Merge branch 'devel'

README.md

@@ -107,7 +107,7 @@ This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gaz
 ## License and copyright
 
 WAZUH
-Copyright (C) 2019 Wazuh Inc.  (License GPLv2)
+Copyright (C) 2020 Wazuh Inc.  (License GPLv2)
 
 Based on OSSEC
 Copyright (C) 2015 Trend Micro Inc.

manifests/activeresponse.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 #Define for a specific ossec active-response
 define wazuh::activeresponse(
   $active_response_name               = 'Rendering active-response template',

manifests/addlog.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 #Define a log-file to add to ossec
 define wazuh::addlog(
   $logfile      = undef,

manifests/agent.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 
 # Puppet class that installs and manages the Wazuh agent
 class wazuh::agent (
@@ -327,7 +327,7 @@
   }
 
 
-  concat { 'ossec.conf':
+  concat { 'agent_ossec.conf':
     path    => $wazuh::params_agent::config_file,
     owner   => $wazuh::params_agent::config_owner,
     group   => $wazuh::params_agent::config_group,
@@ -339,12 +339,12 @@
 
   concat::fragment {
     'ossec.conf_header':
-      target  => 'ossec.conf',
+      target  => 'agent_ossec.conf',
       order   => 00,
       before  => Service[$agent_service_name],
       content => "<ossec_config>\n";
     'ossec.conf_agent':
-      target  => 'ossec.conf',
+      target  => 'agent_ossec.conf',
       order   => 10,
       before  => Service[$agent_service_name],
       content => template($ossec_conf_template);
@@ -353,7 +353,7 @@
   if ($configure_rootcheck == true) {
     concat::fragment {
       'ossec.conf_rootcheck':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 15,
         before  => Service[$agent_service_name],
         content => template($ossec_rootcheck_template);
@@ -362,7 +362,7 @@
   if ($configure_wodle_openscap == true) {
     concat::fragment {
       'ossec.conf_openscap':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 16,
         before  => Service[$agent_service_name],
         content => template($ossec_wodle_openscap_template);
@@ -371,7 +371,7 @@
   if ($configure_wodle_cis_cat == true) {
     concat::fragment {
       'ossec.conf_cis_cat':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 17,
         before  => Service[$agent_service_name],
         content => template($ossec_wodle_cis_cat_template);
@@ -380,7 +380,7 @@
   if ($configure_wodle_osquery == true) {
     concat::fragment {
       'ossec.conf_osquery':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 18,
         before  => Service[$agent_service_name],
         content => template($ossec_wodle_osquery_template);
@@ -389,7 +389,7 @@
   if ($configure_wodle_syscollector == true) {
     concat::fragment {
       'ossec.conf_syscollector':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 19,
         before  => Service[$agent_service_name],
         content => template($ossec_wodle_syscollector_template);
@@ -398,7 +398,7 @@
   if ($configure_sca == true) {
     concat::fragment {
       'ossec.conf_sca':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 25,
         before  => Service[$agent_service_name],
         content => template($ossec_sca_template);
@@ -407,7 +407,7 @@
   if ($configure_syscheck == true) {
     concat::fragment {
       'ossec.conf_syscheck':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 30,
         before  => Service[$agent_service_name],
         content => template($ossec_syscheck_template);
@@ -416,7 +416,7 @@
   if ($configure_localfile == true) {
     concat::fragment {
       'ossec.conf_localfile':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 35,
         before  => Service[$agent_service_name],
         content => template($ossec_localfile_template);
@@ -442,7 +442,7 @@
   if ($configure_labels == true){
     concat::fragment {
         'ossec.conf_labels':
-        target  => 'ossec.conf',
+        target  => 'agent_ossec.conf',
         order   => 45,
         before  => Service[$agent_service_name],
         content => template($ossec_labels_template);
@@ -451,7 +451,7 @@
 
   concat::fragment {
     'ossec.conf_footer':
-      target  => 'ossec.conf',
+      target  => 'agent_ossec.conf',
       order   => 99,
       before  => Service[$agent_service_name],
       content => '</ossec_config>';
@@ -540,7 +540,7 @@
         exec { 'agent-auth-linux':
           command => $agent_auth_command,
           unless  => "/bin/egrep -q '.' ${::wazuh::params_agent::keys_file}",
-          require => Concat['ossec.conf'],
+          require => Concat['agent_ossec.conf'],
           before  => Service[$agent_service_name],
         }
 
@@ -567,7 +567,7 @@
           command  => $agent_auth_command,
           provider => 'powershell',
           onlyif   => "if ((Get-Item '${$::wazuh::params_agent::keys_file}').length -gt 0kb) {exit 1}",
-          require  => Concat['ossec.conf'],
+          require  => Concat['agent_ossec.conf'],
           before   => Service[$agent_service_name],
         }
 

manifests/audit.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Define an ossec command
 
 class wazuh::audit (

manifests/command.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Define an ossec command
 define wazuh::command(
   $command_name,

manifests/elasticsearch.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Setup for elasticsearch
 class wazuh::elasticsearch (
   # Elasticsearch.yml configuration
@@ -11,7 +11,7 @@
   $elasticsearch_node_max_local_storage_nodes = '1',
   $elasticsearch_service = 'elasticsearch',
   $elasticsearch_package = 'elasticsearch',
-  $elasticsearch_version = '7.8.0',
+  $elasticsearch_version = '7.8.1',
 
   $elasticsearch_path_data = '/var/lib/elasticsearch',
   $elasticsearch_path_logs = '/var/log/elasticsearch',

manifests/email_alert.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Define an email alert
 define wazuh::email_alert(
   $alert_email,

manifests/filebeat.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Setup for Filebeat
 class wazuh::filebeat (
   $filebeat_elasticsearch_ip = 'localhost',
@@ -7,8 +7,8 @@
 
   $filebeat_package = 'filebeat',
   $filebeat_service = 'filebeat',
-  $filebeat_version = '7.8.0',
-  $wazuh_app_version = '3.13.1_7.8.0',
+  $filebeat_version = '7.8.1',
+  $wazuh_app_version = '3.13.1_7.8.1',
   $wazuh_extensions_version = 'v3.13.1',
   $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
 ){

manifests/filebeat_oss.pp

@@ -0,0 +1,70 @@
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+# Setup for Filebeat_oss
+class wazuh::filebeat_oss (
+  $filebeat_oss_elasticsearch_ip = 'localhost',
+  $filebeat_oss_elasticsearch_port = '9200',
+  $elasticsearch_server_ip = "\"${filebeat_oss_elasticsearch_ip}:${filebeat_oss_elasticsearch_port}\"",
+
+  $filebeat_oss_package = 'filebeat',
+  $filebeat_oss_service = 'filebeat',
+  $filebeat_oss_elastic_user = 'admin',
+  $filebeat_oss_elastic_password = 'admin',
+  $filebeat_oss_version = '7.8.0',
+  $wazuh_app_version = '3.13.1_7.8.0',
+  $wazuh_extensions_version = 'v3.13.1',
+  $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
+){
+
+  class {'wazuh::repo_elastic_oss':}
+
+  if $::osfamily == 'Debian' {
+    Class['wazuh::repo_elastic_oss'] -> Class['apt::update'] -> Package[$filebeat_oss_package]
+  } else {
+    Class['wazuh::repo_elastic_oss'] -> Package[$filebeat_oss_package]
+  }
+
+  package { 'filebeat':
+    ensure => $filebeat_oss_version,
+    name   => $filebeat_oss_package,
+  }
+
+  file { 'Configure filebeat.yml':
+    owner   => 'root',
+    path    => '/etc/filebeat/filebeat.yml',
+    group   => 'root',
+    mode    => '0644',
+    notify  => Service[$filebeat_oss_service], ## Restarts the service
+    content => template('wazuh/filebeat_oss_yml.erb'),
+    require => Package[$filebeat_oss_package]
+  }
+
+  exec { 'Installing wazuh-template.json...':
+    path    => '/usr/bin',
+    command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'",
+    notify  => Service[$filebeat_oss_service],
+    require => Package[$filebeat_oss_package]
+  }
+
+  exec { 'Installing filebeat module ... Downloading package':
+    path    => '/usr/bin',
+    command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}",
+  }
+
+  exec { 'Unpackaging ...':
+    command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module',
+    notify  => Service[$filebeat_oss_service],
+    require => Package[$filebeat_oss_package]
+  }
+
+  file { '/usr/share/filebeat/module/wazuh':
+    ensure  => 'directory',
+    mode    => '0755',
+    require => Package[$filebeat_oss_package]
+  }
+
+  service { 'filebeat':
+    ensure  => running,
+    enable  => true,
+    require => Package[$filebeat_oss_package]
+  }
+}

manifests/init.pp

@@ -1,3 +1,3 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Blank container class
 class wazuh { }

manifests/integration.pp

@@ -1,4 +1,4 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 #Define for a specific ossec integration
 define wazuh::integration(
   $hook_url = '',

manifests/kibana.pp

@@ -1,10 +1,10 @@
-# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
 # Setup for Kibana
 class wazuh::kibana (
   $kibana_package = 'kibana',
   $kibana_service = 'kibana',
-  $kibana_version = '7.8.0',
-  $kibana_app_version = '3.13.1_7.8.0',
+  $kibana_version = '7.8.1',
+  $kibana_app_version = '3.13.1_7.8.1',
   $kibana_elasticsearch_ip = 'localhost',
   $kibana_elasticsearch_port = '9200',
 

manifests/kibana_od.pp

@@ -0,0 +1,91 @@
+# Wazuh App Copyright (C) 2020 Wazuh Inc. (License GPLv2)
+# Setup for Kibana_od
+class wazuh::kibana_od (
+  $kibana_od_package = 'opendistroforelasticsearch-kibana',
+  $kibana_od_service = 'kibana',
+  $kibana_od_version = '1.9.0',
+  $kibana_od_elastic_user = 'admin',
+  $kibana_od_elastic_password = 'admin',
+  $kibana_od_app_version = '3.13.1_7.8.0',
+  $kibana_od_elasticsearch_ip = 'localhost',
+  $kibana_od_elasticsearch_port = '9200',
+
+  $kibana_od_server_port = '5601',
+  $kibana_od_server_host = '0.0.0.0',
+  $kibana_od_elasticsearch_server_hosts ="https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}",
+  $kibana_wazuh_api_credentials = [ {
+                                      'id'       => 'default',
+                                      'url'      => 'http://localhost',
+                                      'port'     => '55000',
+                                      'user'     => 'foo',
+                                      'password' => 'bar',
+                                    },
+                                  ]
+) {
+
+
+  # install package
+  package { 'Installing OD Kibana...':
+    ensure => $kibana_od_version,
+    name   => $kibana_od_package,
+  }
+
+  file { 'Configure kibana.yml':
+    owner   => 'kibana',
+    path    => '/etc/kibana/kibana.yml',
+    group   => 'kibana',
+    mode    => '0644',
+    notify  => Service[$kibana_od_service],
+    content => template('wazuh/kibana_od_yml.erb'),
+  }
+
+  service { 'kibana':
+    ensure     => running,
+    enable     => true,
+    hasrestart => true,
+  }
+
+  exec {'Waiting for opendistro elasticsearch...':
+    path      => '/usr/bin',
+    command   => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XGET https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}",
+    tries     => 100,
+    try_sleep => 3,
+  }
+
+  file {'Removing old Wazuh Kibana Plugin...':
+    ensure  => absent,
+    path    => '/usr/share/kibana/plugins/wazuh',
+    recurse => true,
+    purge   => true,
+    force   => true,
+    notify  => Service[$kibana_od_service]
+  }
+
+  exec {'Installing Wazuh App...':
+    path    => '/usr/bin',
+    command => "sudo -u ${kibana_od_user}:${kibana_od_password} -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_od_app_version}.zip",
+    creates => '/usr/share/kibana/plugins/wazuh/package.json',
+    notify  => Service[$kibana_od_service],
+  }
+
+  exec {'Removing .wazuh index...':
+    path    => '/usr/bin',
+    command => "curl -u ${kibana_od_user}:${kibana_od_password} -k -s -XDELETE -sL -I 'https://${kibana_od_elasticsearch_ip}:${kibana_od_elasticsearch_port}/.wazuh' -o /dev/null",
+    notify  => Service[$kibana_od_service],
+  }
+
+  file { '/usr/share/kibana/plugins/wazuh/wazuh.yml':
+    owner   => 'kibana',
+    group   => 'kibana',
+    mode    => '0644',
+    content => template('wazuh/wazuh_yml.erb'),
+    notify  => Service[$kibana_od_service]
+  }
+  exec { 'Verify Kibana folders owner':
+    path    => '/usr/bin:/bin',
+    command => "chown -R kibana:kibana /usr/share/kibana/optimize\
+             && chown -R kibana:kibana /usr/share/kibana/plugins",
+
+  }
+
+}