CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e1147398cc9c59977217551857c9fb3534b04071
securityonion/salt/wazuh/init.sls
Jason Ertel e1147398cc Ensure /nsm/wazuh is owned by ossec
2020-11-24 15:48:46 -05:00

168 lines
3.4 KiB
Plaintext
Raw Blame History

{% set show_top = salt['state.show_top']() %}
{% set top_states = show_top.values() | join(', ') %}
{% if 'wazuh' in top_states %}
{%- set HOSTNAME = salt['grains.get']('host', '') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
# Add ossec group
ossecgroup:
group.present:
- name: ossec
- gid: 945
# Add ossecm user
ossecm:
user.present:
- uid: 943
- gid: 945
- home: /nsm/wazuh
- createhome: False
- allow_uid_change: True
- allow_gid_change: True
# Add ossecr user
ossecr:
user.present:
- uid: 944
- gid: 945
- home: /nsm/wazuh
- createhome: False
- allow_uid_change: True
- allow_gid_change: True
# Add ossec user
ossec:
user.present:
- uid: 945
- gid: 945
- home: /nsm/wazuh
- createhome: False
- allow_uid_change: True
- allow_gid_change: True
wazuhpkgs:
pkg.installed:
- skip_suggestions: False
- pkgs:
- wazuh-agent: 3.13.1-1
- hold: True
- update_holds: True
wazuhvarossecdir:
file.directory:
- name: /var/ossec
- user: ossec
- group: ossec
- recurse:
- user
- group
# Add Wazuh agent conf
wazuhagentconf:
file.managed:
- name: /var/ossec/etc/ossec.conf
- source: salt://wazuh/files/agent/ossec.conf
- user: root
- group: 945
- template: jinja
wazuhdir:
file.directory:
- name: /nsm/wazuh
- user: 945
- group: 945
- makedirs: True
wazuhetcdir:
file.directory:
- name: /nsm/wazuh/etc
- user: 945
- group: 945
- makedirs: True
# Wazuh agent registration script
wazuhagentregister:
file.managed:
- name: /usr/sbin/wazuh-register-agent
- source: salt://wazuh/files/agent/wazuh-register-agent
- user: root
- group: root
- mode: 755
- template: jinja
# Whitelist script
wazuhmgrwhitelist:
file.managed:
- name: /usr/sbin/wazuh-manager-whitelist
- source: salt://wazuh/files/wazuh-manager-whitelist
- user: root
- group: root
- mode: 755
- template: jinja
so-wazuh:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}
- hostname: {{HOSTNAME}}-wazuh-manager
- name: so-wazuh
- detach: True
- port_bindings:
- 0.0.0.0:1514:1514/udp
- 0.0.0.0:1514:1514/tcp
- 0.0.0.0:1515:1515/tcp
- 0.0.0.0:55000:55000
- binds:
- /nsm/wazuh:/var/ossec/data:rw
append_so-wazuh_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-wazuh
/opt/so/conf/wazuh:
file.symlink:
- target: /nsm/wazuh/etc
# Register the agent
registertheagent:
cmd.run:
- name: /usr/sbin/wazuh-register-agent
- cwd: /
#- stateful: True
# Whitelist manager IP
whitelistmanager:
cmd.run:
- name: /usr/sbin/wazuh-manager-whitelist
- cwd: /
wazuhagentservice:
service.running:
- name: wazuh-agent
- enable: True
hidsruledir:
file.directory:
- name: /opt/so/rules/hids
- user: 939
- group: 939
- makedirs: True
/opt/so/rules/hids/local_rules.xml:
file.symlink:
- target: /nsm/wazuh/etc/rules/local_rules.xml
/opt/so/rules/hids/ruleset:
file.symlink:
- target: /nsm/wazuh/ruleset
{% else %}
wazuh_state_not_allowed:
test.fail_without_changes:
- name: wazuh_state_not_allowed
{% endif %}
Reference in New Issue View Git Blame Copy Permalink