diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 00000000..a36bef4f --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,6 @@ +--- +fixtures: + forge_modules: + stdlib: + repo: "puppetlabs/stdlib" + ref: "4.13.0" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a5a75331..77e7707a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,10 +2,17 @@ name: Kitchen tests for Wazuh Puppet on: [push, workflow_dispatch] -# - name: Build and launch Linting test -# uses: './.github/actions/validate_module' - jobs: + + pdk-validate: + runs-on: ubuntu-latest + steps: + - name: Check out code + uses: actions/checkout@v2 + + - name: Run PDK validation tests + uses: './.github/actions/validate_module' + amazonlinux: runs-on: ubuntu-latest steps: diff --git a/.pdkignore b/.pdkignore new file mode 100644 index 00000000..e6215cd0 --- /dev/null +++ b/.pdkignore @@ -0,0 +1,42 @@ +.git/ +.*.sw[op] +.metadata +.yardoc +.yardwarns +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/tmp/ +/vendor/ +/convert_report.txt +/update_report.txt +.DS_Store +.project +.envrc +/inventory.yaml +/appveyor.yml +/.fixtures.yml +/Gemfile +/.gitattributes +/.gitignore +/.gitlab-ci.yml +/.pdkignore +/Rakefile +/rakelib/ +/.rspec +/.rubocop.yml +/.travis.yml +/.yardopts +/spec/ +/.vscode/ diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 00000000..5307849e --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,137 @@ +--- +require: +- rubocop-rspec +- rubocop-i18n +AllCops: + DisplayCopNames: true + TargetRubyVersion: '2.1' + Include: + - "./**/*.rb" + Exclude: + - bin/* + - ".vendor/**/*" + - "**/Gemfile" + - "**/Rakefile" + - pkg/**/* + - spec/fixtures/**/* + - vendor/**/* + - "**/Puppetfile" + - "**/Vagrantfile" + - "**/Guardfile" +Metrics/LineLength: + Description: People have wide screens, use them. + Max: 200 +GetText: + Enabled: false +GetText/DecorateString: + Description: We don't want to decorate test output. + Exclude: + - spec/**/* + Enabled: false +RSpec/BeforeAfterAll: + Description: Beware of using after(:all) as it may cause state to leak between tests. + A necessary evil in acceptance testing. + Exclude: + - spec/acceptance/**/*.rb +RSpec/HookArgument: + Description: Prefer explicit :each argument, matching existing module's style + EnforcedStyle: each +Style/BlockDelimiters: + Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to + be consistent then. + EnforcedStyle: braces_for_chaining +Style/BracesAroundHashParameters: + Description: Braces are required by Ruby 2.7. Cop removed from RuboCop v0.80.0. + See https://github.com/rubocop-hq/rubocop/pull/7643 + Enabled: true +Style/ClassAndModuleChildren: + Description: Compact style reduces the required amount of indentation. + EnforcedStyle: compact +Style/EmptyElse: + Description: Enforce against empty else clauses, but allow `nil` for clarity. + EnforcedStyle: empty +Style/FormatString: + Description: Following the main puppet project's style, prefer the % format format. + EnforcedStyle: percent +Style/FormatStringToken: + Description: Following the main puppet project's style, prefer the simpler template + tokens over annotated ones. + EnforcedStyle: template +Style/Lambda: + Description: Prefer the keyword for easier discoverability. + EnforcedStyle: literal +Style/RegexpLiteral: + Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168 + EnforcedStyle: percent_r +Style/TernaryParentheses: + Description: Checks for use of parentheses around ternary conditions. Enforce parentheses + on complex expressions for better readability, but seriously consider breaking + it up. + EnforcedStyle: require_parentheses_when_complex +Style/TrailingCommaInArguments: + Description: Prefer always trailing comma on multiline argument lists. This makes + diffs, and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/TrailingCommaInLiteral: + Description: Prefer always trailing comma on multiline literals. This makes diffs, + and re-ordering nicer. + EnforcedStyleForMultiline: comma +Style/SymbolArray: + Description: Using percent style obscures symbolic intent of array's contents. + EnforcedStyle: brackets +RSpec/MessageSpies: + EnforcedStyle: receive +Style/Documentation: + Exclude: + - lib/puppet/parser/functions/**/* + - spec/**/* +Style/WordArray: + EnforcedStyle: brackets +Style/CollectionMethods: + Enabled: true +Style/MethodCalledOnDoEndBlock: + Enabled: true +Style/StringMethods: + Enabled: true +GetText/DecorateFunctionMessage: + Enabled: false +GetText/DecorateStringFormattingUsingInterpolation: + Enabled: false +GetText/DecorateStringFormattingUsingPercent: + Enabled: false +Layout/EndOfLine: + Enabled: false +Layout/IndentHeredoc: + Enabled: false +Metrics/AbcSize: + Enabled: false +Metrics/BlockLength: + Enabled: false +Metrics/ClassLength: + Enabled: false +Metrics/CyclomaticComplexity: + Enabled: false +Metrics/MethodLength: + Enabled: false +Metrics/ModuleLength: + Enabled: false +Metrics/ParameterLists: + Enabled: false +Metrics/PerceivedComplexity: + Enabled: false +RSpec/DescribeClass: + Enabled: false +RSpec/ExampleLength: + Enabled: false +RSpec/MessageExpectation: + Enabled: false +RSpec/MultipleExpectations: + Enabled: false +RSpec/NestedGroups: + Enabled: false +Style/AsciiComments: + Enabled: false +Style/IfUnlessModifier: + Enabled: false +Style/SymbolProc: + Enabled: false diff --git a/CHANGELOG.md b/CHANGELOG.md index 3f842ecb..256cfe38 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,26 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Puppet v4.0.4 + +### Added + +- Update to Wazuh [v4.0.4](https://github.com/wazuh/wazuh-ansible/blob/v4.0.4/CHANGELOG.md) +- Add support for Elasticsearch cluster in Kibana manifests ([@neonmei](https://github.com/neonmei)) [PR#317](https://github.com/wazuh/wazuh-puppet/pull/317) +- Add support for Ubuntu 20.04 (Focal Fossa) ([@Zenidd](https://github.com/Zenidd), [@neonmei](https://github.com/neonmei)) [PR#321](https://github.com/wazuh/wazuh-puppet/pull/321) +### Fixed + +- Idempotency improvements in Elasticsearch manifests ([@neonmei](https://github.com/neonmei)) [PR#313](https://github.com/wazuh/wazuh-puppet/pull/313) +- Linting improvements work for Puppet Forge publishing ([@Zenidd](https://github.com/Zenidd)) [PR#314](https://github.com/wazuh/wazuh-puppet/pull/314) +- Idempotency improvements in Kibana manifests ([@neonmei](https://github.com/neonmei)) [PR#315](https://github.com/wazuh/wazuh-puppet/pull/315) +- PDK validate improvements ([@neonmei](https://github.com/neonmei)) [PR#319](https://github.com/wazuh/wazuh-puppet/pull/319) +- Fix warnings due to undefined variables ([@Hexta](https://github.com/Hexta)) [PR#331](https://github.com/wazuh/wazuh-puppet/pull/331) +- Use `manager_ossec.conf` as render target for Integrations ([@Zenidd](https://github.com/Zenidd)) [PR#327](https://github.com/wazuh/wazuh-puppet/pull/327) +- Use `manager_ossec.conf` as render target for Reports ([@Zenidd](https://github.com/Zenidd)) [PR#328](https://github.com/wazuh/wazuh-puppet/pull/328) +- Remove manager-specific options for active response in agent manifest ([@Zenidd](https://github.com/Zenidd)) [PR#332](https://github.com/wazuh/wazuh-puppet/pull/332) +- Fix stdlib deprecation warnings related to `validate_*` functions ([@Hexta](https://github.com/Hexta)) [PR#334](https://github.com/wazuh/wazuh-puppet/pull/334) +- Update target name in concat resources for `manager_ossec.conf` ([@g3rhard](https://github.com/g3rhard )) [PR#341](https://github.com/wazuh/wazuh-puppet/pull/341) + ## Wazuh Puppet v4.0.3 ### Added @@ -17,7 +37,7 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh version 4.0.2 +- Update to Wazuh version 4.0.2 ### Fixed @@ -28,8 +48,8 @@ All notable changes to this project will be documented in this file. ### Added -- Update to Wazuh version 4.0.1 -- Support for Wazuh v4 new features ([@Zenidd](https://github.com/Zenidd)) [PR#300](https://github.com/wazuh/wazuh-puppet/pull/300): +- Update to Wazuh version 4.0.1 +- Support for Wazuh v4 new features ([@Zenidd](https://github.com/Zenidd)) [PR#300](https://github.com/wazuh/wazuh-puppet/pull/300): - Agent autoenrollment - API RBAC diff --git a/Gemfile b/Gemfile index 4a43cdb0..15d8aa43 100644 --- a/Gemfile +++ b/Gemfile @@ -73,6 +73,5 @@ gem "test-kitchen" gem "kitchen-puppet" gem "kitchen-vagrant" gem 'kitchen-docker', '~> 2.3' -gem "puppet" gem "librarian-puppet" # vim: syntax=ruby diff --git a/README.md b/README.md index 5d4e0756..45ae750f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ [![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh) [![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com) [![Web](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com) -![Kitchen tests](https://github.com/wazuh/wazuh-puppet/workflows/Kitchen%20tests/badge.svg) +![Kitchen tests for Wazuh Puppet](https://github.com/wazuh/wazuh-puppet/workflows/Kitchen%20tests%20for%20Wazuh%20Puppet/badge.svg) This module installs and configure Wazuh agent and manager. @@ -67,7 +67,6 @@ This module installs and configure Wazuh agent and manager. │ ├── params_opendistro.pp │ ├── repo_elastic_oss.pp │ ├── repo_elastic.pp - │ ├── repo_elasticsearch-oss.pp │ ├── repo_opendistro.pp │ ├── repo.pp │ ├── reports.pp @@ -138,7 +137,7 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz ## License and copyright WAZUH -Copyright (C) 2020 Wazuh Inc. (License GPLv2) +Copyright (C) 2021 Wazuh Inc. (License GPLv2) ## Web References diff --git a/VERSION b/VERSION index c87e6dad..937735d0 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-PUPPET_VERSION="v4.0.3" -REVISION="40003" +WAZUH-PUPPET_VERSION="v4.0.4" +REVISION="40004" diff --git a/data/common.yaml b/data/common.yaml index ed97d539..2fbf0ffd 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1 +1 @@ ---- +--- {} diff --git a/kitchen/test/integration/agent/agent_spec.rb b/kitchen/test/integration/agent/agent_spec.rb index 103a5859..0071b397 100644 --- a/kitchen/test/integration/agent/agent_spec.rb +++ b/kitchen/test/integration/agent/agent_spec.rb @@ -1,25 +1,29 @@ -describe package('wazuh-agent') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '4.0.3-1' } -end +control 'wazuh-agent' do + title 'Wazuh agent tests' + describe 'Checks Wazuh agent correct version, services and daemon ownership' -describe service('wazuh-agent') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } -end + describe package('wazuh-agent') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '4.0.4-1' } + end -# Verifying daemons + describe service('wazuh-agent') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end -wazuh_daemons = { - # 'ossec-agentd' => 'ossec', - 'ossec-execd' => 'root', - # 'ossec-syscheckd' => 'root', -# 'wazuh-modulesd' => 'root', -} + # Verifying daemons + wazuh_daemons = { + # 'ossec-agentd' => 'ossec', + 'ossec-execd' => 'root', + # 'ossec-syscheckd' => 'root', + # 'wazuh-modulesd' => 'root', + } -wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } + wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } + end end end diff --git a/kitchen/test/integration/mngr/manager_spec.rb b/kitchen/test/integration/mngr/manager_spec.rb index a0be95e6..a4a66f6f 100644 --- a/kitchen/test/integration/mngr/manager_spec.rb +++ b/kitchen/test/integration/mngr/manager_spec.rb @@ -1,31 +1,35 @@ -describe package('wazuh-manager') do - it { is_expected.to be_installed } - its('version') { is_expected.to eq '4.0.3-1' } -end +control 'wazuh-manager' do + title 'Wazuh manager tests' + describe 'Checks Wazuh manager correct version, services and daemon ownership' -describe service('wazuh-manager') do - it { is_expected.to be_installed } - it { is_expected.to be_enabled } - it { is_expected.to be_running } -end + describe package('wazuh-manager') do + it { is_expected.to be_installed } + its('version') { is_expected.to eq '4.0.4-1' } + end -# Verifying daemons + # Verifying service + describe service('wazuh-manager') do + it { is_expected.to be_installed } + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end -wazuh_daemons = { - 'ossec-authd' => 'root', - 'ossec-execd' => 'root', - 'ossec-analysisd' => 'ossec', - 'ossec-syscheckd' => 'root', - 'ossec-remoted' => 'ossecr', - 'ossec-logcollector' => 'root', - 'ossec-monitord' => 'ossec', - 'wazuh-db' => 'ossec', - 'wazuh-modulesd' => 'root', -} + # Verifying daemons + wazuh_daemons = { + 'ossec-authd' => 'root', + 'ossec-execd' => 'root', + 'ossec-analysisd' => 'ossec', + 'ossec-syscheckd' => 'root', + 'ossec-remoted' => 'ossecr', + 'ossec-logcollector' => 'root', + 'ossec-monitord' => 'ossec', + 'wazuh-db' => 'ossec', + 'wazuh-modulesd' => 'root', + } -wazuh_daemons.each do |key, value| - describe processes(key) do - its('users') { is_expected.to eq [value] } + wazuh_daemons.each do |key, value| + describe processes(key) do + its('users') { is_expected.to eq [value] } + end end end - diff --git a/lib/facter/kibana_plugin_wazuh.rb b/lib/facter/kibana_plugin_wazuh.rb new file mode 100644 index 00000000..49ebadcb --- /dev/null +++ b/lib/facter/kibana_plugin_wazuh.rb @@ -0,0 +1,16 @@ +require 'json' +require 'puppet' +require 'puppet/util/execution' + +Facter.add('kibana_plugin_wazuh') do + setcode do + # move this to hiera + wazuh_package_path = '/usr/share/kibana/plugins/wazuh/package.json' + + if File.exist?(wazuh_package_path) + f = File.read(wazuh_package_path) + kibana_plugin_wazuh = JSON.parse(f) + kibana_plugin_wazuh + end + end +end diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp index f125ac27..186396c6 100644 --- a/manifests/activeresponse.pp +++ b/manifests/activeresponse.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) #Define for a specific ossec active-response define wazuh::activeresponse( $active_response_name = 'Rendering active-response template', diff --git a/manifests/addlog.pp b/manifests/addlog.pp index 078fcea1..0e13f6a9 100644 --- a/manifests/addlog.pp +++ b/manifests/addlog.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) #Define a log-file to add to ossec define wazuh::addlog( $logfile = undef, @@ -6,11 +6,12 @@ $logcommand = undef, $commandalias = undef, $frequency = undef, + $target_arg = 'manager_ossec.conf', ) { require wazuh::params_manager concat::fragment { "ossec.conf_localfile-${logfile}": - target => 'ossec.conf', + target => $target_arg, content => template('wazuh/fragments/_localfile_generation.erb'), order => 21, } diff --git a/manifests/agent.pp b/manifests/agent.pp index 977520d4..36cac9b5 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Puppet class that installs and manages the Wazuh agent class wazuh::agent ( @@ -219,14 +219,7 @@ # active-response $ossec_active_response_disabled = $wazuh::params_agent::active_response_disabled, $ossec_active_response_linux_ca_store = $wazuh::params_agent::active_response_linux_ca_store, - $ossec_active_response_ca_verification = $wazuh::params_agent::active_response_ca_verification, - $ossec_active_response_command = $wazuh::params_agent::active_response_command, - $ossec_active_response_location = $wazuh::params_agent::active_response_location, - $ossec_active_response_level = $wazuh::params_agent::active_response_level, - $ossec_active_response_agent_id = $wazuh::params_agent::active_response_agent_id, - $ossec_active_response_rules_id = $wazuh::params_agent::active_response_rules_id, - $ossec_active_response_timeout = $wazuh::params_agent::active_response_timeout, $ossec_active_response_repeated_offenders = $wazuh::params_agent::active_response_repeated_offenders, # Agent Labels @@ -250,8 +243,8 @@ # ) # This allows arrays of integers, sadly # (commented due to stdlib version requirement) - validate_string($agent_package_name) - validate_string($agent_service_name) + validate_legacy(String, 'validate_string', $agent_package_name) + validate_legacy(String, 'validate_string', $agent_service_name) if (( $ossec_syscheck_whodata_directories_1 == 'yes' ) or ( $ossec_syscheck_whodata_directories_2 == 'yes' )) { class { 'wazuh::audit': @@ -447,15 +440,10 @@ active_response_disabled => $ossec_active_response_disabled, active_response_linux_ca_store => $ossec_active_response_linux_ca_store, active_response_ca_verification => $ossec_active_response_ca_verification, - active_response_command => $ossec_active_response_command, - active_response_location => $ossec_active_response_location, - active_response_level => $ossec_active_response_level, - active_response_agent_id => $ossec_active_response_agent_id, - active_response_rules_id => $ossec_active_response_rules_id, - active_response_timeout => $ossec_active_response_timeout, active_response_repeated_offenders => $ossec_active_response_repeated_offenders, order_arg => 40, - before_arg => Service[$agent_service_name] + before_arg => Service[$agent_service_name], + target_arg => 'agent_ossec.conf' } } @@ -480,14 +468,14 @@ # Agent registration and service setup if ($manage_client_keys == 'yes') { if $agent_name { - validate_string($agent_name) + validate_legacy(String, 'validate_string', $agent_name) $agent_auth_option_name = "-A \"${agent_name}\"" } else { $agent_auth_option_name = '' } if $agent_group { - validate_string($agent_group) + validate_legacy(String, 'validate_string', $agent_group) $agent_auth_option_group = "-G \"${agent_group}\"" } else { $agent_auth_option_group = '' @@ -512,7 +500,7 @@ # https://documentation.wazuh.com/4.0/user-manual/registering/manager-verification/manager-verification-registration.html if $wazuh_manager_root_ca_pem != undef { - validate_string($wazuh_manager_root_ca_pem) + validate_legacy(String, 'validate_string', $wazuh_manager_root_ca_pem) file { '/var/ossec/etc/rootCA.pem': owner => $wazuh::params_agent::keys_owner, group => $wazuh::params_agent::keys_group, @@ -522,7 +510,7 @@ } $agent_auth_option_manager = '-v /var/ossec/etc/rootCA.pem' } elsif $wazuh_manager_root_ca_pem_path != undef { - validate_string($wazuh_manager_root_ca_pem) + validate_legacy(String, 'validate_string', $wazuh_manager_root_ca_pem) $agent_auth_option_manager = "-v ${wazuh_manager_root_ca_pem_path}" } else { $agent_auth_option_manager = '' # Avoid errors when compounding final command @@ -530,8 +518,8 @@ # https://documentation.wazuh.com/4.0/user-manual/registering/manager-verification/agent-verification-registration.html if ($wazuh_agent_cert != undef) and ($wazuh_agent_key != undef) { - validate_string($wazuh_agent_cert) - validate_string($wazuh_agent_key) + validate_legacy(String, 'validate_string', $wazuh_agent_cert) + validate_legacy(String, 'validate_string', $wazuh_agent_key) file { '/var/ossec/etc/sslagent.cert': owner => $wazuh::params_agent::keys_owner, group => $wazuh::params_agent::keys_group, @@ -549,9 +537,11 @@ $agent_auth_option_agent = '-x /var/ossec/etc/sslagent.cert -k /var/ossec/etc/sslagent.key' } elsif ($wazuh_agent_cert_path != undef) and ($wazuh_agent_key_path != undef) { - validate_string($wazuh_agent_cert_path) - validate_string($wazuh_agent_key_path) + validate_legacy(String, 'validate_string', $wazuh_agent_cert_path) + validate_legacy(String, 'validate_string', $wazuh_agent_key_path) $agent_auth_option_agent = "-x ${wazuh_agent_cert_path} -k ${wazuh_agent_key_path}" + } else { + $agent_auth_option_agent = '' } $agent_auth_command = "${agent_auth_base_command} ${agent_auth_option_name} ${agent_auth_option_group} \ diff --git a/manifests/audit.pp b/manifests/audit.pp index 6e882fd6..05adc926 100644 --- a/manifests/audit.pp +++ b/manifests/audit.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Define an ossec command class wazuh::audit ( diff --git a/manifests/command.pp b/manifests/command.pp index 1d49d248..91f10eee 100644 --- a/manifests/command.pp +++ b/manifests/command.pp @@ -1,16 +1,17 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Define an ossec command define wazuh::command( $command_name, $command_executable, - $command_expect = 'srcip', + $command_expect = 'srcip', $timeout_allowed = true, + $target_arg = 'manager_ossec.conf', ) { require wazuh::params_manager if ($timeout_allowed) { $command_timeout_allowed='yes' } else { $command_timeout_allowed='no' } concat::fragment { $name: - target => 'ossec.conf', + target => $target_arg, order => 46, content => template('wazuh/fragments/_command.erb'), } diff --git a/manifests/elasticsearch.pp b/manifests/elasticsearch.pp index a6704d04..eafc875d 100644 --- a/manifests/elasticsearch.pp +++ b/manifests/elasticsearch.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Setup for elasticsearch class wazuh::elasticsearch ( # Elasticsearch.yml configuration @@ -13,16 +13,24 @@ $elasticsearch_package = 'elasticsearch', $elasticsearch_version = '7.9.3', - $elasticsearch_path_data = '/var/lib/elasticsearch', - $elasticsearch_path_logs = '/var/log/elasticsearch', - + # user/group elasticsearch processes run as + $elasticsearch_user = 'elasticsearch', + $elasticsearch_group = 'elasticsearch', $elasticsearch_ip = 'localhost', $elasticsearch_port = '9200', $elasticsearch_discovery_option = 'discovery.type: single-node', $elasticsearch_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']", -# JVM options + # elasticsearch paths + $elasticsearch_path_config = '/etc/elasticsearch', + $elasticsearch_path_eshome = '/usr/share/elasticsearch', + $elasticsearch_path_data = '/var/lib/elasticsearch', + $elasticsearch_path_logs = '/var/log/elasticsearch', + + $elasticsearch_limits_file = '/etc/security/limits.conf', + + # JVM options $jvm_options_memmory = '1g', ){ @@ -35,7 +43,7 @@ file { 'Configure elasticsearch.yml': owner => 'elasticsearch', - path => '/etc/elasticsearch/elasticsearch.yml', + path => "${$elasticsearch_path_config}/elasticsearch.yml", group => 'elasticsearch', mode => '0644', notify => Service[$elasticsearch_service], ## Restarts the service @@ -45,7 +53,7 @@ file { 'Configure jvm.options': owner => 'elasticsearch', - path => '/etc/elasticsearch/jvm.options', + path => "${$elasticsearch_path_config}/jvm.options", group => 'elasticsearch', mode => '0660', notify => Service[$elasticsearch_service], ## Restarts the service @@ -53,27 +61,34 @@ require => Package[$elasticsearch_package], } - service { 'elasticsearch': - ensure => running, - enable => true, - require => Package[$elasticsearch_package], + file { 'Ensure limits file exists': + ensure => present, + path => $elasticsearch_limits_file, } - exec { 'Insert line limits': - path => '/usr/bin:/bin/', - command => "echo 'elasticsearch - nofile 65535\nelasticsearch - memlock unlimited' >> /etc/security/limits.conf", + file_line { 'Ensure nofile limits': + path => $elasticsearch_limits_file, + line => 'elasticsearch - nofile 65535', require => Package[$elasticsearch_package], - } - exec { 'Verify Elasticsearch folders owner': - path => '/usr/bin:/bin', - command => "chown elasticsearch:elasticsearch -R /etc/elasticsearch\ - && chown elasticsearch:elasticsearch -R /usr/share/elasticsearch\ - && chown elasticsearch:elasticsearch -R /var/lib/elasticsearch", + file_line { 'Ensure memlock limits': + path => $elasticsearch_limits_file, + line => 'elasticsearch - memlock unlimited', require => Package[$elasticsearch_package], + } + file { [$elasticsearch_path_config, $elasticsearch_path_eshome, $elasticsearch_path_data]: + recurse => true, + owner => $elasticsearch_user, + group => $elasticsearch_group, + require => Package[$elasticsearch_package], } + service { 'elasticsearch': + ensure => running, + enable => true, + require => Package[$elasticsearch_package], + } } diff --git a/manifests/email_alert.pp b/manifests/email_alert.pp index 2a3fd681..92c5e73d 100644 --- a/manifests/email_alert.pp +++ b/manifests/email_alert.pp @@ -1,13 +1,14 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Define an email alert define wazuh::email_alert( $alert_email, - $alert_group = false + $alert_group = false, + $target_arg = 'manager_ossec.conf' ) { require wazuh::params_manager concat::fragment { $name: - target => 'ossec.conf', + target => $target_arg, order => 66, content => template('wazuh/fragments/_email_alert.erb'), } diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index bcdb4ffa..6100c882 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Setup for Filebeat class wazuh::filebeat ( $filebeat_elasticsearch_ip = 'localhost', @@ -8,8 +8,8 @@ $filebeat_package = 'filebeat', $filebeat_service = 'filebeat', $filebeat_version = '7.9.3', - $wazuh_app_version = '4.0.3_7.9.3', - $wazuh_extensions_version = 'v4.0.3', + $wazuh_app_version = '4.0.4_7.9.3', + $wazuh_extensions_version = 'v4.0.4', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/filebeat_oss.pp b/manifests/filebeat_oss.pp index b5cf742f..b8129ac0 100644 --- a/manifests/filebeat_oss.pp +++ b/manifests/filebeat_oss.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Setup for Filebeat_oss class wazuh::filebeat_oss ( $filebeat_oss_elasticsearch_ip = 'localhost', @@ -10,8 +10,8 @@ $filebeat_oss_elastic_user = 'admin', $filebeat_oss_elastic_password = 'admin', $filebeat_oss_version = '7.9.1', - $wazuh_app_version = '4.0.3_7.9.1', - $wazuh_extensions_version = 'v4.0.3', + $wazuh_app_version = '4.0.4_7.9.1', + $wazuh_extensions_version = 'v4.0.4', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/init.pp b/manifests/init.pp index 63938475..abf05fb4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,3 +1,3 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Blank container class class wazuh { } diff --git a/manifests/integration.pp b/manifests/integration.pp index 1bcafa92..e5886b76 100644 --- a/manifests/integration.pp +++ b/manifests/integration.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) #Define for a specific ossec integration define wazuh::integration( $hook_url = '', @@ -14,7 +14,7 @@ require wazuh::params_manager concat::fragment { $name: - target => 'ossec.conf', + target => 'manager_ossec.conf', order => 60, content => template('wazuh/fragments/_integration.erb') } diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 37547da5..84802f2e 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -1,42 +1,74 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Setup for Kibana class wazuh::kibana ( $kibana_package = 'kibana', $kibana_service = 'kibana', $kibana_version = '7.9.3', - $kibana_app_version = '4.0.3_7.9.3', - $kibana_elasticsearch_ip = 'localhost', - $kibana_elasticsearch_port = '9200', + + $kibana_elasticsearch_hosts = [ + { + host => 'localhost', + port => 9200, + proto => 'http', + }, + ], + + # Node used for API queries + $kibana_elasticsearch_ip = $kibana_elasticsearch_hosts[0]['host'], + $kibana_elasticsearch_port = $kibana_elasticsearch_hosts[0]['port'], + $kibana_elasticsearch_proto = $kibana_elasticsearch_hosts[0]['proto'], $kibana_server_port = '5601', $kibana_server_host = '0.0.0.0', - $kibana_elasticsearch_server_hosts ="http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}", + $kibana_wazuh_version = '4.0.4', + + # app variables + $kibana_app_version = "${kibana_wazuh_version}_${$kibana_version}", + $kibana_app_url = "https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${kibana_app_version}-1.zip", + $kibana_app_reinstall = false, + $kibana_app_node_options = '--no-warnings --max-old-space-size=2048 --max-http-header-size=65536', + + # user/group kibana processes run as + $kibana_user = 'kibana', + $kibana_group = 'kibana', + $kibana_wazuh_api_credentials = [ { 'id' => 'default', 'url' => 'http://localhost', 'port' => '55000', - 'username' => 'wazuh', + 'user' => 'wazuh', 'password' => 'wazuh', }, - ] + ], + + # kibana paths + $kibana_path_home = '/usr/share/kibana', + $kibana_path_config = '/etc/kibana', ) { # install package - package { 'Installing Kibana...': + package { $kibana_package: ensure => $kibana_version, name => $kibana_package, } + file { ["${kibana_path_home}/optimize", "${kibana_path_home}/plugins"]: + recurse => true, + owner => $kibana_user, + group => $kibana_group, + require => Package[$kibana_package], + } + file { 'Configure kibana.yml': - owner => 'kibana', - path => '/etc/kibana/kibana.yml', - group => 'kibana', + path => "${kibana_path_config}/kibana.yml", + owner => $kibana_user, + group => $kibana_group, mode => '0644', notify => Service[$kibana_service], content => template('wazuh/kibana_yml.erb'), } - service { 'kibana': + service { $kibana_service: ensure => running, enable => true, hasrestart => true, @@ -44,45 +76,49 @@ exec {'Waiting for elasticsearch...': path => '/usr/bin', - command => "curl -s -XGET http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}", + command => "curl -s -XGET ${kibana_elasticsearch_proto}://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}", tries => 100, try_sleep => 3, } - file {'Removing old Wazuh Kibana Plugin...': - ensure => absent, - path => '/usr/share/kibana/plugins/wazuh', - recurse => true, - purge => true, - force => true, - notify => Service[$kibana_service] - } - - exec {'Installing Wazuh App...': - path => '/usr/bin', - command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_app_version}.zip", - creates => '/usr/share/kibana/plugins/wazuh/package.json', - notify => Service[$kibana_service], + exec {'kibana-plugin install': + path => '/usr/bin', + command => "sudo -u ${kibana_user} ${kibana_path_home}/bin/kibana-plugin install \"${kibana_app_url}\"", + environment => ["NODE_OPTIONS=\"${kibana_app_node_options}\""], + creates => "${kibana_path_home}/plugins/wazuh/package.json", + notify => Service[$kibana_service], + require => File["${kibana_path_home}/optimize"], } exec {'Removing .wazuh index...': path => '/usr/bin', command => "curl -s -XDELETE -sL -I 'http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}/.wazuh' -o /dev/null", + onlyif => "curl -s -XGET -sLf -I 'http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}/.wazuh' -o /dev/null", notify => Service[$kibana_service], } - file { '/usr/share/kibana/plugins/wazuh/wazuh.yml': - owner => 'kibana', - group => 'kibana', + file { "${kibana_path_home}/plugins/wazuh/wazuh.yml": + owner => $kibana_user, + group => $kibana_group, mode => '0644', content => template('wazuh/wazuh_yml.erb'), - notify => Service[$kibana_service] + notify => Service[$kibana_service], + require => Exec['kibana-plugin install'], } - exec { 'Verify Kibana folders owner': - path => '/usr/bin:/bin', - command => "chown -R kibana:kibana /usr/share/kibana/optimize\ - && chown -R kibana:kibana /usr/share/kibana/plugins", + + if ($facts['kibana_plugin_wazuh'] != undef and + $facts['kibana_plugin_wazuh']['version'] != $kibana_wazuh_version) or ($kibana_app_reinstall == true) { + + file {'Removing old Wazuh Kibana Plugin...': + ensure => absent, + path => "${kibana_path_home}/plugins/wazuh", + recurse => true, + purge => true, + force => true, + notify => Service[$kibana_service], + before => Exec['kibana-plugin install'], + } } } diff --git a/manifests/kibana_od.pp b/manifests/kibana_od.pp index fa9a4e73..bcdf6170 100644 --- a/manifests/kibana_od.pp +++ b/manifests/kibana_od.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Setup for Kibana_od class wazuh::kibana_od ( $kibana_od_package = 'opendistroforelasticsearch-kibana', @@ -6,7 +6,7 @@ $kibana_od_version = '1.11.0', $kibana_od_elastic_user = 'admin', $kibana_od_elastic_password = 'admin', - $kibana_od_app_version = '4.0.3_7.9.1', + $kibana_od_app_version = '4.0.4_7.9.1', $kibana_od_elasticsearch_ip = 'localhost', $kibana_od_elasticsearch_port = '9200', @@ -47,7 +47,7 @@ exec {'Waiting for opendistro elasticsearch...': path => '/usr/bin', - command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", + command => "curl -u ${kibana_od_elastic_user}:${kibana_od_elastic_password} -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}", tries => 100, try_sleep => 3, } @@ -63,14 +63,14 @@ exec {'Installing Wazuh App...': path => '/usr/bin', - command => "sudo -u ${kibana_od_user}:${kibana_od_password} -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", + command => "sudo -u ${kibana_od_elastic_user}:${kibana_od_elastic_password} -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip", creates => '/usr/share/kibana/plugins/wazuh/package.json', notify => Service[$kibana_od_service], } exec {'Removing .wazuh index...': path => '/usr/bin', - command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", + command => "curl -u ${kibana_od_elastic_user}:${kibana_od_elastic_password} -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null", notify => Service[$kibana_od_service], } diff --git a/manifests/manager.pp b/manifests/manager.pp index 9b2cebe8..150b84db 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Main ossec server config class wazuh::manager ( @@ -265,7 +265,7 @@ $wazuh_api_host = $wazuh::params_manager::wazuh_api_host, - + $wazuh_api_port = $wazuh::params_manager::wazuh_api_port, $wazuh_api_file = $wazuh::params_manager::wazuh_api_file, @@ -278,6 +278,7 @@ $wazuh_api_https_ca = $wazuh::params_manager::wazuh_api_https_ca, $wazuh_api_logs_level = $wazuh::params_manager::wazuh_api_logs_level, $wazuh_api_logs_path = $wazuh::params_manager::wazuh_api_logs_path, + $wazuh_api_ssl_cipher = $wazuh::params_manager::wazuh_api_ssl_cipher, $wazuh_api_cors_enabled = $wazuh::params_manager::wazuh_api_cors_enabled, $wazuh_api_cors_source_route = $wazuh::params_manager::wazuh_api_cors_source_route, @@ -295,17 +296,23 @@ $wazuh_api_use_only_authd = $::wazuh::params_manager::wazuh_api_use_only_authd, $wazuh_api_drop_privileges = $::wazuh::params_manager::wazuh_api_drop_privileges, $wazuh_api_experimental_features = $::wazuh::params_manager::wazuh_api_experimental_features, + + $remote_commands_localfile = $::wazuh::params_manager::remote_commands_localfile, + $remote_commands_localfile_exceptions = $::wazuh::params_manager::remote_commands_localfile_exceptions, + $remote_commands_wodle = $::wazuh::params_manager::remote_commands_wodle, + $remote_commands_wodle_exceptions = $::wazuh::params_manager::remote_commands_wodle_exceptions, + $wazuh_api_template = $::wazuh::params_manager::wazuh_api_template, ) inherits wazuh::params_manager { - validate_bool( - $manage_repos, $syslog_output,$wazuh_manager_verify_manager_ssl + validate_legacy( + Boolean, 'validate_bool', $manage_repos, $syslog_output,$wazuh_manager_verify_manager_ssl ) - validate_array( - $decoder_exclude, $rule_exclude + validate_legacy( + Array, 'validate_array', $decoder_exclude, $rule_exclude ) ## Determine which kernel and family puppet is running on. Will be used on _localfile, _rootcheck, _syscheck & _sca @@ -335,14 +342,14 @@ # This allows arrays of integers, sadly # (commented due to stdlib version requirement) - validate_bool($ossec_emailnotification) + validate_legacy(Boolean, 'validate_bool', $ossec_emailnotification) if ($ossec_emailnotification) { if $ossec_smtp_server == undef { fail('$ossec_emailnotification is enabled but $smtp_server was not set') } - validate_string($ossec_smtp_server) - validate_string($ossec_emailfrom) - validate_array($ossec_emailto) + validate_legacy(String, 'validate_string', $ossec_smtp_server) + validate_legacy(String, 'validate_string', $ossec_emailfrom) + validate_legacy(Array, 'validate_array', $ossec_emailto) } if $::osfamily == 'windows' { @@ -591,8 +598,8 @@ if $wazuh_manager_verify_manager_ssl { if ($wazuh_manager_server_crt != undef) and ($wazuh_manager_server_key != undef) { - validate_string( - $wazuh_manager_server_crt, $wazuh_manager_server_key + validate_legacy( + String, 'validate_string', $wazuh_manager_server_crt, $wazuh_manager_server_key ) file { '/var/ossec/etc/sslmanager.key': diff --git a/manifests/opendistro.pp b/manifests/opendistro.pp index 09f142ae..95a50fee 100644 --- a/manifests/opendistro.pp +++ b/manifests/opendistro.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Setup for opendistro class wazuh::opendistro ( # Elasticsearch.yml configuration diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp index 0a649fad..4be151a2 100644 --- a/manifests/params_agent.pp +++ b/manifests/params_agent.pp @@ -1,7 +1,7 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Wazuh-Agent configuration parameters class wazuh::params_agent { - $agent_package_version = '4.0.3-1' + $agent_package_version = '4.0.4-1' $agent_service_ensure = 'running' $agent_msi_download_location = 'http://packages.wazuh.com/4.x/windows' @@ -22,6 +22,7 @@ $agent_auth_password = undef $wazuh_manager_root_ca_pem = undef $wazuh_manager_root_ca_pem_path = undef + $authd_pass_file = '/var/ossec/etc/authd.pass' # ossec.conf generation variables $configure_rootcheck = true @@ -68,17 +69,9 @@ $client_buffer_queue_size = 5000 $client_buffer_events_per_second = 500 - ## localfile - $ossec_local_files = $::wazuh::params_agent::default_local_files - # active response $active_response_disabled = 'no' $active_response_ca_verification = 'yes' - $active_response_location = undef - $active_response_level = undef - $active_response_agent_id = undef - $active_response_rules_id = [] - $active_response_timeout = undef $active_response_repeated_offenders = [] # agent autoenrollment @@ -104,6 +97,8 @@ $agent_package_name = 'wazuh-agent' $agent_service_name = 'wazuh-agent' + $download_path = '/tmp' + # Wazuh config folders and modes $config_file = '/var/ossec/etc/ossec.conf' $shared_agent_config_file = '/var/ossec/etc/shared/agent.conf' @@ -117,8 +112,6 @@ $keys_owner = 'root' $keys_group = 'ossec' - $authd_pass_file = '/var/ossec/etc/authd.pass' - $validate_cmd_conf = '/var/ossec/bin/verify-agent-conf -f %' $processlist_file = '/var/ossec/bin/.process_list' @@ -146,8 +139,22 @@ # Example: ["/var/ossec/etc/shared/system_audit_rcl.txt"] $ossec_rootcheck_system_audit = [] + # Rootcheck Windows + $ossec_rootcheck_windows_disabled = undef + $ossec_rootcheck_windows_windows_apps = undef + $ossec_rootcheck_windows_windows_malware = undef + # SCA + ## Windows + $sca_windows_enabled = undef + $sca_windows_scan_on_start = undef + $sca_windows_interval = undef + $sca_windows_skip_nfs = undef + $sca_windows_policies = [] + + $windows_audit_interval = undef + ## Amazon $sca_amazon_enabled = 'yes' $sca_amazon_scan_on_start = 'yes' @@ -191,6 +198,7 @@ $wodle_osquery_log_path = '/var/log/osquery/osqueryd.results.log' $wodle_osquery_config_path = '/etc/osquery/osquery.conf' $wodle_osquery_add_labels = 'yes' + $wodle_osquery_bin_path = '/usr/bin/osqueryd' ## syscollector $wodle_syscollector_disabled = 'no' @@ -202,6 +210,7 @@ $wodle_syscollector_packages = 'yes' $wodle_syscollector_ports = 'yes' $wodle_syscollector_processes = 'yes' + $wodle_syscollector_hotfixes = undef ## syscheck $ossec_syscheck_disabled = 'no' @@ -313,7 +322,7 @@ } } } - /^(wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|bionic)$/: { + /^(wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|bionic|focal)$/: { $server_service = 'wazuh-manager' $server_package = 'wazuh-manager' $wodle_openscap_content = undef diff --git a/manifests/params_elastic.pp b/manifests/params_elastic.pp index b4737f50..65ce4894 100644 --- a/manifests/params_elastic.pp +++ b/manifests/params_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Elastic configuration parameters class wazuh::params_elastic { $elasticsearch_service = 'elasticsearch' diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 354c6244..0605eaf0 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -1,11 +1,11 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Paramas file class wazuh::params_manager { case $::kernel { 'Linux': { # Installation - $server_package_version = '4.0.3-1' + $server_package_version = '4.0.4-1' $manage_repos = true $manage_firewall = false @@ -339,7 +339,7 @@ $wazuh_api_https_cert = 'api/configuration/ssl/server.crt' $wazuh_api_https_use_ca = 'False' $wazuh_api_https_ca = 'api/configuration/ssl/ca.crt' - + $wazuh_api_ssl_cipher = 'TLSv1.2' # Logging configuration # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). @@ -371,6 +371,12 @@ # Enable features under development $wazuh_api_experimental_features = 'no' + # Enable remote commands + $remote_commands_localfile = 'yes' + $remote_commands_localfile_exceptions = [] + $remote_commands_wodle = 'yes' + $remote_commands_wodle_exceptions = [] + # Wazuh API template path $wazuh_api_template = 'wazuh/wazuh_api.erb' @@ -416,7 +422,7 @@ } } } - /^(wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|bionic)$/: { + /^(wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|bionic|focal)$/: { $server_service = 'wazuh-manager' $server_package = 'wazuh-manager' $wodle_openscap_content = undef @@ -534,7 +540,7 @@ $keys_group = 'Administrators' $agent_service = 'OssecSvc' - $agent_package = 'Wazuh Agent 4.0.3' + $agent_package = 'Wazuh Agent 4.0.4' $server_service = '' $server_package = '' $api_service = '' diff --git a/manifests/params_opendistro.pp b/manifests/params_opendistro.pp index cd9588ba..5da52636 100644 --- a/manifests/params_opendistro.pp +++ b/manifests/params_opendistro.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Opendistro configuration parameters class wazuh::params_opendistro { $opendistro_service = 'elasticsearch' diff --git a/manifests/repo.pp b/manifests/repo.pp index 0edcbfff..ad119c6a 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,11 +1,12 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Wazuh repository installation class wazuh::repo ( ) { case $::osfamily { 'Debian' : { - if $::lsbdistcodename =~ /(jessie|wheezy|stretch|precise|trusty|vivid|wily|xenial|yakketi)/ and ! defined(Package['apt-transport-https']) { + if $::lsbdistcodename =~ /(jessie|wheezy|stretch|precise|trusty|vivid|wily|xenial|yakketi|focal)/ + and ! defined(Package['apt-transport-https']) { ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) } # apt-key added by issue #34 @@ -15,7 +16,7 @@ server => 'pgp.mit.edu' } case $::lsbdistcodename { - /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal)/: { apt::source { 'wazuh': ensure => present, diff --git a/manifests/repo_elastic.pp b/manifests/repo_elastic.pp index 66489e66..ba9ddc22 100644 --- a/manifests/repo_elastic.pp +++ b/manifests/repo_elastic.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Installation of Elastic repository class wazuh::repo_elastic ( @@ -15,7 +15,7 @@ server => 'pgp.mit.edu' } case $::lsbdistcodename { - /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal)/: { apt::source { 'wazuh_elastic': ensure => present, @@ -47,13 +47,6 @@ } ## Set up Elasticsearch repo - # Import GPG key - - exec { 'Install Elasticsearch GPG key': - path => '/usr/bin', - command => 'rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch', - } - # Adding repo by Puppet yumrepo resource yumrepo { 'elasticsearch': diff --git a/manifests/repo_elastic_oss.pp b/manifests/repo_elastic_oss.pp index bca98408..f70eb8cc 100644 --- a/manifests/repo_elastic_oss.pp +++ b/manifests/repo_elastic_oss.pp @@ -1,5 +1,5 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) -# Installation of Elastic repository +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) +# Installation of Elastic-oss repository class wazuh::repo_elastic_oss ( ) { @@ -15,7 +15,7 @@ server => 'pgp.mit.edu' } case $::lsbdistcodename { - /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal)/: { apt::source { 'wazuh_elastic_oss': ensure => present, diff --git a/manifests/repo_elasticsearch-oss.pp b/manifests/repo_elasticsearch-oss.pp deleted file mode 100644 index 185958a8..00000000 --- a/manifests/repo_elasticsearch-oss.pp +++ /dev/null @@ -1,70 +0,0 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) -# Installation of Elastic repository -class wazuh::repo_elastic ( - -) { - case $::osfamily { - 'Debian' : { - if ! defined(Package['apt-transport-https']) { - ensure_packages(['apt-transport-https'], {'ensure' => 'present'}) - } - # apt-key added by issue #34 - apt::key { 'elastic': - id => '46095ACC8548582C1A2699A9D27D666CD88E42B4', - source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch', - server => 'pgp.mit.edu' - } - case $::lsbdistcodename { - /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { - - apt::source { 'wazuh_elastic': - ensure => present, - comment => 'This is the Elastic repository', - location => 'https://artifacts.elastic.co/packages/7.x/apt', - release => 'stable', - repos => 'main', - include => { - 'src' => false, - 'deb' => true, - }, - } - } - default: { fail('This module has not been tested on your distribution (or lsb package not installed)') } - } - } - 'RedHat' : { - case $::os[name] { - /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { - if ( $::operatingsystemrelease =~ /^5.*/ ) { - $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' - $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - } else { - $baseurl = 'https://artifacts.elastic.co/packages/oss-7.x/yum' - $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch' - } - } - default: { fail('This module has not been tested on your distribution.') } - } - ## Set up Elasticsearch repo - - # Import GPG key - - exec { 'Install Elasticsearch GPG key': - path => '/usr/bin', - command => 'rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch', - } - - # Adding repo by Puppet yumrepo resource - - yumrepo { 'elasticsearch': - ensure => 'present', - enabled => 1, - gpgcheck => 1, - gpgkey => $gpgkey, - baseurl => $baseurl, - name => 'elasticsearch', - } - } - default: { fail('This module has not been tested on your distribution') } - } - } diff --git a/manifests/repo_opendistro.pp b/manifests/repo_opendistro.pp index 1c80ad4e..e3d35d21 100644 --- a/manifests/repo_opendistro.pp +++ b/manifests/repo_opendistro.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) # Installation of Open Distro for Elasticsearch repository class wazuh::repo_opendistro ( @@ -15,12 +15,12 @@ server => 'pgp.mit.edu' } case $::lsbdistcodename { - /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { + /(jessie|wheezy|stretch|buster|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic|focal)/: { apt::source { 'wazuh_elastic_od': ensure => present, comment => 'This is the Open Distro for Elastic repository', - location => 'ttps://d3g5vo6xdbdb9a.cloudfront.net/apt', + location => 'https://d3g5vo6xdbdb9a.cloudfront.net/apt', release => 'stable', repos => 'main', include => { diff --git a/manifests/reports.pp b/manifests/reports.pp index 1d8ab3c5..93b08e7d 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -1,4 +1,4 @@ -# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2) +# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2) #Define for a Reports section define wazuh::reports( Optional[String] $r_group = undef, @@ -9,14 +9,14 @@ Optional[String] $r_srcip = undef, Optional[String] $r_user = undef, String $r_title = '', - String $r_email_to = '', + $r_email_to = '', Optional[Enum['yes', 'no']] $r_showlogs = undef, ) { require wazuh::params_manager concat::fragment { $name: - target => 'ossec.conf', + target => 'manager_ossec.conf', order => 70, content => template('wazuh/fragments/_reports.erb') } diff --git a/metadata.json b/metadata.json index 02bd164d..163f4b04 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "wazuh-wazuh", - "version": "4.0.3", + "version": "4.0.4", "author": "WAZUH", "summary": "Install and configure Wazuh-HIDS client and server", "license": "Apache-2.0", @@ -10,7 +10,7 @@ "dependencies": [ { "name": "puppetlabs/stdlib", - "version_requirement": ">= 1.0.0 < 7.0.0" + "version_requirement": ">= 4.13.0 < 7.0.0" }, { "name": "puppetlabs/concat", diff --git a/templates/fragments/_integration.erb b/templates/fragments/_integration.erb index fe202875..94b984a2 100644 --- a/templates/fragments/_integration.erb +++ b/templates/fragments/_integration.erb @@ -18,7 +18,9 @@ <% if @in_location != '' -%> <%= @in_location %> <% end %> + <% if @in_format != '' -%> <%= @in_format %> + <% end %> <% if @in_max_log != '' -%> <%= @in_max_log %> <% end %> diff --git a/templates/fragments/_reports.erb b/templates/fragments/_reports.erb index 020e9224..e23fe40f 100644 --- a/templates/fragments/_reports.erb +++ b/templates/fragments/_reports.erb @@ -23,7 +23,11 @@ <%= @r_user %> <%- end -%> <%= @r_title %> - <%= @r_email_to %> + <% if @r_email_to != '' -%> + <% @r_email_to.each do |gr| -%> + <%= gr %> + <% end %> + <% end %> <%- if defined?(@r_showlogs) -%> <%= @r_showlogs %> <%- end -%> diff --git a/templates/kibana_yml.erb b/templates/kibana_yml.erb index 07c1e401..0763f88a 100644 --- a/templates/kibana_yml.erb +++ b/templates/kibana_yml.erb @@ -28,7 +28,15 @@ server.host: <%= @kibana_server_host %> #server.name: "your-hostname" # The URLs of the Elasticsearch instances to use for all your queries. -elasticsearch.hosts: ["<%= @kibana_elasticsearch_server_hosts %>"] + +elasticsearch.hosts: +<%- if Integer(@kibana_elasticsearch_hosts.length) > 0 -%> +<%- @kibana_elasticsearch_hosts.each do |elastic_node| -%> + - <%= elastic_node['proto'] %>://<%= elastic_node['host'] %>:<%= elastic_node['port'] %> +<%- end -%> +<%- else -%> + - http://localhost:9200 +<%- end -%> # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host diff --git a/templates/wazuh_api_yml.erb b/templates/wazuh_api_yml.erb index 2f7887d9..40827f49 100644 --- a/templates/wazuh_api_yml.erb +++ b/templates/wazuh_api_yml.erb @@ -1,6 +1,6 @@ # # Wazuh API configuration file -# Copyright (C) 2015-2020 Wazuh, Inc. +# Copyright (C) 2015-2021 Wazuh, Inc. # host: <%= @wazuh_api_host %> port: <%= @wazuh_api_port %> @@ -13,6 +13,7 @@ https: cert: <%= @wazuh_api_https_cert %> use_ca: <%= @wazuh_api_https_use_ca %> ca: <%= @wazuh_api_https_ca %> + ssl_cipher: <%= @wazuh_api_ssl_cipher %> # Logging configuration # Values for API log level: disabled, info, warning, error, debug, debug2 (each level includes the previous level). logs: @@ -39,4 +40,12 @@ use_only_authd: <%= @wazuh_api_use_only_authd %> # Drop privileges (Run as ossec user) drop_privileges: <%= @wazuh_api_drop_privileges %> # Enable features under development -experimental_features: <%= @wazuh_api_experimental_features %> \ No newline at end of file +experimental_features: <%= @wazuh_api_experimental_features %> +# Enable remote commands +remote_commands: + localfile: + enabled: <%= @remote_commands_localfile %> + exceptions: <%= @remote_commands_localfile_exceptions %> + wodle_command: + enabled: <%= @remote_commands_wodle %> + exceptions: <%= @remote_commands_wodle_exceptions %> \ No newline at end of file diff --git a/templates/wazuh_yml.erb b/templates/wazuh_yml.erb index 8803c9ce..297fd7f3 100644 --- a/templates/wazuh_yml.erb +++ b/templates/wazuh_yml.erb @@ -1,7 +1,7 @@ --- # # Wazuh app - App configuration file -# Copyright (C) 2015-2020 Wazuh, Inc. +# Copyright (C) 2015-2021 Wazuh, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by