diff --git a/LICENSE.txt b/LICENSE.txt
new file mode 100644
index 0000000000000000000000000000000000000000..455e2a7c4e7f2aed15fd5b118cd7991cc2d5e72f
--- /dev/null
+++ b/LICENSE.txt
@@ -0,0 +1,4 @@
+Copyright (C) 2021 XLAB d.o.o.
+Use of this software allowed only to MEDINA partners for the purpose of research in the scope of MEDINA project, as specified in the MEDINA Consortium Agreement.
+No commercial use allowed.
+This program is distributed without any warranty.
\ No newline at end of file
diff --git a/Security monitoring FISHY.png b/Security monitoring FISHY.png
deleted file mode 100644
index ad46f970bbf2b11b4eaa67fad5bcfaf61586f696..0000000000000000000000000000000000000000
Binary files a/Security monitoring FISHY.png and /dev/null differ
diff --git a/Security monitoring FISHY.puml b/Security monitoring FISHY.puml
deleted file mode 100644
index 8cd83d8748ca7b00731de8ecf2bf0abc8c686028..0000000000000000000000000000000000000000
--- a/Security monitoring FISHY.puml
+++ /dev/null
@@ -1,28 +0,0 @@
-@startuml
-participant "FISHY agent" as FISHY_agent
-participant "Security monitoring Tool (appliance runtime)" as SecurityMonitoring #99FF99
-
-group Configure FISHY security monitoring via FISHY Agent
- FISHY_agent->SecurityMonitoring: Configure security monitroing
- SecurityMonitoring -> SecurityMonitoring: Configure server (rules)
- SecurityMonitoring -> SecurityMonitoring: Configure agents (register agents, define rules)
- SecurityMonitoring -> FISHY_agent: Security monitoring configured
- note over SecurityMonitoring:The server and agents should be deployed beforehand via FISHY Agent
-end
-
-group Start security monitoring
- FISHY_agent->SecurityMonitoring: Start security monitoring
- SecurityMonitoring -> SecurityMonitoring : Start security monitoring
- FISHY_agent<-SecurityMonitoring: Security monitoring started
-end
-
-group Security monitoring runtime
- FISHY_agent<-SecurityMonitoring: Send monitoring alert
-end
-
-group Stop monitoring
- FISHY_agent ->SecurityMonitoring: Stop security monitoring
- SecurityMonitoring ->FISHY_agent: Security monitoring stopped
-end
-
-@enduml
\ No newline at end of file
diff --git a/Security monitoring PIACERE.puml b/Security monitoring PIACERE.puml
deleted file mode 100644
index 23cf363944bd25b79df4db9e870e53b4cc0ecb2b..0000000000000000000000000000000000000000
--- a/Security monitoring PIACERE.puml
+++ /dev/null
@@ -1,32 +0,0 @@
-@startuml
-participant RuntimeController
-participant RuntimeMonitoring
-participant SecurityMonitoring #99FF99
-participant DOML
-participant Selflearning
-
-group Configure security monitoring
- RuntimeController->SecurityMonitoring: Start security monitoring configuration
- SecurityMonitoring -> DOML: Acquire information about the NFRs to configure security monitoring
- SecurityMonitoring -> SecurityMonitoring: Configure server (rules)
- SecurityMonitoring -> SecurityMonitoring: Configure agents (register agents, define rules)
- SecurityMonitoring -> RuntimeController: Security monitoring configured
- note over SecurityMonitoring,RuntimeController:The server and agents should be deployed beforehand (included in the IaC already? Described within DOML/IaC implicitly?)
-end
-
-group Start security monitoring
- RuntimeController->SecurityMonitoring: Start security monitoring
- SecurityMonitoring -> SecurityMonitoring : Start security monitoring
- RuntimeController<-SecurityMonitoring: Security monitoring started
-end
-
-group Security monitoring runtime
- Selflearning<-SecurityMonitoring: Send notification/alarm
-end
-
-group Stop security monitoring
- RuntimeController ->SecurityMonitoring: Stop security monitoring
- SecurityMonitoring ->RuntimeController: Security monitoring stopped
-end
-
-@enduml
\ No newline at end of file
diff --git a/out/Security monitoring PIACERE/Security monitoring PIACERE.png b/out/Security monitoring PIACERE/Security monitoring PIACERE.png
deleted file mode 100644
index 752145666405ce2e408e6b3af7dcbc71d0052e40..0000000000000000000000000000000000000000
Binary files a/out/Security monitoring PIACERE/Security monitoring PIACERE.png and /dev/null differ
diff --git a/security-monitoring-ansible/ansible/docker/tasks/main.yml b/security-monitoring-ansible/ansible/docker/tasks/main.yml
index 4e0685438aa28b955dcde22a22ded8d7863eff94..42c7d248f955f73f869acaf790d1d2788eab8b43 100644
--- a/security-monitoring-ansible/ansible/docker/tasks/main.yml
+++ b/security-monitoring-ansible/ansible/docker/tasks/main.yml
@@ -4,7 +4,7 @@
name: docker-ce-stable
file: docker
description: Docker CE Stable - $basearch
- baseurl: https://download.docker.com/linux/centos/7/$basearch/stable
+ baseurl: https://download.docker.com/linux/centos/8/$basearch/stable
enabled: yes
gpgcheck: yes
gpgkey: https://download.docker.com/linux/centos/gpg
diff --git a/security-monitoring-ansible/ansible/provision-evidence-collector.yml b/security-monitoring-ansible/ansible/provision-evidence-collector.yml
index 655791cd68771f7eb3c7b1d3a715e6f115d0fb39..66aa61852554d0829274d128091edb169d41340e 100644
--- a/security-monitoring-ansible/ansible/provision-evidence-collector.yml
+++ b/security-monitoring-ansible/ansible/provision-evidence-collector.yml
@@ -4,10 +4,27 @@
become: yes
pre_tasks:
- import_tasks: "{{ ansible_dir }}/docker/credentials/vars.yml"
- roles:
+ roles:
- docker
tasks:
- - name: Login to Docker registry
- shell: "docker login -u {{ docker_username }} -p {{ docker_token }} {{ docker_registry }}"
+ # Required by Ansible Docker module
+ - name: Install python3.6
+ package:
+ name: python36
+ state: present
+ - name: Install docker-py
+ pip:
+ name: docker-py
+ - name: Log in to Docker image registry
+ docker_login:
+ registry: "{{ docker_registry }}"
+ username: "{{ docker_username }}"
+ password: "{{ docker_token }}"
+ reauthorize: yes
- name: Run Docker container
- shell: "docker run --name evidence-collector -d {{ docker_registry }}/medina/evidence-collector:latest"
\ No newline at end of file
+ docker_container:
+ name: evidence-collector
+ image: "{{ docker_registry }}/medina/evidence-collector:latest"
+ state: started
+ pull: yes
+ restart_policy: always
\ No newline at end of file
diff --git a/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile b/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile
index e2ecdd6e0393258239193e9ca400ec1eaff38a69..73ff79b11f0a95e3f19c05f12f3ebfc5342ed15b 100644
--- a/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile
+++ b/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile
@@ -5,28 +5,28 @@ servers=[
{
:hostname => "manager",
:ip => "192.168.33.10",
- :box => "centos/7",
+ :box => "centos/8",
:ram => 4096,
:cpu => 2
},
{
:hostname => "agent1",
:ip => "192.168.33.11",
- :box => "centos/7",
+ :box => "centos/8",
:ram => 512,
:cpu => 1
},
{
:hostname => "agent2",
:ip => "192.168.33.12",
- :box => "centos/7",
+ :box => "centos/8",
:ram => 512,
:cpu => 1
},
{
:hostname => "evidence-collector",
:ip => "192.168.33.13",
- :box => "centos/7",
+ :box => "centos/8",
:ram => 2048,
:cpu => 2
}
diff --git a/security-monitoring-architecture.puml b/security-monitoring-architecture.puml
deleted file mode 100644
index c400e8a907f0316650f0f363c84f710a3f5c980a..0000000000000000000000000000000000000000
--- a/security-monitoring-architecture.puml
+++ /dev/null
@@ -1,31 +0,0 @@
-@startuml
-skinparam nodesep 5
-
-package "Wazuh Server" {
- [Kibana server]
- [Kibana server] --> [ElasticSearch]: KQL
- [Wazuh cluster] --> [ElasticSearch]: Filebeat
-}
-interface "Log collector" as LC
-interface "File integrity monitoring" as FIM
-interface "Command execution" as CE
-interface "Security configuration assessment" as SCA
-interface "Malware detection" as MD
-interface "System inventory" as SI
-interface "Cloud security monitoring" as SCM
-interface "Container security monitoring" as CSM
-
-LC -down- [Wazuh agent]
-CE -down- [Wazuh agent]
-FIM -down- [Wazuh agent]
-SCA -down- [Wazuh agent]
-
-MD -down- [Wazuh agent]
-SI -down- [Wazuh agent]
-SCM -down- [Wazuh agent]
-CSM -down- [Wazuh agent]
-
-
-[Wazuh agent] --> [Wazuh cluster]: TCP or UDP (encrypted)
-
-@enduml
\ No newline at end of file