Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

wazuh (4) Versions 0.0.9

Installs and onfigures ossec

Policyfile
Berkshelf
Knife
cookbook 'wazuh', '~> 0.0.9', :supermarket
cookbook 'wazuh', '~> 0.0.9'
knife supermarket install wazuh
knife supermarket download wazuh
README
Dependencies
Changelog
Quality 50%

Wazuh cookbook (Manager, Agent, API)

Requirements

Platforms

Tested on Ubuntu and CentOS, but should work on any Unix/Linux platform supported by Wazuh. Installation by default is done from packages.

This cookbook doesn't configure Windows systems yet. For manual agent installation on Windows, check the documentation

Chef

  • Chef 12+

Cookbooks

  • apt
  • yum

Attributes

  • node['ossec']['agent_server_ip'] - Manager server IP address. The client recipe will attempt to determine this value via search. Default is nil, only required for agent installations.

ossec.conf

OSSEC's configuration is mainly read from an XML file called ossec.conf. You can directly control the contents of this file using node attributes under node['ossec']['conf']. These attributes are mapped to XML using Gyoku. See the Gyoku site for details on how this works.

Chef applies attributes from all attribute files regardless of which recipes were executed. In order to make wrapper cookbooks easier to write, node['ossec']['conf'] is divided into the three installation types mentioned below, local, server, and agent. You can also set attributes under all to apply settings across all installation types. The typed attributes are automatically deep merged over the all attributes in the normal Chef manner.

true and false values are automatically mapped to "yes" and "no" as OSSEC expects the latter.

ossec.conf makes use of XML attributes so you can generally construct nested hashes in the usual fashion. Where an attribute is required, you can do it like this:

default['ossec']['conf']['all']['syscheck']['directories'] = [
  { '@check_all' => true, 'content!' => '/bin,/sbin' },
  '/etc,/usr/bin,/usr/sbin'
]

This produces:


  /bin,/sbin
  /etc,/usr/bin,/usr/sbin

agent.conf

Wazuh managers can also distribute configuration to agents using the centralized configuration located in the XML file called agent.conf. It as well support groups granularity for different configurations.
Since Chef can as well distribute configuration, the cookbook leaves this file blank by default. In case you want to populate it, you can define the attributes directly under node['ossec']['agent_conf']. Unlike conventional XML files, agent.conf has multiple root nodes so node['ossec']['agent_conf'] must be treated as an array like so.

default['ossec']['agent_conf'] = [
  {
    'syscheck' => { 'frequency' => 4321 },
    'rootcheck' => { 'disabled' => true }
  },
  {
    '@os' => 'Windows',
    'content!' => {
      'syscheck' => { 'frequency' => 1234 }
    }
  }
]

This produces:


  
    4321
  
  
    yes
  



  
    1234
  

Recipes

repository

Adds the Wazuh apt/yum repository. This recipe is included by others and should not be used directly.

common

The recipe is used for both Manager and Agents, it generates the configuration files ossec.conf and agent.conf.
Puts the configuration file in place and starts the (agent or server) service. This recipe is included by other recipes and generally should not be used directly.

manager

Install and register a Wazuh manager.

agent

Install and register a Wazuh agent.

Usage

The cookbook is used for installing Wazuh in one of the three types:

  • manager - use the wazuh::manager recipe.
  • agent - use the wazuh::agent recipe
  • RESTful API - use the wazuh::wazuh-api recipe

For the Wazuh server, create a role, wazuh_manager. Add attributes per above as needed to customize the installation.

  {
    "name": "wazuh_manager",
    "description": "Wazuh Manager host",
    "json_class": "Chef::Role",
    "default_attributes": {

    },
    "override_attributes": {

    },
    "chef_type": "role",
    "run_list": [
      "recipe[wazuh::manager]"
    ],
    "env_run_lists": {

    }
  }

If you want to build a Wazuh cluster, you need to create two roles, one role for the Master and another one for Client:

Note: This Chef cookbook only brings compatibility with CentOS 7, we are working on add more distributions soon.

  {
    "name": "wazuh_manager_master",
    "description": "Wazuh Manager master node",
    "json_class": "Chef::Role",
    "default_attributes": {

    },
    "override_attributes": {
      "ossec": {
        "cluster_disabled": "no",
        "conf": {
          "server": {
            "cluster": {
              "node_name": "node01",
              "node_type": "master",
              "disabled": "no",
              "nodes": {
                "node": ["172.16.10.10", "172.16.10.11"]
              "key": "596f6b328c8ca831a03f7c7ca8203e8b"
            }
          }
        }
    },
    "chef_type": "role",
    "run_list": [
      "recipe[wazuh::manager]"
    ],
    "env_run_lists": {

    }
  }
  {
    "name": "wazuh_manager_client",
    "description": "Wazuh Manager client node",
    "json_class": "Chef::Role",
    "default_attributes": {

    },
    "override_attributes": {
      "ossec": {
        "cluster_disabled": "no",
        "conf": {
          "server": {
            "cluster": {
              "node_name": "node02",
              "node_type": "client",
              "disabled": "no",
              "nodes": {
                "node": ["172.16.10.10", "172.16.10.11"]
              "key": "596f6b328c8ca831a03f7c7ca8203e8b"
            }
          }
        }
    },
    "chef_type": "role",
    "run_list": [
      "recipe[wazuh::manager]"
    ],
    "env_run_lists": {

    }
  }

Check cluster documentation for more details: https://documentation.wazuh.com/current/user-manual/manager/wazuh-cluster.html

For Wazuh agents, create a role, wazuh_agent.

  {
    "name": "wazuh_agent",
    "description": "Wazuh agent",
    "json_class": "Chef::Role",
    "default_attributes": {

    },
    "override_attributes": {
      "ossec": {
        "registration_address": "manager-master.wazuh-test.com",
        "address": ["manager-master.wazuh-test.com", "manager-client.wazuh-test.com"],
      }
    },
    "chef_type": "role",
    "run_list": [
      "recipe[wazuh::agent]"
    ],
    "env_run_lists": {

    }
  }

Customization

The main configuration file is maintained by Chef as a template, ossec.conf.erb.

Dependent cookbooks

apt >= 0.0.0
chef-sugar >= 0.0.0
poise-python >= 0.0.0
yum >= 0.0.0
hostsfile >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

v0.0.9

Amazon Linux OS included in repository.rb

v0.0.8

Fixed bugs in ossec_to_xml #4 Thanks @smith3v

v0.0.1

  • Initial/current release

Collaborator Number Metric
            

0.0.9 passed this metric

Contributing File Metric
            

0.0.9 passed this metric

Foodcritic Metric
            

0.0.9 failed this metric

FC033: Missing template file: wazuh/recipes/agent.rb:49
FC033: Missing template file: wazuh/recipes/manager.rb:54
FC069: Ensure standardized license defined in metadata: wazuh/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.0.9 passed this metric

Testing File Metric
            

0.0.9 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.0.9 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number