From 50aa66fd1842a47ce2577cc0c94bf3a84afb3815 Mon Sep 17 00:00:00 2001 From: Kate Whalen Date: Wed, 13 May 2020 17:17:04 +0100 Subject: [PATCH 1/4] Use parameter to set CIDR for SSH ingress Limiting access to common administrative ports to only a specific IP address or range of addresses is recommended, as unrestricted access increases opportunities for malicious activity. --- production/wazuh_template.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/production/wazuh_template.yml b/production/wazuh_template.yml index cfb4cf0..ebb76bb 100644 --- a/production/wazuh_template.yml +++ b/production/wazuh_template.yml @@ -87,8 +87,9 @@ Metadata: - KibanaPort - Label: - default: "SSL Certificate" + default: "Security" Parameters: + - SSHAccessCidr - SSLCertificateARN Parameters: @@ -267,6 +268,13 @@ Parameters: Default: '443' Description: Port for Kibana WUI Type: String + + # Security + SSHAccessCidr: + Description: A CIDR from which SSH access to the instances is allowed + AllowedPattern: ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}$ + ConstraintDescription: Parameter should be a CIDR block e.g. "1.2.3.4/32" + Type: String SSLCertificateARN: Description: 'Used for HTTPS access to WUI. Existent certificate, identified by its Amazon Resource Name (ARN).' Type: String @@ -372,7 +380,7 @@ Resources: - IpProtocol: tcp FromPort: 22 ToPort: 22 - CidrIp: 0.0.0.0/0 + CidrIp: !Ref SSHAccessCidr - IpProtocol: tcp FromPort: 9200 ToPort: 9400 @@ -392,7 +400,7 @@ Resources: - IpProtocol: tcp FromPort: 22 ToPort: 22 - CidrIp: 0.0.0.0/0 + CidrIp: !Ref SSHAccessCidr - IpProtocol: tcp FromPort: !Ref KibanaPort ToPort: !Ref KibanaPort @@ -416,7 +424,7 @@ Resources: - IpProtocol: tcp FromPort: 22 ToPort: 22 - CidrIp: 0.0.0.0/0 + CidrIp: !Ref SSHAccessCidr - IpProtocol: tcp FromPort: 3389 ToPort: 3389 From 07666765451038a3bf25b8679f3edd880a55feb5 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 23 Jun 2020 10:42:39 +0200 Subject: [PATCH 2/4] Bump versions to 3.13.0_7.7.1 --- demo/README.md | 2 +- demo/elastic/wazuh_cf_bootstrap_elastic.sh | 2 +- demo/elastic/wazuh_cf_kibana.sh | 4 +-- demo/splunk/wazuh_cf_splunk.sh | 4 +-- demo/wazuh/agents/wazuh_agent_amazon.sh | 2 +- demo/wazuh/agents/wazuh_agent_centos.sh | 2 +- demo/wazuh/agents/wazuh_agent_rhel.sh | 4 +-- demo/wazuh/agents/wazuh_cf_agent.sh | 2 +- demo/wazuh/agents/wazuh_cf_agent_debian.sh | 2 +- demo/wazuh/agents/wazuh_cf_agent_ubuntu.sh | 2 +- demo/wazuh/cluster/wazuh_cf_master.sh | 6 ++-- demo/wazuh/cluster/wazuh_cf_worker.sh | 4 +-- demo/wazuh_template.yml | 29 ++++++++++--------- .../elastic/wazuh_cf_bootstrap_elastic.sh | 2 +- production/elastic/wazuh_cf_kibana.sh | 4 +-- production/wazuh/cluster/wazuh_cf_master.sh | 6 ++-- production/wazuh/cluster/wazuh_cf_worker.sh | 4 +-- production/wazuh_template.yml | 15 +++++----- production_ansible/01_create_stack.yml | 4 +-- 19 files changed, 51 insertions(+), 49 deletions(-) diff --git a/demo/README.md b/demo/README.md index b25cd54..18f0b7d 100644 --- a/demo/README.md +++ b/demo/README.md @@ -90,7 +90,7 @@ A parent domain (e.g. mycompany.com) and subdomain (e.g. wazuh) can be specified An example of the installation of a new agent, on a Windows system (automatically registered and configured) using an MSI package would be: - wazuh-agent-3.12.3-1.msi /q ADDRESS=“wazuh.mycompany.com” AUTHD_SERVER=“registration.wazuh.mycompany.com” PASSWORD=“mypassword” AGENT_NAME=“myhostname” PROTOCOL=“TCP” + wazuh-agent-3.13.0-1.msi /q ADDRESS=“wazuh.mycompany.com” AUTHD_SERVER=“registration.wazuh.mycompany.com” PASSWORD=“mypassword” AGENT_NAME=“myhostname” PROTOCOL=“TCP” An example of the registration of a new agent on a Linux system would be: diff --git a/demo/elastic/wazuh_cf_bootstrap_elastic.sh b/demo/elastic/wazuh_cf_bootstrap_elastic.sh index fec6673..5101c9a 100644 --- a/demo/elastic/wazuh_cf_bootstrap_elastic.sh +++ b/demo/elastic/wazuh_cf_bootstrap_elastic.sh @@ -18,7 +18,7 @@ master_ip=$(cat /tmp/wazuh_cf_settings | grep '^MasterIp:' | cut -d' ' -f2) worker_ip=$(cat /tmp/wazuh_cf_settings | grep '^WorkerIp:' | cut -d' ' -f2) kibana_ip=$(cat /tmp/wazuh_cf_settings | grep '^KibanaIp:' | cut -d' ' -f2) -TAG="v3.12.3" +TAG="v3.13.0" echo "Added env vars." >> /tmp/deploy.log echo "eth0_ip: $eth0_ip" >> /tmp/deploy.log diff --git a/demo/elastic/wazuh_cf_kibana.sh b/demo/elastic/wazuh_cf_kibana.sh index 71d4253..62d8d12 100644 --- a/demo/elastic/wazuh_cf_kibana.sh +++ b/demo/elastic/wazuh_cf_kibana.sh @@ -242,7 +242,7 @@ get_plugin_url(){ plugin_url="https://packages-dev.wazuh.com/staging/app/kibana/wazuhapp-${wazuh_major}.${wazuh_minor}.${wazuh_patch}_${elastic_major_version}.${elastic_minor_version}.${elastic_patch_version}.zip" elif [[ ${EnvironmentType} == 'sources' ]] then - BRANCH="3.12-7.6" + BRANCH="3.13-7.7" if [[ $BRANCH != "" ]]; then yum install -y git curl --silent --location https://rpm.nodesource.com/setup_10.x | bash - @@ -452,4 +452,4 @@ main(){ custom_welcome } -main \ No newline at end of file +main diff --git a/demo/splunk/wazuh_cf_splunk.sh b/demo/splunk/wazuh_cf_splunk.sh index 42a42b5..ce99b9a 100644 --- a/demo/splunk/wazuh_cf_splunk.sh +++ b/demo/splunk/wazuh_cf_splunk.sh @@ -11,8 +11,8 @@ eth0_ip=$(/sbin/ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | cut -d' ' -f1 wazuh_api_user=$(cat /tmp/wazuh_cf_settings | grep '^WazuhApiAdminUsername:' | cut -d' ' -f2) wazuh_api_password=$(cat /tmp/wazuh_cf_settings | grep '^WazuhApiAdminPassword:' | cut -d' ' -f2) wazuh_api_port=$(cat /tmp/wazuh_cf_settings | grep '^WazuhApiPort:' | cut -d' ' -f2) -TAG="v3.12.3" -APP_TAG="v3.12.3-7.3.4" +TAG="v3.13.0" +APP_TAG="v3.13.0-7.3.4" # Creating SSH user adduser ${ssh_username} echo "${ssh_username} ALL=(ALL)NOPASSWD:ALL" >> /etc/sudoers diff --git a/demo/wazuh/agents/wazuh_agent_amazon.sh b/demo/wazuh/agents/wazuh_agent_amazon.sh index 2a8b28f..849c5fe 100644 --- a/demo/wazuh/agents/wazuh_agent_amazon.sh +++ b/demo/wazuh/agents/wazuh_agent_amazon.sh @@ -52,7 +52,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx diff --git a/demo/wazuh/agents/wazuh_agent_centos.sh b/demo/wazuh/agents/wazuh_agent_centos.sh index 2a8b28f..849c5fe 100644 --- a/demo/wazuh/agents/wazuh_agent_centos.sh +++ b/demo/wazuh/agents/wazuh_agent_centos.sh @@ -52,7 +52,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx diff --git a/demo/wazuh/agents/wazuh_agent_rhel.sh b/demo/wazuh/agents/wazuh_agent_rhel.sh index 1576687..f6ad1cc 100644 --- a/demo/wazuh/agents/wazuh_agent_rhel.sh +++ b/demo/wazuh/agents/wazuh_agent_rhel.sh @@ -170,7 +170,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx @@ -234,4 +234,4 @@ docker pull nginx docker run -d -P --name nginx_container nginx docker exec -ti nginx_container cat /etc/passwd docker stop nginx_container -docker rm nginx_container \ No newline at end of file +docker rm nginx_container diff --git a/demo/wazuh/agents/wazuh_cf_agent.sh b/demo/wazuh/agents/wazuh_cf_agent.sh index 68e6330..6e7de52 100644 --- a/demo/wazuh/agents/wazuh_cf_agent.sh +++ b/demo/wazuh/agents/wazuh_cf_agent.sh @@ -51,7 +51,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx diff --git a/demo/wazuh/agents/wazuh_cf_agent_debian.sh b/demo/wazuh/agents/wazuh_cf_agent_debian.sh index dd4ae6d..b7da2b9 100644 --- a/demo/wazuh/agents/wazuh_cf_agent_debian.sh +++ b/demo/wazuh/agents/wazuh_cf_agent_debian.sh @@ -54,7 +54,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" apt install make gcc libc6-dev curl policycoreutils automake autoconf libtool -y diff --git a/demo/wazuh/agents/wazuh_cf_agent_ubuntu.sh b/demo/wazuh/agents/wazuh_cf_agent_ubuntu.sh index 6b18b1b..acf5404 100644 --- a/demo/wazuh/agents/wazuh_cf_agent_ubuntu.sh +++ b/demo/wazuh/agents/wazuh_cf_agent_ubuntu.sh @@ -45,7 +45,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" apt install make gcc libc6-dev curl policycoreutils automake autoconf libtool -y diff --git a/demo/wazuh/cluster/wazuh_cf_master.sh b/demo/wazuh/cluster/wazuh_cf_master.sh index 8030373..eb629de 100644 --- a/demo/wazuh/cluster/wazuh_cf_master.sh +++ b/demo/wazuh/cluster/wazuh_cf_master.sh @@ -26,7 +26,7 @@ AwsSecretKey=$(cat /tmp/wazuh_cf_settings | grep '^AwsSecretKey:' | cut -d' ' -f AwsAccessKey=$(cat /tmp/wazuh_cf_settings | grep '^AwsAccessKey:' | cut -d' ' -f2) SlackHook=$(cat /tmp/wazuh_cf_settings | grep '^SlackHook:' | cut -d' ' -f2) EnvironmentType=$(cat /tmp/wazuh_cf_settings | grep '^EnvironmentType:' | cut -d' ' -f2) -TAG='v3.12.3' +TAG='v3.13.0' echo "Added env vars." >> /tmp/deploy.log @@ -67,7 +67,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx @@ -125,7 +125,7 @@ then chkconfig --add wazuh-api echo "Installed Wazuh API." >> /tmp/deploy.log else - API_BRANCH="3.12" + API_BRANCH="3.13" npm config set user 0 curl -LO https://github.com/wazuh/wazuh-api/archive/$API_BRANCH.zip unzip $API_BRANCH.zip diff --git a/demo/wazuh/cluster/wazuh_cf_worker.sh b/demo/wazuh/cluster/wazuh_cf_worker.sh index 3b4cfc7..acea8f9 100644 --- a/demo/wazuh/cluster/wazuh_cf_worker.sh +++ b/demo/wazuh/cluster/wazuh_cf_worker.sh @@ -19,7 +19,7 @@ SlackHook=$(cat /tmp/wazuh_cf_settings | grep '^SlackHook:' | cut -d' ' -f2) EnvironmentType=$(cat /tmp/wazuh_cf_settings | grep '^EnvironmentType:' | cut -d' ' -f2) splunk_username=$(cat /tmp/wazuh_cf_settings | grep '^SplunkUsername:' | cut -d' ' -f2) splunk_password=$(cat /tmp/wazuh_cf_settings | grep '^SplunkPassword:' | cut -d' ' -f2) -TAG='v3.12.3' +TAG='v3.13.0' # Check if running as root if [[ $EUID -ne 0 ]]; then @@ -57,7 +57,7 @@ elif [[ ${EnvironmentType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx diff --git a/demo/wazuh_template.yml b/demo/wazuh_template.yml index c2df97f..3be73da 100644 --- a/demo/wazuh_template.yml +++ b/demo/wazuh_template.yml @@ -241,8 +241,9 @@ Parameters: - 7.6.1_3.12.0 - 7.6.2_3.12.2 - 7.6.2_3.12.3 + - 7.7.1_3.13.0 ConstraintDescription: Format is ElasticVersion_WazuhVersion - Default: 7.6.2_3.12.3 + Default: 7.7.1_3.13.0 Description: Elastic and Wazuh versions to be installed Type: String WazuhInstanceType: @@ -727,7 +728,7 @@ Resources: group: root /tmp/wazuh_cf_bootstrap_elastic.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/elastic/wazuh_cf_bootstrap_elastic.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/elastic/wazuh_cf_bootstrap_elastic.sh mode: '000700' owner: root group: root @@ -806,7 +807,7 @@ Resources: group: root /tmp/wazuh_cf_elastic.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/elastic/wazuh_cf_elastic.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/elastic/wazuh_cf_elastic.sh mode: '000700' owner: root group: root @@ -885,7 +886,7 @@ Resources: group: root /tmp/wazuh_cf_elastic.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/elastic/wazuh_cf_elastic.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/elastic/wazuh_cf_elastic.sh mode: '000700' owner: root group: root @@ -1112,7 +1113,7 @@ Resources: group: root /tmp/wazuh_cf_kibana.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/elastic/wazuh_cf_kibana.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/elastic/wazuh_cf_kibana.sh mode: '000700' owner: root group: root @@ -1189,7 +1190,7 @@ Resources: group: root /tmp/wazuh_cf_splunk.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/splunk/wazuh_cf_splunk.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/splunk/wazuh_cf_splunk.sh mode: '000700' owner: root group: root @@ -1283,7 +1284,7 @@ Resources: group: root /tmp/wazuh_cf_master.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/wazuh/cluster/wazuh_cf_master.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/wazuh/cluster/wazuh_cf_master.sh mode: '000700' owner: root group: root @@ -1372,7 +1373,7 @@ Resources: group: root /tmp/wazuh_cf_worker.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/wazuh/cluster/wazuh_cf_worker.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/wazuh/cluster/wazuh_cf_worker.sh mode: '000700' owner: root group: root @@ -1453,7 +1454,7 @@ Resources: group: root /tmp/wazuh_agent_amazon.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/wazuh/agents/wazuh_agent_amazon.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/wazuh/agents/wazuh_agent_amazon.sh mode: '000700' owner: root group: root @@ -1534,7 +1535,7 @@ Resources: group: root /tmp/wazuh_agent_centos.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/wazuh/agents/wazuh_agent_centos.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/wazuh/agents/wazuh_agent_centos.sh mode: '000700' owner: root group: root @@ -1628,7 +1629,7 @@ Resources: Add-LocalGroupMember -Group "Remote Desktop Users" -Member "wazuh" net user Administrator ${SshPassword} $master_ip=${WazuhNetworkLoadBalancer.DNSName} - $url = "https://packages.wazuh.com/3.x/windows/wazuh-agent-3.12.3-1.msi" + $url = "https://packages.wazuh.com/3.x/windows/wazuh-agent-3.13.0-1.msi" $path = "C:\\Users\\Administrator\\Desktop\\wazuh-agent.msi" $url_osquery = "https://pkg.osquery.io/windows/osquery-3.3.2.msi" $path_osquery = "C:\\Users\\Administrator\\Desktop\\osquery.msi" @@ -1708,7 +1709,7 @@ Resources: group: root /tmp/wazuh_agent_debian.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/wazuh/agents/wazuh_cf_agent_debian.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/wazuh/agents/wazuh_cf_agent_debian.sh mode: '000700' owner: root group: root @@ -1796,7 +1797,7 @@ Resources: group: root /tmp/wazuh_agent_ubuntu.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/wazuh/agents/wazuh_cf_agent_ubuntu.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/wazuh/agents/wazuh_cf_agent_ubuntu.sh mode: '000700' owner: root group: root @@ -1884,7 +1885,7 @@ Resources: group: root /tmp/wazuh_agent_rhel.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/demo/wazuh/agents/wazuh_agent_rhel.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/demo/wazuh/agents/wazuh_agent_rhel.sh mode: '000700' owner: root group: root diff --git a/production/elastic/wazuh_cf_bootstrap_elastic.sh b/production/elastic/wazuh_cf_bootstrap_elastic.sh index fec6673..5101c9a 100644 --- a/production/elastic/wazuh_cf_bootstrap_elastic.sh +++ b/production/elastic/wazuh_cf_bootstrap_elastic.sh @@ -18,7 +18,7 @@ master_ip=$(cat /tmp/wazuh_cf_settings | grep '^MasterIp:' | cut -d' ' -f2) worker_ip=$(cat /tmp/wazuh_cf_settings | grep '^WorkerIp:' | cut -d' ' -f2) kibana_ip=$(cat /tmp/wazuh_cf_settings | grep '^KibanaIp:' | cut -d' ' -f2) -TAG="v3.12.3" +TAG="v3.13.0" echo "Added env vars." >> /tmp/deploy.log echo "eth0_ip: $eth0_ip" >> /tmp/deploy.log diff --git a/production/elastic/wazuh_cf_kibana.sh b/production/elastic/wazuh_cf_kibana.sh index a21301d..619e005 100644 --- a/production/elastic/wazuh_cf_kibana.sh +++ b/production/elastic/wazuh_cf_kibana.sh @@ -235,7 +235,7 @@ get_plugin_url(){ plugin_url="https://packages.wazuh.com/wazuhapp/wazuhapp-${wazuh_major}.${wazuh_minor}.${wazuh_patch}_${elastic_major_version}.${elastic_minor_version}.${elastic_patch_version}.zip" elif [[ ${InstallType} == 'sources' ]] then - BRANCH="3.12-7.6" + BRANCH="3.13-7.7" if [[ $BRANCH != "" ]]; then yum install -y git curl --silent --location https://rpm.nodesource.com/setup_10.x | bash - @@ -409,4 +409,4 @@ main(){ echo "Deploy finished" >> /tmp/deploy.log } -main \ No newline at end of file +main diff --git a/production/wazuh/cluster/wazuh_cf_master.sh b/production/wazuh/cluster/wazuh_cf_master.sh index 97f5709..410550e 100644 --- a/production/wazuh/cluster/wazuh_cf_master.sh +++ b/production/wazuh/cluster/wazuh_cf_master.sh @@ -18,7 +18,7 @@ wazuh_cluster_key=$(cat /tmp/wazuh_cf_settings | grep '^WazuhClusterKey:' | cut elb_elastic=$(cat /tmp/wazuh_cf_settings | grep '^ElbElasticDNS:' | cut -d' ' -f2) eth0_ip=$(/sbin/ifconfig eth0 | grep 'inet' | head -1 | sed -e 's/^[[:space:]]*//' | cut -d' ' -f2) InstallType=$(cat /tmp/wazuh_cf_settings | grep '^InstallType:' | cut -d' ' -f2) -TAG='v3.12.3' +TAG='v3.13.0' echo "Added env vars." >> /tmp/deploy.log @@ -52,7 +52,7 @@ elif [[ ${InstallType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx @@ -110,7 +110,7 @@ then chkconfig --add wazuh-api echo "Installed Wazuh API." >> /tmp/deploy.log else - API_BRANCH="3.12" + API_BRANCH="3.13" npm config set user 0 curl -LO https://github.com/wazuh/wazuh-api/archive/$API_BRANCH.zip unzip $API_BRANCH.zip diff --git a/production/wazuh/cluster/wazuh_cf_worker.sh b/production/wazuh/cluster/wazuh_cf_worker.sh index f8564a8..b3e1987 100644 --- a/production/wazuh/cluster/wazuh_cf_worker.sh +++ b/production/wazuh/cluster/wazuh_cf_worker.sh @@ -13,7 +13,7 @@ wazuh_cluster_key=$(cat /tmp/wazuh_cf_settings | grep '^WazuhClusterKey:' | cut wazuh_master_ip=$(cat /tmp/wazuh_cf_settings | grep '^WazuhMasterIP:' | cut -d' ' -f2) elb_elasticsearch=$(cat /tmp/wazuh_cf_settings | grep '^ElbElasticDNS:' | cut -d' ' -f2) InstallType=$(cat /tmp/wazuh_cf_settings | grep '^InstallType:' | cut -d' ' -f2) -TAG='v3.12.3' +TAG='v3.13.0' # Check if running as root if [[ $EUID -ne 0 ]]; then @@ -44,7 +44,7 @@ elif [[ ${InstallType} == 'sources' ]] then # Compile Wazuh manager from sources - BRANCH="3.12" + BRANCH="3.13" yum install make gcc policycoreutils-python automake autoconf libtool -y curl -Ls https://github.com/wazuh/wazuh/archive/$BRANCH.tar.gz | tar zx diff --git a/production/wazuh_template.yml b/production/wazuh_template.yml index ebb76bb..dd8e81f 100644 --- a/production/wazuh_template.yml +++ b/production/wazuh_template.yml @@ -165,8 +165,9 @@ Parameters: - 7.6.1_3.12.0 - 7.6.2_3.12.2 - 7.6.2_3.12.3 + - 7.7.1_3.13.0 ConstraintDescription: Format is ElasticVersion_WazuhVersion - Default: 7.6.2_3.12.3 + Default: 7.7.1_3.13.0 Description: Elastic and Wazuh versions to be installed Type: String WazuhInstanceType: @@ -506,7 +507,7 @@ Resources: group: root /tmp/wazuh_cf_bootstrap_elastic.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/production/elastic/wazuh_cf_bootstrap_elastic.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/production/elastic/wazuh_cf_bootstrap_elastic.sh mode: '000700' owner: root group: root @@ -585,7 +586,7 @@ Resources: group: root /tmp/wazuh_cf_elastic.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/production/elastic/wazuh_cf_elastic.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/production/elastic/wazuh_cf_elastic.sh mode: '000700' owner: root group: root @@ -664,7 +665,7 @@ Resources: group: root /tmp/wazuh_cf_elastic.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/production/elastic/wazuh_cf_elastic.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/production/elastic/wazuh_cf_elastic.sh mode: '000700' owner: root group: root @@ -964,7 +965,7 @@ Resources: group: root /tmp/wazuh_cf_kibana.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/production/elastic/wazuh_cf_kibana.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/production/elastic/wazuh_cf_kibana.sh mode: '000700' owner: root group: root @@ -1045,7 +1046,7 @@ Resources: group: root /tmp/wazuh_cf_master.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/production/wazuh/cluster/wazuh_cf_master.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/production/wazuh/cluster/wazuh_cf_master.sh mode: '000700' owner: root group: root @@ -1127,7 +1128,7 @@ Resources: group: root /tmp/wazuh_cf_worker.sh: source: !Sub >- - https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.12.3_7.6.2/production/wazuh/cluster/wazuh_cf_worker.sh + https://raw.githubusercontent.com/wazuh/wazuh-cloudformation/v3.13.0_7.7.1/production/wazuh/cluster/wazuh_cf_worker.sh mode: '000700' owner: root group: root diff --git a/production_ansible/01_create_stack.yml b/production_ansible/01_create_stack.yml index 5ed75ee..9db711f 100644 --- a/production_ansible/01_create_stack.yml +++ b/production_ansible/01_create_stack.yml @@ -51,8 +51,8 @@ elastic_user: admin elastic_password: admin_pass ssh_key_path_private: "{{ hostvars['localhost']['user_ssh_key_path'] }}" - elastic_version: 7.6.2 - wazuh_version: 3.12.3-1 + elastic_version: 7.7.1 + wazuh_version: 3.13.0-1 wazuh_api_admin_username: foo wazuh_api_admin_password: bar wazuh_api_password: bar From 2614fc00c1b76f2b0352c962e089adcf82bd0514 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 23 Jun 2020 11:28:23 +0200 Subject: [PATCH 3/4] Bump Splunk references to 7.3.5 version --- demo/splunk/wazuh_cf_splunk.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/demo/splunk/wazuh_cf_splunk.sh b/demo/splunk/wazuh_cf_splunk.sh index ce99b9a..78ed174 100644 --- a/demo/splunk/wazuh_cf_splunk.sh +++ b/demo/splunk/wazuh_cf_splunk.sh @@ -12,7 +12,7 @@ wazuh_api_user=$(cat /tmp/wazuh_cf_settings | grep '^WazuhApiAdminUsername:' | c wazuh_api_password=$(cat /tmp/wazuh_cf_settings | grep '^WazuhApiAdminPassword:' | cut -d' ' -f2) wazuh_api_port=$(cat /tmp/wazuh_cf_settings | grep '^WazuhApiPort:' | cut -d' ' -f2) TAG="v3.13.0" -APP_TAG="v3.13.0-7.3.4" +APP_TAG="v3.13.0-7.3.5" # Creating SSH user adduser ${ssh_username} echo "${ssh_username} ALL=(ALL)NOPASSWD:ALL" >> /etc/sudoers From e855adbea797a36e5dbf555f02fccd1d43936f04 Mon Sep 17 00:00:00 2001 From: Zenidd Date: Tue, 23 Jun 2020 11:46:45 +0200 Subject: [PATCH 4/4] update splunk installer URL and version --- demo/splunk/wazuh_cf_splunk.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/demo/splunk/wazuh_cf_splunk.sh b/demo/splunk/wazuh_cf_splunk.sh index 78ed174..cf7161e 100644 --- a/demo/splunk/wazuh_cf_splunk.sh +++ b/demo/splunk/wazuh_cf_splunk.sh @@ -24,10 +24,10 @@ systemctl restart sshd yum install net-tools wget git curl -y -q # download splunk -wget -O splunk-7.2.3-06d57c595b80-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.3&product=splunk&filename=splunk-7.2.3-06d57c595b80-linux-2.6-x86_64.rpm&wget=true' &> /dev/null +wget -O splunk-7.3.5-86fd62efc3d7-linux-2.6-x86_64.rpm 'https://wazuh-demo.s3-us-west-1.amazonaws.com/splunk-7.3.5-86fd62efc3d7-linux-2.6-x86_64.rpm' &> /dev/null # install splunk -yum install splunk-7.2.3-06d57c595b80-linux-2.6-x86_64.rpm -y &> /dev/null +yum install splunk-7.3.5-86fd62efc3d7-linux-2.6-x86_64.rpm -y &> /dev/null # add admin user echo "[user_info]" > /opt/splunk/etc/system/local/user-seed.conf