diff --git a/salt/wazuh/files/wazuh-manager-whitelist b/salt/wazuh/files/wazuh-manager-whitelist
index 300dcf140..ac804e447 100755
--- a/salt/wazuh/files/wazuh-manager-whitelist
+++ b/salt/wazuh/files/wazuh-manager-whitelist
@@ -18,7 +18,7 @@
# Check if Wazuh enabled
if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
- WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
+ WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
if ! grep -q "{{ MASTERIP }}" $WAZUH_MGR_CFG ; then
DATE=`date`
sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
@@ -26,8 +26,5 @@ if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
echo -e "\n \n {{ MASTERIP }}\n \n" >> $WAZUH_MGR_CFG
echo "Added whitelist entry for {{ MASTERIP }} in $WAZUH_MGR_CFG."
echo
- echo "Restarting OSSEC Server..."
- #/usr/sbin/so-wazuh-restart
fi
fi
-
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 9a01966c1..a0ea9a1f0 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -43,11 +43,19 @@ wazuhdir:
- user: 945
- group: 945
-wazuhlogdir:
+wazuhalertlogdir:
file.directory:
- - name: /opt/so/log/wazuh
+ - name: /opt/so/log/wazuh/logs/alerts
- user: 945
- group: 945
+ - makedirs: True
+
+wazuharchlogdir:
+ file.directory:
+ - name: /opt/so/log/wazuh/logs/archives
+ - user: 945
+ - group: 945
+ - makedirs: True
# Add wazuh agent
wazuhpkgs:
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 3316d6e2c..59db1b29c 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -109,7 +109,7 @@ whiptail_check_exitstatus() {
whiptail_create_admin_user() {
ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
- "Please enter a username for your new admin user" 10 60 3>&1 1>&2 2>&3)
+ "Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
}