Skip to content
Snippets Groups Projects
Commit 4977d68f authored by Matevz Erzen's avatar Matevz Erzen Committed by Zitnik, Anze
Browse files

Threats count

parent 08c1873e
No related branches found
No related tags found
No related merge requests found
......@@ -16,14 +16,17 @@ In addition to Wazuh, ClamAV is also installed on agent machines.
## Requirements
* Vagrant 2.2.14
* Ansible 2.9.16
* Vagrant `2.2.19`
* VirtualBox `6.1.32`
* Ansible `>=2.9.6`
* (optional / integrations) `npm` / `npx` in order to run the simple HTTP server for the integrations
---
## Setting up the demo
> Important: make sure you have installed the right versions of Vagrant and VirtualBox!
1. Checkout Wazuh's tag `v4.1.5` into the current directory:
```
......@@ -48,6 +51,8 @@ In addition to Wazuh, ClamAV is also installed on agent machines.
$ make create provision
```
> Note: `create` command also adds `/etc/vbox/networks.conf` config required by Vagrant/VirtualBox.
---
## Using demo components
......@@ -69,14 +74,15 @@ Clouditor starts automatically when Clouditor VM is provisioned.
To see Clouditor's output, `ssh` to its machine and examine the log file:
```
$ make ssh-clouditor
$ tail /var/log/clouditor.log
$ make logs-clouditor
```
To manually (re)start Clouditor (normally not needed), you can use the following command on the Clouditor VM (inside `/home/vagrant/clouditor`):
```
$ make run
$ make ssh-clouditor # on host machine
$ make run # on VM
```
### Evidence Collector
......@@ -84,8 +90,7 @@ $ make run
To see Evidence Collector's output, `ssh` to its machine and open Docker logs:
```
$ make ssh-evidence-collector
$ docker logs -ft evidence-collector
$ make logs-evidence-collector
```
### Wazuh
......
......@@ -4,3 +4,4 @@ custom_integration_alert_level: 10
custom_integration_alert_format: 'json'
elasticsearch_host_ip: '192.168.33.10'
wazuh_manager_ip: '192.168.33.10'
wazuh_check_interval: 300
\ No newline at end of file
......@@ -13,9 +13,7 @@
- role: custom-integration
vars:
single_node: true
## Set-up integrations
wazuh_manager_integrations:
# custom-integration
- name: custom-integration
hook_url: "{{ custom_integration_hook }}"
alert_level: "{{ custom_integration_alert_level }}"
......@@ -27,6 +25,35 @@
elasticsearch_network_host: "0.0.0.0"
filebeat_node_name: node-1
filebeat_output_elasticsearch_hosts: "{{ elasticsearch_host_ip }}"
wazuh_manager_vulnerability_detector:
enabled: 'yes'
interval: "{{ wazuh_check_interval }}"
ignore_time: "{{ wazuh_check_interval }}"
run_on_start: 'yes'
providers:
- enabled: 'yes'
os:
- 'trusty'
- 'xenial'
- 'bionic'
update_interval: "{{ wazuh_check_interval }}"
name: '"canonical"'
- enabled: 'yes'
os:
- 'wheezy'
- 'stretch'
- 'jessie'
- 'buster'
update_interval: "{{ wazuh_check_interval }}"
name: '"debian"'
- enabled: 'yes'
update_from_year: '2010'
update_interval: "{{ wazuh_check_interval }}"
name: '"redhat"'
- enabled: 'yes'
update_from_year: '2010'
update_interval: "{{ wazuh_check_interval }}"
name: '"nvd"'
instances:
node1:
name: node-1 # Important: must be equal to elasticsearch_node_name.
......@@ -52,3 +79,4 @@
- {port: "1515", proto: "tcp", state: "enabled", zone: "public"}
- {port: "55000", proto: "tcp", state: "enabled", zone: "public"}
- {port: "5601", proto: "tcp", state: "enabled", zone: "public"}
- {port: "9200", proto: "tcp", state: "enabled", zone: "public"}
\ No newline at end of file
......@@ -15,3 +15,4 @@ clouditor_port=9090
clouditor_oauth2_port=8080
clouditor_client_id=clouditor
clouditor_client_secret=clouditor
wazuh_check_interval=300
\ No newline at end of file
......@@ -15,3 +15,4 @@ clouditor_port=9090
clouditor_oauth2_port=8080
clouditor_client_id=clouditor
clouditor_client_secret=clouditor
wazuh_check_interval=300
\ No newline at end of file
......@@ -6,7 +6,6 @@ servers=[
:hostname => "manager",
:ip => "192.168.33.10",
:box => "centos/stream8",
:forward_ports => [{:guest => 55000, :host => 55000}, {:guest => 9200, :host => 9200}],
:ram => 2048,
:cpu => 2
},
......@@ -35,7 +34,6 @@ servers=[
:hostname => "clouditor",
:ip => "192.168.33.14",
:box => "centos/stream8",
:forward_ports => [{:guest => 9090, :host => 9090}],
:ram => 1024,
:cpu => 1
}
......@@ -44,9 +42,6 @@ servers=[
Vagrant.configure(2) do |config|
servers.each do |machine|
config.vm.define machine[:hostname] do |node|
# node.vm.provision "ansible" do |ansible|
# ansible.playbook = "../../ansible/provision.yml"
# end
node.vm.box = machine[:box]
node.vm.hostname = machine[:hostname]
node.vm.network "private_network", ip: machine[:ip]
......
......@@ -3,6 +3,9 @@ SSH_PRIVATE_KEY = $(HOME)/.vagrant.d/insecure_private_key
SSH_USER = vagrant
create:
sudo mkdir -p /etc/vbox
sudo touch /etc/vbox/networks.conf
grep -Fxq "* 192.168.33.0/24" /etc/vbox/networks.conf || sudo sh -c 'echo "* 192.168.33.0/24\n" >> /etc/vbox/networks.conf'
@$(VAGRANT_RUN) up
delete:
......
......@@ -3,6 +3,9 @@ SSH_PRIVATE_KEY = $(HOME)/.vagrant.d/insecure_private_key
SSH_USER = vagrant
create:
sudo mkdir -p /etc/vbox
sudo touch /etc/vbox/networks.conf
grep -Fxq "* 192.168.33.0/24" /etc/vbox/networks.conf || sudo sh -c 'echo "* 192.168.33.0/24\n" >> /etc/vbox/networks.conf'
@$(VAGRANT_RUN) up
delete:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment