d6b0d737f478ff7a004d93969f998a5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Tue, 5 Jan 2021 10:36:38 +0100 Subject: [PATCH 256/260] Fix PR reuest changes --- README.md | 2 +- cookbooks/wazuh_agent/README.md | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 44b9f8e1..1b497eeb 100644 --- a/README.md +++ b/README.md @@ -155,7 +155,7 @@ manager IP address: "address": "" ``` -Since Wazuh 4.0, by default, the agent registers automatically registers against the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#reference-ossec-client). +Since Wazuh 4.0, by default, the agent registers automatically against the manager through enrollment. Configuration details can be found on [Enrollment section](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/client.html#reference-ossec-client). ## Contribute diff --git a/cookbooks/wazuh_agent/README.md b/cookbooks/wazuh_agent/README.md index 6e95afb8..25de9a00 100644 --- a/cookbooks/wazuh_agent/README.md +++ b/cookbooks/wazuh_agent/README.md @@ -2,9 +2,7 @@ These cookbooks install and configure a Wazuh Agent on specified nodes. -Currently, the agent is automatically registered using enrollment. check the [documentation](https://documentation.wazuh.com/4.0/user-manual/registering/) for further information. - -Agent is automatically registered against manager using ['agent authd'](https://documentation.wazuh.com/4.0/user-manual/agents/agent-connection.html) tool. The manager IP address has to be declared in the `node['ossec']['address']` attribute. This can be overwriten in two ways: modifyng that attribute in [agent role](../../roles/wazuh_agent.json) or directly in the `node['ossec']['agent_auth']['host']` specific attribute. +Currently, the agent is automatically registered using enrollment. check the [documentation](https://documentation.wazuh.com/current/user-manual/registering/) for further information. The manager IP address has to be declared in the `node['ossec']['address']` attribute. This can be overwriten in two ways: modifyng that attribute in [agent role](../../roles/wazuh_agent.json) or directly in the `node['ossec']['agent_auth']['host']` specific attribute. ### Attributes From 2467b5658516669ebe485f4cf8a17842223ec343 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Tue, 5 Jan 2021 11:25:35 +0100 Subject: [PATCH 257/260] CHANGELOG.md: rename SUSE repository to SUSE Linux --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 649f60b7..9ea96430 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ All notable changes to this project will be documented in this file. - Add Opendistro with version 1.11.0 - Update Elastic Stack to version 7.9.3 - Install Wazuh Kibana plugin 4.0.3_7.9.3 version - - Add support for SUSE repository + - Add support for SUSE Linux ## Wazuh Chef v4.0.1 From d22e7845227335ace029684b97f3a372048f4523 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Tue, 5 Jan 2021 11:26:17 +0100 Subject: [PATCH 258/260] README.md: remove agent-auth mentions --- cookbooks/wazuh_agent/README.md | 43 ++++----------------------------- 1 file changed, 5 insertions(+), 38 deletions(-) diff --git a/cookbooks/wazuh_agent/README.md b/cookbooks/wazuh_agent/README.md index 25de9a00..6e6f24ec 100644 --- a/cookbooks/wazuh_agent/README.md +++ b/cookbooks/wazuh_agent/README.md @@ -2,15 +2,14 @@ These cookbooks install and configure a Wazuh Agent on specified nodes. -Currently, the agent is automatically registered using enrollment. check the [documentation](https://documentation.wazuh.com/current/user-manual/registering/) for further information. The manager IP address has to be declared in the `node['ossec']['address']` attribute. This can be overwriten in two ways: modifyng that attribute in [agent role](../../roles/wazuh_agent.json) or directly in the `node['ossec']['agent_auth']['host']` specific attribute. - +Currently, the agent is automatically registered using enrollment. check the [documentation](https://documentation.wazuh.com/current/user-manual/registering/) for further information. The manager IP address has to be declared in the `node['ossec']['address']` attribute. ### Attributes * ``versions.rb`` contains version attributes to make it easier when it comes to bump version * The rest of files contains all the default configuration files in order to generate *ossec.conf* -Check ['ossec.conf']( https://documentation.wazuh.com/3.x/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. +Check ['ossec.conf']( https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/index.html) documentation to see all configuration sections. ### Usage @@ -18,8 +17,6 @@ Create a role following the ['wazuh_agent'](https://github.com/wazuh/wazuh-chef/ Assign the current role to desired nodes and run ```chef-client``` on them. -You can declare desired *agent_auth* parameters to customize the registration process. - For example: ``` @@ -31,12 +28,7 @@ For example: }, "override_attributes": { "ossec": { - "address": "172.19.0.211", - "agent_auth": { - "name" : "Agent_01", - "set_group" : "group_01", - "agent_ip_by_manager": "true" - } + "address": "172.19.0.211" } }, "chef_type": "role", @@ -48,36 +40,11 @@ For example: } ``` -**Will generate**: ```agent_auth -m 172.19.0.211 -p 1515 -A Agent_01 -G group_01 -i ``` - -The agent_auth parameters are the following: - -``` --a : "auto_negotiate" --A : "name" --m : "host" --p : "port" --c : "cipher_list" --D : "wazuh_directory" --d : "debug_mode" : "true" --g : "run_as_group" --G : "set_group" --i : "agent_ip_by_manager" : "true" --I : "agent_ip" --P : "password" --v : "ca" --x : "certificate" --k : "key" -``` - -You can use any of the quoted attributes, as stated in the previous example. Flags options must be set to "true" or "false". - - ### Recipes #### agent.rb -Register agent by using agent authd method. You can declare the desired fields to customize the registration process. +Register agent by using agent enrollment. Also authd method is available but not enabled by default. You can declare the desired fields to customize the registration process. #### common.rb @@ -89,5 +56,5 @@ Declares repository of Wazuh and GPG keys based on different installations. ### References -Check https://documentation.wazuh.com/3.x/user-manual/agents/index.html for more information about Wazuh-Agent. +Check https://documentation.wazuh.com/current/user-manual/agents/index.html for more information about Wazuh-Agent. From 113fed1e22ec3a8a24a28761ad482df20d599319 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Tue, 5 Jan 2021 11:26:42 +0100 Subject: [PATCH 259/260] authd.rb: disable by default agent-auth --- cookbooks/wazuh_agent/attributes/authd.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbooks/wazuh_agent/attributes/authd.rb b/cookbooks/wazuh_agent/attributes/authd.rb index 4bc33065..4c0e0c19 100644 --- a/cookbooks/wazuh_agent/attributes/authd.rb +++ b/cookbooks/wazuh_agent/attributes/authd.rb @@ -17,7 +17,7 @@ # limitations under the License. # -default['ossec']['agent_auth']['register'] = 'yes' +default['ossec']['agent_auth']['register'] = 'no' default['ossec']['agent_auth']['name'] = node['hostname'] default['ossec']['agent_auth']['host'] = node['ossec']['address'] default['ossec']['agent_auth']['port'] = 1515 From 1175d0fb6fca47d252d7434ed152b3b9aec461af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Garc=C3=ADa?= Date: Tue, 5 Jan 2021 11:29:08 +0100 Subject: [PATCH 260/260] metadata.rb: change version to 4.0.3 --- metadata.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.rb b/metadata.rb index 67145f88..24adbc4f 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ license 'Apache 2.0' description 'Installs/Configures Wazuh with chef cookbooks' long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version '4.0.1' +version '4.0.3' chef_version '>= 15.0' %w(redhat centos oracle).each do |el|