Code Monkey home page Code Monkey logo

wazuh-bosh's Introduction

Note

This repository has been archived and is no longer maintained.

Wazuh for Bosh

Prepare release

Clone repository and checkout to branch v4.4.0

git clone https://github.com/wazuh/wazuh-bosh
cd wazuh-bosh
git checkout v4.4.0

Single or Multi Node Wazuh Cluster

First of all it will be neccessary to determine the kind of deployment. If it is a Multi Node Cluster with more than one Worker Node there will be some changes to apply prior to the Release creation:

  • In manifest/wazuh-agent-cluster.yml add a new property (wazuh_server_worker_address_#) for each extra worker node. The IPs can be assigned before the deployment. Example:
      properties:
          wazuh_server_address: 172.31.32.4 
          wazuh_server_registration_address: 172.31.32.4
          wazuh_server_worker_address: 172.31.32.5
          wazuh_server_worker_address_2: 172.31.32.6
          wazuh_server_worker_address_3: 172.31.32.7
          wazuh_server_protocol: "tcp"
          wazuh_agents_prefix: "bosh-"
          wazuh_agent_profile: "generic"
          wazuh_multinode: true
    <server>
      <address><%= p("wazuh_server_worker_address") %></address>
      <port>1514</port>
      <protocol><%= p("wazuh_server_protocol") %></protocol>
    </server>
    <server>
      <address><%= p("wazuh_server_worker_address_2") %></address>
      <port>1514</port>
      <protocol><%= p("wazuh_server_protocol") %></protocol>
    </server>
    <server>
      <address><%= p("wazuh_server_worker_address_3") %></address>
      <port>1514</port>
      <protocol><%= p("wazuh_server_protocol") %></protocol>
    </server>
    <server>
      <address><%= p("wazuh_server_address") %></address>
      <port>1514</port>
      <protocol><%= p("wazuh_server_protocol") %></protocol>
    </server>

Where wazuh_server_worker_address_2 and wazuh_server_worker_address_3 are the properties added on the previous step.

Download blobs from the S3 repository using Curl

mkdir -p blobs/wazuh
curl https://packages.wazuh.com/bosh/wazuh-manager-4.4.0.tar.gz -o blobs/wazuh/wazuh-manager.tar.gz
curl https://packages.wazuh.com/bosh/wazuh-agent-4.4.0.tar.gz -o blobs/wazuh/wazuh-agent.tar.gz

Add blobs to Bosh environment

bosh -e your_bosh_environment add-blob blobs/wazuh/wazuh-manager.tar.gz /wazuh/wazuh-manager.tar.gz
bosh -e your_bosh_environment add-blob blobs/wazuh/wazuh-agent.tar.gz /wazuh/wazuh-agent.tar.gz

Upload blobs to the blob store

bosh -e your_bosh_environment upload-blobs

Create release

bosh -e your_bosh_environment create-release --final --version=4.4.0 --force

Upload release

bosh -e your_bosh_environment upload-release

Deploy Wazuh Server

Deploy Master Node Execute the following command to deploy the Master Node:

bosh -e your_bosh_environment -d wazuh-manager deploy manifest/wazuh-manager.yml

Check deployment status

Get instance name.

bosh -e your_bosh_environment vms

If the deployment succeeded the Process State will be running.

For further checks connect to the instance using ssh and the Instance Name obtained in the previous command.

bosh -e your_bosh_environment -d wazuh-manager ssh InstanceName

Check Wazuh Manager status.

sudo -i
/var/ossec/bin/wazuh-control status

The result must be like this:

wazuh-clusterd is running...
wazuh-modulesd is running...
wazuh-monitord is running...
wazuh-logcollector is running...
wazuh-remoted is running...
wazuh-syscheckd is running...
wazuh-analysisd is running...
wazuh-maild not running...
wazuh-execd is running...
wazuh-db is running...
wazuh-authd is running...
wazuh-agentlessd not running...
wazuh-integratord not running...
wazuh-dbd not running...
wazuh-csyslogd not running...
wazuh-apid is running...

Deploy Worker Node

Execute this step only if you need to deploy a multi-node Wazuh Cluster. Configure manifest/wazuh-manager-worker.yml according to the number of instances you want to create.

Obtain the address of your recently deployed Wazuh Manager and update the wazuh_master_address setting in the manifest/wazuh-manager-worker.yml runtime configuration file. Use the following command to obtain the IP:

bosh -e your_bosh_environment vms

Execute the following command to deploy the Worker Node:

bosh -e your_bosh_environment -d wazuh-manager-worker deploy manifest/wazuh-manager-worker.yml

Deploy Wazuh Agents

Single Node Wazuh Cluster

Obtain the address of your recently deployed Wazuh Manager and update the wazuh_server_address and wazuh_server_registration_address settings in the manifest/wazuh-agent.yml runtime configuration file.

NOTE: wazuh_server_worker_address will not be used in this deployment but it must have a value.

Use the following command to obtain the IP:

bosh -e your_bosh_environment vms

Update your Director runtime configuration by executing:

bosh -e your_bosh_environment update-runtime-config --name=wazuh-agent-addons manifest/wazuh-agent.yml

Redeploy your initial manifest to make Bosh install and configure the Wazuh Agent on target instances.

Multi Node Wazuh Cluster

Obtain the address of your recently deployed Wazuh Manager Master and Worker nodes and update the following settings in the manifest/wazuh-agent-cluster.yml runtime configuration file.

  • wazuh_server_address (Master Node IP)
  • wazuh_server_registration_address (Master Node IP)
  • wazuh_server_worker_address (Worker Node IP). If there are more than one worker nodes assign the values to the wazuh_server_worker_address_# properties.

Use the following command to obtain the IP:

bosh -e your_bosh_environment vms

Update your Director runtime configuration by executing:

bosh -e your_bosh_environment update-runtime-config --name=wazuh-agent-addons manifest/wazuh-agent-cluster.yml

Redeploy your initial manifest to make Bosh install and configure the Wazuh Agent on target instances.

Deploy Wazuh Agents using SSL

You can register your Wazuh Agents using SSL to secure the communication as described in Agent verification using SSL

To pass your generated sslagent.cert and sslagent.key files to your runtime configuration you simply have to include them in wazuh_agent_cert and wazuh_agent_key parameters like in the following example:

---
  releases:
  - name: "wazuh"
    version: 4.4.0

  addons:
  - name: wazuh
    release: 4.4.0
    jobs:
    - name: wazuh-agent
      release: wazuh
      properties:
          wazuh_server_address: 172.31.32.4
          wazuh_server_registration_address: 172.31.32.4
          wazuh_server_worker_address: 172.31.32.5
          wazuh_server_protocol: "tcp"
          wazuh_agents_prefix: "bosh-"
          wazuh_agent_profile: "generic"
          wazuh_agent_cert: |
            -----BEGIN CERTIFICATE-----
            MIIE6jCCAtICCQCeRsKNJC058zANBgkqhkiG9w0BAQsFADAsMQswCQYDVQQGEwJV
            UzELMAkGA1UECAwCQ0ExEDAOBgNVBAoMB01hbmFnZXIwHhcNMjAwMjEwMTExNzQ5
            WhcNMjEwMjA5MTExNzQ5WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVs
            ...
            -----END CERTIFICATE-----
          wazuh_agent_key: |
            -----BEGIN PRIVATE KEY-----
            MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDgSRkPQbeFBXWE
            2fG1XZEkJyAVP/wjcuGWRmIufexw/tpVF0+AADhafJwpre+9zYYFDwPeYSN11zAH
            E5KGDhqDh9hie3xnTOllHfjXbvijuqoLkNUU6HsssGFI/epA1Yfyl220ZNE5AZCL
            ...
            -----END PRIVATE KEY-----          
    exclude:
      deployments: [wazuh-manager]

Then, update your runtime configuration by executing:

bosh -e your_bosh_environment update-runtime-config --name=wazuh-agent-addons manifest/wazuh-agent.yml

This way, your cert and key will be rendered under /var/ossec/<random_id>/etc/ and used in the registration process and any communications between the Agent and Manager.

Delete Procedure

Manager Worker deployment

bosh -e your_bosh_environment -d wazuh-manager-worker deld

Manager Master deployment

bosh -e your_bosh_environment -d wazuh-manager deld

Agent Deployment

bosh -e your_bosh_environment update-runtime-config --name=wazuh-agent-addons manifest/wazuh-agent-delete.yml

Wazuh Release

bosh -e your_bosh_environment delete-release wazuh/4.4.0
rm -rf dev_releases/wazuh/
rm -rf releases/wazuh/

Blobs

bosh -e your_bosh_environment remove-blob /wazuh/wazuh-agent.tar.gz
bosh -e your_bosh_environment remove-blob /wazuh/wazuh-manager.tar.gz

General usage notes

Wazuh deployed via Docker

If your Wazuh Docker deployment does not contain any extra configurations, it will be necessary to modify the wazuh_server_protocol property in the manifest/wazuh-agent.yml to UDP given that this bosh agent will attempt to connect using the port 1514 that is reserved to UDP in the Docker deployment.

Cloud Foundry resources registration

Once your Bosh release is completed successfully the agents will be able to register themselves normally against any Wazuh manager. If you choose to use an external manager or deployed agents across different clusters, you might face duplicated IP Addresses.

Wazuh chooses to primarily identify hosts with their IP Addresses but it is possible to change that by modifying the tag <use_source_ip> to no inside the Wazuh Manager's ossec.conf file.

wazuh-bosh's People

Contributors

alberpilot avatar havidarou avatar infra-red avatar jmcarp avatar jnarvaezp avatar manuasir avatar santiago-bassett avatar sharms avatar snaow avatar teddytpc1 avatar tordenist avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jccarte rtkjbillo jmcarp sharms dohq benhe119 tordenist infra-red savobit bijaysenihang jason-weise isabella232 cerebrumtec rakhithjk jay-anonymous arunkumaruniqueoutlook

wazuh-bosh's Issues

wazuh-bosh 5.0 agent process unification compliant

Description

This issue aims to modify the way in which verifications are made or Wazuh core processes are used in the internal workings of this repository, given the epic: wazuh/wazuh#7981

For this, the following repository occurrences are listed so that they can be analyzed, modified, and/or adapted based on the requirement.

Current: execd, logcollector and syscheckd exist in the Wazuh ecosystem.
Expected: unify the old process behavior under the guardianship of wmodulesd.
Versions in which it should be applied: >= 5.0

Wazuh agents deployment is crashing

We noticed that the instance where we are deploying Wazuh agent is having the disk space 100% used. The reason behind it is that there are “pre start scripts” looping on “You already have Wazuh installed. Do you want to update it? (y/n):” which causes logs to fill up and crashes system.

git-lfs: Repository is over its data quota

I'm getting the following error when trying to pull bosh blobs:

$ git lfs pull
batch response: This repository is over its data quota. Account responsible for LFS bandwidth should purchase more data packs to restore access.
error: failed to fetch some objects from 'https://github.com/wazuh/wazuh-bosh.git/info/lfs'

Could you please fix that? I'm not able to build release without blobs 🤷🏼‍♂️

Some files missing during agent installation

Hello team,

We have seen that some files and directories where missing while initializing a Wazuh Agent deployed with bosh:

Directories list:

/var/vcap/data/wazuh-agent/etc/
/var/vcap/packages/wazuh-agent/etc/
/var/vcap/packages/wazuh-agent/bin

File missing:

/var/vcap/packages/wazuh-agent/bin/agent-auth

We would need to do some further testing for this deployment to make sure that is working as intended.

Regards,
Franco Hielpos

Update Bosh to 4.2.4

Hello team,

we need to update our Bosh repo to 4.2.4 to accommodate for our latest version.

Regards,

Javier.

Release v4.3.0 Bosh

  • Create 4.3.0 tag
  • Create draft release
  • Upload Wazuh TAR files to S3
  • Publish draft release
  • Merge 4.3 into stable
  • Merge 4.3 into master
  • Update version in wazuh/wazuh-documentary

Release v4.2.5 Bosh

  • Create draft release and 4.2.5 tag
  • Merge 4.2 into stable
  • Merge 4.2 into master
  • Update version in wazuh/wazuh-documentary

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.