This repository has been archived by the owner on Jul 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #82 from wazuh/feature-unattended-installation
Customize feature unattended all-in-one and distributed instalatation
- Loading branch information
Showing
12 changed files
with
1,268 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# Change Log | ||
All notable changes to this project will be documented in this file. | ||
|
||
## [v4.1.1] | ||
|
||
### Added | ||
|
||
- All-in-one and distributred unattended installation ([@sergiogp98](https://github.com/sergiogp98)) [PR#82](https://github.com/wazuh/wazuh-cloudformation/pull/82) | ||
- Update to [Wazuh v4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Wazuh for Amazon AWS Cloudformation | ||
|
||
[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://goo.gl/forms/M2AoZC4b2R9A9Zy12) | ||
[![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh) | ||
[![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com) | ||
[![Web](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com) | ||
|
||
The all-in-one environment has the following structure: | ||
|
||
* One EC2 instance where all components will be installed on | ||
* Follow the [all-in-one unattended](https://documentation.wazuh.com/current/installation-guide/open-distro/all-in-one-deployment/unattended-installation.html) installation method | ||
* Components: Elasticsearch node, Wazuh server set to one master node and a Kibana | ||
node |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
AWSTemplateFormatVersion: 2010-09-09 | ||
Description: Provides an unattended all-in-one Wazuh installation | ||
Parameters: | ||
InstanceType: | ||
AllowedValues: | ||
- t2.small | ||
- t2.medium | ||
- t2.large | ||
- t2.xlarge | ||
ConstraintDescription: must be a valid EC2 instance type. | ||
Default: t2.large | ||
Description: EC2 instance type | ||
Type: String | ||
KeyName: | ||
ConstraintDescription: Can contain only ASCII characters. | ||
Description: Name of an existing EC2 KeyPair to enable SSH access to the instance | ||
Type: AWS::EC2::KeyPair::KeyName | ||
SSHLocation: | ||
AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2}) | ||
ConstraintDescription: Must be a valid IP CIDR range of the form x.x.x.x/x | ||
Default: 0.0.0.0/0 | ||
Description: The IP address range that can be used to SSH to the EC2 instances | ||
MaxLength: '18' | ||
MinLength: '9' | ||
Type: String | ||
WazuhVersion: | ||
AllowedValues: | ||
- "v4.0.1" | ||
- "v4.0.2" | ||
- "v4.0.3" | ||
- "v4.0.4" | ||
- "v4.1.0" | ||
- "v4.1.1" | ||
Description: Wazuh version | ||
Default: "v4.1.1" | ||
Type: String | ||
LogFile: | ||
Description: Log file path to keep track of actions | ||
Type: String | ||
Default: /var/log/wazuh-cloudformation.log | ||
Mappings: | ||
AWSInstanceType2Arch: | ||
t2.large: | ||
Arch: HVM64 | ||
t2.medium: | ||
Arch: HVM64 | ||
t2.micro: | ||
Arch: HVM64 | ||
t2.xlarge: | ||
Arch: HVM64 | ||
t2.small: | ||
Arch: HVM64 | ||
|
||
AWSRegionArch2AMI: | ||
us-east-1: | ||
HVM64: ami-0c6b1d09930fac512 | ||
HVMCENTOS7: ami-02eac2c0129f6376b | ||
HVMUBUNTU64: ami-024a64a6685d05041 | ||
HVMREDHAT7: ami-6871a115 | ||
HVMDEBIAN: ami-0357081a1383dc76b | ||
HVMWINDOWS: ami-0a9ca0496f746e6e0 | ||
us-east-2: | ||
HVM64: ami-0ebbf2179e615c338 | ||
HVMCENTOS7: ami-0f2b4fc905b0bd1f1 | ||
HVMUBUNTU64: ami-097ebb39620d8d54b | ||
HVMREDHAT7: ami-03291866 | ||
HVMDEBIAN: ami-09c10a66337c79669 | ||
HVMWINDOWS: ami-0087a83ed4a60d1e9 | ||
us-west-1: | ||
HVM64: ami-015954d5e5548d13b | ||
HVMUBUNTU64: ami-040dfc3ebf1bfc4f6 | ||
HVMCENTOS7: ami-074e2d6769f445be5 | ||
HVMREDHAT7: ami-18726478 | ||
HVMDEBIAN: ami-0adbaf2e0ce044437 | ||
HVMWINDOWS: ami-05bf35c67c02cd868 | ||
us-west-2: | ||
HVM64: ami-0cb72367e98845d43 | ||
HVMUBUNTU64: ami-0196ce5c34425a906 | ||
HVMCENTOS7: ami-01ed306a12b7d1c96 | ||
HVMREDHAT7: ami-28e07e50 | ||
HVMDEBIAN: ami-05a3ef6744aa96514 | ||
HVMWINDOWS: ami-04ad37d2932b886c0 | ||
|
||
Resources: | ||
WazuhAIO: | ||
Properties: | ||
ImageId: | ||
Fn::FindInMap: | ||
- AWSRegionArch2AMI | ||
- Ref: AWS::Region | ||
- Fn::FindInMap: | ||
- AWSInstanceType2Arch | ||
- Ref: InstanceType | ||
- Arch | ||
InstanceType: | ||
Ref: InstanceType | ||
KeyName: | ||
Ref: KeyName | ||
SecurityGroups: | ||
- Ref: SecurityGroup | ||
UserData: | ||
Fn::Base64: !Sub | | ||
#!/bin/bash | ||
echo "Downloading script..." > ${LogFile} | ||
curl -so ~/all-in-one-installation.sh https://raw.githubusercontent.com/wazuh/wazuh-documentation/${WazuhVersion}/resources/open-distro/unattended-installation/all-in-one-installation.sh | ||
echo "Installing script..." > ${LogFile} | ||
bash ~/all-in-one-installation.sh > ${LogFile} | ||
Type: AWS::EC2::Instance | ||
|
||
SecurityGroup: | ||
Properties: | ||
GroupDescription: Enable HTTPS access via port 443 | ||
SecurityGroupIngress: | ||
- CidrIp: 0.0.0.0/0 | ||
FromPort: '443' | ||
IpProtocol: tcp | ||
ToPort: '443' | ||
- CidrIp: | ||
Ref: SSHLocation | ||
FromPort: '22' | ||
IpProtocol: tcp | ||
ToPort: '22' | ||
Type: AWS::EC2::SecurityGroup |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# Wazuh for Amazon AWS Cloudformation | ||
|
||
[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://goo.gl/forms/M2AoZC4b2R9A9Zy12) | ||
[![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh) | ||
[![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com) | ||
[![Web](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com) | ||
|
||
The distributed environment has the following structure: | ||
|
||
* A VPC with two subnets, one for Wazuh servers, and another for Elastic Stack | ||
* Wazuh managers cluster with two nodes, a master and a worker | ||
* Elasticsearch cluster with 3 data nodes | ||
* Kibana nodes installed among Elasticsearch initial node | ||
* Follow the [distributed unattended](https://documentation.wazuh.com/current/installation-guide/open-distro/distributed-deployment/unattended/index.html) installation method |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/bash | ||
|
||
CERTS_FILE={{src}}/certs.tar | ||
find=0 | ||
while [ $find -eq 0 ] | ||
do | ||
if [[ -f "{{dst}}/certs.tar" ]] | ||
then | ||
find=1 | ||
echo "Cert files already in /root" | ||
elif [[ -f "$CERTS_FILE" ]] | ||
then | ||
find=1 | ||
echo "Cert files found. Moving them to {{dst}}..." | ||
mv $CERTS_FILE {{dst}} | ||
else | ||
echo "Cert files not found. Sleeping 60 seconds..." | ||
sleep 60 | ||
fi | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/bin/bash | ||
|
||
USER=$1 | ||
IP=$2 | ||
PORT=$3 | ||
|
||
open=0 | ||
while [ $open -eq 0 ] | ||
do | ||
ssh -i ~/.ssh/ssh.key $USER@$IP "sudo netstat -tulnp" | grep $PORT &> /dev/null | ||
if [[ $? -eq 0 ]] # Open | ||
then | ||
open=1 | ||
echo "Port $PORT open in $IP" | ||
else # Close | ||
echo "Port $PORT close in $IP. Sleeping 60 seconds..." | ||
sleep 60 | ||
fi | ||
done | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/bin/bash | ||
|
||
echo "Linking 443 port to Kibana socket..." | ||
setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/node | ||
echo "Starting kibana service..." | ||
systemctl daemon-reload | ||
systemctl enable kibana.service | ||
systemctl restart kibana.service | ||
echo "Initializing Kibana (this may take a while)" | ||
until [[ "$(curl -XGET https://{{kibana_ip}}/status -I -uadmin:admin -k -s --max-time 300 | grep "200 OK")" ]]; do | ||
sleep 10 | ||
done | ||
conf="$(awk '{sub("url: https://localhost", "url: https://{{wazuh_master_ip}}")}1' /usr/share/kibana/data/wazuh/config/wazuh.yml)" | ||
echo "${conf}" > /usr/share/kibana/data/wazuh/config/wazuh.yml | ||
echo "You can access the web interface https://{{kibana_ip}}. The credentials are admin:admin" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
|
||
logger -s "Updating {{ossec_conf}}..." 2>> {{log_file}} | ||
cat ~/cluster.conf | logger -s 2>> {{log_file}} | ||
sed -i '/<cluster>/,/<\/cluster>/d' {{ossec_conf}} | ||
cat ~/cluster.conf >> {{ossec_conf}} |
Oops, something went wrong.