Merge branch 'clouditor-v1.4.0-migration' into 'master'

Clouditor v1.4.0 migration See merge request medina/security-monitoring!7

Merge branch 'clouditor-v1.4.0-migration' into 'master'
ba070252 · Matevz Erzen · 833966d9 · 18ff8ba7 · ba070252 · ba070252
Commit ba070252 authored 3 years ago by Matevz Erzen
--- a/README.md
+++ b/README.md
@@ -32,6 +32,8 @@ In addition to Wazuh, ClamAV is also installed on agent machines.

 2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup` or `no-collector` (for development purposes, when `evidence-collector` runs on local machine).

+> Note: Docker registry credentials used for pulling Evidence Collector are located in `/ansible/docker/credentials/credentials.yml`. They don't need to be changed unless you explicitly want to use other registry.
+
 3. Create and provision VMs:

    ```
@@ -52,6 +54,8 @@ $ PORT=8088 npx http-echo-server

 ### Clouditor

+> Note: Clouditor version is defined in `/ansible/provision-clouditor.yml` and can be changed if needed.
+
 Clouditor starts automatically when Clouditor VM is provisioned.

 To see Clouditor's output, `ssh` to its machine and examine the log file:  
@@ -177,11 +181,23 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach

 ### Wazuh troubleshooting

-Depending on your machine and network configuration, Wazuh could have problem connecting agents to manager. Check Wazuh's web interface to see if agents work corrrectly. 
+Depending on your machine and network configuration, Wazuh could have problem connecting agents to manager. Check Wazuh's web interface to see if agents work corrrectly - if interface doesn't work, you probably need to open ports first (see below).
+
+To troubleshoot in more details, check the logs in `/var/ossec/logs/ossec.log` and consult [official troubleshooting manual](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html). 
+
+Two of the most common problems (often times in tandem) are [missing open ports](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#testing-communication-with-wazuh-manager) and [invalid agent names](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#invalid-agent-name-for-enrollment) (if agent machine's hostname matches hostname of any already existing Wazuh machine).

-If not, check the logs in `/var/ossec/logs/ossec.log` and consult [official troubleshooting manual](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html). 
+To enable required ports, run the following commands on Wazuh manager machine:
+
+```
+$ sudo firewall-cmd --zone=public --add-port=1514/tcp --permanent
+$ sudo firewall-cmd --zone=public --add-port=1515/tcp --permanent
+$ sudo firewall-cmd --zone=public --add-port=55000/tcp --permanent
+$ sudo firewall-cmd --zone=public --add-port=5601/tcp --permanent
+$ sudo firewall-cmd --reload
+```

-Two of the most common problems are [missing open ports](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#testing-communication-with-wazuh-manager) and [invalid agent names](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#invalid-agent-name-for-enrollment) (if agent machine's hostname matches hostname of any already existing Wazuh machine).
+After this, you should be able to at least see Wazuh's web interface - available at `https://wazuh_manager_ip:5601` (make sure to include `https` protocol prefix).

 ### Minimum hardware requirements


--- a/ansible/provision-clouditor.yml
+++ b/ansible/provision-clouditor.yml
@@ -19,16 +19,20 @@
          mode: '0555'
      - name: Run Golang installer
        raw: ./installer_linux && source /home/vagrant/.bash_profile
-      - name: Create dir
+      - name: Create clouditor dir
        file:
          path: /home/vagrant/clouditor
          state: directory
+      - name: Create api key dir
+        file:
+          path: /home/vagrant/.clouditor
+          state: directory
      - name: Clone Clouditor repo
        git:
          repo: https://github.com/clouditor/clouditor.git
          dest: /home/vagrant/clouditor
          force: yes
-          version: v1.3.14
+          version: v1.4.0
      - name: Copy Makefile
        copy:
          src: ./clouditor/Makefile

--- a/ansible/provision.yml
+++ b/ansible/provision.yml
@@ -5,8 +5,8 @@
 - name: Start provision of the Wazuh Agents
  import_playbook: provision-agents.yml

- name: Start provision of the Evidence Collector
-  import_playbook: provision-evidence-collector.yml
-
 - name: Start provision of the Clouditor
  import_playbook: provision-clouditor.yml
+
+- name: Start provision of the Evidence Collector
+  import_playbook: provision-evidence-collector.yml
\ No newline at end of file
--- a/custom-provision/.env
+++ b/custom-provision/.env
@@ -12,3 +12,6 @@ redis_port=6379
 redis_queue=low
 clouditor_host=192.168.0.13
 clouditor_port=9090
+clouditor_oauth2_port=8080
+clouditor_client_id=clouditor
+clouditor_client_secret=clouditor
--- a/environments/full-setup/.env
+++ b/environments/full-setup/.env
@@ -12,3 +12,6 @@ redis_port=6379
 redis_queue=low
 clouditor_host=192.168.33.14
 clouditor_port=9090
+clouditor_oauth2_port=8080
+clouditor_client_id=clouditor
+clouditor_client_secret=clouditor