Merge pull request #50 from weslambert/master

Updates
2026-01-23 08:31:30 +01:00 · 2018-12-07 08:46:56 -05:00
parent f5d16181d4 6a9a537cf8
commit 65d6b07f6d
3 changed files with 74 additions and 19 deletions
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -36,6 +36,16 @@ filebeat.prospectors:
    clean_removed: false
    close_removed: false

+  - type: log
+    paths:
+      - /alerts/alerts.json
+    fields:
+      type: ossec
+    fields_under_root: true
+    clean_removed: false
+    close_removed: false
+
+

 #----------------------------- Logstash output ---------------------------------
 output.logstash:
@@ -152,7 +162,7 @@ output.logstash:

 # Sets log level. The default log level is info.
 # Available log levels are: error, warning, info, debug
-#logging.level: info
+logging.level: debug

 # Enable debug output for selected components. To enable all selectors use ["*"]
 # Other available selectors are "beat", "publish", "service"
--- a/salt/wazuh/files/filebeat.yml
+++ b/salt/wazuh/files/filebeat.yml
@@ -1,16 +0,0 @@
-filebeat:
- prospectors:
-  - input_type: log
-    paths:
-     - "/var/ossec/data/logs/alerts/alerts.json"
-    document_type: wazuh-alerts
-    json.message_key: log
-    json.keys_under_root: true
-    json.overwrite_keys: true
-
-output:
- logstash:
-   # The Logstash hosts
-   hosts: ["logstash:5000"]
-#   ssl:
-#     certificate_authorities: ["/etc/filebeat/logstash.crt"]
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -75,6 +75,22 @@ add_socore_user_notmaster() {

 }

+add_wazuh_users() {
+  
+  if [ $OS == 'centos' ]; then
+    local ADDUSER=adduser
+  else
+    local ADDUSER=useradd
+  fi
+
+  groupadd --gid 945 ossec
+  $ADDUSER --uid 943 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossecm
+  $ADDUSER --uid 944 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossecr
+  $ADDUSER --uid 945 --gid 945 --home-dir /opt/so/wazuh --no-create-home ossec
+
+}
+
+
 # Enable Bro Logs
 bro_logs_enabled() {

@@ -155,7 +171,7 @@ chown_salt_master() {
 clear_master() {
  # Clear out the old master public key in case this is a re-install.
  # This only happens if you re-install the master.
-  if [ -f /etc/salt/pki/minion/minion_master.pub]; then
+  if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
    rm /etc/salt/pki/minion/minion_master.pub
    service salt-minion restart
  fi
@@ -531,7 +547,7 @@ master_static() {
  echo "  broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls
  echo "  ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls
  echo "  masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls
-  if [ $MASTERUPDATES == 'MASTER' ]; then
+  if [[ $MASTERUPDATES == 'MASTER' ]]; then
    echo "  masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
  else
    echo "  masterupdate: 0" >> /opt/so/saltstack/pillar/static.sls
@@ -875,6 +891,39 @@ update_sudoers() {

 }

+wazuh_agent_install() {
+ 
+ if [ $OS == 'centos' ]; then
+   # Add repo
+   cat > /etc/yum.repos.d/wazuh.repo <<\EOF
+[wazuh_repo]
+gpgcheck=1
+gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+enabled=1
+name=Wazuh repository
+baseurl=https://packages.wazuh.com/3.x/yum/
+protect=1
+EOF
+   # Install agent
+   yum install -y wazuh-agent
+   # Prevent automatic upates
+   sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
+ else
+   # Get key
+   curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
+   # Add repo
+   echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
+   apt-get update -y
+   # Install
+   apt-get install -y wazuh-agent
+   # Prevent automatic updates
+   sed -i "s/^deb/#deb/" /etc/apt/sources.list.d/wazuh.list
+   # Set package state to "hold"
+   echo "wazuh-agent hold" | sudo dpkg --set-selections
+ fi
+
+}
+
 ###########################################
 ##                                       ##
 ##         Whiptail Menu Section         ##
@@ -1421,6 +1470,12 @@ if (whiptail_you_sure); then
    echo ""
    add_socore_user_master

+    echo "** Adding Wazuh users **"
+    add_wazuh_users
+
+    echo "** Installing Wazuh agent **"
+    wazuh_agent_install
+
    # Install salt and dependencies
    echo " ** Installing Salt and Dependencies **"
    saltify >>~/sosetup.log 2>&1
@@ -1507,6 +1562,8 @@ if (whiptail_you_sure); then
    mkdir -p /nsm
    get_filesystem_root
    get_filesystem_nsm
+    add_wazuh_users
+    wazuh_agent_install
    copy_ssh_key
    set_initial_firewall_policy
    create_bond
@@ -1571,6 +1628,8 @@ if (whiptail_you_sure); then
    echo "**** Please set a password for socore. You will use this password when setting up other Nodes/Sensors"
    echo ""
    add_socore_user_master
+    add_wazuh_users
+    wazuh_agent_install
    create_bond
    saltify
    docker_install
@@ -1632,6 +1691,8 @@ if (whiptail_you_sure); then
    mkdir -p /nsm
    get_filesystem_root
    get_filesystem_nsm
+    add_wazuh_users
+    wazuh_agent_install
    copy_ssh_key
    set_initial_firewall_policy
    saltify