From 18ff8ba7e6d301f256552d9ed6cb625cb1f36b11 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matev=C5=BE=20Er=C5=BEen?= <matevz.erzen@xlab.si>
Date: Thu, 24 Mar 2022 14:06:09 +0000
Subject: [PATCH] Clouditor v1.4.0 migration

---
 README.md                       | 24 ++++++++++++++++++++----
 ansible/provision-clouditor.yml |  8 ++++++--
 ansible/provision.yml           |  8 ++++----
 custom-provision/.env           |  5 ++++-
 environments/full-setup/.env    |  5 ++++-
 5 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index a6d9f3c..f239c24 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,8 @@ In addition to Wazuh, ClamAV is also installed on agent machines.
 
 2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup` or `no-collector` (for development purposes, when `evidence-collector` runs on local machine).
 
+> Note: Docker registry credentials used for pulling Evidence Collector are located in `/ansible/docker/credentials/credentials.yml`. They don't need to be changed unless you explicitly want to use other registry.
+
 3. Create and provision VMs:
 
     ```
@@ -52,6 +54,8 @@ $ PORT=8088 npx http-echo-server
 
 ### Clouditor
 
+> Note: Clouditor version is defined in `/ansible/provision-clouditor.yml` and can be changed if needed.
+
 Clouditor starts automatically when Clouditor VM is provisioned.
 
 To see Clouditor's output, `ssh` to its machine and examine the log file:  
@@ -177,11 +181,23 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach
 
 ### Wazuh troubleshooting
 
-Depending on your machine and network configuration, Wazuh could have problem connecting agents to manager. Check Wazuh's web interface to see if agents work corrrectly. 
+Depending on your machine and network configuration, Wazuh could have problem connecting agents to manager. Check Wazuh's web interface to see if agents work corrrectly - if interface doesn't work, you probably need to open ports first (see below).
+
+To troubleshoot in more details, check the logs in `/var/ossec/logs/ossec.log` and consult [official troubleshooting manual](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html). 
+
+Two of the most common problems (often times in tandem) are [missing open ports](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#testing-communication-with-wazuh-manager) and [invalid agent names](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#invalid-agent-name-for-enrollment) (if agent machine's hostname matches hostname of any already existing Wazuh machine).
 
-If not, check the logs in `/var/ossec/logs/ossec.log` and consult [official troubleshooting manual](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html). 
+To enable required ports, run the following commands on Wazuh manager machine:
 
-Two of the most common problems are [missing open ports](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#testing-communication-with-wazuh-manager) and [invalid agent names](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#invalid-agent-name-for-enrollment) (if agent machine's hostname matches hostname of any already existing Wazuh machine).
+```
+$ sudo firewall-cmd --zone=public --add-port=1514/tcp --permanent
+$ sudo firewall-cmd --zone=public --add-port=1515/tcp --permanent
+$ sudo firewall-cmd --zone=public --add-port=55000/tcp --permanent
+$ sudo firewall-cmd --zone=public --add-port=5601/tcp --permanent
+$ sudo firewall-cmd --reload
+```
+
+After this, you should be able to at least see Wazuh's web interface - available at `https://wazuh_manager_ip:5601` (make sure to include `https` protocol prefix).
 
 ### Minimum hardware requirements
 
@@ -268,4 +284,4 @@ to each of the VMs. Example:
 ```
 [wazuh_managers]
 192.168.33.10 ansible_host=127.0.0.1 ansible_port=2222 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/full-setup/.vagrant/machines/manager/virtualbox/private_key
-```
+```
\ No newline at end of file
diff --git a/ansible/provision-clouditor.yml b/ansible/provision-clouditor.yml
index 32beabf..cc51dd8 100644
--- a/ansible/provision-clouditor.yml
+++ b/ansible/provision-clouditor.yml
@@ -19,16 +19,20 @@
           mode: '0555'
       - name: Run Golang installer
         raw: ./installer_linux && source /home/vagrant/.bash_profile
-      - name: Create dir
+      - name: Create clouditor dir
         file:
           path: /home/vagrant/clouditor
           state: directory
+      - name: Create api key dir
+        file:
+          path: /home/vagrant/.clouditor
+          state: directory
       - name: Clone Clouditor repo
         git:
           repo: https://github.com/clouditor/clouditor.git
           dest: /home/vagrant/clouditor
           force: yes
-          version: v1.3.14
+          version: v1.4.0
       - name: Copy Makefile
         copy:
           src: ./clouditor/Makefile
diff --git a/ansible/provision.yml b/ansible/provision.yml
index a06d908..feb9ce7 100644
--- a/ansible/provision.yml
+++ b/ansible/provision.yml
@@ -5,8 +5,8 @@
 - name: Start provision of the Wazuh Agents
   import_playbook: provision-agents.yml
 
-- name: Start provision of the Evidence Collector
-  import_playbook: provision-evidence-collector.yml
-
 - name: Start provision of the Clouditor
-  import_playbook: provision-clouditor.yml
\ No newline at end of file
+  import_playbook: provision-clouditor.yml
+
+- name: Start provision of the Evidence Collector
+  import_playbook: provision-evidence-collector.yml
\ No newline at end of file
diff --git a/custom-provision/.env b/custom-provision/.env
index 548f767..1f87306 100644
--- a/custom-provision/.env
+++ b/custom-provision/.env
@@ -11,4 +11,7 @@ redis_host=localhost
 redis_port=6379
 redis_queue=low
 clouditor_host=192.168.0.13
-clouditor_port=9090
\ No newline at end of file
+clouditor_port=9090
+clouditor_oauth2_port=8080
+clouditor_client_id=clouditor
+clouditor_client_secret=clouditor
diff --git a/environments/full-setup/.env b/environments/full-setup/.env
index 166ba70..19db6de 100644
--- a/environments/full-setup/.env
+++ b/environments/full-setup/.env
@@ -11,4 +11,7 @@ redis_host=localhost
 redis_port=6379
 redis_queue=low
 clouditor_host=192.168.33.14
-clouditor_port=9090
\ No newline at end of file
+clouditor_port=9090
+clouditor_oauth2_port=8080
+clouditor_client_id=clouditor
+clouditor_client_secret=clouditor
-- 
GitLab