Removed unneeded files, changed collector playbook

LICENSE.txt

+Copyright (C) 2021 XLAB d.o.o.
+Use of this software allowed only to MEDINA partners for the purpose of research in the scope of MEDINA project, as specified in the MEDINA Consortium Agreement.
+No commercial use allowed.
+This program is distributed without any warranty.
\ No newline at end of file

Security monitoring FISHY.puml

-@startuml
-participant "FISHY agent" as FISHY_agent
-participant "Security monitoring Tool (appliance runtime)" as SecurityMonitoring #99FF99 
-
-group Configure FISHY security monitoring via FISHY Agent
-    FISHY_agent->SecurityMonitoring: Configure security monitroing
-    SecurityMonitoring -> SecurityMonitoring: Configure server (rules)
-    SecurityMonitoring -> SecurityMonitoring: Configure agents (register agents, define rules)
-    SecurityMonitoring -> FISHY_agent: Security monitoring configured 
-    note over SecurityMonitoring:The server and agents should be deployed beforehand via FISHY Agent
-end
-
-group Start security monitoring
-    FISHY_agent->SecurityMonitoring: Start security monitoring 
-    SecurityMonitoring -> SecurityMonitoring : Start security monitoring
-    FISHY_agent<-SecurityMonitoring: Security monitoring started
-end
-
-group Security monitoring runtime
-    FISHY_agent<-SecurityMonitoring: Send monitoring alert
-end
-
-group Stop monitoring
-    FISHY_agent ->SecurityMonitoring: Stop security monitoring
-    SecurityMonitoring ->FISHY_agent: Security monitoring stopped
-end
-
-@enduml
\ No newline at end of file

Security monitoring PIACERE.puml

-@startuml
-participant RuntimeController
-participant RuntimeMonitoring
-participant SecurityMonitoring #99FF99
-participant DOML
-participant Selflearning
-
-group Configure security monitoring
-    RuntimeController->SecurityMonitoring: Start security monitoring configuration
-    SecurityMonitoring -> DOML: Acquire information about the NFRs to configure security monitoring
-    SecurityMonitoring -> SecurityMonitoring: Configure server (rules)
-    SecurityMonitoring -> SecurityMonitoring: Configure agents (register agents, define rules)
-    SecurityMonitoring -> RuntimeController: Security monitoring configured
-    note over SecurityMonitoring,RuntimeController:The server and agents should be deployed beforehand (included in the IaC already? Described within DOML/IaC implicitly?)
-end
-
-group Start security monitoring
-    RuntimeController->SecurityMonitoring: Start security monitoring 
-    SecurityMonitoring -> SecurityMonitoring : Start security monitoring
-    RuntimeController<-SecurityMonitoring: Security monitoring started
-end
-
-group Security monitoring runtime
-    Selflearning<-SecurityMonitoring: Send notification/alarm
-end
-
-group Stop security monitoring
-    RuntimeController ->SecurityMonitoring: Stop security monitoring
-    SecurityMonitoring ->RuntimeController: Security monitoring stopped
-end
-
-@enduml
\ No newline at end of file

security-monitoring-ansible/ansible/docker/tasks/main.yml

@@ -4,7 +4,7 @@
     name: docker-ce-stable
     file: docker
     description: Docker CE Stable - $basearch
-    baseurl: https://download.docker.com/linux/centos/7/$basearch/stable
+    baseurl: https://download.docker.com/linux/centos/8/$basearch/stable
     enabled: yes
     gpgcheck: yes
     gpgkey: https://download.docker.com/linux/centos/gpg

security-monitoring-ansible/ansible/provision-evidence-collector.yml

@@ -7,7 +7,24 @@
     roles:   
       - docker
     tasks:
-      - name: Login to Docker registry
-        shell: "docker login -u {{ docker_username }} -p {{ docker_token }} {{ docker_registry }}"
+      # Required by Ansible Docker module
+      - name: Install python3.6
+        package:
+          name: python36
+          state: present
+      - name: Install docker-py
+        pip:
+          name: docker-py
+      - name: Log in to Docker image registry
+        docker_login:
+          registry: "{{ docker_registry }}"
+          username: "{{ docker_username }}"
+          password: "{{ docker_token }}"
+          reauthorize: yes
       - name: Run Docker container
-        shell: "docker run --name evidence-collector -d {{ docker_registry }}/medina/evidence-collector:latest" 
\ No newline at end of file
+        docker_container:
+          name: evidence-collector
+          image: "{{ docker_registry }}/medina/evidence-collector:latest"
+          state: started
+          pull: yes
+          restart_policy: always
\ No newline at end of file

security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile

@@ -5,28 +5,28 @@ servers=[
   {
     :hostname => "manager",
     :ip => "192.168.33.10",
-    :box => "centos/7",
+    :box => "centos/8",
     :ram => 4096,
     :cpu => 2
   },  
   {
     :hostname => "agent1",
     :ip => "192.168.33.11",
-    :box => "centos/7",
+    :box => "centos/8",
     :ram => 512,
     :cpu => 1
   },
   {
     :hostname => "agent2",
     :ip => "192.168.33.12",
-    :box => "centos/7",
+    :box => "centos/8",
     :ram => 512,
     :cpu => 1
   },
   {
     :hostname => "evidence-collector",
     :ip => "192.168.33.13",
-    :box => "centos/7",
+    :box => "centos/8",
     :ram => 2048,
     :cpu => 2
   }

security-monitoring-architecture.puml

-@startuml
-skinparam nodesep 5
-
-package "Wazuh Server" {
-  [Kibana server]
-  [Kibana server] --> [ElasticSearch]: KQL
-  [Wazuh cluster] --> [ElasticSearch]: Filebeat  
-}
-interface "Log collector" as LC
-interface "File integrity monitoring" as FIM
-interface "Command execution" as CE
-interface "Security configuration assessment" as SCA
-interface "Malware detection" as MD
-interface "System inventory" as SI
-interface "Cloud security monitoring" as SCM
-interface "Container security monitoring" as CSM
-
-LC -down- [Wazuh agent]
-CE -down- [Wazuh agent]
-FIM -down- [Wazuh agent]
-SCA -down- [Wazuh agent]
-
-MD -down- [Wazuh agent]
-SI -down- [Wazuh agent]
-SCM -down- [Wazuh agent]
-CSM -down- [Wazuh agent]
-
-
-[Wazuh agent] --> [Wazuh cluster]: TCP or UDP (encrypted)
-
-@enduml
\ No newline at end of file