diff --git a/README.md b/README.md index 51a3540bf8800bfb8a5632a94370c927cd39d824..d4be5ba296572c7221292ec9c501a264165d4844 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,16 @@ You should see 2 agents registered and running with Wazuh. ``` $ PORT=8088 npx http-echo-server ``` + +## Using Evidence Collector + +To see Evidence Collector's output, `ssh` to it's machine and open Docker logs: + +``` +$ make ssh-evidence-collector +$ docker logs -ft evidence-collector +``` + ## Potential issues ### Vagrant issue: diff --git a/security-monitoring-ansible/Makefile b/security-monitoring-ansible/Makefile index 394e7ffbda06c325f1a897eccee47db497c26d4c..84021dcc21329fcfb001e5ff5ca3774dad416b79 100644 --- a/security-monitoring-ansible/Makefile +++ b/security-monitoring-ansible/Makefile @@ -1,4 +1,4 @@ -ENVIRONMENT ?= vagrant-1manager-2agents +ENVIRONMENT ?= vagrant-full-setup DEPLOY_DIR = $(PWD) ENV_DIR = $(DEPLOY_DIR)/environments/$(ENVIRONMENT) ANSIBLE_DIR = $(DEPLOY_DIR)/ansible @@ -17,5 +17,8 @@ provision-managers: provision-agents: @ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-agents.yml +provision-evidence-collector: + @ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision-evidence-collector.yml + provision: @ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook $(ANSIBLE_ARGS) $(ANSIBLE_DIR)/provision.yml \ No newline at end of file diff --git a/security-monitoring-ansible/ansible/docker/credentials/credentials.yml b/security-monitoring-ansible/ansible/docker/credentials/credentials.yml new file mode 100644 index 0000000000000000000000000000000000000000..d3e73186b46ceba31145217394d228d46c65955a --- /dev/null +++ b/security-monitoring-ansible/ansible/docker/credentials/credentials.yml @@ -0,0 +1,4 @@ +--- +docker_registry: 'registry-gitlab.xlab.si' +docker_username: 'gitlab+deploy-token-53' +docker_token: '_yRiffnzyub8XmuJ4ugr' \ No newline at end of file diff --git a/security-monitoring-ansible/ansible/docker/credentials/vars.yml b/security-monitoring-ansible/ansible/docker/credentials/vars.yml new file mode 100644 index 0000000000000000000000000000000000000000..e209b5f66949fa798c1eb9450c41ce0b63578bf0 --- /dev/null +++ b/security-monitoring-ansible/ansible/docker/credentials/vars.yml @@ -0,0 +1,3 @@ +--- +- name: include credentials + include_vars: credentials.yml \ No newline at end of file diff --git a/security-monitoring-ansible/ansible/provision-evidence-collector.yml b/security-monitoring-ansible/ansible/provision-evidence-collector.yml new file mode 100644 index 0000000000000000000000000000000000000000..655791cd68771f7eb3c7b1d3a715e6f115d0fb39 --- /dev/null +++ b/security-monitoring-ansible/ansible/provision-evidence-collector.yml @@ -0,0 +1,13 @@ +--- +# Evidence Collector + - hosts: evidence_collector + become: yes + pre_tasks: + - import_tasks: "{{ ansible_dir }}/docker/credentials/vars.yml" + roles: + - docker + tasks: + - name: Login to Docker registry + shell: "docker login -u {{ docker_username }} -p {{ docker_token }} {{ docker_registry }}" + - name: Run Docker container + shell: "docker run --name evidence-collector -d {{ docker_registry }}/medina/evidence-collector:latest" \ No newline at end of file diff --git a/security-monitoring-ansible/ansible/provision.yml b/security-monitoring-ansible/ansible/provision.yml index a4ff61d0e660002b2d7130a081fafeac02332740..6901c339d3bad30efd718058f10e2e26e5369f31 100644 --- a/security-monitoring-ansible/ansible/provision.yml +++ b/security-monitoring-ansible/ansible/provision.yml @@ -3,4 +3,7 @@ import_playbook: provision-managers.yml - name: Start provision of the Wazuh Agents - import_playbook: provision-agents.yml \ No newline at end of file + import_playbook: provision-agents.yml + +- name: Start provision of Evidence Collector + import_playbook: provision-evidence-collector.yml \ No newline at end of file diff --git a/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile b/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile similarity index 58% rename from security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile rename to security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile index 157229a6ea4fb84c503fc64207d59efa679ae6be..e2ecdd6e0393258239193e9ca400ec1eaff38a69 100644 --- a/security-monitoring-ansible/environments/vagrant-1manager-2agents/Vagrantfile +++ b/security-monitoring-ansible/environments/vagrant-full-setup/Vagrantfile @@ -22,6 +22,13 @@ servers=[ :box => "centos/7", :ram => 512, :cpu => 1 + }, + { + :hostname => "evidence-collector", + :ip => "192.168.33.13", + :box => "centos/7", + :ram => 2048, + :cpu => 2 } ] @@ -32,14 +39,14 @@ Vagrant.configure(2) do |config| # "You are trying to forward a host IP that does not exist. Please set `host_ip` # to the address of an existing IPv4 network interface, or remove the option # from your port forward configuration." - if machine[:hostname] == "manager" - node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10" - node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10" - node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10" - node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10" - node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10" - node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10" - end + #if machine[:hostname] == "manager" + # node.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "192.168.33.10" + # node.vm.network "forwarded_port", guest: 443, host: 8443 , host_ip: "192.168.33.10" + # node.vm.network "forwarded_port", guest: 55000, host: 55000 , host_ip: "192.168.33.10" + # node.vm.network "forwarded_port", guest: 1514, host: 1514 , host_ip: "192.168.33.10" + # node.vm.network "forwarded_port", guest: 1515, host: 1515 , host_ip: "192.168.33.10" + # node.vm.network "forwarded_port", guest: 1516, host: 1516 , host_ip: "192.168.33.10" + #end node.vm.box = machine[:box] node.vm.hostname = machine[:hostname] node.vm.network "private_network", ip: machine[:ip] diff --git a/security-monitoring-ansible/environments/vagrant-1manager-2agents/inventory.txt b/security-monitoring-ansible/environments/vagrant-full-setup/inventory.txt similarity index 52% rename from security-monitoring-ansible/environments/vagrant-1manager-2agents/inventory.txt rename to security-monitoring-ansible/environments/vagrant-full-setup/inventory.txt index 2626412b402112508c979649780ceb14f1ba723c..05e28e470ec609705bd594df91f2153b60d8b782 100644 --- a/security-monitoring-ansible/environments/vagrant-1manager-2agents/inventory.txt +++ b/security-monitoring-ansible/environments/vagrant-full-setup/inventory.txt @@ -1,12 +1,18 @@ [wazuh_managers] -192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/manager/virtualbox/private_key +192.168.33.10 public_ip=192.168.33.10 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/manager/virtualbox/private_key [wazuh_managers:vars] ansible_ssh_common_args='-o StrictHostKeyChecking=no' [wazuh_agents] -192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent1/virtualbox/private_key -192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-1manager-2agents/.vagrant/machines/agent2/virtualbox/private_key +192.168.33.11 public_ip=192.168.33.11 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent1/virtualbox/private_key +192.168.33.12 public_ip=192.168.33.12 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/agent2/virtualbox/private_key [wazuh_agents:vars] +ansible_ssh_common_args='-o StrictHostKeyChecking=no' + +[evidence_collector] +192.168.33.13 public_ip=192.168.33.13 ansible_ssh_pass=vagrant ansible_ssh_user=vagrant ansible_ssh_private_key_file=environments/vagrant-full-setup/.vagrant/machines/evidence-collector/virtualbox/private_key + +[evidence_collector:vars] ansible_ssh_common_args='-o StrictHostKeyChecking=no' \ No newline at end of file diff --git a/security-monitoring-ansible/environments/vagrant-1manager-2agents/vagrant-1manager-2agents.mk b/security-monitoring-ansible/environments/vagrant-full-setup/vagrant-full-setup.mk similarity index 75% rename from security-monitoring-ansible/environments/vagrant-1manager-2agents/vagrant-1manager-2agents.mk rename to security-monitoring-ansible/environments/vagrant-full-setup/vagrant-full-setup.mk index 244fcdd42c366fc7c7140b7ada8a50620a77096f..cf5009bb77e1e293c46321646e8509af8d9f0c12 100644 --- a/security-monitoring-ansible/environments/vagrant-1manager-2agents/vagrant-1manager-2agents.mk +++ b/security-monitoring-ansible/environments/vagrant-full-setup/vagrant-full-setup.mk @@ -15,4 +15,7 @@ ssh-agent1: @$(VAGRANT_RUN) ssh agent1 ssh-agent2: - @$(VAGRANT_RUN) ssh agent2 \ No newline at end of file + @$(VAGRANT_RUN) ssh agent2 + +ssh-evidence-collector: + @$(VAGRANT_RUN) ssh evidence-collector \ No newline at end of file