Merge pull request #108 from wazuh/release-4.0.0

Adapt wazuh-chef to upcoming major version
wazuh · Nov 17, 2020 · d7a4fed · d7a4fed
2 parents 96b8976 + be257f2
commit d7a4fed
Show file tree

Hide file tree

Showing 54 changed files with 684 additions and 923 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Chef v4.0.1
+
+### Added
+
+- Update to Wazuh version 4.0.1
 ## Wazuh Chef v3.13.2_7.9.1
 
 ### Added

diff --git a/README.md b/README.md
@@ -7,6 +7,12 @@
 
 Deploy the Wazuh platform using Chef cookbooks. Chef recipes are prepared for installing and configuring Agent, Manager (cluster) and RESTful API.
 
+## Compatibility Matrix
+
+| Wazuh version | Elastic | ODFE   |
+|---------------|---------|--------|
+| v4.0.1        | -       | v1.11.0|
+
 ## Dependencies
 
 Every cookbook will install its own required dependencies, *Berksfile* and *metadata.rb* contains all the information about which dependencies will be installed.
@@ -151,6 +157,13 @@ In order to do so, it's only needed to assign the value `yes` to the variable `
 default['ossec']['agent_auth']['register'] = 'yes'
 ```
 
+To connect an agent with the manager simply modify the `wazuh-chef/roles/wazuh_agent.json` with the desired IP address:
+
+```
+"registration_address": "<YOUR REGISTRATION IP ADDRESS>",
+"address": "<YOUR MANAGER IP ADDRESS>"
+```
+
 In other case, we just assign a different value which is not `yes`.
 
 ## Contribute

diff --git a/cookbooks/wazuh_agent/CHANGELOG.md b/cookbooks/wazuh_agent/CHANGELOG.md
@@ -1,3 +1,6 @@
+## v0.1.0
+1. Bump to wazuh 4.0.1 version
+2. Added suse repository
 ## v0.0.9
 Amazon Linux OS included in repository.rb
 ## v0.0.8

diff --git a/cookbooks/wazuh_agent/attributes/active-response.rb b/cookbooks/wazuh_agent/attributes/active-response.rb
@@ -1,3 +1,6 @@
-default['ossec']['conf']['active-response']['disabled'] = false
-default['ossec']['conf']['active-response']['ca_store'] = "/var/ossec/etc/wpk_root.pem"
-default['ossec']['conf']['active-response']['ca_verification'] = true  
+default['ossec']['conf']['active-response'] = [{
+    'disabled' => 'no',
+    'ca_store' => "/var/ossec/etc/wpk_root.pem",
+    'ca_verification' => 'yes'
+}]
+
diff --git a/cookbooks/wazuh_agent/attributes/client.rb b/cookbooks/wazuh_agent/attributes/client.rb
@@ -1,7 +1,6 @@
-
 default['ossec']['conf']['client']['server']['address'] = node['ossec']['address']
 default['ossec']['conf']['client']['server']['port'] = 1514
-default['ossec']['conf']['client']['server']['protocol'] = 'udp'
+default['ossec']['conf']['client']['server']['protocol'] = 'tcp'
 default['ossec']['conf']['client']['server']['max_retries'] = '5'
 default['ossec']['conf']['client']['server']['retry_interval'] = '5'
 default['ossec']['conf']['client']['notify_time'] = 10

diff --git a/cookbooks/wazuh_agent/attributes/client_buffer.rb b/cookbooks/wazuh_agent/attributes/client_buffer.rb
@@ -1,3 +1,5 @@
-default['ossec']['conf']['client_buffer']['disabled'] = false
-default['ossec']['conf']['client_buffer']['queue_size'] = 5000
-default['ossec']['conf']['client_buffer']['events_per_second'] = 500
+default['ossec']['conf']['client_buffer'] = [{
+    'disabled' => 'no',
+    'queue_size' => '5000',
+    'events_per_second' => '500'
+}]
diff --git a/cookbooks/wazuh_agent/attributes/default.rb b/cookbooks/wazuh_agent/attributes/default.rb
@@ -18,7 +18,5 @@
 #
 # general settings
 default['ossec']['dir'] = '/var/ossec'
-default['ossec']['address'] = nil
+default['ossec']['address'] = '172.19.0.211'
 default['ossec']['ignore_failure'] = true
-
-
diff --git a/cookbooks/wazuh_agent/attributes/rootcheck.rb b/cookbooks/wazuh_agent/attributes/rootcheck.rb
@@ -1,13 +1,15 @@
 # Rootcheck settings
-default['ossec']['conf']['rootcheck']['disabled'] = false
-default['ossec']['conf']['rootcheck']['check_files'] = true
-default['ossec']['conf']['rootcheck']['check_trojans'] = true
-default['ossec']['conf']['rootcheck']['check_dev'] = true
-default['ossec']['conf']['rootcheck']['check_sys'] = true
-default['ossec']['conf']['rootcheck']['check_pids'] = true
-default['ossec']['conf']['rootcheck']['check_ports'] = true
-default['ossec']['conf']['rootcheck']['check_if'] = true
-default['ossec']['conf']['rootcheck']['frequency'] = 43200
-default['ossec']['conf']['rootcheck']['rootkit_files'] = "#{node['ossec']['dir']}/etc/shared/rootkit_files.txt"
-default['ossec']['conf']['rootcheck']['rootkit_trojans'] = "#{node['ossec']['dir']}/etc/shared/rootkit_trojans.txt"
-default['ossec']['conf']['rootcheck']['skip_nfs'] = true
+default['ossec']['conf']['rootcheck'] = [{
+    'disabled' => 'no',
+    'check_files' => 'yes',
+    'check_trojans' => 'yes',
+    'check_dev' => 'yes',
+    'check_sys' => 'yes',
+    'check_pids' => 'yes',
+    'check_ports' => 'yes',
+    'check_if' => 'yes',
+    'frequency' => '43200',
+    'rootkit_files' => "#{node['ossec']['dir']}/etc/shared/rootkit_files.txt",
+    'rootkit_trojans' => "#{node['ossec']['dir']}/etc/shared/rootkit_trojans.txt",
+    'skip_nfs' => 'yes'    
+}]
diff --git a/cookbooks/wazuh_agent/attributes/sca.rb b/cookbooks/wazuh_agent/attributes/sca.rb
@@ -1,5 +1,7 @@
 
-default['ossec']['conf']['sca']['enabled'] = true
-default['ossec']['conf']['sca']['scan_on_start'] = true
-default['ossec']['conf']['sca']['interval'] = "12h"
-default['ossec']['conf']['sca']['skip_nfs'] = true
+default['ossec']['conf']['sca'] = [{
+    'enabled' => 'yes',
+    'scan_on_start' => 'yes',
+    'interval' => "12h",
+    'skip_nfs' => 'yes'
+}]
diff --git a/cookbooks/wazuh_agent/attributes/syscheck.rb b/cookbooks/wazuh_agent/attributes/syscheck.rb
@@ -29,3 +29,37 @@
 
 default['ossec']['conf']['syscheck']['nodiff'] = '/etc/ssl/private.key'
 default['ossec']['conf']['syscheck']['skip_nfs'] = true
+
+=begin
+# Syscheck settings
+default['ossec']['conf']['syscheck'] = [{
+  'disabled' => 'no',
+  'frequency' => '43200',
+  'scan_on_start' => 'yes',
+  ['ignore'] = [
+    '/etc/mtab',
+    '/etc/hosts.deny',
+    '/etc/mail/statistics',
+    '/etc/random-seed',
+    '/etc/random.seed',
+    '/etc/adjtime',
+    '/etc/httpd/logs',
+    '/etc/utmpx',
+    '/etc/wtmpx',
+    '/etc/cups/certs',
+    '/etc/dumpdates',
+    '/etc/svc/volatile',
+    '/sys/kernel/security',
+    '/sys/kernel/debug',
+    '/dev/core',
+    { '@type' => 'sregex', 'content!' => '^/proc' },
+    { '@type' => 'sregex', 'content!' => '.log$|.swp$'}
+  ],
+  ['directories'] = [
+    { '@check_all' => true, 'content!' => '/etc,/usr/bin,/usr/sbin' },
+    { '@check_all' => true, 'content!' => '/bin,/sbin,/boot' }
+  ],
+  'nodiff' => '/etc/ssl/private.key',
+  'skip_nfs' => 'yes'
+}]
+=end
diff --git a/cookbooks/wazuh_agent/attributes/version.rb b/cookbooks/wazuh_agent/attributes/version.rb
@@ -1,2 +1,2 @@
-default['wazuh-agent']['version'] = "3.13.2"
+default['wazuh-agent']['version'] = "4.0.1"
 
diff --git a/cookbooks/wazuh_agent/metadata.rb b/cookbooks/wazuh_agent/metadata.rb
@@ -4,7 +4,7 @@
 license          'Apache 2.0'
 description      'Installs and onfigures ossec'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.0.9'
+version          '0.1.0'
 
 %w(redhat centos oracle).each do |el|
   supports el, '>= 6.0'

diff --git a/cookbooks/wazuh_agent/recipes/repository.rb b/cookbooks/wazuh_agent/recipes/repository.rb
@@ -26,18 +26,30 @@
     subscribes :reload, 'package[lsb-release]', :immediately
   end
 
-  apt_repository 'Wazuh' do
-    uri 'http://packages.wazuh.com/3.x/apt/'
+  apt_repository 'wazuh' do
+    uri 'http://packages.wazuh.com/4.x/apt/'
     key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
     components ['main']
     distribution 'stable'
   end
 
+  apt_update
 elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
-  yum_repository 'Wazuh' do
-    description 'WAZUH Repository - www.wazuh.com'
-    baseurl 'https://packages.wazuh.com/3.x/yum'
+  yum_repository 'wazuh' do
+    description 'WAZUH Yum Repository - www.wazuh.com'
+    gpgcheck true
     gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+    enabled true 
+    baseurl 'https://packages.wazuh.com/4.x/yum'
+    action :create
+  end
+elsif
+   zypper_repository 'wazuh' do
+    description 'WAZUH Yum Repository - www.wazuh.com'
+    gpgcheck true
+    gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+    enabled true 
+    baseurl 'https://packages.wazuh.com/4.x/yum'
     action :create
   end
 else

diff --git a/cookbooks/wazuh_elastic/Berksfile b/cookbooks/wazuh_elastic/Berksfile
@@ -4,4 +4,4 @@ source 'https://supermarket.getchef.com'
 metadata
 
 cookbook 'hostsfile'
-cookbook 'htpasswd', '~> 0.3.0'
+cookbook 'htpasswd', '~> 1.0.0'
diff --git a/cookbooks/wazuh_elastic/CHANGELOG.md b/cookbooks/wazuh_elastic/CHANGELOG.md
@@ -0,0 +1,6 @@
+## v0.1.0
+1. Bump to Opendistro for Elasticsearch 7.9.1
+2. Added suse repository
+*Note*: in future version, kibana will be in an independent cookbook
+
+* Initial/current release
diff --git a/cookbooks/wazuh_elastic/attributes/elasticsearch.rb b/cookbooks/wazuh_elastic/attributes/elasticsearch.rb
@@ -19,5 +19,5 @@
 default['wazuh-elastic']['elasticsearch_port'] = 9200
 default['wazuh-elastic']['elasticsearch_ip'] = '0.0.0.0'
 default['wazuh-elastic']['elasticsearch_discovery_option'] = 'discovery.type: single-node'
-default['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes'] = "#cluster.initial_master_nodes: ['es-node-01']"
+default['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes'] = "['es-node-01']"
 
diff --git a/cookbooks/wazuh_elastic/attributes/kibana.rb b/cookbooks/wazuh_elastic/attributes/kibana.rb
@@ -1,4 +1,4 @@
 default['wazuh-elastic']['kibana_server_host'] = '0.0.0.0'
-default['wazuh-elastic']['kibana_server_port'] = '5601'
-default['wazuh-elastic']['kibana_elasticsearch_server_hosts'] = "http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}"
-default['wazuh-elastic']['kibana_wazuh_api_credentials'] = [ { id: "default", url: "http://localhost", port: "55000", user: "foo", password: "bar" } ]
+default['wazuh-elastic']['kibana_server_port'] = 5601
+default['wazuh-elastic']['kibana_elasticsearch_server_hosts'] = "https://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}"
+default['wazuh-elastic']['kibana_wazuh_api_credentials'] = [ { id: "default", url: "https://localhost", port: "55000", username: "wazuh", password: "wazuh" } ]
diff --git a/cookbooks/wazuh_elastic/attributes/versions.rb b/cookbooks/wazuh_elastic/attributes/versions.rb
@@ -1,3 +1,3 @@
-default['wazuh-elastic']['elastic_stack_version'] = '7.9.1'
-default['wazuh-elastic']['wazuh_app_version'] = "3.13.2_7.9.1"
-default['wazuh-elastic']['extensions_version'] = "v3.13.2"
+default['wazuh-elastic']['elastic_stack_version'] = "7.9.1"
+default['wazuh-elastic']['wazuh_app_version'] = "4.0.1_7.9.1"
+default['wazuh-elastic']['extensions_version'] = "v4.0.1"
diff --git a/cookbooks/wazuh_elastic/metadata.rb b/cookbooks/wazuh_elastic/metadata.rb
@@ -5,7 +5,7 @@
 license 'All rights reserved'
 description 'setup Elastic: elasticsearch and kibana for Wazuh'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version '0.0.2'
+version '0.1.0'
 
 %w( apt ).each do |pkg|
   depends pkg

diff --git a/cookbooks/wazuh_elastic/recipes/default.rb b/cookbooks/wazuh_elastic/recipes/default.rb
@@ -6,8 +6,7 @@
 
 #############################################
 include_recipe 'chef-sugar::default'
-
+include_recipe 'wazuh_elastic::prerequisites'
 include_recipe 'wazuh_elastic::repository'
-include_recipe 'wazuh_elastic::nginx'
 include_recipe 'wazuh_elastic::elasticsearch'
 include_recipe 'wazuh_elastic::kibana'