Added Evidence Collector machine

README.md

@@ -36,6 +36,16 @@ You should see 2 agents registered and running with Wazuh.
 ```
 $ PORT=8088 npx http-echo-server
 ```
+
+## Using Evidence Collector
+
+To see Evidence Collector's output, `ssh` to it's machine and open Docker logs:
+
+```
+$ make ssh-evidence-collector
+$ docker logs -ft evidence-collector
+```
+
 ## Potential issues
  
 ### Vagrant issue:

security-monitoring-ansible/Makefile

-ENVIRONMENT ?= vagrant-1manager-2agents
+ENVIRONMENT ?= vagrant-full-setup
 DEPLOY_DIR = $(PWD)
 ENV_DIR = $(DEPLOY_DIR)/environments/$(ENVIRONMENT)
 ANSIBLE_DIR = $(DEPLOY_DIR)/ansible
@@ -17,5 +17,8 @@ provision-managers:
 provision-agents:
 	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-agents.yml
 
+provision-evidence-collector:
+	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-evidence-collector.yml
+
 provision:
 	@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision.yml
\ No newline at end of file

security-monitoring-ansible/ansible/docker/credentials/credentials.yml

+---
+docker_registry: 'registry-gitlab.xlab.si'
+docker_username: 'gitlab+deploy-token-53'
+docker_token: '_yRiffnzyub8XmuJ4ugr'
\ No newline at end of file

security-monitoring-ansible/ansible/docker/credentials/vars.yml

+---
+- name: include credentials
+  include_vars: credentials.yml
\ No newline at end of file

security-monitoring-ansible/ansible/provision-evidence-collector.yml

+---
+# Evidence Collector
+  - hosts: evidence_collector
+    become: yes
+    pre_tasks:
+    - import_tasks: "{{ ansible_dir }}/docker/credentials/vars.yml"
+    roles:    
+      - docker
+    tasks:
+      - name: Login to Docker registry
+        shell: "docker login -u {{ docker_username }} -p {{ docker_token }} {{ docker_registry }}"
+      - name: Run Docker container
+        shell: "docker run --name evidence-collector -d {{ docker_registry }}/medina/evidence-collector:latest" 
\ No newline at end of file

security-monitoring-ansible/ansible/provision.yml

@@ -4,3 +4,6 @@
 
 - name: Start provision of the Wazuh Agents
   import_playbook: provision-agents.yml
+
+- name: Start provision of Evidence Collector
+  import_playbook: provision-evidence-collector.yml
\ No newline at end of file

security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile → security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile

@@ -22,6 +22,13 @@ servers=[
     :box => "centos/7",
     :ram => 512,
     :cpu => 1
+  },
+  {
+    :hostname => "evidence-collector",
+    :ip => "192.168.33.13",
+    :box => "centos/7",
+    :ram => 2048,
+    :cpu => 2
   }
 ]
 
@@ -32,14 +39,14 @@ Vagrant.configure(2) do |config|
           #   "You are trying to forward a host IP that does not exist. Please set `host_ip`
           #   to the address of an existing IPv4 network interface, or remove the option
           #   from your port forward configuration."
-          if machine[:hostname] == "manager"
-            node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10"
-            node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10"
-          end
+          #if machine[:hostname] == "manager"
+          #  node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10"
+          #  node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10"
+          #end
           node.vm.box = machine[:box]
           node.vm.hostname = machine[:hostname]
           node.vm.network "private_network", ip: machine[:ip]

security-monitoring-ansible/environments/vagrant-1manager-2agents/inventory.txt → security-monitoring-ansible/environments/vagrant-full-setup/inventory.txt

 [wazuh_managers]
-192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/manager/virtualbox/private_key
+192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/manager/virtualbox/private_key
 
 [wazuh_managers:vars]
 ansible_ssh_common_args='-o StrictHostKeyChecking=no'
 
 [wazuh_agents]
-192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent1/virtualbox/private_key
-192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent2/virtualbox/private_key
+192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent1/virtualbox/private_key
+192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent2/virtualbox/private_key
 
 [wazuh_agents:vars]
 ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+
+[evidence_collector]
+192.168.33.13 public_ip=192.168.33.13 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/evidence-collector/virtualbox/private_key
+
+[evidence_collector:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no'
\ No newline at end of file

security-monitoring-ansible/environments/vagrant-1manager-2agents/vagrant-1manager-2agents.mk → security-monitoring-ansible/environments/vagrant-full-setup/vagrant-full-setup.mk

@@ -16,3 +16,6 @@ ssh-agent1:
 
 ssh-agent2:
 	@$(VAGRANT_RUN) ssh agent2
+
+ssh-evidence-collector:
+	@$(VAGRANT_RUN) ssh evidence-collector
\ No newline at end of file