All Projects → wazuh → Wazuh Chef

wazuh / Wazuh Chef

Wazuh - Chef cookbooks

Programming Languages

ruby
36898 projects - #4 most used programming language

Projects that are alternatives of or similar to Wazuh Chef

Wazuh Ruleset
Wazuh - Ruleset
Stars: ✭ 305 (+3288.89%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh Docker
Wazuh - Docker containers
Stars: ✭ 213 (+2266.67%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh
Wazuh - The Open Source Security Platform
Stars: ✭ 3,154 (+34944.44%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh Kibana App
Wazuh - Kibana plugin
Stars: ✭ 212 (+2255.56%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh Documentation
Wazuh - Project documentation
Stars: ✭ 82 (+811.11%)
Mutual labels:  log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
wazuh-ansible
Wazuh - Ansible playbook
Stars: ✭ 166 (+1744.44%)
Mutual labels:  log-analysis, incident-response, ids, intrusion-detection, pci-dss, compliance, security-hardening, vulnerability-detection
wazuh-packages
Wazuh - Tools for packages creation
Stars: ✭ 54 (+500%)
Mutual labels:  log-analysis, incident-response, ids, intrusion-detection, pci-dss, compliance, security-hardening, vulnerability-detection
wazuh-puppet
Wazuh - Puppet module
Stars: ✭ 25 (+177.78%)
Mutual labels:  log-analysis, incident-response, intrusion-detection, pci-dss, compliance, security-hardening, vulnerability-detection
wazuh-cloudformation
Wazuh - Amazon AWS Cloudformation
Stars: ✭ 32 (+255.56%)
Mutual labels:  log-analysis, incident-response, ids, pci-dss, security-hardening, vulnerability-detection
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+101422.22%)
Mutual labels:  security-hardening, vulnerability-detection, compliance, pci-dss
Siac
SIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (+1011.11%)
Mutual labels:  incident-response, compliance, intrusion-detection, pci-dss
Ossec Hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Stars: ✭ 3,580 (+39677.78%)
Mutual labels:  compliance, intrusion-detection, pci-dss
Sigma
Generic Signature Format for SIEM Systems
Stars: ✭ 4,418 (+48988.89%)
Mutual labels:  ids, elasticsearch, monitoring
Content
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+13444.44%)
Mutual labels:  security-hardening, compliance, pci-dss
Fail2ban
Daemon to ban hosts that cause multiple authentication errors
Stars: ✭ 6,677 (+74088.89%)
Mutual labels:  ids, monitoring, intrusion-detection
Psad
psad: Intrusion Detection and Log Analysis with iptables
Stars: ✭ 298 (+3211.11%)
Mutual labels:  log-analysis, intrusion-detection
Prowler
Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness. It contains more than 200 controls covering CIS, ISO27001, GDPR, HIPAA, SOC2, ENS and other security frameworks.
Stars: ✭ 4,561 (+50577.78%)
Mutual labels:  security-hardening, compliance
Hastic Server
Hastic data management server for analyzing patterns and anomalies from Grafana
Stars: ✭ 292 (+3144.44%)
Mutual labels:  elasticsearch, monitoring
Osquery
SQL powered operating system instrumentation, monitoring, and analytics.
Stars: ✭ 18,475 (+205177.78%)
Mutual labels:  monitoring, intrusion-detection
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+3933.33%)
Mutual labels:  incident-response, vulnerability-detection

Wazuh - Chef

Slack Email Documentation Documentation

Deploy the Wazuh platform using Chef cookbooks. Chef recipes are prepared for installing and configuring Agent, Manager (cluster) and RESTful API.

Dependencies

Every cookbook will install its own required dependencies, Berksfile and metadata.rb contains all the information about which dependencies will be installed.

There is software that must be installed to ensure the correct installation.

  • Curl
  • Wget
  • Chef Server Core v12.19.31

Cookbooks

Each cookbook has its README.md

Roles

You can find predefined roles for a default installation of Wazuh Agent and Manager in the roles folder.

Check roles README for more information about default attributes and how to customize your installation.

Installation

Cloning whole repository

You can clone the repository by running: git clone https://github.com/wazuh/wazuh-chef and you will get the whole repository.

Use through Berkshelf

The easiest way to making use of these cookbooks (especially wazuh_filebeat & wazuh_elastic until they are published to Supermarket) is by including in your Berksfile the desired cookbooks as stated below:

cookbook "wazuh_agent", git: "https://github.com/wazuh/wazuh-chef.git",rel: 'cookbooks/wazuh_agent'
cookbook "wazuh_manager", git: "https://github.com/wazuh/wazuh-chef.git",rel: 'cookbooks/wazuh_manager'
cookbook 'wazuh_filebeat', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_filebeat'
cookbook 'wazuh_elastic', github: 'https://github.com/wazuh/wazuh-chef.git', rel: 'cookbooks/wazuh_elastic'

You can specify tags, branches, and revisions. More info on https://docs.chef.io/berkshelf.html

Secrets

The following describes how to define the needed JSON files to generate an encrypted data bag.

Important: If API user secret is declared will be installed. Otherwise, the default user will be foo:bar.

api.json

It contains the username and password that will be installed for Wazuh API authentication. Is required by the manager.

Example of a configuration file api_configuration.json before encryption:

{
 "id": "api",
 "htpasswd_user": "<YOUR USER>",
 "htpasswd_passcode": "<YOUR PASSWORD>"
}

Using Data Bags

To transfer our credentials securely, Chef provides data_bags that allows encrypting some sensitive data before communication.

The following process describes an example of how to create secrets and data bags to encrypt data.

  • Install a key or generate one (with OpenSSL for example) on your Workstation openssl rand -base64 512 | tr -d '\r\n' > /tmp/encrypted_data_bag_secret

  • Create the required secret by using : knife data bag from file wazuh_secrets ./api_configuration.json --secret-file /tmp/encrypted_data_bag_secret -z

  • Upload your new secrets with knife upload /

  • Before installing Wazuh-Manager, Wazuh-Filebeat or Wazuh-Elastic you will need to copy the key in /etc/chef/encrypted_data_bag_secret (default path) or in the desired path (remember to specify the key path in knife.rb and config.rb) of your workstation.

After encryption, the previous JSON files will have new fields that describe the encryption method and other useful info. For example api.json after encryption will look like this:

{
  "id": "api",
  "htpasswd_user": {
    "encrypted_data": "whdiITsM/JFBwiAcCE5MaVE2MinRLdDIGbJ0\n",
    "iv": "NVK/ezXHBsSFuiMm\n",
    "auth_tag": "NFPZcxGrjqxRSF7v/+i6Kw==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  },
  "htpasswd_passcode": {
    "encrypted_data": "rX952YaNifO1gtcFXHxjteKCk6Zi592FZGgyE1gs0A==\n",
    "iv": "LThJWRCIB4JaDP4E\n",
    "auth_tag": "2oS9JDBtNdcRhsOdgg/A9A==\n",
    "version": 3,
    "cipher": "aes-256-gcm"
  }
}

Using Chef Vault

Chef Vault provides an easier way to manage Data bags and configure them. To configure it you can follow these steps:

  • Configure knife.rb or config.rb and add knife[:vault_mode] = 'client' to make the workstation transfer vault to the server.

  • Create the vault with:

knife vault create wazuh_secrets api '{"id": "api", "htpasswd_user": "user", "htpasswd_passcode": "password"}' -A "username" -C "manager-1"

Where -A defines the workstation users authorized to modify/edit the vault and -C defines the nodes that have access to the defined vault.

After that, the vault will be created and synced with the server. The defined nodes will store the required keys to decrypt the vault content and consume it.

You can check Chef Official Documentation about Chef Vault for detailed info.

Use through Berkshelf

The easiest way to making use of these cookbooks (especially wazuh_filebeat & wazuh_elastic until they are published to Supermarket) is by including in your Berksfile something like the below:

cookbook 'wazuh', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh'
cookbook 'wazuh_filebeat', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh_filebeat'
cookbook 'wazuh_elastic', gitHub: 'wazuh/wazuh-chef', rel: 'wazuh_elastic'

This will source all three cookbooks housed in this repo from GitHub.

Choose to register an agent into a manager or not

Now we give the possibility to choose to register an agent after being configured and installed in a manager.

In order to do so, it's only needed to assign the value yes to the variable default['ossec']['agent_auth']['register'] in the attributes file_ wazuh-chef/cookbooks/wazuh_agent/attributes/authd.rb:

default['ossec']['agent_auth']['register'] = 'yes'

In other case, we just assign a different value which is not yes.

Contribute

If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users [email protected], to ask questions and participate in discussions.

License and copyright

Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)

References

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].