diff --git a/CHANGELOG.md b/CHANGELOG.md index fdae7ec4..a5194c1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,32 @@ # Change Log All notable changes to this project will be documented in this file. +## Wazuh Puppet v3.12.0_7.6.1 + +### Added + +- Update to Wazuh version 3.12.0_7.6.1 + +- Add a parameter ossec_rootcheck_ignore_list ([@Hexta](https://github.com/Hexta)) [PR#212](https://github.com/wazuh/wazuh-puppet/pull/212) + +- Add a parameter wazuh_api::manage_nodejs_package ([@Hexta](https://github.com/Hexta)) [PR#213](https://github.com/wazuh/wazuh-puppet/pull/213) + +- Upgrade to NodeJS v10 ([@xr09](https://github.com/xr09)) [PR#230](https://github.com/wazuh/wazuh-puppet/pull/230) + +- Always treat $ossec_emailnotification as a boolean ([@alanwevans](https://github.com/alanwevans)) [PR#229](https://github.com/wazuh/wazuh-puppet/pull/229) + +- Adapt active-response definition ([@rshad](https://github.com/rshad)) [PR#234](https://github.com/wazuh/wazuh-puppet/pull/234) + +### Fixed + +- Fixes #215: Fix audit package name for Debian ([@djmgit](https://github.com/djmgit)) [PR#216](https://github.com/wazuh/wazuh-puppet/pull/216) + +- Fixes #227 : Add system_audit subsection in rootcheck ([@djmgit](https://github.com/djmgit)) [PR#228](https://github.com/wazuh/wazuh-puppet/pull/228) + +- Fixes #225 : Option to configure audit rules from this module itself ([@djmgit](https://github.com/djmgit)) [PR#226](https://github.com/wazuh/wazuh-puppet/pull/226) + +- Fixes #221 : No kern.log, auth.log, mail.log in default localfile config for Debian family ([@rshad](https://github.com/rshad)) [Issue#221](https://github.com/wazuh/wazuh-puppet/issues/221) + ## Wazuh Puppet v3.11.4_7.6.1 ### Added diff --git a/VERSION b/VERSION index 1997d546..46980cb1 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -WAZUH-PUPPET_VERSION="v3.11.4" +WAZUH-PUPPET_VERSION="v3.12.0" REVISION="31140" \ No newline at end of file diff --git a/manifests/activeresponse.pp b/manifests/activeresponse.pp index 212cc9da..3340bd2b 100644 --- a/manifests/activeresponse.pp +++ b/manifests/activeresponse.pp @@ -1,20 +1,30 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) #Define for a specific ossec active-response define wazuh::activeresponse( - $command_name, - $ar_location = 'local', - $ar_level = 7, - $ar_agent_id = '', - $ar_rules_id = [], - $ar_timeout = 300, - $ar_repeated_offenders = '', + $active_response_name = 'Rendering active-response template', + $active_response_disabled = undef, + $active_response_linux_ca_store = undef, + $active_response_ca_verification = undef, + $active_response_command = undef, + $active_response_location = undef, + $active_response_level = undef, + $active_response_agent_id = undef, + $active_response_rules_id = [], + $active_response_timeout = undef, + $active_response_repeated_offenders = [], + + $target_arg = 'ossec.conf', + $order_arg = undef, + $before_arg = undef, + $content_arg = 'wazuh/fragments/_activeresponse.erb' ) { require wazuh::params_manager - concat::fragment { $name: - target => 'ossec.conf', - order => 55, - content => template('wazuh/fragments/_activeresponse.erb') + concat::fragment { $active_response_name: + target => $target_arg, + order => $order_arg, + before => $before_arg, + content => template($content_arg) } } diff --git a/manifests/agent.pp b/manifests/agent.pp index 4e0a70f2..99b22e0e 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -79,9 +79,11 @@ $ossec_rootcheck_check_ports = $wazuh::params_agent::ossec_rootcheck_check_ports, $ossec_rootcheck_check_if = $wazuh::params_agent::ossec_rootcheck_check_if, $ossec_rootcheck_frequency = $wazuh::params_agent::ossec_rootcheck_frequency, + $ossec_rootcheck_ignore_list = $wazuh::params_agent::ossec_rootcheck_ignore_list, $ossec_rootcheck_rootkit_files = $wazuh::params_agent::ossec_rootcheck_rootkit_files, $ossec_rootcheck_rootkit_trojans = $wazuh::params_agent::ossec_rootcheck_rootkit_trojans, $ossec_rootcheck_skip_nfs = $wazuh::params_agent::ossec_rootcheck_skip_nfs, + $ossec_rootcheck_system_audit = $wazuh::params_agent::ossec_rootcheck_system_audit, # rootcheck windows @@ -166,6 +168,7 @@ $ossec_syscheck_auto_ignore = $wazuh::params_agent::ossec_syscheck_auto_ignore, $ossec_syscheck_directories_1 = $wazuh::params_agent::ossec_syscheck_directories_1, $ossec_syscheck_directories_2 = $wazuh::params_agent::ossec_syscheck_directories_2, + $ossec_syscheck_whodata_directories_1 = $wazuh::params_agent::ossec_syscheck_whodata_directories_1, $ossec_syscheck_realtime_directories_1 = $wazuh::params_agent::ossec_syscheck_realtime_directories_1, $ossec_syscheck_whodata_directories_2 = $wazuh::params_agent::ossec_syscheck_whodata_directories_2, @@ -177,11 +180,24 @@ $ossec_syscheck_skip_nfs = $wazuh::params_agent::ossec_syscheck_skip_nfs, $ossec_syscheck_windows_audit_interval = $wazuh::params_agent::windows_audit_interval, + # Audit + $audit_manage_rules = $wazuh::params_agent::audit_manage_rules, + $audit_buffer_bytes = $wazuh::params_agent::audit_buffer_bytes, + $audit_backlog_wait_time = $wazuh::params_agent::audit_backlog_wait_time, + $audit_rules = $wazuh::params_agent::audit_rules, + # active-response - $ossec_active_response_disabled = $wazuh::params_agent::active_response_disabled, - $ossec_active_response_linux_ca_store = $wazuh::params_agent::active_response_linux_ca_store, - $ossec_active_response_windows_ca_store = $wazuh::params_agent::active_response_windows_ca_store, - $ossec_active_response_ca_verification = $wazuh::params_agent::active_response_ca_verification, + $ossec_active_response_disabled = $wazuh::params_agent::active_response_disabled, + $ossec_active_response_linux_ca_store = $wazuh::params_agent::active_response_linux_ca_store, + + $ossec_active_response_ca_verification = $wazuh::params_agent::active_response_ca_verification, + $ossec_active_response_command = $wazuh::params_agent::active_response_command, + $ossec_active_response_location = $wazuh::params_agent::active_response_location, + $ossec_active_response_level = $wazuh::params_agent::active_response_level, + $ossec_active_response_agent_id = $wazuh::params_agent::active_response_agent_id, + $ossec_active_response_rules_id = $wazuh::params_agent::active_response_rules_id, + $ossec_active_response_timeout = $wazuh::params_agent::active_response_timeout, + $ossec_active_response_repeated_offenders = $wazuh::params_agent::active_response_repeated_offenders, # Agent Labels $ossec_labels = $wazuh::params_agent::ossec_labels, @@ -208,12 +224,11 @@ validate_string($agent_service_name) if (( $ossec_syscheck_whodata_directories_1 == 'yes' ) or ( $ossec_syscheck_whodata_directories_2 == 'yes' )) { - package { 'Installing Audit...': - name => 'audit', - } - service { 'auditd': - ensure => running, - enable => true, + class { "wazuh::audit": + audit_manage_rules => $audit_manage_rules, + audit_backlog_wait_time => $audit_backlog_wait_time, + audit_buffer_bytes => $audit_buffer_bytes, + audit_rules => $audit_rules, } } @@ -398,12 +413,19 @@ } } if ($configure_active_response == true) { - concat::fragment { - 'ossec.conf_active_response': - target => 'ossec.conf', - order => 40, - before => Service[$agent_service_name], - content => template($ossec_active_response_template); + wazuh::activeresponse { 'blockWebattack': + active_response_disabled => $ossec_active_response_disabled, + active_response_linux_ca_store => $ossec_active_response_linux_ca_store, + active_response_ca_verification => $ossec_active_response_ca_verification, + active_response_command => $ossec_active_response_command, + active_response_location => $ossec_active_response_location, + active_response_level => $ossec_active_response_level, + active_response_agent_id => $ossec_active_response_agent_id, + active_response_rules_id => $ossec_active_response_rules_id, + active_response_timeout => $ossec_active_response_timeout, + active_response_repeated_offenders => $ossec_active_response_repeated_offenders, + order_arg => 40, + before_arg => Service[$agent_service_name] } } diff --git a/manifests/audit.pp b/manifests/audit.pp new file mode 100644 index 00000000..612b8650 --- /dev/null +++ b/manifests/audit.pp @@ -0,0 +1,43 @@ +class wazuh::audit ( + $audit_manage_rules = false, + $audit_buffer_bytes = "8192", + $audit_backlog_wait_time = "0", + $audit_rules = [], +) { + + case $::kernel { + 'Linux': { + case $::operatingsystem { + 'Debian', 'debian', 'Ubuntu', 'ubuntu': { + package { 'Installing Audit...': + name => 'auditd', + } + } + default: { + package { 'Installing Audit...': + name => 'audit' + } + } + } + + service { 'auditd': + ensure => running, + enable => true, + } + + if $audit_manage_rules == true { + file { '/etc/audit/rules.d/audit.rules': + ensure => present + } + + $audit_rules.each |String $rule| { + file_line { "Append rule ${rule} to /etc/audit/rules.d/audit.rules": + path => '/etc/audit/rules.d/audit.rules', + line => $rule, + require => File['/etc/audit/rules.d/audit.rules'] + } + } + } + } + } +} diff --git a/manifests/filebeat.pp b/manifests/filebeat.pp index 4a575438..c39d1285 100644 --- a/manifests/filebeat.pp +++ b/manifests/filebeat.pp @@ -8,8 +8,8 @@ $filebeat_package = 'filebeat', $filebeat_service = 'filebeat', $filebeat_version = '7.6.1', - $wazuh_app_version = '3.11.4_7.6.1', - $wazuh_extensions_version = 'v3.11.4', + $wazuh_app_version = '3.12.0_7.6.1', + $wazuh_extensions_version = 'v3.12.0', $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz', ){ diff --git a/manifests/kibana.pp b/manifests/kibana.pp index 81c1c387..6b744e11 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -4,7 +4,7 @@ $kibana_package = 'kibana', $kibana_service = 'kibana', $kibana_version = '7.6.1', - $kibana_app_version = '3.11.4_7.6.1', + $kibana_app_version = '3.12.0_7.6.1', $kibana_elasticsearch_ip = 'localhost', $kibana_elasticsearch_port = '9200', diff --git a/manifests/manager.pp b/manifests/manager.pp index 9a7fbf46..d157a6ac 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -62,6 +62,16 @@ $ossec_cluster_template = $wazuh::params_manager::ossec_cluster_template, $ossec_active_response_template = $wazuh::params_manager::ossec_active_response_template, + # active-response + $ossec_active_response_command = $wazuh::params_manager::active_response_command, + $ossec_active_response_location = $wazuh::params_manager::active_response_location, + $ossec_active_response_level = $wazuh::params_manager::active_response_level, + $ossec_active_response_agent_id = $wazuh::params_manager::active_response_agent_id, + $ossec_active_response_rules_id = $wazuh::params_manager::active_response_rules_id, + $ossec_active_response_timeout = $wazuh::params_manager::active_response_timeout, + $ossec_active_response_repeated_offenders = $wazuh::params_manager::active_response_repeated_offenders, + + ## Rootcheck $ossec_rootcheck_disabled = $wazuh::params_manager::ossec_rootcheck_disabled, @@ -73,32 +83,34 @@ $ossec_rootcheck_check_ports = $wazuh::params_manager::ossec_rootcheck_check_ports, $ossec_rootcheck_check_if = $wazuh::params_manager::ossec_rootcheck_check_if, $ossec_rootcheck_frequency = $wazuh::params_manager::ossec_rootcheck_frequency, + $ossec_rootcheck_ignore_list = $wazuh::params_manager::ossec_rootcheck_ignore_list, $ossec_rootcheck_rootkit_files = $wazuh::params_manager::ossec_rootcheck_rootkit_files, $ossec_rootcheck_rootkit_trojans = $wazuh::params_manager::ossec_rootcheck_rootkit_trojans, $ossec_rootcheck_skip_nfs = $wazuh::params_manager::ossec_rootcheck_skip_nfs, + $ossec_rootcheck_system_audit = $wazuh::params_manager::ossec_rootcheck_system_audit, # SCA - ## Amazon - $sca_amazon_amazon_enabled = $wazuh::params_manager::sca_amazon_enabled, - $sca_amazon_amazon_scan_on_start = $wazuh::params_manager::sca_amazon_scan_on_start, - $sca_amazon_amazon_interval = $wazuh::params_manager::sca_amazon_interval, - $sca_amazon_amazon_skip_nfs = $wazuh::params_manager::sca_amazon_skip_nfs, - $sca_amazon_amazon_policies = $wazuh::params_manager::sca_amazon_policies, + ## Amazon + $sca_amazon_amazon_enabled = $wazuh::params_manager::sca_amazon_enabled, + $sca_amazon_amazon_scan_on_start = $wazuh::params_manager::sca_amazon_scan_on_start, + $sca_amazon_amazon_interval = $wazuh::params_manager::sca_amazon_interval, + $sca_amazon_amazon_skip_nfs = $wazuh::params_manager::sca_amazon_skip_nfs, + $sca_amazon_amazon_policies = $wazuh::params_manager::sca_amazon_policies, - ## RHEL - $sca_rhel_enabled = $wazuh::params_manager::sca_rhel_enabled, - $sca_rhel_scan_on_start = $wazuh::params_manager::sca_rhel_scan_on_start, - $sca_rhel_interval = $wazuh::params_manager::sca_rhel_interval, - $sca_rhel_skip_nfs = $wazuh::params_manager::sca_rhel_skip_nfs, - $sca_rhel_policies = $wazuh::params_manager::sca_rhel_policies, + ## RHEL + $sca_rhel_enabled = $wazuh::params_manager::sca_rhel_enabled, + $sca_rhel_scan_on_start = $wazuh::params_manager::sca_rhel_scan_on_start, + $sca_rhel_interval = $wazuh::params_manager::sca_rhel_interval, + $sca_rhel_skip_nfs = $wazuh::params_manager::sca_rhel_skip_nfs, + $sca_rhel_policies = $wazuh::params_manager::sca_rhel_policies, - ## - $sca_else_enabled = $wazuh::params_manager::sca_else_enabled, - $sca_else_scan_on_start = $wazuh::params_manager::sca_else_scan_on_start, - $sca_else_interval = $wazuh::params_manager::sca_else_interval, - $sca_else_skip_nfs = $wazuh::params_manager::sca_else_skip_nfs, - $sca_else_policies = $wazuh::params_manager::sca_else_policies, + ## + $sca_else_enabled = $wazuh::params_manager::sca_else_enabled, + $sca_else_scan_on_start = $wazuh::params_manager::sca_else_scan_on_start, + $sca_else_interval = $wazuh::params_manager::sca_else_interval, + $sca_else_skip_nfs = $wazuh::params_manager::sca_else_skip_nfs, + $sca_else_policies = $wazuh::params_manager::sca_else_policies, ## Wodles @@ -144,7 +156,7 @@ $vulnerability_detector_provider_canonical = $wazuh::params_manager::vulnerability_detector_provider_canonical, $vulnerability_detector_provider_canonical_enabled = $wazuh::params_manager::vulnerability_detector_provider_canonical_enabled, $vulnerability_detector_provider_canonical_os = $wazuh::params_manager::vulnerability_detector_provider_canonical_os, - $vulnerability_detector_provider_debian_canonical_interval = $wazuh::params_manager::vulnerability_detector_provider_canonical_update_interval, + $vulnerability_detector_provider_canonical_update_interval = $wazuh::params_manager::vulnerability_detector_provider_canonical_update_interval, $vulnerability_detector_provider_debian = $wazuh::params_manager::vulnerability_detector_provider_debian, $vulnerability_detector_provider_debian_enabled = $wazuh::params_manager::vulnerability_detector_provider_debian_enabled, @@ -173,7 +185,6 @@ $syslog_output_format = $wazuh::params_manager::syslog_output_format, # Authd configuration - $ossec_auth_disabled = $wazuh::params_manager::ossec_auth_disabled, $ossec_auth_port = $wazuh::params_manager::ossec_auth_port, $ossec_auth_use_source_ip = $wazuh::params_manager::ossec_auth_use_source_ip, @@ -190,7 +201,6 @@ # syscheck - $ossec_syscheck_disabled = $wazuh::params_manager::ossec_syscheck_disabled, $ossec_syscheck_frequency = $wazuh::params_manager::ossec_syscheck_frequency, $ossec_syscheck_scan_on_start = $wazuh::params_manager::ossec_syscheck_scan_on_start, @@ -279,7 +289,8 @@ # This allows arrays of integers, sadly # (commented due to stdlib version requirement) - if ($ossec_emailnotification == true) { + validate_bool($ossec_emailnotification) + if ($ossec_emailnotification) { if $ossec_smtp_server == undef { fail('$ossec_emailnotification is enabled but $smtp_server was not set') } @@ -490,12 +501,16 @@ } } if ($configure_active_response == true){ - concat::fragment { - 'ossec.conf_active_response': - order => 90, - target => 'ossec.conf', - content => template($ossec_active_response_template); - } + wazuh::activeresponse { 'blockWebattack': + active_response_command => $ossec_active_response_command, + active_response_location => $ossec_active_response_location, + active_response_level => $ossec_active_response_level, + active_response_agent_id => $ossec_active_response_agent_id, + active_response_rules_id => $ossec_active_response_rules_id, + active_response_timeout => $ossec_active_response_timeout, + active_response_repeated_offenders => $ossec_active_response_repeated_offenders, + order_arg => 90 + } } concat::fragment { 'ossec.conf_footer': diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp index 2f034cc2..08156977 100644 --- a/manifests/params_agent.pp +++ b/manifests/params_agent.pp @@ -1,7 +1,7 @@ # Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) # Wazuh-Agent configuration parameters class wazuh::params_agent { - $agent_package_version = '3.11.4-1' + $agent_package_version = '3.12.0-1' $agent_service_ensure = 'running' $agent_name = undef @@ -69,9 +69,15 @@ $ossec_local_files = $::wazuh::params_agent::default_local_files # active response - $active_response_disabled = 'no' + $active_response_disabled = 'no' + $active_response_ca_verification = 'yes' + $active_response_location = undef + $active_response_level = undef + $active_response_agent_id = undef + $active_response_rules_id = [] + $active_response_timeout = undef + $active_response_repeated_offenders = [] - $active_response_ca_verification = 'yes' # OS specific configurations case $::kernel { @@ -113,10 +119,14 @@ $ossec_rootcheck_check_ports = 'yes' $ossec_rootcheck_check_if = 'yes' $ossec_rootcheck_frequency = 43200 + $ossec_rootcheck_ignore_list = [] $ossec_rootcheck_rootkit_files = '/var/ossec/etc/shared/rootkit_files.txt' $ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/shared/rootkit_trojans.txt' $ossec_rootcheck_skip_nfs = 'yes' + # Example: ["/var/ossec/etc/shared/system_audit_rcl.txt"] + $ossec_rootcheck_system_audit = [] + # SCA ## Amazon @@ -224,6 +234,16 @@ $ossec_syscheck_nodiff = '/etc/ssl/private.key' $ossec_syscheck_skip_nfs = 'yes' + # Audit + $audit_manage_rules = false + $audit_buffer_bytes = "8192" + $audit_backlog_wait_time = "0" + $audit_rules = [ + "-b ${audit_buffer_bytes}", + "--backlog_wait_time ${audit_backlog_wait_time}", + "-f 1" + ] + # active-response $active_response_linux_ca_store = '/var/ossec/etc/wpk_root.pem' @@ -401,6 +421,7 @@ $ossec_rootcheck_windows_disabled = 'no' $ossec_rootcheck_windows_windows_apps = './shared/win_applications_rcl.txt' $ossec_rootcheck_windows_windows_malware = './shared/win_malware_rcl.txt' + $ossec_rootcheck_system_audit = [] # sca $sca_windows_enabled = 'yes' diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 9b3cc76f..58140c7a 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -5,7 +5,7 @@ 'Linux': { # Installation - $server_package_version = '3.11.4-1' + $server_package_version = '3.12.0-1' $manage_repos = true $manage_firewall = false @@ -13,7 +13,7 @@ ### Ossec.conf blocks ## Global - $ossec_emailnotification = 'no' + $ossec_emailnotification = false $ossec_emailto = ['recipient@example.wazuh.com'] $ossec_smtp_server = 'smtp.example.wazuh.com' $ossec_emailfrom = 'ossecm@example.wazuh.com' @@ -74,9 +74,11 @@ $ossec_rootcheck_check_ports = 'yes' $ossec_rootcheck_check_if = 'yes' $ossec_rootcheck_frequency = 43200 + $ossec_rootcheck_ignore_list = [] $ossec_rootcheck_rootkit_files = '/var/ossec/etc/rootcheck/rootkit_files.txt' $ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/rootcheck/rootkit_trojans.txt' $ossec_rootcheck_skip_nfs = 'yes' + $ossec_rootcheck_system_audit = [] # SCA @@ -137,6 +139,16 @@ $wodle_syscollector_ports = 'yes' $wodle_syscollector_processes = 'yes' + + #active-response + $active_response_command = 'firewall-drop' + $active_response_location = 'local' + $active_response_level = 9 + $active_response_agent_id = '001' + $active_response_rules_id = [31153,31151] + $active_response_timeout = 300 + $active_response_repeated_offenders = ['30,60,120'] + #vulnerability-detector $vulnerability_detector_enabled = 'no' @@ -315,8 +327,10 @@ $ossec_service_provider = undef $api_service_provider = undef $default_local_files = [ - { 'location' => '/var/log/syslog' , 'log_format' => 'syslog'}, - { 'location' => '/var/log/dpkg.log', 'log_format' => 'syslog'}, + { 'location' => '/var/log/syslog' , 'log_format' => 'syslog' }, + { 'location' => '/var/log/dpkg.log', 'log_format' => 'syslog' }, + { 'location' => '/var/log/kern.log', 'log_format' => 'syslog' }, + { 'location' => '/var/log/auth.log', 'log_format' => 'syslog' }, { 'location' => '/var/ossec/logs/active-responses.log', 'log_format' => 'syslog'}, ] case $::lsbdistcodename { @@ -471,7 +485,7 @@ $keys_group = 'Administrators' $agent_service = 'OssecSvc' - $agent_package = 'Wazuh Agent 3.11.4' + $agent_package = 'Wazuh Agent 3.12.0' $server_service = '' $server_package = '' $api_service = '' diff --git a/manifests/wazuh_api.pp b/manifests/wazuh_api.pp index f545b5a4..e38297a9 100644 --- a/manifests/wazuh_api.pp +++ b/manifests/wazuh_api.pp @@ -2,36 +2,22 @@ # Wazuh API installation class wazuh::wazuh_api ( + $manage_nodejs_package = true, $wazuh_api_package = 'wazuh-api', $wazuh_api_service = 'wazuh-api', - $wazuh_api_version = '3.11.4-1', - $nodejs_package = 'nodejs' + $wazuh_api_version = '3.12.0-1', ){ + if $manage_nodejs_package { + contain wazuh::wazuh_api::nodejs + } if $::osfamily == 'Debian' { - exec { 'Updating repositories...': - path => '/usr/bin', - command => 'curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -', - - } - package { $nodejs_package: - provider => 'apt', - } package { $wazuh_api_package: ensure => $wazuh_api_version, provider => 'apt', } - - }else{ - exec { 'Updating repositories...': - path => '/usr/bin', - command => 'curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -', - - } - package { $nodejs_package: - provider => 'yum', - } + } else { package { $wazuh_api_package: ensure => $wazuh_api_version, provider => 'yum', @@ -42,7 +28,6 @@ ensure => running, enable => true, provider => 'systemd', + require => Package[$wazuh_api_package], } - - } diff --git a/manifests/wazuh_api/nodejs.pp b/manifests/wazuh_api/nodejs.pp new file mode 100644 index 00000000..b8c4cbcf --- /dev/null +++ b/manifests/wazuh_api/nodejs.pp @@ -0,0 +1,26 @@ +# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2) +# Wazuh API installation + +class wazuh::wazuh_api::nodejs ( + $nodejs_package = 'nodejs' +){ + if $::osfamily == 'Debian' { + exec { 'Updating repositories...': + path => '/usr/bin', + command => 'curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -', + } + package { $nodejs_package: + provider => 'apt', + } + } else { + exec { 'Updating repositories...': + path => '/usr/bin', + command => 'curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -', + + } + package { $nodejs_package: + provider => 'yum', + } + } +} + diff --git a/metadata.json b/metadata.json index f8fd32a9..8c315aa7 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "wazuh-wazuh", - "version": "3.11.4", + "version": "3.12.0", "author": "WAZUH", "summary": "Install and configure Wazuh-HIDS client and server", "license": "Apache-2.0", diff --git a/templates/fragments/_activeresponse.erb b/templates/fragments/_activeresponse.erb index dcef284a..3acef7ba 100644 --- a/templates/fragments/_activeresponse.erb +++ b/templates/fragments/_activeresponse.erb @@ -1,19 +1,40 @@ -<% if @ossec_active_response_disabled -%> - <%= @ossec_active_response_disabled %> +<% if @active_response_disabled -%> + <%= @active_response_disabled %> <%- end -%> <%- if @kernel == 'windows' -%> -<% if @ossec_active_response_windows_ca_store -%> - <%= @ossec_active_response_windows_ca_store %> +<% if @active_response_windows_ca_store -%> + <%= @active_response_windows_ca_store %> <%- end -%> <%- elsif @kernel == 'Linux' -%> -<% if @ossec_active_response_linux_ca_store -%> - <%= @ossec_active_response_linux_ca_store %> +<% if @active_response_linux_ca_store -%> + <%= @active_response_linux_ca_store %> <%- end -%> <%- end -%> -<% if @ossec_active_response_ca_verification -%> - <%= @ossec_active_response_ca_verification %> +<% if @active_response_ca_verification -%> + <%= @active_response_ca_verification %> +<%- end -%> +<% if @active_response_command -%> + <%= @active_response_command %> +<%- end -%> +<% if @active_response_location -%> + <%= @active_response_location %> +<%- end -%> +<% if @active_response_level -%> + <%= @active_response_level %> +<%- end -%> +<% if @active_response_agent_id -%> + <%= @active_response_agent_id %> +<%- end -%> +<% if !@active_response_rules_id.empty? -%> + <%= @active_response_rules_id.join(',') %> +<%- end -%> +<% if @active_response_timeout -%> + <%= @active_response_timeout %> +<%- end -%> +<% if !@active_response_repeated_offenders.empty? -%> + <%= @active_response_repeated_offenders.join(',') %> <%- end -%> diff --git a/templates/fragments/_rootcheck.erb b/templates/fragments/_rootcheck.erb index 94fd4fd9..8d44935c 100644 --- a/templates/fragments/_rootcheck.erb +++ b/templates/fragments/_rootcheck.erb @@ -29,15 +29,25 @@ <% if @ossec_rootcheck_frequency-%> <%= @ossec_rootcheck_frequency %> <%- end -%> + <%- if @ossec_rootcheck_ignore_list -%> + <%- @ossec_rootcheck_ignore_list.each do |ignore_element| -%> + <%= ignore_element %> + <%- end -%> + <%- end -%> <% if @ossec_rootcheck_rootkit_files-%> <%= @ossec_rootcheck_rootkit_files %> <%- end -%> <% if @ossec_rootcheck_rootkit_trojans-%> <%= @ossec_rootcheck_rootkit_trojans %> <%- end -%> + <%- if !@ossec_rootcheck_system_audit.empty? -%> + <%- @ossec_rootcheck_system_audit.each do |audit_file| -%> + <%= audit_file %> + <%- end -%> + <%- end -%> <% if @ossec_rootcheck_skip_nfs-%> <%= @ossec_rootcheck_skip_nfs%> - <%- end -%> + <%- end -%> <%- else -%> diff --git a/templates/wazuh_manager.conf.erb b/templates/wazuh_manager.conf.erb index e855dc1a..f7c24900 100644 --- a/templates/wazuh_manager.conf.erb +++ b/templates/wazuh_manager.conf.erb @@ -4,7 +4,7 @@ no no <%- if @ossec_emailnotification -%> - no + yes <%- @ossec_emailto.each do |emailto| -%> <%= emailto %> <%- end -%>