diff --git a/.gitignore b/.gitignore index 4fb53cf..c3c831a 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ wazuh-install.sh wazuh-passwords-tool.sh wazuh-certs-tool.sh config.yml +!documentation-templates/wazuh/config.yml wazuh-install-files.tar wazuh-install-files/ wazuh-offline.tar.gz diff --git a/CHANGELOG.md b/CHANGELOG.md index d706125..555800d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,8 +21,13 @@ All notable changes to this project will be documented in this file. ## [4.10.0] +### Added + +- Migrated documentation templates to wazuh-installation-assistant repository. ([#144](https://github.com/wazuh/wazuh-installation-assistant/pull/144)) + ### Changed +- Removed check functions for Wazuh manager and Filebeat. ([#138](https://github.com/wazuh/wazuh-installation-assistant/pull/138)) - Add checksum input and update the upload files to S3 steps ([#106](https://github.com/wazuh/wazuh-installation-assistant/pull/106)) - Deleted the offline_checkDependencies function and unified logic in offline_checkPrerequisites function. ([#99](https://github.com/wazuh/wazuh-installation-assistant/pull/99)) - Add input for wazuh installation assistant reference in workflows. ([#98](https://github.com/wazuh/wazuh-installation-assistant/pull/98)) diff --git a/documentation-templates/wazuh/config.yml b/documentation-templates/wazuh/config.yml new file mode 100644 index 0000000..13cfe54 --- /dev/null +++ b/documentation-templates/wazuh/config.yml @@ -0,0 +1,28 @@ +nodes: + # Wazuh indexer nodes + indexer: + - name: node-1 + ip: "" + #- name: node-2 + # ip: "" + #- name: node-3 + # ip: "" + + # Wazuh server nodes + # If there is more than one Wazuh server + # node, each one must have a node_type + server: + - name: wazuh-1 + ip: "" + # node_type: master + #- name: wazuh-2 + # ip: "" + # node_type: worker + #- name: wazuh-3 + # ip: "" + # node_type: worker + + # Wazuh dashboard nodes + dashboard: + - name: dashboard + ip: "" \ No newline at end of file diff --git a/documentation-templates/wazuh/filebeat/filebeat.yml b/documentation-templates/wazuh/filebeat/filebeat.yml new file mode 100644 index 0000000..efb6b83 --- /dev/null +++ b/documentation-templates/wazuh/filebeat/filebeat.yml @@ -0,0 +1,39 @@ +# Wazuh - Filebeat configuration file +output.elasticsearch: + hosts: ["127.0.0.1:9200"] + protocol: https + username: ${username} + password: ${password} + ssl.certificate_authorities: + - /etc/filebeat/certs/root-ca.pem + ssl.certificate: "/etc/filebeat/certs/filebeat.pem" + ssl.key: "/etc/filebeat/certs/filebeat-key.pem" +setup.template.json.enabled: true +setup.template.json.path: '/etc/filebeat/wazuh-template.json' +setup.template.json.name: 'wazuh' +setup.ilm.overwrite: true +setup.ilm.enabled: false + +filebeat.modules: + - module: wazuh + alerts: + enabled: true + archives: + enabled: false + +logging.level: info +logging.to_files: true +logging.files: + path: /var/log/filebeat + name: filebeat + keepfiles: 7 + permissions: 0644 + +logging.metrics.enabled: false + +seccomp: + default_action: allow + syscalls: + - action: allow + names: + - rseq diff --git a/install_functions/filebeat.sh b/install_functions/filebeat.sh index 30f039f..266c725 100644 --- a/install_functions/filebeat.sh +++ b/install_functions/filebeat.sh @@ -6,19 +6,6 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -function filebeat_checkService() { - common_logger "Checking Filebeat connection" - - if filebeat test output | grep -q -i -w "ERROR"; then - common_logger -e "Filebeat connection Error." - eval "filebeat test output x ${debug}" - installCommon_rollBack - exit 1 - else - common_logger "Filebeat connection successful" - fi -} - function filebeat_configure(){ common_logger -d "Configuring Filebeat." diff --git a/install_functions/installMain.sh b/install_functions/installMain.sh index 45e389b..94c5c27 100755 --- a/install_functions/installMain.sh +++ b/install_functions/installMain.sh @@ -394,12 +394,10 @@ function main() { manager_startCluster fi installCommon_startService "wazuh-manager" - manager_checkService filebeat_install filebeat_configure installCommon_changePasswords installCommon_startService "filebeat" - filebeat_checkService installCommon_removeWIADependencies fi @@ -416,11 +414,9 @@ function main() { manager_install manager_configure installCommon_startService "wazuh-manager" - manager_checkService filebeat_install filebeat_configure installCommon_startService "filebeat" - filebeat_checkService common_logger "--- Wazuh dashboard ---" dashboard_install dashboard_configure diff --git a/install_functions/manager.sh b/install_functions/manager.sh index e20b9dc..c3d8415 100644 --- a/install_functions/manager.sh +++ b/install_functions/manager.sh @@ -42,50 +42,6 @@ function manager_startCluster() { } -function manager_checkService() { - common_logger "Checking Wazuh API connection" - - max_attempts=15 - attempt=0 - seconds=5 - api_password="wazuh-wui" - token_command="curl -k -s -X POST -u \"wazuh-wui:${api_password}\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\"" - TOKEN=$(eval "${token_command}") - - # Wait for the API to be ready - while [[ -z "${TOKEN}" && "${attempt}" -lt "${max_attempts}" ]]; do - attempt=$((attempt+1)) - common_logger "Attempt $attempt: Checking the Wazuh API to be ready" - sleep "${seconds}" - TOKEN=$(eval "${token_command}") - done - common_logger "Wazuh API is ready to receive requests." - - # Change curl credentials in case the master node has changed the passwords - if [[ "${TOKEN}" =~ "Invalid credentials" && "${server_node_types[pos]}" == "worker" ]]; then - api_password=$(tar -axf "${tar_file}" wazuh-install-files/wazuh-passwords.txt -O | grep -P "'wazuh-wui'" -A 1 | awk 'NR==2 { print $2 }' | sed "s/'//g") - token_command="curl -k -s -X POST -u \"wazuh-wui:${api_password}\" https://127.0.0.1:55000/security/user/authenticate/run_as?raw=true -d '{\"user_name\":\"wzread\"}' -H \"content-type:application/json\"" - TOKEN=$(eval "${token_command}") - fi - - if [[ -z "${TOKEN}" ]]; then - common_logger -e "Failed to obtain Wazuh API token after $max_attempts attempts." - installCommon_rollBack - exit 1 - fi - - wm_error=$(curl -k -s -X GET "https://127.0.0.1:55000/agents/outdated?pretty=true" -H "Authorization: Bearer ${TOKEN}") - - if [[ ${wm_error,,} =~ '"error": 0' ]]; then - common_logger "Wazuh API connection successful" - else - common_logger -e "Wazuh API connection Error. $wm_error" - eval "/var/ossec/bin/wazuh-control status ${debug}" - installCommon_rollBack - exit 1 - fi -} - function manager_configure(){ common_logger -d "Configuring Wazuh manager." @@ -107,7 +63,7 @@ function manager_configure(){ eval "sed -i s/filebeat-key.pem/${server_node_names[0]}-key.pem/ /var/ossec/etc/ossec.conf ${debug}" common_logger -d "Setting provisional Wazuh indexer password." eval "/var/ossec/bin/wazuh-keystore -f indexer -k username -v admin" - eval "/var/ossec/bin/wazuh-keystore -f indexer -k password -v admin" + eval "/var/ossec/bin/wazuh-keystore -f indexer -k password -v admin" common_logger "Wazuh manager vulnerability detection configuration finished." }