Skip to content
Snippets Groups Projects
Commit 99cf3d50 authored by Zitnik, Anze's avatar Zitnik, Anze
Browse files

Fixed problems with environment variables & updated README

parent 75a950df
No related branches found
No related tags found
No related merge requests found
VERSION=v0.0.7
VERSION=v0.0.9
SERVICE=evidence-collector
......@@ -4,7 +4,7 @@ This project includes modules for collecting evidence regarding Wazuh and VAT an
## Wazuh evidence collector
Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/current/user-manual/api/reference.html) to access information about manager's and agents' system informations and configurations. As an additional measure to ensure correct configuration of [ClamAV](https://www.clamav.net/) (if installed on machine) we also make use of [Elasticsearch's API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search.html) to dirrectly access collected logs - Elastic stack is one of the Wazuh's required components (usually installed on the same machine as Wazuh server, but can be stand alone as well).
Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/current/user-manual/api/reference.html) to access information about manager's and agents' system informations and configurations. As an additional measure to ensure correct configuration of [ClamAV](https://www.clamav.net/) (if installed on machine) we also make use of [Elasticsearch's API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search.html) to dirrectly access collected logs | Elastic stack is one of the Wazuh's required components (usually installed on the same machine as Wazuh server, but can be stand alone as well).
## Installation & use
......@@ -78,26 +78,28 @@ Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/curr
### Environment variables
Required environment variables (if deployed localy) are located and can be set in `.env` file.
Required environment variables (if deployed locally) are located and can be set in `.env` file.
Variables used when deploying to Kubernetes can be edited in `data` section of `/kubernetes/wazuh-vat-evidence-collector-configmap.yaml` file.
All of the following environment variables have to be set (or passed to container) for `evidence-collector` to work:
- `demo_mode`,
- `wazuh_host`,
- `wazuh_port`,
- `wazuh_username`,
- `wazuh_password`,
- `elastic_host`,
- `elastic_port`,
- `elastic_username`,
- `elastic_password`,
- `redis_host`,
- `redis_port`,
- `redis_queue`,
- `clouditor_host`,
- `clouditor_port`.
| Variable | Description |
| ---------- | ---------- |
| `demo_mode` | Default value `false`. Set to `true` in case Evidence collector runs alone (without `security-monitoring` framework) locally - generates dummy data. |
| `wazuh_host` | Wazuh manager host's IP address. |
| `wazuh_port` | Wazuh manager port. Default value `55000`. |
| `wazuh_username` | Wazuh manager's username. |
| `wazuh_password` | Wazuh manager's password. |
| `elastic_host` | Elasticsearch host's IP address. Usually same as `wazuh_host`. |
| `elastic_port` | Elasticsearch port. Default value `9200`. |
| `elastic_username` | Elasticsearch's username. |
| `elastic_password` | Elasticsearch's password. |
| `redis_host` | Redis server host's IP address. Usually `localhost`. |
| `redis_port` | Redis server port. Default value `6379`. |
| `redis_queue` | Redis queue name. |
| `clouditor_host` | Clouditor host's IP address. |
| `clouditor_port` | Clouditor port. Default value `9090`. |
### Generate gRPC code from `.proto` files
......@@ -136,7 +138,7 @@ $ curl --user admin:changeme --insecure -X GET "https://192.168.33.10:9200/wazuh
}'
```
### Running [RQ](https://github.com/rq/rq) and [RQ-scheduler](https://github.com/rq/rq-scheduler) localy
### Running [RQ](https://github.com/rq/rq) and [RQ-scheduler](https://github.com/rq/rq-scheduler) locally
1. Install (if needed) and run `redis-server`:
......
......@@ -3,7 +3,7 @@ import grpc
import os
CLOUDITOR_HOST = os.environ.get("clouditor_host")
CLOUDITOR_PORT = os.environ.get("clouditor_port")
CLOUDITOR_PORT = int(os.environ.get("clouditor_port"))
class ForwardEvidence(object):
......
......@@ -3,20 +3,21 @@ kind: ConfigMap
metadata:
name: wazuh-vat-evidence-collector-env
data:
demo_mode: true
wazuh_host: localhost
wazuh_port: 55000
wazuh_username: wazuh-wui
wazuh_password: wazuh-wui
demo_mode: 'true'
elastic_host: localhost
elastic_port: 9200
elastic_username: admin
elastic_password: changeme
wazuh_host: 'localhost'
wazuh_port: '55000'
wazuh_username: 'wazuh-wui'
wazuh_password: 'wazuh-wui'
redis_host: localhost
redis_port: 6379
redis_queue: low
elastic_host: 'localhost'
elastic_port: '9200'
elastic_username: 'admin'
elastic_password: 'changeme'
clouditor_host: security-assessment-svc
clouditor_port: 9090
\ No newline at end of file
redis_host: 'localhost'
redis_port: '6379'
redis_queue: 'low'
clouditor_host: 'security-assessment-svc'
clouditor_port: '9090'
\ No newline at end of file
......@@ -6,7 +6,7 @@ from wazuh_evidence_collector import wazuh_evidence_collector
from wazuh_evidence_collector.wazuh_evidence_collector import LOGGER
REDIS_HOST = os.environ.get("redis_host")
REDIS_PORT = os.environ.get("redis_port")
REDIS_PORT = int(os.environ.get("redis_port"))
REDIS_QUEUE = os.environ.get("redis_queue")
def remove_jobs(scheduler):
......
......@@ -2,7 +2,6 @@ from wazuh_evidence_collector.wazuh_client import WazuhClient
from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search
class Checker:
def __init__(self, wc, es):
self.wc = wc
......
......@@ -14,15 +14,15 @@ import logging.config
logging.config.fileConfig('logging.conf')
LOGGER = logging.getLogger('root')
DEMO = os.environ.get("demo_mode")
DEMO = os.environ.get("demo_mode").lower() in ('true', '1', 't')
WAZUH_HOST = os.environ.get("wazuh_host")
WAZUH_PORT = os.environ.get("wazuh_port")
WAZUH_PORT = int(os.environ.get("wazuh_port"))
WAZUH_USERNAME = os.environ.get("wazuh_username")
WAZUH_PASSWORD = os.environ.get("wazuh_password")
ELASTIC_HOST = os.environ.get("elastic_host")
ELASTIC_PORT = os.environ.get("elastic_port")
ELASTIC_PORT = int(os.environ.get("elastic_port"))
ELASTIC_USERNAME = os.environ.get("elastic_username")
ELASTIC_PASSWORD = os.environ.get("elastic_password")
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment