Merge pull request #330 from Security-Onion-Solutions/hotfix/wazuh_paths

update Wazuh paths

salt/common/tools/sbin/so-allow

@@ -86,7 +86,7 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
 if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
     # If analyst, add to Wazuh AR whitelist
     if [ "$FULLROLE" == "analyst" ]; then
-          WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
+          WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
           if ! grep -q "<white_list>$IP</white_list>" $WAZUH_MGR_CFG ; then
                   DATE=`date`
                   sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG

salt/filebeat/init.sls

@@ -57,8 +57,8 @@ so-filebeat:
       - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
       - /nsm/zeek:/nsm/zeek:ro
       - /opt/so/log/suricata:/suricata:ro
-      - /opt/so/log/wazuh/logs/alerts:/wazuh/alerts:ro
+      - /opt/so/conf/wazuh/logs/alerts:/wazuh/alerts:ro
-      - /opt/so/log/wazuh/logs/archives:/wazuh/archives:ro
+      - /opt/so/conf/wazuh/logs/archives:/wazuh/archives:ro
       - /opt/so/log/fleet/:/osquery/logs:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
       - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro

salt/logstash/init.sls

@@ -241,8 +241,8 @@ so-logstash:
       {%- if grains['role'] == 'so-eval' %}
       - /nsm/zeek:/nsm/zeek:ro
       - /opt/so/log/suricata:/suricata:ro
-      - /opt/so/log/wazuh/logs/alerts:/wazuh/alerts:ro
+      - /opt/so/conf/wazuh/logs/alerts:/wazuh/alerts:ro
-      - /opt/so/log/wazuh/logs/archives:/wazuh/archives:ro
+      - /opt/so/conf/wazuh/logs/archives:/wazuh/archives:ro
       - /opt/so/log/fleet/:/osquery/logs:ro
       - /opt/so/log/strelka:/strelka:ro
       {%- endif %}