Merge branch 'evidence-collector-environment-update' into 'master'

Evidence collector environment update See merge request medina/security-monitoring!13

Merge branch 'evidence-collector-environment-update' into 'master'
7d94570f · Zitnik, Anze · 8e943469 · e70f4162 · 7d94570f · 7d94570f
Commit 7d94570f authored 3 years ago by Zitnik, Anze
--- a/Makefile
+++ b/Makefile
-ENVIRONMENT ?= full-setup
+#ENVIRONMENT ?= full-setup
+ENVIRONMENT ?= only-k8s-collector
 DEPLOY_DIR = $(PWD)
 ENV_DIR = $(DEPLOY_DIR)/environments/$(ENVIRONMENT)
 ANSIBLE_DIR = $(DEPLOY_DIR)/ansible

--- a/README.md
+++ b/README.md
@@ -16,11 +16,16 @@ In addition to Wazuh, ClamAV is also installed on agent machines.

 ## Requirements

+Local development:
+
 * Vagrant `2.2.19`
 * VirtualBox `6.1.32`
 * Ansible `>=2.9.6`
- * (optional / integrations) `npm` / `npx` in order to run the simple HTTP server for the integrations
+* [optional] `npm` / `npx` in order to run the simple HTTP server for the integrations
+
+Provisioning existing machines:

+* Ansible `>=2.9.6`
 ---

 ## Setting up the demo
@@ -33,7 +38,7 @@ In addition to Wazuh, ClamAV is also installed on agent machines.
    $ make clone-wazuh
    ```

-2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup` or `no-collector` (for development purposes, when `evidence-collector` runs on local machine).
+2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup`, `no-collector` (for development purposes, when `evidence-collector` runs on local machine) or `only-k8s-collector` (will deploy only Evidence collector that will connect to K8s deployed Clouditor).

    > Note: Docker registry credentials used for pulling Evidence Collector are located in `/ansible/docker/credentials/credentials.yml`. They don't need to be changed unless you explicitly want to use other registry.

@@ -184,7 +189,11 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach
    192.168.0.13 public_ip=192.168.0.13 ansible_sudo_pass=admin ansible_ssh_pass=admin ansible_ssh_user=root ansible_ssh_private_key_file=~/.ssh/id_rsa
    ```

-4. Set `evidence-collector` environment variables in `/custom-provision/.env`. See [Evidence collector's documentation](https://git.code.tecnalia.com/medina/wp3/task_3.2/evidence-collector) for more information.
+4. Set `evidence-collector` environment variables in `/custom-provision/development.env` or `/custom-provision/production.env` file:
+
+    `development.env` file includes local development and testing pre-configuration while `production.env` already includes settings for Evidence collector to connect to K8s deployed Clouditor.
+
+    See [Evidence collector's documentation](https://git.code.tecnalia.com/medina/wp3/task_3.2/evidence-collector) for more information.

    If you're installing both Evidence collector as well as Wazuh manager on the same machine (as intended), you have to set only `clouditor_host`, `elastic_host` & `wazuh_host` variables (where `elastic_host` & `wazuh_host` are the same).

@@ -202,10 +211,14 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach

    > Note: this doesn't need to be changed or set for it to work.

-7. Provision:
+7. Select desired environment config and provision:

    ```
-    $ make -B custom-provision
+    $ make -B custom-provision PROVISION_ENVIRONMENT=production
+    ```
+    or
+    ```
+    $ make -B custom-provision PROVISION_ENVIRONMENT=development
    ```

 ### Wazuh troubleshooting

--- a/ansible/provision-clouditor.yml
+++ b/ansible/provision-clouditor.yml
@@ -32,7 +32,7 @@
          repo: https://github.com/clouditor/clouditor.git
          dest: /home/vagrant/clouditor
          force: yes
-          version: v1.4.0
+          version: v1.4.4
      - name: Copy Makefile
        copy:
          src: ./clouditor/Makefile

--- a/custom-provision/custom-provision.mk
+++ b/custom-provision/custom-provision.mk
@@ -3,4 +3,6 @@ CUSTOM_ARGS = -i $(CUSTOM_PROVISIONING_DIR)/custom-inventory.txt \
 					-e environment_dir=$(CUSTOM_PROVISIONING_DIR)

 custom-provision:
+	cp $(CUSTOM_PROVISIONING_DIR)/$(PROVISION_ENVIRONMENT).env $(CUSTOM_PROVISIONING_DIR)/.env 
 	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(CUSTOM_ARGS) $(ANSIBLE_DIR)/provision.yml
+	rm $(CUSTOM_PROVISIONING_DIR)/.env 
\ No newline at end of file
--- a/custom-provision/.env
+++ b/custom-provision/.env
-demo_mode=false
+dummy_wazuh_manager=false
 wazuh_host=192.168.0.12
 wazuh_port=55000
 wazuh_username=wazuh-wui
@@ -10,11 +10,13 @@ elastic_password=changeme
 redis_host=localhost
 redis_port=6379
 redis_queue=low
+local_clouditor_deploy=true
 clouditor_host=192.168.0.13
 clouditor_port=9090
 clouditor_oauth2_host=192.168.0.13
 clouditor_oauth2_port=8080
 clouditor_client_id=clouditor
 clouditor_client_secret=clouditor
+clouditor_oauth2_scope=
 wazuh_check_interval=300
 wazuh_rule_level=10
\ No newline at end of file
--- a/custom-provision/production.env
+++ b/custom-provision/production.env
+dummy_wazuh_manager=true
+wazuh_host=192.168.0.12
+wazuh_port=55000
+wazuh_username=wazuh-wui
+wazuh_password=wazuh-wui
+elastic_host=192.168.0.12
+elastic_port=9200
+elastic_username=admin
+elastic_password=changeme
+redis_host=localhost
+redis_port=6379
+redis_queue=low
+local_clouditor_deploy=false
+clouditor_host=security-assessment-dev.k8s.medina.esilab.org
+clouditor_port=443
+clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token
+clouditor_oauth2_port=443
+clouditor_client_id=wazuh-vat-evidence-collector-dev
+clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf
+clouditor_oauth2_scope=openid
+wazuh_check_interval=300
+wazuh_rule_level=10
\ No newline at end of file
--- a/environments/full-setup/.env
+++ b/environments/full-setup/.env
-demo_mode=false
+dummy_wazuh_manager=false
 wazuh_host=192.168.33.10
 wazuh_port=55000
 wazuh_username=wazuh-wui
@@ -10,11 +10,13 @@ elastic_password=changeme
 redis_host=localhost
 redis_port=6379
 redis_queue=low
+local_clouditor_deploy=true
 clouditor_host=192.168.33.14
 clouditor_port=9090
 clouditor_oauth2_host=192.168.33.14
 clouditor_oauth2_port=8080
 clouditor_client_id=clouditor
 clouditor_client_secret=clouditor
+clouditor_oauth2_scope=
 wazuh_check_interval=300
 wazuh_rule_level=10
\ No newline at end of file
--- a/environments/only-k8s-collector/.env
+++ b/environments/only-k8s-collector/.env
+dummy_wazuh_manager=true
+wazuh_host=
+wazuh_port=0
+wazuh_username=
+wazuh_password=
+elastic_host=
+elastic_port=0
+elastic_username=
+elastic_password=
+redis_host=localhost
+redis_port=6379
+redis_queue=low
+local_clouditor_deploy=false
+clouditor_host=security-assessment-dev.k8s.medina.esilab.org
+clouditor_port=443
+clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token
+clouditor_oauth2_port=443
+clouditor_client_id=wazuh-vat-evidence-collector-dev
+clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf
+clouditor_oauth2_scope=openid
+wazuh_check_interval=300
+wazuh_rule_level=10
\ No newline at end of file
--- a/environments/only-k8s-collector/Vagrantfile
+++ b/environments/only-k8s-collector/Vagrantfile
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+servers=[
+  {
+    :hostname => "evidence-collector",
+    :ip => "192.168.33.13",
+    :box => "centos/stream8",
+    :ram => 1024,
+    :cpu => 2
+  }
+]
+
+Vagrant.configure(2) do |config|
+  servers.each do |machine|
+      config.vm.define machine[:hostname] do |node|
+          node.vm.box = machine[:box]
+          node.vm.hostname = machine[:hostname]
+          node.vm.network "private_network", ip: machine[:ip]
+          if machine[:forward_ports]
+            machine[:forward_ports].each { |port_cfg|
+              node.vm.network "forwarded_port", guest: port_cfg[:guest], host: port_cfg[:host]
+            }
+          end
+          node.vm.provider "virtualbox" do |vb|
+            vb.customize ["modifyvm", :id, "--memory", machine[:ram]]
+          end
+      end
+  end
+end
--- a/environments/only-k8s-collector/inventory.txt
+++ b/environments/only-k8s-collector/inventory.txt
+[evidence_collector]
+192.168.33.13 public_ip=192.168.33.13 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/only-k8s-collector/.vagrant/machines/evidence-collector/virtualbox/private_key
+
+[evidence_collector:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no'
\ No newline at end of file
--- a/environments/only-k8s-collector/only-k8s-collector.mk
+++ b/environments/only-k8s-collector/only-k8s-collector.mk
+VAGRANT_RUN = cd $(ENV_DIR) && vagrant
+SSH_PRIVATE_KEY = $(HOME)/.vagrant.d/insecure_private_key
+SSH_USER = vagrant
+
+create:
+	sudo mkdir -p /etc/vbox
+	sudo touch /etc/vbox/networks.conf
+	grep -Fxq "* 192.168.33.0/24" /etc/vbox/networks.conf || sudo sh -c 'echo "* 192.168.33.0/24\n" >> /etc/vbox/networks.conf' 
+	@$(VAGRANT_RUN) up
+
+delete:
+	@$(VAGRANT_RUN) destroy -f
+
+ssh-evidence-collector:
+	@$(VAGRANT_RUN) ssh evidence-collector
+
+provision-evidence-collector:
+	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-evidence-collector.yml
+
+logs-evidence-collector:
+	@$(VAGRANT_RUN) ssh -c "docker logs --tail 100 -f evidence-collector" evidence-collector
\ No newline at end of file
--- a/environments/only-k8s-collector/resource-id-map.json
+++ b/environments/only-k8s-collector/resource-id-map.json
+{
+}
\ No newline at end of file