From 99cf3d50fbf87b546ebaf32fd244c049255fdd05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?An=C5=BEe=20=C5=BDitnik?= <anze.zitnik@xlab.si>
Date: Wed, 9 Mar 2022 16:03:41 +0100
Subject: [PATCH] Fixed problems with environment variables & updated README
---
MANIFEST | 2 +-
README.md | 36 ++++++++++---------
forward_evidence/forward_evidence.py | 2 +-
...azuh-vat-evidence-collector-configmap.yaml | 29 +++++++--------
scheduler/scheduler.py | 2 +-
wazuh_evidence_collector/checker.py | 1 -
.../wazuh_evidence_collector.py | 6 ++--
7 files changed, 40 insertions(+), 38 deletions(-)
diff --git a/MANIFEST b/MANIFEST
index 1e73e6f..9f9cd1c 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,2 +1,2 @@
-VERSION=v0.0.7
+VERSION=v0.0.9
SERVICE=evidence-collector
diff --git a/README.md b/README.md
index d84c155..7277081 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ This project includes modules for collecting evidence regarding Wazuh and VAT an
## Wazuh evidence collector
-Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/current/user-manual/api/reference.html) to access information about manager's and agents' system informations and configurations. As an additional measure to ensure correct configuration of [ClamAV](https://www.clamav.net/) (if installed on machine) we also make use of [Elasticsearch's API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search.html) to dirrectly access collected logs - Elastic stack is one of the Wazuh's required components (usually installed on the same machine as Wazuh server, but can be stand alone as well).
+Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/current/user-manual/api/reference.html) to access information about manager's and agents' system informations and configurations. As an additional measure to ensure correct configuration of [ClamAV](https://www.clamav.net/) (if installed on machine) we also make use of [Elasticsearch's API](https://www.elastic.co/guide/en/elasticsearch/reference/current/search.html) to dirrectly access collected logs | Elastic stack is one of the Wazuh's required components (usually installed on the same machine as Wazuh server, but can be stand alone as well).
## Installation & use
@@ -78,26 +78,28 @@ Wazuh evidence collector uses [Wazuh's API](https://documentation.wazuh.com/curr
### Environment variables
-Required environment variables (if deployed localy) are located and can be set in `.env` file.
+Required environment variables (if deployed locally) are located and can be set in `.env` file.
Variables used when deploying to Kubernetes can be edited in `data` section of `/kubernetes/wazuh-vat-evidence-collector-configmap.yaml` file.
All of the following environment variables have to be set (or passed to container) for `evidence-collector` to work:
-- `demo_mode`,
-- `wazuh_host`,
-- `wazuh_port`,
-- `wazuh_username`,
-- `wazuh_password`,
-- `elastic_host`,
-- `elastic_port`,
-- `elastic_username`,
-- `elastic_password`,
-- `redis_host`,
-- `redis_port`,
-- `redis_queue`,
-- `clouditor_host`,
-- `clouditor_port`.
+| Variable | Description |
+| ---------- | ---------- |
+| `demo_mode` | Default value `false`. Set to `true` in case Evidence collector runs alone (without `security-monitoring` framework) locally - generates dummy data. |
+| `wazuh_host` | Wazuh manager host's IP address. |
+| `wazuh_port` | Wazuh manager port. Default value `55000`. |
+| `wazuh_username` | Wazuh manager's username. |
+| `wazuh_password` | Wazuh manager's password. |
+| `elastic_host` | Elasticsearch host's IP address. Usually same as `wazuh_host`. |
+| `elastic_port` | Elasticsearch port. Default value `9200`. |
+| `elastic_username` | Elasticsearch's username. |
+| `elastic_password` | Elasticsearch's password. |
+| `redis_host` | Redis server host's IP address. Usually `localhost`. |
+| `redis_port` | Redis server port. Default value `6379`. |
+| `redis_queue` | Redis queue name. |
+| `clouditor_host` | Clouditor host's IP address. |
+| `clouditor_port` | Clouditor port. Default value `9090`. |
### Generate gRPC code from `.proto` files
@@ -136,7 +138,7 @@ $ curl --user admin:changeme --insecure -X GET "https://192.168.33.10:9200/wazuh
}'
```
-### Running [RQ](https://github.com/rq/rq) and [RQ-scheduler](https://github.com/rq/rq-scheduler) localy
+### Running [RQ](https://github.com/rq/rq) and [RQ-scheduler](https://github.com/rq/rq-scheduler) locally
1. Install (if needed) and run `redis-server`:
diff --git a/forward_evidence/forward_evidence.py b/forward_evidence/forward_evidence.py
index d3a8e86..fcb0369 100644
--- a/forward_evidence/forward_evidence.py
+++ b/forward_evidence/forward_evidence.py
@@ -3,7 +3,7 @@ import grpc
import os
CLOUDITOR_HOST = os.environ.get("clouditor_host")
-CLOUDITOR_PORT = os.environ.get("clouditor_port")
+CLOUDITOR_PORT = int(os.environ.get("clouditor_port"))
class ForwardEvidence(object):
diff --git a/kubernetes/wazuh-vat-evidence-collector-configmap.yaml b/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
index bba9504..faaf1b7 100644
--- a/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
+++ b/kubernetes/wazuh-vat-evidence-collector-configmap.yaml
@@ -3,20 +3,21 @@ kind: ConfigMap
metadata:
name: wazuh-vat-evidence-collector-env
data:
- demo_mode: true
- wazuh_host: localhost
- wazuh_port: 55000
- wazuh_username: wazuh-wui
- wazuh_password: wazuh-wui
+ demo_mode: 'true'
- elastic_host: localhost
- elastic_port: 9200
- elastic_username: admin
- elastic_password: changeme
+ wazuh_host: 'localhost'
+ wazuh_port: '55000'
+ wazuh_username: 'wazuh-wui'
+ wazuh_password: 'wazuh-wui'
+
+ elastic_host: 'localhost'
+ elastic_port: '9200'
+ elastic_username: 'admin'
+ elastic_password: 'changeme'
- redis_host: localhost
- redis_port: 6379
- redis_queue: low
+ redis_host: 'localhost'
+ redis_port: '6379'
+ redis_queue: 'low'
- clouditor_host: security-assessment-svc
- clouditor_port: 9090
\ No newline at end of file
+ clouditor_host: 'security-assessment-svc'
+ clouditor_port: '9090'
\ No newline at end of file
diff --git a/scheduler/scheduler.py b/scheduler/scheduler.py
index 28e69a0..6d78c89 100644
--- a/scheduler/scheduler.py
+++ b/scheduler/scheduler.py
@@ -6,7 +6,7 @@ from wazuh_evidence_collector import wazuh_evidence_collector
from wazuh_evidence_collector.wazuh_evidence_collector import LOGGER
REDIS_HOST = os.environ.get("redis_host")
-REDIS_PORT = os.environ.get("redis_port")
+REDIS_PORT = int(os.environ.get("redis_port"))
REDIS_QUEUE = os.environ.get("redis_queue")
def remove_jobs(scheduler):
diff --git a/wazuh_evidence_collector/checker.py b/wazuh_evidence_collector/checker.py
index 3877e4d..a090a91 100644
--- a/wazuh_evidence_collector/checker.py
+++ b/wazuh_evidence_collector/checker.py
@@ -2,7 +2,6 @@ from wazuh_evidence_collector.wazuh_client import WazuhClient
from elasticsearch import Elasticsearch
from elasticsearch_dsl import Search
-
class Checker:
def __init__(self, wc, es):
self.wc = wc
diff --git a/wazuh_evidence_collector/wazuh_evidence_collector.py b/wazuh_evidence_collector/wazuh_evidence_collector.py
index d6aa769..d5a589c 100644
--- a/wazuh_evidence_collector/wazuh_evidence_collector.py
+++ b/wazuh_evidence_collector/wazuh_evidence_collector.py
@@ -14,15 +14,15 @@ import logging.config
logging.config.fileConfig('logging.conf')
LOGGER = logging.getLogger('root')
-DEMO = os.environ.get("demo_mode")
+DEMO = os.environ.get("demo_mode").lower() in ('true', '1', 't')
WAZUH_HOST = os.environ.get("wazuh_host")
-WAZUH_PORT = os.environ.get("wazuh_port")
+WAZUH_PORT = int(os.environ.get("wazuh_port"))
WAZUH_USERNAME = os.environ.get("wazuh_username")
WAZUH_PASSWORD = os.environ.get("wazuh_password")
ELASTIC_HOST = os.environ.get("elastic_host")
-ELASTIC_PORT = os.environ.get("elastic_port")
+ELASTIC_PORT = int(os.environ.get("elastic_port"))
ELASTIC_USERNAME = os.environ.get("elastic_username")
ELASTIC_PASSWORD = os.environ.get("elastic_password")
--
GitLab