Merge pull request #82 from wazuh/wazuh-release-v3.11.1_7.5.1

Wazuh release v3.11.1_7.5.1
wazuh · Jan 7, 2020 · f5a105b · f5a105b
2 parents db1b507 + 9661c14
commit f5a105b
Show file tree

Hide file tree

Showing 15 changed files with 226 additions and 40 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,18 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## Wazuh Chef v3.11.1_7.5.1
+
+### Added
+
+- Update to Wazuh version 3.11.1_7.5.1 
+
+- Changes to make `ossec.conf` equivalent to the default version ([rshad](https://github.com/rshad)) [PR#74](https://github.com/wazuh/wazuh-chef/pull/74)
+
+- Implement new API configuration ([@jm404](https://github.com/jm404)) [PR#78](https://github.com/wazuh/wazuh-chef/pull/78)
+
+- Remove Old Wazuh APP ([@jm404](https://github.com/jm404)) [PR#80](https://github.com/wazuh/wazuh-chef/pull/80)
+
 ## Wazuh Chef v3.11.0_7.5.1
 
 ### Added

diff --git a/cookbooks/wazuh_agent/attributes/localfile.rb b/cookbooks/wazuh_agent/attributes/localfile.rb
@@ -92,6 +92,12 @@
         'location' => '/var/log/secure'
         }
     },
+    {
+      'content!' => {
+        'log_format' => 'syslog',
+        'location' => '/var/log/maillog'
+        }
+    },
   ]
 else
   raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"

diff --git a/cookbooks/wazuh_agent/attributes/logging.rb b/cookbooks/wazuh_agent/attributes/logging.rb
@@ -0,0 +1 @@
+default['ossec']['conf']['logging']['log_format'] = 'plain'
diff --git a/cookbooks/wazuh_agent/attributes/sca.rb b/cookbooks/wazuh_agent/attributes/sca.rb
@@ -2,5 +2,4 @@
 default['ossec']['conf']['sca']['enabled'] = true
 default['ossec']['conf']['sca']['scan_on_start'] = true
 default['ossec']['conf']['sca']['interval'] = "12h"
-default['ossec']['conf']['sca']['skip_nfs'] = true
-default['ossec']['conf']['sca']['policies']['policy'] = [ 'cis_debian_linux_rcl.yml', 'system_audit_rcl.yml', 'system_audit_ssh.yml', 'system_audit_pw.yml']
+default['ossec']['conf']['sca']['skip_nfs'] = true
diff --git a/cookbooks/wazuh_agent/attributes/version.rb b/cookbooks/wazuh_agent/attributes/version.rb
@@ -1 +1,2 @@
-default['wazuh-agent']['version'] = "3.11.0"
+default['wazuh-agent']['version'] = "3.11.1"
+
diff --git a/cookbooks/wazuh_agent/attributes/wodle.rb b/cookbooks/wazuh_agent/attributes/wodle.rb
@@ -1,10 +1,4 @@
 default['ossec']['conf']['wodle'] = [
-   {   '@name' => 'open-scap',
-        'disabled' => 'yes',
-        'timeout' => '1800',
-        'interval' => '1d',
-        'scan-on-start' => 'yes'
-     },
      {   '@name' => 'cis-cat',
         'disabled' => 'yes',
         'timeout' => '1800',

diff --git a/cookbooks/wazuh_elastic/attributes/kibana.rb b/cookbooks/wazuh_elastic/attributes/kibana.rb
@@ -1,3 +1,4 @@
 default['wazuh-elastic']['kibana_server_host'] = '0.0.0.0'
 default['wazuh-elastic']['kibana_server_port'] = '5601'
-default['wazuh-elastic']['kibana_elasticsearch_server_hosts'] = "http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}"
+default['wazuh-elastic']['kibana_elasticsearch_server_hosts'] = "http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}"
+default['wazuh-elastic']['kibana_wazuh_api_credentials'] = [ { id: "default", url: "http://localhost", port: "55000", user: "foo", password: "bar" } ]
diff --git a/cookbooks/wazuh_elastic/attributes/versions.rb b/cookbooks/wazuh_elastic/attributes/versions.rb
@@ -1,3 +1,3 @@
 default['wazuh-elastic']['elastic_stack_version'] = '7.5.1'
-default['wazuh-elastic']['wazuh_app_version'] = "3.11.0_7.5.1"
-default['wazuh-elastic']['extensions_version'] = "v3.11.0"
+default['wazuh-elastic']['wazuh_app_version'] = "3.11.1_7.5.1"
+default['wazuh-elastic']['extensions_version'] = "v3.11.1"
diff --git a/cookbooks/wazuh_elastic/recipes/kibana.rb b/cookbooks/wazuh_elastic/recipes/kibana.rb
@@ -65,6 +65,15 @@
   EOH
 end
 
+bash 'Remove old Wazuh Kibana Plugin if exists' do
+  code <<-EOH
+  if [ -d /usr/share/kibana/plugins/wazuh ]
+  then
+    sudo -u kibana /usr/share/kibana/bin/kibana-plugin remove wazuh
+  fi
+  EOH
+end
+
 if platform_family?('debian', 'ubuntu')
   bash 'Install Wazuh-APP (can take a while)' do
     code <<-EOH
@@ -83,10 +92,33 @@
   end
 end
 
+bash 'Removing .wazuh index if exists' do
+  code <<-EOH
+  curl_response=$(curl -s -XDELETE -sL -w "%{http_code}" -I "http://#{node['wazuh-elastic']['elasticsearch_ip']}:#{node['wazuh-elastic']['elasticsearch_port']}/.wazuh" -o /dev/null)
+  if [ ${curl_response} == 404 ]
+      then
+          echo "Index .wazuh not found"
+  elif [ ${curl_response} == 200 ]
+      then
+          echo "Index .wazuh removed successfully"
+  else
+      echo "Unable to communicate with Elasticsearch API"
+  fi
+  EOH
+end
+
+template 'Configuring API credentials in wazuh.yml file' do
+  path '/usr/share/kibana/plugins/wazuh/wazuh.yml'
+  source 'wazuh.yml.erb'
+  owner 'kibana'
+  group 'root'
+  mode 0644
+  notifies :restart, "service[kibana]", :delayed
+end
+
 bash 'Verify Kibana folders owner' do
   code <<-EOF
     chown -R kibana:kibana /usr/share/kibana/optimize
     chown -R kibana:kibana /usr/share/kibana/plugins
   EOF
-
 end
diff --git a/cookbooks/wazuh_elastic/templates/default/wazuh.yml.erb b/cookbooks/wazuh_elastic/templates/default/wazuh.yml.erb
@@ -0,0 +1,136 @@
+---
+#
+# Wazuh app - App configuration file
+# Copyright (C) 2015-2019 Wazuh, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Find more information about this on the LICENSE file.
+#
+# ======================== Wazuh app configuration file ========================
+#
+# Please check the documentation for more information on configuration options:
+# https://documentation.wazuh.com/current/installation-guide/index.html
+#
+# Also, you can check our repository:
+# https://github.com/wazuh/wazuh-kibana-app
+#
+# ------------------------------- Index patterns -------------------------------
+#
+# Default index pattern to use.
+#pattern: wazuh-alerts-3.x-*
+#
+# ----------------------------------- Checks -----------------------------------
+#
+# Defines which checks must to be consider by the healthcheck
+# step once the Wazuh app starts. Values must to be true or false.
+#checks.pattern : true
+#checks.template: true
+#checks.api     : true
+#checks.setup   : true
+#
+# --------------------------------- Extensions ---------------------------------
+#
+# Defines which extensions should be activated when you add a new API entry.
+# You can change them after Wazuh app starts.
+# Values must to be true or false.
+#extensions.pci       : true
+#extensions.gdpr      : true
+#extensions.hipaa     : true
+#extensions.nist      : true
+#extensions.audit     : true
+#extensions.oscap     : false
+#extensions.ciscat    : false
+#extensions.aws       : false
+#extensions.virustotal: false
+#extensions.osquery   : false
+#extensions.docker    : false
+#
+# ---------------------------------- Time out ----------------------------------
+#
+# Defines maximum timeout to be used on the Wazuh app requests.
+# It will be ignored if it is bellow 1500.
+# It means milliseconds before we consider a request as failed.
+# Default: 20000
+#timeout: 20000
+#
+# ------------------------------ Advanced indices ------------------------------
+#
+# Configure .wazuh indices shards and replicas.
+#wazuh.shards          : 1
+#wazuh.replicas        : 0
+#
+# --------------------------- Index pattern selector ---------------------------
+#
+# Defines if the user is allowed to change the selected
+# index pattern directly from the Wazuh app top menu.
+# Default: true
+#ip.selector: true
+#
+# List of index patterns to be ignored
+#ip.ignore: []
+#
+# -------------------------------- X-Pack RBAC ---------------------------------
+#
+# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
+# Default: enabled
+#xpack.rbac.enabled: true
+#
+# ------------------------------ wazuh-monitoring ------------------------------
+#
+# Custom setting to enable/disable wazuh-monitoring indices.
+# Values: true, false, worker
+# If worker is given as value, the app will show the Agents status
+# visualization but won't insert data on wazuh-monitoring indices.
+# Default: true
+#wazuh.monitoring.enabled: true
+#
+# Custom setting to set the frequency for wazuh-monitoring indices cron task.
+# Default: 900 (s)
+#wazuh.monitoring.frequency: 900
+#
+# Configure wazuh-monitoring-3.x-* indices shards and replicas.
+#wazuh.monitoring.shards: 2
+#wazuh.monitoring.replicas: 0
+#
+# Configure wazuh-monitoring-3.x-* indices custom creation interval.
+# Values: h (hourly), d (daily), w (weekly), m (monthly)
+# Default: d
+#wazuh.monitoring.creation: d
+#
+# Default index pattern to use for Wazuh monitoring
+#wazuh.monitoring.pattern: wazuh-monitoring-3.x-*
+#
+#
+# ------------------------------- App privileges --------------------------------
+#admin: true
+#
+# ------------------------------- App logging level -----------------------------
+# Set the logging level for the Wazuh App log files.
+# Default value: info
+# Allowed values: info, debug
+#logs.level: info
+#
+#-------------------------------- API entries -----------------------------------
+#The following configuration is the default structure to define an API entry.
+#
+#hosts:
+#  - <id>:
+#     url: http(s)://<url>
+#     port: <port>
+#     user: <user>
+#     password: <password>
+hosts:
+<% if node['wazuh-elastic']['kibana_wazuh_api_credentials'].length > 0 %>
+<%   node['wazuh-elastic']['kibana_wazuh_api_credentials'].each do |api| -%>
+  - <%= api[:id] %>:
+      url: <%= api[:url] %>
+      port: <%= api[:port] %>
+      user: <%= api[:user] %>
+      password: <%= api[:password] %>
+<% end -%>
+<% else -%>
+<% end -%>
diff --git a/cookbooks/wazuh_filebeat/attributes/versions.rb b/cookbooks/wazuh_filebeat/attributes/versions.rb
@@ -1,4 +1,4 @@
 default['filebeat']['elastic_stack_version'] = '7.5.1'
-default['filebeat']['wazuh_app_version'] = "3.11.0_7.5.1"
-default['filebeat']['extensions_version'] = "v3.11.0"
+default['filebeat']['wazuh_app_version'] = "3.11.1_7.5.1"
+default['filebeat']['extensions_version'] = "v3.11.1"
 default['filebeat']['wazuh_filebeat_module'] = "wazuh-filebeat-0.1.tar.gz"
diff --git a/cookbooks/wazuh_manager/attributes/sca.rb b/cookbooks/wazuh_manager/attributes/sca.rb
@@ -2,5 +2,4 @@
 default['ossec']['conf']['sca']['enabled'] = true
 default['ossec']['conf']['sca']['scan_on_start'] = true
 default['ossec']['conf']['sca']['interval'] = "12h"
-default['ossec']['conf']['sca']['skip_nfs'] = true
-default['ossec']['conf']['sca']['policies']['policy'] = [ 'cis_debian_linux_rcl.yml', 'system_audit_rcl.yml', 'system_audit_ssh.yml', 'system_audit_pw.yml']
+default['ossec']['conf']['sca']['skip_nfs'] = true
diff --git a/cookbooks/wazuh_manager/attributes/versions.rb b/cookbooks/wazuh_manager/attributes/versions.rb
@@ -1 +1 @@
-default['wazuh-manager']['version'] = "3.11.0"
+default['wazuh-manager']['version'] = "3.11.1"
diff --git a/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb b/cookbooks/wazuh_manager/attributes/vulnerability-detector.rb
@@ -0,0 +1,26 @@
+default['ossec']['conf']['vulnerability-detector']['enabled'] = 'no'
+default['ossec']['conf']['vulnerability-detector']['interval'] = '5m'
+default['ossec']['conf']['vulnerability-detector']['ignore_time'] = '6h'
+default['ossec']['conf']['vulnerability-detector']['run_on_start'] = 'yes'
+default['ossec']['conf']['vulnerability-detector']['provider'] = [
+    {   '@name' => 'canonical',
+        'enabled' => 'no',
+        'os' => ['precise', 'trusty', 'xenial', 'bionic'],
+        'update_interval' => '1h'
+    },
+    {   '@name' => 'debian',
+        'enabled' => 'no',
+        'os' => ['wheezy', 'stretch', 'jessie', 'buster'],
+        'update_interval' => '1h'
+    },
+    {   '@name' => 'redhat',
+        'enabled' => 'no',
+        'update_from_year' => '2010',
+        'update_interval' => '1h'
+    },
+    {   '@name' => 'nvd',
+        'enabled' => 'no',
+        'update_from_year' => '2010',
+        'update_interval' => '1h'
+    }
+]
diff --git a/cookbooks/wazuh_manager/attributes/wodle.rb b/cookbooks/wazuh_manager/attributes/wodle.rb
@@ -30,26 +30,5 @@
         'packages' => 'yes',
         'ports' => { '@all' => 'no', 'content!' => 'yes'},
         'processes' => 'yes'
-     },
-     {   '@name' => 'vulnerability-detector',
-        'disabled' => 'yes',
-        'interval' => '5m',
-        'ignore_time' => '6h',
-        'run_on_start' => 'yes',
-        'feed' => [
-            {   '@name' => "ubuntu-18",
-                'disabled' => "yes",
-                'update_interval' => '1h'
-            },
-            {   '@name' => "redhat",
-                'disabled' => "yes",
-                'update_from_year' => '2010',
-                'update_interval' => '1h'
-            },
-            {   '@name' => "debian-9",
-                'disabled' => "yes",
-                'update_interval' => '1h'
-            }
-        ]
-    }
+     }
 ]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		default['ossec']['conf']['logging']['log_format'] = 'plain'
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		default['wazuh-agent']['version'] = "3.11.0"
		default['wazuh-agent']['version'] = "3.11.1"
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		default['wazuh-manager']['version'] = "3.11.0"
		default['wazuh-manager']['version'] = "3.11.1"