Merge pull request #33 from wazuh/3.9-issue-32

Adding suport for Centos/RHEL 7 and Amazon Linux 2

CHANGELOG.md

@@ -5,19 +5,19 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
-- Added version option for Wazuh Manager ([@jm404](https://github.com/jm404))([#561cf11]((https://github.com/wazuh/wazuh-chef/commit/561cf11994b227758fbfd57151e77191da69afa3)))
-- Updated Filebeat Recipes and templates ([@jm404](https://github.com/jm404))([#190a8f7](https://github.com/wazuh/wazuh-chef/commit/190a8f75f085389f7aa64fca7076e740a5288eb9))
-- Elasticsearch recipes and templates upgraded to 7.1 ([@jm404](https://github.com/jm404))([#5184a35](https://github.com/wazuh/wazuh-chef/commit/5184a351472391cb6ca4cb4879c83aa2d605803b)) ([#9d35c94](https://github.com/wazuh/wazuh-chef/commit/9d35c94b0cf2cf912b8cfc8a8f60af4e32977f30)) 
-- Elasticsearch attributes have been enhanced  ([@jm404](https://github.com/jm404))([#eb20501]((https://github.com/wazuh/wazuh-chef/commit/eb20501f28c724f01ff0709138abeb9610e03fdb)))
-- Node have been upgraded to 8.x and API versioning have been added. ([@jm404](https://github.com/jm404))([#83050d0]((https://github.com/wazuh/wazuh-chef/commit/83050d07ee7259dbeddf7638e3ae512b97fd79ca)))
+- Added version option for Wazuh Manager ([@jm404](https://github.com/jm404)) [#561cf11](https://github.com/wazuh/wazuh-chef/commit/561cf11994b227758fbfd57151e77191da69afa3)
+- Updated Filebeat Recipes and templates ([@jm404](https://github.com/jm404)) [#190a8f7](https://github.com/wazuh/wazuh-chef/commit/190a8f75f085389f7aa64fca7076e740a5288eb9)
+- Elasticsearch recipes and templates upgraded to 7.1 ([@jm404](https://github.com/jm404)) [#5184a35](https://github.com/wazuh/wazuh-chef/commit/5184a351472391cb6ca4cb4879c83aa2d605803b), [#9d35c94](https://github.com/wazuh/wazuh-chef/commit/9d35c94b0cf2cf912b8cfc8a8f60af4e32977f30)
+- Elasticsearch attributes have been enhanced  ([@jm404](https://github.com/jm404)) [#eb20501](https://github.com/wazuh/wazuh-chef/commit/eb20501f28c724f01ff0709138abeb9610e03fdb)
+- Node have been upgraded to 8.x and API versioning have been added. ([@jm404](https://github.com/jm404)) [#83050d0](https://github.com/wazuh/wazuh-chef/commit/83050d07ee7259dbeddf7638e3ae512b97fd79ca)
 
 ### Fixed
 
-- Kibana listen to Elasticsearch now uses a dynamic value.  ([@jm404](https://github.com/jm404))([#5db4bda](https://github.com/wazuh/wazuh-chef/commit/5db4bdaf9acc47668911eeeabeb5de6b13974747))
+- Kibana listen to Elasticsearch now uses a dynamic value.  ([@jm404](https://github.com/jm404)) [#5db4bda](https://github.com/wazuh/wazuh-chef/commit/5db4bdaf9acc47668911eeeabeb5de6b13974747)
 
 ### Removed 
 
-- Java and Logstash recipes are no longer required and have been removed. ([@jm404](https://github.com/jm404))([#15cf987](https://github.com/wazuh/wazuh-chef/commit/5db4bdaf9acc47668911eeeabeb5de6b13974747))
+- Java and Logstash recipes are no longer required and have been removed. ([@jm404](https://github.com/jm404)) [#15cf987](https://github.com/wazuh/wazuh-chef/commit/5db4bdaf9acc47668911eeeabeb5de6b13974747)
 
 
 ## Wazuh Chef v3.9.1_6.8.0
@@ -43,6 +43,4 @@ All notable changes to this project will be documented in this file.
 
 ### Removed
 
-- Removed old secrets and unnecesary files ([@jm404](https://github.com/jm404)) ([#22](https://github.com/wazuh/wazuh-chef/pull/22))
-
-
+- Removed old secrets and unnecesary files ([@jm404](https://github.com/jm404)) ([#22](https://github.com/wazuh/wazuh-chef/pull/22))

README.md

@@ -7,6 +7,16 @@
 
 Deploy Wazuh platform using Chef cookbooks. Chef recipes are prepared for installing and configuring Agent, Manager (cluster) and RESTful API.
 
+## Dependencies
+
+Every cookbook will install its own required dependencies, *Berksfile* and *metadata.rb* contain all the information about which dependencies will be installed.
+
+There is software that must be installed in order to ensure the correct installation.
+
+- Curl
+- Wget
+- Chef Server Core v12.19.31
+
 ## Cookbooks
 
 * [Wazuh Agent ](https://github.com/wazuh/wazuh-chef/tree/master/wazuh_agent)

cookbooks/wazuh_agent/attributes/localfile.rb

@@ -1,4 +1,6 @@
-default['ossec']['conf']['localfile'] = [
+
+if platform_family?('ubuntu', 'debian')
+  default['ossec']['conf']['localfile'] = [
     {
       'log_format' => 'command',
       'command' => 'df -P',
@@ -17,12 +19,12 @@
       'log_format' => 'full_command',
       'command' => 'last -n 20',
       'frequency' => 360
-       }
+      }
     },
     {
       'content!' => {
         'log_format' => 'syslog',
-        'command' => '/var/ossec/logs/active-responses.log',
+        'location' => '/var/ossec/logs/active-responses.log',
       }
     },
     {
@@ -50,9 +52,47 @@
         }
     }
   ]
-
-
-
-
-
-
+elsif platform_family?('rhel','centos', 'amazon')
+  default['ossec']['conf']['localfile'] = [
+    {
+      'log_format' => 'command',
+      'command' => 'df -P',
+      'frequency' => 360
+    },
+    {
+      'content!' => {
+        'log_format' => 'full_command',
+        'command' => "netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d",
+        'alias' => 'netstat listening ports',
+        'frequency' => 360
+      }
+    },
+    {
+      'content!' => {
+      'log_format' => 'full_command',
+      'command' => 'last -n 20',
+      'frequency' => 360
+      }
+    },
+    {
+      'content!' => {
+        'log_format' => 'syslog',
+        'location' => '/var/ossec/logs/active-responses.log',
+      }
+    },
+    {
+      'content!' => {
+        'log_format' => 'syslog',
+        'location' => '/var/log/messages'
+        }
+    },
+    {
+      'content!' => {
+        'log_format' => 'syslog',
+        'location' => '/var/log/secure'
+        }
+    },
+  ]
+else
+  raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"
+end

cookbooks/wazuh_agent/attributes/rootcheck.rb

@@ -8,6 +8,6 @@
 default['ossec']['conf']['rootcheck']['check_ports'] = true
 default['ossec']['conf']['rootcheck']['check_if'] = true
 default['ossec']['conf']['rootcheck']['frequency'] = 43200
-default['ossec']['conf']['rootcheck']['rootkit_files'] = "#{node['ossec']['dir']}/etc/shared/rootkit_files.txt"
-default['ossec']['conf']['rootcheck']['rootkit_trojans'] = "#{node['ossec']['dir']}/etc/shared/rootkit_trojans.txt"
-default['ossec']['conf']['rootcheck']['skip_nfs'] = true
+default['ossec']['conf']['rootcheck']['rootkit_files'] = "#{node['ossec']['dir']}/etc/rootcheck/rootkit_files.txt"
+default['ossec']['conf']['rootcheck']['rootkit_trojans'] = "#{node['ossec']['dir']}/etc/rootcheck/rootkit_trojans.txt"
+default['ossec']['conf']['rootcheck']['skip_nfs'] = true

cookbooks/wazuh_agent/recipes/repository.rb

@@ -17,29 +17,29 @@
 # limitations under the License.
 #
 
-case node['platform_family']
-
-  when 'debian'
-    package 'lsb-release'
+if platform_family?('ubuntu', 'debian')
+  package 'lsb-release'
 
-    ohai 'reload lsb' do
-      plugin 'lsb'
-      # action :nothing
-      subscribes :reload, 'package[lsb-release]', :immediately
-    end
+  ohai 'reload lsb' do
+    plugin 'lsb'
+    # action :nothing
+    subscribes :reload, 'package[lsb-release]', :immediately
+  end
+
+  apt_repository 'Wazuh' do
+    uri 'http://packages.wazuh.com/3.x/apt/'
+    key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+    components ['main']
+    distribution 'stable'
+  end
 
-    apt_repository 'Wazuh' do
-      uri 'http://packages.wazuh.com/3.x/apt/'
-      key 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-      components ['main']
-      distribution 'stable'
-    end
-
-  when 'rhel', 'amazon'
-    yum_repository 'Wazuh' do
-      description 'WAZUH Repository - www.wazuh.com'
-      baseurl 'https://packages.wazuh.com/3.x/yum'
-      gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
-      action :create
+elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
+  yum_repository 'Wazuh' do
+    description 'WAZUH Repository - www.wazuh.com'
+    baseurl 'https://packages.wazuh.com/3.x/yum'
+    gpgkey 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+    action :create
   end
+else
+  raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"
 end

cookbooks/wazuh_elastic/recipes/elasticsearch.rb

@@ -5,11 +5,21 @@
 #
 ######################################################
 
-package 'elasticsearch' do
-    version node['wazuh-elastic']['elastic_stack_version']
-    action :install
-end
 
+if platform_family?('debian', 'ubuntu')
+
+  apt_package 'elasticsearch' do
+    version "#{node['wazuh-elastic']['elastic_stack_version']}"
+  end
+
+elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
+  yum_package 'elasticsearch' do
+    version "#{node['wazuh-elastic']['elastic_stack_version']}-1"
+  end
+
+else
+  raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"
+end
 
 template '/etc/elasticsearch/elasticsearch.yml' do
   source 'elasticsearch.yml.erb'

cookbooks/wazuh_elastic/recipes/kibana.rb

@@ -5,13 +5,16 @@
 # Create user and group
 #
 
-package 'kibana' do
-  version node['wazuh-elastic']['elastic_stack_version']
-end
-
-service "kibana" do
-  supports :start => true, :stop => true, :restart => true, :reload => true, :status => true
-  action [:enable, :start]
+if platform_family?('debian', 'ubuntu')
+  apt_package 'kibana' do
+    version "#{node['wazuh-elastic']['elastic_stack_version']}"
+  end
+elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
+  yum_package 'kibana' do
+    version "#{node['wazuh-elastic']['elastic_stack_version']}-1"
+  end
+else
+  raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"
 end
 
 template 'kibana.yml' do
@@ -25,9 +28,26 @@
      kibana_elasticsearch_server_hosts: "elasticsearch.hosts: ['#{node['wazuh-elastic']['kibana_elasticsearch_server_hosts']}']"
   })
   mode 0755
-  notifies :restart, "service[kibana]", :immediately
 end
 
+
+if platform_family?('debian', 'ubuntu')
+  service "kibana" do
+    supports :start => true, :stop => true, :restart => true, :reload => true
+    action [:restart]
+  end
+elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
+  service "kibana" do
+    supports :start => true, :stop => true, :restart => true, :reload => true
+    provider Chef::Provider::Service::Init
+    action [:restart]
+  end
+else
+  raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"
+end
+
+
+
 ruby_block 'wait for elasticsearch' do
   block do
     loop { break if (TCPSocket.open("#{node['wazuh-elastic']['elasticsearch_ip']}",node['wazuh-elastic']['elasticsearch_port']) rescue nil); puts "Waiting elasticsearch...."; sleep 1 }
@@ -43,18 +63,29 @@
   EOH
 end
 
-bash 'Install Wazuh-APP (can take a while)' do
-  code <<-EOH
-  sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-#{node['wazuh-elastic']['wazuh_app_version']}.zip kibana
-  EOH
-  creates '/usr/share/kibana/plugins/wazuh/package.json'
-  notifies :restart, "service[kibana]", :immediately
+
+if platform_family?('debian', 'ubuntu')
+  bash 'Install Wazuh-APP (can take a while)' do
+    code <<-EOH
+    sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-#{node['wazuh-elastic']['wazuh_app_version']}.zip kibana
+    EOH
+    creates '/usr/share/kibana/plugins/wazuh/package.json'
+    notifies :restart, "service[kibana]", :delayed
+  end
+elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
+  bash 'Install Wazuh-APP (can take a while)' do
+    code <<-EOH
+    sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-#{node['wazuh-elastic']['wazuh_app_version']}.zip
+    EOH
+    creates '/usr/share/kibana/plugins/wazuh/package.json'
+    notifies :restart, "service[kibana]", :delayed
+  end
 end
 
 bash 'Verify Kibana folders owner' do
   code <<-EOF
     chown -R kibana:kibana /usr/share/kibana/optimize
     chown -R kibana:kibana /usr/share/kibana/plugins
   EOF
-  notifies :restart, "service[kibana]", :immediately
+
 end

cookbooks/wazuh_elastic/recipes/repository.rb

@@ -2,8 +2,7 @@
 # Recipe:: default
 # Author:: Wazuh <info@wazuh.com>
 
-case node["platform_family"]
-when "debian"
+if platform_family?('debian','ubuntu')
   package "lsb-release"
 
   ohai "reload lsb" do
@@ -20,31 +19,15 @@
     not_if do
       File.exists?("/etc/apt/sources.list.d/elastic-7.x.list")
     end
-  end
-when "ubuntu"
-  package "lsb-release"
-
-  ohai "reload lsb" do
-    plugin "lsb"
-    # action :nothing
-    subscribes :reload, "package[lsb-release]", :immediately
-  end
-
-  apt_repository "elastic-7.x" do
-    uri "https://artifacts.elastic.co/packages/7.x/apt"
-    key "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
-    distribution "stable"
-    components ["main"]
-    not_if do
-      File.exists?("/etc/apt/sources.list.d/elastic-7.x.list")
-    end
-  end
-when "rhel"
-
+  end  
+elsif platform_family?('rhel', 'redhat', 'centos', 'amazon')
   yum_repository "elastic-7.x" do
     description "Elastic repository for 7.x packages"
     baseurl "https://artifacts.elastic.co/packages/7.x/yum"
     gpgkey "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
     action :create
+    not_if "grep -q elasticsearch /etc/yum.repos.d/elastic-7.x.repo"
   end
+else
+  raise "Currently platforn not supported yet. Feel free to open an issue on https://www.github.com/wazuh/wazuh-chef if you consider that support for a specific OS should be added"
 end