diff --git a/README.md b/README.md index 73d38f2b9f06e332af5d8b40fb4ea85064b92f1a..f720e31dc4908a6db5675d528464b522ef5d1258 100644 --- a/README.md +++ b/README.md @@ -16,14 +16,17 @@ In addition to Wazuh, ClamAV is also installed on agent machines. ## Requirements - * Vagrant 2.2.14 - * Ansible 2.9.16 + * Vagrant `2.2.19` + * VirtualBox `6.1.32` + * Ansible `>=2.9.6` * (optional / integrations) `npm` / `npx` in order to run the simple HTTP server for the integrations --- ## Setting up the demo +> Important: make sure you have installed the right versions of Vagrant and VirtualBox! + 1. Checkout Wazuh's tag `v4.1.5` into the current directory: ``` @@ -48,6 +51,8 @@ In addition to Wazuh, ClamAV is also installed on agent machines. $ make create provision ``` + > Note: `create` command also adds `/etc/vbox/networks.conf` config required by Vagrant/VirtualBox. + --- ## Using demo components @@ -69,14 +74,15 @@ Clouditor starts automatically when Clouditor VM is provisioned. To see Clouditor's output, `ssh` to its machine and examine the log file: ``` -$ make ssh-clouditor -$ tail /var/log/clouditor.log +$ make logs-clouditor ``` To manually (re)start Clouditor (normally not needed), you can use the following command on the Clouditor VM (inside `/home/vagrant/clouditor`): ``` -$ make run +$ make ssh-clouditor # on host machine + +$ make run # on VM ``` ### Evidence Collector @@ -84,8 +90,7 @@ $ make run To see Evidence Collector's output, `ssh` to its machine and open Docker logs: ``` -$ make ssh-evidence-collector -$ docker logs -ft evidence-collector +$ make logs-evidence-collector ``` ### Wazuh diff --git a/ansible/globals/globals.yml b/ansible/globals/globals.yml index c94480bd62ee998af30e164669789c19d356523d..307fa0a1a354f4b48b3d1d7d13e9aea735f73ea5 100644 --- a/ansible/globals/globals.yml +++ b/ansible/globals/globals.yml @@ -3,4 +3,5 @@ custom_integration_hook: 'http://10.0.2.2:8088' custom_integration_alert_level: 10 custom_integration_alert_format: 'json' elasticsearch_host_ip: '192.168.33.10' -wazuh_manager_ip: '192.168.33.10' \ No newline at end of file +wazuh_manager_ip: '192.168.33.10' +wazuh_check_interval: 300 \ No newline at end of file diff --git a/ansible/provision-managers.yml b/ansible/provision-managers.yml index 9447c0f0c533b3733d81d1753f1a0129c8140bf3..d3295f8beeb1387520fac8d73c73ec86a0cbbb11 100644 --- a/ansible/provision-managers.yml +++ b/ansible/provision-managers.yml @@ -13,9 +13,7 @@ - role: custom-integration vars: single_node: true - ## Set-up integrations wazuh_manager_integrations: - # custom-integration - name: custom-integration hook_url: "{{ custom_integration_hook }}" alert_level: "{{ custom_integration_alert_level }}" @@ -27,6 +25,35 @@ elasticsearch_network_host: "0.0.0.0" filebeat_node_name: node-1 filebeat_output_elasticsearch_hosts: "{{ elasticsearch_host_ip }}" + wazuh_manager_vulnerability_detector: + enabled: 'yes' + interval: "{{ wazuh_check_interval }}" + ignore_time: "{{ wazuh_check_interval }}" + run_on_start: 'yes' + providers: + - enabled: 'yes' + os: + - 'trusty' + - 'xenial' + - 'bionic' + update_interval: "{{ wazuh_check_interval }}" + name: '"canonical"' + - enabled: 'yes' + os: + - 'wheezy' + - 'stretch' + - 'jessie' + - 'buster' + update_interval: "{{ wazuh_check_interval }}" + name: '"debian"' + - enabled: 'yes' + update_from_year: '2010' + update_interval: "{{ wazuh_check_interval }}" + name: '"redhat"' + - enabled: 'yes' + update_from_year: '2010' + update_interval: "{{ wazuh_check_interval }}" + name: '"nvd"' instances: node1: name: node-1 # Important: must be equal to elasticsearch_node_name. @@ -51,4 +78,5 @@ - {port: "1514", proto: "tcp", state: "enabled", zone: "public"} - {port: "1515", proto: "tcp", state: "enabled", zone: "public"} - {port: "55000", proto: "tcp", state: "enabled", zone: "public"} - - {port: "5601", proto: "tcp", state: "enabled", zone: "public"} \ No newline at end of file + - {port: "5601", proto: "tcp", state: "enabled", zone: "public"} + - {port: "9200", proto: "tcp", state: "enabled", zone: "public"} \ No newline at end of file diff --git a/custom-provision/.env b/custom-provision/.env index 1f87306457f5bec96a3d6627352fb2ca13225937..f4ee6b4aca099d9579db6a2876ceac59f216e8e0 100644 --- a/custom-provision/.env +++ b/custom-provision/.env @@ -15,3 +15,4 @@ clouditor_port=9090 clouditor_oauth2_port=8080 clouditor_client_id=clouditor clouditor_client_secret=clouditor +wazuh_check_interval=300 \ No newline at end of file diff --git a/environments/full-setup/.env b/environments/full-setup/.env index 19db6de01c06a07189681e0154b32d01ed52a36e..6807497239268b89548c60c58072abb408cab028 100644 --- a/environments/full-setup/.env +++ b/environments/full-setup/.env @@ -15,3 +15,4 @@ clouditor_port=9090 clouditor_oauth2_port=8080 clouditor_client_id=clouditor clouditor_client_secret=clouditor +wazuh_check_interval=300 \ No newline at end of file diff --git a/environments/full-setup/Vagrantfile b/environments/full-setup/Vagrantfile index 13653584f2ba8733304c851ace2e2b200b4f86b0..66e0628280c12c5579dfc48993f665fb1fc436d8 100644 --- a/environments/full-setup/Vagrantfile +++ b/environments/full-setup/Vagrantfile @@ -6,7 +6,6 @@ servers=[ :hostname => "manager", :ip => "192.168.33.10", :box => "centos/stream8", - :forward_ports => [{:guest => 55000, :host => 55000}, {:guest => 9200, :host => 9200}], :ram => 2048, :cpu => 2 }, @@ -35,7 +34,6 @@ servers=[ :hostname => "clouditor", :ip => "192.168.33.14", :box => "centos/stream8", - :forward_ports => [{:guest => 9090, :host => 9090}], :ram => 1024, :cpu => 1 } @@ -44,9 +42,6 @@ servers=[ Vagrant.configure(2) do |config| servers.each do |machine| config.vm.define machine[:hostname] do |node| - # node.vm.provision "ansible" do |ansible| - # ansible.playbook = "../../ansible/provision.yml" - # end node.vm.box = machine[:box] node.vm.hostname = machine[:hostname] node.vm.network "private_network", ip: machine[:ip] diff --git a/environments/full-setup/full-setup.mk b/environments/full-setup/full-setup.mk index 0718191e5a935256311590c8eab85cd926d58904..c15fc3420a02313e50afc8a5a34521bee35421f3 100644 --- a/environments/full-setup/full-setup.mk +++ b/environments/full-setup/full-setup.mk @@ -3,6 +3,9 @@ SSH_PRIVATE_KEY = $(HOME)/.vagrant.d/insecure_private_key SSH_USER = vagrant create: + sudo mkdir -p /etc/vbox + sudo touch /etc/vbox/networks.conf + grep -Fxq "* 192.168.33.0/24" /etc/vbox/networks.conf || sudo sh -c 'echo "* 192.168.33.0/24\n" >> /etc/vbox/networks.conf' @$(VAGRANT_RUN) up delete: diff --git a/environments/no-collector/no-collector.mk b/environments/no-collector/no-collector.mk index 244fcdd42c366fc7c7140b7ada8a50620a77096f..64627eed2a91ac3ef7db4357c74a67e54042f7c4 100644 --- a/environments/no-collector/no-collector.mk +++ b/environments/no-collector/no-collector.mk @@ -3,6 +3,9 @@ SSH_PRIVATE_KEY = $(HOME)/.vagrant.d/insecure_private_key SSH_USER = vagrant create: + sudo mkdir -p /etc/vbox + sudo touch /etc/vbox/networks.conf + grep -Fxq "* 192.168.33.0/24" /etc/vbox/networks.conf || sudo sh -c 'echo "* 192.168.33.0/24\n" >> /etc/vbox/networks.conf' @$(VAGRANT_RUN) up delete: