Merge pull request #317 from Security-Onion-Solutions/bugfix/wazuhpath

Fix Wazuh paths for logstash

salt/wazuh/files/wazuh-manager-whitelist

@@ -18,7 +18,7 @@
 
 # Check if Wazuh enabled
 if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
-      WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
+      WAZUH_MGR_CFG="/opt/so/conf/wazuh/etc/ossec.conf"
       if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then
               DATE=`date`
               sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG
@@ -26,8 +26,5 @@ if grep -q -R "wazuh: 1" /opt/so/saltstack/pillar/*; then
               echo -e "<!--Address {{ MASTERIP }} added by setup on "$DATE"-->\n  <global>\n    <white_list>{{ MASTERIP }}</white_list>\n  </global>\n</ossec_config>" >> $WAZUH_MGR_CFG
               echo "Added whitelist entry for {{ MASTERIP }} in $WAZUH_MGR_CFG."
               echo
-              echo "Restarting OSSEC Server..."
-              #/usr/sbin/so-wazuh-restart
       fi
 fi
-

salt/wazuh/init.sls

@@ -43,11 +43,19 @@ wazuhdir:
     - user: 945
     - group: 945
 
-wazuhlogdir:
+wazuhalertlogdir:
   file.directory:
-    - name: /opt/so/log/wazuh
+    - name: /opt/so/log/wazuh/logs/alerts
     - user: 945
     - group: 945
+    - makedirs: True
+
+wazuharchlogdir:
+  file.directory:
+    - name: /opt/so/log/wazuh/logs/archives
+    - user: 945
+    - group: 945
+    - makedirs: True
 
 # Add wazuh agent
 wazuhpkgs:

setup/so-whiptail

@@ -109,7 +109,7 @@ whiptail_check_exitstatus() {
 whiptail_create_admin_user() {
 
   ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
-  "Please enter a username for your new admin user" 10 60 3>&1 1>&2 2>&3)
+  "Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
 
 }