From e6fcf75181228629d21cba64a35d35bc30e18bf7 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 2 Jun 2020 17:31:43 -0400
Subject: [PATCH] Re-ordered wazuh setup to avoid agent-service failures due to
 missing client.keys file; Prepare for user profile settings screen support in
 reverse proxy

---
 salt/nginx/etc/nginx.conf.so-eval         |  2 +-
 salt/nginx/etc/nginx.conf.so-master       |  2 +-
 salt/nginx/etc/nginx.conf.so-mastersearch |  2 +-
 salt/soc/files/kratos/kratos.yaml         |  2 +-
 salt/wazuh/init.sls                       | 10 +++++-----
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/salt/nginx/etc/nginx.conf.so-eval b/salt/nginx/etc/nginx.conf.so-eval
index 336d27343..0d793f70a 100644
--- a/salt/nginx/etc/nginx.conf.so-eval
+++ b/salt/nginx/etc/nginx.conf.so-eval
@@ -134,7 +134,7 @@ http {
           proxy_set_header      Connection "Upgrade";
         }
 
-        location ~ ^/auth/.*?(whoami|login|logout) {
+        location ~ ^/auth/.*?(whoami|login|logout|settings) {
           rewrite               /auth/(.*) /$1 break;
           proxy_pass            http://{{ masterip }}:4433;
           proxy_read_timeout    90;
diff --git a/salt/nginx/etc/nginx.conf.so-master b/salt/nginx/etc/nginx.conf.so-master
index 33edb9c3e..2178b6017 100644
--- a/salt/nginx/etc/nginx.conf.so-master
+++ b/salt/nginx/etc/nginx.conf.so-master
@@ -134,7 +134,7 @@ http {
           proxy_set_header      Connection "Upgrade";
         }
 
-        location ~ ^/auth/.*?(whoami|login|logout) {
+        location ~ ^/auth/.*?(whoami|login|logout|settings) {
           rewrite               /auth/(.*) /$1 break;
           proxy_pass            http://{{ masterip }}:4433;
           proxy_read_timeout    90;
diff --git a/salt/nginx/etc/nginx.conf.so-mastersearch b/salt/nginx/etc/nginx.conf.so-mastersearch
index 33edb9c3e..2178b6017 100644
--- a/salt/nginx/etc/nginx.conf.so-mastersearch
+++ b/salt/nginx/etc/nginx.conf.so-mastersearch
@@ -134,7 +134,7 @@ http {
           proxy_set_header      Connection "Upgrade";
         }
 
-        location ~ ^/auth/.*?(whoami|login|logout) {
+        location ~ ^/auth/.*?(whoami|login|logout|settings) {
           rewrite               /auth/(.*) /$1 break;
           proxy_pass            http://{{ masterip }}:4433;
           proxy_read_timeout    90;
diff --git a/salt/soc/files/kratos/kratos.yaml b/salt/soc/files/kratos/kratos.yaml
index e5a970557..7939ec35b 100644
--- a/salt/soc/files/kratos/kratos.yaml
+++ b/salt/soc/files/kratos/kratos.yaml
@@ -42,7 +42,7 @@ urls:
   login_ui: https://{{ WEBACCESS }}/login/
   registration_ui: https://{{ WEBACCESS }}/login/
   error_ui: https://{{ WEBACCESS }}/login/
-  settings_ui: https://{{ WEBACCESS }}/
+  settings_ui: https://{{ WEBACCESS }}/?r=/settings
   verify_ui: https://{{ WEBACCESS }}/
   mfa_ui: https://{{ WEBACCESS }}/
 
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 54db40787..c483f07a0 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -80,11 +80,6 @@ wazuhmgrwhitelist:
     - mode: 755
     - template: jinja
 
-wazuhagentservice:
-  service.running:
-    - name: wazuh-agent
-    - enable: True
-
 so-wazuh:
   docker_container.running:
     - image: {{ MASTER }}:5000/soshybridhunter/so-wazuh:{{ VERSION }}
@@ -110,3 +105,8 @@ whitelistmanager:
   cmd.run:
     - name: /usr/sbin/wazuh-manager-whitelist
     - cwd: /
+
+wazuhagentservice:
+  service.running:
+    - name: wazuh-agent
+    - enable: True