Giter VIP home page Giter VIP logo

Comments (2)

jm404 avatar jm404 commented on August 26, 2024

Hi team,

I faced 3 main challenges while upgrading Chef to be capable of install Wazuh on Centos.

Update attributes

On installation, Wazuh updates the ossec.conf file to adapt it to the running OS.

Some attributes of <localfile> are different for centos or rhel and debian or ubuntu:

They are modified in the 02_ossec-agent.conf.patch

image

In order to adapt to this the attributes have been updated. For example:

wazuh-chef/cookbooks/wazuh_manager/attributes/localfile.rb

Lines 2 to 100 in 5a72c01

case node['platform_family']
when "debian","ubuntu"
default['ossec']['conf']['localfile'] = [
{
'log_format' => 'command',
'command' => 'df -P',
'frequency' => 360
},
{
'content!' => {
'log_format' => 'full_command',
'command' => "netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d",
'alias' => 'netstat listening ports',
'frequency' => 360
}
},
{
'content!' => {
'log_format' => 'full_command',
'command' => 'last -n 20',
'frequency' => 360
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/ossec/logs/active-responses.log',
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/log/auth.log'
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/log/syslog'
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/log/dpkg.log'
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/log/kern.log'
}
}
]
when "centos","redhat","rhel"
default['ossec']['conf']['localfile'] = [
{
'log_format' => 'command',
'command' => 'df -P',
'frequency' => 360
},
{
'content!' => {
'log_format' => 'full_command',
'command' => "netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d",
'alias' => 'netstat listening ports',
'frequency' => 360
}
},
{
'content!' => {
'log_format' => 'full_command',
'command' => 'last -n 20',
'frequency' => 360
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/ossec/logs/active-responses.log',
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/log/messages'
}
},
{
'content!' => {
'log_format' => 'syslog',
'location' => '/var/log/secure'
}
},
]
end

Adapt repositories and apt_package block

Repositories block and apt_package have been adapted to fit Centos Installations, for example:

wazuh-chef/cookbooks/wazuh_elastic/recipes/elasticsearch.rb

Lines 7 to 17 in d9bacf1

case node['platform_family']
when "debian", "ubuntu"
apt_package 'elasticsearch' do
version "#{node['wazuh-elastic']['elastic_stack_version']}"
end
when "redhat", "rhel", "centos"
yum_package 'elasticsearch' do
version "#{node['wazuh-elastic']['elastic_stack_version']}-1"
end
end

Kibana service error

Kibana shows problematic behaviour when trying to start it with systemctl on Centos OS. In order to avoid that weird situations, Kibana will be managed with SysVinit. You can check such block here:

wazuh-chef/cookbooks/wazuh_elastic/recipes/kibana.rb

Lines 33 to 44 in d9bacf1

when "debian", "ubuntu"
service "kibana" do
supports :start => true, :stop => true, :restart => true, :reload => true
action [:enable,:start]
end
when "redhat", "rhel", "centos"
service "kibana" do
supports :start => true, :stop => true, :restart => true, :reload => true
provider Chef::Provider::Service::Init
action [:start]
end
end

from wazuh-chef.

jm404 avatar jm404 commented on August 26, 2024

Hi team!

The when - case conditionals have been replaced by if platform_family? conditionals since the first one gave some errors detecting centos platform

wazuh-chef/cookbooks/wazuh_elastic/recipes/kibana.rb

Lines 34 to 47 in a298d5b

if platform_family?('debian', 'ubuntu')
service "kibana" do
supports :start => true, :stop => true, :restart => true, :reload => true
action [:restart]
end
elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
service "kibana" do
supports :start => true, :stop => true, :restart => true, :reload => true
provider Chef::Provider::Service::Init
action [:restart]
end
else
raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"
end

from wazuh-chef.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.