CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 18:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Wazuh - initial init.sls

Browse Source
This commit is contained in:
Wes Lambert
2018-12-07 18:13:42 +00:00
parent cdc8b577bd
commit e6469d505a
1 changed files with 45 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
salt/wazuh/init.sls
View File

@@ -1,91 +1,53 @@
# Create a state directory vm.max_map_count:
sysctl.present:
- value: 262144
statedir: # Add ossec Group
file.directory: ossecgroup:
- name: /opt/so/state group.present:
- name: ossec
- gid: 945
salttmp: # Add ossecm user
file.directory: ossecm:
- name: /opt/so/tmp user.present:
- uid: 943
- gid: 945
- home: /opt/so/wazuh
- createhome: False
# Install packages needed for the sensor # Add ossecr user
ossecr:
user.present:
- uid: 944
- gid: 945
- home: /opt/so/wazuh
- createhome: False
sensorpkgs: # Add ossec user
ossec:
user.present:
- uid: 945
- gid: 945
- home: /opt/so/wazuh
- createhome: False
# Add wazuh agent
wazuhpkgs:
pkg.installed: pkg.installed:
- skip_suggestions: True - skip_suggestions: False
- pkgs: - pkgs:
- docker-ce - wazuh-agent
- python-docker
# Always keep these packages up to date so-wazuh:
alwaysupdated:
pkg.latest:
- pkgs:
- openssl
- openssh-server
- bash
- skip_suggestions: True
# Set time to UTC
Etc/UTC:
timezone.system
# Set up docker network
dockernet:
docker_network.present:
- name: so-elastic-net
- driver: bridge
# Snag the so-core docker
toosmooth/so-core:test2:
docker_image.present
# Drop the correct nginx config based on role
nginxconfdir:
file.directory:
- name: /opt/so/conf/nginx
- user: 939
- group: 939
- makedirs: True
nginxconf:
file.managed:
- name: /opt/so/conf/nginx/nginx.conf
- user: 939
- group: 939
- template: jinja
- source: salt://common/nginx/nginx.conf.{{ grains.role }}
nginxlogdir:
file.directory:
- name: /opt/so/log/nginx/
- user: 939
- group: 939
nginxtmp:
file.directory:
- name: /opt/so/tmp/nginx/tmp
- user: 939
- group: 939
- makedirs: True
# Start the core docker
so-core:
docker_container.running: docker_container.running:
- image: toosmooth/so-core:test2 - image: soshybridhunter/so-wazuh:HH1.0.5
- hostname: so-core - hostname: {{ hostname}}-docker
- user: socore - name: so-wazuh
- binds: - user: ossec
- /opt/so:/opt/so:rw
- /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /opt/so/log/nginx/:/var/log/nginx:rw
- /opt/so/tmp/nginx/:/var/lib/nginx:rw
- /opt/so/tmp/nginx/:/run:rw
- network_mode: so-elastic-net
- cap_add: NET_BIND_SERVICE
- port_bindings: - port_bindings:
- 80:80 - 0.0.0.0:1514:1514
- 443:443 - 0.0.0.0:55000:55000
- binds:
- /opt/so/wazuh/:/var/ossec/data:rw