This repository has been archived by the owner on Jul 26, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 28
Whole Repository Refactor. Upgraded Cookbooks to install Wazuh 3.9 and ELK 6.7.2 #22
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…/wazuh-chef into 3.9-repository-refactor
manuasir
suggested changes
May 21, 2019
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, review grammar in the different README notes. Thanks!
manuasir
approved these changes
May 21, 2019
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
This was referenced May 21, 2019
Closed
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Objective
The aim of this PR is to completely refactor the repository in order to update all cookbooks to be able to install Wazuh components on his latest version. Wazuh cookbooks have been split into Wazuh Agent and Wazuh Agent & API. This change allows to install and configure independent cookboks gaining in flexibility and transparency.
Changes
All cookbooks have now their attributes split into .rb files in order to make it easier to access them. Also, the
Berksfile
andmetadata.rb
files affect only each cookbook making the dependencies easier to manage and customize.Repositories have been updated to install Wazuh v3.9 and to install the Elastic Stack 6.7.2.
Wazuh Agent
Default attributes from wazuh-agent now generate an updated ossec.conf that includes the new features like sca and woodle fields.
Agent recipe now includes whole agent-auth parameters in order to guarantee the flexibility of agents registration.
Wazuh Manager
Attributes have been fixed and updated to Wazuh 3.9. Wazuh API now don't require mandatorily a secret in order to get installed. If no API secret is declared, the installation will proceed with the default user and password (foo:bar). The api secret .json has the following structure:
The wazuh_api recipe now allow users to choose if they want their
htpasswd_passcode
to get hashed or not by using the['api']['password_plaintext'] = "yes"
attribute.Wazuh Filebeat
Now the logstash_certificate secret is not mandatory if such secret doesn't exist installation will proceed with an empty certificate. The following implemented code will handle the errors if they occur.
Filebeat.yml template has been updated to Filebeat 6.7.2.
Wazuh ElasticStack
Elasticsearch, Logstash, and Kibana have been updated to 6.7.2.
Templates updated.
Templates Elasticsearch.yml, jvm.options and kibana.yml now match the official templates for their version.
Kibana heap updated to 4GB
From 6.5 Kibana requires at least 4GB in order to get installed properly. In order to fulfill such requirement the installation script has been updated to:
Added curl verification to guarantee that Elasticsearch is properly started.
The following code has been implemented on every component in order to guarantee that Elasticsearch is ready.
Logstash configuration added
Logstash implements a new attribute:
['wazuh-elastic']['logstash_configuration']
that allows users to choose between the"local"
and the '"remote"` configuration setup.Services now properly declare supported actions.
According to Chef documentation, the
supports
field must be declared in order to properly manage services. To accomplish that the supports field has been added to services.Java recipe changed.
The java recipe now installs OpenJDK 8 instead of Oracle-JDK after the Oracle license update. The repository will be added when Ubuntu < 16.
Readme's Updated
All README.md files have been updated in order to give as much information as possible about the installation, configuration and customization process.
Every cookbook has its own README that informs about attributes and dependencies.