Merge pull request #215 from Security-Onion-Solutions/wazuh_whitelist

Wazuh - Whitelist manager host IP
2026-01-23 08:31:30 +01:00 · 2020-01-14 05:37:14 -05:00
parent 15adc79959 a960083d6e
commit 512391066d
2 changed files with 48 additions and 0 deletions
--- a/salt/wazuh/files/wazuh-manager-whitelist
+++ b/salt/wazuh/files/wazuh-manager-whitelist
@@ -0,0 +1,33 @@
+{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Check if Wazuh enabled
+if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
+      WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
+      if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then
+              DATE=`date`
+              sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
+              sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG
+              echo -e "<!--Address {{ MASTERIP }} added by setup on "$DATE"-->\n  <global>\n    <white_list>{{ MASTERIP }}</white_list>\n  </global>\n</ossec_config>" >> $WAZUH_MGR_CFG
+              echo "Added whitelist entry for {{ MASTERIP }} in $WAZUH_MGR_CFG."
+              echo
+              echo "Restarting OSSEC Server..."
+              /usr/sbin/so-wazuh-restart
+      fi
+fi
+
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -62,6 +62,15 @@ wazuhagentregister:
    - mode: 755
    - template: jinja

+wazuhmgrwhitelist:
+   file.managed:
+    - name: /usr/sbin/wazuh-manager-whitelist
+    - source: salt://wazuh/files/wazuh-manager-whitelist
+    - user: 0
+    - group: 0
+    - mode: 755
+    - template: jinja
+
 so-wazuhimage:
 cmd.run:
   - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-wazuh:HH1.1.4
@@ -87,3 +96,9 @@ registertheagent:
    - name: /usr/sbin/wazuh-register-agent
    - cwd: /
    #- stateful: True
+
+# Whitelist manager IP
+whitelistmanager:
+  cmd.run:
+    - name: /usr/sbin/wazuh-manager-whitelist
+    - cwd: /