Merge pull request #76 from wazuh/wazuh-release-v3.11.0_7.5.1

Wazuh release v3.11.0_7.5.1
wazuh · Dec 27, 2019 · db1b507 · db1b507
2 parents e1e9436 + 33d67de
commit db1b507
Show file tree

Hide file tree

Showing 15 changed files with 117 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,15 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Chef v3.11.0_7.5.1
+
+### Added
+
+- Update to Wazuh version 3.11.0_7.5.1
+
+- Add Nginx SSL authentication for Kibana ([rshad](https://github.com/rshad)) [PR#69](https://github.com/wazuh/wazuh-chef/pull/69)
+
+
 ## Wazuh Chef v3.10.2_7.3.2
 
 ### Added

diff --git a/cookbooks/wazuh_agent/attributes/version.rb b/cookbooks/wazuh_agent/attributes/version.rb
@@ -1 +1 @@
-default['wazuh-agent']['version'] = "3.10.2"
+default['wazuh-agent']['version'] = "3.11.0"
diff --git a/cookbooks/wazuh_elastic/Berksfile b/cookbooks/wazuh_elastic/Berksfile
@@ -3,4 +3,5 @@ source 'https://supermarket.getchef.com'
 
 metadata
 
-cookbook 'hostsfile' 
+cookbook 'hostsfile'
+cookbook 'htpasswd', '~> 0.3.0'
diff --git a/cookbooks/wazuh_elastic/attributes/elasticsearch.rb b/cookbooks/wazuh_elastic/attributes/elasticsearch.rb
@@ -17,7 +17,7 @@
 default['wazuh-elastic']['elasticsearch_path_data'] = "/var/lib/elasticsearch"
 default['wazuh-elastic']['elasticsearch_path_logs'] = "/var/log/elasticsearch"
 default['wazuh-elastic']['elasticsearch_port'] = 9200
-default['wazuh-elastic']['elasticsearch_ip'] = '172.19.0.211'
+default['wazuh-elastic']['elasticsearch_ip'] = '0.0.0.0'
 default['wazuh-elastic']['elasticsearch_discovery_option'] = 'discovery.type: single-node'
 default['wazuh-elastic']['elasticsearch_cluster_initial_master_nodes'] = "#cluster.initial_master_nodes: ['es-node-01']"
 
diff --git a/cookbooks/wazuh_elastic/attributes/nginx.rb b/cookbooks/wazuh_elastic/attributes/nginx.rb
@@ -0,0 +1,2 @@
+default['mginx']['user'] = 'user1'
+default['mginx']['password'] = 'nginx1'
diff --git a/cookbooks/wazuh_elastic/attributes/versions.rb b/cookbooks/wazuh_elastic/attributes/versions.rb
@@ -1,3 +1,3 @@
-default['wazuh-elastic']['elastic_stack_version'] = '7.3.2'
-default['wazuh-elastic']['wazuh_app_version'] = "3.10.2_7.3.2"
-default['wazuh-elastic']['extensions_version'] = "v3.10.2"
+default['wazuh-elastic']['elastic_stack_version'] = '7.5.1'
+default['wazuh-elastic']['wazuh_app_version'] = "3.11.0_7.5.1"
+default['wazuh-elastic']['extensions_version'] = "v3.11.0"
diff --git a/cookbooks/wazuh_elastic/metadata.rb b/cookbooks/wazuh_elastic/metadata.rb
@@ -20,3 +20,4 @@
 depends 'poise-python'
 depends 'yum'
 depends 'hostsfile'
+depends 'htpasswd'
diff --git a/cookbooks/wazuh_elastic/recipes/default.rb b/cookbooks/wazuh_elastic/recipes/default.rb
@@ -8,5 +8,6 @@
 include_recipe 'chef-sugar::default'
 
 include_recipe 'wazuh_elastic::repository'
+include_recipe 'wazuh_elastic::nginx'
 include_recipe 'wazuh_elastic::elasticsearch'
 include_recipe 'wazuh_elastic::kibana'
diff --git a/cookbooks/wazuh_elastic/recipes/nginx.rb b/cookbooks/wazuh_elastic/recipes/nginx.rb
@@ -0,0 +1,76 @@
+if platform_family?('rhel', 'redhat', 'centos', 'amazon')
+    yum_package 'epel-release' do
+        action :install
+    end
+end
+
+
+if platform_family?('debian', 'ubuntu')
+    apt_package 'nginx' do
+        action :install
+    end
+elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
+    yum_package 'nginx' do
+        action :install
+    end
+else
+    raise "Platform Family is not in {'debian', 'ubuntu', 'rhel', 'redhat', 'centos', 'amazon'} - Not Supported"
+end
+
+
+directory '/etc/nginx/sites-available' do
+    mode '0755'
+    recursive true
+    action :create
+end
+
+directory '/etc/nginx/sites-enabled' do
+    mode '0755'
+    recursive true
+    action :create
+end
+
+directory '/etc/ssl/certs' do
+    mode '0755'
+    recursive true
+    action :create
+end
+
+directory '/etc/ssl/private' do
+    mode '0755'
+    recursive true
+    action :create
+end
+
+bash 'Generate a self-signed ceritificate and a key' do
+    code <<-EOH
+    openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/kibana-access.key -out /etc/ssl/certs/kibana-access.pem
+    EOH
+end
+
+template '/etc/nginx/conf.d/kibana.conf' do
+    source 'nginx.erb'
+    owner 'root'
+    group 'root'
+    mode '0644'
+end
+
+if platform_family?('debian', 'ubuntu')
+    apt_package 'apache2-utils' do
+        action :install
+    end
+end
+
+
+node.override['htpasswd']['install_method'] = 'ruby'
+include_recipe 'htpasswd::default'
+
+htpasswd "/etc/nginx/conf.d/kibana.htpasswd" do
+    user "#{node['mginx']['user']}"
+    password "#{node['mginx']['password']}"
+end
+
+service "nginx" do
+    supports :start => true, :stop => true, :restart => true, :reload => true
+    action [:restart]
+end
diff --git a/cookbooks/wazuh_elastic/templates/default/nginx.erb b/cookbooks/wazuh_elastic/templates/default/nginx.erb
@@ -0,0 +1,14 @@
+server {
+    listen 443 default_server;
+    listen            [::]:443;
+    ssl on;
+    ssl_certificate /etc/ssl/certs/kibana-access.pem;
+    ssl_certificate_key /etc/ssl/private/kibana-access.key;
+    access_log            /var/log/nginx/nginx.access.log;
+    error_log            /var/log/nginx/nginx.error.log;
+    location / {
+        auth_basic "Restricted";
+        auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
+        proxy_pass http://localhost:5601/;
+    }
+}
diff --git a/cookbooks/wazuh_filebeat/attributes/default.rb b/cookbooks/wazuh_filebeat/attributes/default.rb
@@ -7,7 +7,7 @@
 #
 default['filebeat']['package_name'] = 'filebeat'
 default['filebeat']['service_name'] = 'filebeat'
-default['filebeat']['elasticsearch_server_ip'] = "172.19.0.211"
+default['filebeat']['elasticsearch_server_ip'] = "localhost"
 default['filebeat']['timeout'] = 15
 default['filebeat']['config_path'] = '/etc/filebeat/filebeat.yml'
 
diff --git a/cookbooks/wazuh_filebeat/attributes/versions.rb b/cookbooks/wazuh_filebeat/attributes/versions.rb
@@ -1,4 +1,4 @@
-default['filebeat']['elastic_stack_version'] = '7.3.2'
-default['filebeat']['wazuh_app_version'] = "3.10.2_7.3.2"
-default['filebeat']['extensions_version'] = "v3.10.2"
+default['filebeat']['elastic_stack_version'] = '7.5.1'
+default['filebeat']['wazuh_app_version'] = "3.11.0_7.5.1"
+default['filebeat']['extensions_version'] = "v3.11.0"
 default['filebeat']['wazuh_filebeat_module'] = "wazuh-filebeat-0.1.tar.gz"
diff --git a/cookbooks/wazuh_filebeat/recipes/filebeat.rb b/cookbooks/wazuh_filebeat/recipes/filebeat.rb
@@ -48,7 +48,7 @@
   owner 'root'
   group 'root'
   mode '0640'
-  variables(elasticsearch_server_ip: "  hosts: ['#{node['filebeat']['elasticsearch_server_ip']}:9200']")
+  variables(output_server_host: "output.elasticsearch.hosts: ['#{node['filebeat']['elasticsearch_server_ip']}:9200']")
 end
 
 service node['filebeat']['service_name'] do

diff --git a/cookbooks/wazuh_filebeat/templates/default/filebeat.yml.erb b/cookbooks/wazuh_filebeat/templates/default/filebeat.yml.erb
@@ -12,4 +12,4 @@ setup.template.json.name: 'wazuh'
 setup.template.overwrite: true
 setup.ilm.enabled: false
 
-output.elasticsearch.hosts: ['http://YOUR_ELASTIC_SERVER_IP:9200']
+<%= @output_server_host %>
diff --git a/cookbooks/wazuh_manager/attributes/versions.rb b/cookbooks/wazuh_manager/attributes/versions.rb
@@ -1 +1 @@
-default['wazuh-manager']['version'] = "3.10.2"
+default['wazuh-manager']['version'] = "3.11.0"