diff --git a/files/firewall/hostgroups.local.yaml b/files/firewall/hostgroups.local.yaml index f933dd7c4..b63b90fd1 100644 --- a/files/firewall/hostgroups.local.yaml +++ b/files/firewall/hostgroups.local.yaml @@ -40,7 +40,19 @@ firewall: ips: delete: insert: - wazuh_endpoint: + syslog: + ips: + delete: + insert: + wazuh_agent: + ips: + delete: + insert: + wazuh_api: + ips: + delete: + insert: + wazuh_authd: ips: delete: insert: \ No newline at end of file diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index b7a32400f..82d25c25e 100755 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -45,9 +45,22 @@ do SKIP=1 ;; w) - FULLROLE="wazuh_endpoint" + FULLROLE="wazuh_agent" SKIP=1 ;; + s) + FULLROLE="syslog" + SKIP=1 + ;; + p) + FULLROLE="wazuh_api" + SKIP=1 + ;; + r) + FULLROLE="wazuh_authd" + SKIP=1 + ;; + esac done @@ -60,8 +73,10 @@ if [ "$SKIP" -eq 0 ]; then echo "[a] - Analyst - ports 80/tcp and 443/tcp" echo "[b] - Logstash Beat - port 5044/tcp" echo "[o] - Osquery endpoint - port 8090/tcp" - echo "[w] - Wazuh endpoint - port 1514" - echo "" + echo "[s] - Syslog device - 514/tcp/udp" + echo "[w] - Wazuh agent - port 1514/tcp/udp" + echo "[p] - Wazuh API - port 55000/tcp" + echo "[r] - Wazuh registration service - 1515/tcp" echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):" read ROLE echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):" @@ -74,7 +89,13 @@ if [ "$SKIP" -eq 0 ]; then elif [ "$ROLE" == "o" ]; then FULLROLE=osquery_endpoint elif [ "$ROLE" == "w" ]; then - FULLROLE=wazuh_endpoint + FULLROLE=wazuh_agent + elif [ "$ROLE" == "s" ]; then + FULLROLE=syslog + elif [ "$ROLE" == "p" ]; then + FULLROLE=wazuh_api + elif [ "$ROLE" == "r" ]; then + FULLROLE=wazuh_authd else echo "I don't recognize that role" exit 1 diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index a564942e1..8c7ec591c 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -8,7 +8,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -27,7 +29,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -46,9 +48,18 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + syslog: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -72,7 +83,7 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -91,7 +102,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -110,9 +121,9 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + wazuh_agent: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} analyst: portgroups: - {{ portgroups.nginx }} @@ -136,7 +147,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -155,7 +168,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -168,15 +181,24 @@ role: self: portgroups: - {{ portgroups.syslog}} + syslog: + portgroups: + - {{ portgroups.syslog }} beats_endpoint: portgroups: - {{ portgroups.beats_5044 }} osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + wazuh_agent: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -200,7 +222,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -219,7 +243,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -238,9 +262,18 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + syslog: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -264,7 +297,9 @@ role: hostgroups: master: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.wazuh_agent }} + - {{ portgroups.wazuh_api }} + - {{ portgroups.wazuh_authd }} - {{ portgroups.playbook }} - {{ portgroups.mysql }} - {{ portgroups.navigator }} @@ -283,7 +318,7 @@ role: - {{ portgroups.docker_registry }} - {{ portgroups.osquery_8080 }} - {{ portgroups.influxdb }} - - {{ portgroups.wazuh_minion }} + - {{ portgroups.wazuh_api }} sensor: portgroups: - {{ portgroups.sensoroni }} @@ -302,9 +337,18 @@ role: osquery_endpoint: portgroups: - {{ portgroups.fleet_api }} - wazuh_endpoint: + syslog: portgroups: - - {{ portgroups.wazuh_endpoint }} + - {{ portgroups.syslog }} + wazuh_agent: + portgroups: + - {{ portgroups.wazuh_agent }} + wazuh_api: + portgroups: + - {{ portgroups.wazuh_api }} + wazuh_authd: + portgroups: + - {{ portgroups.wazuh_authd }} analyst: portgroups: - {{ portgroups.nginx }} @@ -322,7 +366,6 @@ role: minion: portgroups: - {{ portgroups.salt_master }} - searchnode: chain: DOCKER-USER: diff --git a/salt/firewall/portgroups.yaml b/salt/firewall/portgroups.yaml index e505dd3d0..94dace60f 100644 --- a/salt/firewall/portgroups.yaml +++ b/salt/firewall/portgroups.yaml @@ -77,11 +77,16 @@ firewall: syslog: tcp: - 514 - wazuh_minion: - tcp: - - 55000 - wazuh_endpoint: + udp: + - 514 + wazuh_agent: tcp: - 1514 udp: - - 1514 \ No newline at end of file + - 1514 + wazuh_api: + tcp: + - 55000 + wazuh_authd: + tcp: + - 1515 \ No newline at end of file