Wazuh - initial init.sls

2025-12-07 17:52:46 +01:00 · 2018-12-07 18:13:42 +00:00
parent cdc8b577bd
commit e6469d505a
1 changed files with 45 additions and 83 deletions
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,91 +1,53 @@
-# Create a state directory
+vm.max_map_count:
+  sysctl.present:
+    - value: 262144

-statedir:
-  file.directory:
-    - name: /opt/so/state
+# Add ossec Group
+ossecgroup:
+  group.present:
+    - name: ossec
+    - gid: 945

-salttmp:
-  file.directory:
-    - name: /opt/so/tmp
+# Add ossecm user
+ossecm:
+  user.present:
+    - uid: 943
+    - gid: 945
+    - home: /opt/so/wazuh
+    - createhome: False

-# Install packages needed for the sensor
+# Add ossecr user
+ossecr:
+  user.present:
+    - uid: 944
+    - gid: 945
+    - home: /opt/so/wazuh
+    - createhome: False

-sensorpkgs:
-  pkg.installed:
-    - skip_suggestions: True
-    - pkgs:
-      - docker-ce
-      - python-docker
+# Add ossec user
+ossec:
+  user.present:
+    - uid: 945
+    - gid: 945
+    - home: /opt/so/wazuh
+    - createhome: False

-# Always keep these packages up to date
+# Add wazuh agent
+wazuhpkgs:
+ pkg.installed:
+   - skip_suggestions: False
+   - pkgs:
+     - wazuh-agent

-alwaysupdated:
-  pkg.latest:
-    - pkgs:
-      - openssl
-      - openssh-server
-      - bash
-    - skip_suggestions: True
-
-# Set time to UTC
-
-Etc/UTC:
-  timezone.system
-
-# Set up docker network
-dockernet:
-  docker_network.present:
-    - name: so-elastic-net
-    - driver: bridge
-
-# Snag the so-core docker
-toosmooth/so-core:test2:
-  docker_image.present
-
-# Drop the correct nginx config based on role
-
-nginxconfdir:
-  file.directory:
-    - name: /opt/so/conf/nginx
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-nginxconf:
-  file.managed:
-    - name: /opt/so/conf/nginx/nginx.conf
-    - user: 939
-    - group: 939
-    - template: jinja
-    - source: salt://common/nginx/nginx.conf.{{ grains.role }}
-
-nginxlogdir:
-  file.directory:
-    - name: /opt/so/log/nginx/
-    - user: 939
-    - group: 939
-
-nginxtmp:
-  file.directory:
-    - name: /opt/so/tmp/nginx/tmp
-    - user: 939
-    - group: 939
-    - makedirs: True
-
-# Start the core docker
-so-core:
+so-wazuh:
  docker_container.running:
-    - image: toosmooth/so-core:test2
-    - hostname: so-core
-    - user: socore
-    - binds:
-      - /opt/so:/opt/so:rw
-      - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - /opt/so/log/nginx/:/var/log/nginx:rw
-      - /opt/so/tmp/nginx/:/var/lib/nginx:rw
-      - /opt/so/tmp/nginx/:/run:rw
-    - network_mode: so-elastic-net
-    - cap_add: NET_BIND_SERVICE
+    - image: soshybridhunter/so-wazuh:HH1.0.5
+    - hostname: {{ hostname}}-docker
+    - name: so-wazuh
+    - user: ossec
    - port_bindings:
-      - 80:80
-      - 443:443
+      - 0.0.0.0:1514:1514
+      - 0.0.0.0:55000:55000
+    - binds:
+      - /opt/so/wazuh/:/var/ossec/data:rw
+