Skip to content
Snippets Groups Projects
Commit 7d94570f authored by Zitnik, Anze's avatar Zitnik, Anze
Browse files

Merge branch 'evidence-collector-environment-update' into 'master'

Evidence collector environment update

See merge request medina/security-monitoring!13
parents 8e943469 e70f4162
No related branches found
No related tags found
No related merge requests found
ENVIRONMENT ?= full-setup
#ENVIRONMENT ?= full-setup
ENVIRONMENT ?= only-k8s-collector
DEPLOY_DIR = $(PWD)
ENV_DIR = $(DEPLOY_DIR)/environments/$(ENVIRONMENT)
ANSIBLE_DIR = $(DEPLOY_DIR)/ansible
......
......@@ -16,11 +16,16 @@ In addition to Wazuh, ClamAV is also installed on agent machines.
## Requirements
Local development:
* Vagrant `2.2.19`
* VirtualBox `6.1.32`
* Ansible `>=2.9.6`
* (optional / integrations) `npm` / `npx` in order to run the simple HTTP server for the integrations
* [optional] `npm` / `npx` in order to run the simple HTTP server for the integrations
Provisioning existing machines:
* Ansible `>=2.9.6`
---
## Setting up the demo
......@@ -33,7 +38,7 @@ In addition to Wazuh, ClamAV is also installed on agent machines.
$ make clone-wazuh
```
2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup` or `no-collector` (for development purposes, when `evidence-collector` runs on local machine).
2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup`, `no-collector` (for development purposes, when `evidence-collector` runs on local machine) or `only-k8s-collector` (will deploy only Evidence collector that will connect to K8s deployed Clouditor).
> Note: Docker registry credentials used for pulling Evidence Collector are located in `/ansible/docker/credentials/credentials.yml`. They don't need to be changed unless you explicitly want to use other registry.
......@@ -184,7 +189,11 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach
192.168.0.13 public_ip=192.168.0.13 ansible_sudo_pass=admin ansible_ssh_pass=admin ansible_ssh_user=root ansible_ssh_private_key_file=~/.ssh/id_rsa
```
4. Set `evidence-collector` environment variables in `/custom-provision/.env`. See [Evidence collector's documentation](https://git.code.tecnalia.com/medina/wp3/task_3.2/evidence-collector) for more information.
4. Set `evidence-collector` environment variables in `/custom-provision/development.env` or `/custom-provision/production.env` file:
`development.env` file includes local development and testing pre-configuration while `production.env` already includes settings for Evidence collector to connect to K8s deployed Clouditor.
See [Evidence collector's documentation](https://git.code.tecnalia.com/medina/wp3/task_3.2/evidence-collector) for more information.
If you're installing both Evidence collector as well as Wazuh manager on the same machine (as intended), you have to set only `clouditor_host`, `elastic_host` & `wazuh_host` variables (where `elastic_host` & `wazuh_host` are the same).
......@@ -202,10 +211,14 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach
> Note: this doesn't need to be changed or set for it to work.
7. Provision:
7. Select desired environment config and provision:
```
$ make -B custom-provision
$ make -B custom-provision PROVISION_ENVIRONMENT=production
```
or
```
$ make -B custom-provision PROVISION_ENVIRONMENT=development
```
### Wazuh troubleshooting
......
......@@ -32,7 +32,7 @@
repo: https://github.com/clouditor/clouditor.git
dest: /home/vagrant/clouditor
force: yes
version: v1.4.0
version: v1.4.4
- name: Copy Makefile
copy:
src: ./clouditor/Makefile
......
......@@ -3,4 +3,6 @@ CUSTOM_ARGS = -i $(CUSTOM_PROVISIONING_DIR)/custom-inventory.txt \
-e environment_dir=$(CUSTOM_PROVISIONING_DIR)
custom-provision:
cp $(CUSTOM_PROVISIONING_DIR)/$(PROVISION_ENVIRONMENT).env $(CUSTOM_PROVISIONING_DIR)/.env
@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(CUSTOM_ARGS) $(ANSIBLE_DIR)/provision.yml
rm $(CUSTOM_PROVISIONING_DIR)/.env
\ No newline at end of file
demo_mode=false
dummy_wazuh_manager=false
wazuh_host=192.168.0.12
wazuh_port=55000
wazuh_username=wazuh-wui
......@@ -10,11 +10,13 @@ elastic_password=changeme
redis_host=localhost
redis_port=6379
redis_queue=low
local_clouditor_deploy=true
clouditor_host=192.168.0.13
clouditor_port=9090
clouditor_oauth2_host=192.168.0.13
clouditor_oauth2_port=8080
clouditor_client_id=clouditor
clouditor_client_secret=clouditor
clouditor_oauth2_scope=
wazuh_check_interval=300
wazuh_rule_level=10
\ No newline at end of file
dummy_wazuh_manager=true
wazuh_host=192.168.0.12
wazuh_port=55000
wazuh_username=wazuh-wui
wazuh_password=wazuh-wui
elastic_host=192.168.0.12
elastic_port=9200
elastic_username=admin
elastic_password=changeme
redis_host=localhost
redis_port=6379
redis_queue=low
local_clouditor_deploy=false
clouditor_host=security-assessment-dev.k8s.medina.esilab.org
clouditor_port=443
clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token
clouditor_oauth2_port=443
clouditor_client_id=wazuh-vat-evidence-collector-dev
clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf
clouditor_oauth2_scope=openid
wazuh_check_interval=300
wazuh_rule_level=10
\ No newline at end of file
demo_mode=false
dummy_wazuh_manager=false
wazuh_host=192.168.33.10
wazuh_port=55000
wazuh_username=wazuh-wui
......@@ -10,11 +10,13 @@ elastic_password=changeme
redis_host=localhost
redis_port=6379
redis_queue=low
local_clouditor_deploy=true
clouditor_host=192.168.33.14
clouditor_port=9090
clouditor_oauth2_host=192.168.33.14
clouditor_oauth2_port=8080
clouditor_client_id=clouditor
clouditor_client_secret=clouditor
clouditor_oauth2_scope=
wazuh_check_interval=300
wazuh_rule_level=10
\ No newline at end of file
dummy_wazuh_manager=true
wazuh_host=
wazuh_port=0
wazuh_username=
wazuh_password=
elastic_host=
elastic_port=0
elastic_username=
elastic_password=
redis_host=localhost
redis_port=6379
redis_queue=low
local_clouditor_deploy=false
clouditor_host=security-assessment-dev.k8s.medina.esilab.org
clouditor_port=443
clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token
clouditor_oauth2_port=443
clouditor_client_id=wazuh-vat-evidence-collector-dev
clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf
clouditor_oauth2_scope=openid
wazuh_check_interval=300
wazuh_rule_level=10
\ No newline at end of file
# -*- mode: ruby -*-
# vi: set ft=ruby :
servers=[
{
:hostname => "evidence-collector",
:ip => "192.168.33.13",
:box => "centos/stream8",
:ram => 1024,
:cpu => 2
}
]
Vagrant.configure(2) do |config|
servers.each do |machine|
config.vm.define machine[:hostname] do |node|
node.vm.box = machine[:box]
node.vm.hostname = machine[:hostname]
node.vm.network "private_network", ip: machine[:ip]
if machine[:forward_ports]
machine[:forward_ports].each { |port_cfg|
node.vm.network "forwarded_port", guest: port_cfg[:guest], host: port_cfg[:host]
}
end
node.vm.provider "virtualbox" do |vb|
vb.customize ["modifyvm", :id, "--memory", machine[:ram]]
end
end
end
end
[evidence_collector]
192.168.33.13 public_ip=192.168.33.13 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/only-k8s-collector/.vagrant/machines/evidence-collector/virtualbox/private_key
[evidence_collector:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
\ No newline at end of file
VAGRANT_RUN = cd $(ENV_DIR) && vagrant
SSH_PRIVATE_KEY = $(HOME)/.vagrant.d/insecure_private_key
SSH_USER = vagrant
create:
sudo mkdir -p /etc/vbox
sudo touch /etc/vbox/networks.conf
grep -Fxq "* 192.168.33.0/24" /etc/vbox/networks.conf || sudo sh -c 'echo "* 192.168.33.0/24\n" >> /etc/vbox/networks.conf'
@$(VAGRANT_RUN) up
delete:
@$(VAGRANT_RUN) destroy -f
ssh-evidence-collector:
@$(VAGRANT_RUN) ssh evidence-collector
provision-evidence-collector:
@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-evidence-collector.yml
logs-evidence-collector:
@$(VAGRANT_RUN) ssh -c "docker logs --tail 100 -f evidence-collector" evidence-collector
\ No newline at end of file
{
}
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment