Skip to content
Snippets Groups Projects
Commit ba070252 authored by Matevz Erzen's avatar Matevz Erzen
Browse files

Merge branch 'clouditor-v1.4.0-migration' into 'master'

Clouditor v1.4.0 migration

See merge request medina/security-monitoring!7
parents 833966d9 18ff8ba7
No related branches found
No related tags found
No related merge requests found
......@@ -32,6 +32,8 @@ In addition to Wazuh, ClamAV is also installed on agent machines.
2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup` or `no-collector` (for development purposes, when `evidence-collector` runs on local machine).
> Note: Docker registry credentials used for pulling Evidence Collector are located in `/ansible/docker/credentials/credentials.yml`. They don't need to be changed unless you explicitly want to use other registry.
3. Create and provision VMs:
```
......@@ -52,6 +54,8 @@ $ PORT=8088 npx http-echo-server
### Clouditor
> Note: Clouditor version is defined in `/ansible/provision-clouditor.yml` and can be changed if needed.
Clouditor starts automatically when Clouditor VM is provisioned.
To see Clouditor's output, `ssh` to its machine and examine the log file:
......@@ -177,11 +181,23 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach
### Wazuh troubleshooting
Depending on your machine and network configuration, Wazuh could have problem connecting agents to manager. Check Wazuh's web interface to see if agents work corrrectly.
Depending on your machine and network configuration, Wazuh could have problem connecting agents to manager. Check Wazuh's web interface to see if agents work corrrectly - if interface doesn't work, you probably need to open ports first (see below).
To troubleshoot in more details, check the logs in `/var/ossec/logs/ossec.log` and consult [official troubleshooting manual](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html).
Two of the most common problems (often times in tandem) are [missing open ports](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#testing-communication-with-wazuh-manager) and [invalid agent names](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#invalid-agent-name-for-enrollment) (if agent machine's hostname matches hostname of any already existing Wazuh machine).
If not, check the logs in `/var/ossec/logs/ossec.log` and consult [official troubleshooting manual](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html).
To enable required ports, run the following commands on Wazuh manager machine:
```
$ sudo firewall-cmd --zone=public --add-port=1514/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=1515/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=55000/tcp --permanent
$ sudo firewall-cmd --zone=public --add-port=5601/tcp --permanent
$ sudo firewall-cmd --reload
```
Two of the most common problems are [missing open ports](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#testing-communication-with-wazuh-manager) and [invalid agent names](https://documentation.wazuh.com/current/user-manual/agent-enrollment/troubleshooting.html#invalid-agent-name-for-enrollment) (if agent machine's hostname matches hostname of any already existing Wazuh machine).
After this, you should be able to at least see Wazuh's web interface - available at `https://wazuh_manager_ip:5601` (make sure to include `https` protocol prefix).
### Minimum hardware requirements
......
......@@ -19,16 +19,20 @@
mode: '0555'
- name: Run Golang installer
raw: ./installer_linux && source /home/vagrant/.bash_profile
- name: Create dir
- name: Create clouditor dir
file:
path: /home/vagrant/clouditor
state: directory
- name: Create api key dir
file:
path: /home/vagrant/.clouditor
state: directory
- name: Clone Clouditor repo
git:
repo: https://github.com/clouditor/clouditor.git
dest: /home/vagrant/clouditor
force: yes
version: v1.3.14
version: v1.4.0
- name: Copy Makefile
copy:
src: ./clouditor/Makefile
......
......@@ -5,8 +5,8 @@
- name: Start provision of the Wazuh Agents
import_playbook: provision-agents.yml
- name: Start provision of the Evidence Collector
import_playbook: provision-evidence-collector.yml
- name: Start provision of the Clouditor
import_playbook: provision-clouditor.yml
- name: Start provision of the Evidence Collector
import_playbook: provision-evidence-collector.yml
\ No newline at end of file
......@@ -12,3 +12,6 @@ redis_port=6379
redis_queue=low
clouditor_host=192.168.0.13
clouditor_port=9090
clouditor_oauth2_port=8080
clouditor_client_id=clouditor
clouditor_client_secret=clouditor
......@@ -12,3 +12,6 @@ redis_port=6379
redis_queue=low
clouditor_host=192.168.33.14
clouditor_port=9090
clouditor_oauth2_port=8080
clouditor_client_id=clouditor
clouditor_client_secret=clouditor
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment