Skip to content
This repository has been archived by the owner on Jul 26, 2023. It is now read-only.

Whole Repository Refactor. Upgraded Cookbooks to install Wazuh 3.9 and ELK 6.7.2 #22

Merged
merged 44 commits into from
May 21, 2019
Merged

Whole Repository Refactor. Upgraded Cookbooks to install Wazuh 3.9 and ELK 6.7.2 #22

merged 44 commits into from
May 21, 2019

Conversation

jm404
Copy link
Contributor

@jm404 jm404 commented May 20, 2019

Objective

The aim of this PR is to completely refactor the repository in order to update all cookbooks to be able to install Wazuh components on his latest version. Wazuh cookbooks have been split into Wazuh Agent and Wazuh Agent & API. This change allows to install and configure independent cookboks gaining in flexibility and transparency.

Changes

All cookbooks have now their attributes split into .rb files in order to make it easier to access them. Also, the Berksfile and metadata.rb files affect only each cookbook making the dependencies easier to manage and customize.

Repositories have been updated to install Wazuh v3.9 and to install the Elastic Stack 6.7.2.

Wazuh Agent

Default attributes from wazuh-agent now generate an updated ossec.conf that includes the new features like sca and woodle fields.

Agent recipe now includes whole agent-auth parameters in order to guarantee the flexibility of agents registration.

    -a : "auto_negotiate"
    -c  : "cipher_list"
    -D  : "wazuh_directory"
    -d  : "debug_mode" : "true"
    -g  : "run_as_group"
    -G  : "set_group"
    -i  : "agent_ip_by_manager" : "true"
    -I  : "agent_ip"
    -P  : "password"
    -v  : "ca"
    -x  : "certificate"
    -k  : "key"

Wazuh Manager

Attributes have been fixed and updated to Wazuh 3.9. Wazuh API now don't require mandatorily a secret in order to get installed. If no API secret is declared, the installation will proceed with the default user and password (foo:bar). The api secret .json has the following structure:

The wazuh_api recipe now allow users to choose if they want their htpasswd_passcode to get hashed or not by using the ['api']['password_plaintext'] = "yes" attribute.

Wazuh Filebeat

Now the logstash_certificate secret is not mandatory if such secret doesn't exist installation will proceed with an empty certificate. The following implemented code will handle the errors if they occur.

begin
  ssl = Chef::EncryptedDataBagItem.load('wazuh_secrets', 'logstash_certificate')
  log "Logstash certificate found, writing... (Note: Disabled by default) " do
    message "-----LOGSTASH CERTIFICATE FOUND-----"
    level :info
  end
rescue ArgumentError, Net::HTTPServerException
  ssl = {'logstash_certificate' => "", 'logstash_certificate_key' => ""}
  log "No logstash certificate found...Installation will continue with empty certificate (Note: Disabled by default)" do
    message "-----LOGSTASH CERTIFICATE NOT FOUND-----"
    level :info
  end
end

Filebeat.yml template has been updated to Filebeat 6.7.2.

Wazuh ElasticStack

Elasticsearch, Logstash, and Kibana have been updated to 6.7.2.

Templates updated.

Templates Elasticsearch.yml, jvm.options and kibana.yml now match the official templates for their version.

Kibana heap updated to 4GB

From 6.5 Kibana requires at least 4GB in order to get installed properly. In order to fulfill such requirement the installation script has been updated to:

code <<-EOH
  sudo -u kibana NODE_OPTIONS='--max-old-space-size=4096' /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-#{node['wazuh-elastic']['wazuh_app_version']}.zip kibana
  EOH

Added curl verification to guarantee that Elasticsearch is properly started.

The following code has been implemented on every component in order to guarantee that Elasticsearch is ready.

bash 'Waiting for elasticsearch curl response...' do
  code <<-EOH
  until (curl -XGET http://localhost:9200); do
    printf 'Waiting for elasticsearch....'
    sleep 5
  done
  EOH
end

Logstash configuration added

Logstash implements a new attribute: ['wazuh-elastic']['logstash_configuration'] that allows users to choose between the "local" and the '"remote"` configuration setup.

Services now properly declare supported actions.

According to Chef documentation, the supports field must be declared in order to properly manage services. To accomplish that the supports field has been added to services.

Java recipe changed.

The java recipe now installs OpenJDK 8 instead of Oracle-JDK after the Oracle license update. The repository will be added when Ubuntu < 16.

Readme's Updated

All README.md files have been updated in order to give as much information as possible about the installation, configuration and customization process.

Every cookbook has its own README that informs about attributes and dependencies.

jm404 and others added 30 commits May 6, 2019 15:51
@jm404
Restructuring folders to match chef-repo standards
a4904d9
@jm404
Added agent and manager roles.
a1ec808
@jm404
Divide specific recipes and fix names.
084eb5f
@jm404
Fixed dependencies and spec tests.
7af0895
@jm404
Fixed manager dependencies and wazuh_api.rb. Test OK
8da0862
@jm404
Fixed agent settings and dependencies. Install OK
addbabb
@jm404
Resolved default attributes errors.
d289377
@jm404
Removed ['server'] and ['agent'] tags. Removed deep_merge
dd3d267
@jm404
Added agent_auth parameters to agent.rb recipe.
c2d3ae0
@jm404
Updated manager attributes.
8a38bc0
@jm404
Update agent attributes.
35f6e34
Updated READMEs
ea1cb5c
Update Manager Berksfile
1704c93
Update README.md
3857485
Upgrade Filebeat to ES 6.7.2. Updated Filebeat README
47f379c
Merge branch '3.9-repository-refactor' of http://github.com/wazuh…
90d8c35 
…/wazuh-chef into 3.9-repository-refactor
Added Secrets and Data bags section to readme.
a3fbde4
Fixed typo in general README.md
937697c
Elasticsearch recipe updated to Wazuh 3.9.
5099f0e
Elastic Java dependencies updated.
e378d10
Corrected typo on filebeat README. Added filebeat role.
b73732b
Fixed metadata dependency errorn on wazuh_manager.
13bf322
Roles updated. Added wazuh_elastic role.
20cfa54
Slitted attributes of wazuh_elastic to clarify reading and editing.
5708cab
Elastic Stack update to 3.9.0
5e68c0e
Updated elastic and manager READMES
d4c1f07
Removed data bags old secrets.
5516f26
Removed unused templates and recipes.
d5ea639
Removed htpasswd dependency.
d785c22
Splitted attributes of elastic and manager.
c42cd23
@jm404 jm404 requested a review from manuasir May 20, 2019 17:10
@manuasir manuasir changed the base branch from 3.9 to master May 21, 2019 08:19
@manuasir manuasir changed the base branch from master to 3.9 May 21, 2019 08:19
manuasir
manuasir suggested changes May 21, 2019
View reviewed changes
Copy link
Contributor

@manuasir manuasir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, review grammar in the different README notes. Thanks!

@jm404 jm404 requested a review from manuasir May 21, 2019 09:00
manuasir
manuasir approved these changes May 21, 2019
View reviewed changes
Copy link
Contributor

@manuasir manuasir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@manuasir manuasir merged commit 31cb79a into 3.9 May 21, 2019
@manuasir manuasir deleted the 3.9-repository-refactor branch May 21, 2019 09:29
This was referenced May 21, 2019
Closed
Closed
Closed
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@manuasir manuasir manuasir approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jm404 @manuasir