nzin / puppet-ossec Goto Github PK
View Code? Open in Web Editor NEWossec module for puppet
License: GNU General Public License v2.0
ossec module for puppet
License: GNU General Public License v2.0
I was looking at your module to manage our ossec infrastructure, and one aspect I am particularly concerned about is key management.
The default ossec-authd
doesn't provide enrollment security: any server can contact the authd server and join the ossec infrastructure, which isn't great.
I was hoping that your module would provide a more secure way of dealing with keys. But it seems that you generate them by calculating two md5 strings from non-secret information. There is no random, except for a seed stored in manifests/agentkey.pp
that is statically defined. My understanding of your module is that any intruder that has access to the seed can guess all the agent keys fairly easily.
I, unfortunately, do not have a proposal to fix this, other than extracting the key management outside of the module itself.
Please confirm. If I had missed something, and your module is in fact secure, then I'd love to use it in our environment.
I use this module in my environment. However it is one of the last few modules that is stored locally in my installation - all the other ones come from Puppet Forge. Would you consider packaging this module for publication on the Forge? I'm happy to help with packaging etc. Thanks.
I noticed you maintain a PPA that contains more up-to-date OSSEC packages than the ones included in this module. Would it make sense to change this module so that it uses your PPA?
I already hit this wall and you get a very unhelpful error message on the ossec server
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Duplicate declaration: Concat::Fragment[var_ossec_etc_client.keys_10.10.16.56_part] is already declared in file /etc/puppet/environments/prod/modules/ossec/manifests/agentkey.pp:17; cannot redeclare at /etc/puppet/environments/prod/modules/ossec/manifests/agentkey.pp:17 on node ossec-server.example.com
We reinstalled a system with the same IP but a different name and suddenly we had the dupe definition
If someone should come looking for that message the fix is to run
puppet node deactivate oldname.example.com
on the puppet master to clear out the entry in puppetdb
Looking over the Puppet docs for exported refs they recomend the following
To ensure uniqueness, every resource you export should include a substring unique to the node exporting it into its title and name/namevar. The most expedient way is to use the hostname or fqdn facts.
So unless there is some compelling reason to use agent_ip_adress it should probably be changed to agent_name.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.