Closed minorOffense closed 6 years ago
That makes sense! Thanks!
Hi @minorOffense can you take a look the following branch?
https://github.com/wazuh/wazuh-puppet/tree/iptables
We have included two new options in the class server and client:
# Manage firewall
if $manage_firewall {
include firewall
firewall { '1514 wazuh-manager':
dport => $ossec_server_port,
proto => 'udp',
action => 'accept',
state => [
'NEW',
'RELATED',
'ESTABLISHED'],
}
}
# Manage firewall
if $manage_firewall {
include firewall
firewall { '1514 wazuh-agent':
dport => $ossec_server_port,
proto => 'udp',
action => 'accept',
state => [
'NEW',
'RELATED',
'ESTABLISHED'],
}
}
Hey
I’m just testing this out on our new puppetserver. I’ll report back once I confirm things are working. I have a new machine to bring online this week anyways.
Thanks. On Thu, Dec 7, 2017 at 10:04 PM José Luis Ruiz notifications@github.com wrote:
Hi @minorOffense https://github.com/minoroffense can you take a look the following branch?
https://github.com/wazuh/wazuh-puppet/tree/iptables
We have included two new options in the class server and client:
Manage firewall
if $manage_firewall { include firewall firewall { '1514 wazuh-manager': dport => $ossec_server_port, proto => 'udp', action => 'accept', state => [ 'NEW', 'RELATED', 'ESTABLISHED'], } }
Manage firewall
if $manage_firewall { include firewall firewall { '1514 wazuh-agent': dport => $ossec_server_port, proto => 'udp', action => 'accept', state => [ 'NEW', 'RELATED', 'ESTABLISHED'], } }
— You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/wazuh/wazuh-puppet/issues/53#issuecomment-350159519, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1NMLjjNKLWULe6EOZJtPdsGhWdGc-7ks5s-KczgaJpZM4Q6Ryq .
-- Mathew Winstone CEO/Co-Founder Coldfront Labs Inc. mwinstone@coldfrontlabs.ca (866) 507-8332 x101 Coldfrontlabs.ca twitter: @mathewwinstone d.o: minorOffense
Dropfort - Fortified Drupal https://dropfort.com DrupalCamp Ottawa 2016 Platinum Sponsor < http://drupalcampottawa.com/node/2/sponsors http://2015.drupalcampottawa.com/>
I just tried the iptables branch and I get this when I don't specify anything for firewall
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Wazuh::Server]: parameter 'manage_firewall' expects a Boolean value, got Undef at /etc/puppetlabs/code/environments/port_coldfront/modules/coldfront/manifests/profile.pp:472:3 on node...
And my class def looks like this
class { 'wazuh::server':
smtp_server => 'localhost',
ossec_emailto => lookup('ossec::emails', {merge => 'unique', default_value => []}),
require => [Class['java'], Class['elastic_stack::repo']],
}
Presumably this should work because I should have to pass a value. Should pick up the default from params.
Hi @minorOffense we set the value in:
https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/client.pp#L41
and also the params here:
https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/params.pp#L18
Did you copy the params.pp as well?
Yeah I cloned the whole repo on the iptables branch.
I’m running on puppet 5 btw. On Wed, Dec 13, 2017 at 8:17 PM José Luis Ruiz notifications@github.com wrote:
Hi @minorOffense https://github.com/minoroffense we set the value in:
https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/client.pp#L41
and also the params here:
https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/params.pp#L18
Did you copy the params.pp as well?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wazuh/wazuh-puppet/issues/53#issuecomment-351578025, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1NMEU6fXsYp_N4zkl5MQ2IznGiyJ6Kks5tAHc4gaJpZM4Q6Ryq .
-- Mathew Winstone CEO/Co-Founder Coldfront Labs Inc. mwinstone@coldfrontlabs.ca (866) 507-8332 x101 Coldfrontlabs.ca twitter: @mathewwinstone d.o: minorOffense
Dropfort - Fortified Drupal https://dropfort.com DrupalCamp Ottawa 2016 Platinum Sponsor < http://drupalcampottawa.com/node/2/sponsors http://2015.drupalcampottawa.com/>
Hi @minorOffense you are totally right, I had a typo in the params variable, fixed in the following commit: cbd77508a882424082da9390d7566db6e8e2cb68
Cool, I'll deploy it again and give it another shot.
Yeah it works with/without the var (no compile errors). I’m trying to get a fully working env with/without but I just need to finish our update to elk 6.1 to retest the original scenario. On Wed, Dec 13, 2017 at 10:59 PM José Luis Ruiz notifications@github.com wrote:
Hi @minorOffense https://github.com/minoroffense you are totally right, I had a typo in the params variable, fixed in the following commit: cbd7750 https://github.com/wazuh/wazuh-puppet/commit/cbd77508a882424082da9390d7566db6e8e2cb68
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wazuh/wazuh-puppet/issues/53#issuecomment-351602120, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1NMNpFcfetnkZT_T6BfvcUkMwILlUZks5tAJ0MgaJpZM4Q6Ryq .
-- Mathew Winstone CEO/Co-Founder Coldfront Labs Inc. mwinstone@coldfrontlabs.ca (866) 507-8332 x101 Coldfrontlabs.ca twitter: @mathewwinstone d.o: minorOffense
Dropfort - Fortified Drupal https://dropfort.com DrupalCamp Ottawa 2016 Platinum Sponsor < http://drupalcampottawa.com/node/2/sponsors http://2015.drupalcampottawa.com/>
Hi @minorOffense sorry for the late response, has been a crazy month, merged with the master in the commit https://github.com/wazuh/wazuh-puppet/commit/203b9f9bf5f1d0b56e3233b3914940ca8a0ffcaf
No worries. Thanks for the merge!
Cheers from Ontario as well.
Hello
I'd like to suggest a feature for this module and the ossec-puppet module. Add an option for the agent class to manage the firewall automatically with puppetlabs/firewall
Similar to what the puppet/zabbix module does. Help make the installation that much easier.
If you're interested in this feature I'm willing to put dev time into it. Just want to make sure it's something you're interested in.
Thanks.