diff --git a/MANIFEST b/MANIFEST index 1e73e6ff437fc0d6c96000a7e02be5291a5f4fa1..9f9cd1ce2c0ce33ad6a84e37b35b79406c5613c6 100644 --- a/MANIFEST +++ b/MANIFEST @@ -1,2 +1,2 @@ -VERSION=v0.0.7 +VERSION=v0.0.9 SERVICE=evidence-collector diff --git a/README.md b/README.md index d84c155d8ab6ff3b8f2048290136a1a771bf92cc..7277081fbdfc442501e37f42a3386472534a41ba 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ This project includes modules for collecting evidence regarding Wazuh and VAT an ## Wazuh evidence collector -Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/current/user-manual/api/reference.html) to access information about manager's and agents' system informations and configurations. As an additional measure to ensure correct configuration of [ClamAV](https://www.clamav.net/) (if installed on machine) we also make use of [Elasticsearch's API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search.html) to dirrectly access collected logs - Elastic stack is one of the Wazuh's required components (usually installed on the same machine as Wazuh server, but can be stand alone as well). +Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/current/user-manual/api/reference.html) to access information about manager's and agents' system informations and configurations. As an additional measure to ensure correct configuration of [ClamAV](https://www.clamav.net/) (if installed on machine) we also make use of [Elasticsearch's API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search.html) to dirrectly access collected logs | Elastic stack is one of the Wazuh's required components (usually installed on the same machine as Wazuh server, but can be stand alone as well). ## Installation & use @@ -78,26 +78,28 @@ Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/curr ### Environment variables -Required environment variables (if deployed localy) are located and can be set in `.env` file. +Required environment variables (if deployed locally) are located and can be set in `.env` file. Variables used when deploying to Kubernetes can be edited in `data` section of `/kubernetes/wazuh-vat-evidence-collector-configmap.yaml` file. All of the following environment variables have to be set (or passed to container) for `evidence-collector` to work: -- `demo_mode`, -- `wazuh_host`, -- `wazuh_port`, -- `wazuh_username`, -- `wazuh_password`, -- `elastic_host`, -- `elastic_port`, -- `elastic_username`, -- `elastic_password`, -- `redis_host`, -- `redis_port`, -- `redis_queue`, -- `clouditor_host`, -- `clouditor_port`. +| Variable | Description | +| ---------- | ---------- | +| `demo_mode` | Default value `false`. Set to `true` in case Evidence collector runs alone (without `security-monitoring` framework) locally - generates dummy data. | +| `wazuh_host` | Wazuh manager host's IP address. | +| `wazuh_port` | Wazuh manager port. Default value `55000`. | +| `wazuh_username` | Wazuh manager's username. | +| `wazuh_password` | Wazuh manager's password. | +| `elastic_host` | Elasticsearch host's IP address. Usually same as `wazuh_host`. | +| `elastic_port` | Elasticsearch port. Default value `9200`. | +| `elastic_username` | Elasticsearch's username. | +| `elastic_password` | Elasticsearch's password. | +| `redis_host` | Redis server host's IP address. Usually `localhost`. | +| `redis_port` | Redis server port. Default value `6379`. | +| `redis_queue` | Redis queue name. | +| `clouditor_host` | Clouditor host's IP address. | +| `clouditor_port` | Clouditor port. Default value `9090`. | ### Generate gRPC code from `.proto` files @@ -136,7 +138,7 @@ $ curl --user admin:changeme --insecure -X GET "https://192.168.33.10:9200/wazuh }' ``` -### Running [RQ](https://github.com/rq/rq) and [RQ-scheduler](https://github.com/rq/rq-scheduler) localy +### Running [RQ](https://github.com/rq/rq) and [RQ-scheduler](https://github.com/rq/rq-scheduler) locally 1. Install (if needed) and run `redis-server`: diff --git a/forward_evidence/forward_evidence.py b/forward_evidence/forward_evidence.py index d3a8e867798856fb74083f5148f717b4c162a1b7..fcb03699ed6609ee9778f8fba27b836051c4af02 100644 --- a/forward_evidence/forward_evidence.py +++ b/forward_evidence/forward_evidence.py @@ -3,7 +3,7 @@ import grpc import os CLOUDITOR_HOST = os.environ.get("clouditor_host") -CLOUDITOR_PORT = os.environ.get("clouditor_port") +CLOUDITOR_PORT = int(os.environ.get("clouditor_port")) class ForwardEvidence(object): diff --git a/kubernetes/wazuh-vat-evidence-collector-configmap.yaml b/kubernetes/wazuh-vat-evidence-collector-configmap.yaml index bba95045c342fd5d5c301d2a3ee28e388659207e..faaf1b712e6319c7696e772e296a439d620832e2 100644 --- a/kubernetes/wazuh-vat-evidence-collector-configmap.yaml +++ b/kubernetes/wazuh-vat-evidence-collector-configmap.yaml @@ -3,20 +3,21 @@ kind: ConfigMap metadata: name: wazuh-vat-evidence-collector-env data: - demo_mode: true - wazuh_host: localhost - wazuh_port: 55000 - wazuh_username: wazuh-wui - wazuh_password: wazuh-wui + demo_mode: 'true' - elastic_host: localhost - elastic_port: 9200 - elastic_username: admin - elastic_password: changeme + wazuh_host: 'localhost' + wazuh_port: '55000' + wazuh_username: 'wazuh-wui' + wazuh_password: 'wazuh-wui' + + elastic_host: 'localhost' + elastic_port: '9200' + elastic_username: 'admin' + elastic_password: 'changeme' - redis_host: localhost - redis_port: 6379 - redis_queue: low + redis_host: 'localhost' + redis_port: '6379' + redis_queue: 'low' - clouditor_host: security-assessment-svc - clouditor_port: 9090 \ No newline at end of file + clouditor_host: 'security-assessment-svc' + clouditor_port: '9090' \ No newline at end of file diff --git a/scheduler/scheduler.py b/scheduler/scheduler.py index 28e69a061a44e8372ca99b9b2d7a69d353585da7..6d78c89e8f89bcdf17522dab1b5363a41f893739 100644 --- a/scheduler/scheduler.py +++ b/scheduler/scheduler.py @@ -6,7 +6,7 @@ from wazuh_evidence_collector import wazuh_evidence_collector from wazuh_evidence_collector.wazuh_evidence_collector import LOGGER REDIS_HOST = os.environ.get("redis_host") -REDIS_PORT = os.environ.get("redis_port") +REDIS_PORT = int(os.environ.get("redis_port")) REDIS_QUEUE = os.environ.get("redis_queue") def remove_jobs(scheduler): diff --git a/wazuh_evidence_collector/checker.py b/wazuh_evidence_collector/checker.py index 3877e4d0e9c016d413e0b3099b806801bb2e522c..a090a9179367fdf705a417da4451f01cafbcb603 100644 --- a/wazuh_evidence_collector/checker.py +++ b/wazuh_evidence_collector/checker.py @@ -2,7 +2,6 @@ from wazuh_evidence_collector.wazuh_client import WazuhClient from elasticsearch import Elasticsearch from elasticsearch_dsl import Search - class Checker: def __init__(self, wc, es): self.wc = wc diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py index d6aa7691f9cd5aae4d5e467a1d3e0b76f4bcc52f..d5a589c82ddfea75648687b817d0af8f427c2b93 100644 --- a/wazuh_evidence_collector/wazuh_evidence_collector.py +++ b/wazuh_evidence_collector/wazuh_evidence_collector.py @@ -14,15 +14,15 @@ import logging.config logging.config.fileConfig('logging.conf') LOGGER = logging.getLogger('root') -DEMO = os.environ.get("demo_mode") +DEMO = os.environ.get("demo_mode").lower() in ('true', '1', 't') WAZUH_HOST = os.environ.get("wazuh_host") -WAZUH_PORT = os.environ.get("wazuh_port") +WAZUH_PORT = int(os.environ.get("wazuh_port")) WAZUH_USERNAME = os.environ.get("wazuh_username") WAZUH_PASSWORD = os.environ.get("wazuh_password") ELASTIC_HOST = os.environ.get("elastic_host") -ELASTIC_PORT = os.environ.get("elastic_port") +ELASTIC_PORT = int(os.environ.get("elastic_port")) ELASTIC_USERNAME = os.environ.get("elastic_username") ELASTIC_PASSWORD = os.environ.get("elastic_password")