Improved agent Windows config. and secondary fixes

[rshad]

Hi all!

This PR adds new improvements for the agent configuration in Windows and some fixes to the templates.

Originally some of these changes were added by @JPLachance in #189. But as we do not have write access to his fork branch coveord:feature/improved-agent-configuration, then we ended up applying the merge with wazuh:devel branch in local and brought the source fork branch into a local branch in wazuh:wazuh-puppet called feature-improved-agent-windows-config.

Tasks

• Merge wazuh:devel into the source branch of the user.

• Discard the unnecessary changes. Improve the agent configurability and fix minor issues #189 (comment)

• Push changes to the user branch locally and create a new upstream branch as a copy of it.

• Adapt puppet manifests and templates to the default ossec.conf of wazuh 3.11.2.

• Verify the changes on

• • Windows
• • Centos
• • Ubuntu

Thanks, @JPLachance for contributing.

Kr,

Rshad

[jm404]

Hi @rshad, changes look good. Please provide ossec.conf diffs so we can ensure it's rendering properly.

Best regards,

Jose

[rshad]

Hi all!

In this PR and as we mentioned before, we made the required changes to adapt the changes we picked up from the PR #189 and we also improved and parameterized almost all the configuration related to Wazuh agent for Windows OS. We also added some small improvements.

Tasks

• Parameterize the following templates related to wazuh-agent installation on Windows.

• • activeresponse. new template
• • rootcheck.

• Adapt the following templates to be equal to the default config wazuh 3.11.2.

• • os-query
• • cis-cat .
• • syscollector
• • sca
• • agent.conf

• Secondary changes and fixes for syntax errors errors which were not detected before.

Kr,

Rshad

[rshad]

Hi all!

Here I attach the default installation of wazuh 3.11.2 for each of CentOS, Ubuntu and Windows OSs.

Note: For some of the configuration files I reordered some config. parts so I could make the difference comparison correctly.

Kr,

Rshad

config_files.zip

[rshad]

ossec.conf result files after the last changes.

config_files.zip

[jm404]

Please check requested changes

[rshad]

Hi all!

We also re-configured for both, the agent and the manager, the related configuration to the variables whodata and realtime, specifying a different variable of them for each of the default two lists of directories in syscheck. The template was changed so realtime and whodata will not appear in final ossec.conf if they got assigned the value no.

      $ossec_syscheck_whodata_directories_1 = 'no'
      $ossec_syscheck_realtime_directories_1 = 'no'
      $ossec_syscheck_whodata_directories_2 = 'no'
      $ossec_syscheck_realtime_directories_2 = 'no'

wazuh-puppet/templates/fragments/_syscheck.erb

Lines 124 to 129 in 7264a35

	<%- if @ossec_syscheck_directories_1 -%>
	<directories check_all="yes" <%- if @ossec_syscheck_whodata_directories_1 == 'yes' -%>whodata="<%=@ossec_syscheck_whodata_directories_1%>"<%- end -%> <%- if @ossec_syscheck_realtime_directories_1 == 'yes' -%> realtime="<%=@ossec_syscheck_realtime_directories_1%>"<%- end -%>><%=@ossec_syscheck_directories_1%></directories>
	<%- end -%>
	<%- if @ossec_syscheck_directories_2 -%>
	<directories check_all="yes" <%- if @ossec_syscheck_whodata_directories_2 == 'yes' -%>whodata="<%=@ossec_syscheck_whodata_directories_2%>"<%- end -%> <%- if @ossec_syscheck_realtime_directories_2 == 'yes' -%> realtime="<%=@ossec_syscheck_realtime_directories_2%>"<%- end -%>><%=@ossec_syscheck_directories_2%></directories>
	<%- end -%>

Kr,

Rshad

[rshad]

Fixed Puppet linting errors and warnings.

[jm404]

LGTM