Skip to content
This repository has been archived by the owner on Jul 26, 2023. It is now read-only.

Whole Repository Refactor. Upgraded Cookbooks to install Wazuh 3.9 and ELK 6.7.2 #22

Merged
merged 44 commits into from
May 21, 2019

Conversation

jm404
Copy link
Contributor

@jm404 jm404 commented May 20, 2019

Objective

The aim of this PR is to completely refactor the repository in order to update all cookbooks to be able to install Wazuh components on his latest version. Wazuh cookbooks have been split into Wazuh Agent and Wazuh Agent & API. This change allows to install and configure independent cookboks gaining in flexibility and transparency.

Changes

All cookbooks have now their attributes split into .rb files in order to make it easier to access them. Also, the Berksfile and metadata.rb files affect only each cookbook making the dependencies easier to manage and customize.

Repositories have been updated to install Wazuh v3.9 and to install the Elastic Stack 6.7.2.

Wazuh Agent

Default attributes from wazuh-agent now generate an updated ossec.conf that includes the new features like sca and woodle fields.

Agent recipe now includes whole agent-auth parameters in order to guarantee the flexibility of agents registration.

    -a : "auto_negotiate"
    -c  : "cipher_list"
    -D  : "wazuh_directory"
    -d  : "debug_mode" : "true"
    -g  : "run_as_group"
    -G  : "set_group"
    -i  : "agent_ip_by_manager" : "true"
    -I  : "agent_ip"
    -P  : "password"
    -v  : "ca"
    -x  : "certificate"
    -k  : "key"

Wazuh Manager

Attributes have been fixed and updated to Wazuh 3.9. Wazuh API now don't require mandatorily a secret in order to get installed. If no API secret is declared, the installation will proceed with the default user and password (foo:bar). The api secret .json has the following structure:

The wazuh_api recipe now allow users to choose if they want their htpasswd_passcode to get hashed or not by using the ['api']['password_plaintext'] = "yes" attribute.

Wazuh Filebeat

Now the logstash_certificate secret is not mandatory if such secret doesn't exist installation will proceed with an empty certificate. The following implemented code will handle the errors if they occur.

begin
  ssl = Chef::EncryptedDataBagItem.load('wazuh_secrets', 'logstash_certificate')
  log "Logstash certificate found, writing... (Note: Disabled by default) " do
    message "-----LOGSTASH CERTIFICATE FOUND-----"
    level :info
  end
rescue ArgumentError, Net::HTTPServerException
  ssl = {'logstash_certificate' => "", 'logstash_certificate_key' => ""}
  log "No logstash certificate found...Installation will continue with empty certificate (Note: Disabled by default)" do
    message "-----LOGSTASH CERTIFICATE NOT FOUND-----"
    level :info
  end
end

Filebeat.yml template has been updated to Filebeat 6.7.2.

Wazuh ElasticStack

Elasticsearch, Logstash, and Kibana have been updated to 6.7.2.

Templates updated.

Templates Elasticsearch.yml, jvm.options and kibana.yml now match the official templates for their version.

Kibana heap updated to 4GB

From 6.5 Kibana requires at least 4GB in order to get installed properly. In order to fulfill such requirement the installation script has been updated to:

code <<-EOH
  sudo -u kibana NODE_OPTIONS='--max-old-space-size=4096' /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-#{node['wazuh-elastic']['wazuh_app_version']}.zip kibana
  EOH

Added curl verification to guarantee that Elasticsearch is properly started.

The following code has been implemented on every component in order to guarantee that Elasticsearch is ready.

bash 'Waiting for elasticsearch curl response...' do
  code <<-EOH
  until (curl -XGET http://localhost:9200); do
    printf 'Waiting for elasticsearch....'
    sleep 5
  done
  EOH
end

Logstash configuration added

Logstash implements a new attribute: ['wazuh-elastic']['logstash_configuration'] that allows users to choose between the "local" and the '"remote"` configuration setup.

Services now properly declare supported actions.

According to Chef documentation, the supports field must be declared in order to properly manage services. To accomplish that the supports field has been added to services.

Java recipe changed.

The java recipe now installs OpenJDK 8 instead of Oracle-JDK after the Oracle license update. The repository will be added when Ubuntu < 16.

Readme's Updated

All README.md files have been updated in order to give as much information as possible about the installation, configuration and customization process.

Every cookbook has its own README that informs about attributes and dependencies.

jm404 and others added 30 commits May 6, 2019 15:51
@jm404 jm404 requested a review from manuasir May 20, 2019 17:10
@manuasir manuasir changed the base branch from 3.9 to master May 21, 2019 08:19
@manuasir manuasir changed the base branch from master to 3.9 May 21, 2019 08:19
Copy link
Contributor

@manuasir manuasir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, review grammar in the different README notes. Thanks!

@jm404 jm404 requested a review from manuasir May 21, 2019 09:00
Copy link
Contributor

@manuasir manuasir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants