manage_firewall option #53
Assignees
Comments
|
That makes sense! Thanks! |
|
Hi @minorOffense can you take a look the following branch? https://github.com/wazuh/wazuh-puppet/tree/iptables We have included two new options in the class server and client: |
|
Hey
I’m just testing this out on our new puppetserver. I’ll report back once I
confirm things are working. I have a new machine to bring online this week
anyways.
Thanks.
On Thu, Dec 7, 2017 at 10:04 PM José Luis Ruiz ***@***.***> wrote:
Hi @minorOffense <https://github.com/minoroffense> can you take a look
the following branch?
https://github.com/wazuh/wazuh-puppet/tree/iptables
We have included two new options in the class server and client:
# Manage firewall
if $manage_firewall {
include firewall
firewall { '1514 wazuh-manager':
dport => $ossec_server_port,
proto => 'udp',
action => 'accept',
state => [
'NEW',
'RELATED',
'ESTABLISHED'],
}
}
# Manage firewall
if $manage_firewall {
include firewall
firewall { '1514 wazuh-agent':
dport => $ossec_server_port,
proto => 'udp',
action => 'accept',
state => [
'NEW',
'RELATED',
'ESTABLISHED'],
}
}
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA1NMLjjNKLWULe6EOZJtPdsGhWdGc-7ks5s-KczgaJpZM4Q6Ryq>
.
--
Mathew Winstone
CEO/Co-Founder
Coldfront Labs Inc.
mwinstone@coldfrontlabs.ca
(866) 507-8332 x101
Coldfrontlabs.ca
twitter: @mathewwinstone
d.o: minorOffense
Dropfort - Fortified Drupal <https://dropfort.com>
DrupalCamp Ottawa 2016 Platinum Sponsor <
http://drupalcampottawa.com/node/2/sponsors
<http://2015.drupalcampottawa.com/>>
|
|
I just tried the iptables branch and I get this when I don't specify anything for firewall And my class def looks like this class { 'wazuh::server':
smtp_server => 'localhost',
ossec_emailto => lookup('ossec::emails', {merge => 'unique', default_value => []}),
require => [Class['java'], Class['elastic_stack::repo']],
}Presumably this should work because I should have to pass a value. Should pick up the default from params. |
|
Hi @minorOffense we set the value in: https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/client.pp#L41 and also the params here: https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/params.pp#L18 Did you copy the params.pp as well? |
|
Yeah I cloned the whole repo on the iptables branch.
I’m running on puppet 5 btw.
On Wed, Dec 13, 2017 at 8:17 PM José Luis Ruiz ***@***.***> wrote:
Hi @minorOffense <https://github.com/minoroffense> we set the value in:
https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/client.pp#L41
and also the params here:
https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/params.pp#L18
Did you copy the params.pp as well?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA1NMEU6fXsYp_N4zkl5MQ2IznGiyJ6Kks5tAHc4gaJpZM4Q6Ryq>
.
--
Mathew Winstone
CEO/Co-Founder
Coldfront Labs Inc.
mwinstone@coldfrontlabs.ca
(866) 507-8332 x101
Coldfrontlabs.ca
twitter: @mathewwinstone
d.o: minorOffense
Dropfort - Fortified Drupal <https://dropfort.com>
DrupalCamp Ottawa 2016 Platinum Sponsor <
http://drupalcampottawa.com/node/2/sponsors
<http://2015.drupalcampottawa.com/>>
|
|
Hi @minorOffense you are totally right, I had a typo in the params variable, fixed in the following commit: cbd7750 |
|
Cool, I'll deploy it again and give it another shot. |
|
Yeah it works with/without the var (no compile errors). I’m trying to get a
fully working env with/without but I just need to finish our update to elk
6.1 to retest the original scenario.
On Wed, Dec 13, 2017 at 10:59 PM José Luis Ruiz ***@***.***> wrote:
Hi @minorOffense <https://github.com/minoroffense> you are totally right,
I had a typo in the params variable, fixed in the following commit:
cbd7750
<cbd7750>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA1NMNpFcfetnkZT_T6BfvcUkMwILlUZks5tAJ0MgaJpZM4Q6Ryq>
.
--
Mathew Winstone
CEO/Co-Founder
Coldfront Labs Inc.
mwinstone@coldfrontlabs.ca
(866) 507-8332 x101
Coldfrontlabs.ca
twitter: @mathewwinstone
d.o: minorOffense
Dropfort - Fortified Drupal <https://dropfort.com>
DrupalCamp Ottawa 2016 Platinum Sponsor <
http://drupalcampottawa.com/node/2/sponsors
<http://2015.drupalcampottawa.com/>>
|
|
Hi @minorOffense sorry for the late response, has been a crazy month, merged with the master in the commit |
|
No worries. Thanks for the merge! |
|
Cheers from Ontario as well. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello
I'd like to suggest a feature for this module and the ossec-puppet module. Add an option for the agent class to manage the firewall automatically with puppetlabs/firewall
Similar to what the puppet/zabbix module does. Help make the installation that much easier.
If you're interested in this feature I'm willing to put dev time into it. Just want to make sure it's something you're interested in.
Thanks.
The text was updated successfully, but these errors were encountered: