Skip to content
Snippets Groups Projects
Commit e8ae5549 authored by Matevz Erzen's avatar Matevz Erzen
Browse files

Added Evidence Collector machine

parent 8cdf5216
No related branches found
No related tags found
No related merge requests found
......@@ -36,6 +36,16 @@ You should see 2 agents registered and running with Wazuh.
```
$ PORT=8088 npx http-echo-server
```
## Using Evidence Collector
To see Evidence Collector's output, `ssh` to it's machine and open Docker logs:
```
$ make ssh-evidence-collector
$ docker logs -ft evidence-collector
```
## Potential issues
### Vagrant issue:
......
ENVIRONMENT ?= vagrant-1manager-2agents
ENVIRONMENT ?= vagrant-full-setup
DEPLOY_DIR = $(PWD)
ENV_DIR = $(DEPLOY_DIR)/environments/$(ENVIRONMENT)
ANSIBLE_DIR = $(DEPLOY_DIR)/ansible
......@@ -17,5 +17,8 @@ provision-managers:
provision-agents:
@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-agents.yml
provision-evidence-collector:
@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-evidence-collector.yml
provision:
@ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision.yml
\ No newline at end of file
---
docker_registry: 'registry-gitlab.xlab.si'
docker_username: 'gitlab+deploy-token-53'
docker_token: '_yRiffnzyub8XmuJ4ugr'
\ No newline at end of file
---
- name: include credentials
include_vars: credentials.yml
\ No newline at end of file
---
# Evidence Collector
- hosts: evidence_collector
become: yes
pre_tasks:
- import_tasks: "{{ ansible_dir }}/docker/credentials/vars.yml"
roles:
- docker
tasks:
- name: Login to Docker registry
shell: "docker login -u {{ docker_username }} -p {{ docker_token }} {{ docker_registry }}"
- name: Run Docker container
shell: "docker run --name evidence-collector -d {{ docker_registry }}/medina/evidence-collector:latest"
\ No newline at end of file
......@@ -4,3 +4,6 @@
- name: Start provision of the Wazuh Agents
import_playbook: provision-agents.yml
- name: Start provision of Evidence Collector
import_playbook: provision-evidence-collector.yml
\ No newline at end of file
......@@ -22,6 +22,13 @@ servers=[
:box => "centos/7",
:ram => 512,
:cpu => 1
},
{
:hostname => "evidence-collector",
:ip => "192.168.33.13",
:box => "centos/7",
:ram => 2048,
:cpu => 2
}
]
......@@ -32,14 +39,14 @@ Vagrant.configure(2) do |config|
# "You are trying to forward a host IP that does not exist. Please set `host_ip`
# to the address of an existing IPv4 network interface, or remove the option
# from your port forward configuration."
if machine[:hostname] == "manager"
node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10"
node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10"
node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10"
node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10"
node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10"
node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10"
end
#if machine[:hostname] == "manager"
# node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10"
# node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10"
# node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10"
# node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10"
# node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10"
# node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10"
#end
node.vm.box = machine[:box]
node.vm.hostname = machine[:hostname]
node.vm.network "private_network", ip: machine[:ip]
......
[wazuh_managers]
192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/manager/virtualbox/private_key
192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/manager/virtualbox/private_key
[wazuh_managers:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[wazuh_agents]
192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent1/virtualbox/private_key
192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent2/virtualbox/private_key
192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent1/virtualbox/private_key
192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent2/virtualbox/private_key
[wazuh_agents:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
[evidence_collector]
192.168.33.13 public_ip=192.168.33.13 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/evidence-collector/virtualbox/private_key
[evidence_collector:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
\ No newline at end of file
......@@ -16,3 +16,6 @@ ssh-agent1:
ssh-agent2:
@$(VAGRANT_RUN) ssh agent2
ssh-evidence-collector:
@$(VAGRANT_RUN) ssh evidence-collector
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment