Support for Wazuh 3.x

[ebuzzz]

Anyone working on supporting the 3.x version of Wazuh that 'just' came out? I'm a new user and tried to use the Puppet module to deploy to my machines. This works, but the 2.x agent is installed. Also, I think that there are some configuration changes required to support 3.x fully. Support for the new 'integration'
configuration has to be added.

Maybe we can start a branch to extend the current module to support 3.x by using a version flag?
$wazuh_version = 3
And keep version 2 the default (for now)

[jlruizmlg]

Hi @eborned, yes is in our roadmap the integration with 3.x, and we hope to finish in this week the implementation.

We will keep you posted.

[ebuzzz]

If there is a test version that I can have a look at: let me know. I'm currently still in the deployment stage, so bugs and other problems won't be that big of a problem for me.

[jlruizmlg]

@eborned We will try to release some code this week, we will let you know :)

[ajurjevi]

Any news for Wazuh 3.x support?

[vnikitov]

Can we expect support for Wazuh 3.x to be released soon?

[jlruizmlg]

Hi all, we have a new branch 3.x-devel where we are updating the code to upgrade to 3.x version, We are hoping to merge the code next week.

[ebuzzz]

Great news. If you need me to test anything, let me know!

[jlruizmlg]

hi @eborned all test are more than welcome 😀

[ebuzzz]

I've been installing the new agent on a couple of systems (ranging from Debian 7 to 9) and I haven't found any issues yet. Installing the agent works perfectly and the manager automatically detects the new agents.

I've been working on adding integrations support to the module, to configure our slack integration in puppet. Adding the integration is working properly, but I haven't found a good way to enable the integrator service when at least one integration is specified. I've added the $ossec_integratord_enabled parameter. Any ideas?

See #63 for the integration changes.

[jlruizmlg]

Hi @eborned thanks for the pull request, something that we can do is verify if we have integrator enabled or not in our configuration:

Integrator enabled

/var/ossec/bin/ossec-control status
wazuh-clusterd not running...
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild not running...
ossec-execd is running...
wazuh-modulesd is running...
wazuh-db is running...
ossec-integratord is running...
ossec-authd is running...

In the manifests/integration.pp we could do something like that:

  exec { 'Enable_Integrator':
    command => '/var/ossec/bin/ossec-control enable integrator',
    onlyif  =>  [ '/var/ossec/bin/ossec-control status | grep integrator | grep -v grep' ]
  }
}

What do you think??

[bovy89]

Hi, any news about 3.x support?

[SitoRBJ]

Hello everyone,

The PR #85 resolves the update.

Thank you very much for your contribution, we proceed to close the issue.

Best regards,

Alfonso Ruiz-Bravo