diff --git a/Makefile b/Makefile index 64917a5b4f9288174c4ebaf5c77e82cd5002b8f2..4a4b0b44c21e47746f38e1e5fa9af3b926ffd5b9 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,5 @@ -ENVIRONMENT ?= full-setup +#ENVIRONMENT ?= full-setup +ENVIRONMENT ?= only-k8s-collector DEPLOY_DIR = $(PWD) ENV_DIR = $(DEPLOY_DIR)/environments/$(ENVIRONMENT) ANSIBLE_DIR = $(DEPLOY_DIR)/ansible diff --git a/README.md b/README.md index 3af34b0d7456fca1b99edb813f9f3e0a2adf5ff8..30babd112f49bb49cd46f4e3d5545c4d10e4388e 100644 --- a/README.md +++ b/README.md @@ -16,11 +16,16 @@ In addition to Wazuh, ClamAV is also installed on agent machines. ## Requirements - * Vagrant `2.2.19` - * VirtualBox `6.1.32` - * Ansible `>=2.9.6` - * (optional / integrations) `npm` / `npx` in order to run the simple HTTP server for the integrations +Local development: +* Vagrant `2.2.19` +* VirtualBox `6.1.32` +* Ansible `>=2.9.6` +* [optional] `npm` / `npx` in order to run the simple HTTP server for the integrations + +Provisioning existing machines: + +* Ansible `>=2.9.6` --- ## Setting up the demo @@ -33,7 +38,7 @@ In addition to Wazuh, ClamAV is also installed on agent machines. $ make clone-wazuh ``` -2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup` or `no-collector` (for development purposes, when `evidence-collector` runs on local machine). +2. Select your `ENVIRONMENT` in `Makefile`. Set it to `full-setup`, `no-collector` (for development purposes, when `evidence-collector` runs on local machine) or `only-k8s-collector` (will deploy only Evidence collector that will connect to K8s deployed Clouditor). > Note: Docker registry credentials used for pulling Evidence Collector are located in `/ansible/docker/credentials/credentials.yml`. They don't need to be changed unless you explicitly want to use other registry. @@ -184,7 +189,11 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach 192.168.0.13 public_ip=192.168.0.13 ansible_sudo_pass=admin ansible_ssh_pass=admin ansible_ssh_user=root ansible_ssh_private_key_file=~/.ssh/id_rsa ``` -4. Set `evidence-collector` environment variables in `/custom-provision/.env`. See [Evidence collector's documentation](https://git.code.tecnalia.com/medina/wp3/task_3.2/evidence-collector) for more information. +4. Set `evidence-collector` environment variables in `/custom-provision/development.env` or `/custom-provision/production.env` file: + + `development.env` file includes local development and testing pre-configuration while `production.env` already includes settings for Evidence collector to connect to K8s deployed Clouditor. + + See [Evidence collector's documentation](https://git.code.tecnalia.com/medina/wp3/task_3.2/evidence-collector) for more information. If you're installing both Evidence collector as well as Wazuh manager on the same machine (as intended), you have to set only `clouditor_host`, `elastic_host` & `wazuh_host` variables (where `elastic_host` & `wazuh_host` are the same). @@ -202,10 +211,14 @@ Wazuh manager and Evidence collector should be installed on the same, clean mach > Note: this doesn't need to be changed or set for it to work. -7. Provision: +7. Select desired environment config and provision: ``` - $ make -B custom-provision + $ make -B custom-provision PROVISION_ENVIRONMENT=production + ``` + or + ``` + $ make -B custom-provision PROVISION_ENVIRONMENT=development ``` ### Wazuh troubleshooting diff --git a/ansible/provision-clouditor.yml b/ansible/provision-clouditor.yml index cc51dd8e6f1e2fb991620c5f13ddbd98315de4e1..f817fc73b282307fa6250da1e7a5473ed4ec9efe 100644 --- a/ansible/provision-clouditor.yml +++ b/ansible/provision-clouditor.yml @@ -32,7 +32,7 @@ repo: https://github.com/clouditor/clouditor.git dest: /home/vagrant/clouditor force: yes - version: v1.4.0 + version: v1.4.4 - name: Copy Makefile copy: src: ./clouditor/Makefile diff --git a/custom-provision/custom-provision.mk b/custom-provision/custom-provision.mk index b7d4987f690a37b61bc9ab70e0e7401e487bfba0..7016fa596e10081992e996854f7a8d5b0c1c31b7 100644 --- a/custom-provision/custom-provision.mk +++ b/custom-provision/custom-provision.mk @@ -3,4 +3,6 @@ CUSTOM_ARGS = -i $(CUSTOM_PROVISIONING_DIR)/custom-inventory.txt \ -e environment_dir=$(CUSTOM_PROVISIONING_DIR) custom-provision: - @ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(CUSTOM_ARGS) $(ANSIBLE_DIR)/provision.yml \ No newline at end of file + cp $(CUSTOM_PROVISIONING_DIR)/$(PROVISION_ENVIRONMENT).env $(CUSTOM_PROVISIONING_DIR)/.env + @ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(CUSTOM_ARGS) $(ANSIBLE_DIR)/provision.yml + rm $(CUSTOM_PROVISIONING_DIR)/.env \ No newline at end of file diff --git a/custom-provision/.env b/custom-provision/development.env similarity index 85% rename from custom-provision/.env rename to custom-provision/development.env index e316a481bd5e6dfcac4915056e6a1c28f54e20d1..ad85a6f2fbf637025ec12a8f8ffcdf4d66031e9e 100644 --- a/custom-provision/.env +++ b/custom-provision/development.env @@ -1,4 +1,4 @@ -demo_mode=false +dummy_wazuh_manager=false wazuh_host=192.168.0.12 wazuh_port=55000 wazuh_username=wazuh-wui @@ -10,11 +10,13 @@ elastic_password=changeme redis_host=localhost redis_port=6379 redis_queue=low +local_clouditor_deploy=true clouditor_host=192.168.0.13 clouditor_port=9090 clouditor_oauth2_host=192.168.0.13 clouditor_oauth2_port=8080 clouditor_client_id=clouditor clouditor_client_secret=clouditor +clouditor_oauth2_scope= wazuh_check_interval=300 wazuh_rule_level=10 \ No newline at end of file diff --git a/custom-provision/production.env b/custom-provision/production.env new file mode 100644 index 0000000000000000000000000000000000000000..b3b2a2d97a6610c801bd6a532a6401f14780deee --- /dev/null +++ b/custom-provision/production.env @@ -0,0 +1,22 @@ +dummy_wazuh_manager=true +wazuh_host=192.168.0.12 +wazuh_port=55000 +wazuh_username=wazuh-wui +wazuh_password=wazuh-wui +elastic_host=192.168.0.12 +elastic_port=9200 +elastic_username=admin +elastic_password=changeme +redis_host=localhost +redis_port=6379 +redis_queue=low +local_clouditor_deploy=false +clouditor_host=security-assessment-dev.k8s.medina.esilab.org +clouditor_port=443 +clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token +clouditor_oauth2_port=443 +clouditor_client_id=wazuh-vat-evidence-collector-dev +clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf +clouditor_oauth2_scope=openid +wazuh_check_interval=300 +wazuh_rule_level=10 \ No newline at end of file diff --git a/environments/full-setup/.env b/environments/full-setup/.env index e6514581b5b6c1d50e4c033a0aae75d87db46d42..d34b98b43777477855d41680eb6df9b10d82bc6f 100644 --- a/environments/full-setup/.env +++ b/environments/full-setup/.env @@ -1,4 +1,4 @@ -demo_mode=false +dummy_wazuh_manager=false wazuh_host=192.168.33.10 wazuh_port=55000 wazuh_username=wazuh-wui @@ -10,11 +10,13 @@ elastic_password=changeme redis_host=localhost redis_port=6379 redis_queue=low +local_clouditor_deploy=true clouditor_host=192.168.33.14 clouditor_port=9090 clouditor_oauth2_host=192.168.33.14 clouditor_oauth2_port=8080 clouditor_client_id=clouditor clouditor_client_secret=clouditor +clouditor_oauth2_scope= wazuh_check_interval=300 wazuh_rule_level=10 \ No newline at end of file diff --git a/environments/only-k8s-collector/.env b/environments/only-k8s-collector/.env new file mode 100644 index 0000000000000000000000000000000000000000..88daba5a0c698c002ae55c3effb4c78296e6ce3f --- /dev/null +++ b/environments/only-k8s-collector/.env @@ -0,0 +1,22 @@ +dummy_wazuh_manager=true +wazuh_host= +wazuh_port=0 +wazuh_username= +wazuh_password= +elastic_host= +elastic_port=0 +elastic_username= +elastic_password= +redis_host=localhost +redis_port=6379 +redis_queue=low +local_clouditor_deploy=false +clouditor_host=security-assessment-dev.k8s.medina.esilab.org +clouditor_port=443 +clouditor_oauth2_host=catalogue-keycloak-dev.k8s.medina.esilab.org/auth/realms/medina/protocol/openid-connect/token +clouditor_oauth2_port=443 +clouditor_client_id=wazuh-vat-evidence-collector-dev +clouditor_client_secret=68dec932-77fc-4322-8089-d64c3a3317bf +clouditor_oauth2_scope=openid +wazuh_check_interval=300 +wazuh_rule_level=10 \ No newline at end of file diff --git a/environments/only-k8s-collector/Vagrantfile b/environments/only-k8s-collector/Vagrantfile new file mode 100644 index 0000000000000000000000000000000000000000..a25a26c0ad26ce203bf81521861216de22ef6def --- /dev/null +++ b/environments/only-k8s-collector/Vagrantfile @@ -0,0 +1,30 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +servers=[ + { + :hostname => "evidence-collector", + :ip => "192.168.33.13", + :box => "centos/stream8", + :ram => 1024, + :cpu => 2 + } +] + +Vagrant.configure(2) do |config| + servers.each do |machine| + config.vm.define machine[:hostname] do |node| + node.vm.box = machine[:box] + node.vm.hostname = machine[:hostname] + node.vm.network "private_network", ip: machine[:ip] + if machine[:forward_ports] + machine[:forward_ports].each { |port_cfg| + node.vm.network "forwarded_port", guest: port_cfg[:guest], host: port_cfg[:host] + } + end + node.vm.provider "virtualbox" do |vb| + vb.customize ["modifyvm", :id, "--memory", machine[:ram]] + end + end + end +end diff --git a/environments/only-k8s-collector/inventory.txt b/environments/only-k8s-collector/inventory.txt new file mode 100644 index 0000000000000000000000000000000000000000..cd25b2e5a990d17e3cdfd423e8c4f9d0a4a1fce6 --- /dev/null +++ b/environments/only-k8s-collector/inventory.txt @@ -0,0 +1,5 @@ +[evidence_collector] +192.168.33.13 public_ip=192.168.33.13 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/only-k8s-collector/.vagrant/machines/evidence-collector/virtualbox/private_key + +[evidence_collector:vars] +ansible_ssh_common_args='-o StrictHostKeyChecking=no' \ No newline at end of file diff --git a/environments/only-k8s-collector/only-k8s-collector.mk b/environments/only-k8s-collector/only-k8s-collector.mk new file mode 100644 index 0000000000000000000000000000000000000000..5d92fb89991d2f01aad3b6f0037deec3450bdd25 --- /dev/null +++ b/environments/only-k8s-collector/only-k8s-collector.mk @@ -0,0 +1,21 @@ +VAGRANT_RUN = cd $(ENV_DIR) && vagrant +SSH_PRIVATE_KEY = $(HOME)/.vagrant.d/insecure_private_key +SSH_USER = vagrant + +create: + sudo mkdir -p /etc/vbox + sudo touch /etc/vbox/networks.conf + grep -Fxq "* 192.168.33.0/24" /etc/vbox/networks.conf || sudo sh -c 'echo "* 192.168.33.0/24\n" >> /etc/vbox/networks.conf' + @$(VAGRANT_RUN) up + +delete: + @$(VAGRANT_RUN) destroy -f + +ssh-evidence-collector: + @$(VAGRANT_RUN) ssh evidence-collector + +provision-evidence-collector: + @ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-evidence-collector.yml + +logs-evidence-collector: + @$(VAGRANT_RUN) ssh -c "docker logs --tail 100 -f evidence-collector" evidence-collector \ No newline at end of file diff --git a/environments/only-k8s-collector/resource-id-map.json b/environments/only-k8s-collector/resource-id-map.json new file mode 100644 index 0000000000000000000000000000000000000000..7a73a41bfdf76d6f793007240d80983a52f15f97 --- /dev/null +++ b/environments/only-k8s-collector/resource-id-map.json @@ -0,0 +1,2 @@ +{ +} \ No newline at end of file