diff --git a/manifests/kibana.pp b/manifests/kibana.pp index a92f643b..d30c010a 100644 --- a/manifests/kibana.pp +++ b/manifests/kibana.pp @@ -12,8 +12,15 @@ $kibana_server_port = '5601', $kibana_server_host = '0.0.0.0', $kibana_elasticsearch_server_hosts ="http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}", - -){ + $kibana_wazuh_api_credentials = [ { + 'id' => 'default', + 'url' => 'http://localhost', + 'port' => '55000', + 'user' => 'foo', + 'password' => 'bar', + }, + ] +) { # install package package { 'Installing Kibana...': @@ -43,6 +50,15 @@ try_sleep => 3, } + file {'Removing old Wazuh Kibana Plugin...': + ensure => absent, + path => '/usr/share/kibana/plugins/wazuh', + recurse => true, + purge => true, + force => true, + notify => Service[$kibana_service] + } + exec {'Installing Wazuh App...': path => '/usr/bin', command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${kibana_app_version}.zip", @@ -50,6 +66,19 @@ notify => Service[$kibana_service], } + exec {'Removing .wazuh index...': + path => '/usr/bin', + command => "curl -s -XDELETE -sL -I 'http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}/.wazuh' -o /dev/null", + notify => Service[$kibana_service], + } + + file { '/usr/share/kibana/plugins/wazuh/wazuh.yml': + owner => 'kibana', + group => 'kibana', + mode => '0644', + content => template('wazuh/wazuh_yml.erb'), + notify => Service[$kibana_service] + } exec { 'Verify Kibana folders owner': path => '/usr/bin:/bin', command => "chown -R kibana:kibana /usr/share/kibana/optimize\ diff --git a/templates/wazuh_yml.erb b/templates/wazuh_yml.erb new file mode 100644 index 00000000..efd1f42e --- /dev/null +++ b/templates/wazuh_yml.erb @@ -0,0 +1,133 @@ +--- +# +# Wazuh app - App configuration file +# Copyright (C) 2015-2019 Wazuh, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Find more information about this on the LICENSE file. +# +# ======================== Wazuh app configuration file ======================== +# +# Please check the documentation for more information on configuration options: +# https://documentation.wazuh.com/current/installation-guide/index.html +# +# Also, you can check our repository: +# https://github.com/wazuh/wazuh-kibana-app +# +# ------------------------------- Index patterns ------------------------------- +# +# Default index pattern to use. +#pattern: wazuh-alerts-3.x-* +# +# ----------------------------------- Checks ----------------------------------- +# +# Defines which checks must to be consider by the healthcheck +# step once the Wazuh app starts. Values must to be true or false. +#checks.pattern : true +#checks.template: true +#checks.api : true +#checks.setup : true +# +# --------------------------------- Extensions --------------------------------- +# +# Defines which extensions should be activated when you add a new API entry. +# You can change them after Wazuh app starts. +# Values must to be true or false. +#extensions.pci : true +#extensions.gdpr : true +#extensions.hipaa : true +#extensions.nist : true +#extensions.audit : true +#extensions.oscap : false +#extensions.ciscat : false +#extensions.aws : false +#extensions.virustotal: false +#extensions.osquery : false +#extensions.docker : false +# +# ---------------------------------- Time out ---------------------------------- +# +# Defines maximum timeout to be used on the Wazuh app requests. +# It will be ignored if it is bellow 1500. +# It means milliseconds before we consider a request as failed. +# Default: 20000 +#timeout: 20000 +# +# ------------------------------ Advanced indices ------------------------------ +# +# Configure .wazuh indices shards and replicas. +#wazuh.shards : 1 +#wazuh.replicas : 0 +# +# --------------------------- Index pattern selector --------------------------- +# +# Defines if the user is allowed to change the selected +# index pattern directly from the Wazuh app top menu. +# Default: true +#ip.selector: true +# +# List of index patterns to be ignored +#ip.ignore: [] +# +# -------------------------------- X-Pack RBAC --------------------------------- +# +# Custom setting to enable/disable built-in X-Pack RBAC security capabilities. +# Default: enabled +#xpack.rbac.enabled: true +# +# ------------------------------ wazuh-monitoring ------------------------------ +# +# Custom setting to enable/disable wazuh-monitoring indices. +# Values: true, false, worker +# If worker is given as value, the app will show the Agents status +# visualization but won't insert data on wazuh-monitoring indices. +# Default: true +#wazuh.monitoring.enabled: true +# +# Custom setting to set the frequency for wazuh-monitoring indices cron task. +# Default: 900 (s) +#wazuh.monitoring.frequency: 900 +# +# Configure wazuh-monitoring-3.x-* indices shards and replicas. +#wazuh.monitoring.shards: 2 +#wazuh.monitoring.replicas: 0 +# +# Configure wazuh-monitoring-3.x-* indices custom creation interval. +# Values: h (hourly), d (daily), w (weekly), m (monthly) +# Default: d +#wazuh.monitoring.creation: d +# +# Default index pattern to use for Wazuh monitoring +#wazuh.monitoring.pattern: wazuh-monitoring-3.x-* +# +# +# ------------------------------- App privileges -------------------------------- +#admin: true +# +# ------------------------------- App logging level ----------------------------- +# Set the logging level for the Wazuh App log files. +# Default value: info +# Allowed values: info, debug +#logs.level: info +# +#-------------------------------- API entries ----------------------------------- +#The following configuration is the default structure to define an API entry. +# +#hosts: +# - : +# url: http(s):// +# port: +# user: +# password: +hosts: +<% @kibana_wazuh_api_credentials.each do |api_profile| -%> + - <%= api_profile['id'] %>: + url: <%= api_profile['url'] %> + port: <%= api_profile['port'] %> + user: <%= api_profile['user'] %> + password: <%= api_profile['password'] %> +<% end -%> \ No newline at end of file