search

wazuh / wazuh-puppet

Wazuh - Puppet module
https://wazuh.com
GNU General Public License v2.0
45 stars 133 forks source link

manage_firewall option #53

Closed minorOffense closed 6 years ago

minorOffense commented 6 years ago

Hello

I'd like to suggest a feature for this module and the ossec-puppet module. Add an option for the agent class to manage the firewall automatically with puppetlabs/firewall

Similar to what the puppet/zabbix module does. Help make the installation that much easier.

If you're interested in this feature I'm willing to put dev time into it. Just want to make sure it's something you're interested in.

Thanks.

jlruizmlg commented 6 years ago

That makes sense! Thanks!

jlruizmlg commented 6 years ago

Hi @minorOffense can you take a look the following branch?

https://github.com/wazuh/wazuh-puppet/tree/iptables

We have included two new options in the class server and client:

  # Manage firewall
   if $manage_firewall {
     include firewall
     firewall { '1514 wazuh-manager':
       dport  => $ossec_server_port,
       proto  => 'udp',
       action => 'accept',
       state  => [
         'NEW',
         'RELATED',
         'ESTABLISHED'],
    }
  }
  # Manage firewall
   if $manage_firewall {
     include firewall
     firewall { '1514 wazuh-agent':
       dport  => $ossec_server_port,
       proto  => 'udp',
       action => 'accept',
       state  => [
         'NEW',
         'RELATED',
         'ESTABLISHED'],
    }
  }
minorOffense commented 6 years ago

Hey

I’m just testing this out on our new puppetserver. I’ll report back once I confirm things are working. I have a new machine to bring online this week anyways.

Thanks. On Thu, Dec 7, 2017 at 10:04 PM José Luis Ruiz notifications@github.com wrote:

Hi @minorOffense https://github.com/minoroffense can you take a look the following branch?

https://github.com/wazuh/wazuh-puppet/tree/iptables

We have included two new options in the class server and client:

Manage firewall

if $manage_firewall { include firewall firewall { '1514 wazuh-manager': dport => $ossec_server_port, proto => 'udp', action => 'accept', state => [ 'NEW', 'RELATED', 'ESTABLISHED'], } }

Manage firewall

if $manage_firewall { include firewall firewall { '1514 wazuh-agent': dport => $ossec_server_port, proto => 'udp', action => 'accept', state => [ 'NEW', 'RELATED', 'ESTABLISHED'], } }

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/wazuh/wazuh-puppet/issues/53#issuecomment-350159519, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1NMLjjNKLWULe6EOZJtPdsGhWdGc-7ks5s-KczgaJpZM4Q6Ryq .

-- Mathew Winstone CEO/Co-Founder Coldfront Labs Inc. mwinstone@coldfrontlabs.ca (866) 507-8332 x101 Coldfrontlabs.ca twitter: @mathewwinstone d.o: minorOffense

Dropfort - Fortified Drupal https://dropfort.com DrupalCamp Ottawa 2016 Platinum Sponsor < http://drupalcampottawa.com/node/2/sponsors http://2015.drupalcampottawa.com/>

minorOffense commented 6 years ago

I just tried the iptables branch and I get this when I don't specify anything for firewall

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Class[Wazuh::Server]: parameter 'manage_firewall' expects a Boolean value, got Undef at /etc/puppetlabs/code/environments/port_coldfront/modules/coldfront/manifests/profile.pp:472:3 on node...

And my class def looks like this

  class { 'wazuh::server':
    smtp_server => 'localhost',
    ossec_emailto => lookup('ossec::emails', {merge => 'unique', default_value => []}),
    require => [Class['java'], Class['elastic_stack::repo']],
  }

Presumably this should work because I should have to pass a value. Should pick up the default from params.

jlruizmlg commented 6 years ago

Hi @minorOffense we set the value in:

https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/client.pp#L41

and also the params here:

https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/params.pp#L18

Did you copy the params.pp as well?

minorOffense commented 6 years ago

Yeah I cloned the whole repo on the iptables branch.

I’m running on puppet 5 btw. On Wed, Dec 13, 2017 at 8:17 PM José Luis Ruiz notifications@github.com wrote:

Hi @minorOffense https://github.com/minoroffense we set the value in:

https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/client.pp#L41

and also the params here:

https://github.com/wazuh/wazuh-puppet/blob/iptables/manifests/params.pp#L18

Did you copy the params.pp as well?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wazuh/wazuh-puppet/issues/53#issuecomment-351578025, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1NMEU6fXsYp_N4zkl5MQ2IznGiyJ6Kks5tAHc4gaJpZM4Q6Ryq .

-- Mathew Winstone CEO/Co-Founder Coldfront Labs Inc. mwinstone@coldfrontlabs.ca (866) 507-8332 x101 Coldfrontlabs.ca twitter: @mathewwinstone d.o: minorOffense

Dropfort - Fortified Drupal https://dropfort.com DrupalCamp Ottawa 2016 Platinum Sponsor < http://drupalcampottawa.com/node/2/sponsors http://2015.drupalcampottawa.com/>

jlruizmlg commented 6 years ago

Hi @minorOffense you are totally right, I had a typo in the params variable, fixed in the following commit: cbd77508a882424082da9390d7566db6e8e2cb68

minorOffense commented 6 years ago

Cool, I'll deploy it again and give it another shot.

minorOffense commented 6 years ago

Yeah it works with/without the var (no compile errors). I’m trying to get a fully working env with/without but I just need to finish our update to elk 6.1 to retest the original scenario. On Wed, Dec 13, 2017 at 10:59 PM José Luis Ruiz notifications@github.com wrote:

Hi @minorOffense https://github.com/minoroffense you are totally right, I had a typo in the params variable, fixed in the following commit: cbd7750 https://github.com/wazuh/wazuh-puppet/commit/cbd77508a882424082da9390d7566db6e8e2cb68

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/wazuh/wazuh-puppet/issues/53#issuecomment-351602120, or mute the thread https://github.com/notifications/unsubscribe-auth/AA1NMNpFcfetnkZT_T6BfvcUkMwILlUZks5tAJ0MgaJpZM4Q6Ryq .

-- Mathew Winstone CEO/Co-Founder Coldfront Labs Inc. mwinstone@coldfrontlabs.ca (866) 507-8332 x101 Coldfrontlabs.ca twitter: @mathewwinstone d.o: minorOffense

Dropfort - Fortified Drupal https://dropfort.com DrupalCamp Ottawa 2016 Platinum Sponsor < http://drupalcampottawa.com/node/2/sponsors http://2015.drupalcampottawa.com/>

jlruizmlg commented 6 years ago

Hi @minorOffense sorry for the late response, has been a crazy month, merged with the master in the commit https://github.com/wazuh/wazuh-puppet/commit/203b9f9bf5f1d0b56e3233b3914940ca8a0ffcaf

minorOffense commented 6 years ago

No worries. Thanks for the merge!

jlruizmlg commented 6 years ago

Cheers from Ontario as well.