diff --git a/CHANGELOG b/CHANGELOG index 9e4b3f0a..873691b7 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -295,3 +295,6 @@ Jose Luis Ruiz : * Adding the ability to set "type" attribute for "ignore" tag, fixed #19 * Adding support to OracleLinux, Fixed #43 * Add an option for the agent/manager class to manage the firewall automatically with puppetlabs/firewall + * Update URL repository to support Wazuh 3.x + * Update templates with new Wazuh 3.x terminology. + diff --git a/README.md b/README.md index 57a62995..859f42ae 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,10 @@ This module installs and configure Wazuh agent and manager. This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gazeley and Michael Porter. Wazuh has forked it with the purpose of maintaining it. Thank you to the authors for the contribution. +## License and copyright + +Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) + ## References * [Wazuh website](http://wazuh.com) diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp index 4d3fef96..3e56ca0c 100644 --- a/manifests/activeresponse.pp +++ b/manifests/activeresponse.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) #Define for a specific ossec active-response define wazuh::activeresponse( $command_name, diff --git a/manifests/addlog.pp b/manifests/addlog.pp index dd22e8d9..1c9e0a61 100644 --- a/manifests/addlog.pp +++ b/manifests/addlog.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) #Define a log-file to add to ossec define wazuh::addlog( $logfile, diff --git a/manifests/agentkey.pp b/manifests/agentkey.pp index 655705be..7c72ccca 100644 --- a/manifests/agentkey.pp +++ b/manifests/agentkey.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # utility function to fill up /var/ossec/etc/client.keys define wazuh::agentkey( $agent_id, diff --git a/manifests/client.pp b/manifests/client.pp index 57b6444b..1f845bc5 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,44 +1,49 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Setup for ossec client class wazuh::client( - $ossec_active_response = true, - $ossec_rootcheck = true, - $ossec_rootcheck_frequency = 36000, - $ossec_rootcheck_checkports = true, - $ossec_rootcheck_checkfiles = true, - $ossec_server_ip = undef, - $ossec_server_hostname = undef, - $ossec_server_port = '1514', - $ossec_server_protocol = 'udp', - $ossec_server_notify_time = undef, - $ossec_server_time_reconnect = undef, - $ossec_scanpaths = [], - $ossec_emailnotification = 'yes', - $ossec_ignorepaths = [], - $ossec_ignorepaths_regex = [], - $ossec_local_files = $::wazuh::params::default_local_files, - $ossec_syscheck_frequency = 43200, - $ossec_prefilter = false, - $ossec_service_provider = $::wazuh::params::ossec_service_provider, - $ossec_config_profiles = [], - $selinux = false, - $agent_name = $::hostname, - $agent_ip_address = $::ipaddress, - $manage_repo = true, - $manage_epel_repo = true, - $agent_package_name = $::wazuh::params::agent_package, - $agent_package_version = 'installed', - $agent_service_name = $::wazuh::params::agent_service, - $manage_client_keys = 'export', - $agent_auth_password = undef, - $wazuh_manager_root_ca_pem = undef, - $agent_seed = undef, - $max_clients = 3000, - $ar_repeated_offenders = '', - $enable_wodle_openscap = false, - $wodle_openscap_content = $::wazuh::params::wodle_openscap_content, - $service_has_status = $::wazuh::params::service_has_status, - $ossec_conf_template = 'wazuh/wazuh_agent.conf.erb', - Boolean $manage_firewall = $::wazuh::params::manage_firewall, + $ossec_active_response = true, + $ossec_rootcheck = true, + $ossec_rootcheck_frequency = 36000, + $ossec_rootcheck_checkports = true, + $ossec_rootcheck_checkfiles = true, + $ossec_server_ip = undef, + $ossec_server_hostname = undef, + $wazuh_manager_address = undef, + $ossec_server_port = '1514', + $ossec_server_protocol = 'udp', + $ossec_server_notify_time = undef, + $ossec_server_time_reconnect = undef, + $ossec_scanpaths = [], + $ossec_ignorepaths = [], + $ossec_ignorepaths_regex = [], + $ossec_local_files = $::wazuh::params::default_local_files, + $ossec_syscheck_frequency = 43200, + $ossec_prefilter = false, + $ossec_service_provider = $::wazuh::params::ossec_service_provider, + $ossec_config_profiles = [], + $selinux = false, + $agent_name = $::hostname, + $agent_ip_address = $::ipaddress, + $manage_repo = true, + $manage_epel_repo = true, + $agent_package_name = $::wazuh::params::agent_package, + $agent_package_version = 'installed', + $agent_service_name = $::wazuh::params::agent_service, + $agent_auto_restart = 'yes', + # client_buffer configuration + $client_buffer_queue_size = 5000, + $client_buffer_events_per_second = 500, + $manage_client_keys = 'authd', + $agent_auth_password = undef, + $wazuh_manager_root_ca_pem = undef, + $agent_seed = undef, + $max_clients = 3000, + $ar_repeated_offenders = '', + $enable_wodle_openscap = false, + $wodle_openscap_content = $::wazuh::params::wodle_openscap_content, + $service_has_status = $::wazuh::params::service_has_status, + $ossec_conf_template = 'wazuh/wazuh_agent.conf.erb', + Boolean $manage_firewall = $::wazuh::params::manage_firewall, ) inherits wazuh::params { validate_bool( $ossec_active_response, $ossec_rootcheck, @@ -50,8 +55,8 @@ validate_string($agent_package_name) validate_string($agent_service_name) - if ( ( $ossec_server_ip == undef ) and ( $ossec_server_hostname == undef ) ) { - fail('must pass either $ossec_server_ip or $ossec_server_hostname to Class[\'wazuh::client\'].') + if ( ( $ossec_server_ip == undef ) and ( $ossec_server_hostname == undef ) and ( $wazuh_manager_address == undef ) ) { + fail('must pass either $ossec_server_ip or $ossec_server_hostname or $wazuh_manager_address to Class[\'wazuh::client\'].') } case $::kernel { diff --git a/manifests/cluster.pp b/manifests/cluster.pp new file mode 100644 index 00000000..690e3ab7 --- /dev/null +++ b/manifests/cluster.pp @@ -0,0 +1,21 @@ +#Define for a specific ossec cluster +define wazuh::cluster( + $cl_name, + $cl_node_name = 'node01', + $cl_node_type = 'master', + $cl_key = '', + $cl_port = '1516', + $cl_bin_addr = '0.0.0.0', + $cl_node = ['NODE_IP','NODE_IP2'], + $cl_hidden = 'no', + $cl_disabled = 'yes', +) { + + require wazuh::params + + concat::fragment { $name: + target => 'ossec.conf', + order => 95, + content => template('wazuh/fragments/_cluster.erb') + } +} diff --git a/manifests/collect_agent_keys.pp b/manifests/collect_agent_keys.pp index 9bc790a7..6d2c50af 100644 --- a/manifests/collect_agent_keys.pp +++ b/manifests/collect_agent_keys.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Class to collect the agent keys class wazuh::collect_agent_keys { Wazuh::Agentkey<<| |>> diff --git a/manifests/command.pp b/manifests/command.pp index 92f10f34..e499643c 100644 --- a/manifests/command.pp +++ b/manifests/command.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Define an ossec command define wazuh::command( $command_name, diff --git a/manifests/email_alert.pp b/manifests/email_alert.pp index fb60f855..bec7f25a 100644 --- a/manifests/email_alert.pp +++ b/manifests/email_alert.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Define an email alert define wazuh::email_alert( $alert_email, diff --git a/manifests/export_agent_key.pp b/manifests/export_agent_key.pp index df66f51a..76548497 100644 --- a/manifests/export_agent_key.pp +++ b/manifests/export_agent_key.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) #Export agent key class wazuh::export_agent_key( $max_clients, diff --git a/manifests/init.pp b/manifests/init.pp index 008811d7..5205d1f3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,2 +1,3 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Blank container class class wazuh { } diff --git a/manifests/params.pp b/manifests/params.pp index 15eeb9fe..70ab3aad 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Paramas file class wazuh::params { case $::kernel { @@ -84,7 +85,7 @@ } } } - /^(wheezy|stretch|sid|precise|trusty|vivid|wily|xenial)$/: { + /^(wheezy|stretch|sid|precise|trusty|vivid|wily|xenial|bionic)$/: { $server_service = 'wazuh-manager' $server_package = 'wazuh-manager' $api_service = 'wazuh-api' diff --git a/manifests/repo.pp b/manifests/repo.pp index ac5afd76..67f462fb 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Repo installation class wazuh::repo ( $redhat_manage_epel = true, @@ -15,27 +16,13 @@ server => 'pgp.mit.edu' } case $::lsbdistcodename { - /(precise|trusty|vivid|wily|xenial|yakketi)/: { + /(jessie|wheezy|stretch|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: { apt::source { 'wazuh': ensure => present, comment => 'This is the WAZUH Ubuntu repository', - location => 'https://packages.wazuh.com/apt', - release => $::lsbdistcodename, - repos => 'main', - include => { - 'src' => false, - 'deb' => true, - }, - } - - } - /^(jessie|wheezy|stretch|sid)$/: { - apt::source { 'wazuh': - ensure => present, - comment => 'This is the WAZUH Debian repository', - location => 'https://packages.wazuh.com/apt', - release => $::lsbdistcodename, + location => 'https://packages.wazuh.com/3.x/apt', + release => 'stable', repos => 'main', include => { 'src' => false, @@ -47,46 +34,21 @@ } } 'Linux', 'Redhat' : { - if ( $::operatingsystem == 'Amazon' ) { - $repotype = 'Amazon Linux' - $baseurl = 'https://packages.wazuh.com/yum/rhel/6Server/$basearch' - $gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - } - else { case $::os[name] { - 'CentOS': { + /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: { if ( $::operatingsystemrelease =~ /^5.*/ ) { - $repotype = 'CentOS 5' - $baseurl = 'https://packages.wazuh.com/yum/el/$releasever/$basearch' - $gpgkey = 'https://packages.wazuh.com/key/RPM-GPG-KEY-OSSEC-RHEL5' + $baseurl = 'https://packages.wazuh.com/3.x/yum/5/' + $gpgkey = 'http://packages.wazuh.com/key/GPG-KEY-WAZUH-5' } else { - $repotype = 'CentOS > 5' - $baseurl = 'https://packages.wazuh.com/yum/el/$releasever/$basearch' + $baseurl = 'https://packages.wazuh.com/3.x/yum/' $gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' } } - /^(RedHat|OracleLinux)$/: { - if ( $::operatingsystemrelease =~ /^5.*/ ) { - $repotype = 'RedHat 5' - $baseurl = 'https://packages.wazuh.com/yum/rhel/$releasever/$basearch' - $gpgkey = 'https://packages.wazuh.com/key/RPM-GPG-KEY-OSSEC-RHEL5' - } else { - $repotype = 'RedHat > 5' - $baseurl = 'https://packages.wazuh.com/yum/rhel/$releasever/$basearch' - $gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - } - } - 'Fedora': { - $repotype = 'Fedora' - $baseurl = 'https://packages.wazuh.com/yum/fc/$releasever/$basearch' - $gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH' - } default: { fail('This ossec module has not been tested on your distribution.') } } - } # Set up OSSEC repo yumrepo { 'wazuh': - descr => "WAZUH OSSEC Repository - www.wazuh.com # ${repotype}", + descr => "WAZUH OSSEC Repository - www.wazuh.com", enabled => true, gpgcheck => 1, gpgkey => $gpgkey, diff --git a/manifests/reports.pp b/manifests/reports.pp index 92ba05a7..abc0090b 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) #Define for a Reports section define wazuh::reports( Optional[String] $r_group = undef, diff --git a/manifests/server.pp b/manifests/server.pp index 2550ad8f..9050120b 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,3 +1,4 @@ +# Wazuh App Copyright (C) 2018 Wazuh Inc. (License GPLv2) # Main ossec server config class wazuh::server ( $smtp_server = undef, @@ -27,13 +28,13 @@ $api_service_provider = $::wazuh::params::api_service_provider, $ossec_server_port = '1514', $ossec_server_protocol = 'udp', - $ossec_authd_enabled = false, + $ossec_authd_enabled = true, $server_package_version = 'installed', $api_package_version = 'installed', $api_config_params = $::wazuh::params::api_config_params, $manage_repos = true, $manage_epel_repo = true, - $manage_client_keys = 'export', + $manage_client_keys = 'authd', $install_wazuh_api = false, $wazuh_api_enable_https = false, $wazuh_api_server_crt = undef, diff --git a/templates/fragments/_cluster.erb b/templates/fragments/_cluster.erb new file mode 100644 index 00000000..bb81930e --- /dev/null +++ b/templates/fragments/_cluster.erb @@ -0,0 +1,17 @@ + + <%= @cl_name %> + <%= @cl_node_name %> + <%= @cl_node_type %> + <% if @cl_key != '' -%> + <%= @cl_key %> + <% end -%> + <%= @cl_port %> + <%= @cl_bin_addr %> + + <% @cl_node.each do |node| %> + <%= node %> + <% end %> + + <%= @cl_hidden %> + <%= @cl_disabled %> + diff --git a/templates/fragments/_common.erb b/templates/fragments/_common.erb index faef916f..f3714c29 100644 --- a/templates/fragments/_common.erb +++ b/templates/fragments/_common.erb @@ -64,7 +64,8 @@ full_command - netstat -tln | grep -v 127.0.0.1 | sort + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports 360 diff --git a/templates/wazuh_agent.conf.erb b/templates/wazuh_agent.conf.erb index d8f4b393..ee60a3fb 100644 --- a/templates/wazuh_agent.conf.erb +++ b/templates/wazuh_agent.conf.erb @@ -1,14 +1,19 @@ + <%- if @ossec_server_ip then -%> - <%= @ossec_server_ip %> +
<%= @ossec_server_ip %>
<%- end -%> <%- if @ossec_server_hostname then -%> - <%= @ossec_server_hostname %> +
<%= @ossec_server_hostname %>
+ <%- end -%> + <%- if @wazuh_manager_address then -%> +
<%= @wazuh_manager_address %>
<%- end -%> <%- if @ossec_server_protocol then -%> <%= @ossec_server_protocol %> <%- end -%> <%= @ossec_server_port %> + <%- if @ossec_config_profiles then -%> <%= @ossec_config_profiles.join(',') %> <%- end -%> @@ -18,8 +23,16 @@ <%- if @ossec_server_time_reconnect then -%> <%= @ossec_server_time_reconnect %> <%- end -%> + <%= @agent_auto_restart %> + + + no + <%= @client_buffer_queue_size %> + <%= @client_buffer_events_per_second %> + + <%= scope.function_template(["wazuh/fragments/_common.erb"]) -%> <%- if @enable_wodle_openscap and @wodle_openscap_content -%>