diff --git a/Gemfile.lock b/Gemfile.lock
index 02838b4b9..b0c7a6805 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -19,9 +19,9 @@ GIT
GEM
remote: https://rubygems.org/
specs:
- CFPropertyList (2.3.6)
+ CFPropertyList (3.0.1)
PriorityQueue (0.1.2)
- activesupport (5.2.3)
+ activesupport (5.2.4)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 0.7, < 2)
minitest (~> 5.1)
@@ -34,21 +34,21 @@ GEM
concurrent-ruby (1.1.5)
credy (0.2.1)
thor (~> 0.19.1)
+ deep_merge (1.2.1)
digest-simple (1.1.0)
digest-siphash (1.0.1)
digest-simple
digest-whirlpool (1.0.3)
duplicate (1.1.1)
- facter (2.5.1)
- CFPropertyList (~> 2.2)
- faker (1.9.3)
- i18n (>= 0.7)
- faraday (0.13.1)
+ facter (2.5.6)
+ faker (2.7.0)
+ i18n (>= 1.6, < 1.8)
+ faraday (0.14.0)
multipart-post (>= 1.2, < 3)
faraday_middleware (0.12.2)
faraday (>= 0.7.4, < 1.0)
fast_gettext (1.1.2)
- ffi (1.11.1)
+ ffi (1.11.3)
ffi-compiler (1.0.1)
ffi (>= 1.0.0)
rake
@@ -56,21 +56,21 @@ GEM
gettext (3.2.9)
locale (>= 2.0.5)
text (>= 1.3.0)
- gettext-setup (0.30)
+ gettext-setup (0.31)
fast_gettext (~> 1.1.0)
gettext (>= 3.0.2)
locale
gpgmeh (0.1.6)
activesupport (>= 2.3)
nio4r (~> 2.2)
- hiera (3.5.0)
- hocon (1.2.5)
+ hiera (3.6.0)
+ hocon (1.3.0)
httpclient (2.8.3)
huffman (0.0.1)
PriorityQueue
activesupport
ruby-graphviz
- i18n (1.6.0)
+ i18n (1.7.0)
concurrent-ruby (~> 1.0)
json (2.2.0)
librarian-puppet (3.0.0)
@@ -80,17 +80,18 @@ GEM
librarianp (0.6.4)
thor (~> 0.15)
locale (2.1.2)
- mini_exiftool (2.9.0)
+ mini_exiftool (2.9.1)
mini_exiftool_vendored (9.2.7.v1)
mini_exiftool (>= 1.6.0)
mini_portile2 (2.4.0)
- minitar (0.8)
- minitest (5.11.3)
- multi_json (1.13.1)
+ minitar (0.9)
+ minitest (5.13.0)
+ multi_json (1.14.1)
multipart-post (2.1.1)
+ mustermann (1.0.3)
net-ntp (2.1.3)
- nio4r (2.3.1)
- nokogiri (1.10.3)
+ nio4r (2.5.2)
+ nokogiri (1.10.5)
mini_portile2 (~> 2.4.0)
nori (2.6.0)
ovirt-engine-sdk (4.3.0)
@@ -100,49 +101,61 @@ GEM
pcaprub (0.13.0)
pg (1.1.4)
process_helper (0.1.2)
- puppet (6.4.2)
- CFPropertyList (~> 2.2)
+ puppet (6.11.1)
+ concurrent-ruby (~> 1.0)
+ deep_merge (~> 1.0)
facter (> 2.0.1, < 4)
- fast_gettext (~> 1.1.2)
+ fast_gettext (~> 1.1)
hiera (>= 3.2.1, < 4)
httpclient (~> 2.8)
locale (~> 2.1)
multi_json (~> 1.10)
puppet-resource_api (~> 1.5)
semantic_puppet (~> 1.0)
- puppet-resource_api (1.8.3)
+ puppet-resource_api (1.8.7)
hocon (>= 1.0)
- puppet_forge (2.2.9)
- faraday (>= 0.9.0, < 0.14.0)
+ puppet_forge (2.3.1)
+ faraday (>= 0.9.0, < 0.15.0, != 0.13.1)
faraday_middleware (>= 0.9.0, < 0.13.0)
gettext-setup (~> 0.11)
minitar
semantic_puppet (~> 1.0)
- rake (12.3.2)
- rdoc (6.1.1)
- redcarpet (3.4.0)
- rmagick (3.2.0)
- rqrcode (0.10.1)
+ rack (2.0.7)
+ rack-protection (2.0.7)
+ rack
+ rake (13.0.1)
+ rdoc (6.2.0)
+ redcarpet (3.5.0)
+ rmagick (4.0.0)
+ rqrcode (1.1.2)
chunky_png (~> 1.0)
+ rqrcode_core (~> 0.1)
+ rqrcode_core (0.1.1)
rsa (0.1.4)
rsync (1.0.9)
ruby-graphviz (1.2.4)
- rubyzip (1.2.3)
- scrypt (3.0.6)
+ rubyzip (1.3.0)
+ scrypt (3.0.7)
ffi-compiler (>= 1.0, < 2.0)
semantic_puppet (1.0.2)
+ sinatra (2.0.7)
+ mustermann (~> 1.0)
+ rack (~> 2.0)
+ rack-protection (= 2.0.7)
+ tilt (~> 2.0)
smbhash (1.0.2)
- spidr (0.6.0)
+ spidr (0.6.1)
nokogiri (~> 1.3)
sshkey (2.0.0)
text (1.3.1)
thor (0.19.4)
thread_safe (0.3.6)
+ tilt (2.0.10)
tzinfo (1.2.5)
thread_safe (~> 0.1)
wordlist (0.1.1)
spidr (~> 0.2)
- yard (0.9.19)
+ yard (0.9.20)
zip-zip (0.3)
rubyzip (>= 1.0.0)
zipruby (0.3.6)
@@ -186,6 +199,7 @@ DEPENDENCIES
rsa
ruby-graphviz
scrypt
+ sinatra
smbhash
sshkey
wordlist
@@ -194,4 +208,4 @@ DEPENDENCIES
zipruby
BUNDLED WITH
- 1.11.2
+ 1.17.3
diff --git a/lib/batch/batch_secgen.rb b/lib/batch/batch_secgen.rb
index 9b13314a0..3964ae46e 100644
--- a/lib/batch/batch_secgen.rb
+++ b/lib/batch/batch_secgen.rb
@@ -143,7 +143,7 @@ def parse_opts(opts)
when '--failed'
options[:failed] = true
when '--affinity-group'
- options[:affinity_group] = true
+ options[:affinity_group] = true
else
Print.err 'Invalid argument'
exit(false)
diff --git a/lib/helpers/constants.rb b/lib/helpers/constants.rb
index 174255291..d0ccd491e 100644
--- a/lib/helpers/constants.rb
+++ b/lib/helpers/constants.rb
@@ -78,6 +78,9 @@ VAGRANT_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/Vagrantfile.erb"
PUPPET_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/Puppetfile.erb"
+AUDITBEAT_RULES_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/auditbeat_goal_rules.erb"
+ELASTALERT_RULES_TEMPLATE_FILE = "#{ROOT_DIR}/lib/templates/elastalert_goal_rules.erb"
+
## INTEGER CONSTANTS ##
RETRIES_LIMIT = 10
diff --git a/lib/helpers/json_functions.rb b/lib/helpers/json_functions.rb
new file mode 100644
index 000000000..2ba5a866a
--- /dev/null
+++ b/lib/helpers/json_functions.rb
@@ -0,0 +1,16 @@
+require "json"
+
+# With thanks, from https://gist.github.com/ascendbruce/7070951
+class JSONFunctions
+ def self.is_json?(value)
+ result = JSON.parse(value)
+ result.is_a?(Hash)
+ rescue JSON::ParserError, TypeError
+ false
+ end
+
+ # prepare eval string by removing all characters other than #{}[].'_/a-zA-Z0-9
+ def self.sanitise_eval_string(string)
+ string.gsub(/[^A-Za-z0-9\[\]'\/\_\#\{\}.]/, '')
+ end
+end
\ No newline at end of file
diff --git a/lib/helpers/print.rb b/lib/helpers/print.rb
index 04ca7f5e4..1cb9d7cbf 100644
--- a/lib/helpers/print.rb
+++ b/lib/helpers/print.rb
@@ -14,35 +14,43 @@ class Print
def self.bright_yellow(text); colorize(text, "\e[93m"); end
def self.bold(text); colorize(text, "\e[2m"); end
- def self.debug(msg)
+ def self.debug(msg, logger=nil)
+ logger.debug(msg) if logger
puts purple(' ' + msg)
end
- def self.verbose(msg)
+ def self.verbose(msg, logger=nil)
+ logger.info(msg) if logger
puts grey(' ' + msg)
end
- def self.err(msg)
+ def self.err(msg, logger=nil)
+ logger.error(msg) if logger
$stderr.puts red(msg)
end
- def self.info(msg)
+ def self.info(msg, logger=nil)
+ logger.info(msg) if logger
puts green(msg)
end
- def self.std(msg)
+ def self.std(msg, logger=nil)
+ logger.info(msg) if logger
puts yellow(msg)
end
- def self.warn(msg)
+ def self.warn(msg, logger=nil)
+ logger.warn(msg) if logger
puts bright_yellow(msg)
end
# local encoders/generators write messages to stderr (stdout used to return values)
- def self.local(msg)
+ def self.local(msg, logger=nil)
+ logger.info(msg) if logger
$stderr.puts cyan(msg)
end
- def self.local_verbose(msg)
+ def self.local_verbose(msg, logger=nil)
+ logger.info(msg) if logger
$stderr.puts cyan(' ' + msg)
end
diff --git a/lib/helpers/rules.rb b/lib/helpers/rules.rb
new file mode 100644
index 000000000..0d08ac3d5
--- /dev/null
+++ b/lib/helpers/rules.rb
@@ -0,0 +1,101 @@
+require_relative './print.rb'
+require_relative './scenario.rb'
+
+class Rules
+ # Generate audit and alerting rules
+
+ def self.generate_auditbeat_rules(goals)
+ rules = []
+ goals.each do |goal|
+ # Generate auditbeat rules based on rule type
+ rule_type = RuleTypes.get_rule_type(goal['goal_type'])
+ case rule_type
+ when RuleTypes::READ_FILE
+ rules << greedy_auditbeat_rule(goal['file_path'], 'r')
+ when RuleTypes::MODIFY_FILE
+ when RuleTypes::ACCESS_ACCOUNT
+ when RuleTypes::SERVICE_DOWN
+ when RuleTypes::SYSTEM_DOWN
+ else
+ Print.err('Unknown goal type')
+ raise
+ end
+ end
+ rules
+ end
+
+ # Generates a greedy read or write rule for auditbeat (e.g. /home/user/file_name resolves to /home)
+ def self.greedy_auditbeat_rule(path, r_w)
+ base_path = path.split('/')[0..1].join('/') + '/'
+ key = base_path.gsub(/[^A-Za-z0-9\-\_]/, '')
+ "-w #{base_path} -p #{r_w} -k #{key}"
+ end
+
+
+ def self.generate_elastalert_rule(hostname, module_name, goal, counter)
+ rule = ''
+ # switch case to determine which type of rule we're returning (read file, etc.)
+ rule_type = RuleTypes.get_rule_type(goal['goal_type'])
+ case rule_type
+ when RuleTypes::READ_FILE
+ rule = generate_elastalert_rule_rf(hostname, module_name, goal, counter)
+ when RuleTypes::MODIFY_FILE
+ # rule = generate_elastalert_rule_mf(hostname, module_name, goal, sub_goal)
+ when RuleTypes::ACCESS_ACCOUNT
+ # rule = generate_elastalert_rule_aa(hostname, module_name, goal, sub_goal)
+ when RuleTypes::SERVICE_DOWN
+ # rule = generate_elastalert_rule_svcd(hostname, module_name, goal, sub_goal)
+ when RuleTypes::SYSTEM_DOWN
+ # rule = generate_elastalert_rule_sysd(hostname, module_name, goal, sub_goal)
+ else
+ raise 'unknown_goal_type'
+ end
+ rule
+ end
+
+ def self.generate_elastalert_rule_rf(hostname, module_name, goal, counter)
+ "name: #{get_ea_rulename(hostname, module_name, goal, counter)}\n" +
+ "type: any\n" +
+ "index: auditbeat-*\n" +
+ "filter:\n" +
+ " - query:\n" +
+ " query_string:\n" +
+ ' query: "combined_path: \"' + goal['file_path'] + '\" AND auditd.result: success AND event.action: opened-file"' + "\n" +
+ "alert:\n" +
+ " - \"elastalert.modules.alerter.exec.ExecAlerter\"\n" +
+ "command: [\"/usr/bin/ruby\", \"/opt/alert_actioner/alert_router.rb\"]\n" +
+ "pipe_match_json: true\n" +
+ "realert:\n" +
+ " minutes: 0\n"
+ end
+
+ def self.get_ea_rulename(hostname, module_name, goal, counter)
+ rule_type = RuleTypes.get_rule_type(goal['goal_type'])
+ return "#{hostname}-#{module_name}-#{rule_type}-#{counter}"
+ end
+
+ class RuleTypes
+ READ_FILE = 'rf'
+ MODIFY_FILE = 'mf'
+ ACCESS_ACCOUNT = 'aa'
+ SERVICE_DOWN = 'svcd'
+ SYSTEM_DOWN = 'sysd'
+
+ def self.get_rule_type(rule_type)
+ case rule_type
+ when 'read_file'
+ READ_FILE
+ when 'modify_file'
+ MODIFY_FILE
+ when 'access_account'
+ ACCESS_ACCOUNT
+ when 'service_down'
+ SERVICE_DOWN
+ when 'system_down'
+ SYSTEM_DOWN
+ else
+ raise 'unknown_rule_type'
+ end
+ end
+ end
+end
\ No newline at end of file
diff --git a/lib/helpers/scenario.rb b/lib/helpers/scenario.rb
new file mode 100644
index 000000000..0c4a5ef76
--- /dev/null
+++ b/lib/helpers/scenario.rb
@@ -0,0 +1,15 @@
+class ScenarioHelper
+
+ def self.get_scenario_name(scenario_path)
+ scenario_path.split('/').last.split('.').first + '-'
+ end
+
+ def self.get_prefix(options, scenario_name)
+ options[:prefix] ? (options[:prefix] + '-' + scenario_name) : ('SecGen-' + scenario_name)
+ end
+
+ def self.get_hostname(options, scenario_path, system_name)
+ "#{get_prefix(options, get_scenario_name(scenario_path))}#{system_name}".tr('_', '-')
+ end
+
+end
\ No newline at end of file
diff --git a/lib/objects/module.rb b/lib/objects/module.rb
index fb3633a76..f7143bd95 100644
--- a/lib/objects/module.rb
+++ b/lib/objects/module.rb
@@ -1,12 +1,16 @@
require_relative '../helpers/constants.rb'
+require_relative '../helpers/json_functions.rb'
+
require 'digest/md5'
require 'securerandom'
+require 'duplicate'
+require 'yaml'
class Module
#Vulnerability attributes hash
attr_accessor :module_path # vulnerabilities/unix/ftp/vsftp_234_backdoor
attr_accessor :module_type # vulnerability|service|utility
- attr_accessor :attributes # attributes are hashes that contain arrays of values
+ attr_accessor :attributes # attributes are hashes that contain arrays of values
# Each attribute is stored in a hash containing an array of values (because elements such as author can repeat).
# Module *selectors*, store filters in the attributes hash.
# XML validity ensures valid and complete information.
@@ -22,6 +26,7 @@ class Module
attr_accessor :conflicts
attr_accessor :requires
+ attr_accessor :goals
attr_accessor :puppet_file
attr_accessor :puppet_other_path
attr_accessor :local_calc_file
@@ -34,6 +39,7 @@ class Module
self.module_type = module_type
self.conflicts = []
self.requires = []
+ self.goals = []
self.attributes = {}
self.output = []
self.write_to_module_with_id = write_output_variable = ''
@@ -52,10 +58,11 @@ class Module
# @return [Object] a string for console output
def to_s
(<<-END)
- #{module_type}: #{module_path}
+#{module_type}: #{module_path}
attributes: #{attributes.inspect}
conflicts: #{conflicts.inspect}
requires: #{requires.inspect}
+ goals: #{goals.inspect}
puppet file: #{puppet_file}
puppet path: #{puppet_other_path}
END
@@ -76,6 +83,7 @@ class Module
# id: #{unique_id}
# attributes: #{attributes.inspect}
# conflicts: #{conflicts.inspect}
+ # goals: #{goals.inspect}
# requires: #{requires.inspect}#{input}#{out}
END
end
@@ -89,7 +97,7 @@ class Module
# @return [Object] the module path with _ rather than / for use as a variable name
def module_path_name
module_path_name = module_path.clone
- module_path_name.gsub!('/','_')
+ module_path_name.gsub!('/', '_')
end
# @return [Object] a list of attributes that can be used to re-select the same modules
@@ -97,7 +105,7 @@ class Module
attr_flattened = {}
attributes.each do |key, array|
- unless "#{key}" == 'module_type' || "#{key}" == 'conflict' || "#{key}" == 'default_input' || "#{key}" == 'requires'
+ unless "#{key}" == 'module_type' || "#{key}" == 'conflict' || "#{key}" == 'default_input' || "#{key}" == 'requires' || "#{key}" == 'goals'
# creates a valid regexp that can match the original module
attr_flattened["#{key}"] = Regexp.escape(array.join('~~~')).gsub(/\n\w*/, '.*').gsub(/\\ /, ' ').gsub(/~~~/, '|')
end
@@ -176,8 +184,93 @@ class Module
end
end
+ # Get unique rule id for the module based on a rule key/value pair
+ def get_unique_rule_id(prefix, system_name, rule_key, rule_value)
+ # TODO: This might be too long, see if there is a length limit for rule identities
+ prefix = prefix + "_" if prefix and prefix != ''
+ "#{prefix}#{system_name}_#{module_path_end}_#{rule_key}_#{rule_value.gsub(/[^\w]/, '_')}"
+ end
+
def printable_name
"#{self.attributes['name'].first} (#{self.module_path})"
end
+ # Resolve the string interpolation for received inputs
+ # e.g. convert "/home#{accounts[0].username}/#{leaked_files}" into the correct string.
+ def resolve_received_inputs
+ received_inputs_to_hash
+ self.received_inputs.each do |input|
+ # Resolve the received inputs which contain #{}
+ input[1].each_with_index do |string, c|
+ input[1][c] = interp_string(string) if contains_interp(string)
+ end
+ end
+ received_inputs_to_json_str
+ end
+
+ # Resolve the string interpolation for goals
+
+ def resolve_goals(hostname)
+ new_goals = []
+ self.goals.each do |goal|
+ new_goal = {}
+
+ # Add hostname to module goals
+ new_goal.merge!({'hostname' => hostname}) unless goal.has_key? 'hostname'
+
+ # Interpolate values that require it
+ goal.each_key do |key|
+ value = goal[key]
+ new_goal.merge!(key => (contains_interp(value) ? interp_string(value) : value))
+ end
+ new_goals << new_goal
+ end
+ self.goals = new_goals
+ end
+
+ def contains_interp(string)
+ string.include?('#{') and string.include?('}')
+ end
+
+ def received_inputs_to_hash
+ self.received_inputs.each do |_, array|
+ array.each_with_index do |value, i|
+ if JSONFunctions.is_json?(value)
+ array[i] = JSON.parse(value)
+ end
+ end
+ end
+ end
+
+ def received_inputs_to_json_str
+ self.received_inputs.each do |_, array|
+ array.each_with_index do |value, i|
+ if value.is_a? Hash
+ array[i] = value.to_json
+ end
+ end
+ end
+ end
+
+ def interp_string(string)
+ begin
+ # identify the indices of the #{ characters within the string
+ start_indices = string.enum_for(:scan, /#\{/).map {Regexp.last_match.begin(0)}
+ reference_string = "self.received_inputs"
+ start_indices.each_with_index do |index, counter|
+ rolling_index = index + 2 # we add 2 for the #{ characters
+ if counter > 0
+ rolling_index = reference_string.length + index + 2
+ end
+ string.insert(rolling_index, reference_string)
+ end
+
+ string = JSONFunctions.sanitise_eval_string(string)
+ # evaluate and parse evaluated string into required data types(e.g. "['a',['b','c']]" into ['a',['b','c']])
+ YAML.load(instance_eval("\"#{string}\""))
+ rescue NoMethodError, SyntaxError, Psych::Exception => err
+ Print.err "#{err}"
+ raise 'failed'
+ end
+ end
end
diff --git a/lib/objects/system.rb b/lib/objects/system.rb
index f66899a17..80a71700d 100644
--- a/lib/objects/system.rb
+++ b/lib/objects/system.rb
@@ -2,30 +2,42 @@ require 'json'
require 'base64'
require 'duplicate'
+require_relative '../helpers/scenario'
+
class System
attr_accessor :name
+ attr_accessor :hostname
attr_accessor :attributes # (basebox selection)
attr_accessor :module_selectors # (filters)
attr_accessor :module_selections # (after resolution)
attr_accessor :num_actioned_module_conflicts
+ attr_accessor :memory # (RAM allocation for the system)
+ attr_accessor :options # (command line options hash)
+ attr_accessor :scenario_path # (path to scenario file associated with this system)
+ attr_accessor :goals # scenario-level goals []
# Attributes for resetting retry loop
- attr_accessor :available_mods #(command line options hash)
- attr_accessor :original_datastores #(command line options hash)
- attr_accessor :original_module_selectors #(command line options hash)
- attr_accessor :original_available_modules #(command line options hash)
+ attr_accessor :available_mods
+ attr_accessor :original_datastores
+ attr_accessor :original_module_selectors
+ attr_accessor :original_available_modules
# Initalizes System object
# @param [Object] name of the system
# @param [Object] attributes such as base box selection
# @param [Object] module_selectors these are modules that define filters for selecting the actual modules to use
- def initialize(name, attributes, module_selectors)
+ def initialize(name, attributes, module_selectors, scenario_file, options)
self.name = name
self.attributes = attributes
self.module_selectors = module_selectors
self.module_selections = []
self.num_actioned_module_conflicts = 0
+ self.memory = "512"
+ self.options = options
+ self.scenario_path = scenario_file
+ self.goals = []
+ set_hostname
end
# selects from the available modules, based on the selection filters that have been specified
@@ -260,8 +272,8 @@ class System
# parse the datastore
parsed_datastore_element = JSON.parse(datastore_retrieved.first)
- # Sanitise with whitelist of used characters: ' [ ]
- access_json = datastore_access_json.gsub(/[^A-Za-z0-9\[\]'_]/, '')
+ # Sanitise with whitelist
+ access_json = JSONFunctions.sanitise_eval_string(datastore_access_json)
# get data from access_json string
begin
@@ -463,4 +475,36 @@ class System
modules_to_add
end
+ def has_module(module_name)
+ has_module = false
+ module_selections.each do |mod|
+ if mod.module_path_end == module_name
+ has_module = true
+ end
+ end
+ has_module
+ end
+
+ def get_module(module_name)
+ selected_module = nil
+ module_selections.each do |mod|
+ if mod.module_path_end == module_name
+ selected_module = mod
+ end
+ end
+ selected_module
+ end
+
+ def set_options(opts)
+ self.options = opts if opts != nil and self.options == {}
+ end
+
+ def set_hostname
+ self.hostname = ScenarioHelper.get_hostname(self.options, self.scenario_path, self.name)
+ end
+
+ def get_hostname
+ set_hostname
+ self.hostname
+ end
end
diff --git a/lib/output/project_files_creator.rb b/lib/output/project_files_creator.rb
index 1d751c141..df6fc7d8d 100644
--- a/lib/output/project_files_creator.rb
+++ b/lib/output/project_files_creator.rb
@@ -1,7 +1,9 @@
require 'erb'
require_relative '../helpers/constants.rb'
+require_relative '../helpers/rules.rb'
require_relative 'xml_scenario_generator.rb'
require_relative 'xml_marker_generator.rb'
+require_relative 'xml_alertaction_config_generator.rb'
require_relative 'ctfd_generator.rb'
require 'fileutils'
require 'librarian'
@@ -30,11 +32,12 @@ class ProjectFilesCreator
@scenario = scenario
@time = Time.new.to_s
@options = options
- @scenario_networks = Hash.new { |h, k| h[k] = 1 }
+ @scenario_networks = Hash.new {|h, k| h[k] = 1}
@option_range_map = {}
# Packer builder type
@builder_type = @options.has_key?(:esxi_url) ? :vmware_iso : :virtualbox_iso
+ resolve_interp_strings
end
# Generate all relevant files for the project
@@ -44,13 +47,13 @@ class ProjectFilesCreator
if File.exists? "#{@out_dir}/Vagrantfile" or File.exists? "#{@out_dir}/puppet"
dest_dir = "#{@out_dir}/MOVED_#{Time.new.strftime("%Y%m%d_%H%M%S")}"
Print.warn "Project already built to this directory -- moving last build to: #{dest_dir}"
- Dir.glob( "#{@out_dir}/**/*" ).select { |f| File.file?( f ) }.each do |f|
+ Dir.glob("#{@out_dir}/**/*").select {|f| File.file?(f)}.each do |f|
dest = "#{dest_dir}/#{f}"
- FileUtils.mkdir_p( File.dirname( dest ) )
+ FileUtils.mkdir_p(File.dirname(dest))
if f =~ /\.vagrant/
- FileUtils.cp( f, dest )
+ FileUtils.cp(f, dest)
else
- FileUtils.mv( f, dest )
+ FileUtils.mv(f, dest)
end
end
end
@@ -89,7 +92,7 @@ class ProjectFilesCreator
if File.file? packerfile_path
Print.info "Would you like to use the packerfile to create the packerfile from the given url (y/n)"
# TODO: remove user interaction, this should be set via a config option
- (Print.info "Exiting as vagrant needs the basebox to continue"; abort) unless ['y','yes'].include?(STDIN.gets.chomp.downcase)
+ (Print.info "Exiting as vagrant needs the basebox to continue"; abort) unless ['y', 'yes'].include?(STDIN.gets.chomp.downcase)
Print.std "Packerfile #{packerfile_path.split('/').last} found, building basebox #{url.split('/').last} via packer"
template_based_file_write(packerfile_path, packerfile_path.split(/.erb$/).first)
@@ -108,6 +111,82 @@ class ProjectFilesCreator
end
end
end
+ # Create client side auto-grading config files (auditbeat)
+ if system.has_module('auditbeat')
+ auditbeat_rules_file = "#{path}/modules/auditbeat/files/rules/auditbeat_rules_file.conf"
+ @rules = []
+ system.module_selections.each do |module_selection|
+ if module_selection.goals != []
+ @rules << Rules.generate_auditbeat_rules(module_selection.goals)
+ end
+ end
+
+ if system.goals != []
+ @rules << Rules.generate_auditbeat_rules(system.goals)
+ end
+
+ @rules = @rules.flatten.uniq
+ Print.std "Creating client side auditing rules: #{auditbeat_rules_file}"
+ if @rules.size > 0
+ template_based_file_write(AUDITBEAT_RULES_TEMPLATE_FILE, auditbeat_rules_file)
+ end
+ end
+
+ # Create server-side auto-grading config files (elastalert)
+ if system.has_module('elastalert')
+ @systems.each do |sys|
+ @hostname = sys.get_hostname
+
+ if sys.goals != []
+ sys.goals.each_with_index do |goal, i|
+ @system_name = sys.name
+ @goal = goal
+ @counter = i
+ rule_name = Rules.get_ea_rulename(@hostname, @system_name, @goal, @counter)
+ elastalert_rules_file = "#{path}/modules/elastalert/files/rules/#{rule_name}.yaml"
+ Print.std "Creating server side alerting rules (system): #{elastalert_rules_file}"
+ template_based_file_write(ELASTALERT_RULES_TEMPLATE_FILE, elastalert_rules_file)
+ end
+ end
+
+ sys.module_selections.each do |module_selection|
+ if module_selection.goals != {}
+ module_selection.goals.each_with_index do |goal, i|
+ @module_name = module_selection.module_path_end
+ @goal = goal
+ @counter = i
+ rule_name = Rules.get_ea_rulename(@hostname, @module_name, @goal, @counter)
+ elastalert_rules_file = "#{path}/modules/elastalert/files/rules/#{rule_name}.yaml"
+ Print.std "Creating server side alerting rules: #{elastalert_rules_file}"
+ template_based_file_write(ELASTALERT_RULES_TEMPLATE_FILE, elastalert_rules_file)
+ end
+ end
+ end
+ end
+ end
+
+ # TODO: Refactor to include in the loop above if possible
+ if system.has_module('analysis_alert_action_server')
+ Print.info 'AlertActioner: Copying shared libs...'
+ aa_lib_dir = "#{path}/modules/analysis_alert_action_server/files/alert_actioner/lib"
+ FileUtils.mkdir_p(aa_lib_dir)
+ FileUtils.cp_r("#{ROOT_DIR}/lib/helpers/print.rb", "#{aa_lib_dir}/print.rb")
+ FileUtils.cp_r("#{ROOT_DIR}/lib/readers/xml_reader.rb", "#{aa_lib_dir}/xml_reader.rb")
+ FileUtils.cp_r("#{ROOT_DIR}/lib/schemas/alertactioner_config_schema.xsd", "#{aa_lib_dir}/alertactioner_config_schema.xsd")
+ FileUtils.cp_r("#{ROOT_DIR}/lib/helpers/ovirt.rb", "#{aa_lib_dir}/ovirt.rb")
+
+ Print.info 'AlertActioner: Generating AA configs...'
+ aa_conf_dir = "#{path}/modules/analysis_alert_action_server/files/alert_actioner/config/"
+ FileUtils.mkdir_p(aa_conf_dir)
+ # Get the config json object from the alert_actioner
+ aa_confs = JSON.parse(system.get_module('analysis_alert_action_server').received_inputs['aaa_config'][0])['aa_configs']
+ xml_aa_conf_file = "#{aa_conf_dir}#{@out_dir.split('/')[-1]}.xml"
+ xml_aa_conf_generator = XmlAlertActionConfigGenerator.new(@systems, @scenario, @time, aa_confs, @options)
+ xml = xml_aa_conf_generator.output
+ Print.std "AlertActioner: Creating alert_actioner configuration file: #{xml_aa_conf_file}"
+ write_data_to_file(xml, xml_aa_conf_file)
+ end
+
end
# Create environments/production/environment.conf - Required in Puppet 4+
@@ -125,14 +204,7 @@ class ProjectFilesCreator
xml_report_generator = XmlScenarioGenerator.new(@systems, @scenario, @time)
xml = xml_report_generator.output
Print.std "Creating scenario definition file: #{xfile}"
- begin
- File.open(xfile, 'w+') do |file|
- file.write(xml)
- end
- rescue StandardError => e
- Print.err "Error writing file: #{e.message}"
- abort
- end
+ write_data_to_file(xml, xfile)
# Create the marker xml file
x2file = "#{@out_dir}/#{FLAGS_FILENAME}"
@@ -140,14 +212,7 @@ class ProjectFilesCreator
xml_marker_generator = XmlMarkerGenerator.new(@systems, @scenario, @time)
xml = xml_marker_generator.output
Print.std "Creating flags and hints file: #{x2file}"
- begin
- File.open(x2file, 'w+') do |file|
- file.write(xml)
- end
- rescue StandardError => e
- Print.err "Error writing file: #{e.message}"
- abort
- end
+ write_data_to_file(xml, x2file)
# Create the CTFd zip file for import
ctfdfile = "#{@out_dir}/CTFd_importable.zip"
@@ -158,10 +223,10 @@ class ProjectFilesCreator
# zip up the CTFd export
begin
- Zip::ZipFile.open(ctfdfile, Zip::ZipFile::CREATE) { |zipfile|
+ Zip::ZipFile.open(ctfdfile, Zip::ZipFile::CREATE) {|zipfile|
zipfile.mkdir("db")
ctfd_files.each do |ctfd_file_name, ctfd_file_content|
- zipfile.get_output_stream("db/#{ctfd_file_name}") { |f|
+ zipfile.get_output_stream("db/#{ctfd_file_name}") {|f|
f.print ctfd_file_content
}
end
@@ -187,6 +252,31 @@ class ProjectFilesCreator
end
+ def write_data_to_file(data, path)
+ begin
+ File.open(path, 'w+') do |file|
+ file.write(data)
+ end
+ rescue StandardError => e
+ Print.err "Error writing file: #{e.message}"
+ abort
+ end
+ end
+
+
+# Goal string interpolation for the whole system
+# prior to calling the rule generator multiple times
+ def resolve_interp_strings
+ @systems.each do |system|
+ system.module_selections.each do |module_selection|
+ module_selection.resolve_received_inputs
+ end
+ system.module_selections.each do |module_selection|
+ module_selection.resolve_goals(system.get_hostname)
+ end
+ end
+ end
+
# @param [Object] template erb path
# @param [Object] filename file to write to
def template_based_file_write(template, filename)
@@ -213,15 +303,15 @@ class ProjectFilesCreator
if current_network.received_inputs.include? 'IP_address'
ip_address = current_network.received_inputs['IP_address'].first
elsif @options.has_key? :ip_ranges
- # if we have options[:ip_ranges] we want to use those instead of the ip_range argument.
- # Store the mappings of scenario_ip_ranges => @options[:ip_range] in @option_range_map
+ # if we have options[:ip_ranges] we want to use those instead of the ip_range argument.
+ # Store the mappings of scenario_ip_ranges => @options[:ip_range] in @option_range_map
# Have we seen this scenario_ip_range before? If so, use the value we've assigned
if @option_range_map.has_key? scenario_ip_range
ip_range = @option_range_map[scenario_ip_range]
else
# Remove options_ips that have already been used
options_ips = @options[:ip_ranges]
- options_ips.delete_if { |ip| @option_range_map.has_value? ip }
+ options_ips.delete_if {|ip| @option_range_map.has_value? ip}
@option_range_map[scenario_ip_range] = options_ips.first
ip_range = options_ips.first
end
@@ -246,13 +336,33 @@ class ProjectFilesCreator
split_ip.join('.')
end
- # Replace 'network' with 'snoop' where the system name contains snoop
+# Replace 'network' with 'snoop' where the system name contains snoop
def get_ovirt_network_name(system_name, network_name)
split_name = network_name.split('-')
split_name[1] = 'snoop' if system_name.include? 'snoop'
split_name.join('-')
end
+# Determine how much memory the system requires for Vagrantfile
+ def resolve_memory(system)
+ if @options.has_key? :memory_per_vm
+ memory = @options[:memory_per_vm]
+ elsif @options.has_key? :total_memory
+ memory = @options[:total_memory].to_i / @systems.length.to_i
+ elsif (@options.has_key? :ovirtuser) && (@options.has_key? :ovirtpass) && (@base_type.include? 'desktop')
+ memory = '1536'
+ else
+ memory = '512'
+ end
+
+ system.module_selections.each do |mod|
+ if mod.module_path_name.include? "elasticsearch"
+ memory = '8192'
+ end
+ end
+ memory
+ end
+
# Returns binding for erb files (access to variables in this classes scope)
# @return binding
def get_binding
diff --git a/lib/output/xml_alertaction_config_generator.rb b/lib/output/xml_alertaction_config_generator.rb
new file mode 100644
index 000000000..37dfa0e21
--- /dev/null
+++ b/lib/output/xml_alertaction_config_generator.rb
@@ -0,0 +1,155 @@
+require 'nokogiri'
+
+require_relative '../helpers/rules'
+
+# Convert systems objects into alertactioner xml configuration
+class XmlAlertActionConfigGenerator
+
+ # @param [Object] systems the list of systems
+ # @param [Object] scenario the scenario file used to generate
+ # @param [Object] time the current time as a string
+ # @param [Array[Hash]] the alert_actioner configuration settings (list of aa_conf JSON hashes)
+ def initialize(systems, scenario, time, aa_confs, options)
+ @systems = systems
+ @scenario = scenario
+ @time = time
+ @aa_confs = aa_confs
+ @options = options
+ @alert_actions = []
+ end
+
+ # outputs a XML AlertActioner configuration file
+ # @return [Object] xml string
+ def output
+ create_alert_actions
+ generate_xml_config
+ end
+
+ def create_alert_actions
+ Print.info 'AlertActioner: Creating alert actions from aa_conf.'
+ @aa_confs.each do |aa_conf|
+ if aa_conf['mapping_type']
+ case aa_conf['mapping_type']
+ when 'all_goal_flags_to_hacktivity'
+ all_goal_flags_to_hacktivity(aa_conf)
+ when 'all_goal_messages_to_host'
+ all_goal_message_host(aa_conf)
+ else
+ Print.err("AlertActioner Config: Invalid mapping type #{aa_conf['mapping_type']}")
+ exit(1)
+ end
+ elsif aa_conf['mapping']
+ # TODO: Implement me later
+ else
+ Print.err "AlertActioner Config: Either mapping_type or mapping required."
+ exit(1)
+ end
+ end
+ end
+
+ def all_goal_message_host(aa_conf)
+ @systems.each do |system|
+ system.module_selections.each do |module_selection|
+ module_name = module_selection.module_path_end
+ module_goals = module_selection.goals
+ if module_goals != []
+ # Iterate over the goals
+ module_selection.goals.each_with_index do |goal, i|
+ @alert_actions << {'alert_name' => Rules.get_ea_rulename(system.hostname, module_name, goal, i),
+ 'action_type' => 'MessageAction',
+ 'host' => aa_conf['host'],
+ 'sender' => aa_conf['sender'],
+ 'password' => aa_conf['password'],
+ 'recipient' => aa_conf['recipient'],
+ 'message_header' => aa_conf['message_header'],
+ 'message_subtext' => aa_conf['message_subtext']
+ }
+ end
+ end
+ end
+ end
+ end
+
+ def all_goal_flags_to_hacktivity(aa_conf)
+ @systems.each do |system|
+ if system.goals != []
+ @alert_actions = @alert_actions + get_web_alertactions(aa_conf, system.name, system.goals, $datastore['goal_flags'], system.hostname)
+ end
+ system.module_selections.each do |module_selection|
+ @alert_actions = @alert_actions + get_web_alertactions(aa_conf, module_selection.module_path_end, module_selection.goals, module_selection.received_inputs['goal_flags'], system.hostname)
+ end
+ end
+ end
+
+ def get_web_alertactions(aa_conf, name, goals, goal_flags, hostname)
+ alert_actions = []
+
+ # Validate whether there are an equal number of goals and goal_flags + warn / error here if not...
+ if goals != [] or goal_flags != nil
+ goals_qty = goals.size
+ flags_qty = goal_flags.size
+ unless goals_qty == flags_qty
+ Print.err "AlertActioner: ERROR for mapping_type: #{aa_conf['mapping_type']}"
+ Print.err "Unequal number of goals and goal_flags for: #{name}"
+ Print.err "Goals qty: #{goals_qty} vs Flags qty: #{flags_qty}"
+ exit(1)
+ end
+
+ if goals != [] and goal_flags != nil
+ # Iterate over the goals
+ goals.each_with_index do |goal, i|
+ alert_actions << {'alert_name' => Rules.get_ea_rulename(hostname, name, goal, i),
+ 'action_type' => 'WebAction',
+ 'target' => aa_conf['target'],
+ 'request_type' => 'POST',
+ 'data' => goal_flags[i]
+ }
+ end
+ end
+ end
+ alert_actions
+ end
+
+ def generate_xml_config
+ Print.info 'Creating AlertActioner xml config...'
+ ns = {
+ 'xmlns' => "http://www.github/cliffe/SecGen/alertactioner_config",
+ 'xmlns:xsi' => "http://www.w3.org/2001/XMLSchema-instance",
+ 'xsi:schemaLocation' => "http://www.github/cliffe/SecGen/alertactioner_config"
+ }
+ builder = Nokogiri::XML::Builder.new do |xml|
+ xml.alertactioner(ns) {
+ xml.comment 'This AlertActioner configuration file was generated by SecGen'
+ xml.comment "#{@time}"
+ xml.comment "Based on a fulfilment of scenario: #{@scenario}"
+
+ @alert_actions.each {|alert_action|
+ xml.alertaction {
+ xml.alert_name alert_action['alert_name']
+ case alert_action['action_type']
+ when 'WebAction'
+ xml.WebAction {
+ xml.target alert_action['target']
+ xml.request_type alert_action['request_type']
+ xml.data alert_action['data']
+ }
+ when 'MessageAction'
+ xml.MessageAction {
+ xml.host alert_action['host']
+ xml.sender alert_action['sender']
+ xml.password alert_action['password']
+ xml.recipient alert_action['recipient']
+ xml.message_header alert_action['message_header']
+ xml.message_subtext alert_action['message_subtext']
+ }
+ else
+ # TODO: Add more actions
+ Print.err "XmlAlertActionConfigGenerator: Invalid alertaction type - #{alert_action['action_type']}"
+ end
+ }
+ }
+ }
+ end
+ builder.to_xml
+ end
+end
diff --git a/lib/readers/module_reader.rb b/lib/readers/module_reader.rb
index 58148fb2f..ef84b1c8a 100644
--- a/lib/readers/module_reader.rb
+++ b/lib/readers/module_reader.rb
@@ -2,9 +2,9 @@ require 'nokogiri'
require_relative '../helpers/constants.rb'
require_relative '../objects/module'
-require_relative 'system_reader.rb'
+require_relative 'xml_reader.rb'
-class ModuleReader
+class ModuleReader < XMLReader
def self.get_all_available_modules
Print.info 'Reading available base modules...'
@@ -105,30 +105,9 @@ class ModuleReader
end
Print.verbose "Reading #{module_type}: #{module_path}"
- doc, xsd = nil
- begin
- doc = Nokogiri::XML(File.read(file))
- rescue
- Print.err "Failed to read #{module_type} metadata file (#{file})"
- exit
- end
- # validate scenario XML against schema
- begin
- xsd = Nokogiri::XML::Schema(File.read(schema_file))
- xsd.validate(doc).each do |error|
- Print.err "Error in #{module_type} metadata file (#{file}):"
- Print.err ' ' + error.message
- exit
- end
- rescue Exception => e
- Print.err "Failed to validate #{module_type} metadata file (#{file}): against schema (#{schema_file})"
- Print.err e.message
- exit
- end
-
- # remove xml namespaces for ease of processing
- doc.remove_namespaces!
+ # Parse and validate the schema
+ doc = parse_doc(file, schema_file, module_type)
new_module = Module.new(module_type)
# save module path (and as an attribute for filtering)
@@ -159,12 +138,8 @@ class ModuleReader
# for each element in the vulnerability
doc.xpath("/#{module_type}/*").each do |module_doc|
-
- # new_module.attributes[module_doc.name] = module_doc.content
-
# creates the array if null
(new_module.attributes[module_doc.name] ||= []).push(module_doc.content)
-
end
# for each conflict in the module
@@ -185,6 +160,22 @@ class ModuleReader
new_module.requires.push(require)
end
+ # for each goal in the module
+ doc.xpath("/#{module_type}/goals").each do |goals_doc|
+ goals = []
+ goals_doc.elements.each {|node|
+ goal_type = node.name
+ goal_hash = {'goal_type' => goal_type,}
+ node.children.each {|subnode|
+ unless subnode.text?
+ goal_hash.merge!({subnode.name => subnode.content.strip})
+ end
+ }
+ goals << goal_hash
+ }
+ new_module.goals = goals
+ end
+
# for each default input
doc.xpath("/#{module_type}/default_input").each do |inputs_doc|
inputs_doc.xpath('descendant::vulnerability | descendant::service | descendant::utility | descendant::network | descendant::base | descendant::encoder | descendant::generator').each do |module_node|
@@ -220,9 +211,7 @@ class ModuleReader
(new_module.default_inputs_selectors["#{into}"] ||= []).unshift(module_selector)
- module_node.xpath('@*').each do |attr|
- module_selector.attributes["#{attr.name}"] = [attr.text] unless attr.text.nil? || attr.text == ''
- end
+ module_selector.attributes = read_attributes(module_node)
Print.verbose " #{module_node.name} (#{module_selector.unique_id}), selecting based on:"
module_selector.attributes.each do |attr|
if attr[0] && attr[1] && attr[0].to_s != "module_type"
diff --git a/lib/readers/system_reader.rb b/lib/readers/system_reader.rb
index a0c1ed05f..9451b57b8 100644
--- a/lib/readers/system_reader.rb
+++ b/lib/readers/system_reader.rb
@@ -3,52 +3,27 @@ require 'digest'
require_relative '../objects/system'
require_relative '../objects/module'
+require_relative 'xml_reader.rb'
-class SystemReader
+class SystemReader < XMLReader
# uses nokogiri to extract all system information from scenario.xml
# This includes module filters, which are module objects that contain filters for selecting
# from the actual modules that are available
# @return [Array] Array containing Systems objects
- def self.read_scenario(scenario_file)
+ def self.read_scenario(scenario_file, options)
systems = []
- Print.verbose "Reading scenario file: #{scenario_file}"
- doc, xsd = nil
- begin
- doc = Nokogiri::XML(File.read(scenario_file))
- rescue
- Print.err "Failed to read scenario configuration file (#{scenario_file})"
- exit
- end
-
- # validate scenario XML against schema
- begin
- xsd = Nokogiri::XML::Schema(File.open(SCENARIO_SCHEMA_FILE))
- xsd.validate(scenario_file).each do |error|
- Print.err "Error in scenario configuration file (#{scenario_file}):"
- Print.err " #{error.line}: #{error.message}"
- exit
- end
- rescue Exception => e
- Print.err "Failed to validate scenario configuration file (#{scenario_file}): against schema (#{SCENARIO_SCHEMA_FILE})"
- Print.err e.message
- exit
- end
-
- # remove xml namespaces for ease of processing
- doc.remove_namespaces!
+ # Parse and validate the schema
+ doc = parse_doc(scenario_file, SCENARIO_SCHEMA_FILE, 'scenario')
doc.xpath('/scenario/system').each_with_index do |system_node, system_index|
module_selectors = []
- system_attributes = {}
system_name = system_node.at_xpath('system_name').text
Print.verbose "system: #{system_name}"
# system attributes, such as basebox selection
- system_node.xpath('@*').each do |attr|
- system_attributes["#{attr.name}"] = attr.text unless attr.text.nil? || attr.text == ''
- end
+ system_attributes = read_attributes(system_node)
# literal values to store directly in a datastore
system_node.xpath('*[@into_datastore]/value').each do |value|
@@ -146,9 +121,28 @@ class SystemReader
end
end
- systems << System.new(system_name, system_attributes, module_selectors)
+
+ # Create new system object before reading goals as we need the hostname
+ system = System.new(system_name, system_attributes, module_selectors, scenario_file, options)
+
+ # Parse goals
+ system_node.xpath("goals").each do |goals_doc|
+ goals_doc.elements.each {|node|
+ goal_type = node.name
+ goal_hash = {'goal_type' => goal_type, }
+ node.children.each {|subnode|
+ unless subnode.text?
+ goal_hash.merge!({subnode.name => subnode.content.strip})
+ end
+ }
+ goal_hash.merge!({'hostname' => system.get_hostname}) unless goal_hash.has_key? 'hostname'
+ system.goals << goal_hash
+ }
+ end
+
+ systems << system
end
return systems
end
-end
+end
\ No newline at end of file
diff --git a/lib/readers/xml_reader.rb b/lib/readers/xml_reader.rb
new file mode 100644
index 000000000..2674153fc
--- /dev/null
+++ b/lib/readers/xml_reader.rb
@@ -0,0 +1,49 @@
+require 'nokogiri'
+require 'digest'
+
+class XMLReader
+
+ # uses nokogiri to extract all system information from scenario.xml
+ # This includes module filters, which are module objects that contain filters for selecting
+ # from the actual modules that are available
+ # @return [Array] Array containing Systems objects
+
+ def self.parse_doc(file_path, schema, type)
+ doc = nil
+ begin
+ doc = Nokogiri::XML(File.read(file_path))
+ rescue
+ Print.err "Failed to read #{type} configuration file (#{file_path})"
+ exit
+ end
+ validate_xml(doc, file_path, schema, type)
+ # remove xml namespaces for ease of processing
+ doc.remove_namespaces!
+ end
+
+ def self.validate_xml(doc, file_path, schema, type)
+ # validate XML against schema
+ begin
+ xsd = Nokogiri::XML::Schema(File.open(schema))
+ xsd.validate(doc).each do |error|
+ Print.err "Error in #{type} configuration file (#{file_path}):"
+ Print.err ' ' + error.message
+ exit
+ end
+ rescue Exception => e
+ Print.err "Failed to validate #{type} xml file (#{file_path}): against schema (#{schema})"
+ Print.err e.message
+ exit
+ end
+
+ end
+
+ def self.read_attributes(node)
+ attributes = {}
+ node.xpath('@*').each do |attr|
+ attributes["#{attr.name}"] = [attr.text] unless attr.text.nil? || attr.text == ''
+ end
+ attributes
+ end
+
+end
\ No newline at end of file
diff --git a/lib/schemas/alertactioner_config_schema.xsd b/lib/schemas/alertactioner_config_schema.xsd
new file mode 100644
index 000000000..455ab78ae
--- /dev/null
+++ b/lib/schemas/alertactioner_config_schema.xsd
@@ -0,0 +1,114 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/lib/schemas/scenario_schema.xsd b/lib/schemas/scenario_schema.xsd
index 5b71cdede..eb1e802be 100644
--- a/lib/schemas/scenario_schema.xsd
+++ b/lib/schemas/scenario_schema.xsd
@@ -70,6 +70,41 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -81,6 +116,7 @@
+
@@ -103,6 +139,7 @@
+
diff --git a/lib/schemas/vulnerability_metadata_schema.xsd b/lib/schemas/vulnerability_metadata_schema.xsd
index 7c31ce8eb..35a548721 100644
--- a/lib/schemas/vulnerability_metadata_schema.xsd
+++ b/lib/schemas/vulnerability_metadata_schema.xsd
@@ -93,6 +93,45 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -129,6 +168,7 @@
+
@@ -205,6 +245,7 @@
+
diff --git a/lib/templates/Puppetfile.erb b/lib/templates/Puppetfile.erb
index 83b0ea80e..52fec5b2f 100644
--- a/lib/templates/Puppetfile.erb
+++ b/lib/templates/Puppetfile.erb
@@ -8,7 +8,9 @@
forge "https://forgeapi.puppetlabs.com"
-mod 'puppetlabs-stdlib', '4.24.0' # stdlib enables parsejson() in manifests and other useful functions
+mod 'puppetlabs-stdlib', '4.25.1' # stdlib enables parsejson() in manifests and other useful functions
+mod 'puppetlabs-concat', '5.2.0'
+mod 'puppetlabs-vcsrepo', '2.0.0'
mod 'puppetlabs-apt', '7.4.0' # pin apt to 7.4.0 as current version is incompatible with our base boxes
mod 'SecGen-secgen_functions', :path => '<%= SECGEN_FUNCTIONS_PUPPET_DIR %>'
diff --git a/lib/templates/Vagrantfile.erb b/lib/templates/Vagrantfile.erb
index 10d7be25a..9f565f1db 100644
--- a/lib/templates/Vagrantfile.erb
+++ b/lib/templates/Vagrantfile.erb
@@ -6,7 +6,8 @@
# Based on <%= @scenario %>
<% require 'json'
require 'base64'
- require 'securerandom' -%>
+ require 'securerandom'
+ require_relative './lib/helpers/scenario.rb'-%>
<% scenario_name = @scenario.split('/').last.split('.').first + '-'
prefix = @options[:prefix] ? (@options[:prefix] + '-' + scenario_name) : ('SecGen-' + scenario_name) -%>
@@ -28,7 +29,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
end
end
end
- end -%>
+ end
+ system.memory = resolve_memory(system) -%>
config.vm.define "<%= system.name %>" do |<%= system.name %>|
<% if (@options.has_key? :ovirtuser) && (@options.has_key? :ovirtpass) %>
#oVirt provider begin
@@ -44,13 +46,12 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
end %>
<%=
" ovirt.template = '#{@ovirt_base_template}'" %>
-<%= if @options.has_key? :memory_per_vm
-" ovirt.memory_size = '#{@options[:memory_per_vm]} MB'\n"
- elsif @options.has_key? :total_memory
-" ovirt.memory_size = '#{(@options[:total_memory].to_i / @systems.length.to_i)} MB'\n"
- else
-" ovirt.memory_size = '3000 MB'
- ovirt.memory_guaranteed = '512 MB'\n"
+<%=
+" ovirt.memory_size = '#{system.memory} MB'\n" -%>
+<%= if @base_type.include? 'desktop'
+" ovirt.memory_guaranteed = '512 MB'\n"
+ elsif system.memory.to_i >= 4096
+" ovirt.memory_guaranteed = '4096 MB'\n"
end -%>
<%= if @options.has_key? :cpu_cores
" ovirt.cpu_cores = #{@options[:cpu_cores]}\n"
@@ -77,9 +78,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
<%= if @options.has_key? :esxi_disktype
" esxi.guest_disk_type = '#{@options[:esxi_disktype]}'"
end -%>
-<%= if @options.has_key? :memory_per_vm
-" esxi.guest_memsize = '#{@options[:memory_per_vm]}'"
- end -%>
+<%= " esxi.guest_memsize = '#{system.memory} MB'\n"
+ -%>
<%= if @options.has_key? :cpu_cores
" esxi.guest_numvcpus = #{@options[:cpu_cores]}\n"
end -%>
@@ -87,7 +87,7 @@ end
# End ESXi provider
<%
else %>
- config.vm.provider :virtualbox do |vb|
+ <%= system.name %>.vm.provider :virtualbox do |vb|
<% system.module_selections.each do |selected_module|
if selected_module.module_type == 'base'
@cpu_word_size = selected_module.attributes['cpu_word_size'].first.downcase
@@ -108,11 +108,7 @@ end
end -%>
<%= vtxpid = (@options.has_key? :vtxvpid) ? 'on' : 'off'
" vb.customize ['modifyvm', :id, '--vtxvpid', '#{vtxpid}']\n" -%>
-<%= if @options.has_key? :memory_per_vm
- " vb.memory = #{@options[:memory_per_vm]}\n"
- elsif @options.has_key? :total_memory
- " vb.memory = #{@options[:total_memory]}/#{@systems.length}\n"
- end -%>
+<%= " vb.memory = '#{system.memory}'\n"-%>
<%= if @options.has_key? :cpu_cores
" vb.cpus = #{@options[:cpu_cores]}\n"
end -%>
@@ -144,12 +140,12 @@ end
<% if (@options.has_key? :ovirtuser) && (@options.has_key? :ovirtpass) %> # TODO
<%# if selected_module.attributes['platform'].first.downcase != 'windows' %>
<%# gets stuck setting host name on Windows XP %>
- <%= system.name %>.vm.hostname = '<%= "#{prefix}#{system.name}".tr('_', '-') %>'
+ <%= system.name %>.vm.hostname = '<%= system.get_hostname %>'
<%# end %>
<%= system.name %>.vm.box = 'ovirt4'
<%= system.name %>.vm.box_url = 'https://github.com/myoung34/vagrant-ovirt4/blob/master/example_box/dummy.box?raw=true'
<% elsif (@options.has_key? :esxiuser) && (@options.has_key? :esxipass) %>
- <%= system.name %>.vm.hostname = '<%= "#{prefix}#{system.name}".tr('_', '-') %>'
+ <%= system.name %>.vm.hostname = '<%= system.get_hostname %>'
<%= system.name %>.vm.box = "<%= selected_module.module_path_name %>"
<%= system.name %>.vm.box_url = "<%= selected_module.attributes['esxi_url'].first %>"
<% else %>
@@ -219,7 +215,9 @@ end
<% end -%>
<%=module_name%>.module_path = "<%="puppet/#{system.name}/modules"%>"
<% if selected_module.attributes['platform'].first.downcase != 'windows' %>
+ <%=module_name%>.options = "--disable_warnings=deprecations"
<%=module_name%>.environment_path = "environments/"
+ <%=module_name%>.environment_variables = {'RUBYOPT' => '-W0'}
<%=module_name%>.environment = "production"
<%=module_name%>.synced_folder_type = "rsync"
<% end %>
diff --git a/lib/templates/auditbeat_goal_rules.erb b/lib/templates/auditbeat_goal_rules.erb
new file mode 100644
index 000000000..c7da73e3b
--- /dev/null
+++ b/lib/templates/auditbeat_goal_rules.erb
@@ -0,0 +1 @@
+<%= @rules.join("\n")%>
\ No newline at end of file
diff --git a/lib/templates/elastalert_goal_rules.erb b/lib/templates/elastalert_goal_rules.erb
new file mode 100644
index 000000000..06a918bee
--- /dev/null
+++ b/lib/templates/elastalert_goal_rules.erb
@@ -0,0 +1,2 @@
+<% require './lib/helpers/rules' -%>
+<%= Rules.generate_elastalert_rule(@hostname, @module_name, @goal, @counter) %>
\ No newline at end of file
diff --git a/lib/test/base_upgrade_testing.rb b/lib/test/base_upgrade_testing.rb
index 778907b1e..807ad49ff 100644
--- a/lib/test/base_upgrade_testing.rb
+++ b/lib/test/base_upgrade_testing.rb
@@ -91,7 +91,7 @@ def generate_scenarios(selected_base)
module_selections << mod
module_selections << get_network_module
- system = System.new(system_name, {}, [])
+ system = System.new(system_name, {}, [], 'testing.xml', {} )
system.module_selections = module_selections
xml_generator = XmlScenarioGenerator.new([system], system_name, Time.new.to_s)
diff --git a/modules/build/unix/swap_file/CHANGELOG.md b/modules/build/unix/swap_file/CHANGELOG.md
new file mode 100644
index 000000000..377013427
--- /dev/null
+++ b/modules/build/unix/swap_file/CHANGELOG.md
@@ -0,0 +1,227 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+## [v4.0.0](https://github.com/petems/petems-swap_file/tree/v4.0.0) (2017-07-09)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v3.1.4...v4.0.0)
+
+**Closed issues:**
+
+- Push v3.1.3 to Forge [\#72](https://github.com/petems/petems-swap_file/issues/72)
+
+**Merged pull requests:**
+
+- Linting fixes [\#76](https://github.com/petems/petems-swap_file/pull/76) ([petems](https://github.com/petems))
+- Update metadata.json [\#75](https://github.com/petems/petems-swap_file/pull/75) ([petems](https://github.com/petems))
+- Fixes issue with empty fact [\#74](https://github.com/petems/petems-swap_file/pull/74) ([petems](https://github.com/petems))
+- Update to Augeas systcl module [\#73](https://github.com/petems/petems-swap_file/pull/73) ([antyale](https://github.com/antyale))
+
+## [v3.1.4](https://github.com/petems/petems-swap_file/tree/v3.1.4) (2017-02-22)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v3.1.3...v3.1.4)
+
+## [v3.1.3](https://github.com/petems/petems-swap_file/tree/v3.1.3) (2017-02-22)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v3.0.2...v3.1.3)
+
+**Merged pull requests:**
+
+- Fixes Travis [\#71](https://github.com/petems/petems-swap_file/pull/71) ([petems](https://github.com/petems))
+- Make json file RFC 4627 valid [\#70](https://github.com/petems/petems-swap_file/pull/70) ([greglint](https://github.com/greglint))
+- Change to use vagrant-libvirt over custom [\#69](https://github.com/petems/petems-swap_file/pull/69) ([petems](https://github.com/petems))
+- Add testing for custom Vagrantfile [\#68](https://github.com/petems/petems-swap_file/pull/68) ([petems](https://github.com/petems))
+- Add basic Jenkinsfile [\#67](https://github.com/petems/petems-swap_file/pull/67) ([petems](https://github.com/petems))
+- Set seltype for swapfile [\#66](https://github.com/petems/petems-swap_file/pull/66) ([petems](https://github.com/petems))
+
+## [v3.0.2](https://github.com/petems/petems-swap_file/tree/v3.0.2) (2016-08-07)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v3.0.1...v3.0.2)
+
+**Closed issues:**
+
+- Directory not empty @ dir\_s\_rmdir [\#63](https://github.com/petems/petems-swap_file/issues/63)
+
+**Merged pull requests:**
+
+- Fix error in documentation [\#64](https://github.com/petems/petems-swap_file/pull/64) ([petems](https://github.com/petems))
+
+## [v3.0.1](https://github.com/petems/petems-swap_file/tree/v3.0.1) (2016-05-26)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v3.0.0...v3.0.1)
+
+## [v3.0.0](https://github.com/petems/petems-swap_file/tree/v3.0.0) (2016-05-26)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.5.0...v3.0.0)
+
+**Fixed bugs:**
+
+- Updating the module to latest version will create additional fstab entries for the same swapfile [\#20](https://github.com/petems/petems-swap_file/issues/20)
+
+**Merged pull requests:**
+
+- Type and provider refactor [\#15](https://github.com/petems/petems-swap_file/pull/15) ([petems](https://github.com/petems))
+
+## [v2.5.0](https://github.com/petems/petems-swap_file/tree/v2.5.0) (2016-05-24)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.4.1...v2.5.0)
+
+**Merged pull requests:**
+
+- Adds ability set swappiness with the module [\#62](https://github.com/petems/petems-swap_file/pull/62) ([petems](https://github.com/petems))
+
+## [v2.4.1](https://github.com/petems/petems-swap_file/tree/v2.4.1) (2016-05-11)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.4.0...v2.4.1)
+
+## [v2.4.0](https://github.com/petems/petems-swap_file/tree/v2.4.0) (2016-05-11)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.3.0...v2.4.0)
+
+**Implemented enhancements:**
+
+- Create workaround for stringify\_facts true [\#57](https://github.com/petems/petems-swap_file/issues/57)
+
+**Fixed bugs:**
+
+- Cannot change size of existing swap file [\#13](https://github.com/petems/petems-swap_file/issues/13)
+
+**Merged pull requests:**
+
+- Allows removing existing swap from a CSV fact [\#61](https://github.com/petems/petems-swap_file/pull/61) ([petems](https://github.com/petems))
+- Add a swapfile fact as a CSV [\#60](https://github.com/petems/petems-swap_file/pull/60) ([petems](https://github.com/petems))
+
+## [v2.3.0](https://github.com/petems/petems-swap_file/tree/v2.3.0) (2016-05-04)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.2.2...v2.3.0)
+
+**Closed issues:**
+
+- Update CHANGELOG with 2.2.2 changes [\#45](https://github.com/petems/petems-swap_file/issues/45)
+
+**Merged pull requests:**
+
+- Move coverage shim to spec\_helper [\#59](https://github.com/petems/petems-swap_file/pull/59) ([petems](https://github.com/petems))
+- Update main class documentation [\#58](https://github.com/petems/petems-swap_file/pull/58) ([petems](https://github.com/petems))
+- Add older listen gem for older Ruby versions [\#56](https://github.com/petems/petems-swap_file/pull/56) ([petems](https://github.com/petems))
+- New feature: resizing existing swapfiles [\#55](https://github.com/petems/petems-swap_file/pull/55) ([petems](https://github.com/petems))
+- Linting fixes in examples [\#54](https://github.com/petems/petems-swap_file/pull/54) ([petems](https://github.com/petems))
+- Updates swap file fact to only show swap files [\#53](https://github.com/petems/petems-swap_file/pull/53) ([petems](https://github.com/petems))
+- Make things a little less strict [\#52](https://github.com/petems/petems-swap_file/pull/52) ([petems](https://github.com/petems))
+- Renaming sizes fact [\#51](https://github.com/petems/petems-swap_file/pull/51) ([petems](https://github.com/petems))
+- Add contributing.json \(GitMagic\) [\#49](https://github.com/petems/petems-swap_file/pull/49) ([gitmagic-bot](https://github.com/gitmagic-bot))
+- Update stdlib versions [\#48](https://github.com/petems/petems-swap_file/pull/48) ([petems](https://github.com/petems))
+- Adding a fact to show you swap file sizes [\#47](https://github.com/petems/petems-swap_file/pull/47) ([petems](https://github.com/petems))
+
+## [v2.2.2](https://github.com/petems/petems-swap_file/tree/v2.2.2) (2016-04-03)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.2.1...v2.2.2)
+
+**Closed issues:**
+
+- Created file size is incorrect [\#43](https://github.com/petems/petems-swap_file/issues/43)
+
+**Merged pull requests:**
+
+- Fixes MB size accuracy [\#44](https://github.com/petems/petems-swap_file/pull/44) ([petems](https://github.com/petems))
+
+## [v2.2.1](https://github.com/petems/petems-swap_file/tree/v2.2.1) (2016-02-16)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.2.0...v2.2.1)
+
+**Merged pull requests:**
+
+- Move to petems-swap\_file [\#42](https://github.com/petems/petems-swap_file/pull/42) ([petems](https://github.com/petems))
+- Make testing matrix a little simpler... [\#41](https://github.com/petems/petems-swap_file/pull/41) ([petems](https://github.com/petems))
+
+## [v2.2.0](https://github.com/petems/petems-swap_file/tree/v2.2.0) (2016-02-15)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.1.0...v2.2.0)
+
+**Closed issues:**
+
+- Module should be tested on multiple Ruby and Puppet versions [\#38](https://github.com/petems/petems-swap_file/issues/38)
+- Release version 2.1.0 on Puppet Forge [\#36](https://github.com/petems/petems-swap_file/issues/36)
+- dd vs fallocate [\#26](https://github.com/petems/petems-swap_file/issues/26)
+
+**Merged pull requests:**
+
+- Wrapper [\#40](https://github.com/petems/petems-swap_file/pull/40) ([Phil-Friderici](https://github.com/Phil-Friderici))
+- Modernize Travis setup [\#39](https://github.com/petems/petems-swap_file/pull/39) ([Phil-Friderici](https://github.com/Phil-Friderici))
+- Satisfy puppet-lint [\#37](https://github.com/petems/petems-swap_file/pull/37) ([Phil-Friderici](https://github.com/Phil-Friderici))
+
+## [v2.1.0](https://github.com/petems/petems-swap_file/tree/v2.1.0) (2015-12-30)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v2.0.0...v2.1.0)
+
+**Closed issues:**
+
+- Missing 2.0.0 tag [\#24](https://github.com/petems/petems-swap_file/issues/24)
+
+**Merged pull requests:**
+
+- Adds `cmd` parameter. [\#35](https://github.com/petems/petems-swap_file/pull/35) ([petems](https://github.com/petems))
+- Updating Beaker acceptance machines [\#34](https://github.com/petems/petems-swap_file/pull/34) ([petems](https://github.com/petems))
+- Enable travis docker [\#32](https://github.com/petems/petems-swap_file/pull/32) ([petems](https://github.com/petems))
+- Adds spec.opts file [\#31](https://github.com/petems/petems-swap_file/pull/31) ([petems](https://github.com/petems))
+- Add cmd param [\#29](https://github.com/petems/petems-swap_file/pull/29) ([petems](https://github.com/petems))
+- Added timeout parameter for exec when using dd [\#27](https://github.com/petems/petems-swap_file/pull/27) ([petems](https://github.com/petems))
+
+## [v2.0.0](https://github.com/petems/petems-swap_file/tree/v2.0.0) (2015-07-27)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v1.1.1...v2.0.0)
+
+**Closed issues:**
+
+- swap\_file::files fails when you set the ensure attribute to absent [\#21](https://github.com/petems/petems-swap_file/issues/21)
+
+**Merged pull requests:**
+
+- Remove Class for Swap file [\#23](https://github.com/petems/petems-swap_file/pull/23) ([petems](https://github.com/petems))
+- Fix: exec contains swapfile name when absent [\#22](https://github.com/petems/petems-swap_file/pull/22) ([juame](https://github.com/juame))
+- Update README.markdown [\#18](https://github.com/petems/petems-swap_file/pull/18) ([yalcinsurkultay](https://github.com/yalcinsurkultay))
+
+## [v1.1.1](https://github.com/petems/petems-swap_file/tree/v1.1.1) (2015-03-17)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v1.1.0...v1.1.1)
+
+**Closed issues:**
+
+- mount resource should be unique [\#14](https://github.com/petems/petems-swap_file/issues/14)
+
+**Merged pull requests:**
+
+- Add defined type for swap and give unique names [\#16](https://github.com/petems/petems-swap_file/pull/16) ([petems](https://github.com/petems))
+
+## [v1.1.0](https://github.com/petems/petems-swap_file/tree/v1.1.0) (2015-03-17)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v1.0.1...v1.1.0)
+
+## [v1.0.1](https://github.com/petems/petems-swap_file/tree/v1.0.1) (2015-01-17)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v1.0.0...v1.0.1)
+
+**Closed issues:**
+
+- Not issue, ask a question [\#11](https://github.com/petems/petems-swap_file/issues/11)
+- missed "default" in fstab [\#5](https://github.com/petems/petems-swap_file/issues/5)
+- Docker Beaker tests always fail [\#4](https://github.com/petems/petems-swap_file/issues/4)
+
+**Merged pull requests:**
+
+- Fix License code [\#12](https://github.com/petems/petems-swap_file/pull/12) ([petems](https://github.com/petems))
+- Add FreeBSD tests [\#10](https://github.com/petems/petems-swap_file/pull/10) ([petems](https://github.com/petems))
+- Swap fstab settings [\#8](https://github.com/petems/petems-swap_file/pull/8) ([petems](https://github.com/petems))
+- Fixes to swapfile permissions and to implied OS support [\#7](https://github.com/petems/petems-swap_file/pull/7) ([mattock](https://github.com/mattock))
+
+## [v1.0.0](https://github.com/petems/petems-swap_file/tree/v1.0.0) (2014-09-24)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v0.3.0...v1.0.0)
+
+## [v0.3.0](https://github.com/petems/petems-swap_file/tree/v0.3.0) (2014-09-01)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v0.2.0...v0.3.0)
+
+## [v0.2.0](https://github.com/petems/petems-swap_file/tree/v0.2.0) (2014-09-01)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/0.3.0...v0.2.0)
+
+## [0.3.0](https://github.com/petems/petems-swap_file/tree/0.3.0) (2014-09-01)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/0.2.0...0.3.0)
+
+## [0.2.0](https://github.com/petems/petems-swap_file/tree/0.2.0) (2014-08-22)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v0.1.2...0.2.0)
+
+## [v0.1.2](https://github.com/petems/petems-swap_file/tree/v0.1.2) (2014-05-29)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v0.1.1...v0.1.2)
+
+## [v0.1.1](https://github.com/petems/petems-swap_file/tree/v0.1.1) (2014-05-29)
+[Full Changelog](https://github.com/petems/petems-swap_file/compare/v0.1.0...v0.1.1)
+
+## [v0.1.0](https://github.com/petems/petems-swap_file/tree/v0.1.0) (2014-02-27)
+**Merged pull requests:**
+
+- Removing custom fact for memory size in bytes [\#1](https://github.com/petems/petems-swap_file/pull/1) ([petems](https://github.com/petems))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
diff --git a/modules/build/unix/swap_file/CONTRIBUTING.md b/modules/build/unix/swap_file/CONTRIBUTING.md
new file mode 100644
index 000000000..41f4e0a8d
--- /dev/null
+++ b/modules/build/unix/swap_file/CONTRIBUTING.md
@@ -0,0 +1,83 @@
+This module has grown over time based on a range of contributions from
+people using it. If you follow these contributing guidelines your patch
+will likely make it into a release a little quicker.
+
+
+## Contributing
+
+1. Fork the repo.
+
+2. Run the tests. We only take pull requests with passing tests, and
+ it's great to know that you have a clean slate
+
+3. Add a test for your change. Only refactoring and documentation
+ changes require no new tests. If you are adding functionality
+ or fixing a bug, please add a test.
+
+4. Make the test pass.
+
+5. Push to your fork and submit a pull request.
+
+
+## Dependencies
+
+The testing and development tools have a bunch of dependencies,
+all managed by [bundler](http://bundler.io/) according to the
+[Puppet support matrix](http://docs.puppetlabs.com/guides/platforms.html#ruby-versions).
+
+By default the tests use a baseline version of Puppet.
+
+If you have Ruby 2.x or want a specific version of Puppet,
+you must set an environment variable such as:
+
+ export PUPPET_VERSION="~> 3.2.0"
+
+Install the dependencies like so...
+
+ bundle install
+
+## Syntax and style
+
+The test suite will run [Puppet Lint](http://puppet-lint.com/) and
+[Puppet Syntax](https://github.com/gds-operations/puppet-syntax) to
+check various syntax and style things. You can run these locally with:
+
+ bundle exec rake lint
+ bundle exec rake syntax
+
+## Running the unit tests
+
+The unit test suite covers most of the code, as mentioned above please
+add tests if you're adding new functionality. If you've not used
+[rspec-puppet](http://rspec-puppet.com/) before then feel free to ask
+about how best to test your new feature. Running the test suite is done
+with:
+
+ bundle exec rake spec
+
+Note also you can run the syntax, style and unit tests in one go with:
+
+ bundle exec rake test
+
+## Integration tests
+
+The unit tests just check the code runs, not that it does exactly what
+we want on a real machine. For that we're using
+[beaker](https://github.com/puppetlabs/beaker).
+
+This fires up a new virtual machine (using vagrant) and runs a series of
+simple tests against it after applying the module. You can run this
+with:
+
+ bundle exec rake acceptance
+
+This will run the tests on an Ubuntu 12.04 virtual machine. You can also
+run the integration tests against Centos 6.5 with.
+
+ RS_SET=centos-64-x64 bundle exec rake acceptances
+
+If you don't want to have to recreate the virtual machine every time you
+can use `RS_DESTROY=no` and `RS_PROVISION=no`. On the first run you will
+at least need `RS_PROVISION` set to yes (the default). The Vagrantfile
+for the created virtual machines will be in `.vagrant/beaker_vagrant_fies`.
+
diff --git a/modules/build/unix/swap_file/CONTRIBUTORS b/modules/build/unix/swap_file/CONTRIBUTORS
new file mode 100644
index 000000000..c704572ed
--- /dev/null
+++ b/modules/build/unix/swap_file/CONTRIBUTORS
@@ -0,0 +1,2 @@
+Peter Souter (@petems)
+Matt Dainty (@bodgit)
\ No newline at end of file
diff --git a/modules/build/unix/swap_file/Gemfile b/modules/build/unix/swap_file/Gemfile
new file mode 100644
index 000000000..6f3858d9a
--- /dev/null
+++ b/modules/build/unix/swap_file/Gemfile
@@ -0,0 +1,48 @@
+source 'http://rubygems.org'
+
+group :test do
+ if puppetversion = ENV['PUPPET_GEM_VERSION']
+ gem 'puppet', puppetversion, :require => false
+ else
+ gem 'puppet', ENV['PUPPET_VERSION'] || '~> 3.8.0'
+ end
+
+ # rspec must be v2 for ruby 1.8.7
+ if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9'
+ gem 'rspec', '~> 2.0'
+ end
+
+ gem 'json_pure', '<= 2.0.1', :require => false if RUBY_VERSION < '2.0.0'
+ gem 'safe_yaml', '~> 1.0.4'
+
+ gem 'rake'
+ gem 'puppet-lint'
+ gem 'rspec-puppet', :git => 'https://github.com/rodjek/rspec-puppet.git'
+ gem 'puppet-syntax'
+ gem 'puppetlabs_spec_helper'
+ gem 'simplecov'
+ gem 'simplecov-console'
+ gem 'metadata-json-lint'
+end
+
+group :development do
+ gem 'puppet-blacksmith'
+ gem 'rubocop' if RUBY_VERSION >= '2.0.0'
+ gem 'rubocop-rspec', '~> 1.6' if RUBY_VERSION >= '2.3.0'
+ gem 'github_changelog_generator'
+ gem 'activesupport', '< 5'
+end
+
+group :system_tests do
+ gem "beaker",
+ :git => 'https://github.com/puppetlabs/beaker',
+ :ref => '3d21e843434a2e65152bd352c653511ddea0ce71',
+ :require => false
+ gem "beaker-rspec",
+ :git => 'https://github.com/puppetlabs/beaker-rspec.git',
+ :ref => 'a617f7bbc3e6ebb6ce49df32749d4ce93cef737d',
+ :require => false
+ gem 'serverspec'
+ gem 'specinfra'
+end
+
diff --git a/modules/build/unix/swap_file/Guardfile b/modules/build/unix/swap_file/Guardfile
new file mode 100644
index 000000000..fd50602a0
--- /dev/null
+++ b/modules/build/unix/swap_file/Guardfile
@@ -0,0 +1,5 @@
+notification :off
+
+guard 'rake', :task => 'test' do
+ watch(%r{^manifests\/(.+)\.pp$})
+end
diff --git a/modules/build/unix/swap_file/Jenkinsfile b/modules/build/unix/swap_file/Jenkinsfile
new file mode 100644
index 000000000..81e92a66e
--- /dev/null
+++ b/modules/build/unix/swap_file/Jenkinsfile
@@ -0,0 +1,24 @@
+node { // The "node" directive tells Jenkins to run commands on the same slave.
+ checkout scm
+
+ stage 'Bundle install'
+
+ wrap([$class: 'AnsiColorBuildWrapper', 'colorMapName': 'gnome-terminal']) {
+ sh 'bundle install'
+ }
+
+ stage 'Acceptance Testing'
+
+ env.PUPPET_INSTALL_VERSION = "1.5.2"
+
+ env.PUPPET_INSTALL_TYPE = "agent"
+
+ env.BEAKER_set = "centos-7-x64-vagrant_libvirt"
+
+ print "Beaker Settings will be: ${env.PUPPET_INSTALL_VERSION} ${env.PUPPET_INSTALL_TYPE} ${env.BEAKER_set}"
+
+ wrap([$class: 'AnsiColorBuildWrapper', 'colorMapName': 'gnome-terminal']) {
+ sh 'bundle exec rake acceptance'
+ }
+
+}
diff --git a/modules/build/unix/swap_file/LICENSE b/modules/build/unix/swap_file/LICENSE
new file mode 100644
index 000000000..9f710553e
--- /dev/null
+++ b/modules/build/unix/swap_file/LICENSE
@@ -0,0 +1,202 @@
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+Copyright [yyyy] [name of copyright owner]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
diff --git a/modules/build/unix/swap_file/README.markdown b/modules/build/unix/swap_file/README.markdown
new file mode 100644
index 000000000..2bd289b9b
--- /dev/null
+++ b/modules/build/unix/swap_file/README.markdown
@@ -0,0 +1,179 @@
+# swap_file
+
+[](https://forge.puppetlabs.com/petems/swap_file) [](https://travis-ci.org/petems/petems-swap_file) [](https://forge.puppetlabs.com/petems/swap_file) [](https://forge.puppetlabs.com/petems/swap_file)
+
+#### Table of Contents
+
+1. [Overview](#overview)
+2. [Module Description](#module-description)
+3. [Setup](#setup)
+ * [What swap_file affects](#what-swap_file-affects)
+4. [Usage](#usage)
+5. [Limitations](#limitations)
+6. [Upgrading from 1.0.1 Release](#upgrading-from-101-release)
+7. [Development](#development)
+
+## Overview
+
+Manage [swap files](http://en.wikipedia.org/wiki/Paging) for your Linux environments. This is based on the gist by @Yggdrasil, with a few changes and added specs.
+
+## Setup
+
+### What swap_file affects
+
+* Creating a swap-file on disk. This uses `dd` by default, but can use `fallocate` optionally for performance reasons. **Note: Using fallocate to create a ZFS file system will fail: https://bugzilla.redhat.com/show_bug.cgi?id=1129205**
+* Swapfiles on the system
+* Any mounts of swapfiles
+
+## Usage
+
+The simplest use of the module is this:
+
+```puppet
+swap_file::files { 'default':
+ ensure => present,
+}
+```
+
+By default, the module it will:
+
+* create a file using /bin/dd at `/mnt/swap.1` with the default size taken from the `$::memorysize` fact in megabytes (eg. 8GB RAM will create an 8GB swap file)
+* A `mount` for the swapfile created
+
+For a custom setup, you can do something like this:
+
+```puppet
+swap_file::files { 'tmp file swap':
+ ensure => present,
+ swapfile => '/tmp/swapfile',
+ add_mount => false,
+}
+```
+
+To use `fallocate` for swap file creation instead of `dd`:
+
+```puppet
+swap_file::files { 'tmp file swap':
+ ensure => present,
+ swapfile => '/tmp/swapfile',
+ cmd => 'fallocate',
+}
+```
+
+To remove a prexisting swap, you can use ensure absent:
+
+```puppet
+swap_file::files { 'tmp file swap':
+ ensure => absent,
+}
+```
+
+To choose the size of the swap file instead of defaulting to memory size:
+
+```
+swap_file::files { '5GB Swap':
+ ensure => present,
+ swapfile => '/mnt/swap.5gb',
+ swapfilesize => '5GB',
+}
+```
+
+### hiera
+You can also use hiera to call this module and set the configuration.
+
+The simplest use of the module with hiera is this:
+
+```yaml
+classes:
+ - swap_file
+
+swap_file::files:
+ 'default':
+ ensure: 'present'
+```
+
+This hiera setup will create a file using /bin/dd atr `/mnt/swap.1` with the default size taken from the `$::memorysize` fact and add a `mount` resource for it.
+
+You can use all customizations mentioned above in hiera like this:
+
+```yaml
+classes:
+ - swap_file
+
+swap_file::files:
+ 'custom setup':
+ ensure: 'present'
+ swapfile: '/tmp/swapfile.custom'
+ add_mount: false
+ 'use fallocate':
+ swapfile: '/tmp/swapfile.fallocate'
+ cmd: 'fallocate'
+ 'remove swap file'
+ ensure: 'absent'
+ swapfile: '/tmp/swapfile.old'
+```
+
+This hiera config will respectively:
+* create a file `/tmp/swapfile.custom` using /bin/dd with the default size taken from the `$::memorysize` fact without creating a `mount` for it.
+* create a file `/tmp/swapfile.fallocate` using /usr/bin/fallocate with the default size taken from the `$::memorysize` fact and creating a `mount` for it.
+* deactivates the swapfile `/tmp/swapfile.old`, deletes it and removes the `mount`.
+
+Set `$files_hiera_merge` to `true` to merge all found instances of `swap_file::files` in Hiera. This is useful for specifying swap files at different levels of the hierachy and having them all included in the catalog.
+
+##Upgrading from 1.0.1 Release
+
+Previously you would create swapfiles with the `swap_file` class:
+
+```puppet
+class { 'swap_file':
+ ensure => 'present',
+}
+```
+
+However, this had many problems, such as not being able to declare more than one swap_file because of duplicate class errors.
+Since 2.x.x the swapfiles are created by a defined type instead. The `swap_file` class is now a wrapper and can handle multiple swap_files.
+
+You can now use:
+
+```puppet
+class { 'swap_file':
+ files => {
+ 'freetext resource name' => {
+ ensure => 'present',
+ },
+ },
+}
+```
+
+You can also safely declare mutliple swap file definitions:
+
+```puppet
+class { 'swap_file':
+ files => {
+ 'swapfile' => {
+ ensure => 'present',
+ },
+ 'use fallocate' => {
+ swapfile => '/tmp/swapfile.fallocate',
+ cmd => 'fallocate',
+ },
+ 'remove swap file' => {
+ ensure => 'absent',
+ swapfile => '/tmp/swapfile.old',
+ },
+ },
+}
+```
+
+## Limitations
+
+Primary support is for Debian and RedHat, but should work on all Linux flavours.
+
+Right now there is no BSD support, but I'm planning on adding it in the future
+
+## Development
+
+Follow the CONTRIBUTING guidelines! :)
diff --git a/modules/build/unix/swap_file/Rakefile b/modules/build/unix/swap_file/Rakefile
new file mode 100644
index 000000000..3159d5106
--- /dev/null
+++ b/modules/build/unix/swap_file/Rakefile
@@ -0,0 +1,50 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+require 'puppet-syntax/tasks/puppet-syntax'
+
+# These two gems aren't always present, for instance
+# on Travis with --without development
+begin
+ require 'puppet_blacksmith/rake_tasks'
+rescue LoadError
+end
+
+PuppetLint.configuration.fail_on_warnings
+PuppetLint.configuration.send('relative')
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.send('disable_class_inherits_from_params_class')
+PuppetLint.configuration.send('disable_class_parameter_defaults')
+PuppetLint.configuration.send('disable_documentation')
+PuppetLint.configuration.send('disable_single_quote_string_with_variables')
+PuppetLint.configuration.ignore_paths = ["spec/**/*.pp", "pkg/**/*.pp"]
+
+exclude_paths = [
+ "pkg/**/*",
+ "vendor/**/*",
+ "spec/**/*",
+]
+PuppetLint.configuration.ignore_paths = exclude_paths
+PuppetSyntax.exclude_paths = exclude_paths
+
+desc "Run acceptance tests"
+RSpec::Core::RakeTask.new(:acceptance) do |t|
+ t.pattern = 'spec/acceptance'
+end
+
+desc "Run syntax, lint, and spec tests."
+task :test => [
+ :syntax,
+ :lint,
+ :spec,
+]
+
+begin
+ require 'github_changelog_generator/task'
+ GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+ version = (Blacksmith::Modulefile.new).version
+ config.future_release = "v#{version}"
+ config.header = "# Change Log\n\nAll notable changes to this project will be documented in this file."
+ config.exclude_labels = %w{duplicate question invalid wontfix modulesync}
+ end
+rescue LoadError
+end
diff --git a/modules/build/unix/swap_file/checksums.json b/modules/build/unix/swap_file/checksums.json
new file mode 100644
index 000000000..7b0e8ff06
--- /dev/null
+++ b/modules/build/unix/swap_file/checksums.json
@@ -0,0 +1,59 @@
+{
+ "CHANGELOG.md": "af03a4842b5bf7236aa28c65f8b415bd",
+ "CONTRIBUTING.md": "ec539f7912da25760720eebf9756ae65",
+ "CONTRIBUTORS": "805eaeecd42f1a06aa564dabc34e8363",
+ "Gemfile": "6f1069b614dee17b2f6e071a7696fedd",
+ "Guardfile": "3ae8d9a61b870350cc1c8e0d6a9a36e7",
+ "Jenkinsfile": "c8514e059beb9914b8797234d3b48f8d",
+ "LICENSE": "47bbee59c4c1cb14cc3667035a227be0",
+ "README.markdown": "139ac4a23749f12812ab9e65a489b9d3",
+ "Rakefile": "cffd8bfb00c0dd7bd704ff87d91febbe",
+ "contributing.json": "8c4b29954f117223992afe35c1cf6f30",
+ "examples/default_swap.pp": "670840e180b371de36892f7acca89b99",
+ "examples/hiera/common.yaml": "9be8ee98915351bc319911ccacb071ae",
+ "examples/hiera/fqdn/merge_disabled.domain.local.yaml": "c22b93ec67481fb46b8752944aaaa735",
+ "examples/hiera/fqdn/merge_enabled.domain.local.yaml": "f610049aeae43645c2fdc8aed7717c4a",
+ "examples/hiera/hiera.yaml": "3b4c8c00535fb4607ea205fc074988ae",
+ "examples/multiple_swaps.pp": "3b3dd90066b87c6a72d4e9f2669f4eac",
+ "lib/facter/swapfile_sizes.rb": "8e6d7a67c0c9efc9a5d2883f439abd80",
+ "lib/facter/swapfile_sizes_csv.rb": "94ada67fdfc1bc5f48a532735b5e74e4",
+ "lib/puppet/parser/functions/difference_within_margin.rb": "13b0312e33d84bdc604c4e32c3f5d5a1",
+ "lib/puppet/parser/functions/swap_file_size_from_csv.rb": "363763881ef81a6eac12308d3397e918",
+ "lib/puppet/provider/swap_file/linux.rb": "f7a238184e72da1d0f95feee21c11252",
+ "lib/puppet/type/swap_file.rb": "6bc034c8a3cf6770c0b8f8a45d201a2b",
+ "manifests/files.pp": "6e8f8904c08fcdab0e3d8b845fb52444",
+ "manifests/init.pp": "b5c294ce0df3a3aa96a47d734e654572",
+ "manifests/resize.pp": "af12fac873d4ca9220b238a7a377e67e",
+ "manifests/swappiness.pp": "4efe89c04267fed6bb055b83c7e15605",
+ "metadata.json": "b7abb8215638788d83a74dd8a8368355",
+ "spec/acceptance/nodesets/Vagrantfile-vagrant_custom": "099c1dccc5b5ea7a1cc37e967e49c4d7",
+ "spec/acceptance/nodesets/centos-6-x64.yml": "c9d4c88230670fd2f26bfec522883574",
+ "spec/acceptance/nodesets/centos-7-x64-vagrant_libvirt.yml": "35389790c6d18c60370b907cee3ef608",
+ "spec/acceptance/nodesets/centos-7-x64.yml": "31c23abc0148831753e5c2a847ccdd11",
+ "spec/acceptance/nodesets/default.yml": "b9deaf5e0afc5216331da177f273a0a9",
+ "spec/acceptance/nodesets/ubuntu-server-12042-x64.yml": "76d8ebcb03ddd64fa7a45909cdee6240",
+ "spec/acceptance/swap_file_class_spec.rb": "e61e478cb58f1efa87d52edc815c961f",
+ "spec/acceptance/swap_file_files_fallocate_command.rb": "32e93f89f7eb6e782af4cf3c24f28fba",
+ "spec/acceptance/swap_file_files_multiple_spec.rb": "b63a30139ede9041dc66f48110faaf38",
+ "spec/acceptance/swap_file_files_parameters_spec.rb": "802f4b14d8a5bcdbb4ec7606531f7f69",
+ "spec/acceptance/swap_file_files_spec.rb": "e8b7145c3efff1174b8d3298449fdc87",
+ "spec/acceptance/swap_file_resizing_spec.rb": "54b43fb9c4f32fcbf1f462ce4f713cf9",
+ "spec/acceptance/swap_file_resizing_stringify_true_spec.rb": "00a753f91f2ac978a973f7eefed8daf5",
+ "spec/acceptance/swap_file_swappiness_spec.rb": "f11e3fe2975a02db6656142d513fd29e",
+ "spec/classes/init_spec.rb": "293d54f4bfa37917e66050816dd9a02e",
+ "spec/classes/swappiness_spec.rb": "b108f36149300bcf060014ea5e29c10f",
+ "spec/defines/files_spec.rb": "db3ddc3ff587054bae16efd9951aa33f",
+ "spec/defines/resize_spec.rb": "ef7b30ea867d0957847f76cf2b576f88",
+ "spec/fixtures/hiera/fqdn/files.yaml": "c09830704075f3cfe71d7baf2b2f0b9d",
+ "spec/fixtures/hiera/hiera.yaml": "beeeeaf9ff2a7848f66cadedb749b184",
+ "spec/fixtures/hiera/parameter_tests/files_hiera_merge.yaml": "cf0173f27f17b20123b9bd514d4549dc",
+ "spec/functions/difference_within_margin_spec.rb": "4c52adfaee7c34b4c554d4a498c375a1",
+ "spec/functions/swap_file_size_from_csv_array_spec.rb": "44e66b9ddc93a01040c3dd459987d2d9",
+ "spec/spec.opts": "841ff248f09ff26ea499e7621d3fef33",
+ "spec/spec_helper.rb": "9617cb9aa81f0152d7a1cd8820c9b9a9",
+ "spec/spec_helper_acceptance.rb": "e0ea4032fe2842e584b5b073eb438aa3",
+ "spec/unit/facter/swapfiles_fact_csv_spec.rb": "d3e855880eb87dffd40013131ab1529e",
+ "spec/unit/facter/swapfiles_fact_spec.rb": "5cfa5e555c58c23070f533f4a56d8933",
+ "spec/unit/puppet/provider/swap_file/linux_spec.rb": "c95f5ca88149a398babaa4f50029fca6",
+ "spec/unit/puppet/type/swap_file/swap_file_spec.rb": "f7696323957041fed2886eb9b24cf255"
+}
\ No newline at end of file
diff --git a/modules/build/unix/swap_file/contributing.json b/modules/build/unix/swap_file/contributing.json
new file mode 100644
index 000000000..9e208b5da
--- /dev/null
+++ b/modules/build/unix/swap_file/contributing.json
@@ -0,0 +1,32 @@
+{
+ "commit": {
+ "subject_cannot_be_empty": true,
+ "subject_must_be_longer_than": 4,
+ "subject_must_be_shorter_than": 101,
+ "subject_lines_must_be_shorter_than": 51,
+ "subject_must_be_single_line": true,
+ "subject_must_be_in_tense": "imperative",
+ "subject_must_start_with_case": "upper",
+ "subject_must_not_end_with_dot": true,
+ "body_lines_must_be_shorter_than": 73
+ },
+ "pull_request": {
+ "subject_cannot_be_empty": true,
+ "subject_must_be_longer_than": 4,
+ "subject_must_be_shorter_than": 101,
+ "subject_must_be_in_tense": "imperative",
+ "subject_must_start_with_case": "upper",
+ "subject_must_not_end_with_dot": true,
+ "body_cannot_be_empty": true
+ },
+ "issue": {
+ "subject_cannot_be_empty": true,
+ "subject_must_be_longer_than": 4,
+ "subject_must_be_shorter_than": 101,
+ "subject_must_be_in_tense": "imperative",
+ "subject_must_start_with_case": "upper",
+ "subject_must_not_end_with_dot": true,
+ "body_cannot_be_empty": true,
+ "body_must_include_reproduction_steps": true
+ }
+}
diff --git a/modules/build/unix/swap_file/examples/default_swap.pp b/modules/build/unix/swap_file/examples/default_swap.pp
new file mode 100644
index 000000000..cdd29bfa7
--- /dev/null
+++ b/modules/build/unix/swap_file/examples/default_swap.pp
@@ -0,0 +1,5 @@
+node default {
+ swap_file::files { 'default':
+ ensure => present,
+ }
+}
diff --git a/modules/build/unix/swap_file/examples/hiera/common.yaml b/modules/build/unix/swap_file/examples/hiera/common.yaml
new file mode 100644
index 000000000..0b57f0c71
--- /dev/null
+++ b/modules/build/unix/swap_file/examples/hiera/common.yaml
@@ -0,0 +1,12 @@
+---
+classes:
+ - swap_file
+
+swap_file::files:
+ 'from_common':
+ ensure: 'present'
+ swapfile: '/mnt/swap.common'
+
+# This will:
+# - call the class swap_file
+# - create a file '/mnt/swap.common' using /bin/dd with the default size taken from the $::memorysizeinbytes and create a mount for it.
diff --git a/modules/build/unix/swap_file/examples/hiera/fqdn/merge_disabled.domain.local.yaml b/modules/build/unix/swap_file/examples/hiera/fqdn/merge_disabled.domain.local.yaml
new file mode 100644
index 000000000..809d2d0a5
--- /dev/null
+++ b/modules/build/unix/swap_file/examples/hiera/fqdn/merge_disabled.domain.local.yaml
@@ -0,0 +1,13 @@
+---
+swap_file::files_hiera_merge: false
+swap_file::files:
+ 'from_fqdn':
+ ensure: 'present'
+ swapfile: '/mnt/swap.fqdn'
+ swapfilesize: '2 GB'
+ cmd: 'fallocate'
+
+# Because files_hiera_merge is set to false, this will create only the swapfiles specified in the most specific hiera level.
+
+# This will:
+# - create a file '/mnt/swap.fqdn' using /usr/bin/fallocate with size set to '2 GB' and creates mount for it.
diff --git a/modules/build/unix/swap_file/examples/hiera/fqdn/merge_enabled.domain.local.yaml b/modules/build/unix/swap_file/examples/hiera/fqdn/merge_enabled.domain.local.yaml
new file mode 100644
index 000000000..3954bbbe2
--- /dev/null
+++ b/modules/build/unix/swap_file/examples/hiera/fqdn/merge_enabled.domain.local.yaml
@@ -0,0 +1,16 @@
+---
+swap_file::files_hiera_merge: true
+swap_file::files:
+ 'from_fqdn':
+ ensure: 'present'
+ swapfile: '/mnt/swap.fqdn'
+ swapfilesize: '2 GB'
+ cmd: 'fallocate'
+
+# Because files_hiera_merge is set to true, this will create all swapfiles specified in different hiera levels.
+
+# This will:
+# - create a file '/mnt/swap.common' using /bin/dd with the default size taken from the $::memorysizeinbytes and create a mount for it.
+# - create a file '/mnt/swap.fqdn' using /usr/bin/fallocate with size set to '2 GB' and creates mount for it.
+
+
diff --git a/modules/build/unix/swap_file/examples/hiera/hiera.yaml b/modules/build/unix/swap_file/examples/hiera/hiera.yaml
new file mode 100644
index 000000000..974ab2e38
--- /dev/null
+++ b/modules/build/unix/swap_file/examples/hiera/hiera.yaml
@@ -0,0 +1,6 @@
+---
+:backends:
+ - yaml
+:hierarchy:
+ - fqdn/%{fqdn}
+ - common
diff --git a/modules/build/unix/swap_file/examples/multiple_swaps.pp b/modules/build/unix/swap_file/examples/multiple_swaps.pp
new file mode 100644
index 000000000..6f083f8e6
--- /dev/null
+++ b/modules/build/unix/swap_file/examples/multiple_swaps.pp
@@ -0,0 +1,17 @@
+node default {
+ class { '::swap_file':
+ files => {
+ 'swapfile' => {
+ ensure => 'present', # lint:ignore:ensure_first_param
+ },
+ 'use fallocate' => {
+ swapfile => '/tmp/swapfile.fallocate',
+ cmd => 'fallocate',
+ },
+ 'remove swap file' => {
+ ensure => 'absent', # lint:ignore:ensure_first_param
+ swapfile => '/tmp/swapfile.old',
+ },
+ },
+ }
+}
diff --git a/modules/build/unix/swap_file/lib/facter/swapfile_sizes.rb b/modules/build/unix/swap_file/lib/facter/swapfile_sizes.rb
new file mode 100644
index 000000000..10466e398
--- /dev/null
+++ b/modules/build/unix/swap_file/lib/facter/swapfile_sizes.rb
@@ -0,0 +1,34 @@
+if File.exists?('/proc/swaps')
+ swap_file_hash = {}
+
+ swap_file_output = Facter::Util::Resolution.exec('cat /proc/swaps')
+
+ # Sample Output
+ # Filename Type Size Used Priority
+ # /dev/dm-1 partition 524284 0 -1
+ # /mnt/swap.1 file 204796 0 -2
+ # /tmp/swapfile.fallocate file 204796 0 -3
+ swap_file_output_array = swap_file_output.split("\n")
+
+ # Remove the header line
+ swap_file_output_array.shift
+
+ swap_file_output_array.each do |line|
+
+ swap_file_line_array = line.gsub(/\s+/m, ' ').strip.split(" ")
+
+ # We only want swap-file information, not paritions
+ if swap_file_line_array[1] == 'file'
+ swap_file_hash[swap_file_line_array[0]] = swap_file_line_array[2]
+ end
+
+ end
+
+ Facter.add('swapfile_sizes') do
+ confine :kernel => 'Linux'
+ setcode do
+ swap_file_hash
+ end
+ end
+
+end
diff --git a/modules/build/unix/swap_file/lib/facter/swapfile_sizes_csv.rb b/modules/build/unix/swap_file/lib/facter/swapfile_sizes_csv.rb
new file mode 100644
index 000000000..2869b0f69
--- /dev/null
+++ b/modules/build/unix/swap_file/lib/facter/swapfile_sizes_csv.rb
@@ -0,0 +1,37 @@
+if File.exists?('/proc/swaps')
+ swap_file_array = []
+
+ swap_file_output = Facter::Util::Resolution.exec('cat /proc/swaps')
+
+ # Sample Output
+ # Filename Type Size Used Priority
+ # /dev/dm-1 partition 524284 0 -1
+ # /mnt/swap.1 file 204796 0 -2
+ # /tmp/swapfile.fallocate file 204796 0 -3
+ swap_file_output_array = swap_file_output.split("\n")
+
+ # Remove the header line
+ swap_file_output_array.shift
+
+ swap_file_output_array.each do |line|
+
+ swap_file_line_array = line.gsub(/\s+/m, ' ').strip.split(" ")
+
+ # We only want swap-file information, not paritions
+ if swap_file_line_array[1] == 'file'
+ pipe_seperated_string = "#{swap_file_line_array[0]}||#{swap_file_line_array[2]}"
+ swap_file_array << pipe_seperated_string
+ end
+
+ end
+
+ swapfile_csv = swap_file_array.join(',') unless swap_file_array.empty?
+
+ Facter.add('swapfile_sizes_csv') do
+ confine :kernel => 'Linux'
+ setcode do
+ swapfile_csv
+ end
+ end
+
+end
diff --git a/modules/build/unix/swap_file/lib/puppet/parser/functions/difference_within_margin.rb b/modules/build/unix/swap_file/lib/puppet/parser/functions/difference_within_margin.rb
new file mode 100644
index 000000000..a004182af
--- /dev/null
+++ b/modules/build/unix/swap_file/lib/puppet/parser/functions/difference_within_margin.rb
@@ -0,0 +1,62 @@
+# When given an array of two numbers and a margin, returns true
+# if the difference is less than the margin. Basically statistical
+# range with a margin.
+#
+# @example Difference between 150 and 100 is 50, margin is 60. So true
+# $within_margin = difference_within_margin([100,150],60)
+#
+# @example Difference between 150 and 100 is 50, margin is 40. So false
+# $within_margin = difference_within_margin([100,150],40)
+#
+# @return [Boolean] whether the difference between two numbers is within in a margin
+#
+# @param num_a [Array] array of two numbers to compare
+# @param num_b [Float] the margin to compare the two numbers
+module Puppet::Parser::Functions
+ newfunction(:difference_within_margin, :type => :rvalue, :doc => <<-EOS
+Get's the difference between two numbers, with a third argument as a margin
+
+*Example:*
+
+ compare_with_margin(100,150,60)
+
+Would result in:
+
+ true
+
+ compare_with_margin(100,150,40)
+
+Would result in:
+
+ false
+
+ EOS
+ ) do |arguments|
+
+ # Check that more than 2 arguments have been given ...
+ raise(Puppet::ParseError, "compare_with_margin(): Wrong number of arguments " +
+ "given (#{arguments.size} for 2)") unless arguments.size == 2
+
+ # Check that the first parameter is an array
+ unless arguments[0].is_a?(Array)
+ raise(Puppet::ParseError, 'difference_within_margin(): Requires array to work with')
+ end
+
+ # Check that the first parameter is an array
+ if arguments[0].empty?
+ raise(Puppet::ParseError, 'difference_within_margin(): arg[0] array cannot be empty')
+ end
+
+ arguments[0].collect! { |i| i.to_f }
+
+ difference = arguments[0].minmax[1].to_f - arguments[0].minmax[0].to_f
+
+ if difference < arguments[1].to_f
+ return true
+ else
+ return false
+ end
+ end
+end
+
+# vim: set ts=2 sw=2 et :
diff --git a/modules/build/unix/swap_file/lib/puppet/parser/functions/swap_file_size_from_csv.rb b/modules/build/unix/swap_file/lib/puppet/parser/functions/swap_file_size_from_csv.rb
new file mode 100644
index 000000000..892c08895
--- /dev/null
+++ b/modules/build/unix/swap_file/lib/puppet/parser/functions/swap_file_size_from_csv.rb
@@ -0,0 +1,36 @@
+#
+# swap_file_size_from_csv.rb
+#
+module Puppet::Parser::Functions
+ newfunction(:swap_file_size_from_csv, :type => :rvalue, :doc => <<-EOS
+Given a csv of swap files and sizes, split by pipe (||), we can determine the size in bytes of the swapfile
+Will return false if the swapfile is not found in the csv
+*Examples:*
+ get_swap_file_size_from_csv('/mnt/swap.1','/mnt/swap.1||1019900,/mnt/swap.1||1019900')
+Would return: 1019900
+ get_swap_file_size_from_csv('/mnt/swap.2','/mnt/swap.1||1019900,/mnt/swap.1||1019900')
+Would return: false
+ EOS
+ ) do |arguments|
+ raise(Puppet::ParseError, "swap_file_size_from_csv(): Wrong number of arguments " +
+ "given (#{arguments.size} for 2)") if arguments.size < 2
+ unless arguments[0].is_a? String
+ raise(Puppet::ParseError, "swap_file_size_from_csv(): swapfile name but be a string (Got #{arguments[0].class}")
+ end
+ unless arguments[1].is_a? String
+ raise(Puppet::ParseError, "swap_file_size_from_csv(): Requires string to work with (Got #{arguments[1].class}")
+ end
+ lines = arguments[1].strip.split(',')
+
+ swapfile_found = false
+
+ lines.each do | swapfile_csv |
+ swapfile_csv_array = swapfile_csv.split(',')
+ swapfile_name = swapfile_csv.split('||')[0]
+ swapfile_size = swapfile_csv.split('||')[1]
+ swapfile_found = swapfile_size if arguments[0] == swapfile_name
+ end
+ swapfile_found
+ end
+end
+# vim: set ts=2 sw=2 et :
diff --git a/modules/build/unix/swap_file/lib/puppet/provider/swap_file/linux.rb b/modules/build/unix/swap_file/lib/puppet/provider/swap_file/linux.rb
new file mode 100644
index 000000000..7f7e19560
--- /dev/null
+++ b/modules/build/unix/swap_file/lib/puppet/provider/swap_file/linux.rb
@@ -0,0 +1,113 @@
+Puppet::Type.type(:swap_file).provide(:linux) do
+
+ desc "Swap file management via `swapon`, `swapoff` and `mkswap`"
+
+ confine :kernel => :linux
+ commands :swapon => 'swapon'
+ commands :swapoff => 'swapoff'
+ commands :mkswap => 'mkswap'
+
+ mk_resource_methods
+
+ def initialize(value={})
+ super(value)
+ @property_flush = {}
+ end
+
+ def self.get_swap_files
+ swapfiles = swapon(['-s']).split("\n")
+ swapfiles.shift
+ swapfiles.sort
+ end
+
+ def self.prefetch(resources)
+ instances.each do |prov|
+ if resource = resources[prov.name]
+ resource.provider = prov
+ end
+ end
+ end
+
+ def self.instances
+ get_swap_files.collect do |swapfile_line|
+ new(get_swapfile_properties(swapfile_line))
+ end
+ end
+
+ def self.get_swapfile_properties(swapfile_line)
+ swapfile_properties = {}
+
+ # swapon -s output formats thus:
+ # Filename Type Size Used Priority
+
+ # Split on spaces
+ output_array = swapfile_line.strip.split(/\s+/)
+
+ # Assign properties based on headers
+ swapfile_properties = {
+ :ensure => :present,
+ :name => output_array[0],
+ :file => output_array[0],
+ :type => output_array[1],
+ :size => output_array[2],
+ :used => output_array[3],
+ :priority => output_array[4]
+ }
+
+ swapfile_properties[:provider] = :swap_file
+ Puppet.debug "Swapfile: #{swapfile_properties.inspect}"
+ swapfile_properties
+ end
+
+ def exists?
+ @property_hash[:ensure] == :present
+ end
+
+ def create
+ @property_flush[:ensure] = :present
+ end
+
+ def destroy
+ @property_flush[:ensure] = :absent
+ end
+
+ def create_swap_file(file_path)
+ mk_swap(file_path)
+ swap_on(file_path)
+ end
+
+ def mk_swap(file_path)
+ Puppet.debug "Running `mkswap #{file_path}`"
+ output = mkswap([file_path])
+ Puppet.debug "Returned value: #{output}`"
+ end
+
+ def swap_on(file_path)
+ Puppet.debug "Running `swapon #{file_path}`"
+ output = swapon([file_path])
+ Puppet.debug "Returned value: #{output}"
+ end
+
+ def swap_off(file_path)
+ Puppet.debug "Running `swapoff #{file_path}`"
+ output = swapoff([file_path])
+ Puppet.debug "Returned value: #{output}"
+ end
+
+ def set_swapfile
+ if @property_flush[:ensure] == :absent
+ swap_off(resource[:name])
+ return
+ end
+
+ create_swap_file(resource[:name]) unless exists?
+ end
+
+ def flush
+ set_swapfile
+ # Collect the resources again once they've been changed (that way `puppet
+ # resource` will show the correct values after changes have been made).
+ @property_hash = self.class.get_swapfile_properties(resource[:name])
+ end
+
+end
diff --git a/modules/build/unix/swap_file/lib/puppet/type/swap_file.rb b/modules/build/unix/swap_file/lib/puppet/type/swap_file.rb
new file mode 100644
index 000000000..cf0bce20b
--- /dev/null
+++ b/modules/build/unix/swap_file/lib/puppet/type/swap_file.rb
@@ -0,0 +1,40 @@
+Puppet::Type.newtype(:swap_file) do
+
+ ensurable
+
+ desc <<-DOC
+ Used to configure swap files
+ === Examples
+
+ swap_file { '/mnt/swap.1':
+ ensure => 'present',
+ size => '1068028',
+ }
+ DOC
+
+ @doc = 'Type representing swap files.'
+
+ newparam(:file, :namevar => true) do
+ desc "The file path of the swapfile."
+ validate do |value|
+ fail "file parameter must be a valid absolute path" unless Puppet::Util.absolute_path?(value)
+ end
+ end
+
+ newproperty(:type) do
+ desc "The type of the swapfile"
+ end
+
+ newproperty(:size) do
+ desc "The size of the swapfile in bytes"
+ end
+
+ newproperty(:used) do
+ desc "The amount of space used"
+ end
+
+ newproperty(:priority) do
+ desc "The priority of the swapfile"
+ end
+
+end
\ No newline at end of file
diff --git a/modules/build/unix/swap_file/manifests/files.pp b/modules/build/unix/swap_file/manifests/files.pp
new file mode 100644
index 000000000..6ef78e2cd
--- /dev/null
+++ b/modules/build/unix/swap_file/manifests/files.pp
@@ -0,0 +1,143 @@
+# Define: swap_file::files
+#
+# This is a defined type to create a swap_file
+#
+# == Parameters
+# [*ensure*]
+# Allows creation or removal of swapspace and the corresponding file.
+# [*swapfile*]
+# Location of swapfile, defaults to /mnt
+# [*swapfilesize*]
+# Size of the swapfile as a string (eg. 10 MB, 1.2 GB).
+# Defaults to $::memorysize fact on the node
+# [*add_mount*]
+# Add a mount to the swapfile so it persists on boot
+# [*options*]
+# Mount options for the swapfile
+# [*timeout*]
+# dd command exec timeout.
+# Defaults to 300
+# [*cmd*]
+# What command is used to create the file, dd or fallocate. dd is better tested and safer but fallocate is significantly faster.
+# Defaults to dd
+#
+# == Examples
+#
+# swap_file::files { 'default':
+# ensure => present,
+# swapfile => '/mnt/swap.55',
+# }
+#
+# == Authors
+# @petems - Peter Souter
+#
+define swap_file::files (
+ $ensure = 'present',
+ $swapfile = '/mnt/swap.1',
+ $swapfilesize = $::memorysize,
+ $add_mount = true,
+ $options = 'defaults',
+ $timeout = 300,
+ $cmd = 'dd',
+ $resize_existing = false,
+ $resize_margin = '50MB',
+ $resize_verbose = false,
+)
+{
+ # Parameter validation
+ validate_legacy(String, 'validate_re', $ensure, ['^absent$', '^present$'])
+ validate_legacy(String, 'validate_string', $swapfile)
+ $swapfilesize_mb = to_bytes($swapfilesize) / 1048576
+ validate_legacy(Boolean, 'validate_bool', $add_mount)
+
+ if $ensure == 'present' {
+
+ if ($resize_existing and $::swapfile_sizes) {
+
+ if (is_hash($::swapfile_sizes)) {
+
+ if (has_key($::swapfile_sizes,$swapfile)) {
+ ::swap_file::resize { $swapfile:
+ swapfile_path => $swapfile,
+ margin => $resize_margin,
+ expected_swapfile_size => $swapfilesize,
+ actual_swapfile_size => $::swapfile_sizes[$swapfile],
+ verbose => $resize_verbose,
+ before => Exec["Create swap file ${swapfile}"],
+ }
+ }
+
+ } else {
+ $existing_swapfile_size = swap_file_size_from_csv($swapfile,$::swapfile_sizes_csv)
+ if ($existing_swapfile_size) {
+ ::swap_file::resize { $swapfile:
+ swapfile_path => $swapfile,
+ margin => $resize_margin,
+ expected_swapfile_size => $swapfilesize,
+ actual_swapfile_size => $existing_swapfile_size,
+ verbose => $resize_verbose,
+ before => Exec["Create swap file ${swapfile}"],
+ }
+ }
+ }
+ }
+
+ exec { "Create swap file ${swapfile}":
+ creates => $swapfile,
+ timeout => $timeout,
+ }
+ case $cmd {
+ 'dd': {
+ Exec["Create swap file ${swapfile}"] { command => "/bin/dd if=/dev/zero of=${swapfile} bs=1M count=${swapfilesize_mb}" }
+ }
+ 'fallocate': {
+ Exec["Create swap file ${swapfile}"] { command => "/usr/bin/fallocate -l ${swapfilesize_mb}M ${swapfile}" }
+ }
+ default: {
+ fail("Invalid cmd: ${cmd} - (Must be 'dd' or 'fallocate')")
+ }
+ }
+ file { $swapfile:
+ owner => root,
+ group => root,
+ mode => '0600',
+ require => Exec["Create swap file ${swapfile}"],
+ }
+
+ if $::selinux {
+ File[$swapfile] {
+ seltype => 'swapfile_t',
+ }
+ }
+
+ swap_file { $swapfile:
+ ensure => 'present',
+ require => File[$swapfile],
+ }
+ if $add_mount {
+ mount { $swapfile:
+ ensure => present,
+ fstype => swap,
+ device => $swapfile,
+ options => $options,
+ dump => 0,
+ pass => 0,
+ require => Swap_file[$swapfile],
+ }
+ }
+ }
+ elsif $ensure == 'absent' {
+ swap_file { $swapfile:
+ ensure => 'absent',
+ }
+ file { $swapfile:
+ ensure => absent,
+ backup => false,
+ require => Swap_file[$swapfile],
+ }
+ mount { $swapfile:
+ ensure => absent,
+ device => $swapfile,
+ }
+ }
+}
diff --git a/modules/build/unix/swap_file/manifests/init.pp b/modules/build/unix/swap_file/manifests/init.pp
new file mode 100644
index 000000000..9486ba0f0
--- /dev/null
+++ b/modules/build/unix/swap_file/manifests/init.pp
@@ -0,0 +1,65 @@
+# Main class to allow passing required swapfiles as hashes
+#
+# @example Will create one swapfile in /mnt/swap using the defaults.
+# class { '::swap_file':
+# 'files' => {
+# 'resource_name' => {
+# ensure => present,
+# swapfile => '/mnt/swap',
+# },
+# },
+# }
+#
+# @example Will create two swapfile with the given parameters
+# class { 'swap_file':
+# 'files' => {
+# 'swap1' => {
+# ensure => present,
+# swapfile => '/mnt/swap.1',
+# swapfilesize => '1 GB',
+# },
+# 'swap2' => {
+# ensure => present,
+# swapfile => '/mnt/swap.2',
+# swapfilesize => '2 GB',
+# cmd => 'fallocate',
+# },
+# },
+# }
+#
+# @example Will merge all found instances of swap_file::files found in hiera and create resources for these.
+# class { '::swap_file':
+# files_hiera_merge: true,
+# }
+#
+# @param [Hash] files Hash of swap files to ensure with swap_file::files
+# @param [Boolean] files_hiera_merge Boolean to merge all found instances of swap_file::files in Hiera.
+# This can be used to specify swap files at different levels an have
+# them all included in the catalog.
+#
+# @author - Peter Souter
+#
+class swap_file (
+ $files = {},
+ $files_hiera_merge = false,
+) {
+
+ # variable handling
+ if $files_hiera_merge =~ Boolean {
+ $files_hiera_merge_bool = $files_hiera_merge
+ } else {
+ $files_hiera_merge_bool = str2bool($files_hiera_merge)
+ }
+ validate_legacy(Boolean, 'validate_bool', $files_hiera_merge_bool)
+
+ # functionality
+ if $files_hiera_merge_bool == true {
+ $files_real = hiera_hash('swap_file::files', {})
+ } else {
+ $files_real = $files
+ }
+ if $files_real != undef {
+ validate_legacy(Hash, 'validate_hash', $files_real)
+ create_resources('swap_file::files', $files_real)
+ }
+}
diff --git a/modules/build/unix/swap_file/manifests/resize.pp b/modules/build/unix/swap_file/manifests/resize.pp
new file mode 100644
index 000000000..2dbe1764f
--- /dev/null
+++ b/modules/build/unix/swap_file/manifests/resize.pp
@@ -0,0 +1,49 @@
+# A defined type to resize an existing swapfile
+#
+# @example
+# ::swap_file::resize { '/mnt/swap.1:
+# swapfile_path => '/mnt/swap.1',
+# margin => '500 MB',
+# expected_swapfile_size => '1 GB,
+# }
+#
+# @param [String] swapfile_path Path to the swapfile
+# @param [String] expected_swapfile_size Expected size of the swapfile
+# @param [String] actual_swapfile_size Actual size of the swapfile
+# @param [String] margin Margin that is checked before resizing the swapfile
+# @param [Boolean] verbose Adds a notify to explain why the change was made
+#
+# @author - Peter Souter
+#
+define swap_file::resize (
+ $swapfile_path,
+ $expected_swapfile_size,
+ $actual_swapfile_size,
+ $margin = '50MB',
+ $verbose = false,
+)
+{
+ $margin_bytes = to_bytes($margin)
+ $existing_swapfile_bytes = to_bytes("${actual_swapfile_size}kb")
+ $expected_swapfile_size_bytes = to_bytes($expected_swapfile_size)
+
+ if !($expected_swapfile_size_bytes == $existing_swapfile_bytes) {
+ if !(difference_within_margin([$existing_swapfile_bytes, $expected_swapfile_size_bytes],$margin_bytes)) {
+ if ($verbose) {
+ $alert_message = "Existing : ${existing_swapfile_bytes}B\nExpected: ${expected_swapfile_size_bytes}B\nMargin: ${margin_bytes}B"
+ notify{"Resizing Swapfile Alert ${swapfile_path}":
+ name => $alert_message,
+ }
+ }
+ exec { "Detach swap file ${swapfile_path} for resize":
+ command => "/sbin/swapoff ${swapfile_path}",
+ onlyif => "/sbin/swapon -s | grep ${swapfile_path}",
+ } -> exec { "Purge ${swapfile_path} for resize":
+ command => "/bin/rm -f ${swapfile_path}",
+ onlyif => "test -f ${swapfile_path}",
+ path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ],
+ }
+ }
+ }
+
+}
diff --git a/modules/build/unix/swap_file/manifests/swappiness.pp b/modules/build/unix/swap_file/manifests/swappiness.pp
new file mode 100644
index 000000000..3b76ae884
--- /dev/null
+++ b/modules/build/unix/swap_file/manifests/swappiness.pp
@@ -0,0 +1,23 @@
+# Allows setting the kernel swappiness setting
+#
+# @example Will set the sysctl setting for swappiness to 75
+# class { '::swap_file::swappiness':
+# swappiness => 75,
+# }
+#
+# @param [String] swapiness Swapiness level, integer from 0 - 100 inclusive
+#
+# @author - Peter Souter
+#
+class swap_file::swappiness (
+ $swappiness = 60,
+) {
+
+ validate_legacy(Integer, 'validate_integer', $swappiness, [100, 0])
+
+ sysctl { 'vm.swappiness':
+ ensure => 'present',
+ value => $swappiness,
+ }
+
+}
diff --git a/modules/build/unix/swap_file/metadata.json b/modules/build/unix/swap_file/metadata.json
new file mode 100644
index 000000000..0fed944e6
--- /dev/null
+++ b/modules/build/unix/swap_file/metadata.json
@@ -0,0 +1,55 @@
+{
+ "name": "petems-swap_file",
+ "version": "4.0.2",
+ "author": "Peter Souter",
+ "summary": "Create swap files for Linux systems with Puppet",
+ "license": "Apache-2.0",
+ "source": "https://github.com/petems/petems-swap_file",
+ "project_page": "https://github.com/petems/petems-swap_file",
+ "issues_url": "https://github.com/petems/petems-swap_file/issues",
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "CentOS",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Ubuntu",
+ "operatingsystemrelease": [
+ "10.04",
+ "12.04",
+ "14.04"
+ ]
+ }
+ ],
+ "requirements": [
+ {
+ "name": "puppet",
+ "version_requirement": ">= 4.0.0"
+ }
+ ],
+ "dependencies": [
+ {"name":"puppetlabs/stdlib","version_requirement":">= 4.23.0 < 6.0.0"},
+ {"name":"puppetlabs/mount_core","version_requirement":">= 1.0.0 < 2.0.0"},
+ {"name":"herculesteam/augeasproviders_sysctl","version_requirement":">=2.1.0 < 3.0.0"},
+ {"name":"herculesteam/augeasproviders_core","version_requirement":">=2.1.0 < 3.0.0"}
+ ]
+}
diff --git a/modules/build/unix/swap_file/secgen_metadata.xml b/modules/build/unix/swap_file/secgen_metadata.xml
new file mode 100644
index 000000000..1c9232c1f
--- /dev/null
+++ b/modules/build/unix/swap_file/secgen_metadata.xml
@@ -0,0 +1,19 @@
+
+
+ Swap File Module
+ Thomas Shaw
+ MIT
+ TODO:
+
+ swap
+ linux
+
+ size
+
+
+ 2 GB
+
+
+
\ No newline at end of file
diff --git a/modules/build/unix/swap_file/spec/acceptance/nodesets/Vagrantfile-vagrant_custom b/modules/build/unix/swap_file/spec/acceptance/nodesets/Vagrantfile-vagrant_custom
new file mode 100644
index 000000000..a78fcb20b
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/nodesets/Vagrantfile-vagrant_custom
@@ -0,0 +1,11 @@
+Vagrant.configure("2") do |c|
+ c.ssh.insert_key = false
+ c.vm.define 'centos-7-x64' do |v|
+ v.vm.hostname = 'centos-7-x64'
+ v.vm.box = 'centos/7'
+ v.vm.box_check_update = 'true'
+ v.vm.provider :libvirt do |node|
+ node.memory = 512
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-6-x64.yml b/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-6-x64.yml
new file mode 100644
index 000000000..635d4a1eb
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-6-x64.yml
@@ -0,0 +1,11 @@
+HOSTS:
+ centos-6-x64:
+ roles:
+ - master
+ platform: el-6-x86_64
+ box : puppetlabs/centos-6.6-64-nocm
+ box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-6.6-64-nocm
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: foss
diff --git a/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-7-x64-vagrant_libvirt.yml b/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-7-x64-vagrant_libvirt.yml
new file mode 100644
index 000000000..5cf9a9bca
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-7-x64-vagrant_libvirt.yml
@@ -0,0 +1,11 @@
+HOSTS:
+ centos-7-x64:
+ roles:
+ - default
+ platform: el-7-x86_64
+ box : centos/7
+ hypervisor : vagrant_libvirt
+CONFIG:
+ type: foss
+ log_level: verbose
+ network_mac: '5a:65:a9:97:e4:e4'
diff --git a/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-7-x64.yml b/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-7-x64.yml
new file mode 100644
index 000000000..028a1b5e3
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/nodesets/centos-7-x64.yml
@@ -0,0 +1,11 @@
+HOSTS:
+ centos-7-x64:
+ roles:
+ - master
+ platform: el-7-x86_64
+ box: puppetlabs/centos-7.0-64-nocm
+ box_url: https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm
+ hypervisor: vagrant
+CONFIG:
+ log_level: verbose
+ type: foss
\ No newline at end of file
diff --git a/modules/build/unix/swap_file/spec/acceptance/nodesets/default.yml b/modules/build/unix/swap_file/spec/acceptance/nodesets/default.yml
new file mode 100644
index 000000000..e356fe7ec
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/nodesets/default.yml
@@ -0,0 +1,11 @@
+HOSTS:
+ ubuntu-server-1204-x64:
+ roles:
+ - master
+ platform: ubuntu-12.04-amd64
+ box : puppetlabs/ubuntu-12.04-64-nocm
+ box_url : https://vagrantcloud.com/puppetlabs/ubuntu-12.04-64-nocm
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: foss
diff --git a/modules/build/unix/swap_file/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/modules/build/unix/swap_file/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml
new file mode 100644
index 000000000..b4bdfb45f
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml
@@ -0,0 +1,11 @@
+HOSTS:
+ ubuntu-server-1204-x64:
+ roles:
+ - master
+ platform: ubuntu-12.04-amd64
+ box : puppetlabs/ubuntu-12.04-64-nocm
+ box_url : https://vagrantcloud.com/puppetlabs/ubuntu-12.04-64-nocm
+ hypervisor : vagrant
+CONFIG:
+ log_level: debug
+ type: foss
\ No newline at end of file
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_class_spec.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_class_spec.rb
new file mode 100644
index 000000000..19c4905a1
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_class_spec.rb
@@ -0,0 +1,45 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'swap_file' do
+ context 'ensure => present' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'swap_file':
+ files => {
+ 'swapfile' => {
+ ensure => 'present',
+ },
+ 'use fallocate' => {
+ swapfile => '/tmp/swapfile.fallocate',
+ cmd => 'fallocate',
+ },
+ 'remove swap file' => {
+ ensure => 'absent',
+ swapfile => '/tmp/swapfile.old',
+ },
+ },
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the default swapfile' do
+ shell('/sbin/swapon -s | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default fstab setting' do
+ shell('cat /etc/fstab | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ shell('cat /etc/fstab | grep defaults', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default swapfile' do
+ shell('/sbin/swapon -s | grep /tmp/swapfile.fallocate', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default fstab setting' do
+ shell('cat /etc/fstab | grep /tmp/swapfile.fallocate', :acceptable_exit_codes => [0])
+ end
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_files_fallocate_command.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_fallocate_command.rb
new file mode 100644
index 000000000..9573ba232
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_fallocate_command.rb
@@ -0,0 +1,25 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file::files defined type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'fallocate command', :unless => ['FreeBSD'].include?(fact('osfamily')) do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'default':
+ ensure => present,
+ cmd => 'fallocate',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the default swapfile' do
+ shell('/sbin/swapon -s | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default fstab setting' do
+ shell('cat /etc/fstab | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ shell('cat /etc/fstab | grep defaults', :acceptable_exit_codes => [0])
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_files_multiple_spec.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_multiple_spec.rb
new file mode 100644
index 000000000..06a362026
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_multiple_spec.rb
@@ -0,0 +1,31 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file::files defined type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'multiple swap_file::files', :unless => ['FreeBSD'].include?(fact('osfamily')) do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'tmp file swap 1':
+ ensure => present,
+ swapfile => '/tmp/swapfile1',
+ }
+
+ swap_file::files { 'tmp file swap 2':
+ ensure => present,
+ swapfile => '/tmp/swapfile2',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfile' do
+ shell('/sbin/swapon -s | grep /tmp/swapfile1', :acceptable_exit_codes => [0])
+ shell('/sbin/swapon -s | grep /tmp/swapfile2', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default fstab setting' do
+ shell('cat /etc/fstab | grep /tmp/swapfile1', :acceptable_exit_codes => [0])
+ shell('cat /etc/fstab | grep /tmp/swapfile2', :acceptable_exit_codes => [0])
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_files_parameters_spec.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_parameters_spec.rb
new file mode 100644
index 000000000..f794b758c
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_parameters_spec.rb
@@ -0,0 +1,35 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file::files defined type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'swap_file' do
+ context 'custom parameters' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'tmp file swap':
+ ensure => present,
+ swapfile => '/tmp/swapfile',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfile' do
+ if ["FreeBSD"].include?(fact('osfamily'))
+ shell('/usr/sbin/swapinfo | grep /dev/md99', :acceptable_exit_codes => [0])
+ else
+ shell('/sbin/swapon -s | grep /tmp/swapfile', :acceptable_exit_codes => [0])
+ end
+ end
+ it 'should contain the given fstab setting' do
+ shell('cat /etc/fstab | grep /tmp/swapfile', :acceptable_exit_codes => [0])
+ if ["FreeBSD"].include?(fact('osfamily'))
+ shell('cat /etc/fstab | grep md99', :acceptable_exit_codes => [0])
+ else
+ shell('cat /etc/fstab | grep defaults', :acceptable_exit_codes => [0])
+ end
+ end
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_files_spec.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_spec.rb
new file mode 100644
index 000000000..913ebeb51
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_files_spec.rb
@@ -0,0 +1,73 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file::files defined type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'swap_file' do
+ context 'ensure => present' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'default':
+ ensure => present,
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the default swapfile' do
+ shell('/sbin/swapon -s | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default fstab setting' do
+ shell('cat /etc/fstab | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ shell('cat /etc/fstab | grep defaults', :acceptable_exit_codes => [0])
+ end
+ end
+ context 'custom parameters' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'tmp file swap':
+ ensure => present,
+ swapfile => '/tmp/swapfile',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfile' do
+ shell('/sbin/swapon -s | grep /tmp/swapfile', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default fstab setting' do
+ shell('cat /etc/fstab | grep /tmp/swapfile', :acceptable_exit_codes => [0])
+ shell('cat /etc/fstab | grep defaults', :acceptable_exit_codes => [0])
+ end
+ end
+ context 'multiple swap_file::files' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'tmp file swap 1':
+ ensure => present,
+ swapfile => '/tmp/swapfile1',
+ }
+
+ swap_file::files { 'tmp file swap 2':
+ ensure => present,
+ swapfile => '/tmp/swapfile2',
+ }
+ EOS
+
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfiles' do
+ shell('/sbin/swapon -s | grep /tmp/swapfile1', :acceptable_exit_codes => [0])
+ shell('/sbin/swapon -s | grep /tmp/swapfile2', :acceptable_exit_codes => [0])
+ end
+ it 'should contain the default fstab setting' do
+ shell('cat /etc/fstab | grep /tmp/swapfile1', :acceptable_exit_codes => [0])
+ shell('cat /etc/fstab | grep /tmp/swapfile2', :acceptable_exit_codes => [0])
+ end
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_resizing_spec.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_resizing_spec.rb
new file mode 100644
index 000000000..74eab21ba
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_resizing_spec.rb
@@ -0,0 +1,50 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'disable stringify_facts' do
+ shell('puppet config set stringify_facts false --section=agent', { :acceptable_exit_codes => [0,1] })
+ shell('puppet config set stringify_facts false', { :acceptable_exit_codes => [0,1] })
+ end
+
+ context 'swap_file' do
+ context 'swapfilesize => 100' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'default':
+ ensure => present,
+ swapfilesize => '100MB',
+ resize_existing => true,
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfile with the correct size (102396/100MB)' do
+ shell('/sbin/swapon -s | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ shell('/bin/cat /proc/swaps | grep 102396', :acceptable_exit_codes => [0])
+ end
+ end
+ context 'resize swap file' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'default':
+ ensure => present,
+ swapfilesize => '200MB',
+ resize_existing => true,
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfile with the resized size (204796kb/200MB)' do
+ shell('/sbin/swapon -s | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ shell('/bin/cat /proc/swaps | grep 204796', :acceptable_exit_codes => [0])
+ end
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_resizing_stringify_true_spec.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_resizing_stringify_true_spec.rb
new file mode 100644
index 000000000..c16c0ccb3
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_resizing_stringify_true_spec.rb
@@ -0,0 +1,51 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'disable stringify_facts' do
+ shell('puppet config set stringify_facts true --section=agent', { :acceptable_exit_codes => [0,1] })
+ shell('puppet config set stringify_facts true', { :acceptable_exit_codes => [0,1] })
+ end
+
+ context 'swap_file' do
+ context 'swapfilesize => 100' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ swap_file::files { 'default':
+ ensure => present,
+ swapfilesize => '100MB',
+ resize_existing => true,
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfile with the correct size (102396/100MB)' do
+ shell('/sbin/swapon -s | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ shell('/bin/cat /proc/swaps | grep 102396', :acceptable_exit_codes => [0])
+ end
+ end
+ context 'resize swap file' do
+ it 'errors out if stringify_facts is true and resize_existing is true' do
+ pp = <<-EOS
+ swap_file::files { 'default':
+ ensure => present,
+ swapfilesize => '200MB',
+ resize_existing => true,
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should contain the given swapfile with the resized size (204796kb/200MB)' do
+ shell('/sbin/swapon -s | grep /mnt/swap.1', :acceptable_exit_codes => [0])
+ shell('/bin/cat /proc/swaps | grep 204796', :acceptable_exit_codes => [0])
+ end
+ end
+ end
+
+end
diff --git a/modules/build/unix/swap_file/spec/acceptance/swap_file_swappiness_spec.rb b/modules/build/unix/swap_file/spec/acceptance/swap_file_swappiness_spec.rb
new file mode 100644
index 000000000..d18255735
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/acceptance/swap_file_swappiness_spec.rb
@@ -0,0 +1,24 @@
+require 'spec_helper_acceptance'
+
+describe 'swap_file::swappiness class', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+ context 'swap_file::swappiness' do
+ context 'swappiness => 75, permanent => false' do
+ it 'should work with no errors' do
+ pp = <<-EOS
+ class { 'swap_file::swappiness':
+ swappiness => 75,
+ }
+ EOS
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ apply_manifest(pp, :catch_changes => true)
+ end
+ it 'should set the swappiness to 75 in a seperate sysctl file' do
+ shell('/bin/cat /proc/sys/vm/swappiness | grep 75', :acceptable_exit_codes => [0])
+ end
+ end
+ end
+
+end
diff --git a/modules/build/unix/swap_file/spec/classes/init_spec.rb b/modules/build/unix/swap_file/spec/classes/init_spec.rb
new file mode 100644
index 000000000..916c3c958
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/classes/init_spec.rb
@@ -0,0 +1,156 @@
+require 'spec_helper'
+describe 'swap_file' do
+ let(:facts) do
+ {
+ :memorysize => '1.00 GB',
+ selinux: true,
+ }
+ end
+
+ context 'with defaults for all parameters' do
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('swap_file') }
+ it { is_expected.to have_resource_count(0) }
+ end
+
+ context 'with files set to valid hash' do
+ let(:params) do
+ {
+ :files => {
+ 'swap' => {
+ 'ensure' => 'present',
+ },
+ 'test' => {
+ 'swapfile' => '/mnt/test',
+ },
+ }
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('swap_file') }
+ # subclass swap_file::files adds 4 resources for each given file
+ it { is_expected.to have_resource_count(10) }
+
+ it do
+ is_expected.to contain_swap_file__files('swap').with({
+ 'ensure' => 'present',
+ })
+ end
+
+ it do
+ is_expected.to contain_swap_file__files('test').with({
+ 'swapfile' => '/mnt/test',
+ })
+ end
+ end
+
+ describe 'with data for swap_file::files provided in multiple hiera levels' do
+ let(:facts) do
+ {
+ :fqdn => 'files',
+ :parameter_tests => 'files_hiera_merge',
+ :memorysize => '1.00 GB',
+ :selinux => true,
+ }
+ end
+
+ context 'when files_hiera_merge is set to the default value ' do
+ let(:params) { { :files_hiera_merge => false } }
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('swap_file') }
+ it { is_expected.to have_resource_count(5) }
+
+ it do
+ is_expected.to contain_swap_file__files('resource_name').with({
+ 'ensure' => 'present',
+ 'swapfile' => '/mnt/swap',
+ })
+ end
+ end
+
+ context 'when files_hiera_merge is set to valid value ' do
+ let(:params) { { :files_hiera_merge => true } }
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('swap_file') }
+ it { is_expected.to have_resource_count(15) }
+
+ it do
+ is_expected.to contain_swap_file__files('resource_name').with({
+ 'ensure' => 'present',
+ 'swapfile' => '/mnt/swap',
+ })
+ end
+
+ it do
+ is_expected.to contain_swap_file__files('swap1').with({
+ 'ensure' => 'present',
+ 'swapfile' => '/mnt/swap.1',
+ 'swapfilesize' => '1 GB',
+ })
+ end
+
+ it do
+ is_expected.to contain_swap_file__files('swap2').with({
+ 'ensure' => 'present',
+ 'swapfile' => '/mnt/swap.2',
+ 'swapfilesize' => '2 GB',
+ 'cmd' => 'fallocate',
+ })
+ end
+ end
+ end
+
+ describe 'variable type and content validations' do
+ # set needed custom facts and variables
+ let(:facts) do
+ {
+ :osfamily => 'RedHat',
+ :memorysize => '1.00 GB',
+ :selinux => true,
+ }
+ end
+ let(:validation_params) do
+ {
+ #:param => 'value',
+ }
+ end
+
+ validations = {
+ 'bool_stringified' => {
+ :name => %w(files_hiera_merge),
+ :valid => [true, false, 'true', 'false'],
+ :invalid => ['invalid', %w(array), { 'ha' => 'sh' }, 3, 2.42, nil],
+ :message => '(Unknown type of boolean|str2bool\(\): (Requires either string to work with|Requires string to work with))',
+ },
+ 'hash' => {
+ :name => %w(files),
+ :valid => [{ 'swap' => { 'ensure' => 'present' } }],
+ :invalid => ['invalid', %w(array), 3, 2.42, true, false, nil],
+ :message => '(is not a Hash|expects a Hash value, got)',
+ },
+ }
+
+ validations.sort.each do |type, var|
+ var[:name].each do |var_name|
+ var[:valid].each do |valid|
+ context "with #{var_name} (#{type}) set to valid #{valid} (as #{valid.class})" do
+ let(:params) { validation_params.merge({ :"#{var_name}" => valid, }) }
+ it { is_expected.to compile }
+ end
+ end
+
+ var[:invalid].each do |invalid|
+ context "with #{var_name} (#{type}) set to invalid #{invalid} (as #{invalid.class})" do
+ let(:params) { validation_params.merge({ :"#{var_name}" => invalid, }) }
+ it 'should fail' do
+ expect do
+ is_expected.to contain_class(subject)
+ end.to raise_error(Puppet::Error, /#{var[:message]}/)
+ end
+ end
+ end
+ end # var[:name].each
+ end # validations.sort.each
+ end # describe 'variable type and content validations'
+end
diff --git a/modules/build/unix/swap_file/spec/classes/swappiness_spec.rb b/modules/build/unix/swap_file/spec/classes/swappiness_spec.rb
new file mode 100644
index 000000000..c8534d20d
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/classes/swappiness_spec.rb
@@ -0,0 +1,14 @@
+require 'spec_helper'
+
+describe 'swap_file::swappiness' do
+ let(:params) do
+ {
+ :swappiness => 65,
+ }
+ end
+ it do
+ is_expected.to contain_sysctl('vm.swappiness').
+ with({"ensure"=>"present",
+ "value"=>"65"})
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/defines/files_spec.rb b/modules/build/unix/swap_file/spec/defines/files_spec.rb
new file mode 100644
index 000000000..0a14858db
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/defines/files_spec.rb
@@ -0,0 +1,360 @@
+require 'spec_helper'
+
+describe 'swap_file::files' do
+ let(:title) { 'default' }
+
+ let(:facts) do
+ {
+ operatingsystem: 'RedHat',
+ osfamily: 'RedHat',
+ operatingsystemrelease: '7',
+ concat_basedir: '/tmp',
+ memorysize: '1.00 GB',
+ selinux: true,
+ }
+ end
+
+ # Add these two lines in a single test block to enable puppet and hiera debug mode
+ # Puppet::Util::Log.level = :debug
+ # Puppet::Util::Log.newdestination(:console)
+
+ context 'default parameters' do
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.1')
+ .with('command' => '/bin/dd if=/dev/zero of=/mnt/swap.1 bs=1M count=1024',
+ 'creates' => '/mnt/swap.1')
+ end
+ it do
+ is_expected.to contain_file('/mnt/swap.1')
+ .with('owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0600',
+ 'require' => 'Exec[Create swap file /mnt/swap.1]')
+ end
+ it do
+ is_expected.to contain_swap_file('/mnt/swap.1')
+ end
+ it do
+ is_expected.to contain_mount('/mnt/swap.1')
+ .with('require' => 'Swap_file[/mnt/swap.1]')
+ end
+ end
+
+ context 'custom swapfilesize parameter' do
+ let(:params) do
+ {
+ swapfilesize: '4.1 GB'
+ }
+ end
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.1')
+ .with('command' => '/bin/dd if=/dev/zero of=/mnt/swap.1 bs=1M count=4198',
+ 'creates' => '/mnt/swap.1')
+ end
+ end
+
+ context 'custom swapfilesize parameter with timeout' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.2',
+ swapfilesize: '4.1 GB',
+ timeout: 900
+ }
+ end
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.2')
+ .with('command' => '/bin/dd if=/dev/zero of=/mnt/swap.2 bs=1M count=4198',
+ 'timeout' => 900, 'creates' => '/mnt/swap.2')
+ end
+ end
+
+ context 'custom swapfilesize parameter with timeout' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.2',
+ swapfilesize: '4.1 GB',
+ timeout: 900
+ }
+ end
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.2')
+ .with('command' => '/bin/dd if=/dev/zero of=/mnt/swap.2 bs=1M count=4198',
+ 'timeout' => 900, 'creates' => '/mnt/swap.2')
+ end
+ end
+
+ context 'custom swapfilesize parameter with fallocate' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.3',
+ swapfilesize: '4.1 GB',
+ cmd: 'fallocate'
+ }
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ is_expected.to contain_exec('Create swap file /mnt/swap.3')
+ .with(
+ 'command' => '/usr/bin/fallocate -l 4198M /mnt/swap.3',
+ 'creates' => '/mnt/swap.3'
+ )
+ end
+ end
+
+ context 'with cmd set to invalid value' do
+ let(:params) do
+ {
+ cmd: 'invalid'
+ }
+ end
+ it 'should fail' do
+ expect { should contain_class(subject) }.to raise_error(Puppet::Error, /Invalid cmd: invalid - \(Must be \'dd\' or \'fallocate\'\)/)
+ end
+ end
+
+ context 'resize_existing => true' do
+
+ let(:existing_swap_kb) { '204796' } # 200MB
+
+ context 'when swapfile_sizes fact exists and matches path' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.resizeme',
+ resize_existing: true
+ }
+ end
+
+ let(:facts) do
+ {
+ operatingsystem: 'RedHat',
+ osfamily: 'RedHat',
+ operatingsystemrelease: '7',
+ concat_basedir: '/tmp',
+ memorysize: '1.00 GB',
+ swapfile_sizes: {
+ '/mnt/swap.resizeme' => existing_swap_kb,
+ },
+ swapfile_sizes_csv: "/mnt/swap.resizeme||#{existing_swap_kb}",
+ selinux: true,
+ }
+ end
+
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ should contain_swap_file__resize('/mnt/swap.resizeme').with('swapfile_path' => '/mnt/swap.resizeme',
+ 'margin' => '50MB',
+ 'expected_swapfile_size' => '1.00 GB',
+ 'actual_swapfile_size' => existing_swap_kb,
+ 'before' => 'Exec[Create swap file /mnt/swap.resizeme]')
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.resizeme')
+ .with('command' => '/bin/dd if=/dev/zero of=/mnt/swap.resizeme bs=1M count=1024',
+ 'creates' => '/mnt/swap.resizeme')
+ end
+ it do
+ is_expected.to contain_file('/mnt/swap.resizeme')
+ .with('owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0600',
+ 'require' => 'Exec[Create swap file /mnt/swap.resizeme]')
+ end
+ it do
+ is_expected.to contain_swap_file('/mnt/swap.resizeme')
+ .with('ensure' => 'present')
+ end
+ it do
+ is_expected.to contain_mount('/mnt/swap.resizeme')
+ .with('require' => 'Swap_file[/mnt/swap.resizeme]')
+ end
+ end
+ context 'when swapfile_sizes fact does not exist' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.nofact',
+ resize_existing: true
+ }
+ end
+ let(:facts) do
+ {
+ operatingsystem: 'RedHat',
+ osfamily: 'RedHat',
+ operatingsystemrelease: '7',
+ concat_basedir: '/tmp',
+ memorysize: '1.00 GB',
+ swapfile_sizes: nil,
+ selinux: true,
+ }
+ end
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ should_not contain_swap_file__resize('/mnt/swap.nofact')
+ end
+ end
+ context 'when swapfile_sizes fact exits but file does not match' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.factbutnomatch',
+ resize_existing: true
+ }
+ end
+ let(:facts) do
+ {
+ operatingsystem: 'RedHat',
+ osfamily: 'RedHat',
+ operatingsystemrelease: '7',
+ concat_basedir: '/tmp',
+ memorysize: '1.00 GB',
+ swapfile_sizes: {
+ '/mnt/swap.differentname' => '204796', # 200MB
+ },
+ swapfile_sizes_csv: "/mnt/swap.differentname||#{existing_swap_kb}",
+ selinux: true,
+ }
+ end
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.factbutnomatch')
+ .with(
+ 'command' => '/bin/dd if=/dev/zero of=/mnt/swap.factbutnomatch bs=1M count=1024',
+ 'creates' => '/mnt/swap.factbutnomatch'
+ )
+ end
+ it do
+ should_not contain_swap_file__resize('/mnt/swap.factbutnomatch')
+ end
+ end
+ context 'when swapfile_sizes fact exists and matches path, but not hash' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.resizeme',
+ resize_existing: true
+ }
+ end
+
+ let(:existing_swap_kb) { '204796' } # 200MB
+
+ let(:facts) do
+ {
+ operatingsystem: 'RedHat',
+ osfamily: 'RedHat',
+ operatingsystemrelease: '7',
+ concat_basedir: '/tmp',
+ memorysize: '1.00 GB',
+ swapfile_sizes: "/mnt/swap.resizeme#{existing_swap_kb}",
+ swapfile_sizes_csv: "/mnt/swap.resizeme||#{existing_swap_kb}",
+ selinux: true,
+ }
+ end
+
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ should contain_swap_file__resize('/mnt/swap.resizeme').with('swapfile_path' => '/mnt/swap.resizeme',
+ 'margin' => '50MB',
+ 'expected_swapfile_size' => '1.00 GB',
+ 'actual_swapfile_size' => existing_swap_kb,
+ 'before' => 'Exec[Create swap file /mnt/swap.resizeme]')
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.resizeme')
+ .with('command' => '/bin/dd if=/dev/zero of=/mnt/swap.resizeme bs=1M count=1024',
+ 'creates' => '/mnt/swap.resizeme')
+ end
+ it do
+ is_expected.to contain_file('/mnt/swap.resizeme')
+ .with('owner' => 'root',
+ 'group' => 'root',
+ 'mode' => '0600',
+ 'require' => 'Exec[Create swap file /mnt/swap.resizeme]')
+ end
+ it do
+ is_expected.to contain_swap_file('/mnt/swap.resizeme')
+ .with('ensure' => 'present')
+ end
+ it do
+ is_expected.to contain_mount('/mnt/swap.resizeme')
+ .with('require' => 'Swap_file[/mnt/swap.resizeme]')
+ end
+ end
+ context 'when swapfile_sizes fact does not exist' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.nofact',
+ resize_existing: true
+ }
+ end
+ let(:facts) do
+ {
+ operatingsystem: 'RedHat',
+ osfamily: 'RedHat',
+ operatingsystemrelease: '7',
+ concat_basedir: '/tmp',
+ memorysize: '1.00 GB',
+ swapfile_sizes: nil,
+ swapfile_sizes_csv: nil,
+ selinux: true,
+ }
+ end
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ should_not contain_swap_file__resize('/mnt/swap.nofact')
+ end
+ end
+ context 'when swapfile_sizes fact exits but file does not match' do
+ let(:params) do
+ {
+ swapfile: '/mnt/swap.factbutnomatch',
+ resize_existing: true
+ }
+ end
+ let(:facts) do
+ {
+ operatingsystem: 'RedHat',
+ osfamily: 'RedHat',
+ operatingsystemrelease: '7',
+ concat_basedir: '/tmp',
+ memorysize: '1.00 GB',
+ swapfile_sizes: "/mnt/swap.differentname#{existing_swap_kb}",
+ swapfile_sizes_csv: "/mnt/swap.differentname||#{existing_swap_kb}",
+ selinux: true,
+ }
+ end
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Create swap file /mnt/swap.factbutnomatch')
+ .with(
+ 'command' => '/bin/dd if=/dev/zero of=/mnt/swap.factbutnomatch bs=1M count=1024',
+ 'creates' => '/mnt/swap.factbutnomatch'
+ )
+ end
+ it do
+ should_not contain_swap_file__resize('/mnt/swap.factbutnomatch')
+ end
+ end
+ end
+
+end
diff --git a/modules/build/unix/swap_file/spec/defines/resize_spec.rb b/modules/build/unix/swap_file/spec/defines/resize_spec.rb
new file mode 100644
index 000000000..482696e54
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/defines/resize_spec.rb
@@ -0,0 +1,98 @@
+require 'spec_helper'
+
+describe 'swap_file::resize' do
+ let(:title) { 'default' }
+
+
+ let(:default_facts) do
+ {
+ :operatingsystem => 'RedHat',
+ :osfamily => 'RedHat',
+ :operatingsystemrelease => '7',
+ :concat_basedir => '/tmp',
+ :memorysize => '1.00 GB',
+ }
+ end
+
+ # Add these two lines in a single test block to enable puppet and hiera debug mode
+ # Puppet::Util::Log.level = :debug
+ # Puppet::Util::Log.newdestination(:console)
+
+ context 'has resize execs if swapfile outside of margin range' do
+ let(:params) do
+ {
+ :swapfile_path => '/mnt/swap.1',
+ :expected_swapfile_size => '1 GB',
+ :actual_swapfile_size => '512 GB',
+ }
+ end
+
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Detach swap file /mnt/swap.1 for resize').
+ with(
+ {
+ "command"=>"/sbin/swapoff /mnt/swap.1",
+ "onlyif"=>"/sbin/swapon -s | grep /mnt/swap.1"
+ }
+ )
+
+ is_expected.to contain_exec('Purge /mnt/swap.1 for resize').
+ with(
+ {
+ "command"=>"/bin/rm -f /mnt/swap.1",
+ "onlyif"=>"test -f /mnt/swap.1"
+ }
+ )
+ end
+ end
+
+ context 'wont have resize execs if swapfile inside of margin range' do
+ let(:params) do
+ {
+ :swapfile_path => '/mnt/swap.1',
+ :expected_swapfile_size => '4 GB',
+ :actual_swapfile_size => '3.9 GB',
+ :margin => '150MB',
+ }
+ end
+
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to_not contain_exec('Detach swap file /mnt/swap.1 for resize')
+ end
+ it do
+ is_expected.to_not contain_exec('Purge /mnt/swap.1 for resize')
+ end
+ end
+
+ context 'can get verboseness message' do
+ let(:params) do
+ {
+ :swapfile_path => '/mnt/swap.1',
+ :expected_swapfile_size => '4 GB',
+ :actual_swapfile_size => '5 GB',
+ :margin => '5MB',
+ :verbose => true,
+ }
+ end
+
+ it do
+ is_expected.to compile.with_all_deps
+ end
+ it do
+ is_expected.to contain_exec('Detach swap file /mnt/swap.1 for resize')
+ end
+ it do
+ is_expected.to contain_exec('Purge /mnt/swap.1 for resize')
+ end
+ it do
+ is_expected.to contain_notify('Resizing Swapfile Alert /mnt/swap.1').with_name("Existing : 5368709120B\nExpected: 4294967296B\nMargin: 5242880B")
+ end
+ end
+
+end
diff --git a/modules/build/unix/swap_file/spec/fixtures/hiera/fqdn/files.yaml b/modules/build/unix/swap_file/spec/fixtures/hiera/fqdn/files.yaml
new file mode 100644
index 000000000..9c17d449a
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/fixtures/hiera/fqdn/files.yaml
@@ -0,0 +1,5 @@
+---
+swap_file::files:
+ 'resource_name':
+ ensure: 'present'
+ swapfile: '/mnt/swap'
diff --git a/modules/build/unix/swap_file/spec/fixtures/hiera/hiera.yaml b/modules/build/unix/swap_file/spec/fixtures/hiera/hiera.yaml
new file mode 100644
index 000000000..fc1f064b3
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/fixtures/hiera/hiera.yaml
@@ -0,0 +1,8 @@
+---
+:backends:
+ - yaml
+:yaml:
+ :datadir: 'spec/fixtures/hiera'
+:hierarchy:
+ - fqdn/%{fqdn}
+ - parameter_tests/%{parameter_tests}
diff --git a/modules/build/unix/swap_file/spec/fixtures/hiera/parameter_tests/files_hiera_merge.yaml b/modules/build/unix/swap_file/spec/fixtures/hiera/parameter_tests/files_hiera_merge.yaml
new file mode 100644
index 000000000..096910db8
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/fixtures/hiera/parameter_tests/files_hiera_merge.yaml
@@ -0,0 +1,11 @@
+---
+swap_file::files:
+ 'swap1':
+ ensure: 'present'
+ swapfile: '/mnt/swap.1'
+ swapfilesize: '1 GB'
+ 'swap2':
+ ensure: 'present'
+ swapfile: '/mnt/swap.2'
+ swapfilesize: '2 GB'
+ cmd: 'fallocate'
diff --git a/modules/build/unix/swap_file/spec/functions/difference_within_margin_spec.rb b/modules/build/unix/swap_file/spec/functions/difference_within_margin_spec.rb
new file mode 100644
index 000000000..529e2e427
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/functions/difference_within_margin_spec.rb
@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe 'difference_within_margin' do
+ it { is_expected.not_to eq(nil) }
+ it { is_expected.to run.with_params([]).and_raise_error(Puppet::ParseError, /Wrong number of arguments given \(1 for 2\)/i) }
+ it { is_expected.to run.with_params(['1','2']).and_raise_error(Puppet::ParseError, /Wrong number of arguments given \(1 for 2\)/i) }
+ it { is_expected.to run.with_params([],'2').and_raise_error(Puppet::ParseError, /arg\[0\] array cannot be empty/i) }
+
+ it { is_expected.to run.with_params([100,150],60).and_return(true) }
+ it { is_expected.to run.with_params([100,150],40).and_return(false) }
+ it { is_expected.to run.with_params([213909504, 209711104], 5242880).and_return(true) }
+ it { is_expected.to run.with_params([104853504,209715200],5242880).and_return(false) }
+
+ it { is_expected.to run.with_params(['100','150'],'60').and_return(true) }
+ it { is_expected.to run.with_params(['100','150'],'40').and_return(false) }
+ it { is_expected.to run.with_params(['213909504','209711104'],'5242880').and_return(true) }
+ it { is_expected.to run.with_params(['104853504','209715200'],'5242880').and_return(false) }
+
+
+end
diff --git a/modules/build/unix/swap_file/spec/functions/swap_file_size_from_csv_array_spec.rb b/modules/build/unix/swap_file/spec/functions/swap_file_size_from_csv_array_spec.rb
new file mode 100644
index 000000000..b24700e89
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/functions/swap_file_size_from_csv_array_spec.rb
@@ -0,0 +1,12 @@
+require 'spec_helper'
+
+describe 'swap_file_size_from_csv' do
+ it { is_expected.not_to eq(nil) }
+ it { is_expected.to run.with_params([]).and_raise_error(Puppet::ParseError, /Wrong number of arguments given \(1 for 2\)/i) }
+ it { is_expected.to run.with_params(['1','2']).and_raise_error(Puppet::ParseError, /Wrong number of arguments given \(1 for 2\)/i) }
+ it { is_expected.to run.with_params([],'2').and_raise_error(Puppet::ParseError, /swapfile name but be a string/i) }
+
+ it { is_expected.to run.with_params('/mnt/swap.1','/mnt/swap.1||1019900,/mnt/swap.1||1019900').and_return('1019900') }
+ it { is_expected.to run.with_params('/mnt/swap.2','/mnt/swap.1||1019900,/mnt/swap.1||1019900').and_return(false) }
+
+end
diff --git a/modules/build/unix/swap_file/spec/spec.opts b/modules/build/unix/swap_file/spec/spec.opts
new file mode 100644
index 000000000..22420e39c
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/spec.opts
@@ -0,0 +1,6 @@
+--format
+s
+--colour
+--loadby
+mtime
+--backtrace
\ No newline at end of file
diff --git a/modules/build/unix/swap_file/spec/spec_helper.rb b/modules/build/unix/swap_file/spec/spec_helper.rb
new file mode 100644
index 000000000..18769bd7d
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/spec_helper.rb
@@ -0,0 +1,24 @@
+require 'puppetlabs_spec_helper/module_spec_helper'
+
+# SimpleCov does not run on Ruby 1.8.7
+unless RUBY_VERSION.to_f < 1.9
+ require 'simplecov'
+ require 'simplecov-console'
+ SimpleCov.formatters = [
+ SimpleCov::Formatter::HTMLFormatter,
+ SimpleCov::Formatter::Console,
+ ]
+ SimpleCov.start do
+ coverage_dir('coverage/')
+ add_filter('/spec/')
+ end
+end
+
+RSpec.configure do |config|
+ config.hiera_config = 'spec/fixtures/hiera/hiera.yaml'
+ config.expect_with :rspec do |c|
+ c.max_formatted_output_length = 999
+ end
+end
+
+at_exit { RSpec::Puppet::Coverage.report! }
diff --git a/modules/build/unix/swap_file/spec/spec_helper_acceptance.rb b/modules/build/unix/swap_file/spec/spec_helper_acceptance.rb
new file mode 100644
index 000000000..de5a94798
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/spec_helper_acceptance.rb
@@ -0,0 +1,33 @@
+require 'beaker-rspec'
+
+unless ENV['RS_PROVISION'] == 'no'
+ hosts.each do |host|
+ if host.is_pe?
+ install_pe
+ else
+ install_puppet
+ on host, "mkdir -p #{host['distmoduledir']}"
+ end
+ end
+end
+
+UNSUPPORTED_PLATFORMS = ['windows']
+
+RSpec.configure do |c|
+ # Project root
+ proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+
+ # Readable test descriptions
+ c.formatter = :documentation
+
+ # Configure all nodes in nodeset
+ c.before :suite do
+ # Install module and dependencies
+ puppet_module_install(:source => proj_root, :module_name => 'swap_file')
+ hosts.each do |host|
+ shell('puppet module install puppetlabs-stdlib --version 4.7.0', { :acceptable_exit_codes => [0] })
+ shell('puppet module install herculesteam/augeasproviders_core --version 2.1.0', { :acceptable_exit_codes => [0] })
+ shell('puppet module install herculesteam/augeasproviders_sysctl --version 2.1.0', { :acceptable_exit_codes => [0] })
+ end
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/unit/facter/swapfiles_fact_csv_spec.rb b/modules/build/unix/swap_file/spec/unit/facter/swapfiles_fact_csv_spec.rb
new file mode 100644
index 000000000..447669c02
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/unit/facter/swapfiles_fact_csv_spec.rb
@@ -0,0 +1,46 @@
+require "spec_helper"
+
+describe Facter::Util::Fact do
+ before {
+ Facter.clear
+ }
+
+ describe 'swapfile_sizes_csv' do
+ context 'returns swapfile_sizes when present' do
+ before do
+ Facter.fact(:kernel).stubs(:value).returns("Linux")
+ File.stubs(:exists?)
+ File.expects(:exists?).with('/proc/swaps').returns(true)
+ Facter::Util::Resolution.stubs(:exec)
+ end
+ it do
+ proc_swap_output = <<-EOS
+Filename Type Size Used Priority
+/dev/dm-1 partition 524284 0 -1
+/mnt/swap.1 file 204796 0 -2
+/tmp/swapfile.fallocate file 204796 0 -3
+ EOS
+ Facter::Util::Resolution.expects(:exec).with('cat /proc/swaps').returns(proc_swap_output)
+ expect(Facter.value(:swapfile_sizes_csv)).to eq('/mnt/swap.1||204796,/tmp/swapfile.fallocate||204796')
+ end
+ end
+
+ context 'returns nil when no swapfiles' do
+ before do
+ Facter.fact(:kernel).stubs(:value).returns("Linux")
+ File.stubs(:exists?)
+ File.expects(:exists?).with('/proc/swaps').returns(true)
+ Facter::Util::Resolution.stubs(:exec)
+ end
+ it do
+ proc_swap_output = <<-EOS
+Filename Type Size Used Priority
+/dev/dm-2 partition 16612860 0 -1
+ EOS
+ Facter::Util::Resolution.expects(:exec).with('cat /proc/swaps').returns(proc_swap_output)
+ expect(Facter.value(:swapfile_sizes_csv)).to eq(nil)
+ end
+ end
+
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/unit/facter/swapfiles_fact_spec.rb b/modules/build/unix/swap_file/spec/unit/facter/swapfiles_fact_spec.rb
new file mode 100644
index 000000000..4bd8d394d
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/unit/facter/swapfiles_fact_spec.rb
@@ -0,0 +1,34 @@
+require "spec_helper"
+
+describe Facter::Util::Fact do
+ before {
+ Facter.clear
+ }
+
+ describe 'swapfile_sizes' do
+ context 'returns swapfile_sizes when present' do
+ before do
+ Facter.fact(:kernel).stubs(:value).returns("Linux")
+ File.stubs(:exists?)
+ File.expects(:exists?).with('/proc/swaps').returns(true)
+ Facter::Util::Resolution.stubs(:exec)
+ end
+ it do
+ proc_swap_output = <<-EOS
+Filename Type Size Used Priority
+/dev/dm-1 partition 524284 0 -1
+/mnt/swap.1 file 204796 0 -2
+/tmp/swapfile.fallocate file 204796 0 -3
+ EOS
+ Facter::Util::Resolution.expects(:exec).with('cat /proc/swaps').returns(proc_swap_output)
+ expect(Facter.value(:swapfile_sizes)).to eq(
+ {
+ "/mnt/swap.1"=>"204796",
+ "/tmp/swapfile.fallocate"=>"204796"
+ }
+ )
+ end
+ end
+
+ end
+end
diff --git a/modules/build/unix/swap_file/spec/unit/puppet/provider/swap_file/linux_spec.rb b/modules/build/unix/swap_file/spec/unit/puppet/provider/swap_file/linux_spec.rb
new file mode 100644
index 000000000..6faa17878
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/unit/puppet/provider/swap_file/linux_spec.rb
@@ -0,0 +1,93 @@
+require 'spec_helper'
+
+describe Puppet::Type.type(:swap_file).provider(:linux) do
+
+ let(:resource) { Puppet::Type.type(:swap_file).new(
+ {
+ :name => '/tmp/swap',
+ :size => '1024',
+ :provider => described_class.name
+ }
+ )}
+
+ let(:provider) { resource.provider }
+
+ let(:instance) { provider.class.instances.first }
+
+ swapon_s_output = <<-EOS
+Filename Type Size Used Priority
+/dev/sda2 partition 4192956 0 -1
+/dev/sda1 partition 4454542 0 -2
+ EOS
+
+ swapon_line = <<-EOS
+/dev/sda2 partition 4192956 0 -1
+ EOS
+
+ mkswap_return = <<-EOS
+Setting up swapspace version 1, size = 524284 KiB
+no label, UUID=0e5e7c60-bbba-4089-a76c-2bb29c0f0839
+ EOS
+
+ swapon_line_to_hash = {
+ :ensure => :present,
+ :file => "/dev/sda2",
+ :name => "/dev/sda2",
+ :priority => "-1",
+ :provider => :swap_file,
+ :size => "4192956",
+ :type => "partition",
+ :used => "0",
+ }
+
+ before :each do
+ Facter.stubs(:value).with(:kernel).returns('Linux')
+ provider.class.stubs(:swapon).with(['-s']).returns(swapon_s_output)
+ end
+
+ describe 'self.prefetch' do
+ it 'exists' do
+ provider.class.instances
+ provider.class.prefetch({})
+ end
+ end
+
+ describe 'exists?' do
+ it 'checks if swap file exists' do
+ expect(instance.exists?).to be_truthy
+ end
+ end
+
+ describe 'self.instances' do
+ it 'returns an array of swapfiles' do
+ swapfiles = provider.class.instances.collect {|x| x.name }
+ swapfile_sizes = provider.class.instances.collect {|x| x.size }
+
+ expect(swapfiles).to include('/dev/sda1','/dev/sda2')
+ expect(swapfile_sizes).to include('4192956','4454542')
+ end
+ end
+
+ describe 'self.get_swapfile_properties' do
+ it 'turns results from swapon -s line to hash' do
+ swapon_line_to_hash_provider = provider.class.get_swapfile_properties(swapon_line)
+ expect(swapon_line_to_hash_provider).to eql swapon_line_to_hash
+ end
+ end
+
+ describe 'create_swap_file' do
+ it 'runs mkswap and swapon' do
+ provider.stubs(:mkswap).returns(mkswap_return)
+ provider.stubs(:swapon).returns('')
+ provider.create_swap_file('/tmp/swap')
+ end
+ end
+
+ describe 'swap_off' do
+ it 'runs swapoff and returns the log of the command' do
+ provider.stubs(:swapoff).returns('')
+ provider.swap_off('/tmp/swap')
+ end
+ end
+
+end
diff --git a/modules/build/unix/swap_file/spec/unit/puppet/type/swap_file/swap_file_spec.rb b/modules/build/unix/swap_file/spec/unit/puppet/type/swap_file/swap_file_spec.rb
new file mode 100644
index 000000000..87bd90785
--- /dev/null
+++ b/modules/build/unix/swap_file/spec/unit/puppet/type/swap_file/swap_file_spec.rb
@@ -0,0 +1,68 @@
+#!/usr/bin/env ruby
+
+require 'spec_helper'
+
+describe Puppet::Type.type(:swap_file) do
+
+ before do
+ @class = described_class
+ @provider_class = @class.provide(:fake) { mk_resource_methods }
+ @provider = @provider_class.new
+ @resource = stub 'resource', :resource => nil, :provider => @provider
+
+ @class.stubs(:defaultprovider).returns @provider_class
+ @class.any_instance.stubs(:provider).returns @provider
+ end
+
+ it "should have :name as its keyattribute" do
+ expect(@class.key_attributes).to eq([:file])
+ end
+
+ describe "when validating attributes" do
+
+ params = [
+ :file,
+ ]
+
+ properties = [
+ :type,
+ :size,
+ :used,
+ :priority,
+ ]
+
+ params.each do |param|
+ it "should have a #{param} parameter" do
+ expect(@class.attrtype(param)).to eq(:param)
+ end
+ end
+
+ properties.each do |prop|
+ it "should have a #{prop} property" do
+ expect(@class.attrtype(prop)).to eq(:property)
+ end
+ end
+
+ %w[. ./foo \foo C:/foo \\Server\Foo\Bar \\?\C:\foo\bar \/?/foo\bar \/Server/foo foo//bar/baz].each do |invalid_path|
+ context "path => #{invalid_path}" do
+ it 'should require a valid path for file' do
+ expect {
+ @class.new({:file => invalid_path})
+ }.to raise_error(Puppet::ResourceError, /file parameter must be a valid absolute path/)
+ end
+ end
+ end
+
+ %w[/ /foo /foo/../bar //foo //Server/Foo/Bar //?/C:/foo/bar /\Server/Foo /foo//bar/baz].each do |valid_path|
+ context "path => #{valid_path}" do
+ it 'should allow a valid path for file' do
+ expect {
+ @class.new({:file => valid_path})
+ }.not_to raise_error
+ end
+ end
+ end
+
+ end
+
+end
diff --git a/modules/build/unix/swap_file/swap_file.pp b/modules/build/unix/swap_file/swap_file.pp
new file mode 100644
index 000000000..3aa19d9b9
--- /dev/null
+++ b/modules/build/unix/swap_file/swap_file.pp
@@ -0,0 +1,11 @@
+$secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
+$swapfile_size = $secgen_params['size'][0]
+class { 'swap_file':
+ files => {
+ 'swap1' => {
+ ensure => present,
+ swapfile => '/mnt/swap.1',
+ swapfilesize => $swapfile_size,
+ }
+ },
+}
\ No newline at end of file
diff --git a/modules/generators/filenames/random_filename/secgen_local/local.rb b/modules/generators/filenames/random_filename/secgen_local/local.rb
index f6b5db909..d1b10901d 100644
--- a/modules/generators/filenames/random_filename/secgen_local/local.rb
+++ b/modules/generators/filenames/random_filename/secgen_local/local.rb
@@ -31,7 +31,7 @@ class FilenameGenerator < StringEncoder
extension = ''
end
- 15.times { leaked_filenames << Faker::File.file_name('', file_name, extension, '').chomp('.') }
+ 15.times { leaked_filenames << Faker::File.file_name(dir:'', name:file_name, ext:extension, directory_separator: '').chomp('.') }
output = leaked_filenames.sample
diff --git a/modules/generators/random/random_difficulty/secgen_local/local.rb b/modules/generators/random/random_difficulty/secgen_local/local.rb
index b00b63039..8f4b05f0d 100644
--- a/modules/generators/random/random_difficulty/secgen_local/local.rb
+++ b/modules/generators/random/random_difficulty/secgen_local/local.rb
@@ -9,7 +9,7 @@ class RandomDifficulty < StringGenerator
end
def generate
- outputs << %w(easy medium high).sample.chomp
+ outputs << %w(easy medium hard).sample.chomp
end
end
diff --git a/modules/generators/structured_content/account/secgen_local/local.rb b/modules/generators/structured_content/account/secgen_local/local.rb
index 230716892..2aafa3be7 100644
--- a/modules/generators/structured_content/account/secgen_local/local.rb
+++ b/modules/generators/structured_content/account/secgen_local/local.rb
@@ -1,5 +1,6 @@
#!/usr/bin/ruby
require_relative '../../../../../lib/objects/local_string_encoder.rb'
+
class AccountGenerator < StringEncoder
attr_accessor :username
attr_accessor :password
diff --git a/modules/utilities/unix/logging/logstash/files/.gitignore b/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/goal_flag_hacktivity.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/files/.gitignore
rename to modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/goal_flag_hacktivity.pp
diff --git a/modules/utilities/unix/logging/logstash/manifests/setup.pp b/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/manifests/.no_puppet
similarity index 100%
rename from modules/utilities/unix/logging/logstash/manifests/setup.pp
rename to modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/manifests/.no_puppet
diff --git a/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/secgen_local/local.rb b/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/secgen_local/local.rb
new file mode 100644
index 000000000..a50e8b6b1
--- /dev/null
+++ b/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/secgen_local/local.rb
@@ -0,0 +1,42 @@
+#!/usr/bin/ruby
+require 'json'
+require_relative '../../../../../../lib/objects/local_string_generator.rb'
+
+class GoalFlagHacktivity < StringGenerator
+ attr_accessor :target
+ attr_accessor :mapping
+ attr_accessor :mapping_type
+
+ def initialize
+ super
+ self.module_name = 'Goal-Flag to Hacktivity AlertActioner Config Generator'
+ self.target = '' # Address for Hacktivity / external web application
+ self.mapping = [] # TODO: Implement granular mappings
+ self.mapping_type = ''
+ end
+
+ def generate
+ # TODO: Create an enum-like hash/class to validate the mapping_types
+ self.outputs << {:target => self.target, :mapping => self.mapping, :mapping_type => self.mapping_type}.to_json
+ end
+
+ def get_options_array
+ super + [['--target', GetoptLong::REQUIRED_ARGUMENT],
+ ['--mapping', GetoptLong::OPTIONAL_ARGUMENT],
+ ['--mapping_type', GetoptLong::OPTIONAL_ARGUMENT]]
+ end
+
+ def process_options(opt, arg)
+ super
+ case opt
+ when '--target'
+ self.target = arg
+ when '--mapping'
+ self.mapping << arg
+ when '--mapping_type'
+ self.mapping_type << arg
+ end
+ end
+end
+
+GoalFlagHacktivity.new.run
\ No newline at end of file
diff --git a/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/secgen_metadata.xml b/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/secgen_metadata.xml
new file mode 100644
index 000000000..51bee13a4
--- /dev/null
+++ b/modules/generators/structured_content/alert_actioner_config/goal_flag_hacktivity/secgen_metadata.xml
@@ -0,0 +1,31 @@
+
+
+
+ AlertActioner goal-flag-hacktivity config generator
+ Thomas Shaw
+ GPLv3
+ TODO
+
+ alert_actioner_config
+ linux
+
+ target
+
+
+ mapping
+ mapping_type
+
+
+ https://hacktivity.aet.leedsbeckett.ac.uk/submit_flag
+
+
+
+
+ all_goal_flags_to_hacktivity
+
+
+ json
+
+
diff --git a/modules/generators/structured_content/alert_actioner_config/goal_message_host/goal_message_host.pp b/modules/generators/structured_content/alert_actioner_config/goal_message_host/goal_message_host.pp
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/generators/structured_content/alert_actioner_config/goal_message_host/manifests/.no_puppet b/modules/generators/structured_content/alert_actioner_config/goal_message_host/manifests/.no_puppet
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/generators/structured_content/alert_actioner_config/goal_message_host/secgen_local/local.rb b/modules/generators/structured_content/alert_actioner_config/goal_message_host/secgen_local/local.rb
new file mode 100644
index 000000000..b77dbf8fa
--- /dev/null
+++ b/modules/generators/structured_content/alert_actioner_config/goal_message_host/secgen_local/local.rb
@@ -0,0 +1,67 @@
+#!/usr/bin/ruby
+require 'json'
+require_relative '../../../../../../lib/objects/local_string_generator.rb'
+
+# Generate a config hash for the XmlAlertActionConfigGenerator
+class GoalMessageHost < StringGenerator
+ attr_accessor :host
+ attr_accessor :sender
+ attr_accessor :password
+ attr_accessor :recipient
+ attr_accessor :message_header
+ attr_accessor :message_subtext
+ attr_accessor :mapping
+ attr_accessor :mapping_type
+
+ def initialize
+ super
+ self.module_name = 'Goal-Message-Host AlertActioner Config Generator'
+ self.host = '' # Host IP
+ self.sender = '' # Host username
+ self.password = '' # Host password
+ self.recipient = '' # Host password
+ self.message_header = '' # Message to send to host
+ self.message_subtext = '' # Message to send to host
+ self.mapping = [] # TODO: Implement granular mappings
+ self.mapping_type = ''
+ end
+
+ def generate
+ self.outputs << {:host => self.host, :sender => self.sender, :password => self.password, :recipient => self.recipient, :message_header => self.message_header, :message_subtext => self.message_subtext, :mapping => self.mapping, :mapping_type => self.mapping_type}.to_json
+ end
+
+ def get_options_array
+ super + [['--host', GetoptLong::REQUIRED_ARGUMENT],
+ ['--sender', GetoptLong::REQUIRED_ARGUMENT],
+ ['--password', GetoptLong::REQUIRED_ARGUMENT],
+ ['--recipient', GetoptLong::REQUIRED_ARGUMENT],
+ ['--message_header', GetoptLong::REQUIRED_ARGUMENT],
+ ['--message_subtext', GetoptLong::OPTIONAL_ARGUMENT],
+ ['--mapping', GetoptLong::OPTIONAL_ARGUMENT],
+ ['--mapping_type', GetoptLong::OPTIONAL_ARGUMENT]]
+ end
+
+ def process_options(opt, arg)
+ super
+ case opt
+ when '--host'
+ self.host = arg
+ when '--sender'
+ self.sender = arg
+ when '--password'
+ self.password = arg
+ when '--recipient'
+ self.recipient = arg
+ when '--message_header'
+ self.message_header = arg
+ when '--message_subtext'
+ self.message_subtext = arg
+ when '--mapping'
+ self.mapping << arg
+ when '--mapping_type'
+ self.mapping_type = arg
+ end
+ end
+end
+
+GoalMessageHost.new.run
\ No newline at end of file
diff --git a/modules/generators/structured_content/alert_actioner_config/goal_message_host/secgen_metadata.xml b/modules/generators/structured_content/alert_actioner_config/goal_message_host/secgen_metadata.xml
new file mode 100644
index 000000000..a0802f415
--- /dev/null
+++ b/modules/generators/structured_content/alert_actioner_config/goal_message_host/secgen_metadata.xml
@@ -0,0 +1,46 @@
+
+
+
+ AlertActioner goal-message-host config generator
+ Thomas Shaw
+ GPLv3
+ Generates a json config string for use by the XmlAlertActionConfigGenerator.
+
+ alert_actioner_config
+ linux
+
+ host
+ sender
+ password
+ recipient
+ message_header
+ message_subtext
+
+
+ mapping
+ mapping_type
+
+
+
+ Message header from the module
+
+
+
+
+ Subtext from the module
+
+
+
+ 127.0.0.1
+
+
+
+
+ all_goal_messages_to_host
+
+
+ json
+
+
diff --git a/modules/generators/structured_content/analysis_alert_action_config/analysis_alert_action_config.pp b/modules/generators/structured_content/analysis_alert_action_config/analysis_alert_action_config.pp
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/generators/structured_content/analysis_alert_action_config/manifests/.no_puppet b/modules/generators/structured_content/analysis_alert_action_config/manifests/.no_puppet
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/generators/structured_content/analysis_alert_action_config/secgen_local/local.rb b/modules/generators/structured_content/analysis_alert_action_config/secgen_local/local.rb
new file mode 100644
index 000000000..9b3f368fd
--- /dev/null
+++ b/modules/generators/structured_content/analysis_alert_action_config/secgen_local/local.rb
@@ -0,0 +1,61 @@
+#!/usr/bin/ruby
+require 'json'
+require_relative '../../../../../lib/objects/local_string_generator.rb'
+
+class AAAConfigGenerator < StringGenerator
+ attr_accessor :server_ip
+ attr_accessor :client_ips
+ attr_accessor :elasticsearch_port
+ attr_accessor :logstash_port
+ attr_accessor :kibana_port
+ attr_accessor :aa_configs
+
+ def initialize
+ super
+ self.module_name = 'Analysis Alert Action Config Generator'
+ self.client_ips = []
+ self.aa_configs = []
+ end
+
+ def generate
+
+ # Validate the inputs + crash out if we don't receive all inputs.
+ self.outputs << {
+ :server_ip => self.server_ip,
+ :client_ips => self.client_ips,
+ :elasticsearch_port => self.elasticsearch_port,
+ :logstash_port => self.logstash_port,
+ :kibana_port => self.kibana_port,
+ :aa_configs => self.aa_configs
+ }.to_json
+ end
+
+ def get_options_array
+ super + [['--server_ip', GetoptLong::REQUIRED_ARGUMENT],
+ ['--client_ips', GetoptLong::REQUIRED_ARGUMENT],
+ ['--elasticsearch_port', GetoptLong::REQUIRED_ARGUMENT],
+ ['--logstash_port', GetoptLong::REQUIRED_ARGUMENT],
+ ['--kibana_port', GetoptLong::REQUIRED_ARGUMENT],
+ ['--aa_configs', GetoptLong::REQUIRED_ARGUMENT]]
+ end
+
+ def process_options(opt, arg)
+ super
+ case opt
+ when '--server_ip'
+ self.server_ip = arg
+ when '--client_ips'
+ self.client_ips << arg
+ when '--elasticsearch_port'
+ self.elasticsearch_port = arg
+ when '--logstash_port'
+ self.logstash_port = arg
+ when '--kibana_port'
+ self.kibana_port = arg
+ when '--aa_configs'
+ self.aa_configs << JSON.parse(arg)
+ end
+ end
+end
+
+AAAConfigGenerator.new.run
\ No newline at end of file
diff --git a/modules/generators/structured_content/analysis_alert_action_config/secgen_metadata.xml b/modules/generators/structured_content/analysis_alert_action_config/secgen_metadata.xml
new file mode 100644
index 000000000..ac2066f8c
--- /dev/null
+++ b/modules/generators/structured_content/analysis_alert_action_config/secgen_metadata.xml
@@ -0,0 +1,23 @@
+
+
+
+ AAA config generator
+ Thomas Shaw
+ GPLv3
+ TODO
+
+ aaa_config
+ linux
+
+ server_ip
+ client_ips
+ elasticsearch_port
+ logstash_port
+ kibana_port
+ aa_configs
+
+ json
+
+
diff --git a/modules/services/unix/logging/analysis_alert_action_server/analysis_alert_action_server.pp b/modules/services/unix/logging/analysis_alert_action_server/analysis_alert_action_server.pp
new file mode 100644
index 000000000..129dfaee5
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/analysis_alert_action_server.pp
@@ -0,0 +1,27 @@
+$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+$aaa_config = parsejson($secgen_parameters['aaa_config'][0])
+$elasticsearch_ip = $aaa_config['server_ip']
+$elasticsearch_port = 0 + $aaa_config['elasticsearch_port']
+$logstash_port = 0 + $aaa_config['logstash_port']
+$kibana_ip = $aaa_config['server_ip']
+$kibana_port = 0 + $aaa_config['kibana_port']
+
+class { 'elasticsearch_7':
+ api_host => $elasticsearch_ip,
+ api_port => $elasticsearch_port,
+}~>
+class { 'logstash_7':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ logstash_port => $logstash_port
+}
+class { 'kibana_7':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ kibana_port => $kibana_port
+}~>
+class { 'elastalert':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+}~>
+class { 'analysis_alert_action_server': }
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/alert_actioner.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/alert_actioner.rb
new file mode 100644
index 000000000..727190c16
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/alert_actioner.rb
@@ -0,0 +1,46 @@
+require 'fileutils'
+require 'erb'
+require_relative '../lib/logging'
+require_relative '../lib/print'
+require_relative '../lib/aa_constants'
+
+class AlertActioner
+ include Logging
+
+ attr_accessor :alertactioner_name # AlertActioner name - ID for this particular action
+ attr_accessor :alert_name # Alert / Rule name - ID for elastalert rule that was triggered
+
+ def initialize(config_filename, alertaction_index, alert_name)
+ self.alertactioner_name = config_filename[0..-5] + '-' + alertaction_index.to_s + '-' + alertaction_index.to_s # Remove .xml extension
+ self.alert_name = alert_name
+ end
+
+ def perform_action
+ # override me
+ end
+
+ def action_alert
+ Print.info("Running #{self.class}: #{self.alertactioner_name}", logger)
+ Print.info("Actioning alert: #{self.alert_name}", logger)
+ perform_action
+
+ end
+
+ def template_based_file_write(template, filename)
+ template_out = ERB.new(File.read(template), 0, '<>-')
+
+ begin
+ File.open(filename, 'wb+') do |file|
+ file.write(template_out.result(self.get_binding))
+ end
+ rescue StandardError => e
+ Print.err "Error writing file: #{e.message}"
+ Print.err e.backtrace.inspect
+ end
+ end
+
+ def get_binding
+ binding
+ end
+
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/command_actioner.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/command_actioner.rb
new file mode 100644
index 000000000..6615036de
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/command_actioner.rb
@@ -0,0 +1,57 @@
+require 'net/http'
+require 'uri'
+require 'open3'
+require_relative 'alert_actioner'
+
+class CommandActioner < AlertActioner
+
+ attr_accessor :host
+ attr_accessor :username
+ attr_accessor :password
+ attr_accessor :commands
+
+
+ def initialize(config_filename, alertaction_index, alert_name, host, username, password, commands=[])
+ super(config_filename, alertaction_index, alert_name)
+ self.host = host
+ self.username = username
+ self.password = password
+ self.commands = commands
+ end
+
+ def perform_action
+ # Create config/commands directory
+ FileUtils.mkdir_p COMMANDS_DIRECTORY
+ commands_sh_path = COMMANDS_DIRECTORY + "#{self.alertactioner_name}.sh"
+ template_path = TEMPLATES_DIRECTORY + 'command.sh.erb'
+
+ # We need to populate an array of commands + their parameters
+ @shell_commands = command_strings
+ template_based_file_write(template_path, commands_sh_path)
+
+ ssh_command = "sshpass -p #{self.password} ssh -oStrictHostKeyChecking=no #{self.username}@#{self.host} /bin/bash -s < #{commands_sh_path}"
+
+ Print.info " Command strings:\n #{@shell_commands.join("\n ")}"
+
+ stdout, stderr, status = Open3.capture3(ssh_command)
+ Print.info " stdout: #{stdout}", logger
+ Print.info " stderr: #{stderr}", logger if stderr != ''
+ Print.info " STATUS: #{status}", logger
+
+ unless status.exitstatus == 0
+ Print.info " ERROR: non-zero exit code.", logger
+ exit(1)
+ end
+ end
+
+ def command_strings
+ self.commands
+ # For more specific command-actioners, override me.
+ end
+
+ # TODO: Override me in superclass to print actioner type + all parameters??
+ def to_s
+ "#{self.class}:\n Host: #{self.host}\n Command: #{self.command}\n Parameters: #{self.parameters.join(',')}"
+ end
+
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/message_actioner.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/message_actioner.rb
new file mode 100644
index 000000000..39399f580
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/message_actioner.rb
@@ -0,0 +1,30 @@
+require_relative 'command_actioner'
+
+class MessageActioner < CommandActioner
+
+ attr_accessor :message_header
+ attr_accessor :message_subtext
+ attr_accessor :recipient
+
+ def initialize(config_filename, alertaction_index, alert_name, host, sender, password, recipient, message_header, message_subtext)
+ super(config_filename, alertaction_index, alert_name, host, sender, password)
+ self.message_header = message_header
+ self.message_subtext = message_subtext
+ self.recipient = recipient
+ end
+
+ # Return [Array] of command strings
+ def command_strings
+ ["DISPLAY=:0 /usr/bin/notify-send '#{self.message_header}' '#{self.message_subtext}' --icon=dialog-information",
+ "/usr/bin/wall #{self.username == 'root' ? '-n ' : ''}'#{self.message_header}' '#{self.message_subtext}'", # wall -n requires root
+ "/bin/echo '#{self.message_subtext}' | /usr/bin/mail -s '#{self.message_header}' #{self.recipient}"]
+ # TODO: Test mail command
+ end
+
+
+ # TODO: Override me in superclass to print actioner type + all parameters??
+ def to_s
+ "#{self.class}:\n Message Header: #{self.message_header}\n Message Subtext: #{self.message_subtext}"
+ end
+
+end
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/virt_actioner.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/virt_actioner.rb
new file mode 100644
index 000000000..6896590f1
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/virt_actioner.rb
@@ -0,0 +1,35 @@
+require 'net/http'
+require 'uri'
+require 'open3'
+require_relative 'alert_actioner'
+require_relative '../lib/ovirt'
+
+class VirtActioner < AlertActioner
+
+ attr_accessor :vdi_conf # {
+ # self.virt_type = type, # [ovirt/other]
+ # self.ovirtpass = password,
+ # self.ovirturl = url,
+ # self.ovirtauthz = authz,
+ # self.ovirtcluster = cluster,
+
+ # self.ovi rtnetwork = network
+ # }
+
+ attr_accessor :command
+
+ def initialize(config_filename, alertaction_index, alert_name, vdi_conf, commands)
+ super(config_filename, alertaction_index, alert_name)
+ self.vdi_conf = vdi_conf
+ end
+
+ def perform_action
+
+ command
+ end
+
+ def to_s
+ "TODO" #TODO
+ end
+
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/web_actioner.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/web_actioner.rb
new file mode 100644
index 000000000..9d8ca37e5
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/actioners/web_actioner.rb
@@ -0,0 +1,50 @@
+require 'net/http'
+require 'uri'
+require_relative 'alert_actioner'
+
+class WebActioner < AlertActioner
+
+ attr_accessor :target
+ attr_accessor :request_type
+ attr_accessor :data
+
+
+ def initialize(config_filename, alertaction_index, alert_name, target, request_type, data)
+ super(config_filename, alertaction_index, alert_name)
+ self.target = target
+ self.request_type = request_type
+ self.data = data
+ end
+
+ def perform_action
+ uri = URI.parse(self.target)
+
+ case self.request_type
+ when 'GET'
+
+ response = Net::HTTP.get_response(uri)
+ when 'POST'
+ request = Net::HTTP::Post.new(uri.request_uri, 'Content-Type' => 'application/json')
+ request.body = self.data.to_json
+ response = Net::HTTP.start(uri.hostname, uri.port) do |http|
+ http.request(request)
+ end
+ when 'PUT'
+ # TODO: later
+ response = ''
+ when 'DELETE'
+ # TODO: later
+ response = ''
+ else
+ response = Net::HTTP.get_response(uri)
+ end
+ Print.info response.to_s
+ Print.info "Web Action complete #{alertactioner_name}"
+ end
+
+ # TODO: Override me in superclass to print actioner type + all parameters??
+ def to_s
+ "WebActioner:\n Target: #{self.target}\n Request Type: #{self.request_type}\n Data: #{self.data.to_s}"
+ end
+
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alert_router.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alert_router.rb
new file mode 100644
index 000000000..27c7ce087
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alert_router.rb
@@ -0,0 +1,76 @@
+require 'json'
+require 'logger'
+
+require_relative 'alerts/alert'
+require_relative 'lib/logging'
+require_relative 'lib/aa_constants'
+require_relative 'lib/print'
+require_relative 'lib/alertaction_reader'
+
+class AlertRouter
+ attr_accessor :alert
+ attr_accessor :alert_actioners
+ attr_accessor :input
+
+ include Logging
+
+ def initialize
+ self.alert_actioners = []
+ Print.debug "AlertRouter started...", logger
+ self.input = ARGF.read
+ # self.input = 'example-rule:||:[{"_type": "doc", "_index": "auditbeat-2020.03.10", "process": {"exe": "/bin/cat", "name": "cat", "title": "cat testfile", "pid": "1459", "ppid": "1348", "cwd": "/home/vagrant"}, "num_hits": 2, "@timestamp": "2020-03-10T16:57:29.080Z", "tags": ["home", "beats_input_raw_event"], "auditd": {"paths": [{"nametype": "NORMAL", "ouid": "1000", "ogid": "1000", "rdev": "00:00", "dev": "08:01", "item": "0", "mode": "0100644", "inode": "1442062", "name": "testfile"}], "sequence": 2447, "summary": {"how": "/bin/cat", "object": {"type": "file", "primary": "testfile"}, "actor": {"primary": "vagrant", "secondary": "vagrant"}}, "session": "3", "result": "success", "data": {"tty": "pts1", "syscall": "open", "a1": "0", "a0": "7ffe67dd1418", "a3": "69f", "a2": "fffffffffffe0400", "exit": "3", "arch": "x86_64"}}, "beat": {"hostname": "shaw54-AGT-17-auto-grading-tracer-client-1", "name": "shaw54-AGT-17-auto-grading-tracer-client-1", "version": "6.8.7"}, "host": {"name": "shaw54-AGT-17-auto-grading-tracer-client-1"}, "user": {"fsuid": "1000", "auid": "1000", "uid": "1000", "name_map": {"fsuid": "vagrant", "auid": "vagrant", "uid": "vagrant", "suid": "vagrant", "fsgid": "vagrant", "egid": "vagrant", "euid": "vagrant", "gid": "vagrant", "sgid": "vagrant"}, "suid": "1000", "fsgid": "1000", "egid": "1000", "euid": "1000", "gid": "1000", "sgid": "1000"}, "file": {"group": "vagrant", "uid": "1000", "owner": "vagrant", "gid": "1000", "mode": "0644", "device": "00:00", "path": "testfile", "inode": "1442062"}, "combined_path": "/home/vagrant/testfile", "num_matches": 1, "_id": "mHthxXABcON1JJkPPtdf", "@version": "1", "event": {"action": "opened-file", "category": "audit-rule", "type": "syscall", "module": "auditd"}}]'
+ Print.info "Alert received: #{self.input}", logger
+ load_configs
+ end
+
+ def parameter_check
+ unless self.input
+ Print.err 'ERROR: No input received.', logger
+ exit(1)
+ end
+ unless self.input.include? ':||:'
+ Print.err 'ERROR: Does not include delimiter, :||:, between alert-name and JSON. Was this run via Elastalert?', logger
+ exit(1)
+ end
+ end
+
+ def read_alert
+ begin
+ split_input = self.input.split(':||:')
+ raise StandardError if split_input.length != 2
+ rule_name = split_input[0]
+ alert_body = JSON.parse(split_input[1])
+ Print.info("Reading alert for rule: #{rule_name}", logger)
+ self.alert = Alert.new(rule_name, alert_body)
+ rescue JSON::ParserError, StandardError => e
+ Print.info(e.to_s, logger)
+ exit(1)
+ end
+ end
+
+ def load_configs
+ Print.info("Reading config files from #{CONFIG_DIRECTORY}", logger)
+ conf_filenames = Dir["#{CONFIG_DIRECTORY}*.xml"]
+ conf_filenames.each do |conf_path|
+ Print.info("Loading config: #{conf_path}", logger)
+ self.alert_actioners = AlertActionReader.get_alertactioners(conf_path)
+ end
+ end
+
+ def rule_comparison
+ # Does the alert match our rules? if so: action the alert.
+ self.alert_actioners.each do |alert_actioner|
+ if alert_actioner.alert_name == self.alert.rule_name
+ alert_actioner.action_alert
+ end
+ end
+ end
+
+ def run
+ parameter_check
+ read_alert
+ rule_comparison
+ end
+end
+
+AlertRouter.new.run
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alerts/alert.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alerts/alert.rb
new file mode 100644
index 000000000..9d0c6bae8
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alerts/alert.rb
@@ -0,0 +1,16 @@
+# TODO: remove after testing
+require_relative '../lib/print'
+
+class Alert
+ attr_accessor :rule_name
+ attr_accessor :alert_json
+
+ def initialize(rule_name, alert_json)
+ self.rule_name = rule_name
+ self.alert_json = alert_json
+ # self.alert_type =
+ # self.alert_actions = [{action_type => 'msg', }]
+ Print.info("Alert created.")
+ end
+
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alerts/alert_types.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alerts/alert_types.rb
new file mode 100644
index 000000000..d5075c3b2
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/alerts/alert_types.rb
@@ -0,0 +1,15 @@
+class AlertTypes
+ READ_FILE = 'rf'
+ MODIFY_FILE = 'mf'
+ ACCESS_ACCOUNT = 'aa'
+ SERVICE_DOWN = 'svcd'
+ SYSTEM_DOWN = 'sysd'
+end
+
+class AlertActionTypes
+ WEB_ACTION = 'web'
+ IRC_ACTION = 'irc'
+ VDI_ACTION = 'vdi'
+ HOST_ACTION = 'hst'
+ MESSAGE_ACTION = 'msg'
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/commands/example_message.sh b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/commands/example_message.sh
new file mode 100644
index 000000000..5ecec945d
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/commands/example_message.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+DISPLAY=:0 /usr/bin/notify-send -u critical 'Well done' 'here is some subtext'
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/example_confs/example-conf.xml b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/example_confs/example-conf.xml
new file mode 100644
index 000000000..a559ea543
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/example_confs/example-conf.xml
@@ -0,0 +1,38 @@
+
+
+
+
+ example-rule
+
+ x.x.x.166
+ root
+ test
+ test
+ Well done!
+ Here is some subtext from the example config.
+
+
+
+ example-rule
+
+ http://127.0.0.1:8080
+ POST
+ flag{asdf}
+
+
+
+ example-rule
+
+ {"virt_type":"ovirt","ovirtpass":"toor","ovirturl":"","ovirtauthz":"","ovirtcluster":"", "ovirtnetwork":""}
+ shaw54-AAA-32-TODO
+ user-network-01
+
+
+ {"virt_type":"ovirt","ovirtpass":"toor","ovirturl":"","ovirtauthz":"","ovirtcluster":"", "ovirtnetwork":""}
+ shaw54-AAA-32-TODO
+ user-network-01
+
+
+
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/example_confs/pfx_SecGen20200319_162608.xml b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/example_confs/pfx_SecGen20200319_162608.xml
new file mode 100644
index 000000000..b569994e7
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/config/example_confs/pfx_SecGen20200319_162608.xml
@@ -0,0 +1,60 @@
+
+
+
+
+
+
+ pfx-auto-grading-tracer-client-1-symlinks-rf-0
+
+ https://hacktivity.aet.leedsbeckett.ac.uk/submit_flag
+ POST
+ flag{miraculous sunscalds}
+
+
+
+ pfx-auto-grading-tracer-client-1-symlinks-rf-1
+
+ https://hacktivity.aet.leedsbeckett.ac.uk/submit_flag
+ POST
+ flag{4f6831673b25b23130370cf270d522a3}
+
+
+
+ pfx-auto-grading-tracer-client-1-readable_shadow-rf-0
+
+ https://hacktivity.aet.leedsbeckett.ac.uk/submit_flag
+ POST
+ flag{ZpuKxPcZFD4vMSuydL19fg}
+
+
+
+ pfx-auto-grading-tracer-client-1-symlinks-rf-0
+
+ 192.168.209.166
+ test
+ test
+ Well done!
+ Here is some subtext from the scenario
+
+
+
+ pfx-auto-grading-tracer-client-1-symlinks-rf-1
+
+ 192.168.209.166
+ test
+ test
+ Well done!
+ Here is some subtext from the scenario
+
+
+
+ pfx-auto-grading-tracer-client-1-readable_shadow-rf-0
+
+ 192.168.209.166
+ test
+ test
+ Well done!
+ Here is some subtext from the scenario
+
+
+
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/example-input.json b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/example-input.json
new file mode 100644
index 000000000..21807c84e
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/example-input.json
@@ -0,0 +1 @@
+example-rule:||:[{"_type": "doc", "_index": "auditbeat-2020.03.10", "process": {"exe": "/bin/cat", "name": "cat", "title": "cat testfile", "pid": "1459", "ppid": "1348", "cwd": "/home/vagrant"}, "num_hits": 2, "@timestamp": "2020-03-10T16:57:29.080Z", "tags": ["home", "beats_input_raw_event"], "auditd": {"paths": [{"nametype": "NORMAL", "ouid": "1000", "ogid": "1000", "rdev": "00:00", "dev": "08:01", "item": "0", "mode": "0100644", "inode": "1442062", "name": "testfile"}], "sequence": 2447, "summary": {"how": "/bin/cat", "object": {"type": "file", "primary": "testfile"}, "actor": {"primary": "vagrant", "secondary": "vagrant"}}, "session": "3", "result": "success", "data": {"tty": "pts1", "syscall": "open", "a1": "0", "a0": "7ffe67dd1418", "a3": "69f", "a2": "fffffffffffe0400", "exit": "3", "arch": "x86_64"}}, "beat": {"hostname": "shaw54-AGT-17-auto-grading-tracer-client-1", "name": "shaw54-AGT-17-auto-grading-tracer-client-1", "version": "6.8.7"}, "host": {"name": "shaw54-AGT-17-auto-grading-tracer-client-1"}, "user": {"fsuid": "1000", "auid": "1000", "uid": "1000", "name_map": {"fsuid": "vagrant", "auid": "vagrant", "uid": "vagrant", "suid": "vagrant", "fsgid": "vagrant", "egid": "vagrant", "euid": "vagrant", "gid": "vagrant", "sgid": "vagrant"}, "suid": "1000", "fsgid": "1000", "egid": "1000", "euid": "1000", "gid": "1000", "sgid": "1000"}, "file": {"group": "vagrant", "uid": "1000", "owner": "vagrant", "gid": "1000", "mode": "0644", "device": "00:00", "path": "testfile", "inode": "1442062"}, "combined_path": "/home/vagrant/testfile", "num_matches": 1, "_id": "mHthxXABcON1JJkPPtdf", "@version": "1", "event": {"action": "opened-file", "category": "audit-rule", "type": "syscall", "module": "auditd"}}]
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/.no_files b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/.no_files
new file mode 100644
index 000000000..fce5ba92b
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/.no_files
@@ -0,0 +1 @@
+# Shared libs are copied into the module's directory by the project_files_creator
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/aa_constants.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/aa_constants.rb
new file mode 100644
index 000000000..4a1e688d3
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/aa_constants.rb
@@ -0,0 +1,8 @@
+ALERTER_DIRECTORY = '/opt/alert_actioner/'
+# TODO: for testing
+# ALERTER_DIRECTORY = '/home/thomashaw/git/SecGen/modules/services/unix/http/analysis_alert_action_server/files/alert_actioner/'
+CONFIG_DIRECTORY = ALERTER_DIRECTORY + 'config/'
+LIB_DIRECTORY = ALERTER_DIRECTORY + 'lib/'
+AA_CONFIG_SCHEMA = LIB_DIRECTORY + 'alertactioner_config_schema.xsd'
+TEMPLATES_DIRECTORY = ALERTER_DIRECTORY + 'templates/'
+COMMANDS_DIRECTORY = CONFIG_DIRECTORY + 'commands/'
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/alertaction_reader.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/alertaction_reader.rb
new file mode 100644
index 000000000..1a1c6a3f8
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/alertaction_reader.rb
@@ -0,0 +1,61 @@
+require 'nokogiri'
+require 'digest'
+
+require_relative './logging'
+require_relative 'xml_reader'
+require_relative '../actioners/web_actioner'
+require_relative '../actioners/message_actioner'
+
+class AlertActionReader < XMLReader
+ include Logging
+
+ # uses nokogiri to extract all system information from alertaction config.xml files
+ # @return [Array] Array containing AlertActioner objects
+ def self.get_alertactioners(conf_path)
+ alert_actioners = []
+ config_filename = conf_path.split('/')[-1]
+ # Parse and validate the schema
+ doc = parse_doc(conf_path, AA_CONFIG_SCHEMA, 'alertaction_config')
+
+ doc.xpath('//alertaction').each_with_index do |alertaction_node, alertaction_index|
+
+ alert_name = alertaction_node.at_xpath('alert_name').text
+
+ # for each action type:
+ alertaction_node.xpath('WebAction | CommandAction | MessageAction | VDIAction | IRCAction').each do |action_node|
+ type = action_node.name
+
+ case type
+ when 'WebAction'
+ target = action_node.xpath('target').text
+ request_type = action_node.xpath('request_type').text
+ data = action_node.xpath('data').text
+
+ web_actioner = WebActioner.new(config_filename, alertaction_index, alert_name, target, request_type, data)
+ Print.info("Created #{web_actioner.to_s}", Logging.logger)
+ alert_actioners << web_actioner
+ when 'CommandAction'
+ # todo
+ when 'MessageAction'
+ host = action_node.xpath('host').text
+ sender = action_node.xpath('sender').text
+ password = action_node.xpath('password').text
+ recipient = action_node.xpath('recipient').text
+ message_header = action_node.xpath('message_header').text
+ message_subtext = action_node.xpath('message_subtext').text
+ message_actioner = MessageActioner.new(config_filename, alertaction_index, alert_name, host, sender, password, recipient, message_header, message_subtext)
+ Print.info "Created #{message_actioner.to_s}", Logging.logger
+ alert_actioners << message_actioner
+ when 'VDIAction'
+ # todo
+ when 'IRCAction'
+ # todo
+ else
+ Print.err("Invalid actioner type.", Logging.logger)
+ exit(1)
+ end
+ end
+ end
+ return alert_actioners
+ end
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/logging.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/logging.rb
new file mode 100644
index 000000000..a7823cac2
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/logging.rb
@@ -0,0 +1,14 @@
+module Logging
+ require 'logger'
+ require_relative 'aa_constants'
+ def logger
+ Logging.logger
+ end
+
+ def self.logger
+ # TODO: for local testing uncomment me
+ # alerter_directory = '/home/thomashaw/git/SecGen/'
+ # @logger ||= Logger.new(alerter_directory + 'alert-router.log')
+ @logger ||= Logger.new(ALERTER_DIRECTORY + 'alert-router.log')
+ end
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/print.rb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/print.rb
new file mode 100644
index 000000000..1cb9d7cbf
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/lib/print.rb
@@ -0,0 +1,57 @@
+
+class Print
+ def self.colorize(text, color_code)
+ "#{color_code}#{text}\e[0m"
+ end
+
+ def self.red(text); colorize(text, "\e[31m"); end
+ def self.green(text); colorize(text, "\e[32m"); end
+ def self.yellow(text); colorize(text, "\e[33m"); end
+ def self.blue(text); colorize(text, "\e[34m"); end
+ def self.purple(text); colorize(text, "\e[35m"); end
+ def self.cyan(text); colorize(text, "\e[36m"); end
+ def self.grey(text); colorize(text, "\e[37m"); end
+ def self.bright_yellow(text); colorize(text, "\e[93m"); end
+ def self.bold(text); colorize(text, "\e[2m"); end
+
+ def self.debug(msg, logger=nil)
+ logger.debug(msg) if logger
+ puts purple(' ' + msg)
+ end
+
+ def self.verbose(msg, logger=nil)
+ logger.info(msg) if logger
+ puts grey(' ' + msg)
+ end
+
+ def self.err(msg, logger=nil)
+ logger.error(msg) if logger
+ $stderr.puts red(msg)
+ end
+
+ def self.info(msg, logger=nil)
+ logger.info(msg) if logger
+ puts green(msg)
+ end
+
+ def self.std(msg, logger=nil)
+ logger.info(msg) if logger
+ puts yellow(msg)
+ end
+
+ def self.warn(msg, logger=nil)
+ logger.warn(msg) if logger
+ puts bright_yellow(msg)
+ end
+
+ # local encoders/generators write messages to stderr (stdout used to return values)
+ def self.local(msg, logger=nil)
+ logger.info(msg) if logger
+ $stderr.puts cyan(msg)
+ end
+ def self.local_verbose(msg, logger=nil)
+ logger.info(msg) if logger
+ $stderr.puts cyan(' ' + msg)
+ end
+
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/templates/command.sh.erb b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/templates/command.sh.erb
new file mode 100644
index 000000000..7672f4574
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/templates/command.sh.erb
@@ -0,0 +1,4 @@
+#!/bin/bash
+<% @shell_commands.each do |command_string| -%>
+<%= command_string.strip %>
+<% end -%>
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/test_server.py b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/test_server.py
new file mode 100644
index 000000000..dc213b610
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/files/alert_actioner/test_server.py
@@ -0,0 +1,26 @@
+from http.server import HTTPServer, BaseHTTPRequestHandler
+
+from io import BytesIO
+
+
+class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
+
+ def do_GET(self):
+ self.send_response(200)
+ self.end_headers()
+ self.wfile.write(b'Hello, world!')
+
+ def do_POST(self):
+ content_length = int(self.headers['Content-Length'])
+ body = self.rfile.read(content_length)
+ self.send_response(200)
+ self.end_headers()
+ response = BytesIO()
+ response.write(b'This is POST request. ')
+ response.write(b'Received: ')
+ response.write(body)
+ self.wfile.write(response.getvalue())
+
+
+httpd = HTTPServer(('localhost', 8080), SimpleHTTPRequestHandler)
+httpd.serve_forever()
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/manifests/init.pp b/modules/services/unix/logging/analysis_alert_action_server/manifests/init.pp
new file mode 100644
index 000000000..aa804cd75
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/manifests/init.pp
@@ -0,0 +1,3 @@
+class analysis_alert_action_server {
+ class { '::analysis_alert_action_server::install': }
+}
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/manifests/install.pp b/modules/services/unix/logging/analysis_alert_action_server/manifests/install.pp
new file mode 100644
index 000000000..88f8c6180
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/manifests/install.pp
@@ -0,0 +1,19 @@
+class analysis_alert_action_server::install (
+ $install_path = '/opt/alert_actioner/'
+) {
+
+ ensure_packages(['libcurl4-openssl-dev', 'libxml2-dev', 'ruby-dev', 'sshpass', 'mailutils'])
+
+ package { 'ovirt-engine-sdk':
+ ensure => '4.3.0',
+ provider => 'gem',
+ require => Package['ruby-dev']
+ }
+
+ file { $install_path:
+ ensure => directory,
+ recurse => true,
+ source => 'puppet:///modules/analysis_alert_action_server/alert_actioner',
+ }
+
+}
\ No newline at end of file
diff --git a/modules/services/unix/logging/analysis_alert_action_server/secgen_metadata.xml b/modules/services/unix/logging/analysis_alert_action_server/secgen_metadata.xml
new file mode 100644
index 000000000..3a4e6ad07
--- /dev/null
+++ b/modules/services/unix/logging/analysis_alert_action_server/secgen_metadata.xml
@@ -0,0 +1,36 @@
+
+
+
+ Analysis, Alerting and Actioning Server
+ Thomas Shaw
+ Apache v2
+ Server component to the Auto Grading Server.
+ Includes: Elasticsearch, Logstash, Kibana, Wazuh (ELK + OSSEC fork),
+ Elastalert (with custom rules),
+ ExecAlerter (Custom EA CommandAlerter which includes rule name that was triggered),
+ Alert Actioner (Automatic responses to alerts, such as sending messages, running commands on VMs, or sending web requests)
+
+ multi
+ linux
+
+ aaa_config
+
+
+
+
+
+ .*elasticsearch_7
+
+
+ .*logstash_7
+
+
+ .*kibana_7
+
+
+ .*elastalert
+
+
+
diff --git a/modules/utilities/unix/logging/elasticsearch/CHANGELOG.md b/modules/services/unix/logging/elasticsearch/CHANGELOG.md
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/CHANGELOG.md
rename to modules/services/unix/logging/elasticsearch/CHANGELOG.md
diff --git a/modules/utilities/unix/logging/elasticsearch/CONTRIBUTING.md b/modules/services/unix/logging/elasticsearch/CONTRIBUTING.md
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/CONTRIBUTING.md
rename to modules/services/unix/logging/elasticsearch/CONTRIBUTING.md
diff --git a/modules/utilities/unix/logging/elasticsearch/CONTRIBUTORS b/modules/services/unix/logging/elasticsearch/CONTRIBUTORS
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/CONTRIBUTORS
rename to modules/services/unix/logging/elasticsearch/CONTRIBUTORS
diff --git a/modules/utilities/unix/logging/elasticsearch/LICENSE b/modules/services/unix/logging/elasticsearch/LICENSE
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/LICENSE
rename to modules/services/unix/logging/elasticsearch/LICENSE
diff --git a/modules/utilities/unix/logging/elasticsearch/README.md b/modules/services/unix/logging/elasticsearch/README.md
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/README.md
rename to modules/services/unix/logging/elasticsearch/README.md
diff --git a/modules/utilities/unix/logging/elasticsearch/checksums.json b/modules/services/unix/logging/elasticsearch/checksums.json
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/checksums.json
rename to modules/services/unix/logging/elasticsearch/checksums.json
diff --git a/modules/utilities/unix/logging/elasticsearch/data/common.yaml b/modules/services/unix/logging/elasticsearch/data/common.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/common.yaml
rename to modules/services/unix/logging/elasticsearch/data/common.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon.yaml b/modules/services/unix/logging/elasticsearch/data/distro/Amazon.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/distro/Amazon.yaml
rename to modules/services/unix/logging/elasticsearch/data/distro/Amazon.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Amazon/2.yaml b/modules/services/unix/logging/elasticsearch/data/distro/Amazon/2.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/distro/Amazon/2.yaml
rename to modules/services/unix/logging/elasticsearch/data/distro/Amazon/2.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Debian/7.yaml b/modules/services/unix/logging/elasticsearch/data/distro/Debian/7.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/distro/Debian/7.yaml
rename to modules/services/unix/logging/elasticsearch/data/distro/Debian/7.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml b/modules/services/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml
rename to modules/services/unix/logging/elasticsearch/data/distro/Ubuntu/12.04.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml b/modules/services/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml
rename to modules/services/unix/logging/elasticsearch/data/distro/Ubuntu/14.04.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/kernel/Darwin.yaml b/modules/services/unix/logging/elasticsearch/data/kernel/Darwin.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/kernel/Darwin.yaml
rename to modules/services/unix/logging/elasticsearch/data/kernel/Darwin.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/kernel/Linux.yaml b/modules/services/unix/logging/elasticsearch/data/kernel/Linux.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/kernel/Linux.yaml
rename to modules/services/unix/logging/elasticsearch/data/kernel/Linux.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml b/modules/services/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml
rename to modules/services/unix/logging/elasticsearch/data/kernel/OpenBSD.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Debian.yaml b/modules/services/unix/logging/elasticsearch/data/os/Debian.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/os/Debian.yaml
rename to modules/services/unix/logging/elasticsearch/data/os/Debian.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Gentoo.yaml b/modules/services/unix/logging/elasticsearch/data/os/Gentoo.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/os/Gentoo.yaml
rename to modules/services/unix/logging/elasticsearch/data/os/Gentoo.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat.yaml b/modules/services/unix/logging/elasticsearch/data/os/RedHat.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/os/RedHat.yaml
rename to modules/services/unix/logging/elasticsearch/data/os/RedHat.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/5.yaml b/modules/services/unix/logging/elasticsearch/data/os/RedHat/5.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/os/RedHat/5.yaml
rename to modules/services/unix/logging/elasticsearch/data/os/RedHat/5.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/RedHat/6.yaml b/modules/services/unix/logging/elasticsearch/data/os/RedHat/6.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/os/RedHat/6.yaml
rename to modules/services/unix/logging/elasticsearch/data/os/RedHat/6.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Suse.yaml b/modules/services/unix/logging/elasticsearch/data/os/Suse.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/os/Suse.yaml
rename to modules/services/unix/logging/elasticsearch/data/os/Suse.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/data/os/Suse/11.yaml b/modules/services/unix/logging/elasticsearch/data/os/Suse/11.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/data/os/Suse/11.yaml
rename to modules/services/unix/logging/elasticsearch/data/os/Suse/11.yaml
diff --git a/modules/services/unix/logging/elasticsearch/elasticsearch.pp b/modules/services/unix/logging/elasticsearch/elasticsearch.pp
new file mode 100644
index 000000000..897d48955
--- /dev/null
+++ b/modules/services/unix/logging/elasticsearch/elasticsearch.pp
@@ -0,0 +1,20 @@
+unless defined('analysis_alert_action_server') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+
+ include ::java
+
+ class { 'elasticsearch':
+ api_host => $elasticsearch_ip,
+ api_port => $elasticsearch_port,
+ version => '6.3.1',
+ }
+
+ elasticsearch::instance { 'es-01':
+ config => {
+ 'network.host' => $elasticsearch_ip,
+ 'http.port' => $elasticsearch_port,
+ },
+ }
+}
diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb b/modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb
rename to modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.Debian.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb b/modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb
rename to modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.OpenBSD.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb b/modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb
rename to modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.RedHat.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb b/modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb
old mode 100755
new mode 100644
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb
rename to modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.SLES.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb b/modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb
rename to modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.openrc.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb b/modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb
rename to modules/services/unix/logging/elasticsearch/files/etc/init.d/elasticsearch.systemd.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/hiera.yaml b/modules/services/unix/logging/elasticsearch/hiera.yaml
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/hiera.yaml
rename to modules/services/unix/logging/elasticsearch/hiera.yaml
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/facter/es_facts.rb b/modules/services/unix/logging/elasticsearch/lib/facter/es_facts.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/facter/es_facts.rb
rename to modules/services/unix/logging/elasticsearch/lib/facter/es_facts.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/feature/elasticsearch_shield_users_native.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/array_suffix.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/concat_merge.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/deep_implode.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/es_plugin_name.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/parser/functions/plugin_dir.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_parsedfile.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_plugin.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_rest.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_command.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_user_roles.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elastic_yaml.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_index/ruby.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_keystore/elasticsearch_keystore.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/shield.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_license/x-pack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_pipeline/ruby.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/elasticsearch_plugin.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_plugin/plugin.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/oss_xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/shield.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role/xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/oss_xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/shield.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_role_mapping/xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_service_file/ruby.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_snapshot_repository/ruby.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_template/ruby.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/elasticsearch_users.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/esusers.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user/users.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/oss_xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/shield.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_file/xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/oss_xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/shield.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/elasticsearch_user_roles/xpack.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/provider/es_instance_conn_validator/tcp_port.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_index.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_keystore.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_license.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_pipeline.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_plugin.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_role_mapping.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_service_file.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_snapshot_repository.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_template.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_file.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/elasticsearch_user_roles.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/type/es_instance_conn_validator.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb b/modules/services/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet/util/es_instance_validator.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/asymmetric_compare.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_implode.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_i.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/deep_to_s.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/elasticsearch_rest_resource.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/es_versioning.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/hash.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb b/modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb
rename to modules/services/unix/logging/elasticsearch/lib/puppet_x/elastic/plugin_parsing.rb
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/config.pp b/modules/services/unix/logging/elasticsearch/manifests/config.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/config.pp
rename to modules/services/unix/logging/elasticsearch/manifests/config.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/index.pp b/modules/services/unix/logging/elasticsearch/manifests/index.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/index.pp
rename to modules/services/unix/logging/elasticsearch/manifests/index.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/init.pp b/modules/services/unix/logging/elasticsearch/manifests/init.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/init.pp
rename to modules/services/unix/logging/elasticsearch/manifests/init.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/instance.pp b/modules/services/unix/logging/elasticsearch/manifests/instance.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/instance.pp
rename to modules/services/unix/logging/elasticsearch/manifests/instance.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/license.pp b/modules/services/unix/logging/elasticsearch/manifests/license.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/license.pp
rename to modules/services/unix/logging/elasticsearch/manifests/license.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/package.pp b/modules/services/unix/logging/elasticsearch/manifests/package.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/package.pp
rename to modules/services/unix/logging/elasticsearch/manifests/package.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/pipeline.pp b/modules/services/unix/logging/elasticsearch/manifests/pipeline.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/pipeline.pp
rename to modules/services/unix/logging/elasticsearch/manifests/pipeline.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/plugin.pp b/modules/services/unix/logging/elasticsearch/manifests/plugin.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/plugin.pp
rename to modules/services/unix/logging/elasticsearch/manifests/plugin.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/role.pp b/modules/services/unix/logging/elasticsearch/manifests/role.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/role.pp
rename to modules/services/unix/logging/elasticsearch/manifests/role.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/script.pp b/modules/services/unix/logging/elasticsearch/manifests/script.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/script.pp
rename to modules/services/unix/logging/elasticsearch/manifests/script.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service.pp b/modules/services/unix/logging/elasticsearch/manifests/service.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/service.pp
rename to modules/services/unix/logging/elasticsearch/manifests/service.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/init.pp b/modules/services/unix/logging/elasticsearch/manifests/service/init.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/service/init.pp
rename to modules/services/unix/logging/elasticsearch/manifests/service/init.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/openbsd.pp b/modules/services/unix/logging/elasticsearch/manifests/service/openbsd.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/service/openbsd.pp
rename to modules/services/unix/logging/elasticsearch/manifests/service/openbsd.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/openrc.pp b/modules/services/unix/logging/elasticsearch/manifests/service/openrc.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/service/openrc.pp
rename to modules/services/unix/logging/elasticsearch/manifests/service/openrc.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/service/systemd.pp b/modules/services/unix/logging/elasticsearch/manifests/service/systemd.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/service/systemd.pp
rename to modules/services/unix/logging/elasticsearch/manifests/service/systemd.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/snapshot_repository.pp b/modules/services/unix/logging/elasticsearch/manifests/snapshot_repository.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/snapshot_repository.pp
rename to modules/services/unix/logging/elasticsearch/manifests/snapshot_repository.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/template.pp b/modules/services/unix/logging/elasticsearch/manifests/template.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/template.pp
rename to modules/services/unix/logging/elasticsearch/manifests/template.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/manifests/user.pp b/modules/services/unix/logging/elasticsearch/manifests/user.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/manifests/user.pp
rename to modules/services/unix/logging/elasticsearch/manifests/user.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/metadata.json b/modules/services/unix/logging/elasticsearch/metadata.json
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/metadata.json
rename to modules/services/unix/logging/elasticsearch/metadata.json
diff --git a/modules/utilities/unix/logging/elasticsearch/secgen_metadata.xml b/modules/services/unix/logging/elasticsearch/secgen_metadata.xml
similarity index 84%
rename from modules/utilities/unix/logging/elasticsearch/secgen_metadata.xml
rename to modules/services/unix/logging/elasticsearch/secgen_metadata.xml
index 24657b5f0..b8a2fe1fa 100644
--- a/modules/utilities/unix/logging/elasticsearch/secgen_metadata.xml
+++ b/modules/services/unix/logging/elasticsearch/secgen_metadata.xml
@@ -1,8 +1,8 @@
-
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
Elasticsearch
Thomas Shaw
Elastic
@@ -35,4 +35,4 @@
java
-
+
diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb b/modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb
rename to modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/elasticsearch.yml.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb b/modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb
rename to modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/jvm.options.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb b/modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb
rename to modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/log4j2.properties.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb b/modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb
rename to modules/services/unix/logging/elasticsearch/templates/etc/elasticsearch/logging.yml.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb b/modules/services/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb
rename to modules/services/unix/logging/elasticsearch/templates/etc/sysconfig/defaults.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb b/modules/services/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb
rename to modules/services/unix/logging/elasticsearch/templates/usr/lib/tmpfiles.d/elasticsearch.conf.erb
diff --git a/modules/utilities/unix/logging/elasticsearch/types/multipath.pp b/modules/services/unix/logging/elasticsearch/types/multipath.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/types/multipath.pp
rename to modules/services/unix/logging/elasticsearch/types/multipath.pp
diff --git a/modules/utilities/unix/logging/elasticsearch/types/status.pp b/modules/services/unix/logging/elasticsearch/types/status.pp
similarity index 100%
rename from modules/utilities/unix/logging/elasticsearch/types/status.pp
rename to modules/services/unix/logging/elasticsearch/types/status.pp
diff --git a/modules/services/unix/logging/elk_upgrade/elasticsearch_7/elasticsearch_7.pp b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/elasticsearch_7.pp
new file mode 100644
index 000000000..c4059fdb9
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/elasticsearch_7.pp
@@ -0,0 +1,13 @@
+unless defined('analysis_alert_action_server') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+
+ include ::java
+
+ class { 'elasticsearch_7':
+ api_host => $elasticsearch_ip,
+ api_port => $elasticsearch_port,
+ }
+
+}
diff --git a/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/config.pp b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/config.pp
new file mode 100644
index 000000000..d22214d25
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/config.pp
@@ -0,0 +1,20 @@
+class elasticsearch_7::config (
+ $elasticsearch_ip,
+ $elasticsearch_port = '9200',
+ $node_name = 'my_es_node',
+ $log_path = '/var/log/elasticsearch',
+ $data_path = '/var/lib/elasticsearch',
+) {
+
+ Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] }
+
+ # Configure Elasticsearch
+ file { '/etc/elasticsearch/elasticsearch.yml':
+ ensure => file,
+ mode => '0644',
+ owner => 'root',
+ group => 'elasticsearch',
+ content => template('elasticsearch_7/elasticsearch.yml.erb')
+ }
+
+}
diff --git a/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/init.pp b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/init.pp
new file mode 100644
index 000000000..fec4a09b0
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/init.pp
@@ -0,0 +1,18 @@
+class elasticsearch_7 (
+ $api_host,
+ $api_port,
+ $package_url = 'https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.0-amd64.deb',
+) {
+
+ Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] }
+
+ class { 'elasticsearch_7::install':
+ package_url => $package_url,
+ }->
+ class { 'elasticsearch_7::config':
+ elasticsearch_ip => $api_host,
+ elasticsearch_port => $api_port,
+ }->
+ class { 'elasticsearch_7::service': }
+
+}
diff --git a/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/install.pp b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/install.pp
new file mode 100644
index 000000000..39f9f7bc8
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/install.pp
@@ -0,0 +1,20 @@
+class elasticsearch_7::install (
+ String $package_url = 'https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.0-amd64.deb',
+) {
+
+ Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] }
+
+ # Install Elasticsearch
+ exec { 'es add gpg key':
+ command => 'wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -'
+ }->
+ exec { 'es add apt repository':
+ command => 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list'
+ }->
+ exec { 'es update apt':
+ command => 'apt-get update'
+ }->
+ package { 'elasticsearch':
+ ensure => present,
+ }
+}
diff --git a/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/service.pp b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/service.pp
new file mode 100644
index 000000000..fc97b3102
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/manifests/service.pp
@@ -0,0 +1,14 @@
+class elasticsearch_7::service {
+ service { 'elasticsearch':
+ enable => true,
+ }
+
+ # remove startup timeout
+ file { '/etc/systemd/system/elasticsearch.service.d/':
+ ensure => directory,
+ }->
+ file { '/etc/systemd/system/elasticsearch.service.d/startup-timeout.conf':
+ ensure => present,
+ content => "[Service]\nTimeoutStartSec=180"
+ }
+}
diff --git a/modules/services/unix/logging/elk_upgrade/elasticsearch_7/secgen_metadata.xml b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/secgen_metadata.xml
new file mode 100644
index 000000000..d91b4b3a2
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/secgen_metadata.xml
@@ -0,0 +1,34 @@
+
+
+
+ Elasticsearch 7
+ Thomas Shaw
+ Elastic
+ Apache v2
+ TODO
+
+ log_tool
+ linux
+
+ elasticsearch_ip
+ elasticsearch_port
+
+
+ localhost
+
+
+
+ 9200
+
+
+
+ update
+
+
+
+ java
+
+
+
diff --git a/modules/services/unix/logging/elk_upgrade/elasticsearch_7/templates/elasticsearch.yml.erb b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/templates/elasticsearch.yml.erb
new file mode 100644
index 000000000..a2b7b7d29
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/elasticsearch_7/templates/elasticsearch.yml.erb
@@ -0,0 +1,8 @@
+network.host: <%= @elasticsearch_ip %>
+http.port: <%= @elasticsearch_port %>
+node.name: <%= @node_name %>
+node.master: true
+path.data: "<%= @data_path%>"
+path.logs: "<%= @log_path %>"
+discovery.seed_hosts: ["<%= @elasticsearch_ip %>"]
+cluster.initial_master_nodes: ["<%= @node_name %>"]
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/kibana_7/kibana_7.pp b/modules/services/unix/logging/elk_upgrade/kibana_7/kibana_7.pp
new file mode 100644
index 000000000..f1f96c379
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/kibana_7/kibana_7.pp
@@ -0,0 +1,12 @@
+unless defined('analysis_alert_action_server') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+ $kibana_port = 0 + $secgen_parameters['kibana_port'][0]
+
+ class { 'kibana_7':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ kibana_port => $kibana_port
+ }
+}
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/config.pp b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/config.pp
new file mode 100644
index 000000000..ca702a484
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/config.pp
@@ -0,0 +1,18 @@
+class kibana_7::config (
+ $elasticsearch_ip,
+ $elasticsearch_port = '9200',
+ $kibana_port = '5601',
+) {
+
+ Exec { path => ['/bin','/sbin','/usr/bin', '/usr/sbin'] }
+
+ # Configure Kibana
+ file { '/etc/kibana/kibana.yml':
+ ensure => file,
+ mode => '0660',
+ owner => 'kibana',
+ group => 'kibana',
+ content => template('kibana_7/kibana.yml.erb')
+ }
+
+}
diff --git a/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/init.pp b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/init.pp
new file mode 100644
index 000000000..a7a26112d
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/init.pp
@@ -0,0 +1,11 @@
+class kibana_7 ($elasticsearch_ip, $elasticsearch_port = '9200', $kibana_port = '5601') {
+
+ class { 'kibana_7::install': }->
+ class { 'kibana_7::config':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ kibana_port => $kibana_port
+ } ->
+ class { 'kibana_7::service': }
+
+}
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/install.pp b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/install.pp
new file mode 100644
index 000000000..901015cd0
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/install.pp
@@ -0,0 +1,5 @@
+class kibana_7::install () {
+ package { 'kibana':
+ ensure => present,
+ }
+}
diff --git a/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/service.pp b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/service.pp
new file mode 100644
index 000000000..4558ed835
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/kibana_7/manifests/service.pp
@@ -0,0 +1,6 @@
+class kibana_7::service {
+ service { 'kibana':
+ enable => true,
+ hasrestart => true,
+ }
+}
diff --git a/modules/utilities/unix/logging/kibana/secgen_metadata.xml b/modules/services/unix/logging/elk_upgrade/kibana_7/secgen_metadata.xml
similarity index 86%
rename from modules/utilities/unix/logging/kibana/secgen_metadata.xml
rename to modules/services/unix/logging/elk_upgrade/kibana_7/secgen_metadata.xml
index c573862a7..cf438ef14 100644
--- a/modules/utilities/unix/logging/kibana/secgen_metadata.xml
+++ b/modules/services/unix/logging/elk_upgrade/kibana_7/secgen_metadata.xml
@@ -1,8 +1,8 @@
-
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
Kibana
Thomas Shaw
Elastic
@@ -37,4 +37,4 @@
update
-
+
diff --git a/modules/services/unix/logging/elk_upgrade/kibana_7/templates/kibana.yml.erb b/modules/services/unix/logging/elk_upgrade/kibana_7/templates/kibana.yml.erb
new file mode 100644
index 000000000..e160f64ac
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/kibana_7/templates/kibana.yml.erb
@@ -0,0 +1,6 @@
+server.host: <%= @elasticsearch_ip %>
+server.port: <%= @kibana_port %>
+elasticsearch.hosts: ["http://<%= @elasticsearch_ip %>:<%= @elasticsearch_port %>"]
+xpack.security.encryptionKey: "<%= SecureRandom.hex %>"
+xpack.encryptedSavedObjects.encryptionKey: "<%= SecureRandom.hex %>"
+xpack.reporting.encryptionKey: "<%= SecureRandom.hex %>"
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/files/combined_path.rb b/modules/services/unix/logging/elk_upgrade/logstash_7/files/combined_path.rb
new file mode 100644
index 000000000..3fd150688
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/files/combined_path.rb
@@ -0,0 +1,35 @@
+def remove_duplicates(path) # could this be a problem with things like remote file systems? we'll see...
+ simple_path = path
+ if path.include?('//')
+ second_segment = path.split('//')[1]
+ simple_path = "/" + second_segment
+ end
+ simple_path
+end
+
+def remove_relative(path)
+ split_path = path.split('/')
+ while split_path.include? '..'
+ dotdot_index = split_path.index('..')
+ split_path.delete_at(dotdot_index-1) # remove the parent directory
+ split_path.delete_at(dotdot_index-1) # remove the '..'
+ end
+ split_path.join('/')
+end
+
+def register(params)
+ # do nothing, no logstash params
+end
+
+# the filter method receives an event and must return a list of events.
+def filter(event)
+ proc_cwd = event.get("[process][working_directory]")
+ file_path = event.get("[file][path]")
+ if proc_cwd != nil and file_path != nil and proc_cwd != '' and file_path != ''
+ combined_path = proc_cwd + "/" + file_path
+ combined_path = remove_duplicates(combined_path)
+ combined_path = remove_relative(combined_path)
+ event.set("combined_path", combined_path)
+ end
+ [event]
+end
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/logstash_7.pp b/modules/services/unix/logging/elk_upgrade/logstash_7/logstash_7.pp
new file mode 100644
index 000000000..3a294bc4e
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/logstash_7.pp
@@ -0,0 +1,12 @@
+unless defined('analysis_alert_action_server') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+ $logstash_port = 0 + $secgen_parameters['logstash_port'][0]
+
+ class { 'logstash_7':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ logstash_port => $logstash_port
+ }
+}
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/config.pp b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/config.pp
new file mode 100644
index 000000000..01efc3b8c
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/config.pp
@@ -0,0 +1,34 @@
+class logstash_7::config (
+ $elasticsearch_ip,
+ $elasticsearch_port = '9200',
+ $logstash_port = '5044',
+ $log_path = '/var/log/logstash',
+ $data_path = '/var/lib/logstash',
+ $config_path = '/etc/logstash/conf.d',
+) {
+
+ file { '/etc/logstash/logstash.yml':
+ ensure => file,
+ mode => '0644',
+ owner => 'logstash',
+ group => 'logstash',
+ content => template('logstash_7/logstash.yml.erb')
+ }
+
+ file { '/etc/logstash/conf.d/':
+ ensure => directory,
+ mode => '0775',
+ owner => 'logstash',
+ group => 'logstash',
+ }
+
+ file { '/etc/logstash/conf.d/my_ls_config':
+ ensure => file,
+ mode => '0644',
+ owner => 'logstash',
+ group => 'logstash',
+ content => template('logstash_7/configfile-template.erb'),
+ require => File['/etc/logstash/conf.d/']
+ }
+
+}
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/init.pp b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/init.pp
new file mode 100644
index 000000000..6da07ac90
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/init.pp
@@ -0,0 +1,11 @@
+class logstash_7 ($elasticsearch_ip, $elasticsearch_port = '9200', $logstash_port = '5044') {
+
+ class { 'logstash_7::install': } ->
+ class { 'logstash_7::config':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ logstash_port => $logstash_port,
+ } ->
+ class { 'logstash_7::service': }
+
+}
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/install.pp b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/install.pp
new file mode 100644
index 000000000..2e5016fcc
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/install.pp
@@ -0,0 +1,11 @@
+class logstash_7::install () {
+ package { 'logstash':
+ ensure => present,
+ }
+
+ file { '/etc/logstash/combined_path.rb':
+ ensure => file,
+ source => 'puppet:///modules/logstash_7/combined_path.rb',
+ require => Package['logstash'],
+ }
+}
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/service.pp b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/service.pp
new file mode 100644
index 000000000..5a3f6dea3
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/manifests/service.pp
@@ -0,0 +1,6 @@
+class logstash_7::service {
+ service { 'logstash':
+ enable => true,
+ hasrestart => true,
+ }
+}
diff --git a/modules/utilities/unix/logging/logstash/secgen_metadata.xml b/modules/services/unix/logging/elk_upgrade/logstash_7/secgen_metadata.xml
similarity index 84%
rename from modules/utilities/unix/logging/logstash/secgen_metadata.xml
rename to modules/services/unix/logging/elk_upgrade/logstash_7/secgen_metadata.xml
index 649a2a4f8..e5169dc0c 100644
--- a/modules/utilities/unix/logging/logstash/secgen_metadata.xml
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/secgen_metadata.xml
@@ -1,8 +1,8 @@
-
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/service">
Logstash
Thomas Shaw
Elastic
@@ -32,4 +32,4 @@
update
-
+
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/templates/configfile-template.erb b/modules/services/unix/logging/elk_upgrade/logstash_7/templates/configfile-template.erb
new file mode 100644
index 000000000..e148fdf88
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/templates/configfile-template.erb
@@ -0,0 +1,25 @@
+input {
+ beats {
+ port => <%= @logstash_port %>
+ }
+}
+
+filter {
+ ruby {
+ path => "/etc/logstash/combined_path.rb"
+ }
+}
+
+output {
+ elasticsearch {
+ hosts => "<%= @elasticsearch_ip-%>:<%= @elasticsearch_port-%>"
+ manage_template => false
+ index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
+ document_type => "%{[@metadata][type]}"
+ }
+ # Write to file as well as pushing to elasticsearch for testing, can be removed eventually...
+ file {
+ path => "/usr/share/logstash/logstash.log"
+ }
+ stdout { codec => rubydebug }
+}
\ No newline at end of file
diff --git a/modules/services/unix/logging/elk_upgrade/logstash_7/templates/logstash.yml.erb b/modules/services/unix/logging/elk_upgrade/logstash_7/templates/logstash.yml.erb
new file mode 100644
index 000000000..0d8ea9925
--- /dev/null
+++ b/modules/services/unix/logging/elk_upgrade/logstash_7/templates/logstash.yml.erb
@@ -0,0 +1,4 @@
+http.host: <%= @elasticsearch_ip %>
+path.data: "<%= @data_path %>"
+path.config: "<%= @config_path %>"
+path.logs: "<%= @log_path %>"
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/kibana/CHANGELOG.md b/modules/services/unix/logging/kibana/CHANGELOG.md
similarity index 100%
rename from modules/utilities/unix/logging/kibana/CHANGELOG.md
rename to modules/services/unix/logging/kibana/CHANGELOG.md
diff --git a/modules/utilities/unix/logging/kibana/CONTRIBUTING.md b/modules/services/unix/logging/kibana/CONTRIBUTING.md
similarity index 100%
rename from modules/utilities/unix/logging/kibana/CONTRIBUTING.md
rename to modules/services/unix/logging/kibana/CONTRIBUTING.md
diff --git a/modules/utilities/unix/logging/kibana/CONTRIBUTORS b/modules/services/unix/logging/kibana/CONTRIBUTORS
similarity index 100%
rename from modules/utilities/unix/logging/kibana/CONTRIBUTORS
rename to modules/services/unix/logging/kibana/CONTRIBUTORS
diff --git a/modules/utilities/unix/logging/kibana/Gemfile b/modules/services/unix/logging/kibana/Gemfile
similarity index 100%
rename from modules/utilities/unix/logging/kibana/Gemfile
rename to modules/services/unix/logging/kibana/Gemfile
diff --git a/modules/utilities/unix/logging/kibana/LICENSE b/modules/services/unix/logging/kibana/LICENSE
similarity index 100%
rename from modules/utilities/unix/logging/kibana/LICENSE
rename to modules/services/unix/logging/kibana/LICENSE
diff --git a/modules/utilities/unix/logging/kibana/Makefile b/modules/services/unix/logging/kibana/Makefile
similarity index 100%
rename from modules/utilities/unix/logging/kibana/Makefile
rename to modules/services/unix/logging/kibana/Makefile
diff --git a/modules/utilities/unix/logging/kibana/README.markdown b/modules/services/unix/logging/kibana/README.markdown
similarity index 100%
rename from modules/utilities/unix/logging/kibana/README.markdown
rename to modules/services/unix/logging/kibana/README.markdown
diff --git a/modules/utilities/unix/logging/kibana/Rakefile b/modules/services/unix/logging/kibana/Rakefile
similarity index 100%
rename from modules/utilities/unix/logging/kibana/Rakefile
rename to modules/services/unix/logging/kibana/Rakefile
diff --git a/modules/utilities/unix/logging/kibana/checksums.json b/modules/services/unix/logging/kibana/checksums.json
similarity index 100%
rename from modules/utilities/unix/logging/kibana/checksums.json
rename to modules/services/unix/logging/kibana/checksums.json
diff --git a/modules/utilities/unix/logging/kibana/data/common.yaml b/modules/services/unix/logging/kibana/data/common.yaml
similarity index 100%
rename from modules/utilities/unix/logging/kibana/data/common.yaml
rename to modules/services/unix/logging/kibana/data/common.yaml
diff --git a/modules/utilities/unix/logging/kibana/hiera.yaml b/modules/services/unix/logging/kibana/hiera.yaml
similarity index 100%
rename from modules/utilities/unix/logging/kibana/hiera.yaml
rename to modules/services/unix/logging/kibana/hiera.yaml
diff --git a/modules/services/unix/logging/kibana/kibana.pp b/modules/services/unix/logging/kibana/kibana.pp
new file mode 100644
index 000000000..5e48853d4
--- /dev/null
+++ b/modules/services/unix/logging/kibana/kibana.pp
@@ -0,0 +1,17 @@
+unless defined('analysis_alert_action_server') {
+
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $kibana_ip = $secgen_parameters['kibana_ip'][0]
+ $kibana_port = 0 + $secgen_parameters['kibana_port'][0]
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+
+ class { 'kibana':
+ ensure => '6.3.1',
+ config => {
+ 'server.host' => $kibana_ip,
+ 'elasticsearch.url' => "http://$elasticsearch_ip:$elasticsearch_port",
+ 'server.port' => $kibana_port,
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb b/modules/services/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb
similarity index 100%
rename from modules/utilities/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb
rename to modules/services/unix/logging/kibana/lib/puppet/provider/elastic_kibana.rb
diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb b/modules/services/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb
similarity index 100%
rename from modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb
rename to modules/services/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana.rb
diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb b/modules/services/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb
similarity index 100%
rename from modules/utilities/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb
rename to modules/services/unix/logging/kibana/lib/puppet/provider/kibana_plugin/kibana_plugin.rb
diff --git a/modules/utilities/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb b/modules/services/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb
similarity index 100%
rename from modules/utilities/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb
rename to modules/services/unix/logging/kibana/lib/puppet/type/kibana_plugin.rb
diff --git a/modules/utilities/unix/logging/kibana/lib/puppet_x/elastic/hash.rb b/modules/services/unix/logging/kibana/lib/puppet_x/elastic/hash.rb
similarity index 100%
rename from modules/utilities/unix/logging/kibana/lib/puppet_x/elastic/hash.rb
rename to modules/services/unix/logging/kibana/lib/puppet_x/elastic/hash.rb
diff --git a/modules/utilities/unix/logging/kibana/manifests/config.pp b/modules/services/unix/logging/kibana/manifests/config.pp
similarity index 100%
rename from modules/utilities/unix/logging/kibana/manifests/config.pp
rename to modules/services/unix/logging/kibana/manifests/config.pp
diff --git a/modules/utilities/unix/logging/kibana/manifests/init.pp b/modules/services/unix/logging/kibana/manifests/init.pp
similarity index 100%
rename from modules/utilities/unix/logging/kibana/manifests/init.pp
rename to modules/services/unix/logging/kibana/manifests/init.pp
diff --git a/modules/utilities/unix/logging/kibana/manifests/install.pp b/modules/services/unix/logging/kibana/manifests/install.pp
similarity index 100%
rename from modules/utilities/unix/logging/kibana/manifests/install.pp
rename to modules/services/unix/logging/kibana/manifests/install.pp
diff --git a/modules/utilities/unix/logging/kibana/manifests/service.pp b/modules/services/unix/logging/kibana/manifests/service.pp
similarity index 100%
rename from modules/utilities/unix/logging/kibana/manifests/service.pp
rename to modules/services/unix/logging/kibana/manifests/service.pp
diff --git a/modules/utilities/unix/logging/kibana/metadata.json b/modules/services/unix/logging/kibana/metadata.json
similarity index 100%
rename from modules/utilities/unix/logging/kibana/metadata.json
rename to modules/services/unix/logging/kibana/metadata.json
diff --git a/modules/services/unix/logging/kibana/secgen_metadata.xml b/modules/services/unix/logging/kibana/secgen_metadata.xml
new file mode 100644
index 000000000..cf438ef14
--- /dev/null
+++ b/modules/services/unix/logging/kibana/secgen_metadata.xml
@@ -0,0 +1,40 @@
+
+
+
+ Kibana
+ Thomas Shaw
+ Elastic
+ Apache v2
+ TODO
+
+ log_tool
+ linux
+
+ kibana_ip
+ kibana_port
+ elasticsearch_ip
+ elasticsearch_port
+
+
+ localhost
+
+
+
+ 5601
+
+
+
+ localhost
+
+
+
+ 9200
+
+
+
+ update
+
+
+
diff --git a/modules/utilities/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb b/modules/services/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb
similarity index 100%
rename from modules/utilities/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb
rename to modules/services/unix/logging/kibana/templates/etc/kibana/kibana.yml.erb
diff --git a/modules/utilities/unix/logging/kibana/tests/init.pp b/modules/services/unix/logging/kibana/tests/init.pp
similarity index 100%
rename from modules/utilities/unix/logging/kibana/tests/init.pp
rename to modules/services/unix/logging/kibana/tests/init.pp
diff --git a/modules/utilities/unix/logging/kibana/types/status.pp b/modules/services/unix/logging/kibana/types/status.pp
similarity index 100%
rename from modules/utilities/unix/logging/kibana/types/status.pp
rename to modules/services/unix/logging/kibana/types/status.pp
diff --git a/modules/utilities/unix/logging/logstash/CHANGELOG b/modules/services/unix/logging/logstash/CHANGELOG
similarity index 100%
rename from modules/utilities/unix/logging/logstash/CHANGELOG
rename to modules/services/unix/logging/logstash/CHANGELOG
diff --git a/modules/utilities/unix/logging/logstash/CONTRIBUTING.md b/modules/services/unix/logging/logstash/CONTRIBUTING.md
similarity index 100%
rename from modules/utilities/unix/logging/logstash/CONTRIBUTING.md
rename to modules/services/unix/logging/logstash/CONTRIBUTING.md
diff --git a/modules/utilities/unix/logging/logstash/CONTRIBUTORS b/modules/services/unix/logging/logstash/CONTRIBUTORS
similarity index 100%
rename from modules/utilities/unix/logging/logstash/CONTRIBUTORS
rename to modules/services/unix/logging/logstash/CONTRIBUTORS
diff --git a/modules/utilities/unix/logging/logstash/LICENSE b/modules/services/unix/logging/logstash/LICENSE
similarity index 100%
rename from modules/utilities/unix/logging/logstash/LICENSE
rename to modules/services/unix/logging/logstash/LICENSE
diff --git a/modules/utilities/unix/logging/logstash/Makefile b/modules/services/unix/logging/logstash/Makefile
similarity index 100%
rename from modules/utilities/unix/logging/logstash/Makefile
rename to modules/services/unix/logging/logstash/Makefile
diff --git a/modules/utilities/unix/logging/logstash/README.md b/modules/services/unix/logging/logstash/README.md
similarity index 100%
rename from modules/utilities/unix/logging/logstash/README.md
rename to modules/services/unix/logging/logstash/README.md
diff --git a/modules/utilities/unix/logging/logstash/Vagrantfile b/modules/services/unix/logging/logstash/Vagrantfile
similarity index 100%
rename from modules/utilities/unix/logging/logstash/Vagrantfile
rename to modules/services/unix/logging/logstash/Vagrantfile
diff --git a/modules/utilities/unix/logging/logstash/Vagrantfile.d/manifests/site.pp b/modules/services/unix/logging/logstash/Vagrantfile.d/manifests/site.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/Vagrantfile.d/manifests/site.pp
rename to modules/services/unix/logging/logstash/Vagrantfile.d/manifests/site.pp
diff --git a/modules/utilities/unix/logging/logstash/Vagrantfile.d/server.sh b/modules/services/unix/logging/logstash/Vagrantfile.d/server.sh
similarity index 100%
rename from modules/utilities/unix/logging/logstash/Vagrantfile.d/server.sh
rename to modules/services/unix/logging/logstash/Vagrantfile.d/server.sh
diff --git a/modules/utilities/unix/logging/logstash/checksums.json b/modules/services/unix/logging/logstash/checksums.json
similarity index 100%
rename from modules/utilities/unix/logging/logstash/checksums.json
rename to modules/services/unix/logging/logstash/checksums.json
diff --git a/modules/utilities/unix/logging/logstash/doc/_index.html b/modules/services/unix/logging/logstash/doc/_index.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/_index.html
rename to modules/services/unix/logging/logstash/doc/_index.html
diff --git a/modules/utilities/unix/logging/logstash/doc/css/common.css b/modules/services/unix/logging/logstash/doc/css/common.css
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/css/common.css
rename to modules/services/unix/logging/logstash/doc/css/common.css
diff --git a/modules/utilities/unix/logging/logstash/doc/css/full_list.css b/modules/services/unix/logging/logstash/doc/css/full_list.css
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/css/full_list.css
rename to modules/services/unix/logging/logstash/doc/css/full_list.css
diff --git a/modules/utilities/unix/logging/logstash/doc/css/style.css b/modules/services/unix/logging/logstash/doc/css/style.css
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/css/style.css
rename to modules/services/unix/logging/logstash/doc/css/style.css
diff --git a/modules/utilities/unix/logging/logstash/doc/file.README.html b/modules/services/unix/logging/logstash/doc/file.README.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/file.README.html
rename to modules/services/unix/logging/logstash/doc/file.README.html
diff --git a/modules/utilities/unix/logging/logstash/doc/frames.html b/modules/services/unix/logging/logstash/doc/frames.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/frames.html
rename to modules/services/unix/logging/logstash/doc/frames.html
diff --git a/modules/utilities/unix/logging/logstash/doc/index.html b/modules/services/unix/logging/logstash/doc/index.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/index.html
rename to modules/services/unix/logging/logstash/doc/index.html
diff --git a/modules/utilities/unix/logging/logstash/doc/js/app.js b/modules/services/unix/logging/logstash/doc/js/app.js
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/js/app.js
rename to modules/services/unix/logging/logstash/doc/js/app.js
diff --git a/modules/utilities/unix/logging/logstash/doc/js/full_list.js b/modules/services/unix/logging/logstash/doc/js/full_list.js
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/js/full_list.js
rename to modules/services/unix/logging/logstash/doc/js/full_list.js
diff --git a/modules/utilities/unix/logging/logstash/doc/js/jquery.js b/modules/services/unix/logging/logstash/doc/js/jquery.js
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/js/jquery.js
rename to modules/services/unix/logging/logstash/doc/js/jquery.js
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_class_list.html b/modules/services/unix/logging/logstash/doc/puppet_class_list.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_class_list.html
rename to modules/services/unix/logging/logstash/doc/puppet_class_list.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash.html b/modules/services/unix/logging/logstash/doc/puppet_classes/logstash.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash.html
rename to modules/services/unix/logging/logstash/doc/puppet_classes/logstash.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html b/modules/services/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html
rename to modules/services/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aconfig.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html b/modules/services/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html
rename to modules/services/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Apackage.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html b/modules/services/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html
rename to modules/services/unix/logging/logstash/doc/puppet_classes/logstash_3A_3Aservice.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_type_list.html b/modules/services/unix/logging/logstash/doc/puppet_defined_type_list.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_defined_type_list.html
rename to modules/services/unix/logging/logstash/doc/puppet_defined_type_list.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html b/modules/services/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html
rename to modules/services/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aconfigfile.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html b/modules/services/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html
rename to modules/services/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Apatternfile.html
diff --git a/modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html b/modules/services/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html
rename to modules/services/unix/logging/logstash/doc/puppet_defined_types/logstash_3A_3Aplugin.html
diff --git a/modules/utilities/unix/logging/logstash/doc/top-level-namespace.html b/modules/services/unix/logging/logstash/doc/top-level-namespace.html
similarity index 100%
rename from modules/utilities/unix/logging/logstash/doc/top-level-namespace.html
rename to modules/services/unix/logging/logstash/doc/top-level-namespace.html
diff --git a/modules/services/unix/logging/logstash/files/.gitignore b/modules/services/unix/logging/logstash/files/.gitignore
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/services/unix/logging/logstash/files/combined_path.rb b/modules/services/unix/logging/logstash/files/combined_path.rb
new file mode 100644
index 000000000..5fa5c1c65
--- /dev/null
+++ b/modules/services/unix/logging/logstash/files/combined_path.rb
@@ -0,0 +1,35 @@
+def remove_duplicates(path) # could this be a problem with things like remote file systems? we'll see...
+ simple_path = path
+ if path.include?('//')
+ second_segment = path.split('//')[1]
+ simple_path = "/" + second_segment
+ end
+ simple_path
+end
+
+def remove_relative(path)
+ split_path = path.split('/')
+ while split_path.include? '..'
+ dotdot_index = split_path.index('..')
+ split_path.delete_at(dotdot_index-1) # remove the parent directory
+ split_path.delete_at(dotdot_index-1) # remove the '..'
+ end
+ split_path.join('/')
+end
+
+def register(params)
+ # do nothing, no logstash params
+end
+
+# the filter method receives an event and must return a list of events.
+def filter(event)
+ proc_cwd = event.get("[process][cwd]")
+ file_path = event.get("[file][path]")
+ if proc_cwd != nil and file_path != nil and proc_cwd != '' and file_path != ''
+ combined_path = proc_cwd + "/" + file_path
+ combined_path = remove_duplicates(combined_path)
+ combined_path = remove_relative(combined_path)
+ event.set("combined_path", combined_path)
+ end
+ [event]
+end
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/logstash/files/grok-pattern-0 b/modules/services/unix/logging/logstash/files/grok-pattern-0
similarity index 100%
rename from modules/utilities/unix/logging/logstash/files/grok-pattern-0
rename to modules/services/unix/logging/logstash/files/grok-pattern-0
diff --git a/modules/utilities/unix/logging/logstash/files/grok-pattern-1 b/modules/services/unix/logging/logstash/files/grok-pattern-1
similarity index 100%
rename from modules/utilities/unix/logging/logstash/files/grok-pattern-1
rename to modules/services/unix/logging/logstash/files/grok-pattern-1
diff --git a/modules/utilities/unix/logging/logstash/files/logstash-output-cowsay-5.0.0.zip b/modules/services/unix/logging/logstash/files/logstash-output-cowsay-5.0.0.zip
similarity index 100%
rename from modules/utilities/unix/logging/logstash/files/logstash-output-cowsay-5.0.0.zip
rename to modules/services/unix/logging/logstash/files/logstash-output-cowsay-5.0.0.zip
diff --git a/modules/utilities/unix/logging/logstash/files/null-output.conf b/modules/services/unix/logging/logstash/files/null-output.conf
similarity index 100%
rename from modules/utilities/unix/logging/logstash/files/null-output.conf
rename to modules/services/unix/logging/logstash/files/null-output.conf
diff --git a/modules/services/unix/logging/logstash/logstash.pp b/modules/services/unix/logging/logstash/logstash.pp
new file mode 100644
index 000000000..14fe150ae
--- /dev/null
+++ b/modules/services/unix/logging/logstash/logstash.pp
@@ -0,0 +1,15 @@
+unless defined('analysis_alert_action_server') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $logstash_port = 0 + $secgen_parameters['logstash_port'][0]
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+
+ class { 'logstash':
+ settings => {
+ 'http.host' => $elasticsearch_ip,
+ }
+ }
+ logstash::configfile { 'my_ls_config':
+ content => template('logstash/configfile-template.erb'),
+ }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/logstash/manifests/config.pp b/modules/services/unix/logging/logstash/manifests/config.pp
similarity index 89%
rename from modules/utilities/unix/logging/logstash/manifests/config.pp
rename to modules/services/unix/logging/logstash/manifests/config.pp
index 606e021a1..ddeebba10 100644
--- a/modules/utilities/unix/logging/logstash/manifests/config.pp
+++ b/modules/services/unix/logging/logstash/manifests/config.pp
@@ -47,4 +47,10 @@ class logstash::config {
force => true,
}
}
+
+ file { '/etc/logstash/combined_path.rb':
+ ensure => file,
+ source => 'puppet:///modules/logstash/combined_path.rb',
+ require => File[$logstash::config_dir],
+ }
}
diff --git a/modules/utilities/unix/logging/logstash/manifests/configfile.pp b/modules/services/unix/logging/logstash/manifests/configfile.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/manifests/configfile.pp
rename to modules/services/unix/logging/logstash/manifests/configfile.pp
diff --git a/modules/utilities/unix/logging/logstash/manifests/init.pp b/modules/services/unix/logging/logstash/manifests/init.pp
similarity index 98%
rename from modules/utilities/unix/logging/logstash/manifests/init.pp
rename to modules/services/unix/logging/logstash/manifests/init.pp
index c63a60685..09166c443 100644
--- a/modules/utilities/unix/logging/logstash/manifests/init.pp
+++ b/modules/services/unix/logging/logstash/manifests/init.pp
@@ -140,7 +140,7 @@ class logstash(
Boolean $restart_on_change = true,
Boolean $auto_upgrade = false,
$version = undef,
- $package_url = undef,
+ $package_url = 'https://artifacts.elastic.co/downloads/logstash/logstash-6.3.1.deb',
$package_name = 'logstash',
Integer $download_timeout = 600,
$logstash_user = 'logstash',
diff --git a/modules/utilities/unix/logging/logstash/manifests/package.pp b/modules/services/unix/logging/logstash/manifests/package.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/manifests/package.pp
rename to modules/services/unix/logging/logstash/manifests/package.pp
diff --git a/modules/utilities/unix/logging/logstash/manifests/package/install.pp b/modules/services/unix/logging/logstash/manifests/package/install.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/manifests/package/install.pp
rename to modules/services/unix/logging/logstash/manifests/package/install.pp
diff --git a/modules/utilities/unix/logging/logstash/manifests/patternfile.pp b/modules/services/unix/logging/logstash/manifests/patternfile.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/manifests/patternfile.pp
rename to modules/services/unix/logging/logstash/manifests/patternfile.pp
diff --git a/modules/utilities/unix/logging/logstash/manifests/plugin.pp b/modules/services/unix/logging/logstash/manifests/plugin.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/manifests/plugin.pp
rename to modules/services/unix/logging/logstash/manifests/plugin.pp
diff --git a/modules/utilities/unix/logging/logstash/manifests/service.pp b/modules/services/unix/logging/logstash/manifests/service.pp
similarity index 100%
rename from modules/utilities/unix/logging/logstash/manifests/service.pp
rename to modules/services/unix/logging/logstash/manifests/service.pp
diff --git a/modules/services/unix/logging/logstash/manifests/setup.pp b/modules/services/unix/logging/logstash/manifests/setup.pp
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/logging/logstash/metadata.json b/modules/services/unix/logging/logstash/metadata.json
similarity index 100%
rename from modules/utilities/unix/logging/logstash/metadata.json
rename to modules/services/unix/logging/logstash/metadata.json
diff --git a/modules/services/unix/logging/logstash/secgen_metadata.xml b/modules/services/unix/logging/logstash/secgen_metadata.xml
new file mode 100644
index 000000000..e5169dc0c
--- /dev/null
+++ b/modules/services/unix/logging/logstash/secgen_metadata.xml
@@ -0,0 +1,35 @@
+
+
+
+ Logstash
+ Thomas Shaw
+ Elastic
+ Apache v2
+ TODO
+
+ log_tool
+ linux
+
+ logstash_port
+ elasticsearch_ip
+ elasticsearch_port
+
+
+ 5044
+
+
+
+ localhost
+
+
+
+ 9200
+
+
+
+ update
+
+
+
diff --git a/modules/utilities/unix/logging/logstash/templates/configfile-template.erb b/modules/services/unix/logging/logstash/templates/configfile-template.erb
similarity index 57%
rename from modules/utilities/unix/logging/logstash/templates/configfile-template.erb
rename to modules/services/unix/logging/logstash/templates/configfile-template.erb
index df430a635..174d9ee67 100644
--- a/modules/utilities/unix/logging/logstash/templates/configfile-template.erb
+++ b/modules/services/unix/logging/logstash/templates/configfile-template.erb
@@ -3,6 +3,13 @@ input {
port => <%= @logstash_port-%>
}
}
+
+filter {
+ ruby {
+ path => "/etc/logstash/combined_path.rb"
+ }
+}
+
output {
elasticsearch {
hosts => "<%= @elasticsearch_ip-%>:<%= @elasticsearch_port-%>"
@@ -10,5 +17,9 @@ output {
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
+ # Write to file as well as pushing to elasticsearch for testing, can be removed eventually...
+ file {
+ path => "/usr/share/logstash/logstash.log"
+ }
stdout { codec => rubydebug }
}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/logstash/templates/jvm.options.erb b/modules/services/unix/logging/logstash/templates/jvm.options.erb
similarity index 100%
rename from modules/utilities/unix/logging/logstash/templates/jvm.options.erb
rename to modules/services/unix/logging/logstash/templates/jvm.options.erb
diff --git a/modules/utilities/unix/logging/logstash/templates/logstash.yml.erb b/modules/services/unix/logging/logstash/templates/logstash.yml.erb
similarity index 100%
rename from modules/utilities/unix/logging/logstash/templates/logstash.yml.erb
rename to modules/services/unix/logging/logstash/templates/logstash.yml.erb
diff --git a/modules/utilities/unix/logging/logstash/templates/pipelines.yml.erb b/modules/services/unix/logging/logstash/templates/pipelines.yml.erb
similarity index 100%
rename from modules/utilities/unix/logging/logstash/templates/pipelines.yml.erb
rename to modules/services/unix/logging/logstash/templates/pipelines.yml.erb
diff --git a/modules/utilities/unix/logging/logstash/templates/startup.options.erb b/modules/services/unix/logging/logstash/templates/startup.options.erb
similarity index 100%
rename from modules/utilities/unix/logging/logstash/templates/startup.options.erb
rename to modules/services/unix/logging/logstash/templates/startup.options.erb
diff --git a/modules/services/unix/logging/wazuh/.gitattributes b/modules/services/unix/logging/wazuh/.gitattributes
new file mode 100644
index 000000000..9032a014a
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/.gitattributes
@@ -0,0 +1,5 @@
+*.rb eol=lf
+*.erb eol=lf
+*.pp eol=lf
+*.sh eol=lf
+*.epp eol=lf
diff --git a/modules/services/unix/logging/wazuh/.gitignore b/modules/services/unix/logging/wazuh/.gitignore
new file mode 100644
index 000000000..1c34e1e35
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/.gitignore
@@ -0,0 +1,41 @@
+.git/
+.*.sw[op]
+.metadata
+.yardoc
+.yardwarns
+*.iml
+/.bundle/
+/.idea/
+/.vagrant/
+/coverage/
+/bin/
+/doc/
+/Gemfile.local
+/Gemfile.lock
+/junit/
+/log/
+/pkg/
+/spec/fixtures/manifests/
+/spec/fixtures/modules/
+/tmp/
+/vendor/
+/convert_report.txt
+/update_report.txt
+.DS_Store
+.project
+.envrc
+/inventory.yaml
+./kitchen/modules/.kitchen/logs/
+*.lock
+kitchen/.tmp/
+kitchen/.kitchen/
+kitchen/venv
+kitchen/*.xml
+kitchen/test/Dockerfile
+*.log
+*.pyc
+kitchen/.tmp/
+kitchen/.librarian/
+kitchen/.pytest_cache/
+kitchen/.*
+kitchen/modules/
diff --git a/modules/services/unix/logging/wazuh/.travis.yml b/modules/services/unix/logging/wazuh/.travis.yml
new file mode 100644
index 000000000..074a10fec
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/.travis.yml
@@ -0,0 +1,54 @@
+---
+dist: trusty
+language: ruby
+cache: bundler
+before_install:
+ - bundle -v
+ - rm -f Gemfile.lock
+ - gem update --system $RUBYGEMS_VERSION
+ - gem --version
+ - bundle -v
+script:
+ - 'bundle exec rake $CHECK'
+bundler_args: --without system_tests
+rvm:
+ - 2.5.3
+stages:
+ - static
+ - spec
+ - acceptance
+ -
+ if: tag =~ ^v\d
+ name: deploy
+matrix:
+ fast_finish: true
+ include:
+ -
+ env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint"
+ stage: static
+ -
+ env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec
+ rvm: 2.4.5
+ stage: spec
+ -
+ env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec
+ rvm: 2.5.3
+ stage: spec
+ -
+ env: DEPLOY_TO_FORGE=yes
+ stage: deploy
+branches:
+ only:
+ - master
+ - /^v\d/
+notifications:
+ email: false
+deploy:
+ provider: puppetforge
+ user: puppet
+ password:
+ secure: ""
+ on:
+ tags: true
+ all_branches: true
+ condition: "$DEPLOY_TO_FORGE = yes"
diff --git a/modules/services/unix/logging/wazuh/CHANGELOG.md b/modules/services/unix/logging/wazuh/CHANGELOG.md
new file mode 100644
index 000000000..d77f5b910
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/CHANGELOG.md
@@ -0,0 +1,434 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+
+## Wazuh Puppet v3.10.2_7.3.2
+
+### Added
+
+- Update to Wazuh version 3.10.2_7.3.2
+
+## Wazuh Puppet v3.10.0_7.3.2
+
+### Added
+
+- Update to Wazuh version 3.10.0_7.3.2
+- Change Wazuh Filebeat Module to production. ([@jm404](https://github.com/jm404)) [#1bc6b792af68ff26fc0dfc9125e5d33f7831b32e](https://github.com/wazuh/wazuh-puppet/commit/1bc6b792af68ff26fc0dfc9125e5d33f7831b32e)
+
+## Fixed
+- Fixes for Ossec email notifications' config ([rshad](https://github.com/rshad)) [PR#150](https://github.com/wazuh/wazuh-puppet/pull/150)
+
+## Wazuh Puppet v3.9.5_7.2.1
+
+### Added
+
+- Update to Wazuh version 3.9.5_7.2.1
+
+## Fixed
+
+- Fixed linting problems ([@jm404](https://github.com/jm404)) [#ca923c7](https://github.com/wazuh/wazuh-puppet/commit/ca923c71a8f13c75d1f8a0a4807dda6f3ba114a6)
+
+
+
+## Wazuh Puppet v3.9.4_7.2.0
+
+### Added
+
+- Update to Wazuh version 3.9.4_7.2.0
+
+- Added Filebeat module and adapted Elasticsearch IP ([rshad](https://github.com/rshad)) [PR#144](https://github.com/wazuh/wazuh-puppet/pull/144)
+
+- Added Kitchen testing for Wazuh deployment with Puppet. ([rshad](https://github.com/rshad)) [PR#139](https://github.com/wazuh/wazuh-puppet/pull/139)
+
+- Added Ubuntu as a recognized operating system to Puppet manifests. ([rshad](https://github.com/rshad)) [PR#141](https://github.com/wazuh/wazuh-puppet/pull/141)
+
+- Wazuh Agent is now able to register and report to different IPs. ([@jm404](https://github.com/jm404)) [PR#136](https://github.com/wazuh/wazuh-puppet/pull/136)
+
+### Fixed
+
+- Fixed integration when group is not specified. ([TheoPoc](https://github.com/TheoPoc)) [PR#142](https://github.com/wazuh/wazuh-puppet/pull/142)
+
+### Changed
+
+- Moved command and email_alert templates to templates/fragments. ([rshad](https://github.com/rshad)) [PR#143](https://github.com/wazuh/wazuh-puppet/pull/143)
+
+
+## Wazuh Puppet v3.9.3_7.2.0
+
+### Added
+
+- Update to Wazuh version 3.9.3_7.2.0
+
+## Wazuh Puppet v3.9.2_7.1.1
+
+### Added
+
+- Update to Wazuh version 3.9.2_7.1.1
+
+## Wazuh Puppet v3.9.1_7.1.0
+
+### Added
+
+- Created required files for Filebeat installation. ([@jm404](https://github.com/jm404)) [#f36be695](https://github.com/wazuh/wazuh-puppet/commit/f36be69558f012a75717150bd6a48f9b9a45b3c8)
+
+- Created required files for Elasticsearch installation. ([@jm404](https://github.com/jm404)) [#890fb88](https://github.com/wazuh/wazuh-puppet/commit/890fb88cdb4f18ea67caaf09943792145ac245bd)
+
+- Created required files for Kibana installation. ([@jm404](https://github.com/jm404)) [#ac31a02](https://github.com/wazuh/wazuh-puppet/commit/ac31a02c5a6771e5e480db378934b23e2dc59b03)
+
+- Added configuration variables to make `ossec.conf` more flexible. ([@jm404](https://github.com/jm404)) [#5631753](https://github.com/wazuh/wazuh-puppet/commit/5631753cf4c3967d7fc08fc53d2535d78d4e19b7)
+
+- Now it's possible to install an agent without registering it. ([@jm404](https://github.com/jm404)) [#63e1a13](https://github.com/wazuh/wazuh-puppet/commit/63e1a1390edbaef4387c4397c16636514525eeaa)
+- Added support for Amazon-Linux-2. ([@jm404](https://github.com/jm404)) [#823eeec](https://github.com/wazuh/wazuh-puppet/commit/823eeec502c4a100dc6946f25388b9d04833c105)
+
+### Changed
+
+- The `server.pp` manifest has been renamed to `manager.pp`. ([@jm404](https://github.com/jm404)) [#f859f87](https://github.com/wazuh/wazuh-puppet/commit/f859f879e5bd6e83b4adf54ebbe44adfc60c0f03)
+- The `client.pp` manifest moved to `agent.pp`. ([@jm404](https://github.com/jm404)) [#69fe628](https://github.com/wazuh/wazuh-puppet/commit/69fe628bfbfec171fce3754b22f1d04b67d58d81)
+
+## Removed
+
+- Registration method `export` deleted due to security issues. ([@jm404](https://github.com/jm404)) [#f77fe49](https://github.com/wazuh/wazuh-puppet/commit/f77fe496b4e290b0b3a70272c66d26f8ee7d0012)
+- Eliminated `inotify-tools `. ([@jm404](https://github.com/jm404)) [#628db1e](https://github.com/wazuh/wazuh-puppet/commit/628db1e4d5236b195ee1c50945fb6ff7553a5b23)
+- Deleted `_common.erb` fragment in order to give flexibility to Agent and Manager. ([@jm404](https://github.com/jm404)) [#92114ea](https://github.com/wazuh/wazuh-puppet/commit/92114ea205be4fa6783115b01b1148a2a6dc7c2d)
+
+
+## [v3.9.1]
+
+### Added
+
+- Update to Wazuh version 3.9.1_6.8.0
+
+## [v3.9.0]
+
+### Added
+
+- Allow certificates to be defined by file path ([#112](https://github.com/wazuh/wazuh-puppet/pull/112))
+
+### Changed
+
+- Update to Wazuh version 3.9.0 ([#118](https://github.com/wazuh/wazuh-puppet/pull/118))
+
+## [v3.8.2]
+
+### Changed
+
+- Update to Wazuh version 3.8.2. ([#107](https://github.com/wazuh/wazuh-puppet/pull/107))
+
+## [v3.8.1]
+
+### Changed
+- Update to Wazuh version 3.8.1 ([#104](https://github.com/wazuh/wazuh-puppet/pull/104))
+
+## [v3.8.0]
+
+### Added
+- Feature/agent auth cert key ([#98](https://github.com/wazuh/wazuh-puppet/pull/98))
+- Install package even if repos are not managed by wazuh ([#99](https://github.com/wazuh/wazuh-puppet/pull/99))
+
+### Added
+- Updating params.pp and _common.erb so all the options of localfile can be used ([#97](https://github.com/wazuh/wazuh-puppet/pull/97))
+
+## [v3.7.2]
+
+### Added
+- Updating params.pp and _common.erb so all the options of localfile can be used ([#97](https://github.com/wazuh/wazuh-puppet/pull/97))
+
+### Fixed
+
+- Fixing process_list.erb performance ([#94](https://github.com/wazuh/wazuh-puppet/pull/94))
+- Update windows agent version ([#96](https://github.com/wazuh/wazuh-puppet/pull/96))
+
+## [v3.7.1]
+
+### Added
+
+- Add integration support. ([#89](https://github.com/wazuh/wazuh-puppet/pull/89))
+- Add support for who data. ([#84](https://github.com/wazuh/wazuh-puppet/pull/84))
+- Grouping agents. ([#82](https://github.com/wazuh/wazuh-puppet/pull/82))
+
+### Fixed
+
+- Fix firewall module and support excluding decoders and rules. ([#81](https://github.com/wazuh/wazuh-puppet/pull/81))
+
+### Changed
+
+- Updated metadata.json.
+- Changed addlog for command support. ([#90](https://github.com/wazuh/wazuh-puppet/pull/90))
+
+## v3.7.0-3701
+
+### Added
+
+- New repository management and content.
+- Add support for Wazuh 3.x. ([#85](https://github.com/wazuh/wazuh-puppet/pull/85))
+
+### Fixed
+
+- Fix username (puppet to puppetlabs). ([#74](https://github.com/wazuh/wazuh-puppet/pull/74))
+
+## Change Log old version.
+
+
+ ## 2017-xx-xx support@wazuh.com - 2.0.23
+
+ * Fixed issue #18 with the pull request #17. (thanks @lemrouch)
+ * Fixed issue #29 puppetlabs/apt version 4 onwards breaks the installation of wazuh server (thanks @rafaelfc-olx)
+ * Adding support for changing ossec_server_protocol with the pull request #30 (thanks @rafaelfc-olx)
+ * Managing wazuh-api alongside with wazuh-manager with the pull request #31 (thanks @rafaelfc-olx)
+ * Preventing Duplicated declaration issues regarding apt-transport-https package with the pull request #32 (thanks @rafaelfc-olx)
+ * Adding support for changing the client protocol and validating the manager by CA with the pull request #34 (thanks @rafaelfc-olx)
+ * Configuring wazuh-api from puppet with the pull request #35 (thanks @rafaelfc-olx)
+ * Adding notify_time and time-reconnect options to client config with the pull request #36 (thanks @rafaelfc-olx)
+ * New wazuh-winagent-v2.1.1-1.exe added.
+ * Profile name for Centos 7 is not _server, it's _common like RHEL7 with the pull request #38 (thanks @juliovalcarcel)
+ * Verifying if @wodle_openscap_content is defined, fixed #45 and #46
+ * Set the same file permissions than the installed package, fixed #41
+ * Adding the ability to set "type" attribute for "ignore" tag, fixed #19
+ * Adding support to OracleLinux, Fixed #43
+ * Add an option for the agent/manager class to manage the firewall automatically with puppetlabs/firewall
+
+## 2017-05-27 support@wazuh.com - 2.0.22
+
+
+ * Fixed issue #3. (Thanks for reporting it @ddholstad99)
+ * Fixed issue #4. (Thanks for reporting it @elisiano)
+ * Explicitly use the windows package provider pull request #11 (Thanks @damoxc)
+ * Enable fedora 23/24/25 for pull request #9 (Thanks @ddholstad99)
+ * Fix for issue Fix for #6 validate_cmd pull request #12 (Thanks @dakine1111)
+ * Add $wodle_openscap_content parameter to server.pp pull request #12 (Thanks hex2a)
+ * Added some changes in order to do this module compatible. (pull request #5 thanks elisano)
+
+## 2017-04-24 Jose Luis Ruiz - 2.0.21
+
+ * Fix apt deprecation warnings. (thanks @kdole)
+ * Avoid warnings when storeconfigs are not available. (thanks @kdole)
+ * Use default local_files setting. (thanks @kdole)
+ * Making ossec server port configurable. (thanks @edge-records)
+ * Allow custom agent configurations (thanks @ffleming)
+ * Fixed issec #66 (thanks @thedawidbalut)
+ * Adds options to control rootcheck feature. (thanks @netman2k)
+ * Use puppet-selinux instead of jfryman-selinux (thanks @netman2k)
+ * Allow custom ossec.conf in agent and server template (thanks @sam-wouters)
+ * Fixed issue #71. (Thanks for reporting it @sc-chad)
+ * Fixed issue #72. (Thanks for reporting it @sc-chad)
+ * Clean code and added new OpenScap option (thanks @0x2A)
+ * module refactored/adapted for wazuh 2.0 (thanks @0x2A)
+ * New wazuh-agent-2.0.exe for Windows.
+
+## 2016-12-08 Jose Luis Ruiz - 2.0.20
+
+
+ * Fixed typo in the windows package, this type made the deploy fails under windows.
+
+## 2016-12-08 Jose Luis Ruiz - 2.0.19
+
+ * Compat with Older versions facter. (pull request #47 thanks @seefood)
+ * Template paths as parameters. (pull request #48 thanks @seefood )
+ * Client: allow configurable service_has_status, default to params. (pull request #51 thanks @josephholsten )
+ * Added Yakketi to the supported distributions.
+ * Modified activeresponse.erb to include tags (pull request #56 thanks @MatthewRBruce)
+ * Modified client.pp and server.pp to accept package versions as parameter. (pull request #57 thanks @MatthewRBruce)
+
+## 2016-10-20 Jose Luis Ruiz - 2.0.18
+
+
+ * Fixed 10_ossec.conf.erb template, "local_decoder" added to rules configuration
+
+## 2016-10-18 Jose Luis Ruiz - 2.0.17
+
+ * Fixed gpgkey path under CentOS and RHEL
+
+## 2016-10-18 Jose Luis Ruiz - 2.0.16
+
+ * Add local_decoder.xml and local_rules.xml templates
+
+
+## 2016-10-15 Jose Luis Ruiz - 2.0.15
+
+ * Add option to enable syslog output. (pull request #35 thanks @TravellingGUy )
+ * Add Add Amazon Linux support. (pull request #37 thanks @seefood)
+ * Hard-coded GPG key for RHEL-like systems. (pull request #37 thanks @tobowers)
+ * Override package & service name for client installation. (pull request #43 thanks MrSecure)
+
+## 2016-06-14 Jose Luis Ruiz - 2.0.14
+
+ * Add prefilter to agent config. (pull request #32 thanks @cmblong )
+ * Add function addlog to the agent. (issue #30 thanks @paul-cs)
+ * Add the apt::key can set a proxy and the key add process could be done. (issue #34 thanks @drequena)
+
+## 2016-06-14 Jose Luis Ruiz - 2.0.13
+
+ * Adding xenial to the supported distributions.(pull request #31 thanks @stephen-kainos)
+
+## 2016-05-04 Jose Luis Ruiz - 2.0.12
+
+Jose Luis Ruiz :
+
+ * Add MariaDB support ( (pull reques #3 thanks @ialokin)
+ * Permit admin to disable auto_ignore for files which change more than three times. (pull request #24 thanks @cmblong)
+ * Change fqdn_rand(3000) to a variable to allow us to increase the number of available clients. (pull request #25 thanks @cmblong)
+ * Can now set a minimal activeresponse entry containing just repeated_offenders by defining $ar_repeated_offenders in the wazuh::client. (pull request #26 thanks @ialokin)
+ * Add variable to enable prefilter command. (pull request #27 thanks @cmblong)
+ * Set service provider to redhat on Redhat systems. (pull request #28 thanks @cmblong))
+
+## 2016-05-04 Jose Luis Ruiz - 2.0.11
+
+Jose Luis Ruiz :
+
+ * Fix windows installation error in params. (pull request #20 thanks @cmblong)
+ * Added support for repeated_offenders in activeresponse (pull request #21 thanks @ialokin)
+
+## 2016-04-26 Jose Luis Ruiz - 2.0.10
+
+Jose Luis Ruiz :
+
+ * Extra rules config to integrate Wazuh ruleset. (pull request #17 thanks @TravellingGUy)
+ * Allow configuration of the email_maxperhour and email_idsname configuration items. (pull request #18 thanks @TravellingGUy)
+ * Fix bug in client exported resources (pull request #19 thanks @scottcunningham)
+
+## 2016-02-23 Jose Luis Ruiz - 2.0.9
+
+Jose Luis Ruiz :
+
+ * Allow the agent identity to be modified. (pull request #10 thanks @damoxc)
+ * prevent the agent-auth command being used. (pull request #11 thanks @damoxc)
+ * Change log directory to only be readable by user and group. (pull request #12 thanks @damoxc)
+ * Add the ability to configure a MySQL database with OSSEC server. (pull request #14 thanks @coreone)
+
+## 2016-02-05 Jose Luis Ruiz - 2.0.8
+
+Jose Luis Ruiz :
+
+ * Fix some typos with puppet-lint.
+
+## 2016-02-05 Jose Luis Ruiz - 2.0.7
+
+Jose Luis Ruiz :
+
+ * Run agent-auth if client.keys doesn't exist an agent. (pull request #9 thanks @TravellingGuy)
+
+## 2016-02-03 Jose Luis Ruiz - 2.0.6
+
+Jose Luis Ruiz :
+
+ * Add ability to manage epel repo to master/client configs (pull request #4 thanks @justicel)
+ * The @path uses the puppet level path variable (pull request #5 thanks @justicel)
+ * Allow whitelisting of IP addreses (thanks @chaordix)
+ * Provides an option to tell the puppet module to not manage the client.keys file at all. (pull request #7 thanks @TravellingGuy)
+
+## 2016-01-19 Jose Luis Ruiz - 2.0.5
+
+Jose Luis Ruiz :
+
+ * Add multiple email_to addresses
+ * Adding support for server-hostname in agent config (pull request #3 thanks @alustenberg)
+ * Adding ossec_scanpaths configuration thanks to @djjudas21 repository
+
+## 2015-12-21 Jose Luis Ruiz - 2.0.4
+
+Jose Luis Ruiz :
+
+ * Add manage_repo option on client.pp (issue #2 reported by @cudgel)
+ * Add new repo for RHEL5 and CentOS5 have different rpm signature.
+
+## 2015-12-02 Jose Luis Ruiz - 2.0.3
+
+Jose Luis Ruiz :
+
+ * Fix server package name for Ubuntu (thanks to @HielkeJ for Pull request)
+ * Add full fingerprint for Ubuntu and Debian (thanks to @HielkeJ for Pull request)
+
+## 2015-10-13 Jose Luis Ruiz - 2.0.2
+
+Jose Luis Ruiz :
+
+ * Update Windows Agent to version 2.8.3
+ * Update packaget to Ubuntu Vivid and Wily
+ * Update packages to Debian Stretch and Sid
+
+## 2015-10-13 Jose Luis Ruiz - 2.0.1
+
+Jose Luis Ruiz :
+
+ * Update Windows Agent to version 2.8.1
+ * Fix a bug with the Windows Agent ID, now use for all systems **fqdn_rand** to generate the client.keys ID
+
+## 2015-09-16 Jose Luis Ruiz - 2.0.0
+
+Jose Luis Ruiz :
+
+ * Update for all kind of Windows
+ * Change repos to Wazuh, Inc.
+
+## 2015-09-16 Michael Porter - 2.0.0
+
+Michael Porter :
+ * Allow skipping MySQL dependency, disabling active response,
+ and executing rootcheck
+ * Windows agent support
+ * Use Puppet md5 support, instead of adding parser function
+ * Utilize centralized agent configuration
+ * Various clean-up and reorganization of Puppet module structure
+ * Utilize 'hostname' instead of 'uniqueid' for agent ID, due to uniqueid
+ not existing on Windows, and not necessarily being unique across the org
+ on Linux
+
+## 2015-08-21 Jonathan Gazeley - 1.7.2
+
+ Jonathan Gazeley :
+ * SELinux permissions fix
+
+## 2015-08-07 Jonathan Gazeley - 1.7.0
+
+ Jonathan Gazeley :
+ * Use puppetlabs/mysql to manage MySQL client
+
+## 2015-08-03 Jonathan Gazeley - 1.6.2
+
+ Jonathan Gazeley :
+ * Fix log directory permissions
+
+## 2015-07-20 Jonathan Gazeley - 1.6.0
+
+ Jonathan Gazeley :
+ * Enable SELinux support
+
+## 2015-07-06 Jonathan Gazeley - 1.5.4
+
+ Jonathan Gazeley :
+ * Fix regression in log file permissions (thanks to @paulseward)
+
+## 2015-06-30 Jonathan Gazeley - 1.5.3
+
+ Jonathan Gazeley :
+ * Fix permissions on log files so logwatch on EL7 doesn't complain
+ * Key concat::fragment for agentkeys on $agent_name to avoid duplicated resources
+
+## 2015-06-11 Jonathan Gazeley - 1.5.1
+
+ Jonathan Gazeley :
+ * Stop using andyshinn/atomic and configure Atomicorp's OSSEC repo locally
+
+## 2015-06-10 Jonathan Gazeley - 1.4.2
+
+ Jonathan Gazeley :
+ * Fix regression that breaks behaviour on CentOS 6 and lower
+
+## 2015-05-28 Jonathan Gazeley - 1.4.1
+
+ Jonathan Gazeley :
+ * Email notification is no longer hard-coded in ossec.conf (thanks to @earsdown)
+
+## 2015-03-02 Jonathan Gazeley - 1.4.0
+
+ Jonathan Gazeley :
+ * Fix dependency problem by providing EPEL on RHEL (thanks to @otteydw for reporting)
+
+## 2015-01-16 Jonathan Gazeley - 1.3.3
+
+ Jonathan Gazeley :
+ * Fix compatibility issue with PuppetServer (thanks to @d9705996)
+
+## 2014-11-28 Jonathan Gazeley - 1.3.0
+
+ Jonathan Gazeley :
+ * Add support for Debian "Jessie" (thanks to @ivan7farre)
diff --git a/modules/services/unix/logging/wazuh/Gemfile b/modules/services/unix/logging/wazuh/Gemfile
new file mode 100644
index 000000000..cf2c38748
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/Gemfile
@@ -0,0 +1,71 @@
+source ENV['GEM_SOURCE'] || 'https://rubygems.org'
+
+def location_for(place_or_version, fake_version = nil)
+ git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?}
+ file_url_regex = %r{\Afile:\/\/(?.*)}
+
+ if place_or_version && (git_url = place_or_version.match(git_url_regex))
+ [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact
+ elsif place_or_version && (file_url = place_or_version.match(file_url_regex))
+ ['>= 0', { path: File.expand_path(file_url[:path]), require: false }]
+ else
+ [place_or_version, { require: false }]
+ end
+end
+
+ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
+minor_version = ruby_version_segments[0..1].join('.')
+
+group :development do
+ gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
+ gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
+ gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
+ gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
+ gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby]
+ gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby]
+ gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
+ gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
+end
+
+puppet_version = ENV['PUPPET_GEM_VERSION']
+facter_version = ENV['FACTER_GEM_VERSION']
+hiera_version = ENV['HIERA_GEM_VERSION']
+
+gems = {}
+
+gems['puppet'] = location_for(puppet_version)
+
+# If facter or hiera versions have been specified via the environment
+# variables
+
+gems['facter'] = location_for(facter_version) if facter_version
+gems['hiera'] = location_for(hiera_version) if hiera_version
+
+if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)}
+ # If we're using a Puppet gem on Windows which handles its own win32-xxx gem
+ # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445).
+ gems['win32-dir'] = ['<= 0.4.9', require: false]
+ gems['win32-eventlog'] = ['<= 0.6.5', require: false]
+ gems['win32-process'] = ['<= 0.7.5', require: false]
+ gems['win32-security'] = ['<= 0.2.5', require: false]
+ gems['win32-service'] = ['0.8.8', require: false]
+end
+
+gems.each do |gem_name, gem_params|
+ gem gem_name, *gem_params
+end
+
+# Evaluate Gemfile.local and ~/.gemfile if they exist
+extra_gemfiles = [
+ "#{__FILE__}.local",
+ File.join(Dir.home, '.gemfile'),
+]
+
+extra_gemfiles.each do |gemfile|
+ if File.file?(gemfile) && File.readable?(gemfile)
+ eval(File.read(gemfile), binding)
+ end
+end
+# vim: syntax=ruby
diff --git a/modules/services/unix/logging/wazuh/LICENSE.txt b/modules/services/unix/logging/wazuh/LICENSE.txt
new file mode 100644
index 000000000..d159169d1
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/LICENSE.txt
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ , 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/modules/services/unix/logging/wazuh/README.md b/modules/services/unix/logging/wazuh/README.md
new file mode 100644
index 000000000..56c75209b
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/README.md
@@ -0,0 +1,118 @@
+# Wazuh Puppet module
+
+[](https://wazuh.com/community/join-us-on-slack/)
+[](https://groups.google.com/forum/#!forum/wazuh)
+[](https://documentation.wazuh.com)
+[](https://wazuh.com)
+
+This module installs and configure Wazuh agent and manager.
+
+## Documentation
+
+* [Full documentation](http://documentation.wazuh.com)
+* [Wazuh Puppet module documentation](https://documentation.wazuh.com/current/deploying-with-puppet/index.html)
+* [Puppet Forge](https://forge.puppetlabs.com/wazuh/wazuh)
+
+## Directory structure
+
+ wazuh-puppet/
+ ├── CHANGELOG.md
+ ├── checksums.json
+ ├── files
+ │ └── ossec-logrotate.te
+ ├── Gemfile
+ ├── LICENSE.txt
+ ├── manifests
+ │ ├── activeresponse.pp
+ │ ├── addlog.pp
+ │ ├── agent.pp
+ │ ├── command.pp
+ │ ├── elasticsearch.pp
+ │ ├── email_alert.pp
+ │ ├── filebeat.pp
+ │ ├── init.pp
+ │ ├── integration.pp
+ │ ├── kibana.pp
+ │ ├── manager.pp
+ │ ├── params_agent.pp
+ │ ├── params_elastic.pp
+ │ ├── params_manager.pp
+ │ ├── repo_elastic.pp
+ │ ├── repo.pp
+ │ ├── reports.pp
+ │ └── wazuh_api.pp
+ ├── metadata.json
+ ├── Rakefile
+ ├── README.md
+ ├── spec
+ │ ├── classes
+ │ │ ├── client_spec.rb
+ │ │ ├── init_spec.rb
+ │ │ └── server_spec.rb
+ │ └── spec_helper.rb
+ ├── templates
+ │ ├── api
+ │ │ └── config.js.erb
+ │ ├── default_commands.erb
+ │ ├── elasticsearch_yml.erb
+ │ ├── filebeat_yml.erb
+ │ ├── fragments
+ │ │ ├── _activeresponse.erb
+ │ │ ├── _auth.erb
+ │ │ ├── _cluster.erb
+ │ │ ├── _command.erb
+ │ │ ├── _default_activeresponse.erb
+ │ │ ├── _email_alert.erb
+ │ │ ├── _integration.erb
+ │ │ ├── _localfile.erb
+ │ │ ├── _localfile_generation.erb
+ │ │ ├── _reports.erb
+ │ │ ├── _rootcheck.erb
+ │ │ ├── _ruleset.erb
+ │ │ ├── _sca.erb
+ │ │ ├── _syscheck.erb
+ │ │ ├── _wodle_cis_cat.erb
+ │ │ ├── _wodle_openscap.erb
+ │ │ ├── _wodle_osquery.erb
+ │ │ ├── _wodle_syscollector.erb
+ │ │ └── _wodle_vulnerability_detector.erb
+ │ ├── jvm_options.erb
+ │ ├── kibana_yml.erb
+ │ ├── local_decoder.xml.erb
+ │ ├── local_rules.xml.erb
+ │ ├── ossec_shared_agent.conf.erb
+ │ ├── process_list.erb
+ │ ├── wazuh_agent.conf.erb
+ │ └── wazuh_manager.conf.erb
+ ├── tests
+ │ └── init.pp
+ └── VERSION
+
+## Branches
+
+* `stable` branch on correspond to the last Wazuh-Puppet stable version.
+* `master` branch contains the latest code, be aware of possible bugs on this branch.
+
+## Contribute
+
+If you would like to contribute to our repository, please fork our Github repository and submit a pull request.
+
+If you are not familiar with Github, you can also share them through [our users mailing list](https://groups.google.com/d/forum/wazuh), to which you can subscribe by sending an email to `wazuh+subscribe@googlegroups.com`.
+
+
+## Credits and thank you
+
+This Puppet module has been authored by Nicolas Zin, and updated by Jonathan Gazeley and Michael Porter. Wazuh has forked it with the purpose of maintaining it. Thank you to the authors for the contribution.
+
+## License and copyright
+
+WAZUH
+Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+
+Based on OSSEC
+Copyright (C) 2015 Trend Micro Inc.
+
+
+## Web References
+
+* [Wazuh website](http://wazuh.com)
diff --git a/modules/services/unix/logging/wazuh/Rakefile b/modules/services/unix/logging/wazuh/Rakefile
new file mode 100644
index 000000000..750ef4676
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/Rakefile
@@ -0,0 +1,76 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-syntax/tasks/puppet-syntax'
+require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
+require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
+require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any?
+
+def changelog_user
+ return unless Rake.application.top_level_tasks.include? "changelog"
+ returnVal = nil || JSON.load(File.read('metadata.json'))['author']
+ raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
+ puts "GitHubChangelogGenerator user:#{returnVal}"
+ returnVal
+end
+
+def changelog_project
+ return unless Rake.application.top_level_tasks.include? "changelog"
+ returnVal = nil || JSON.load(File.read('metadata.json'))['name']
+ raise "unable to find the changelog_project in .sync.yml or the name in metadata.json" if returnVal.nil?
+ puts "GitHubChangelogGenerator project:#{returnVal}"
+ returnVal
+end
+
+def changelog_future_release
+ return unless Rake.application.top_level_tasks.include? "changelog"
+ returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
+ raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
+ puts "GitHubChangelogGenerator future_release:#{returnVal}"
+ returnVal
+end
+
+PuppetLint.configuration.send('disable_relative')
+
+if Bundler.rubygems.find_name('github_changelog_generator').any?
+ GitHubChangelogGenerator::RakeTask.new :changelog do |config|
+ raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
+ config.user = "#{changelog_user}"
+ config.project = "#{changelog_project}"
+ config.future_release = "#{changelog_future_release}"
+ config.exclude_labels = ['maintenance']
+ config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
+ config.add_pr_wo_labels = true
+ config.issues = false
+ config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM"
+ config.configure_sections = {
+ "Changed" => {
+ "prefix" => "### Changed",
+ "labels" => ["backwards-incompatible"],
+ },
+ "Added" => {
+ "prefix" => "### Added",
+ "labels" => ["feature", "enhancement"],
+ },
+ "Fixed" => {
+ "prefix" => "### Fixed",
+ "labels" => ["bugfix"],
+ },
+ }
+ end
+else
+ desc 'Generate a Changelog from GitHub'
+ task :changelog do
+ raise <= Gem::Version.new('2.2.2')"
+EOM
+ end
+end
+
diff --git a/modules/services/unix/logging/wazuh/VERSION b/modules/services/unix/logging/wazuh/VERSION
new file mode 100644
index 000000000..edbc3b87f
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/VERSION
@@ -0,0 +1,2 @@
+WAZUH-PUPPET_VERSION="v3.10.2"
+REVISION="31020"
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/checksums.json b/modules/services/unix/logging/wazuh/checksums.json
new file mode 100644
index 000000000..536eb7cad
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/checksums.json
@@ -0,0 +1,32 @@
+{
+ "CHANGELOG": "f19926f4fe829b0db46c013cbaf35b39",
+ "LICENCE.txt": "b234ee4d69f5fce4486a80fdaf4a4263",
+ "README.md": "3a1440b7e90322cbfa5c05294bb0c640",
+ "Rakefile": "20b80e526e351a74df2001f504e756d2",
+ "files/RPM-GPG-KEY.ossec.txt": "fa0cdc74d4a785c50d15f72ea5f41cd5",
+ "files/ossec-agent-win32-2.8.exe": "a699117d0ed77f88b3a8661644ee3efd",
+ "files/ossec-logrotate.te": "805a98138f4a9157768d739f47804d51",
+ "manifests/activeresponse.pp": "e667a4933feefa68ff0ce8836ce2e1c2",
+ "manifests/addlog.pp": "55973e8421221ee25fbc25486f9394ff",
+ "manifests/agentkey.pp": "31a3dafb35440d06782fa643545687f2",
+ "manifests/client.pp": "8846d9509a2d07327abf7f863db24b3c",
+ "manifests/command.pp": "5a5a6f6fb8e0fb33f8805aae4c24b2fa",
+ "manifests/email_alert.pp": "3d3f25b93b8632bb83b090aa00bceb54",
+ "manifests/init.pp": "7169001dff13c2989a2f5109a7308647",
+ "manifests/params.pp": "771406d51f9b0cbdb9cf0de09183fc6e",
+ "manifests/repo.pp": "9e671fc275f70156b7039d6b7422a3a4",
+ "manifests/server.pp": "9714ed91cf16ef098c6ad0325c5d0516",
+ "metadata.json": "52a211d737d06b75edb7d7dba16e98c3",
+ "spec/classes/init_spec.rb": "56bd154658b163252110b2f5aed81cb7",
+ "spec/spec_helper.rb": "a55d1e6483344f8ec6963fcb2c220372",
+ "templates/10_ossec.conf.erb": "dfba2404ca2b9ced29935d33411a4a79",
+ "templates/10_ossec_agent.conf.erb": "9fd7f4ad33f62e4146b0bac0948b4a50",
+ "templates/20_ossecLogfile.conf.erb": "13440a05e19d6fb9ce4e2fe5fdfdac74",
+ "templates/90_ossec.conf.erb": "698695c984a8d6829d3a331b8a4196ec",
+ "templates/99_ossec_agent.conf.erb": "386ab8ad1d31566eed64a06e0a8d4d9a",
+ "templates/activeresponse.erb": "8a3bd90af1c0b8199af57f37bf5314d2",
+ "templates/fragments/_command.erb": "e37530e43ad73dbfe1e17c0d9da042f9",
+ "templates/fragments/_email_alert.erb": "3aa50ecb0e284ed3a443ee89d21260b0",
+ "templates/ossec_shared_agent.conf.erb": "131307a6afdf7e83053cdbc9f6d44368",
+ "tests/init.pp": "2eac4e89d806c23f7d72d6ac924d1921"
+}
diff --git a/modules/services/unix/logging/wazuh/files/client.keys b/modules/services/unix/logging/wazuh/files/client.keys
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/services/unix/logging/wazuh/files/ossec-logrotate.te b/modules/services/unix/logging/wazuh/files/ossec-logrotate.te
new file mode 100644
index 000000000..feaa97e7d
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/files/ossec-logrotate.te
@@ -0,0 +1,10 @@
+module ossec-logrotate 1.2;
+
+require {
+type var_t;
+type logrotate_t;
+class file { read write getattr open };
+}
+
+#============= logrotate_t ==============
+allow logrotate_t var_t:file { read write getattr open };
diff --git a/modules/services/unix/logging/wazuh/files/wazuh-register.service b/modules/services/unix/logging/wazuh/files/wazuh-register.service
new file mode 100644
index 000000000..6c666c8fe
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/files/wazuh-register.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Wazuh Registration Service
+
+[Service]
+EnvironmentFile=/etc/environment
+ExecStart=/usr/bin/ruby /var/ossec/bin/wazuh-register.rb
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+WorkingDirectory=/root
+Restart=always
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/files/wazuhapp-3.3.1_6.3.1.zip b/modules/services/unix/logging/wazuh/files/wazuhapp-3.3.1_6.3.1.zip
new file mode 100644
index 000000000..f6d10266c
Binary files /dev/null and b/modules/services/unix/logging/wazuh/files/wazuhapp-3.3.1_6.3.1.zip differ
diff --git a/modules/services/unix/logging/wazuh/kitchen/Gemfile b/modules/services/unix/logging/wazuh/kitchen/Gemfile
new file mode 100644
index 000000000..05f7a3868
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/Gemfile
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+# gem "rails"
+gem "test-kitchen"
+gem "kitchen-puppet"
+gem "kitchen-vagrant"
+gem 'kitchen-docker', '~> 2.3'
+gem "puppet"
+gem "librarian-puppet"
diff --git a/modules/services/unix/logging/wazuh/kitchen/Puppetfile b/modules/services/unix/logging/wazuh/kitchen/Puppetfile
new file mode 100644
index 000000000..b9d36bd1d
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/Puppetfile
@@ -0,0 +1,26 @@
+#!/usr/bin/env ruby
+#^syntax detection
+
+forge "https://forgeapi.puppetlabs.com"
+
+# use dependencies defined in metadata.json
+#metadata
+
+mod "wazuh/wazuh"
+# use dependencies defined in Modulefile
+# modulefile
+
+# A module from the Puppet Forge
+# mod 'puppetlabs-stdlib'
+
+# A module from git
+# mod 'puppetlabs-ntp',
+# :git => 'git://github.com/puppetlabs/puppetlabs-ntp.git'
+
+# A module from a git branch/tag
+# mod 'puppetlabs-apt',
+# :git => 'https://github.com/puppetlabs/puppetlabs-apt.git',
+# :ref => '1.4.x'
+
+# A module from Github pre-packaged tarball
+# mod 'puppetlabs-apache', '0.6.0', :github_tarball => 'puppetlabs/puppetlabs-apache'
diff --git a/modules/services/unix/logging/wazuh/kitchen/README.md b/modules/services/unix/logging/wazuh/kitchen/README.md
new file mode 100644
index 000000000..0249dddee
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/README.md
@@ -0,0 +1,227 @@
+**KITCHEN-PUPPET TESTING**
+
+
+**1.Building Kitchen Directory Structure**
+```
+├── chefignore
+├── Gemfile
+├── hieradata
+├── kitchen.yml
+├── manifests
+├── modules `should contain wazuh-puppet module`
+├── Puppetfile
+├── run.sh
+├── test
+```
+
+Find more details in the [official documentation](https://kitchen.ci/)
+
+**2. Required Gems**
+
+Kitchen basically works with `Ruby` gems and so, all required packages are available as gems. In our case, we would need the following gems to be installed. Found in the file `Gemfile` :
+
+```
+vagrant@master:~/wazuh-puppet/kitchen$ cat Gemfile
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+# gem "rails"
+gem "test-kitchen"
+gem "kitchen-puppet"
+gem "kitchen-vagrant"
+gem 'kitchen-docker', '~> 2.3'
+gem "puppet"
+gem "librarian-puppet"
+```
+
+As we can see, we have gems for docker, vagrant, puppet, and kitchen itself.
+
+Once we have our list of gems prepared, we install them running the following command:
+
+```
+bundle install
+```
+
+**3. Adding Dependencies**
+
+A step which is already applied here is the creation of `Puppetfile` using `puppet-librerian` by running the command:
+
+```
+± librarian-puppet init
+ create Puppetfile
+```
+
+As you can see the, `Puppetfile` already exist with the following content:
+
+```
+#!/usr/bin/env ruby
+#^syntax detection
+
+forge "https://forgeapi.puppetlabs.com"
+
+# use dependencies defined in metadata.json
+#metadata
+
+mod "wazuh/wazuh"
+# use dependencies defined in Modulefile
+# modulefile
+
+# A module from the Puppet Forge
+# mod 'puppetlabs-stdlib'
+
+# A module from git
+# mod 'puppetlabs-ntp',
+# :git => 'git://github.com/puppetlabs/puppetlabs-ntp.git'
+
+# A module from a git branch/tag
+# mod 'puppetlabs-apt',
+# :git => 'https://github.com/puppetlabs/puppetlabs-apt.git',
+# :ref => '1.4.x'
+
+# A module from Github pre-packaged tarball
+# mod 'puppetlabs-apache', '0.6.0', :github_tarball => 'puppetlabs/puppetlabs-apache'
+```
+
+Once `Puppetfile` is prepared, then we run need to get the requested module, by running:
+
+ ```
+ librarian-puppet install
+ ```
+
+
+**4. Kitchen Environment Configuration**
+
+In the file `kitchen.yml` we have to configure the machines were our tests will be running. This configuration includes information, such as :
+* The virtualization tool `vagrant` or `docker`,
+* The operating system image,
+* Testing suites `testinfra` for example, etc ...
+
+- An initial example of `kitchen.yml` would be:
+
+```
+vagrant@master:~/wazuh-puppet/kitchen$ cat kitchen.yml
+---
+driver:
+ name: docker
+
+provisioner:
+ name: puppet_apply
+ manifests_path: manifests
+ modules_path: modules
+ hiera_data_path: hieradata
+
+platforms:
+ - name: ubuntu-manager_00
+ run_options: --ip 10.1.0.19
+ driver_config:
+ image: ubuntu:14.04
+ platform: ubuntu
+ hostname: manager00_ubuntu
+
+ - name: ubuntu-agent
+ driver_config:
+ image: ubuntu:14.04
+ platform: ubuntu
+ hostname: agent00_ubuntu
+
+suites:
+ - name: default
+ manifest: site.pp
+ verifier:
+ name: shell
+ command: py.test -v test/base
+```
+
+**5. Put Kitchen in action**
+
+Once we have `kitchen.yml` prepared, then we can create the environment by running:
+
+```
+kitchen create
+```
+
+This way we will only have our machines created without installing the desired components to be tested. These components are represented by Wazuh stack components such as `wazuh-manager`, `wazuh-agent`, etc ...
+
+**5. Install the required components to be tested then**
+
+In `Puppet` case, to specify the `manifests` to be installed, we should configure the file 'manifests/site.pp', which by now it looks like:
+
+```
+node 'manager00_ubuntu' {
+ class { "wazuh::manager":
+ configure_wodle_openscap => false
+ }
+}
+node 'agent00_ubuntu' {
+ class { "wazuh::agent":
+ ossec_ip => "manager_ip",
+ configure_wodle_openscap => false
+ }
+}
+```
+
+As you can see, we only want to install `wazuh-manager` and `wazuh-agent`.
+
+
+**6. Kitchen Converging: Installing the packages to be tested**
+
+Once `site.pp` is prepared, we run:
+```
+kitchen converge
+```
+
+**7. Testing**
+
+`Kitchen` offers a large variety of testing types, such as:
+* Bats tests.
+* Serverspec tests.
+* Testinfra tests.
+*
+
+In our case, we think that `testinfra` is the best choice based on old experience. so and in order to implemente `testinfra` tests, we should indicate the testing suite command in `kitchen.yml` as indicated before:
+```
+suites:
+ - name: default
+ manifest: site.pp
+ verifier:
+ name: shell
+ command: py.test -v test/base
+```
+
+In the folder test/base, we put our tests. By now we implemented 2 tests, one for `wazuh-manager` and another one for `wazuh-agent`. Please check both here:
+* [manager](https://github.com/wazuh/wazuh-puppet/blob/v3.9.5_7.2.1/kitchen/test/base/test_wazuh_manager.py)
+* [agent](https://github.com/wazuh/wazuh-puppet/blob/v3.9.5_7.2.1/kitchen/test/base/test_wazuh_agent.py)
+
+Once we have our suite prepared, then we run:
+
+```
+kitchen verify
+```
+
+And in a successful testing attempt we can get something like:
+
+```
+-----> Starting Kitchen (v2.2.5)
+-----> Verifying ...
+ [Shell] Verify on instance default-ubuntu-manager-00 ...
+
+============================= test session starts ==============================
+platform linux -- Python 3.4.3, pytest-4.6.4, py-1.8.0, pluggy-0.12.0 -- /usr/bin/python3.4
+cachedir: .pytest_cache
+rootdir: /home/vagrant/wazuh-puppet/kitchen
+plugins: testinfra-3.0.5
+collecting ... collected 8 items
+
+test/base/test_wazuh_agent.py::test_wazuh_agent_package SKIPPED [ 12%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[ossec-agentd-ossec] SKIPPED [ 25%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[ossec-execd-root] SKIPPED [ 37%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[ossec-syscheckd-root] SKIPPED [ 50%]
+test/base/test_wazuh_agent.py::test_wazuh_processes_running[wazuh-modulesd-root] SKIPPED [ 62%]
+test/base/test_wazuh_manager.py::test_wazuh_agent_package PASSED [ 75%]
+test/base/test_wazuh_manager.py::test_wazuh_packages_are_installed PASSED [ 87%]
+test/base/test_wazuh_manager.py::test_wazuh_services_are_running PASSED [100%]
+
+===================== 3 passed, 5 skipped in 1.18 seconds ======================
+ Finished verifying (0m2.16s).
+-----> Kitchen is finished. (0m4.51s)
+```
diff --git a/modules/services/unix/logging/wazuh/kitchen/chefignore b/modules/services/unix/logging/wazuh/kitchen/chefignore
new file mode 100644
index 000000000..7be3c6dfa
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/chefignore
@@ -0,0 +1 @@
+.kitchen
diff --git a/modules/services/unix/logging/wazuh/kitchen/clean.sh b/modules/services/unix/logging/wazuh/kitchen/clean.sh
new file mode 100644
index 000000000..14bb9311f
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/clean.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+echo "Deleting Old logs, old instances files, etc ..."
+rm -rf .kitchen/logs/* # removing old logs
+rm -rf .kitchen/def* # removing old .yml files associated for old kitchen instances
+rm -rf ./manifests/se* # removing all temporal manifests files.
+
+echo "Kitchen is destroying old instances ..."
+kitchen destroy all # destroying all existing kitchen instances
+
+echo "Docker is stopping and deleting old containers of they do exist"
+docker ps --filter name=kitchen -aq | xargs docker stop | xargs docker rm
diff --git a/modules/services/unix/logging/wazuh/kitchen/hieradata/common.yaml b/modules/services/unix/logging/wazuh/kitchen/hieradata/common.yaml
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/services/unix/logging/wazuh/kitchen/hieradata/roles/default.yaml b/modules/services/unix/logging/wazuh/kitchen/hieradata/roles/default.yaml
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/services/unix/logging/wazuh/kitchen/kitchen.yml b/modules/services/unix/logging/wazuh/kitchen/kitchen.yml
new file mode 100644
index 000000000..dc5dc8e68
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/kitchen.yml
@@ -0,0 +1,53 @@
+---
+driver:
+ name: docker
+ privileged: true
+ use_sudo: false
+ use_internal_docker_network: true
+
+provisioner:
+ name: puppet_apply
+ manifests_path: manifests
+ modules_path: modules
+ hiera_data_path: hieradata
+
+platforms:
+ - name: ubuntu-manager_00_kitchen
+ driver_config:
+ image: ubuntu:14.04
+ platform: ubuntu
+ hostname: manager00_ubuntu
+
+ - name: ubuntu-agent-kitchen
+ driver_config:
+ image: ubuntu:14.04
+ platform: ubuntu
+ hostname: agent00_ubuntu
+
+ - name: centos-manager_00_kitchen
+ driver_config:
+ image: centos:7
+ platform: centos
+ hostname: manager00_centos
+ run_command: /usr/sbin/init
+ dockerfile: test/Dockerfile
+ build_options:
+ rm: true
+
+ - name: centos-agent_kitchen
+ driver_config:
+ image: centos:7
+ platform: centos
+ hostname: agent00_centos
+ run_command: /usr/sbin/init
+ run_command: /usr/lib/systemd/systemd
+ dockerfile: test/Dockerfile
+ build_options:
+ rm: true
+
+suites:
+ - name: default
+ manifest: site.pp
+ verifier:
+ name: shell
+ command: py.test -v test/base
diff --git a/modules/services/unix/logging/wazuh/kitchen/manifests/site.pp b/modules/services/unix/logging/wazuh/kitchen/manifests/site.pp
new file mode 100644
index 000000000..99a14aaa7
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/manifests/site.pp
@@ -0,0 +1,24 @@
+node 'manager00_ubuntu' {
+ class { 'wazuh::manager':
+ configure_wodle_openscap => false
+ }
+}
+node 'agent00_ubuntu' {
+ class { 'wazuh::agent':
+ wazuh_register_endpoint => '10.1.0.9',
+ wazuh_reporting_endpoint => '10.1.0.9',
+ configure_wodle_openscap => false
+ }
+}
+node 'manager00_centos' {
+ class { 'wazuh::manager':
+ configure_wodle_openscap => true
+ }
+}
+node 'agent00_centos' {
+ class { 'wazuh::agent':
+ wazuh_register_endpoint => '10.1.0.11',
+ wazuh_reporting_endpoint => '10.1.0.11',
+ configure_wodle_openscap => true
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/kitchen/manifests/site.pp.template b/modules/services/unix/logging/wazuh/kitchen/manifests/site.pp.template
new file mode 100644
index 000000000..4f844ad0e
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/manifests/site.pp.template
@@ -0,0 +1,24 @@
+node 'manager00_ubuntu' {
+ class { "wazuh::manager":
+ configure_wodle_openscap => false
+ }
+}
+node 'agent00_ubuntu' {
+ class { "wazuh::agent":
+ wazuh_register_endpoint => "ubuntu_manager_ip",
+ wazuh_reporting_endpoint => "ubuntu_manager_ip",
+ configure_wodle_openscap => false
+ }
+}
+node 'manager00_centos' {
+ class { "wazuh::manager":
+ configure_wodle_openscap => true
+ }
+}
+node 'agent00_centos' {
+ class { "wazuh::agent":
+ wazuh_register_endpoint => "centos_manager_ip",
+ wazuh_reporting_endpoint => "centos_manager_ip",
+ configure_wodle_openscap => true
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/kitchen/run.sh b/modules/services/unix/logging/wazuh/kitchen/run.sh
new file mode 100644
index 000000000..53e003f7f
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/run.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+# Adding Wazuh module from Puppet forge.
+
+
+#LIBRARIAN_OUTPUT="$(librarian-puppet show)"
+#
+#if [[ $LIBRARIAN_OUTPUT == *"wazuh"* ]]; then
+# echo "Librarian-Puppet: Wazuh module already installed .. Continue"
+#else
+# echo "Installing Wazuh module"
+# librarian-puppet install
+#
+# sed -i "s/'Debian', 'debian'/&, 'Ubuntu', 'ubuntu'/" modules/wazuh/manifests/manager.pp
+# sed -i "s/'Debian', 'debian'/&, 'Ubuntu', 'ubuntu'/" modules/wazuh/manifests/agent.pp
+#fi
+
+mkdir -p modules/wazuh
+
+cp -r ../files ./modules/wazuh/
+cp -r ../templates/ ./modules/wazuh/
+cp -r ../manifests/ ./modules/wazuh/
+
+echo "Deleting Old logs, old instances files, etc ..."
+rm -rf .kitchen/logs/* # removing old logs
+rm -rf .kitchen/def* # removing old .yml files associated for old kitchen instances
+rm -rf ./manifests/se* # removing all temporal manifests files.
+
+echo "Kitchen is destroying old instances ..."
+kitchen destroy all # destroying all existing kitchen instances
+
+echo "Docker is stopping and deleting old containers of they do exist"
+docker ps --filter name=kitchen -aq | xargs docker stop | xargs docker rm
+
+echo "Kitchen is creating the new instances"
+kitchen create # creating new kitchen instances
+
+echo "Getting Wazuh managers IPs to the agents"
+ubuntu_manager_ip="$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' `docker ps | awk '{print $NF}' | grep ubuntu | grep manager`)"
+centos_manager_ip="$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' `docker ps | awk '{print $NF}' | grep centos | grep manager`)"
+
+echo "getting a copy of ./manifests/site.pp.template"
+cp ./manifests/site.pp.template ./manifests/site.pp
+
+echo "Assigning Wazuh managers IPs to the corresponding agents."
+sed -i 's/ubuntu_manager_ip/'${ubuntu_manager_ip}'/g' ./manifests/site.pp
+sed -i 's/centos_manager_ip/'${centos_manager_ip}'/g' ./manifests/site.pp
+
+echo "Kitchen is converging ..."
+kitchen converge
+
+echo "Kitchen is testing ..."
+kitchen verify
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/Dockerfile.template b/modules/services/unix/logging/wazuh/kitchen/test/Dockerfile.template
new file mode 100644
index 000000000..48977c873
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/Dockerfile.template
@@ -0,0 +1,20 @@
+FROM centos:7
+ENV container docker
+RUN yum clean all
+RUN yum install -y sudo openssh-server openssh-clients which curl
+RUN [ -f "/etc/ssh/ssh_host_rsa_key" ] || ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+RUN [ -f "/etc/ssh/ssh_host_dsa_key" ] || ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+RUN if ! getent passwd kitchen; then useradd -d /home/kitchen -m -s /bin/bash -p '*' kitchen; fi
+RUN echo "kitchen ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+RUN echo "Defaults !requiretty" >> /etc/sudoers
+RUN mkdir -p /home/kitchen/.ssh
+RUN chown -R kitchen /home/kitchen/.ssh
+RUN chmod 0700 /home/kitchen/.ssh
+RUN touch /home/kitchen/.ssh/authorized_keys
+RUN chown kitchen /home/kitchen/.ssh/authorized_keys
+RUN chmod 0600 /home/kitchen/.ssh/authorized_keys
+RUN mkdir -p /run/sshd
+RUN echo YOUR_PUBLIC_KEY >> /home/kitchen/.ssh/authorized_keys
+EXPOSE 1515/tcp
+EXPOSE 1515/udp
+RUN yum install -y openssl
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/base/test_wazuh_agent.py b/modules/services/unix/logging/wazuh/kitchen/test/base/test_wazuh_agent.py
new file mode 100644
index 000000000..6fcecb6f7
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/base/test_wazuh_agent.py
@@ -0,0 +1,28 @@
+import functools
+import os
+import pytest
+import testinfra
+
+test_host = testinfra.get_host('paramiko://{KITCHEN_USERNAME}@{KITCHEN_HOSTNAME}:{KITCHEN_PORT}'.format(**os.environ), ssh_identity_file=os.environ.get('KITCHEN_SSH_KEY'))
+
+@pytest.mark.filterwarnings('ignore')
+@pytest.mark.skipif('manager' in os.environ.get('KITCHEN_INSTANCE'), reason='Skip on wazuh manager instances')
+def test_wazuh_agent_package(host):
+ name = "wazuh-agent"
+ version = "3.10.2"
+ pkg = host.package(name)
+ assert pkg.is_installed
+ assert pkg.version.startswith(version)
+
+
+@pytest.mark.filterwarnings('ignore')
+@pytest.mark.skipif('manager' in os.environ.get('KITCHEN_INSTANCE'), reason='Skip on wazuh manager instances')
+@pytest.mark.parametrize("wazuh_service, wazuh_owner", (
+ ("ossec-agentd", "ossec"),
+ ("ossec-execd", "root"),
+ ("ossec-syscheckd", "root"),
+ ("wazuh-modulesd", "root"),
+))
+def test_wazuh_processes_running(host, wazuh_service, wazuh_owner):
+ master = host.process.get(user=wazuh_owner, comm=wazuh_service)
+ assert master.args == "/var/ossec/bin/" + wazuh_service
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/base/test_wazuh_manager.py b/modules/services/unix/logging/wazuh/kitchen/test/base/test_wazuh_manager.py
new file mode 100644
index 000000000..6c2ed4015
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/base/test_wazuh_manager.py
@@ -0,0 +1,59 @@
+import functools
+import os
+import pytest
+import testinfra
+
+test_host = testinfra.get_host('paramiko://{KITCHEN_USERNAME}@{KITCHEN_HOSTNAME}:{KITCHEN_PORT}'.format(**os.environ), ssh_identity_file=os.environ.get('KITCHEN_SSH_KEY'))
+
+@pytest.mark.filterwarnings('ignore')
+@pytest.mark.skipif('agent' in os.environ.get('KITCHEN_INSTANCE'), reason='Skip on wazuh manager instances')
+def test_wazuh_agent_package(host):
+ name = "wazuh-manager"
+ version = "3.10.2"
+ pkg = host.package(name)
+ assert pkg.is_installed
+ assert pkg.version.startswith(version)
+
+@pytest.mark.filterwarnings('ignore')
+@pytest.mark.skipif('agent' in os.environ.get('KITCHEN_INSTANCE'), reason='Skip on wazuh manager instances')
+def get_wazuh_version():
+ """This return the version of Wazuh."""
+ return "3.10.2"
+
+@pytest.mark.filterwarnings('ignore')
+@pytest.mark.skipif('agent' in os.environ.get('KITCHEN_INSTANCE'), reason='Skip on wazuh manager instances')
+def test_wazuh_packages_are_installed(host):
+ """Test if the main packages are installed."""
+ manager = host.package("wazuh-manager")
+ #api = host.package("wazuh-api")
+
+ distribution = host.system_info.distribution.lower()
+ if distribution == 'centos':
+ if host.system_info.release == "7":
+ assert manager.is_installed
+ assert manager.version.startswith(get_wazuh_version())
+ #assert api.is_installed
+ #assert api.version.startswith(get_wazuh_version())
+ elif host.system_info.release.startswith("6"):
+ assert manager.is_installed
+ assert manager.version.startswith(get_wazuh_version())
+ elif distribution == 'ubuntu':
+ assert manager.is_installed
+ assert manager.version.startswith(get_wazuh_version())
+
+
+@pytest.mark.skipif('agent' in os.environ.get('KITCHEN_INSTANCE'), reason='Skip on wazuh manager instances')
+def test_wazuh_services_are_running(host):
+ """Test if the services are enabled and running.
+ When assert commands are commented, this means that the service command has
+ a wrong exit code: https://github.com/wazuh/wazuh-ansible/issues/107
+ """
+ manager = host.service("wazuh-manager")
+
+ distribution = host.system_info.distribution.lower()
+ if distribution == 'centos':
+ # assert manager.is_running
+ assert manager.is_enabled
+ elif distribution == 'ubuntu':
+ # assert manager.is_running
+ assert manager.is_enabled
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/bin/python b/modules/services/unix/logging/wazuh/kitchen/test/bin/python
new file mode 100644
index 000000000..b8a0adbbb
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/bin/python
@@ -0,0 +1 @@
+python3
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/bin/python3 b/modules/services/unix/logging/wazuh/kitchen/test/bin/python3
new file mode 100644
index 000000000..ae65fdaa1
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/bin/python3
@@ -0,0 +1 @@
+/usr/bin/python3
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/conftest.py b/modules/services/unix/logging/wazuh/kitchen/test/conftest.py
new file mode 100644
index 000000000..036a50d51
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/conftest.py
@@ -0,0 +1,10 @@
+import functools
+import os
+import pytest
+import testinfra
+
+test_host = testinfra.get_host('paramiko://{KITCHEN_USERNAME}@{KITCHEN_HOSTNAME}:{KITCHEN_PORT}'.format(**os.environ), ssh_identity_file=os.environ.get('KITCHEN_SSH_KEY'))
+
+@pytest.fixture
+def host():
+ return test_host
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/conftest.py.old b/modules/services/unix/logging/wazuh/kitchen/test/conftest.py.old
new file mode 100644
index 000000000..036a50d51
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/conftest.py.old
@@ -0,0 +1,10 @@
+import functools
+import os
+import pytest
+import testinfra
+
+test_host = testinfra.get_host('paramiko://{KITCHEN_USERNAME}@{KITCHEN_HOSTNAME}:{KITCHEN_PORT}'.format(**os.environ), ssh_identity_file=os.environ.get('KITCHEN_SSH_KEY'))
+
+@pytest.fixture
+def host():
+ return test_host
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/integration/default/bats/verify_installed.bats b/modules/services/unix/logging/wazuh/kitchen/test/integration/default/bats/verify_installed.bats
new file mode 100644
index 000000000..3316de582
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/integration/default/bats/verify_installed.bats
@@ -0,0 +1,3 @@
+@test 'wazuh is up and running' {
+ pgrep wazuh
+}
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/integration/default/serverspec/wazuh_spec.rb b/modules/services/unix/logging/wazuh/kitchen/test/integration/default/serverspec/wazuh_spec.rb
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/integration/test_wazuh.py b/modules/services/unix/logging/wazuh/kitchen/test/integration/test_wazuh.py
new file mode 100644
index 000000000..cc512d6a3
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/integration/test_wazuh.py
@@ -0,0 +1,4 @@
+def test_wazuh_manager_service_running(host):
+ service = host.service('wazuh-manager')
+ assert service.is_running
+ assert service.is_enabled
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/lib64 b/modules/services/unix/logging/wazuh/kitchen/test/lib64
new file mode 100644
index 000000000..7951405f8
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/lib64
@@ -0,0 +1 @@
+lib
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/kitchen/test/pyvenv.cfg b/modules/services/unix/logging/wazuh/kitchen/test/pyvenv.cfg
new file mode 100644
index 000000000..842bbc1c5
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/kitchen/test/pyvenv.cfg
@@ -0,0 +1,3 @@
+home = /usr/bin
+include-system-site-packages = false
+version = 3.4.3
diff --git a/modules/services/unix/logging/wazuh/manifests/activeresponse.pp b/modules/services/unix/logging/wazuh/manifests/activeresponse.pp
new file mode 100644
index 000000000..212cc9da2
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/activeresponse.pp
@@ -0,0 +1,20 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+#Define for a specific ossec active-response
+define wazuh::activeresponse(
+ $command_name,
+ $ar_location = 'local',
+ $ar_level = 7,
+ $ar_agent_id = '',
+ $ar_rules_id = [],
+ $ar_timeout = 300,
+ $ar_repeated_offenders = '',
+) {
+
+ require wazuh::params_manager
+
+ concat::fragment { $name:
+ target => 'ossec.conf',
+ order => 55,
+ content => template('wazuh/fragments/_activeresponse.erb')
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/addlog.pp b/modules/services/unix/logging/wazuh/manifests/addlog.pp
new file mode 100644
index 000000000..b7f51e1ec
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/addlog.pp
@@ -0,0 +1,18 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+#Define a log-file to add to ossec
+define wazuh::addlog(
+ $logfile = undef,
+ $logtype = 'syslog',
+ $logcommand = undef,
+ $commandalias = undef,
+ $frequency = undef,
+) {
+ require wazuh::params_manager
+
+ concat::fragment { "ossec.conf_localfile-${logfile}":
+ target => 'ossec.conf',
+ content => template('wazuh/fragments/_localfile_generation.erb'),
+ order => 21,
+ }
+
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/agent.pp b/modules/services/unix/logging/wazuh/manifests/agent.pp
new file mode 100644
index 000000000..1033a7548
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/agent.pp
@@ -0,0 +1,507 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Setup for ossec client
+class wazuh::agent(
+
+ # Versioning and package names
+
+ $agent_package_version = $wazuh::params_agent::agent_package_version,
+ $agent_package_name = $wazuh::params_agent::agent_package_name,
+ $agent_service_name = $wazuh::params_agent::agent_service_name,
+
+ # Manage repository
+
+ $manage_repo = $wazuh::params_agent::manage_repo,
+
+ # Authd registration options
+ $manage_client_keys = $wazuh::params_agent::manage_client_keys,
+ $agent_name = $wazuh::params_agent::agent_name,
+ $agent_group = $wazuh::params_agent::agent_group,
+ $wazuh_agent_cert = $wazuh::params_agent::wazuh_agent_cert,
+ $wazuh_agent_key = $wazuh::params_agent::wazuh_agent_key,
+ $wazuh_agent_cert_path = $wazuh::params_agent::wazuh_agent_cert_path,
+ $wazuh_agent_key_path = $wazuh::params_agent::wazuh_agent_key_path,
+ $agent_auth_password = $wazuh::params_agent::agent_auth_password,
+ $wazuh_manager_root_ca_pem = $wazuh::params_agent::wazuh_manager_root_ca_pem,
+ $wazuh_manager_root_ca_pem_path = $wazuh::params_agent::wazuh_manager_root_ca_pem_path,
+
+ ## ossec.conf generation parameters
+ # Generation variables
+ $configure_rootcheck = $wazuh::params_agent::configure_rootcheck,
+ $configure_wodle_openscap = $wazuh::params_agent::configure_wodle_openscap,
+ $configure_wodle_cis_cat = $wazuh::params_agent::configure_wodle_cis_cat,
+ $configure_wodle_osquery = $wazuh::params_agent::configure_wodle_osquery,
+ $configure_wodle_syscollector = $wazuh::params_agent::configure_wodle_syscollector,
+ $configure_sca = $wazuh::params_agent::configure_sca,
+ $configure_syscheck = $wazuh::params_agent::configure_syscheck,
+ $configure_localfile = $wazuh::params_agent::configure_localfile,
+ $configure_active_response = $wazuh::params_agent::configure_active_response,
+
+ # Templates paths
+ $ossec_conf_template = $wazuh::params_agent::ossec_conf_template,
+ $ossec_rootcheck_template = $wazuh::params_agent::ossec_rootcheck_template,
+ $ossec_wodle_openscap_template = $wazuh::params_agent::ossec_wodle_openscap_template,
+ $ossec_wodle_cis_cat_template = $wazuh::params_agent::ossec_wodle_cis_cat_template,
+ $ossec_wodle_osquery_template = $wazuh::params_agent::ossec_wodle_osquery_template,
+ $ossec_wodle_syscollector_template = $wazuh::params_agent::ossec_wodle_syscollector_template,
+ $ossec_sca_template = $wazuh::params_agent::ossec_sca_template,
+ $ossec_syscheck_template = $wazuh::params_agent::ossec_syscheck_template,
+ $ossec_localfile_template = $wazuh::params_agent::ossec_localfile_template,
+ $ossec_ruleset = $wazuh::params_agent::ossec_ruleset,
+ $ossec_auth = $wazuh::params_agent::ossec_auth,
+ $ossec_cluster = $wazuh::params_agent::ossec_cluster,
+ $ossec_active_response_template = $wazuh::params_agent::ossec_active_response_template,
+
+ # Server configuration
+
+ $wazuh_register_endpoint = $wazuh::params_agent::wazuh_register_endpoint,
+ $wazuh_reporting_endpoint = $wazuh::params_agent::wazuh_reporting_endpoint,
+ $ossec_port = $wazuh::params_agent::ossec_port,
+ $ossec_protocol = $wazuh::params_agent::ossec_protocol,
+ $ossec_notify_time = $wazuh::params_agent::ossec_notify_time,
+ $ossec_time_reconnect = $wazuh::params_agent::ossec_time_reconnect,
+ $ossec_auto_restart = $wazuh::params_agent::ossec_auto_restart,
+ $ossec_crypto_method = $wazuh::params_agent::ossec_crypto_method,
+ $client_buffer_queue_size = $wazuh::params_agent::client_buffer_queue_size,
+ $client_buffer_events_per_second = $wazuh::params_agent::client_buffer_events_per_second,
+
+ # Rootcheck
+ $ossec_rootcheck_disabled = $wazuh::params_agent::ossec_rootcheck_disabled,
+ $ossec_rootcheck_check_files = $wazuh::params_agent::ossec_rootcheck_check_files,
+ $ossec_rootcheck_check_trojans = $wazuh::params_agent::ossec_rootcheck_check_trojans,
+ $ossec_rootcheck_check_dev = $wazuh::params_agent::ossec_rootcheck_check_dev,
+ $ossec_rootcheck_check_sys = $wazuh::params_agent::ossec_rootcheck_check_sys,
+ $ossec_rootcheck_check_pids = $wazuh::params_agent::ossec_rootcheck_check_pids,
+ $ossec_rootcheck_check_ports = $wazuh::params_agent::ossec_rootcheck_check_ports,
+ $ossec_rootcheck_check_if = $wazuh::params_agent::ossec_rootcheck_check_if,
+ $ossec_rootcheck_frequency = $wazuh::params_agent::ossec_rootcheck_frequency,
+ $ossec_rootcheck_rootkit_files = $wazuh::params_agent::ossec_rootcheck_rootkit_files,
+ $ossec_rootcheck_rootkit_trojans = $wazuh::params_agent::ossec_rootcheck_rootkit_trojans,
+ $ossec_rootcheck_skip_nfs = $wazuh::params_agent::ossec_rootcheck_skip_nfs,
+
+ ## Wodles
+
+ # Openscap
+ $wodle_openscap_disabled = $wazuh::params_agent::wodle_openscap_disabled,
+ $wodle_openscap_timeout = $wazuh::params_agent::wodle_openscap_timeout,
+ $wodle_openscap_interval = $wazuh::params_agent::wodle_openscap_interval,
+ $wodle_openscap_scan_on_start = $wazuh::params_agent::wodle_openscap_scan_on_start,
+
+ # Ciscat
+ $wodle_ciscat_disabled = $wazuh::params_agent::wodle_ciscat_disabled,
+ $wodle_ciscat_timeout = $wazuh::params_agent::wodle_ciscat_timeout,
+ $wodle_ciscat_interval = $wazuh::params_agent::wodle_ciscat_interval,
+ $wodle_ciscat_scan_on_start = $wazuh::params_agent::wodle_ciscat_scan_on_start,
+ $wodle_ciscat_java_path = $wazuh::params_agent::wodle_ciscat_java_path,
+ $wodle_ciscat_ciscat_path = $wazuh::params_agent::wodle_ciscat_ciscat_path,
+
+ #Osquery
+
+ $wodle_osquery_disabled = $wazuh::params_agent::wodle_osquery_disabled,
+ $wodle_osquery_run_daemon = $wazuh::params_agent::wodle_osquery_run_daemon,
+ $wodle_osquery_log_path = $wazuh::params_agent::wodle_osquery_log_path,
+ $wodle_osquery_config_path = $wazuh::params_agent::wodle_osquery_config_path,
+ $wodle_osquery_add_labels = $wazuh::params_agent::wodle_osquery_add_labels,
+
+ # Syscollector
+
+ $wodle_syscollector_disabled = $wazuh::params_agent::wodle_syscollector_disabled,
+ $wodle_syscollector_interval = $wazuh::params_agent::wodle_syscollector_interval,
+ $wodle_syscollector_scan_on_start = $wazuh::params_agent::wodle_syscollector_scan_on_start,
+ $wodle_syscollector_hardware = $wazuh::params_agent::wodle_syscollector_hardware,
+ $wodle_syscollector_os = $wazuh::params_agent::wodle_syscollector_os,
+ $wodle_syscollector_network = $wazuh::params_agent::wodle_syscollector_network,
+ $wodle_syscollector_packages = $wazuh::params_agent::wodle_syscollector_packages,
+ $wodle_syscollector_ports = $wazuh::params_agent::wodle_syscollector_ports,
+ $wodle_syscollector_processes = $wazuh::params_agent::wodle_syscollector_processes,
+
+ # Localfile
+ $ossec_local_files = $wazuh::params_agent::default_local_files,
+
+ # Syscheck
+ $ossec_syscheck_disabled = $wazuh::params_agent::ossec_syscheck_disabled,
+ $ossec_syscheck_frequency = $wazuh::params_agent::ossec_syscheck_frequency,
+ $ossec_syscheck_scan_on_start = $wazuh::params_agent::ossec_syscheck_scan_on_start,
+ $ossec_syscheck_alert_new_files = $wazuh::params_agent::ossec_syscheck_alert_new_files,
+ $ossec_syscheck_auto_ignore = $wazuh::params_agent::ossec_syscheck_auto_ignore,
+ $ossec_syscheck_directories_1 = $wazuh::params_agent::ossec_syscheck_directories_1,
+ $ossec_syscheck_directories_2 = $wazuh::params_agent::ossec_syscheck_directories_2,
+ $ossec_syscheck_ignore_list = $wazuh::params_agent::ossec_syscheck_ignore_list,
+ $ossec_syscheck_ignore_type_1 = $wazuh::params_agent::ossec_syscheck_ignore_type_1,
+ $ossec_syscheck_ignore_type_2 = $wazuh::params_agent::ossec_syscheck_ignore_type_2,
+ $ossec_syscheck_nodiff = $wazuh::params_agent::ossec_syscheck_nodiff,
+ $ossec_syscheck_skip_nfs = $wazuh::params_agent::ossec_syscheck_skip_nfs,
+
+ ## Selinux
+
+ $selinux = $wazuh::params_agent::selinux,
+ $manage_firewall = $wazuh::params_agent::manage_firewall,
+
+ ## Windows
+
+ $download_path = $wazuh::params_agent::download_path,
+
+
+) inherits wazuh::params_agent {
+ # validate_bool(
+ # $ossec_active_response, $ossec_rootcheck,
+ # $selinux, $manage_repo,
+ # )
+ # This allows arrays of integers, sadly
+ # (commented due to stdlib version requirement)
+ validate_string($agent_package_name)
+ validate_string($agent_service_name)
+
+ if (($manage_client_keys == 'yes')){
+ if ( ( $wazuh_register_endpoint == undef ) ) {
+ fail('The $wazuh_register_endpoint parameter is needed in order to register the Agent.')
+ }
+ }
+
+ case $::kernel {
+ 'Linux' : {
+ if $manage_repo {
+ class { 'wazuh::repo':}
+ if $::osfamily == 'Debian' {
+ Class['wazuh::repo'] -> Class['apt::update'] -> Package[$agent_package_name]
+ } else {
+ Class['wazuh::repo'] -> Package[$agent_package_name]
+ }
+ }
+ package { $agent_package_name:
+ ensure => $agent_package_version, # lint:ignore:security_package_pinned_version
+ }
+ }
+ 'windows' : {
+
+ file { 'wazuh-agent':
+ path => "${download_path}wazuh-agent-${agent_package_version}.msi",
+ owner => 'Administrator',
+ group => 'Administrators',
+ mode => '0774',
+ source => "http://packages.wazuh.com/3.x/windows/wazuh-agent-${agent_package_version}.msi",
+ source_permissions => ignore
+ }
+
+ if ( $manage_client_keys == 'yes' ) {
+ package { $agent_package_name:
+ ensure => $agent_package_version, # lint:ignore:security_package_pinned_version
+ provider => 'windows',
+ source => "${download_path}/wazuh-agent-${agent_package_version}.msi",
+ install_options => [ '/q', "ADDRESS=${wazuh_register_endpoint}", "AUTHD_SERVER=${wazuh_register_endpoint}" ],
+ require => File["${download_path}wazuh-agent-${agent_package_version}.msi"],
+ }
+ }
+ else {
+ package { $agent_package_name:
+ ensure => $agent_package_version, # lint:ignore:security_package_pinned_version
+ provider => 'windows',
+ source => "${download_path}wazuh-agent-${agent_package_version}.msi",
+ install_options => [ '/q' ], # silent installation
+ require => File["${download_path}wazuh-agent-${agent_package_version}.msi"],
+ }
+ }
+ }
+ default: { fail('OS not supported') }
+ }
+
+ ## ossec.conf generation concats
+
+ case $::operatingsystem{
+ 'Redhat', 'redhat':{
+ $apply_template_os = 'rhel'
+ if ( $::operatingsystemrelease =~ /^7.*/ ){
+ $rhel_version = '7'
+ }elsif ( $::operatingsystemrelease =~ /^6.*/ ){
+ $rhel_version = '6'
+ }elsif ( $::operatingsystemrelease =~ /^5.*/ ){
+ $rhel_version = '5'
+ }else{
+ fail('This ossec module has not been tested on your distribution')
+ }
+ }'Debian', 'debian', 'Ubuntu', 'ubuntu':{
+ $apply_template_os = 'debian'
+ if ( $::lsbdistcodename == 'wheezy') or ($::lsbdistcodename == 'jessie'){
+ $debian_additional_templates = 'yes'
+ }
+ }'Amazon':{
+ $apply_template_os = 'amazon'
+ }'CentOS','Centos','centos':{
+ $apply_template_os = 'centos'
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+
+ concat { 'ossec.conf':
+ path => $wazuh::params_agent::config_file,
+ owner => $wazuh::params_agent::config_owner,
+ group => $wazuh::params_agent::config_group,
+ mode => $wazuh::params_agent::config_mode,
+ require => Package[$agent_package_name],
+ }
+
+ concat::fragment {
+ default:
+ target => 'ossec.conf';
+ 'ossec.conf_header':
+ order => 00,
+ before => Service[$agent_service_name],
+ content => "\n";
+ 'ossec.conf_agent':
+ order => 10,
+ before => Service[$agent_service_name],
+ content => template($ossec_conf_template);
+ }
+ if ($configure_rootcheck == true){
+ concat::fragment {
+ 'ossec.conf_rootcheck':
+ target => 'ossec.conf',
+ order => 15,
+ before => Service[$agent_service_name],
+ content => template($ossec_rootcheck_template);
+ }
+ }
+ if ($configure_wodle_openscap == true){
+ concat::fragment {
+ 'ossec.conf_openscap':
+ target => 'ossec.conf',
+ order => 16,
+ before => Service[$agent_service_name],
+ content => template($ossec_wodle_openscap_template);
+ }
+ }
+ if ($configure_wodle_cis_cat == true){
+ concat::fragment {
+ 'ossec.conf_cis_cat':
+ target => 'ossec.conf',
+ order => 17,
+ before => Service[$agent_service_name],
+ content => template($ossec_wodle_cis_cat_template);
+ }
+ }
+ if ($configure_wodle_osquery == true){
+ concat::fragment {
+ 'ossec.conf_osquery':
+ target => 'ossec.conf',
+ order => 18,
+ before => Service[$agent_service_name],
+ content => template($ossec_wodle_osquery_template);
+ }
+ }
+ if ($configure_wodle_syscollector == true){
+ concat::fragment {
+ 'ossec.conf_syscollector':
+ target => 'ossec.conf',
+ order => 19,
+ before => Service[$agent_service_name],
+ content => template($ossec_wodle_syscollector_template);
+ }
+ }
+ if ($configure_sca == true){
+ concat::fragment {
+ 'ossec.conf_sca':
+ target => 'ossec.conf',
+ order => 25,
+ before => Service[$agent_service_name],
+ content => template($ossec_sca_template);
+ }
+ }
+ if ($configure_syscheck == true){
+ concat::fragment {
+ 'ossec.conf_syscheck':
+ target => 'ossec.conf',
+ order => 30,
+ before => Service[$agent_service_name],
+ content => template($ossec_syscheck_template);
+ }
+ }
+ if ($configure_localfile == true){
+ concat::fragment {
+ 'ossec.conf_localfile':
+ target => 'ossec.conf',
+ order => 35,
+ before => Service[$agent_service_name],
+ content => template($ossec_localfile_template);
+ }
+ }
+ if ($configure_active_response == true){
+ concat::fragment {
+ 'ossec.conf_active_response':
+ target => 'ossec.conf',
+ order => 40,
+ before => Service[$agent_service_name],
+ content => template($ossec_active_response_template);
+ }
+ }
+ concat::fragment {
+ 'ossec.conf_footer':
+ target => 'ossec.conf',
+ order => 99,
+ before => Service[$agent_service_name],
+ content => '';
+ }
+
+ if ($manage_client_keys == 'yes'){
+
+ if ($::kernel == 'Linux') {
+ # Is this really Linux only?
+
+ file { $::wazuh::params_agent::keys_file:
+ owner => $wazuh::params_agent::keys_owner,
+ group => $wazuh::params_agent::keys_group,
+ mode => $wazuh::params_agent::keys_mode,
+ }
+
+ # https://documentation.wazuh.com/current/user-manual/registering/use-registration-service.html#verify-manager-via-ssl
+
+ $agent_auth_base_command = "/var/ossec/bin/agent-auth -m ${wazuh_register_endpoint}"
+
+ if $wazuh_manager_root_ca_pem != undef {
+ validate_string($wazuh_manager_root_ca_pem)
+ file { '/var/ossec/etc/rootCA.pem':
+ owner => $wazuh::params::keys_owner,
+ group => $wazuh::params::keys_group,
+ mode => $wazuh::params::keys_mode,
+ content => $wazuh_manager_root_ca_pem,
+ require => Package[$agent_package_name],
+ }
+ $agent_auth_option_manager = '-v /var/ossec/etc/rootCA.pem'
+ }elsif $wazuh_manager_root_ca_pem_path != undef {
+ validate_string($wazuh_manager_root_ca_pem)
+ $agent_auth_option_manager = "-v ${wazuh_manager_root_ca_pem_path}"
+ } else {
+ $agent_auth_option_manager = '' # Avoid errors when compounding final command
+ }
+
+ if $agent_name != undef {
+ validate_string($agent_name)
+ $agent_auth_option_name = "-A \"${agent_name}\""
+ }else{
+ $agent_auth_option_name = ''
+ }
+
+ if $agent_group != undef {
+ validate_string($agent_group)
+ $agent_auth_option_group = "-G \"${agent_group}\""
+ }else{
+ $agent_auth_option_group = ''
+ }
+
+ # https://documentation.wazuh.com/current/user-manual/registering/use-registration-service.html#verify-agents-via-ssl
+ if ($wazuh_agent_cert != undef) and ($wazuh_agent_key != undef) {
+ validate_string($wazuh_agent_cert)
+ validate_string($wazuh_agent_key)
+ file { '/var/ossec/etc/sslagent.cert':
+ owner => $wazuh::params_agent::keys_owner,
+ group => $wazuh::params_agent::keys_group,
+ mode => $wazuh::params_agent::keys_mode,
+ content => $wazuh_agent_cert,
+ require => Package[$agent_package_name],
+ }
+ file { '/var/ossec/etc/sslagent.key':
+ owner => $wazuh::params_agent::keys_owner,
+ group => $wazuh::params_agent::keys_group,
+ mode => $wazuh::params_agent::keys_mode,
+ content => $wazuh_agent_key,
+ require => Package[$agent_package_name],
+ }
+
+ $agent_auth_option_agent = '-x /var/ossec/etc/sslagent.cert -k /var/ossec/etc/sslagent.key'
+ }
+
+ if ($wazuh_agent_cert_path != undef) and ($wazuh_agent_key_path != undef) {
+ validate_string($wazuh_agent_cert_path)
+ validate_string($wazuh_agent_key_path)
+ $agent_auth_option_agent = "-x ${wazuh_agent_cert_path} -k ${wazuh_agent_key_path}"
+ }
+
+ $agent_auth_command = "${agent_auth_base_command} ${agent_auth_option_manager} ${agent_auth_option_name}\
+ ${agent_auth_option_group} ${agent_auth_option_agent}"
+
+ # if $agent_auth_password {
+ # exec { 'agent-auth-with-pwd':
+ # command => "${agent_auth_command} -P '${agent_auth_password}'",
+ # unless => "/bin/egrep -q '.' ${::wazuh::params_agent::keys_file}",
+ # require => Concat['ossec.conf'],
+ # before => Service[$agent_service_name],
+ # }
+ # } else {
+ # exec { 'agent-auth-without-pwd':
+ # command => $agent_auth_command,
+ # unless => "/bin/egrep -q '.' ${::wazuh::params_agent::keys_file}",
+ # require => Concat['ossec.conf'],
+ # before => Service[$agent_service_name],
+ # }
+ # }
+ #
+ # Create service file in /etc/systemd/system/wazuh-register.service
+ # Create script file in /var/ossec/bin/wazuh-register.rb
+
+ # SecGen needs to register systems after a restart to respect static IPs, so don't register in the traditional way
+ file { '/etc/systemd/system/wazuh-register.service':
+ ensure => present,
+ source => 'puppet:///modules/wazuh/wazuh-register.service'
+ }
+ exec { 'mkdir ossec directories':
+ command => 'mkdir -p /var/ossec/bin/',
+ path => ['/bin','/sbin','/usr/bin', '/usr/sbin'],
+ }
+ file { '/var/ossec/bin/wazuh-register.rb':
+ ensure => file,
+ content => template('wazuh/wazuh-register.rb.erb'),
+ require => Exec['mkdir ossec directories'],
+ }
+ service { 'wazuh-register':
+ ensure => undef,
+ enable => true,
+ require => File['/var/ossec/bin/wazuh-register.rb'],
+ provider => 'systemd',
+ path => '/etc/systemd/system/'
+ }
+
+ if $wazuh_reporting_endpoint != undef {
+ service { $agent_service_name:
+ ensure => undef,
+ enable => true,
+ hasstatus => $wazuh::params_agent::service_has_status,
+ pattern => $wazuh::params_agent::agent_service_name,
+ provider => $wazuh::params_agent::ossec_service_provider,
+ require => Package[$agent_package_name],
+ }
+ }
+ }
+ }
+
+ if ( ( $manage_client_keys != 'yes') or ( $wazuh_reporting_endpoint == undef ) ){
+ service { $agent_service_name:
+ ensure => stopped,
+ enable => false,
+ hasstatus => $wazuh::params_agent::service_has_status,
+ pattern => $agent_service_name,
+ provider => $wazuh::params_agent::ossec_service_provider,
+ require => Package[$agent_package_name],
+ }
+ }
+
+ # SELinux
+ # Requires selinux module specified in metadata.json
+ if ($::osfamily == 'RedHat' and $selinux == true) {
+ selinux::module { 'ossec-logrotate':
+ ensure => 'present',
+ source_te => 'puppet:///modules/wazuh/ossec-logrotate.te',
+ }
+ }
+ # Manage firewall
+ if $manage_firewall {
+ include firewall
+ firewall { '1514 wazuh-agent':
+ dport => $ossec_port,
+ proto => $ossec_protocol,
+ action => 'accept',
+ state => [
+ 'NEW',
+ 'RELATED',
+ 'ESTABLISHED'],
+ }
+ }
+}
+
diff --git a/modules/services/unix/logging/wazuh/manifests/command.pp b/modules/services/unix/logging/wazuh/manifests/command.pp
new file mode 100644
index 000000000..2057d4ce2
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/command.pp
@@ -0,0 +1,17 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Define an ossec command
+define wazuh::command(
+ $command_name,
+ $command_executable,
+ $command_expect = 'srcip',
+ $timeout_allowed = true,
+) {
+ require wazuh::params_manager
+
+ if ($timeout_allowed) { $command_timeout_allowed='yes' } else { $command_timeout_allowed='no' }
+ concat::fragment { $name:
+ target => 'ossec.conf',
+ order => 46,
+ content => template('wazuh/fragments/_command.erb'),
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/elasticsearch.pp b/modules/services/unix/logging/wazuh/manifests/elasticsearch.pp
new file mode 100644
index 000000000..0ae20b8c1
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/elasticsearch.pp
@@ -0,0 +1,74 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Setup for elasticsearch
+class wazuh::elasticsearch (
+ # Elasticsearch.yml configuration
+
+ $elasticsearch_cluster_name = 'es-wazuh',
+ $elasticsearch_node_name = 'es-node-01',
+ $elasticsearch_node_master = true,
+ $elasticsearch_node_data = true,
+ $elasticsearch_node_ingest = true,
+ $elasticsearch_node_max_local_storage_nodes = '1',
+ $elasticsearch_service = 'elasticsearch',
+ $elasticsearch_package = 'elasticsearch',
+ $elasticsearch_version = '7.3.2',
+
+ $elasticsearch_path_data = '/var/lib/elasticsearch',
+ $elasticsearch_path_logs = '/var/log/elasticsearch',
+
+
+ $elasticsearch_ip = '',
+ $elasticsearch_port = '9200',
+ $elasticsearch_discovery_option = 'discovery.type: single-node',
+ $elasticsearch_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']",
+
+# JVM options
+ $jvm_options_memmory = '1g',
+
+){
+
+ # install package
+ package { 'Installing elasticsearch...':
+ ensure => $elasticsearch_version,
+ name => $elasticsearch_package,
+ }
+
+ file { 'Configure elasticsearch.yml':
+ owner => 'elasticsearch',
+ path => '/etc/elasticsearch/elasticsearch.yml',
+ group => 'elasticsearch',
+ mode => '0644',
+ notify => Service[$elasticsearch_service], ## Restarts the service
+ content => template('wazuh/elasticsearch_yml.erb')
+ }
+
+ file { 'Configure jvm.options':
+ owner => 'elasticsearch',
+ path => '/etc/elasticsearch/jvm.options',
+ group => 'elasticsearch',
+ mode => '0660',
+ notify => Service[$elasticsearch_service], ## Restarts the service
+ content => template('wazuh/jvm_options.erb')
+ }
+
+ service { 'elasticsearch':
+ ensure => running,
+ enable => true,
+ }
+
+ exec { 'Insert line limits':
+ path => '/usr/bin:/bin/',
+ command => "echo 'elasticsearch - nofile 65535\nelasticsearch - memlock unlimited' >> /etc/security/limits.conf",
+
+ }
+
+ exec { 'Verify Elasticsearch folders owner':
+ path => '/usr/bin:/bin',
+ command => "chown elasticsearch:elasticsearch -R /etc/elasticsearch\
+ && chown elasticsearch:elasticsearch -R /usr/share/elasticsearch\
+ && chown elasticsearch:elasticsearch -R /var/lib/elasticsearch",
+
+ }
+
+
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/email_alert.pp b/modules/services/unix/logging/wazuh/manifests/email_alert.pp
new file mode 100644
index 000000000..dea226a11
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/email_alert.pp
@@ -0,0 +1,14 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Define an email alert
+define wazuh::email_alert(
+ $alert_email,
+ $alert_group = false
+) {
+ require wazuh::params_manager
+
+ concat::fragment { $name:
+ target => 'ossec.conf',
+ order => 66,
+ content => template('wazuh/fragments/_email_alert.erb'),
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/filebeat.pp b/modules/services/unix/logging/wazuh/manifests/filebeat.pp
new file mode 100644
index 000000000..8c603593f
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/filebeat.pp
@@ -0,0 +1,57 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Setup for Filebeat
+class wazuh::filebeat (
+ $filebeat_elasticsearch_ip = '',
+ $filebeat_elasticsearch_port = '9200',
+ $elasticsearch_server_ip = "\"${filebeat_elasticsearch_ip}:${filebeat_elasticsearch_port}\"",
+
+ $filebeat_package = 'filebeat',
+ $filebeat_service = 'filebeat',
+ $filebeat_version = '7.3.2',
+ $wazuh_app_version = '3.10.2_7.3.2',
+ $wazuh_extensions_version = 'v3.10.2',
+ $wazuh_filebeat_module = 'wazuh-filebeat-0.1.tar.gz',
+){
+
+ class {'wazuh::repo_elastic':}
+
+ package { 'Installing Filebeat...':
+ ensure => $filebeat_version,
+ name => $filebeat_package,
+ }
+
+ file { 'Configure filebeat.yml':
+ owner => 'root',
+ path => '/etc/filebeat/filebeat.yml',
+ group => 'root',
+ mode => '0644',
+ notify => Service[$filebeat_service], ## Restarts the service
+ content => template('wazuh/filebeat_yml.erb'),
+ }
+
+ exec { 'Installing wazuh-template.json...':
+ path => '/usr/bin',
+ command => "curl -so /etc/filebeat/wazuh-template.json 'https://raw.githubusercontent.com/wazuh/wazuh/${wazuh_extensions_version}/extensions/elasticsearch/7.x/wazuh-template.json'",
+ notify => Service['filebeat']
+ }
+
+ exec { 'Installing filebeat module ... Downloading package':
+ path => '/usr/bin',
+ command => "curl -o /root/${$wazuh_filebeat_module} https://packages.wazuh.com/3.x/filebeat/${$wazuh_filebeat_module}",
+ }
+
+ exec { 'Unpackaging ...':
+ command => '/bin/tar -xzvf /root/wazuh-filebeat-0.1.tar.gz -C /usr/share/filebeat/module',
+ notify => Service['filebeat']
+ }
+
+ file { '/usr/share/filebeat/module/wazuh':
+ ensure => 'directory',
+ mode => '0755',
+ }
+
+ service { 'filebeat':
+ ensure => running,
+ enable => true,
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/init.pp b/modules/services/unix/logging/wazuh/manifests/init.pp
new file mode 100644
index 000000000..7f43143f2
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/init.pp
@@ -0,0 +1,3 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Blank container class
+class wazuh { }
diff --git a/modules/services/unix/logging/wazuh/manifests/integration.pp b/modules/services/unix/logging/wazuh/manifests/integration.pp
new file mode 100644
index 000000000..d00d11cd1
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/integration.pp
@@ -0,0 +1,21 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+#Define for a specific ossec integration
+define wazuh::integration(
+ $hook_url = '',
+ $api_key = '',
+ $in_rule_id = '',
+ $in_level = 7,
+ $in_group = '',
+ $in_location = '',
+ $in_format = '',
+ $in_max_log = '',
+) {
+
+ require wazuh::params_manager
+
+ concat::fragment { $name:
+ target => 'ossec.conf',
+ order => 60,
+ content => template('wazuh/fragments/_integration.erb')
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/kibana.pp b/modules/services/unix/logging/wazuh/manifests/kibana.pp
new file mode 100644
index 000000000..e092989ef
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/kibana.pp
@@ -0,0 +1,72 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Setup for Kibana
+class wazuh::kibana (
+ $kibana_package = 'kibana',
+ $kibana_service = 'kibana',
+ $kibana_version = '6.3.1',
+ $kibana_app_version = '3.3.1_6.3.1',
+
+ $kibana_elasticsearch_ip = '',
+ $kibana_elasticsearch_port = '9200',
+
+ $kibana_server_port = '5601',
+ $kibana_server_host = '0.0.0.0',
+ $kibana_elasticsearch_server_hosts ="http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}",
+
+){
+
+ # install package
+ package { 'Installing Kibana...':
+ ensure => $kibana_version,
+ name => $kibana_package,
+ }
+
+ file { 'Configure kibana.yml':
+ owner => 'kibana',
+ path => '/etc/kibana/kibana.yml',
+ group => 'kibana',
+ mode => '0644',
+ notify => Service[$kibana_service],
+ content => template('wazuh/kibana_yml.erb'),
+ }
+
+ service { 'kibana':
+ ensure => running,
+ enable => true,
+ }
+
+ file {'Moving zip file...':
+ path => '/tmp/wazuhapp-3.3.1_6.3.1.zip',
+ ensure => present,
+ source => 'puppet:///modules/wazuh/wazuhapp-3.3.1_6.3.1.zip'
+ }
+
+ exec {'Waiting for elasticsearch...':
+ path => '/usr/bin',
+ command => "curl -s -XGET http://${kibana_elasticsearch_ip}:${kibana_elasticsearch_port}",
+ tries => 100,
+ try_sleep => 3,
+ }
+
+ exec {'Installing Wazuh App...':
+ path => '/usr/bin',
+ command => "sudo -u kibana /usr/share/kibana/bin/kibana-plugin install file:///tmp/wazuhapp-${kibana_app_version}.zip",
+ creates => '/usr/share/kibana/plugins/wazuh/package.json',
+ notify => Service[$kibana_service],
+ require => File['Moving zip file...'],
+ timeout => 1200,
+ }
+ exec {'Enabling and restarting kibana...':
+ path => '/usr/bin:/bin',
+ command => 'systemctl daemon-reload && systemctl enable kibana && systemctl restart kibana',
+
+ }
+
+ exec { 'Verify Kibana folders owner':
+ path => '/usr/bin:/bin',
+ command => "chown -R kibana:kibana /usr/share/kibana/optimize\
+ && chown -R kibana:kibana /usr/share/kibana/plugins",
+
+ }
+
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/manager.pp b/modules/services/unix/logging/wazuh/manifests/manager.pp
new file mode 100644
index 000000000..9c74f5169
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/manager.pp
@@ -0,0 +1,516 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Main ossec server config
+class wazuh::manager (
+
+ # Installation
+
+ $server_package_version = $wazuh::params_manager::server_package_version,
+ $manage_repos = $::wazuh::params_manager::manage_repos,
+ $manage_firewall = $wazuh::params_manager::manage_firewall,
+
+
+ ### Ossec.conf blocks
+
+ ## Global
+
+ $ossec_emailnotification = $wazuh::params_manager::ossec_emailnotification,
+ $ossec_emailto = $wazuh::params_manager::ossec_emailto,
+ $ossec_smtp_server = $wazuh::params_manager::ossec_smtp_server,
+ $ossec_emailfrom = $wazuh::params_manager::ossec_emailfrom,
+ $ossec_email_maxperhour = $wazuh::params_manager::ossec_email_maxperhour,
+ $ossec_email_idsname = $wazuh::params_manager::ossec_email_idsname,
+ $ossec_white_list = $wazuh::params_manager::ossec_white_list,
+ $ossec_alert_level = $wazuh::params_manager::ossec_alert_level,
+ $ossec_email_alert_level = $wazuh::params_manager::ossec_email_alert_level,
+ $ossec_remote_connection = $wazuh::params_manager::ossec_remote_connection,
+ $ossec_remote_port = $wazuh::params_manager::ossec_remote_port,
+ $ossec_remote_protocol = $wazuh::params_manager::ossec_remote_protocol,
+ $ossec_remote_queue_size = $wazuh::params_manager::ossec_remote_queue_size,
+
+ # ossec.conf generation parameters
+
+ $configure_rootcheck = $wazuh::params_manager::configure_rootcheck,
+ $configure_wodle_openscap = $wazuh::params_manager::configure_wodle_openscap,
+ $configure_wodle_cis_cat = $wazuh::params_manager::configure_wodle_cis_cat,
+ $configure_wodle_osquery = $wazuh::params_manager::configure_wodle_osquery,
+ $configure_wodle_syscollector = $wazuh::params_manager::configure_wodle_syscollector,
+ $configure_vulnerability_detector = $wazuh::params_manager::configure_vulnerability_detector,
+ $configure_sca = $wazuh::params_manager::configure_sca,
+ $configure_syscheck = $wazuh::params_manager::configure_syscheck,
+ $configure_command = $wazuh::params_manager::configure_command,
+ $configure_localfile = $wazuh::params_manager::configure_localfile,
+ $configure_ruleset = $wazuh::params_manager::configure_ruleset,
+ $configure_auth = $wazuh::params_manager::configure_auth,
+ $configure_cluster = $wazuh::params_manager::configure_cluster,
+ $configure_active_response = $wazuh::params_manager::configure_active_response,
+
+ # ossec.conf templates paths
+ $ossec_manager_template = $wazuh::params_manager::ossec_manager_template,
+ $ossec_rootcheck_template = $wazuh::params_manager::ossec_rootcheck_template,
+ $ossec_wodle_openscap_template = $wazuh::params_manager::ossec_wodle_openscap_template,
+ $ossec_wodle_cis_cat_template = $wazuh::params_manager::ossec_wodle_cis_cat_template,
+ $ossec_wodle_osquery_template = $wazuh::params_manager::ossec_wodle_osquery_template,
+ $ossec_wodle_syscollector_template = $wazuh::params_manager::ossec_wodle_syscollector_template,
+ $ossec_wodle_vulnerability_detector_template = $wazuh::params_manager::ossec_wodle_vulnerability_detector_template,
+ $ossec_sca_template = $wazuh::params_manager::ossec_sca_template,
+ $ossec_syscheck_template = $wazuh::params_manager::ossec_syscheck_template,
+ $ossec_default_commands_template = $wazuh::params_manager::ossec_default_commands_template,
+ $ossec_localfile_template = $wazuh::params_manager::ossec_localfile_template,
+ $ossec_ruleset_template = $wazuh::params_manager::ossec_ruleset_template,
+ $ossec_auth_template = $wazuh::params_manager::ossec_auth_template,
+ $ossec_cluster_template = $wazuh::params_manager::ossec_cluster_template,
+ $ossec_active_response_template = $wazuh::params_manager::ossec_active_response_template,
+
+ ## Rootcheck
+
+ $ossec_rootcheck_disabled = $wazuh::params_manager::ossec_rootcheck_disabled,
+ $ossec_rootcheck_check_files = $wazuh::params_manager::ossec_rootcheck_check_files,
+ $ossec_rootcheck_check_trojans = $wazuh::params_manager::ossec_rootcheck_check_trojans,
+ $ossec_rootcheck_check_dev = $wazuh::params_manager::ossec_rootcheck_check_dev,
+ $ossec_rootcheck_check_sys = $wazuh::params_manager::ossec_rootcheck_check_sys,
+ $ossec_rootcheck_check_pids = $wazuh::params_manager::ossec_rootcheck_check_pids,
+ $ossec_rootcheck_check_ports = $wazuh::params_manager::ossec_rootcheck_check_ports,
+ $ossec_rootcheck_check_if = $wazuh::params_manager::ossec_rootcheck_check_if,
+ $ossec_rootcheck_frequency = $wazuh::params_manager::ossec_rootcheck_frequency,
+ $ossec_rootcheck_rootkit_files = $wazuh::params_manager::ossec_rootcheck_rootkit_files,
+ $ossec_rootcheck_rootkit_trojans = $wazuh::params_manager::ossec_rootcheck_rootkit_trojans,
+ $ossec_rootcheck_skip_nfs = $wazuh::params_manager::ossec_rootcheck_skip_nfs,
+
+ ## Wodles
+
+ #openscap
+ $wodle_openscap_disabled = $wazuh::params_manager::wodle_openscap_disabled,
+ $wodle_openscap_timeout = $wazuh::params_manager::wodle_openscap_timeout,
+ $wodle_openscap_interval = $wazuh::params_manager::wodle_openscap_interval,
+ $wodle_openscap_scan_on_start = $wazuh::params_manager::wodle_openscap_scan_on_start,
+
+ #cis-cat
+ $wodle_ciscat_disabled = $wazuh::params_manager::wodle_ciscat_disabled,
+ $wodle_ciscat_timeout = $wazuh::params_manager::wodle_ciscat_timeout,
+ $wodle_ciscat_interval = $wazuh::params_manager::wodle_ciscat_interval,
+ $wodle_ciscat_scan_on_start = $wazuh::params_manager::wodle_ciscat_scan_on_start,
+ $wodle_ciscat_java_path = $wazuh::params_manager::wodle_ciscat_java_path,
+ $wodle_ciscat_ciscat_path = $wazuh::params_manager::wodle_ciscat_ciscat_path,
+
+ #osquery
+ $wodle_osquery_disabled = $wazuh::params_manager::wodle_osquery_disabled,
+ $wodle_osquery_run_daemon = $wazuh::params_manager::wodle_osquery_run_daemon,
+ $wodle_osquery_log_path = $wazuh::params_manager::wodle_osquery_log_path,
+ $wodle_osquery_config_path = $wazuh::params_manager::wodle_osquery_config_path,
+ $wodle_osquery_add_labels = $wazuh::params_manager::wodle_osquery_add_labels,
+
+ #syscollector
+ $wodle_syscollector_disabled = $wazuh::params_manager::wodle_syscollector_disabled,
+ $wodle_syscollector_interval = $wazuh::params_manager::wodle_syscollector_interval,
+ $wodle_syscollector_scan_on_start = $wazuh::params_manager::wodle_syscollector_scan_on_start,
+ $wodle_syscollector_hardware = $wazuh::params_manager::wodle_syscollector_hardware,
+ $wodle_syscollector_os = $wazuh::params_manager::wodle_syscollector_os,
+ $wodle_syscollector_network = $wazuh::params_manager::wodle_syscollector_network,
+ $wodle_syscollector_packages = $wazuh::params_manager::wodle_syscollector_packages,
+ $wodle_syscollector_ports = $wazuh::params_manager::wodle_syscollector_ports,
+ $wodle_syscollector_processes = $wazuh::params_manager::wodle_syscollector_processes,
+
+ #vulnerability-detector
+ $wodle_vulnerability_detector_disabled = $wazuh::params_manager::wodle_vulnerability_detector_disabled,
+ $wodle_vulnerability_detector_interval = $wazuh::params_manager::wodle_vulnerability_detector_interval,
+ $wodle_vulnerability_detector_ignore_time = $wazuh::params_manager::wodle_vulnerability_detector_ignore_time,
+ $wodle_vulnerability_detector_run_on_start = $wazuh::params_manager::wodle_vulnerability_detector_run_on_start,
+ $wodle_vulnerability_detector_ubuntu_disabled = $wazuh::params_manager::wodle_vulnerability_detector_ubuntu_disabled,
+ $wodle_vulnerability_detector_ubuntu_update = $wazuh::params_manager::wodle_vulnerability_detector_ubuntu_update,
+ $wodle_vulnerability_detector_redhat_disable = $wazuh::params_manager::wodle_vulnerability_detector_redhat_disable,
+ $wodle_vulnerability_detector_redhat_update_from = $wazuh::params_manager::wodle_vulnerability_detector_redhat_update_from,
+ $wodle_vulnerability_detector_redhat_update = $wazuh::params_manager::wodle_vulnerability_detector_redhat_update,
+ $wodle_vulnerability_detector_debian_9_disable = $wazuh::params_manager::wodle_vulnerability_detector_debian_9_disable,
+ $wodle_vulnerability_detector_debian_9_update = $wazuh::params_manager::wodle_vulnerability_detector_debian_9_update,
+
+ # syslog
+ $syslog_output = $::wazuh::params_manager::syslog_output,
+ $syslog_output_level = $wazuh::params_manager::syslog_output_level,
+ $syslog_output_port = $wazuh::params_manager::syslog_output_port,
+ $syslog_output_server = $wazuh::params_manager::syslog_output_server,
+ $syslog_output_format = $wazuh::params_manager::syslog_output_format,
+
+ # Authd configuration
+
+ $ossec_auth_disabled = $wazuh::params_manager::ossec_auth_disabled,
+ $ossec_auth_port = $wazuh::params_manager::ossec_auth_port,
+ $ossec_auth_use_source_ip = $wazuh::params_manager::ossec_auth_use_source_ip,
+ $ossec_auth_force_insert = $wazuh::params_manager::ossec_auth_force_insert,
+ $ossec_auth_force_time = $wazuh::params_manager::ossec_auth_force_time,
+ $ossec_auth_purgue = $wazuh::params_manager::ossec_auth_purgue,
+ $ossec_auth_use_password = $wazuh::params_manager::ossec_auth_use_password,
+ $ossec_auth_limit_maxagents = $wazuh::params_manager::ossec_auth_limit_maxagents,
+ $ossec_auth_ciphers = $wazuh::params_manager::ossec_auth_ciphers,
+ $ossec_auth_ssl_verify_host = $wazuh::params_manager::ossec_auth_ssl_verify_host,
+ $ossec_auth_ssl_manager_cert = $wazuh::params_manager::ossec_auth_ssl_manager_cert,
+ $ossec_auth_ssl_manager_key = $wazuh::params_manager::ossec_auth_ssl_manager_key,
+ $ossec_auth_ssl_auto_negotiate = $wazuh::params_manager::ossec_auth_ssl_auto_negotiate,
+
+
+ # syscheck
+
+ $ossec_syscheck_disabled = $wazuh::params_manager::ossec_syscheck_disabled,
+ $ossec_syscheck_frequency = $wazuh::params_manager::ossec_syscheck_frequency,
+ $ossec_syscheck_scan_on_start = $wazuh::params_manager::ossec_syscheck_scan_on_start,
+ $ossec_syscheck_alert_new_files = $wazuh::params_manager::ossec_syscheck_alert_new_files,
+ $ossec_syscheck_auto_ignore = $wazuh::params_manager::ossec_syscheck_auto_ignore,
+ $ossec_syscheck_directories_1 = $wazuh::params_manager::ossec_syscheck_directories_1,
+ $ossec_syscheck_directories_2 = $wazuh::params_manager::ossec_syscheck_directories_2,
+ $ossec_syscheck_ignore_list = $wazuh::params_manager::ossec_syscheck_ignore_list,
+
+ $ossec_syscheck_ignore_type_1 = $wazuh::params_manager::ossec_syscheck_ignore_type_1,
+ $ossec_syscheck_ignore_type_2 = $wazuh::params_manager::ossec_syscheck_ignore_type_2,
+
+ $ossec_syscheck_nodiff = $wazuh::params_manager::ossec_syscheck_nodiff,
+ $ossec_syscheck_skip_nfs = $wazuh::params_manager::ossec_syscheck_skip_nfs,
+
+ # Cluster
+
+ $ossec_cluster_name = $wazuh::params_manager::ossec_cluster_name,
+ $ossec_cluster_node_name = $wazuh::params_manager::ossec_cluster_node_name,
+ $ossec_cluster_node_type = $wazuh::params_manager::ossec_cluster_node_type,
+ $ossec_cluster_key = $wazuh::params_manager::ossec_cluster_key,
+ $ossec_cluster_port = $wazuh::params_manager::ossec_cluster_port,
+ $ossec_cluster_bind_addr = $wazuh::params_manager::ossec_cluster_bind_addr,
+ $ossec_cluster_nodes = $wazuh::params_manager::ossec_cluster_nodes,
+ $ossec_cluster_hidden = $wazuh::params_manager::ossec_cluster_hidden,
+ $ossec_cluster_disabled = $wazuh::params_manager::ossec_cluster_disabled,
+
+ #----- End of ossec.conf parameters -------
+
+ $ossec_cluster_enable_firewall = $wazuh::params_manager::ossec_cluster_enable_firewall,
+
+ $ossec_prefilter = $wazuh::params_manager::ossec_prefilter,
+ $ossec_integratord_enabled = $wazuh::params_manager::ossec_integratord_enabled,
+
+ $manage_client_keys = $wazuh::params_manager::manage_client_keys,
+ $agent_auth_password = $wazuh::params_manager::agent_auth_password,
+ $ar_repeated_offenders = $wazuh::params_manager::ar_repeated_offenders,
+
+ $local_decoder_template = $wazuh::params_manager::local_decoder_template,
+ $decoder_exclude = $wazuh::params_manager::decoder_exclude,
+ $local_rules_template = $wazuh::params_manager::local_rules_template,
+ $rule_exclude = $wazuh::params_manager::rule_exclude,
+ $shared_agent_template = $wazuh::params_manager::shared_agent_template,
+
+ $wazuh_manager_verify_manager_ssl = $wazuh::params_manager::wazuh_manager_verify_manager_ssl,
+ $wazuh_manager_server_crt = $wazuh::params_manager::wazuh_manager_server_crt,
+ $wazuh_manager_server_key = $wazuh::params_manager::wazuh_manager_server_key,
+
+ $ossec_local_files = $::wazuh::params_manager::default_local_files,
+) inherits wazuh::params_manager {
+ validate_bool(
+ $manage_repos, $syslog_output,$wazuh_manager_verify_manager_ssl
+ )
+ validate_array(
+ $decoder_exclude, $rule_exclude
+ )
+
+ ## Determine which kernel and family puppet is running on. Will be used on _localfile, _rootcheck, _syscheck & _sca
+
+ if ($::kernel == 'windows') {
+ $kernel = 'Linux'
+
+ }else{
+ $kernel = 'Linux'
+ if ($::osfamily == 'Debian'){
+ $os_family = 'debian'
+ }else{
+ $os_family = 'centos'
+ }
+ }
+
+ # This allows arrays of integers, sadly
+ # (commented due to stdlib version requirement)
+ if ($ossec_emailnotification == true) {
+ if $ossec_smtp_server == undef {
+ fail('$ossec_emailnotification is enabled but $smtp_server was not set')
+ }
+ validate_string($ossec_smtp_server)
+ validate_string($ossec_emailfrom)
+ validate_array($ossec_emailto)
+ }
+
+ if $::osfamily == 'windows' {
+ fail('The ossec module does not yet support installing the OSSEC HIDS server on Windows')
+ }
+
+ # Install wazuh-repository
+
+ if $manage_repos {
+ # TODO: Allow filtering of EPEL requirement
+ class { 'wazuh::repo':}
+ if $::osfamily == 'Debian' {
+ Class['wazuh::repo'] -> Class['apt::update'] -> Package[$wazuh::params_manager::server_package]
+ } else {
+ Class['wazuh::repo'] -> Package[$wazuh::params_manager::server_package]
+ }
+ }
+
+ # Install and configure Wazuh-manager package
+
+ package { $wazuh::params_manager::server_package:
+ ensure => $server_package_version, # lint:ignore:security_package_pinned_version
+ }
+
+ file {
+ default:
+ owner => $wazuh::params_manager::config_owner,
+ group => $wazuh::params_manager::config_group,
+ mode => $wazuh::params_manager::config_mode,
+ notify => Service[$wazuh::params_manager::server_service],
+ require => Package[$wazuh::params_manager::server_package];
+ $wazuh::params_manager::shared_agent_config_file:
+ validate_cmd => $wazuh::params_manager::validate_cmd_conf,
+ content => template($shared_agent_template);
+ '/var/ossec/etc/rules/local_rules.xml':
+ content => template($local_rules_template);
+ '/var/ossec/etc/decoders/local_decoder.xml':
+ content => template($local_decoder_template);
+ $wazuh::params_manager::processlist_file:
+ content => template('wazuh/process_list.erb');
+ }
+
+ service { $wazuh::params_manager::server_service:
+ ensure => running,
+ enable => true,
+ hasstatus => $wazuh::params_manager::service_has_status,
+ pattern => $wazuh::params_manager::server_service,
+ provider => $wazuh::params_manager::ossec_service_provider,
+ require => Package[$wazuh::params_manager::server_package],
+ }
+
+ ## Declaring variables for localfile and wodles generation
+
+ case $::operatingsystem{
+ 'Redhat', 'redhat':{
+ $apply_template_os = 'rhel'
+ if ( $::operatingsystemrelease =~ /^7.*/ ){
+ $rhel_version = '7'
+ }elsif ( $::operatingsystemrelease =~ /^6.*/ ){
+ $rhel_version = '6'
+ }elsif ( $::operatingsystemrelease =~ /^5.*/ ){
+ $rhel_version = '5'
+ }else{
+ fail('This ossec module has not been tested on your distribution')
+ }
+ }'Debian', 'debian', 'Ubuntu', 'ubuntu':{
+ $apply_template_os = 'debian'
+ if ( $::lsbdistcodename == 'wheezy') or ($::lsbdistcodename == 'jessie'){
+ $debian_additional_templates = 'yes'
+ }
+ }'Amazon':{
+ $apply_template_os = 'amazon'
+ }'CentOS','Centos','centos':{
+ $apply_template_os = 'centos'
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+
+
+
+ concat { 'ossec.conf':
+ path => $wazuh::params_manager::config_file,
+ owner => $wazuh::params_manager::config_owner,
+ group => $wazuh::params_manager::config_group,
+ mode => $wazuh::params_manager::config_mode,
+ require => Package[$wazuh::params_manager::server_package],
+ notify => Service[$wazuh::params_manager::server_service],
+ }
+ concat::fragment {
+ 'ossec.conf_header':
+ target => 'ossec.conf',
+ order => 00,
+ content => "\n";
+ 'ossec.conf_main':
+ target => 'ossec.conf',
+ order => 01,
+ content => template($ossec_manager_template);
+ }
+ if($configure_rootcheck == true){
+ concat::fragment {
+ 'ossec.conf_rootcheck':
+ order => 10,
+ target => 'ossec.conf',
+ content => template($ossec_rootcheck_template);
+ }
+ }
+
+ if ($configure_wodle_openscap == true){
+ concat::fragment {
+ 'ossec.conf_wodle_openscap':
+ order => 15,
+ target => 'ossec.conf',
+ content => template($ossec_wodle_openscap_template);
+ }
+ }
+ if ($configure_wodle_cis_cat == true){
+ concat::fragment {
+ 'ossec.conf_wodle_ciscat':
+ order => 20,
+ target => 'ossec.conf',
+ content => template($ossec_wodle_cis_cat_template);
+ }
+ }
+ if ($configure_wodle_osquery== true){
+ concat::fragment {
+ 'ossec.conf_wodle_osquery':
+ order => 25,
+ target => 'ossec.conf',
+ content => template($ossec_wodle_osquery_template);
+ }
+ }
+ if ($configure_wodle_syscollector == true){
+ concat::fragment {
+ 'ossec.conf_wodle_syscollector':
+ order => 30,
+ target => 'ossec.conf',
+ content => template($ossec_wodle_syscollector_template);
+ }
+ }
+ if ($configure_sca == true){
+ concat::fragment {
+ 'ossec.conf_sca':
+ order => 40,
+ target => 'ossec.conf',
+ content => template($ossec_sca_template);
+ }
+ }
+ if($configure_vulnerability_detector == true){
+ concat::fragment {
+ 'ossec.conf_wodle_vulnerability_detector':
+ order => 45,
+ target => 'ossec.conf',
+ content => template($ossec_wodle_vulnerability_detector_template);
+ }
+ }
+ if($configure_syscheck == true){
+ concat::fragment {
+ 'ossec.conf_syscheck':
+ order => 55,
+ target => 'ossec.conf',
+ content => template($ossec_syscheck_template);
+ }
+ }
+ if ($configure_command == true){
+ concat::fragment {
+ 'ossec.conf_command':
+ order => 60,
+ target => 'ossec.conf',
+ content => template($ossec_default_commands_template);
+ }
+ }
+ if ($configure_localfile == true){
+ concat::fragment {
+ 'ossec.conf_localfile':
+ order => 65,
+ target => 'ossec.conf',
+ content => template($ossec_localfile_template);
+ }
+ }
+ if($configure_ruleset == true){
+ concat::fragment {
+ 'ossec.conf_ruleset':
+ order => 75,
+ target => 'ossec.conf',
+ content => template($ossec_ruleset_template);
+ }
+ }
+ if ($configure_auth == true){
+ concat::fragment {
+ 'ossec.conf_auth':
+ order => 80,
+ target => 'ossec.conf',
+ content => template($ossec_auth_template);
+ }
+ }
+ if ($configure_cluster == true){
+ concat::fragment {
+ 'ossec.conf_cluster':
+ order => 85,
+ target => 'ossec.conf',
+ content => template($ossec_cluster_template);
+ }
+ }
+ if ($configure_active_response == true){
+ concat::fragment {
+ 'ossec.conf_active_response':
+ order => 90,
+ target => 'ossec.conf',
+ content => template($ossec_active_response_template);
+ }
+ }
+ concat::fragment {
+ 'ossec.conf_footer':
+ target => 'ossec.conf',
+ order => 99,
+ content => "\n";
+ }
+
+ if ( $manage_client_keys == 'yes') {
+ # TODO: ensure the authd service is started if manage_client_keys == authd
+ # (see https://github.com/wazuh/wazuh/issues/80)
+
+ file { $wazuh::params_manager::authd_pass_file:
+ owner => $wazuh::params_manager::keys_owner,
+ group => $wazuh::params_manager::keys_group,
+ mode => $wazuh::params_manager::keys_mode,
+ content => $agent_auth_password,
+ require => Package[$wazuh::params_manager::server_package],
+ }
+ }
+
+ # https://documentation.wazuh.com/current/user-manual/registering/use-registration-service.html#verify-manager-via-ssl
+ if $wazuh_manager_verify_manager_ssl {
+
+ if ($wazuh_manager_server_crt != undef) and ($wazuh_manager_server_key != undef) {
+ validate_string(
+ $wazuh_manager_server_crt, $wazuh_manager_server_key
+ )
+
+ file { '/var/ossec/etc/sslmanager.key':
+ content => $wazuh_manager_server_key,
+ owner => 'root',
+ group => 'ossec',
+ mode => '0640',
+ require => Package[$wazuh::params_manager::server_package],
+ notify => Service[$wazuh::params_manager::server_service],
+ }
+
+ file { '/var/ossec/etc/sslmanager.cert':
+ content => $wazuh_manager_server_crt,
+ owner => 'root',
+ group => 'ossec',
+ mode => '0640',
+ require => Package[$wazuh::params_manager::server_package],
+ notify => Service[$wazuh::params_manager::server_service],
+ }
+ }
+ }
+
+ # Manage firewall
+ if $manage_firewall == true {
+ include firewall
+ firewall { '1514 wazuh-manager':
+ dport => $ossec_remote_port,
+ proto => $ossec_remote_protocol,
+ action => 'accept',
+ state => [
+ 'NEW',
+ 'RELATED',
+ 'ESTABLISHED'],
+ }
+ }
+ if $ossec_cluster_enable_firewall == 'yes'{
+ include firewall
+ firewall { '1516 wazuh-manager':
+ dport => $ossec_cluster_port,
+ proto => $ossec_remote_protocol,
+ action => 'accept',
+ state => [
+ 'NEW',
+ 'RELATED',
+ 'ESTABLISHED'],
+ }
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/params_agent.pp b/modules/services/unix/logging/wazuh/manifests/params_agent.pp
new file mode 100644
index 000000000..9e6bd11fc
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/params_agent.pp
@@ -0,0 +1,376 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh-Agent configuration parameters
+class wazuh::params_agent {
+ case $::kernel {
+ 'Linux': {
+
+# Versions
+
+ $agent_package_version = '3.3.1-1'
+ $agent_package_name = 'wazuh-agent'
+ $agent_service_name = 'wazuh-agent'
+
+ # Authd Registration options
+
+ $manage_client_keys = 'yes' # Enable/Disable agent registration
+ $agent_name = undef
+ $agent_group = undef
+ $wazuh_agent_cert = undef
+ $wazuh_agent_key = undef
+ $wazuh_agent_cert_path = undef
+ $wazuh_agent_key_path = undef
+ $agent_auth_password = undef
+ $wazuh_manager_root_ca_pem = undef
+
+ $wazuh_manager_root_ca_pem_path = undef
+
+ ## Wazuh config folders and modes
+
+ $config_file = '/var/ossec/etc/ossec.conf'
+ $shared_agent_config_file = '/var/ossec/etc/shared/agent.conf'
+
+ $config_mode = '0640'
+ $config_owner = 'root'
+ $config_group = 'ossec'
+
+ $keys_file = '/var/ossec/etc/client.keys'
+ $keys_mode = '0640'
+ $keys_owner = 'root'
+ $keys_group = 'ossec'
+
+ $manage_firewall = false
+ $authd_pass_file = '/var/ossec/etc/authd.pass'
+
+ $validate_cmd_conf = '/var/ossec/bin/verify-agent-conf -f %'
+
+ $processlist_file = '/var/ossec/bin/.process_list'
+ $processlist_mode = '0640'
+ $processlist_owner = 'root'
+ $processlist_group = 'ossec'
+
+ # ossec.conf generation parameters
+
+ ## Ossec.conf generation variables
+
+ $configure_rootcheck = true
+ $configure_wodle_openscap = false # TODO WAS: true
+ $configure_wodle_cis_cat = false # TODO WAS: true
+ $configure_wodle_osquery = false # TODO WAS: true
+ $configure_wodle_syscollector = false # TODO WAS: true
+ $configure_sca = false # TODO WAS: true
+ $configure_syscheck = true
+ $configure_localfile = true
+ $configure_active_response = true
+
+
+ # ossec.conf templates paths
+ $ossec_conf_template = 'wazuh/wazuh_agent.conf.erb'
+ $ossec_rootcheck_template = 'wazuh/fragments/_rootcheck.erb'
+ $ossec_wodle_openscap_template = 'wazuh/fragments/_wodle_openscap.erb'
+ $ossec_wodle_cis_cat_template = 'wazuh/fragments/_wodle_cis_cat.erb'
+ $ossec_wodle_osquery_template = 'wazuh/fragments/_wodle_osquery.erb'
+ $ossec_wodle_syscollector_template = 'wazuh/fragments/_wodle_syscollector.erb'
+ $ossec_sca_template = 'wazuh/fragments/_sca.erb'
+ $ossec_syscheck_template = 'wazuh/fragments/_syscheck.erb'
+ $ossec_localfile_template = 'wazuh/fragments/_localfile.erb'
+ $ossec_ruleset = 'wazuh/fragments/_ruleset.erb'
+ $ossec_auth = 'wazuh/fragments/_auth.erb'
+ $ossec_cluster = 'wazuh/fragments/_cluster.erb'
+ $ossec_active_response_template = 'wazuh/fragments/_default_activeresponse.erb'
+
+ ### Ossec.conf blocks
+
+ ## Server block configuration
+
+ $wazuh_register_endpoint = undef
+ $wazuh_reporting_endpoint = undef
+ $ossec_port = '1514'
+ $ossec_protocol = 'udp'
+ $ossec_notify_time = 10
+ $ossec_time_reconnect = 60
+ $ossec_auto_restart = 'yes'
+ $ossec_crypto_method = undef
+
+ $client_buffer_queue_size = 5000
+ $client_buffer_events_per_second = 500
+
+ # Rootcheck
+
+ $ossec_rootcheck_disabled = 'no'
+ $ossec_rootcheck_check_files = 'yes'
+ $ossec_rootcheck_check_trojans = 'yes'
+ $ossec_rootcheck_check_dev = 'yes'
+ $ossec_rootcheck_check_sys = 'yes'
+ $ossec_rootcheck_check_pids = 'yes'
+ $ossec_rootcheck_check_ports = 'yes'
+ $ossec_rootcheck_check_if = 'yes'
+ $ossec_rootcheck_frequency = 43200
+ $ossec_rootcheck_rootkit_files = '/var/ossec/etc/shared/rootkit_files.txt'
+ $ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/shared/rootkit_trojans.txt'
+ $ossec_rootcheck_skip_nfs = 'yes'
+
+ ## Wodles
+
+ #openscap
+ $wodle_openscap_disabled = 'no'
+ $wodle_openscap_timeout = '1800'
+ $wodle_openscap_interval = '1d'
+ $wodle_openscap_scan_on_start = 'yes'
+
+ #cis-cat
+ $wodle_ciscat_disabled = 'yes'
+ $wodle_ciscat_timeout = '1800'
+ $wodle_ciscat_interval = '1d'
+ $wodle_ciscat_scan_on_start = 'yes'
+ $wodle_ciscat_java_path = 'wodles/java'
+ $wodle_ciscat_ciscat_path = 'wodles/ciscat'
+
+ #osquery
+
+ $wodle_osquery_disabled = 'yes'
+ $wodle_osquery_run_daemon = 'yes'
+ $wodle_osquery_log_path = '/var/log/osquery/osqueryd.results.log'
+ $wodle_osquery_config_path = '/etc/osquery/osquery.conf'
+ $wodle_osquery_add_labels = 'yes'
+
+ #syscollector
+ $wodle_syscollector_disabled = true
+ $wodle_syscollector_interval = '1d'
+ $wodle_syscollector_scan_on_start = 'yes'
+ $wodle_syscollector_hardware = 'yes'
+ $wodle_syscollector_os = 'yes'
+ $wodle_syscollector_network = 'yes'
+ $wodle_syscollector_packages = 'yes'
+ $wodle_syscollector_ports = 'yes'
+ $wodle_syscollector_processes = 'yes'
+
+ # localfile
+ $ossec_local_files = $::wazuh::params_agent::default_local_files
+
+ #syscheck
+ $ossec_syscheck_disabled = 'no'
+ $ossec_syscheck_frequency = '43200'
+ $ossec_syscheck_scan_on_start = 'yes'
+ $ossec_syscheck_alert_new_files = undef
+ $ossec_syscheck_auto_ignore = undef
+ $ossec_syscheck_directories_1 = '/etc,/usr/bin,/usr/sbin'
+ $ossec_syscheck_directories_2 = '/bin,/sbin,/boot'
+ $ossec_syscheck_ignore_list = ['/etc/mtab',
+ '/etc/hosts.deny',
+ '/etc/mail/statistics',
+ '/etc/random-seed',
+ '/etc/random.seed',
+ '/etc/adjtime',
+ '/etc/httpd/logs',
+ '/etc/utmpx',
+ '/etc/wtmpx',
+ '/etc/cups/certs',
+ '/etc/dumpdates',
+ '/etc/svc/volatile',
+ '/sys/kernel/security',
+ '/sys/kernel/debug',
+ '/dev/core',
+ ]
+ $ossec_syscheck_ignore_type_1 = '^/proc'
+ $ossec_syscheck_ignore_type_2 = ".log$|.swp$"
+
+
+ $ossec_syscheck_nodiff = '/etc/ssl/private.key'
+ $ossec_syscheck_skip_nfs = 'yes'
+
+
+ # others
+
+ $selinux = false
+
+ $manage_repo = true
+
+ case $::osfamily {
+ 'Debian': {
+
+ $agent_service = 'wazuh-agent'
+ $agent_package = 'wazuh-agent'
+ $service_has_status = false
+ $ossec_service_provider = undef
+ $api_service_provider = undef
+ $default_local_files = [
+ { 'location' => '/var/log/syslog' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/kern.log' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/auth.log' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/dpkg.log', 'log_format' => 'syslog'},
+ { 'location' => '/var/ossec/logs/active-responses.log', 'log_format' => 'syslog'},
+ { 'location' => '/var/log/messages' , 'log_format' => 'syslog'},
+ ]
+ case $::lsbdistcodename {
+ 'xenial': {
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $wodle_openscap_content = {
+ 'ssg-ubuntu-1604-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_common'],
+ },'cve-ubuntu-xenial-oval.xml' => {
+ 'type' => 'oval'
+ }
+ }
+ }
+ 'jessie': {
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $wodle_openscap_content = {
+ 'ssg-debian-8-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_common'],
+ },
+ 'cve-debian-8-oval.xml' => {
+ 'type' => 'oval',
+ }
+ }
+ }
+ /^(wheezy|stretch|sid|precise|trusty|vivid|wily|xenial|bionic)$/: {
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $wodle_openscap_content = undef
+ }
+ default: {
+ fail("Module ${module_name} is not supported on ${::operatingsystem}")
+ }
+ }
+
+ }
+ 'RedHat': {
+
+ $agent_service = 'wazuh-agent'
+ $agent_package = 'wazuh-agent'
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $service_has_status = true
+
+ $default_local_files =[
+ { 'location' => '/var/log/audit/audit.log' , 'log_format' => 'audit'},
+ { 'location' => '/var/ossec/logs/active-responses.log' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/messages', 'log_format' => 'syslog'},
+ { 'location' => '/var/log/secure' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/maillog' , 'log_format' => 'syslog'},
+ ]
+ case $::operatingsystem {
+ 'Amazon': {
+ # Amazon is based on Centos-6 with some improvements
+ # taken from RHEL-7 but uses SysV-Init, not Systemd.
+ # Probably best to leave this undef until we can
+ # write/find a release-specific file.
+ $wodle_openscap_content = undef
+ }
+ 'CentOS': {
+
+ if ( $::operatingsystemrelease =~ /^6.*/ ) {
+ $ossec_service_provider = 'redhat'
+ $api_service_provider = 'redhat'
+ $wodle_openscap_content = {
+ 'ssg-centos-6-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',]
+ }
+ }
+ }
+ if ( $::operatingsystemrelease =~ /^7.*/ ) {
+ $ossec_service_provider = 'systemd'
+ $api_service_provider = 'systemd'
+ $wodle_openscap_content = {
+ 'ssg-centos-7-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',]
+ }
+ }
+ }
+ }
+ /^(RedHat|OracleLinux)$/: {
+ if ( $::operatingsystemrelease =~ /^6.*/ ) {
+ $ossec_service_provider = 'redhat'
+ $api_service_provider = 'redhat'
+ $wodle_openscap_content = {
+ 'ssg-rhel-6-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',]
+ },
+ 'cve-redhat-6-ds.xml' => {
+ 'type' => 'xccdf',
+ }
+ }
+ }
+ if ( $::operatingsystemrelease =~ /^7.*/ ) {
+ $ossec_service_provider = 'systemd'
+ $api_service_provider = 'systemd'
+ $wodle_openscap_content = {
+ 'ssg-rhel-7-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',]
+ },
+ 'cve-redhat-7-ds.xml' => {
+ 'type' => 'xccdf',
+ }
+ }
+ }
+ }
+ 'Fedora': {
+ if ( $::operatingsystemrelease =~ /^(23|24|25).*/ ) {
+ $ossec_service_provider = 'redhat'
+ $api_service_provider = 'redhat'
+ $wodle_openscap_content = {
+ 'ssg-fedora-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_standard', 'xccdf_org.ssgproject.content_profile_common',]
+ },
+ }
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+ }
+ 'windows': {
+ $config_file = regsubst(sprintf('c:/Program Files (x86)/ossec-agent/ossec.conf'), '\\\\', '/')
+ $shared_agent_config_file = regsubst(sprintf('c:/Program Files (x86)/ossec-agent/shared/agent.conf'), '\\\\', '/')
+ $config_owner = 'Administrator'
+ $config_group = 'Administrators'
+ $download_path = 'C:/'
+ $manage_firewall = false
+
+ $keys_file = regsubst(sprintf('c:/Program Files (x86)/ossec-agent/client.keys'), '\\\\', '/')
+ $keys_mode = '0440'
+ $keys_owner = 'Administrator'
+ $keys_group = 'Administrators'
+
+ $agent_service = 'OssecSvc'
+ $agent_package = 'Wazuh Agent 3.10.2'
+ $server_service = ''
+ $server_package = ''
+ $api_service = ''
+ $api_package = ''
+ $service_has_status = true
+
+ # TODO
+ $validate_cmd_conf = undef
+ # Pushed by shared agent config now
+ $default_local_files = [
+ {'location' => 'Security' , 'log_format' => 'eventchannel',
+ 'query' => 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658\
+ and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID!= 4703 and EventID != 4907]'},
+ {'location' => 'System' , 'log_format' => 'eventlog' },
+ {'location' => 'active-response\active-responses.log' , 'log_format' => 'syslog' },
+ ]
+
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/params_elastic.pp b/modules/services/unix/logging/wazuh/manifests/params_elastic.pp
new file mode 100644
index 000000000..2bcf11f22
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/params_elastic.pp
@@ -0,0 +1,26 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Elastic configuration parameters
+class wazuh::params_elastic {
+ $elasticsearch_service = 'elasticsearch'
+ $elasticsearch_package = 'elasticsearch'
+ $config_owner = 'elasticsearch'
+ $config_group = 'elasticsearch'
+ $config_mode = '0640'
+
+ $elasticsearch_cluster_name = 'es-wazuh'
+ $elasticsearch_node_name = 'es-node-01'
+ $elasticsearch_node_master = true
+ $elasticsearch_node_data = true
+ $elasticsearch_node_ingest = true
+ $elasticsearch_node_max_local_storage_nodes = '1'
+
+ $elasticsearch_path_data = '/var/lib/elasticsearch'
+ $elasticsearch_path_logs = '/var/log/elasticsearch'
+
+
+ $elasticsearch_ip = 'localhost'
+ $elastcisearch_port = 9200
+ $elasticsearch_discovery_option = 'discovery.type: single-node'
+ $elasticsearch_cluster_initial_master_nodes = "#cluster.initial_master_nodes: ['es-node-01']"
+
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/params_manager.pp b/modules/services/unix/logging/wazuh/manifests/params_manager.pp
new file mode 100644
index 000000000..d16e96225
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/params_manager.pp
@@ -0,0 +1,435 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Paramas file
+class wazuh::params_manager {
+ case $::kernel {
+ 'Linux': {
+
+ # Installation
+ $server_package_version = '3.3.1-1'
+ $manage_repos = true
+ $manage_firewall = false
+
+ ### Ossec.conf blocks
+
+ ## Global
+ $ossec_emailnotification = false
+ $ossec_emailto = []
+ $ossec_smtp_server = 'smtp.example.wazuh.com'
+ $ossec_emailfrom = 'ossecm@example.wazuh.com'
+ $ossec_email_maxperhour = 12
+ $ossec_email_idsname = undef
+ $ossec_white_list = ['127.0.0.1','^localhost.localdomain$','10.0.0.2']
+ $ossec_alert_level = 3
+ $ossec_email_alert_level = 12
+ $ossec_remote_connection = 'secure'
+ $ossec_remote_port = 1514
+ $ossec_remote_protocol = 'udp'
+ $ossec_remote_queue_size = 131072
+
+ # ossec.conf generation parameters
+
+ $configure_rootcheck = true # TODO: WAS true
+ $configure_wodle_openscap = false # TODO: WAS true
+ $configure_wodle_cis_cat = false # TODO: WAS true
+ $configure_wodle_osquery = false # TODO: WAS true
+ $configure_wodle_syscollector = false # TODO: WAS true
+ $configure_vulnerability_detector = false # TODO: WAS true
+ $configure_sca = false # TODO: WAS true
+ $configure_syscheck = true
+ $configure_command = true
+ $configure_localfile = true
+ $configure_ruleset = true
+ $configure_auth = true
+ $configure_cluster = true
+ $configure_active_response = false
+
+
+ # ossec.conf templates paths
+ $ossec_manager_template = 'wazuh/wazuh_manager.conf.erb'
+ $ossec_rootcheck_template = 'wazuh/fragments/_rootcheck.erb'
+ $ossec_wodle_openscap_template = 'wazuh/fragments/_wodle_openscap.erb'
+ $ossec_wodle_cis_cat_template = 'wazuh/fragments/_wodle_cis_cat.erb'
+ $ossec_wodle_osquery_template = 'wazuh/fragments/_wodle_osquery.erb'
+ $ossec_wodle_syscollector_template = 'wazuh/fragments/_wodle_syscollector.erb'
+ $ossec_wodle_vulnerability_detector_template = 'wazuh/fragments/_wodle_vulnerability_detector.erb'
+ $ossec_sca_template = 'wazuh/fragments/_sca.erb'
+ $ossec_syscheck_template = 'wazuh/fragments/_syscheck.erb'
+ $ossec_default_commands_template = 'wazuh/default_commands.erb'
+ $ossec_localfile_template = 'wazuh/fragments/_localfile.erb'
+ $ossec_ruleset_template = 'wazuh/fragments/_ruleset.erb'
+ $ossec_auth_template = 'wazuh/fragments/_auth.erb'
+ $ossec_cluster_template = 'wazuh/fragments/_cluster.erb'
+ $ossec_active_response_template = 'wazuh/fragments/_default_activeresponse.erb'
+
+ ## Rootcheck
+
+ $ossec_rootcheck_disabled = 'no'
+ $ossec_rootcheck_check_files = 'yes'
+ $ossec_rootcheck_check_trojans = 'yes'
+ $ossec_rootcheck_check_dev = 'yes'
+ $ossec_rootcheck_check_sys = 'yes'
+ $ossec_rootcheck_check_pids = 'yes'
+ $ossec_rootcheck_check_ports = 'yes'
+ $ossec_rootcheck_check_if = 'yes'
+ $ossec_rootcheck_frequency = 43200
+ $ossec_rootcheck_rootkit_files = '/var/ossec/etc/rootcheck/rootkit_files.txt'
+ $ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/rootcheck/rootkit_trojans.txt'
+ $ossec_rootcheck_skip_nfs = 'yes'
+
+ ## Wodles
+
+ #openscap
+ $wodle_openscap_disabled = true
+ $wodle_openscap_timeout = '1800'
+ $wodle_openscap_interval = '1d'
+ $wodle_openscap_scan_on_start = 'yes'
+
+ #cis-cat
+ $wodle_ciscat_disabled = true
+ $wodle_ciscat_timeout = '1800'
+ $wodle_ciscat_interval = '1d'
+ $wodle_ciscat_scan_on_start = 'yes'
+ $wodle_ciscat_java_path = 'wodles/java'
+ $wodle_ciscat_ciscat_path = 'wodles/ciscat'
+
+ #osquery
+
+ $wodle_osquery_disabled = true
+ $wodle_osquery_run_daemon = 'yes'
+ $wodle_osquery_log_path = '/var/log/osquery/osqueryd.results.log'
+ $wodle_osquery_config_path = '/etc/osquery/osquery.conf'
+ $wodle_osquery_add_labels = 'yes'
+
+ #syscollector
+ $wodle_syscollector_disabled = true
+ $wodle_syscollector_interval = '1h'
+ $wodle_syscollector_scan_on_start = 'yes'
+ $wodle_syscollector_hardware = 'yes'
+ $wodle_syscollector_os = 'yes'
+ $wodle_syscollector_network = 'yes'
+ $wodle_syscollector_packages = 'yes'
+ $wodle_syscollector_ports = 'yes'
+ $wodle_syscollector_processes = 'yes'
+
+ #vulnerability-detector
+
+ $wodle_vulnerability_detector_disabled = true
+ $wodle_vulnerability_detector_interval = '5m'
+ $wodle_vulnerability_detector_ignore_time = '6h'
+ $wodle_vulnerability_detector_run_on_start = 'yes'
+ $wodle_vulnerability_detector_ubuntu_disabled = 'yes'
+ $wodle_vulnerability_detector_ubuntu_update = '1h'
+ $wodle_vulnerability_detector_redhat_disable = 'yes'
+ $wodle_vulnerability_detector_redhat_update_from = '2010'
+ $wodle_vulnerability_detector_redhat_update = '1h'
+ $wodle_vulnerability_detector_debian_9_disable = 'yes'
+ $wodle_vulnerability_detector_debian_9_update = '1h'
+
+ # syslog
+
+ $syslog_output = false
+ $syslog_output_level = 2
+ $syslog_output_port = 514
+ $syslog_output_server = undef
+ $syslog_output_format = undef
+
+ # Authd configuration
+
+ $ossec_auth_disabled = 'no'
+ $ossec_auth_port = 1515
+ $ossec_auth_use_source_ip = 'yes'
+ $ossec_auth_force_insert = 'yes'
+ $ossec_auth_force_time = 0
+ $ossec_auth_purgue = 'yes'
+ $ossec_auth_use_password = 'no'
+ $ossec_auth_limit_maxagents = 'yes'
+ $ossec_auth_ciphers = 'HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH'
+ $ossec_auth_ssl_verify_host = 'no'
+ $ossec_auth_ssl_manager_cert = '/var/ossec/etc/sslmanager.cert'
+ $ossec_auth_ssl_manager_key = '/var/ossec/etc/sslmanager.key'
+ $ossec_auth_ssl_auto_negotiate = 'no'
+
+
+ # syscheck
+
+ $ossec_syscheck_disabled = 'no'
+ $ossec_syscheck_frequency = '43200'
+ $ossec_syscheck_scan_on_start = 'yes'
+ $ossec_syscheck_alert_new_files = 'yes'
+ $ossec_syscheck_auto_ignore = 'no'
+ $ossec_syscheck_directories_1 = '/etc,/usr/bin,/usr/sbin'
+ $ossec_syscheck_directories_2 = '/bin,/sbin,/boot'
+ $ossec_syscheck_ignore_list = ['/etc/mtab',
+ '/etc/hosts.deny',
+ '/etc/mail/statistics',
+ '/etc/random-seed',
+ '/etc/random.seed',
+ '/etc/adjtime',
+ '/etc/httpd/logs',
+ '/etc/utmpx',
+ '/etc/wtmpx',
+ '/etc/cups/certs',
+ '/etc/dumpdates',
+ '/etc/svc/volatile',
+ '/sys/kernel/security',
+ '/sys/kernel/debug',
+ '/dev/core',
+ ]
+ $ossec_syscheck_ignore_type_1 = '^/proc'
+ $ossec_syscheck_ignore_type_2 = ".log$|.swp$"
+
+
+ $ossec_syscheck_nodiff = '/etc/ssl/private.key'
+ $ossec_syscheck_skip_nfs = 'yes'
+
+ # Cluster
+
+ $ossec_cluster_name = 'wazuh'
+ $ossec_cluster_node_name = 'node01'
+ $ossec_cluster_node_type = 'master'
+ $ossec_cluster_key = 'KEY'
+ $ossec_cluster_port = '1516'
+ $ossec_cluster_bind_addr = '0.0.0.0'
+ $ossec_cluster_nodes = ['NODE_IP']
+ $ossec_cluster_hidden = 'no'
+ $ossec_cluster_disabled = 'yes'
+
+ $ossec_cluster_enable_firewall = 'no'
+
+
+ #----- End of ossec.conf parameters -------
+
+ $ossec_prefilter = false
+ $ossec_integratord_enabled = false
+
+
+ $manage_client_keys = 'yes'
+ $agent_auth_password = undef
+ $ar_repeated_offenders = ''
+
+ $local_decoder_template = 'wazuh/local_decoder.xml.erb'
+ $decoder_exclude = []
+ $local_rules_template = 'wazuh/local_rules.xml.erb'
+ $rule_exclude = []
+ $shared_agent_template = 'wazuh/ossec_shared_agent.conf.erb'
+
+ $wazuh_manager_verify_manager_ssl = false
+ $wazuh_manager_server_crt = undef
+ $wazuh_manager_server_key = undef
+
+
+ ## Wazuh config folders and modes
+
+ $config_file = '/var/ossec/etc/ossec.conf'
+ $shared_agent_config_file = '/var/ossec/etc/shared/agent.conf'
+
+ $config_mode = '0640'
+ $config_owner = 'root'
+ $config_group = 'ossec'
+
+ $keys_file = '/var/ossec/etc/client.keys'
+ $keys_mode = '0640'
+ $keys_owner = 'root'
+ $keys_group = 'ossec'
+
+
+ $authd_pass_file = '/var/ossec/etc/authd.pass'
+
+ $validate_cmd_conf = '/var/ossec/bin/verify-agent-conf -f %'
+
+ $processlist_file = '/var/ossec/bin/.process_list'
+ $processlist_mode = '0640'
+ $processlist_owner = 'root'
+ $processlist_group = 'ossec'
+
+
+ case $::osfamily {
+ 'Debian': {
+
+ $agent_service = 'wazuh-agent'
+ $agent_package = 'wazuh-agent'
+ $service_has_status = false
+ $ossec_service_provider = undef
+ $api_service_provider = undef
+ $default_local_files = [
+ { 'location' => '/var/log/syslog' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/kern.log' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/auth.log' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/dpkg.log', 'log_format' => 'syslog'},
+ { 'location' => '/var/ossec/logs/active-responses.log', 'log_format' => 'syslog'},
+ { 'location' => '/var/log/messages' , 'log_format' => 'syslog'},
+ ]
+ case $::lsbdistcodename {
+ 'xenial': {
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $wodle_openscap_content = {
+ 'ssg-ubuntu-1604-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_common'],
+ },'cve-ubuntu-xenial-oval.xml' => {
+ 'type' => 'oval'
+ }
+ }
+ }
+ 'jessie': {
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $wodle_openscap_content = {
+ 'ssg-debian-8-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_common'],
+ },
+ 'cve-debian-8-oval.xml' => {
+ 'type' => 'oval',
+ }
+ }
+ }
+ /^(wheezy|stretch|sid|precise|trusty|vivid|wily|xenial|bionic)$/: {
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $wodle_openscap_content = undef
+ }
+ default: {
+ fail("Module ${module_name} is not supported on ${::operatingsystem}")
+ }
+ }
+
+ }
+ 'RedHat': {
+
+ $agent_service = 'wazuh-agent'
+ $agent_package = 'wazuh-agent'
+ $server_service = 'wazuh-manager'
+ $server_package = 'wazuh-manager'
+ $api_service = 'wazuh-api'
+ $api_package = 'wazuh-api'
+ $service_has_status = true
+
+ $default_local_files =[
+ { 'location' => '/var/log/audit/audit.log' , 'log_format' => 'audit'},
+ { 'location' => '/var/ossec/logs/active-responses.log' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/messages', 'log_format' => 'syslog'},
+ { 'location' => '/var/log/secure' , 'log_format' => 'syslog'},
+ { 'location' => '/var/log/maillog' , 'log_format' => 'apache'},
+ ]
+ case $::operatingsystem {
+ 'Amazon': {
+ $ossec_service_provider = 'systemd'
+ $api_service_provider = 'systemd'
+ # Amazon is based on Centos-6 with some improvements
+ # taken from RHEL-7 but uses SysV-Init, not Systemd.
+ # Probably best to leave this undef until we can
+ # write/find a release-specific file.
+ $wodle_openscap_content = undef
+ }
+ 'CentOS': {
+ if ( $::operatingsystemrelease =~ /^6.*/ ) {
+ $ossec_service_provider = 'redhat'
+ $api_service_provider = 'redhat'
+ $wodle_openscap_content = {
+ 'ssg-centos-6-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',]
+ }
+ }
+ }
+ if ( $::operatingsystemrelease =~ /^7.*/ ) {
+ $ossec_service_provider = 'systemd'
+ $api_service_provider = 'systemd'
+ $wodle_openscap_content = {
+ 'ssg-centos-7-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',]
+ }
+ }
+ }
+ }
+ /^(RedHat|OracleLinux)$/: {
+ if ( $::operatingsystemrelease =~ /^6.*/ ) {
+ $ossec_service_provider = 'redhat'
+ $api_service_provider = 'redhat'
+ $wodle_openscap_content = {
+ 'ssg-rhel-6-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_server',]
+ },
+ 'cve-redhat-6-ds.xml' => {
+ 'type' => 'xccdf',
+ }
+ }
+ }
+ if ( $::operatingsystemrelease =~ /^7.*/ ) {
+ $ossec_service_provider = 'systemd'
+ $api_service_provider = 'systemd'
+ $wodle_openscap_content = {
+ 'ssg-rhel-7-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_pci-dss', 'xccdf_org.ssgproject.content_profile_common',]
+ },
+ 'cve-redhat-7-ds.xml' => {
+ 'type' => 'xccdf',
+ }
+ }
+ }
+ }
+ 'Fedora': {
+ if ( $::operatingsystemrelease =~ /^(23|24|25).*/ ) {
+ $ossec_service_provider = 'redhat'
+ $api_service_provider = 'redhat'
+ $wodle_openscap_content = {
+ 'ssg-fedora-ds.xml' => {
+ 'type' => 'xccdf',
+ profiles => ['xccdf_org.ssgproject.content_profile_standard', 'xccdf_org.ssgproject.content_profile_common',]
+ },
+ }
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+ }
+ 'windows': {
+ $config_file = regsubst(sprintf('c:/Program Files (x86)/ossec-agent/ossec.conf'), '\\\\', '/')
+ $shared_agent_config_file = regsubst(sprintf('c:/Program Files (x86)/ossec-agent/shared/agent.conf'), '\\\\', '/')
+ $config_owner = 'Administrator'
+ $config_group = 'Administrators'
+
+ $manage_firewall = false
+
+ $keys_file = regsubst(sprintf('c:/Program Files (x86)/ossec-agent/client.keys'), '\\\\', '/')
+ $keys_mode = '0440'
+ $keys_owner = 'Administrator'
+ $keys_group = 'Administrators'
+
+ $agent_service = 'OssecSvc'
+ $agent_package = 'Wazuh Agent 3.10.2'
+ $server_service = ''
+ $server_package = ''
+ $api_service = ''
+ $api_package = ''
+ $service_has_status = true
+
+ # TODO
+ $validate_cmd_conf = undef
+ # Pushed by shared agent config now
+ $default_local_files = [
+ {'location' => 'Security' , 'log_format' => 'eventchannel',
+ 'query' => 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658\
+ and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID!= 4703 and EventID != 4907]'},
+ {'location' => 'System' , 'log_format' => 'eventlog' },
+ {'location' => 'active-response\active-responses.log' , 'log_format' => 'syslog' },
+ ]
+
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/repo.pp b/modules/services/unix/logging/wazuh/manifests/repo.pp
new file mode 100644
index 000000000..130098a75
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/repo.pp
@@ -0,0 +1,60 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh repository installation
+class wazuh::repo (
+) {
+
+ case $::osfamily {
+ 'Debian' : {
+ if ! defined(Package['apt-transport-https']) {
+ ensure_packages(['apt-transport-https'], {'ensure' => 'present'})
+ }
+ # apt-key added by issue #34
+ apt::key { 'wazuh':
+ id => '0DCFCA5547B19D2A6099506096B3EE5F29111145',
+ source => 'https://packages.wazuh.com/key/GPG-KEY-WAZUH',
+ server => 'pgp.mit.edu'
+ }
+ case $::lsbdistcodename {
+ /(jessie|wheezy|stretch|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: {
+
+ apt::source { 'wazuh':
+ ensure => present,
+ comment => 'This is the WAZUH Ubuntu repository',
+ location => 'https://packages.wazuh.com/3.x/apt',
+ release => 'stable',
+ repos => 'main',
+ include => {
+ 'src' => false,
+ 'deb' => true,
+ },
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') }
+ }
+ }
+ 'Linux', 'Redhat' : {
+ case $::os[name] {
+ /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: {
+ if ( $::operatingsystemrelease =~ /^5.*/ ) {
+ $baseurl = 'https://packages.wazuh.com/3.x/yum/5/'
+ $gpgkey = 'http://packages.wazuh.com/key/GPG-KEY-WAZUH-5'
+ } else {
+ $baseurl = 'https://packages.wazuh.com/3.x/yum/'
+ $gpgkey = 'https://packages.wazuh.com/key/GPG-KEY-WAZUH'
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution.') }
+ }
+ # Set up OSSEC repo
+ yumrepo { 'wazuh':
+ descr => 'WAZUH OSSEC Repository - www.wazuh.com',
+ enabled => true,
+ gpgcheck => 1,
+ gpgkey => $gpgkey,
+ baseurl => $baseurl
+ }
+
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/repo_elastic.pp b/modules/services/unix/logging/wazuh/manifests/repo_elastic.pp
new file mode 100644
index 000000000..2ce515ba6
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/repo_elastic.pp
@@ -0,0 +1,69 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Installation of Elastic repository
+class wazuh::repo_elastic (
+
+) {
+ case $::osfamily {
+ 'Debian' : {
+ if ! defined(Package['apt-transport-https']) {
+ ensure_packages(['apt-transport-https'], {'ensure' => 'present'})
+ }
+ # apt-key added by issue #34
+ apt::key { 'elastic':
+ id => '46095ACC8548582C1A2699A9D27D666CD88E42B4',
+ source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+ }
+ case $::lsbdistcodename {
+ /(jessie|wheezy|stretch|sid|precise|trusty|vivid|wily|xenial|yakketi|bionic)/: {
+
+ apt::source { 'wazuh_elastic':
+ ensure => present,
+ comment => 'This is the Elastic repository',
+ location => 'https://artifacts.elastic.co/packages/7.x/apt',
+ release => 'stable',
+ repos => 'main',
+ include => {
+ 'src' => false,
+ 'deb' => true,
+ },
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution (or lsb package not installed)') }
+ }
+ }
+ 'Redhat' : {
+ case $::os[name] {
+ /^(CentOS|RedHat|OracleLinux|Fedora|Amazon)$/: {
+ if ( $::operatingsystemrelease =~ /^5.*/ ) {
+ $baseurl = 'https://artifacts.elastic.co/packages/7.x/yum'
+ $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+ } else {
+ $baseurl = 'https://artifacts.elastic.co/packages/7.x/yum'
+ $gpgkey = 'https://artifacts.elastic.co/GPG-KEY-elasticsearch'
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution.') }
+ }
+ ## Set up Elasticsearch repo
+
+ # Import GPG key
+
+ exec { 'Install Elasticsearch GPG key':
+ path => '/usr/bin',
+ command => 'rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch',
+ }
+
+ # Adding repo by Puppet yumrepo resource
+
+ yumrepo { 'elasticsearch':
+ ensure => 'present',
+ enabled => 1,
+ gpgcheck => 1,
+ gpgkey => $gpgkey,
+ baseurl => $baseurl,
+ name => 'elasticsearch',
+ }
+ }
+ default: { fail('This ossec module has not been tested on your distribution') }
+ }
+ }
diff --git a/modules/services/unix/logging/wazuh/manifests/reports.pp b/modules/services/unix/logging/wazuh/manifests/reports.pp
new file mode 100644
index 000000000..bca48d333
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/reports.pp
@@ -0,0 +1,23 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+#Define for a Reports section
+define wazuh::reports(
+ Optional[String] $r_group = undef,
+ Optional[String] $r_category = undef,
+ Optional[Integer] $r_rule = undef,
+ Optional[Integer[1,16]] $r_level = undef,
+ Optional[String] $r_location = undef,
+ Optional[String] $r_srcip = undef,
+ Optional[String] $r_user = undef,
+ String $r_title = '',
+ String $r_email_to = '',
+ Optional[Enum['yes', 'no']] $r_showlogs = undef,
+) {
+
+ require wazuh::params_manager
+
+ concat::fragment { $name:
+ target => 'ossec.conf',
+ order => 70,
+ content => template('wazuh/fragments/_reports.erb')
+ }
+}
diff --git a/modules/services/unix/logging/wazuh/manifests/wazuh_api.pp b/modules/services/unix/logging/wazuh/manifests/wazuh_api.pp
new file mode 100644
index 000000000..acd3e35d7
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/manifests/wazuh_api.pp
@@ -0,0 +1,49 @@
+# Wazuh App Copyright (C) 2019 Wazuh Inc. (License GPLv2)
+# Wazuh API installation
+class wazuh::wazuh_api (
+
+ $wazuh_api_package = 'wazuh-api',
+ $wazuh_api_service = 'wazuh-api',
+ $wazuh_api_version = '3.10.2-1',
+
+ $nodejs_package = 'nodejs'
+
+){
+
+ if $::osfamily == 'Debian' {
+ exec { 'Updating repositories...':
+ path => '/usr/bin',
+ command => 'curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -',
+
+ }
+ package { $nodejs_package:
+ provider => 'apt',
+ }
+ package { $wazuh_api_package:
+ ensure => $wazuh_api_version,
+ provider => 'apt',
+ }
+
+ }else{
+ exec { 'Updating repositories...':
+ path => '/usr/bin',
+ command => 'curl --silent --location https://rpm.nodesource.com/setup_8.x | bash -',
+
+ }
+ package { $nodejs_package:
+ provider => 'yum',
+ }
+ package { $wazuh_api_package:
+ ensure => $wazuh_api_version,
+ provider => 'yum',
+ }
+ }
+
+ service { 'wazuh-api':
+ ensure => running,
+ enable => true,
+ provider => 'systemd',
+ }
+
+
+}
diff --git a/modules/services/unix/logging/wazuh/metadata.json b/modules/services/unix/logging/wazuh/metadata.json
new file mode 100644
index 000000000..5cad9f167
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/metadata.json
@@ -0,0 +1,111 @@
+{
+ "name": "wazuh-wazuh",
+ "version": "3.10.2",
+ "author": "WAZUH",
+ "summary": "Install and configure Wazuh-HIDS client and server",
+ "license": "Apache-2.0",
+ "source": "https://github.com/wazuh/wazuh-puppet",
+ "project_page": "https://github.com/wazuh/wazuh-puppet",
+ "issues_url": "https://github.com/wazuh/wazuh-puppet/issues",
+ "dependencies": [
+ {
+ "name": "puppetlabs/stdlib",
+ "version_requirement": ">= 1.0.0 < 7.0.0"
+ },
+ {
+ "name": "puppetlabs/concat",
+ "version_requirement": ">= 1.0.0 < 7.0.0"
+ },
+ {
+ "name": "puppetlabs/apt",
+ "version_requirement": ">= 2.0.0 < 8.0.0"
+ },
+ {
+ "name": "puppet/selinux",
+ "version_requirement": ">= 0.8.0 < 4.0.0"
+ },
+ {
+ "name": "puppet/nodejs",
+ "version_requirement": ">= 3.0.0 < 8.0.0"
+ },
+ {
+ "name": "puppetlabs/firewall",
+ "version_requirement": ">= 1.7.0 < 3.0.0"
+ }
+ ],
+ "operatingsystem_support": [
+ {
+ "operatingsystem": "Windows",
+ "operatingsystemrelease": [
+ "Server 2003 R2",
+ "Server 2008 R2",
+ "Server 2012",
+ "Server 2016",
+ "Server 2012 R2",
+ "Windows 2008",
+ "Windows 10"
+ ]
+ },
+ {
+ "operatingsystem": "CentOS",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "RedHat",
+ "operatingsystemrelease": [
+ "5",
+ "6",
+ "7"
+ ]
+ },
+ {
+ "operatingsystem": "Fedora",
+ "operatingsystemrelease": [
+ "22",
+ "23",
+ "24",
+ "25"
+ ]
+ },
+ {
+ "operatingsystem": "Ubuntu",
+ "operatingsystemrelease": [
+ "Precise",
+ "Trusty",
+ "Vivid",
+ "Wily",
+ "Xenial",
+ "Yakketi",
+ "Bionic"
+ ]
+ },
+ {
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "Wheezy",
+ "Jessie",
+ "Stretch",
+ "Sid"
+ ]
+ }
+ ],
+ "requirements": [
+ {
+ "name": "puppet",
+ "version_requirement": ">= 6.0.0 < 7.0.0"
+ }
+ ],
+ "tags": [
+ "ossec",
+ "hids",
+ "3.10",
+ "wazuh"
+ ],
+ "pdk-version": "1.10.0",
+ "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git#1.10.0",
+ "template-ref": "1.10.0-0-gbba9ac3"
+}
diff --git a/modules/services/unix/logging/wazuh/secgen_metadata.xml b/modules/services/unix/logging/wazuh/secgen_metadata.xml
new file mode 100644
index 000000000..3208d0e33
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/secgen_metadata.xml
@@ -0,0 +1,36 @@
+
+
+
+ Wazuh
+ Thomas Shaw
+ Wazuh
+ Apache v2
+ TODO
+
+ log_tool
+ linux
+
+ wazuh_component
+ wazuh_agent_name
+ server_address
+
+
+
+ agent
+
+
+
+ agent
+
+
+
+ update
+
+
+
+ .*handy_cli_tools
+
+
+
diff --git a/modules/services/unix/logging/wazuh/spec/classes/client_spec.rb b/modules/services/unix/logging/wazuh/spec/classes/client_spec.rb
new file mode 100644
index 000000000..3328f0351
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/spec/classes/client_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+describe 'wazuh::agent' do
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge(concat_basedir: '/dummy')
+ end
+
+ context 'with defaults for all parameters' do
+ it do
+ expect { is_expected.to compile.with_all_deps }.to raise_error(%r{must pass either})
+ end
+ end
+
+ context 'with ossec_ip' do
+ let(:params) do
+ {
+ ossec_ip: '127.0.0.1',
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('wazuh::agent') }
+ it { is_expected.not_to contain_Concat__Fragment('ossec.conf_10').with_content(%r{/local.test<\/server-hostname>/}) }
+ it { is_expected.to contain_Concat__Fragment('ossec.conf_10').with_content(%r{/127.0.0.1<\/server-ip>/}) }
+ end
+
+ context 'with ossec_server_hostname' do
+ let(:params) do
+ {
+ ossec_server_hostname: 'local.test',
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('wazuh::wazuh-agent') }
+ it { is_expected.not_to contain_Concat__Fragment('ossec.conf_10').with_content(%r{/127.0.0.1<\/server-ip>/}) }
+ it { is_expected.to contain_Concat__Fragment('ossec.conf_10').with_content(%r{/local.test<\/server-hostname>/}) }
+ end
+ end
+ end
+end
diff --git a/modules/services/unix/logging/wazuh/spec/classes/init_spec.rb b/modules/services/unix/logging/wazuh/spec/classes/init_spec.rb
new file mode 100644
index 000000000..629770e5e
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/spec/classes/init_spec.rb
@@ -0,0 +1,13 @@
+require 'spec_helper'
+describe 'ossec' do
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) { facts }
+
+ context 'with defaults for all parameters' do
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('ossec') }
+ end
+ end
+ end
+end
diff --git a/modules/services/unix/logging/wazuh/spec/classes/server_spec.rb b/modules/services/unix/logging/wazuh/spec/classes/server_spec.rb
new file mode 100644
index 000000000..c0682ff47
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/spec/classes/server_spec.rb
@@ -0,0 +1,27 @@
+require 'spec_helper'
+describe 'wazuh::manager' do
+ on_supported_os.each do |os, facts|
+ context "on #{os}" do
+ let(:facts) do
+ facts.merge(concat_basedir: '/dummy')
+ end
+
+ context 'with defaults for all parameters' do
+ it do
+ expect { is_expected.to compile.with_all_deps }.to raise_error(%r{Must pass smtp_server})
+ end
+ end
+ context 'with valid paramaters' do
+ let(:params) do
+ {
+ smtp_server: '127.0.0.1',
+ ossec_emailto: 'root@localhost.localdomain',
+ }
+ end
+
+ it { is_expected.to compile.with_all_deps }
+ it { is_expected.to contain_class('wazuh::manager') }
+ end
+ end
+ end
+end
diff --git a/modules/services/unix/logging/wazuh/spec/spec_helper.rb b/modules/services/unix/logging/wazuh/spec/spec_helper.rb
new file mode 100644
index 000000000..93b25ecbd
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/spec/spec_helper.rb
@@ -0,0 +1,47 @@
+require 'puppetlabs_spec_helper/module_spec_helper'
+require 'rspec-puppet-facts'
+
+require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
+
+include RspecPuppetFacts
+
+default_facts = {
+ puppetversion: Puppet.version,
+ facterversion: Facter.version,
+}
+
+default_fact_files = [
+ File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml')),
+ File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml')),
+]
+
+default_fact_files.each do |f|
+ next unless File.exist?(f) && File.readable?(f) && File.size?(f)
+
+ begin
+ default_facts.merge!(YAML.safe_load(File.read(f), [], [], true))
+ rescue => e
+ RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
+ end
+end
+
+RSpec.configure do |c|
+ c.default_facts = default_facts
+ c.before :each do
+ # set to strictest setting for testing
+ # by default Puppet runs at warning level
+ Puppet.settings[:strict] = :warning
+ end
+ c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT']
+ c.after(:suite) do
+ end
+end
+
+def ensure_module_defined(module_name)
+ module_name.split('::').reduce(Object) do |last_module, next_module|
+ last_module.const_set(next_module, Module.new) unless last_module.const_defined?(next_module, false)
+ last_module.const_get(next_module, false)
+ end
+end
+
+# 'spec_overrides' from sync.yml will appear below this line
diff --git a/modules/services/unix/logging/wazuh/templates/api/config.js.erb b/modules/services/unix/logging/wazuh/templates/api/config.js.erb
new file mode 100644
index 000000000..bfc14fc0d
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/api/config.js.erb
@@ -0,0 +1,42 @@
+
+var config = {};
+
+// Basic configuration
+<% @api_config_params.each do |config| -%>
+config.<%= config['name'] %> = "<%= config['value'] %>";
+<% end -%>
+
+// Advanced configuration
+
+// Values for API log: disabled, info, warning, error, debug (each level includes the previous level).
+config.logs = "info";
+// Cross-origin resource sharing. Values: yes, no.
+config.cors = "yes";
+// Cache (time in milliseconds)
+config.cache_enabled = "yes";
+config.cache_debug = "no";
+config.cache_time = "750";
+// Log path
+config.log_path = config.ossec_path + "/logs/api.log";
+// Python
+config.python = [
+ // Default installation
+ {
+ bin: "python",
+ lib: ""
+ },
+ // Python 3
+ {
+ bin: "python3",
+ lib: ""
+ },
+ // Package 'python27' for CentOS 6
+ {
+ bin: "/opt/rh/python27/root/usr/bin/python",
+ lib: "/opt/rh/python27/root/usr/lib64"
+ }
+];
+// Shared library path
+config.ld_library_path = config.ossec_path + "/api/framework/lib"
+
+module.exports = config;
diff --git a/modules/services/unix/logging/wazuh/templates/default_commands.erb b/modules/services/unix/logging/wazuh/templates/default_commands.erb
new file mode 100644
index 000000000..6be428693
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/default_commands.erb
@@ -0,0 +1,63 @@
+
+ disable-account
+ disable-account.sh
+ user
+ yes
+
+
+
+ restart-ossec
+ restart-ossec.sh
+
+
+
+
+ firewall-drop
+ firewall-drop.sh
+ srcip
+ yes
+
+
+
+ host-deny
+ host-deny.sh
+ srcip
+ yes
+
+
+
+ route-null
+ route-null.sh
+ srcip
+ yes
+
+
+
+ win_route-null
+ route-null.cmd
+ srcip
+ yes
+
+
+
+ win_route-null-2012
+ route-null-2012.cmd
+ srcip
+ yes
+
+
+
+ netsh
+ netsh.cmd
+ srcip
+ yes
+
+
+
+ netsh-win-2016
+ netsh-win-2016.cmd
+ srcip
+ yes
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/elasticsearch_yml.erb b/modules/services/unix/logging/wazuh/templates/elasticsearch_yml.erb
new file mode 100644
index 000000000..a211b64de
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/elasticsearch_yml.erb
@@ -0,0 +1,89 @@
+# ======================== Elasticsearch Configuration =========================
+#
+# NOTE: Elasticsearch comes with reasonable defaults for most settings.
+# Before you set out to tweak and tune the configuration, make sure you
+# understand what are you trying to accomplish and the consequences.
+#
+# The primary way of configuring a node is via this file. This template lists
+# the most important settings you may want to configure for a production cluster.
+#
+# Please consult the documentation for further information on configuration options:
+# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
+#
+# ---------------------------------- Cluster -----------------------------------
+#
+# Use a descriptive name for your cluster:
+#
+cluster.name: <%= @elasticsearch_cluster_name %>
+#
+# ------------------------------------ Node ------------------------------------
+#
+# Use a descriptive name for the node:
+#
+node.name: <%= @elasticsearch_node_name %>
+#
+# Add custom attributes to the node:
+#
+node.master: <%= @elasticsearch_node_master %>
+#
+# ----------------------------------- Paths ------------------------------------
+#
+# Path to directory where to store the data (separate multiple locations by comma):
+#
+path.data: <%= @elasticsearch_path_data %>
+#
+# Path to log files:
+#
+path.logs: <%= @elasticsearch_path_logs %>
+#
+# ----------------------------------- Memory -----------------------------------
+#
+# Lock the memory on startup:
+#
+#bootstrap.memory_lock: true
+#
+# Make sure that the heap size is set to about half the memory available
+# on the system and that the owner of the process is allowed to use this
+# limit.
+#
+# Elasticsearch performs poorly when the system is swapping the memory.
+#
+# ---------------------------------- Network -----------------------------------
+#
+# Set the bind address to a specific IP (IPv4 or IPv6):
+#
+network.host: <%= @elasticsearch_ip %>
+#
+# Set a custom port for HTTP:
+#
+http.port: <%= @elasticsearch_port %>
+#
+# For more information, consult the network module documentation.
+#
+# --------------------------------- Discovery ----------------------------------
+#
+# Pass an initial list of hosts to perform discovery when this node is started:
+# The default list of hosts is ["127.0.0.1", "[::1]"]
+#
+#discovery.seed_hosts: ["host1", "host2"]
+#
+# Bootstrap the cluster using an initial set of master-eligible nodes:
+#
+<%= @elasticsearch_cluster_initial_master_nodes %>
+<%= @elasticsearch_discovery_option %>
+#
+# For more information, consult the discovery and cluster formation module documentation.
+#
+# ---------------------------------- Gateway -----------------------------------
+#
+# Block initial recovery after a full cluster restart until N nodes are started:
+#
+#gateway.recover_after_nodes: 3
+#
+# For more information, consult the gateway module documentation.
+#
+# ---------------------------------- Various -----------------------------------
+#
+# Require explicit names when deleting indices:
+#
+#action.destructive_requires_name: true
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/filebeat_yml.erb b/modules/services/unix/logging/wazuh/templates/filebeat_yml.erb
new file mode 100644
index 000000000..1dd0e75f9
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/filebeat_yml.erb
@@ -0,0 +1,58 @@
+# Wazuh - Filebeat configuration file
+
+filebeat.inputs:
+ - type: log
+ paths:
+ - '/var/ossec/logs/alerts/alerts.json'
+
+setup.template.json.enabled: true
+setup.template.json.path: "/etc/filebeat/wazuh-template.json"
+setup.template.json.name: "wazuh"
+setup.template.overwrite: true
+
+processors:
+ - decode_json_fields:
+ fields: ['message']
+ process_array: true
+ max_depth: 200
+ target: ''
+ overwrite_keys: true
+ - drop_fields:
+ fields: ['message', 'ecs', 'beat', 'input_type', 'tags', 'count', '@version', 'log', 'offset', 'type', 'host']
+ - rename:
+ fields:
+ - from: "data.aws.sourceIPAddress"
+ to: "@src_ip"
+ ignore_missing: true
+ fail_on_error: false
+ when:
+ regexp:
+ data.aws.sourceIPAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
+ - rename:
+ fields:
+ - from: "data.srcip"
+ to: "@src_ip"
+ ignore_missing: true
+ fail_on_error: false
+ when:
+ regexp:
+ data.srcip: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
+ - rename:
+ fields:
+ - from: "data.win.eventdata.ipAddress"
+ to: "@src_ip"
+ ignore_missing: true
+ fail_on_error: false
+ when:
+ regexp:
+ data.win.eventdata.ipAddress: \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
+
+# Send events directly to Elasticsearch
+output.elasticsearch:
+ hosts: [<%= @elasticsearch_server_ip %>]
+ #pipeline: geoip
+ indices:
+ - index: 'wazuh-alerts-3.x-%{+yyyy.MM.dd}'
+
+# Optional. Send events to Logstash instead of Elasticsearch
+#output.logstash.hosts: ["YOUR_LOGSTASH_SERVER_IP:5000"]
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_activeresponse.erb b/modules/services/unix/logging/wazuh/templates/fragments/_activeresponse.erb
new file mode 100644
index 000000000..44def09eb
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_activeresponse.erb
@@ -0,0 +1,15 @@
+
+ <%= @command_name %>
+ <% if @ar_agent_id != '' -%>
+ <%= @ar_agent_id %>
+ <% end -%>
+ <%= @ar_location %>
+ <%= @ar_level %>
+ <% if !@ar_rules_id.empty? -%>
+ <% @ar_rules_id.each do |ruleid| -%><%= ruleid %>,<% end %>
+ <% end %>
+ <%= @ar_timeout %>
+ <% if @ar_repeated_offenders != '' -%>
+ <%= @ar_repeated_offenders %>
+ <% end -%>
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_auth.erb b/modules/services/unix/logging/wazuh/templates/fragments/_auth.erb
new file mode 100644
index 000000000..49f7bb99c
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_auth.erb
@@ -0,0 +1,18 @@
+
+
+ <%= @ossec_auth_disabled %>
+ <%= @ossec_auth_port %>
+ <%= @ossec_auth_use_source_ip %>
+ <%= @ossec_auth_force_insert %>
+ <%= @ossec_auth_force_time %>
+ <%= @ossec_auth_purgue %>
+ <%= @ossec_auth_use_password %>
+ <%= @ossec_auth_limit_maxagents %>
+ <%= @ossec_auth_ciphers %>
+ <%= @ossec_auth_ssl_verify_host %>
+ <%= @ossec_auth_ssl_manager_cert %>
+ <%= @ossec_auth_ssl_manager_key %>
+ <%= @ossec_auth_ssl_auto_negotiate %>
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_cluster.erb b/modules/services/unix/logging/wazuh/templates/fragments/_cluster.erb
new file mode 100644
index 000000000..90869be25
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_cluster.erb
@@ -0,0 +1,35 @@
+
+ <% if @ossec_cluster_name -%>
+ <%=@ossec_cluster_name%>
+ <% end -%>
+ <% if @ossec_cluster_node_name -%>
+ <%=@ossec_cluster_node_name%>
+ <% end -%>
+ <% if @ossec_cluster_node_type -%>
+ <%=@ossec_cluster_node_type%>
+ <% end -%>
+ <% if @ossec_cluster_key -%>
+ <%=@ossec_cluster_key%>
+ <% end -%>
+ <% if @ossec_cluster_port -%>
+ <%=@ossec_cluster_port%>
+ <% end -%>
+ <% if @ossec_cluster_bind_addr -%>
+ <%=@ossec_cluster_bind_addr%>
+ <% end -%>
+ <% if @ossec_cluster_nodes -%>
+
+ <% @ossec_cluster_nodes.each do |node| -%>
+ <%= node %>
+ <% end -%>
+
+ <% end -%>
+ <% if @ossec_cluster_hidden -%>
+ <%=@ossec_cluster_hidden %>
+ <% end -%>
+ <% if @ossec_cluster_disabled -%>
+ <%=@ossec_cluster_disabled%>
+ <% end -%>
+
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_command.erb b/modules/services/unix/logging/wazuh/templates/fragments/_command.erb
new file mode 100644
index 000000000..e1f7353b1
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_command.erb
@@ -0,0 +1,7 @@
+
+ <%= @command_name %>
+ <%= @command_executable %>
+ <%= @command_expect %>
+ <%= @command_timeout_allowed %>
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_default_activeresponse.erb b/modules/services/unix/logging/wazuh/templates/fragments/_default_activeresponse.erb
new file mode 100644
index 000000000..ef329cc5e
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_default_activeresponse.erb
@@ -0,0 +1,7 @@
+
+ no
+ /var/ossec/etc/wpk_root.pem
+ yes
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_email_alert.erb b/modules/services/unix/logging/wazuh/templates/fragments/_email_alert.erb
new file mode 100644
index 000000000..4b7919186
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_email_alert.erb
@@ -0,0 +1,4 @@
+
+ <%= @alert_email %>
+ <% if @alert_group != false -%><% @alert_group.each do |gr| -%><%= gr %>,<% end %><% end %>
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_integration.erb b/modules/services/unix/logging/wazuh/templates/fragments/_integration.erb
new file mode 100644
index 000000000..fe202875f
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_integration.erb
@@ -0,0 +1,27 @@
+
+ <%= @name %>
+ <% if @hook_url != '' -%>
+ <%= @hook_url %>
+ <% end %>
+ <% if @api_key != '' -%>
+ <%= @api_key %>
+ <% end %>
+ <% if @in_rule_id != '' -%>
+ <%= @in_rule_id %>
+ <% end %>
+ <% if @in_level != '' -%>
+ <%= @in_level %>
+ <% end %>
+ <% if @in_group != '' -%>
+ <%= @in_group %>
+ <% end %>
+ <% if @in_location != '' -%>
+ <%= @in_location %>
+ <% end %>
+ <%= @in_format %>
+ <% if @in_max_log != '' -%>
+ <%= @in_max_log %>
+ <% end %>
+
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_localfile.erb b/modules/services/unix/logging/wazuh/templates/fragments/_localfile.erb
new file mode 100644
index 000000000..ebb5d2520
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_localfile.erb
@@ -0,0 +1,53 @@
+<%- @ossec_local_files.each do |localfile| -%>
+
+ <%= localfile['log_format'] %>
+ <%- if localfile.key?('location') -%>
+ <%= localfile['location'] %>
+ <%- end -%>
+ <%- if localfile.key?('frequency') -%>
+ <%= localfile['frequency'] %>
+ <%- end -%>
+ <%- if localfile.key?('query') -%>
+ <%= localfile['query'] %>
+ <%- end -%>
+ <%- if localfile.key?('command') -%>
+ <%= localfile['command'] %>
+ <%- end -%>
+ <%- if localfile.key?('alias') -%>
+ <%= localfile['alias'] %>
+ <%- end -%>
+ <%- if localfile.key?('label') -%>
+
+ <%- end -%>
+ <%- if localfile.key?('only-future-events') -%>
+ <%= localfile['only-future-events'] %>
+ <%- end -%>
+ <%- if localfile.key?('target') -%>
+ <%= localfile['target'] %>
+ <%- end -%>
+ <%- if localfile.key?('out_format') -%>
+ target="<%= localfile['out_format']['attributes']['target'] %>"<%- end -%> ><%= localfile['out_format']['value'] %>
+ <%- end -%>
+
+<%- end %>
+<%- if @kernel == 'Linux' -%>
+
+ command
+ df -P
+ 360
+
+
+
+ full_command
+ netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d
+ netstat listening ports
+ 360
+
+
+
+ full_command
+ last -n 20
+ 360
+
+<%- end %>
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_localfile_generation.erb b/modules/services/unix/logging/wazuh/templates/fragments/_localfile_generation.erb
new file mode 100644
index 000000000..81db6051d
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_localfile_generation.erb
@@ -0,0 +1,17 @@
+
+ <%= @logtype %>
+ <%- if @logfile -%>
+ <%= @logfile %>
+ <%- end -%>
+ <%- if @logcommand -%>
+ <%= @logcommand %>
+ <%- end -%>
+ <%- if @commandalias -%>
+ <%= @commandalias %>
+ <%- end -%>
+ <%- if @frequency -%>
+ <%= @frequency %>
+ <%- end -%>
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_reports.erb b/modules/services/unix/logging/wazuh/templates/fragments/_reports.erb
new file mode 100644
index 000000000..758465985
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_reports.erb
@@ -0,0 +1,29 @@
+
+ <%- if defined?(@r_group) -%>
+ <%= @r_group %>
+ <%- end -%>
+ <%- if defined?(@r_category) -%>
+ <%= @r_category %>
+ <%- end -%>
+ <%- if defined?(@r_rule) -%>
+ <%= @r_rule %>
+ <%- end -%>
+ <%- if defined?(@r_level) -%>
+ <%= @r_level %>
+ <%- end -%>
+ <%- if defined?(@r_location) -%>
+ <%= @r_location %>
+ <%- end -%>
+ <%- if defined?(@r_srcip) -%>
+ <%= @r_srcip %>
+ <%- end -%>
+ <%- if defined?(@r_user) -%>
+ <%= @r_user %>
+ <%- end -%>
+ <%= @r_title %>
+ <%= @r_email_to %>
+ <%- if defined?(@r_showlogs) -%>
+ <%= @r_showlogs %>
+ <%- end -%>
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_rootcheck.erb b/modules/services/unix/logging/wazuh/templates/fragments/_rootcheck.erb
new file mode 100644
index 000000000..8578cc7f6
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_rootcheck.erb
@@ -0,0 +1,47 @@
+<%- if @kernel == 'Linux' -%>
+
+ <% if @ossec_rootcheck_disabled -%>
+ <%= @ossec_rootcheck_disabled %>
+ <%- end -%>
+ <% if @ossec_rootcheck_check_files -%>
+ <%= @ossec_rootcheck_check_files %>
+ <%- end -%>
+ <% if @ossec_rootcheck_check_trojans-%>
+ <%= @ossec_rootcheck_check_trojans %>
+ <%- end -%>
+ <% if @ossec_rootcheck_check_dev -%>
+ <%= @ossec_rootcheck_check_dev %>
+ <%- end -%>
+ <% if @ossec_rootcheck_check_sys -%>
+ <%= @ossec_rootcheck_check_sys %>
+ <%- end -%>
+ <% if @ossec_rootcheck_check_pids -%>
+ <%= @ossec_rootcheck_check_pids %>
+ <%- end -%>
+ <% if @ossec_rootcheck_check_ports -%>
+ <%= @ossec_rootcheck_check_ports %>
+ <%- end -%>
+ <% if @ossec_rootcheck_check_if -%>
+ <%= @ossec_rootcheck_check_if %>
+ <%- end -%>
+ <% if @ossec_rootcheck_frequency-%>
+ <%= @ossec_rootcheck_frequency %>
+ <%- end -%>
+ <% if @ossec_rootcheck_rootkit_files-%>
+ <%= @ossec_rootcheck_rootkit_files %>
+ <%- end -%>
+ <% if @ossec_rootcheck_rootkit_trojans-%>
+ <%= @ossec_rootcheck_rootkit_trojans %>
+ <%- end -%>
+ <% if @ossec_rootcheck_skip_nfs-%>
+ <%= @ossec_rootcheck_skip_nfs%>
+ <%- end -%>
+
+<%- else -%>
+
+
+ ./shared/win_audit_rcl.txt
+ ./shared/win_applications_rcl.txt
+ ./shared/win_malware_rcl.txt
+
+<%- end -%>
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_ruleset.erb b/modules/services/unix/logging/wazuh/templates/fragments/_ruleset.erb
new file mode 100644
index 000000000..d7bb57629
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_ruleset.erb
@@ -0,0 +1,15 @@
+
+
+ ruleset/decoders
+ ruleset/rules
+ 0215-policy_rules.xml
+ etc/lists/audit-keys
+ etc/lists/amazon/aws-eventnames
+ etc/lists/security-eventchannel
+
+
+ etc/decoders
+ etc/rules
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_sca.erb b/modules/services/unix/logging/wazuh/templates/fragments/_sca.erb
new file mode 100644
index 000000000..15213872c
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_sca.erb
@@ -0,0 +1,70 @@
+<%- if @kernel == 'Linux' -%>
+ <%- if @apply_template_os == 'centos' -%>
+
+ yes
+ yes
+ 12h
+ yes
+
+
+ cis_rhel7_linux_rcl.yml
+ system_audit_rcl.yml
+ system_audit_ssh.yml
+ system_audit_pw.yml
+
+
+ <%- elsif @apply_template_os =='amazon' -%>
+
+ yes
+ yes
+ 12h
+ yes
+
+
+ system_audit_rcl.yml
+ system_audit_ssh.yml
+ system_audit_pw.yml
+
+
+ <%- elsif @apply_template_os =='rhel' -%>
+
+ yes
+ yes
+ 12h
+ yes
+
+
+ <%- if @rhel_version == '7' -%>
+ cis_rhel7_linux_rcl.yml
+ <%- elsif @rhel_version =='6' -%>
+ cis_rhel6_linux_rcl.yml
+ <%- elsif @rhel_version =='5' -%>
+ cis_rhel5_linux_rcl.yml
+ <%- end -%>
+ system_audit_rcl.yml
+ system_audit_ssh.yml
+ system_audit_pw.yml
+
+
+ <%- else -%>
+
+ yes
+ yes
+ 12h
+ yes
+
+
+ cis_debian_linux_rcl.yml
+ <%- if @debian_additional_templates == 'yes' -%>
+ cis_debianlinux7-8_L1_rcl.yml
+ cis_debianlinux7-8_L2_rcl.yml
+ <%- end -%>
+ system_audit_rcl.yml
+ system_audit_ssh.yml
+ system_audit_pw.yml
+
+
+ <%- end -%>
+<%- end -%>
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_syscheck.erb b/modules/services/unix/logging/wazuh/templates/fragments/_syscheck.erb
new file mode 100644
index 000000000..403522057
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_syscheck.erb
@@ -0,0 +1,128 @@
+ <%- if @kernel == 'windows' -%>
+
+ %WINDIR%/win.ini
+ %WINDIR%/system.ini
+ C:\autoexec.bat
+ C:\config.sys
+ C:\boot.ini
+ %WINDIR%/System32/CONFIG.NT
+ %WINDIR%/System32/AUTOEXEC.NT
+ %WINDIR%/System32/at.exe
+ %WINDIR%/System32/attrib.exe
+ %WINDIR%/System32/cacls.exe
+ %WINDIR%/System32/debug.exe
+ %WINDIR%/System32/drwatson.exe
+ %WINDIR%/System32/drwtsn32.exe
+ %WINDIR%/System32/edlin.exe
+ %WINDIR%/System32/eventcreate.exe
+ %WINDIR%/System32/eventtriggers.exe
+ %WINDIR%/System32/ftp.exe
+ %WINDIR%/System32/net.exe
+ %WINDIR%/System32/net1.exe
+ %WINDIR%/System32/netsh.exe
+ %WINDIR%/System32/rcp.exe
+ %WINDIR%/System32/reg.exe
+ %WINDIR%/regedit.exe
+ %WINDIR%/System32/regedt32.exe
+ %WINDIR%/System32/regsvr32.exe
+ %WINDIR%/System32/rexec.exe
+ %WINDIR%/System32/rsh.exe
+ %WINDIR%/System32/runas.exe
+ %WINDIR%/System32/sc.exe
+ %WINDIR%/System32/subst.exe
+ %WINDIR%/System32/telnet.exe
+ %WINDIR%/System32/tftp.exe
+ %WINDIR%/System32/tlntsvr.exe
+ %WINDIR%/System32/drivers/etc
+ C:\Documents and Settings/All Users/Start Menu/Programs/Startup
+ C:\Users/Public/All Users/Microsoft/Windows/Start Menu/Startup
+ .log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$
+
+
+ HKEY_LOCAL_MACHINE\Software\Classes\batfile
+ HKEY_LOCAL_MACHINE\Software\Classes\cmdfile
+ HKEY_LOCAL_MACHINE\Software\Classes\comfile
+ HKEY_LOCAL_MACHINE\Software\Classes\exefile
+ HKEY_LOCAL_MACHINE\Software\Classes\piffile
+ HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects
+ HKEY_LOCAL_MACHINE\Software\Classes\Directory
+ HKEY_LOCAL_MACHINE\Software\Classes\Folder
+ HKEY_LOCAL_MACHINE\Software\Classes\Protocols
+ HKEY_LOCAL_MACHINE\Software\Policies
+ HKEY_LOCAL_MACHINE\Security
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
+ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
+ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs
+ HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
+ HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components
+
+
+ %WINDIR%/System32/LogFiles
+ %WINDIR%/Debug
+ %WINDIR%/WindowsUpdate.log
+ %WINDIR%/iis6.log
+ %WINDIR%/system32/wbem/Logs
+ %WINDIR%/system32/wbem/Repository
+ %WINDIR%/Prefetch
+ %WINDIR%/PCHEALTH/HELPCTR/DataColl
+ %WINDIR%/SoftwareDistribution
+ %WINDIR%/Temp
+ %WINDIR%/system32/config
+ %WINDIR%/system32/spool
+ %WINDIR%/system32/CatRoot
+
+
+ HKEY_LOCAL_MACHINE\Security\Policy\Secrets
+ HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users
+ \Enum$
+
+
+ <%- else -%>
+
+ <%- if @ossec_syscheck_disabled -%>
+ <%= @ossec_syscheck_disabled %>
+ <%- end -%>
+ <%- if @ossec_syscheck_frequency -%>
+ <%=@ossec_syscheck_frequency%>
+ <%- end -%>
+ <%- if @ossec_syscheck_scan_on_start -%>
+ <%=@ossec_syscheck_scan_on_start%>
+ <%- end -%>
+ <%- if @ossec_syscheck_alert_new_files -%>
+ <%=@ossec_syscheck_alert_new_files%>
+ <%- end -%>
+ <%- if @ossec_syscheck_auto_ignore -%>
+ <%=@ossec_syscheck_auto_ignore%>
+ <%- end -%>
+ <%- if @ossec_syscheck_directories_1 -%>
+ <%=@ossec_syscheck_directories_1%>
+ <%- end -%>
+ <%- if @ossec_syscheck_directories_2 -%>
+ <%=@ossec_syscheck_directories_2%>
+ <%- end -%>
+ <%- if @ossec_syscheck_ignore_list -%>
+ <%- @ossec_syscheck_ignore_list.each do |ignore_element| -%>
+ <%= ignore_element %>
+ <%- end -%>
+ <%- end -%>
+ <%- if @ossec_syscheck_ignore_type_1 -%>
+ <%=@ossec_syscheck_ignore_type_1%>
+ <%- end -%>
+ <%- if @ossec_syscheck_ignore_type_2 -%>
+ <%=@ossec_syscheck_ignore_type_2%>
+ <%- end -%>
+ <%- if @ossec_syscheck_nodiff -%>
+ <%=@ossec_syscheck_nodiff%>
+ <%- end -%>
+ <%- if @ossec_syscheck_skip_nfs -%>
+ <%=@ossec_syscheck_skip_nfs%>
+ <%- end -%>
+
+ <%- end -%>
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_wodle_cis_cat.erb b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_cis_cat.erb
new file mode 100644
index 000000000..f945ef0a0
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_cis_cat.erb
@@ -0,0 +1,10 @@
+
+ yes
+ 1800
+ 1d
+ yes
+
+ wodles/java
+ wodles/ciscat
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_wodle_openscap.erb b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_openscap.erb
new file mode 100644
index 000000000..8028bb0df
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_openscap.erb
@@ -0,0 +1,18 @@
+
+ yes
+ 1800
+ 1d
+ yes
+
+ <%- @wodle_openscap_content.each do |path, value| -%>
+
+ <%- if value['profiles'] then -%>
+ <%- value['profiles'].each do |profile| -%>
+ <%= profile %>
+ <%- end -%>
+ <%- end -%>
+
+ <%- end -%>
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_wodle_osquery.erb b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_osquery.erb
new file mode 100644
index 000000000..acdb8e07d
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_osquery.erb
@@ -0,0 +1,9 @@
+
+ yes
+ yes
+ /var/log/osquery/osqueryd.results.log
+ /etc/osquery/osquery.conf
+ yes
+
+
+
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_wodle_syscollector.erb b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_syscollector.erb
new file mode 100644
index 000000000..b56f4e28d
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_syscollector.erb
@@ -0,0 +1,12 @@
+
+ no
+ 1h
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+ yes
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/fragments/_wodle_vulnerability_detector.erb b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_vulnerability_detector.erb
new file mode 100644
index 000000000..2162282c5
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/fragments/_wodle_vulnerability_detector.erb
@@ -0,0 +1,20 @@
+
+ yes
+ 5m
+ 6h
+ yes
+
+ yes
+ 1h
+
+
+ yes
+ 2010
+ 1h
+
+
+ yes
+ 1h
+
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/jvm_options.erb b/modules/services/unix/logging/wazuh/templates/jvm_options.erb
new file mode 100644
index 000000000..60d48d777
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/jvm_options.erb
@@ -0,0 +1,120 @@
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+-Xms<%= @jvm_options_memmory %>
+-Xmx<%= @jvm_options_memmory %>
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+-XX:+UseConcMarkSweepGC
+-XX:CMSInitiatingOccupancyFraction=75
+-XX:+UseCMSInitiatingOccupancyOnly
+
+## G1GC Configuration
+# NOTE: G1GC is only supported on JDK version 10 or later.
+# To use G1GC uncomment the lines below.
+# 10-:-XX:-UseConcMarkSweepGC
+# 10-:-XX:-UseCMSInitiatingOccupancyOnly
+# 10-:-XX:+UseG1GC
+# 10-:-XX:InitiatingHeapOccupancyPercent=75
+
+## DNS cache policy
+# cache ttl in seconds for positive DNS lookups noting that this overrides the
+# JDK security property networkaddress.cache.ttl; set to -1 to cache forever
+-Des.networkaddress.cache.ttl=60
+# cache ttl in seconds for negative DNS lookups noting that this overrides the
+# JDK security property networkaddress.cache.negative ttl; set to -1 to cache
+# forever
+-Des.networkaddress.cache.negative.ttl=10
+
+## optimizations
+
+# pre-touch memory pages used by the JVM during initialization
+-XX:+AlwaysPreTouch
+
+## basic
+
+# explicitly set the stack size
+-Xss1m
+
+# set to headless, just in case
+-Djava.awt.headless=true
+
+# ensure UTF-8 encoding by default (e.g. filenames)
+-Dfile.encoding=UTF-8
+
+# use our provided JNA always versus the system one
+-Djna.nosys=true
+
+# turn off a JDK optimization that throws away stack traces for common
+# exceptions because stack traces are important for debugging
+-XX:-OmitStackTraceInFastThrow
+
+# flags to configure Netty
+-Dio.netty.noUnsafe=true
+-Dio.netty.noKeySetOptimization=true
+-Dio.netty.recycler.maxCapacityPerThread=0
+
+# log4j 2
+-Dlog4j.shutdownHookEnabled=false
+-Dlog4j2.disable.jmx=true
+
+-Djava.io.tmpdir=${ES_TMPDIR}
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps; ensure the directory exists and
+# has sufficient space
+-XX:HeapDumpPath=/var/lib/elasticsearch
+
+# specify an alternative path for JVM fatal error logs
+-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log
+
+## JDK 8 GC logging
+
+8:-XX:+PrintGCDetails
+8:-XX:+PrintGCDateStamps
+8:-XX:+PrintTenuringDistribution
+8:-XX:+PrintGCApplicationStoppedTime
+8:-Xloggc:/var/log/elasticsearch/gc.log
+8:-XX:+UseGCLogFileRotation
+8:-XX:NumberOfGCLogFiles=32
+8:-XX:GCLogFileSize=64m
+
+# JDK 9+ GC logging
+9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
+# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise
+# time/date parsing will break in an incompatible way for some date patterns and locals
+9-:-Djava.locale.providers=COMPAT
+
+# temporary workaround for C2 bug with JDK 10 on hardware with AVX-512
+10-:-XX:UseAVX=2
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/kibana_yml.erb b/modules/services/unix/logging/wazuh/templates/kibana_yml.erb
new file mode 100644
index 000000000..56744dae9
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/kibana_yml.erb
@@ -0,0 +1,116 @@
+# The default roles file is empty as the preferred method of defining roles is
+# through the API/UI. File based roles are useful in error scenarios when the
+# API based roles may not be available.
+# Kibana is served by a back end server. This setting specifies the port to use.
+server.port: <%= @kibana_server_port %>
+
+# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
+# The default is 'localhost', which usually means remote machines will not be able to connect.
+# To allow connections from remote users, set this parameter to a non-loopback address.
+server.host: <%= @kibana_server_host %>
+
+# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
+# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
+# from requests it receives, and to prevent a deprecation warning at startup.
+# This setting cannot end in a slash.
+#server.basePath: ""
+
+# Specifies whether Kibana should rewrite requests that are prefixed with
+# `server.basePath` or require that they are rewritten by your reverse proxy.
+# This setting was effectively always `false` before Kibana 6.3 and will
+# default to `true` starting in Kibana 7.0.
+#server.rewriteBasePath: false
+
+# The maximum payload size in bytes for incoming server requests.
+#server.maxPayloadBytes: 1048576
+
+# The Kibana server's name. This is used for display purposes.
+#server.name: "your-hostname"
+
+# The URLs of the Elasticsearch instances to use for all your queries.
+elasticsearch.url: "<%= @kibana_elasticsearch_server_hosts %>"
+
+# When this setting's value is true Kibana uses the hostname specified in the server.host
+# setting. When the value of this setting is false, Kibana uses the hostname of the host
+# that connects to this Kibana instance.
+#elasticsearch.preserveHost: true
+
+# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
+# dashboards. Kibana creates a new index if the index doesn't already exist.
+#kibana.index: ".kibana"
+
+# The default application to load.
+#kibana.defaultAppId: "home"
+
+# If your Elasticsearch is protected with basic authentication, these settings provide
+# the username and password that the Kibana server uses to perform maintenance on the Kibana
+# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
+# is proxied through the Kibana server.
+#elasticsearch.username: "user"
+#elasticsearch.password: "pass"
+
+# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
+# These settings enable SSL for outgoing requests from the Kibana server to the browser.
+#server.ssl.enabled: false
+#server.ssl.certificate: /path/to/your/server.crt
+#server.ssl.key: /path/to/your/server.key
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files validate that your Elasticsearch backend uses the same key files.
+#elasticsearch.ssl.certificate: /path/to/your/client.crt
+#elasticsearch.ssl.key: /path/to/your/client.key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your Elasticsearch instance.
+#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
+
+# To disregard the validity of SSL certificates, change this setting's value to 'none'.
+#elasticsearch.ssl.verificationMode: full
+
+# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
+# the elasticsearch.requestTimeout setting.
+#elasticsearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
+# must be a positive integer.
+#elasticsearch.requestTimeout: 30000
+
+# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+#elasticsearch.requestHeadersWhitelist: [ authorization ]
+
+# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
+# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
+#elasticsearch.customHeaders: {}
+
+# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
+#elasticsearch.shardTimeout: 30000
+
+# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
+#elasticsearch.startupTimeout: 5000
+
+# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
+#elasticsearch.logQueries: false
+
+# Specifies the path where Kibana creates the process ID file.
+#pid.file: /var/run/kibana.pid
+
+# Enables you specify a file where Kibana stores log output.
+#logging.dest: stdout
+
+# Set the value of this setting to true to suppress all logging output.
+#logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+#logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+#logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 5000.
+#ops.interval: 5000
+
+# Specifies locale to be used for all localizable strings, dates and number formats.
+#i18n.locale: "en"
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/local_decoder.xml.erb b/modules/services/unix/logging/wazuh/templates/local_decoder.xml.erb
new file mode 100644
index 000000000..a89f28733
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/local_decoder.xml.erb
@@ -0,0 +1,24 @@
+
+
+
+
+
+
+ local_decoder_example
+
diff --git a/modules/services/unix/logging/wazuh/templates/local_rules.xml.erb b/modules/services/unix/logging/wazuh/templates/local_rules.xml.erb
new file mode 100644
index 000000000..c9db30662
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/local_rules.xml.erb
@@ -0,0 +1,41 @@
+
+
+
+
+
+
+ 5716
+ 1.1.1.1
+ sshd: authentication failed from IP 1.1.1.1.
+ authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5,
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/ossec_shared_agent.conf.erb b/modules/services/unix/logging/wazuh/templates/ossec_shared_agent.conf.erb
new file mode 100644
index 000000000..69f5eed1b
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/ossec_shared_agent.conf.erb
@@ -0,0 +1,44 @@
+
+<% if @ossec_rootcheck == false then -%>
+
+ yes
+
+<% end -%>
+
+
+
+ <%= @ossec_syscheck_frequency %>
+ no
+
+
+
+
+ <%= scope.function_template(["wazuh/fragments/_rootcheck.erb"]) %>
+
+ <%= scope.function_template(["wazuh/fragments/_syscheck.erb"]) %>
+
+
+
+ syslog
+ /var/ossec/logs/active-responses.log
+
+
+
+
+ <%= scope.function_template(["wazuh/fragments/_rootcheck.erb"]) %>
+
+ <%= scope.function_template(["wazuh/fragments/_syscheck.erb"]) %>
+
+
+ eventlog
+ Application
+
+
+ eventlog
+ Security
+
+
+ eventlog
+ System
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/process_list.erb b/modules/services/unix/logging/wazuh/templates/process_list.erb
new file mode 100644
index 000000000..cdd24c5e0
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/process_list.erb
@@ -0,0 +1,8 @@
+# This file managed by Puppet.
+# Any changes will be overwritten
+<% if @syslog_output -%>
+CSYSLOG_DAEMON=ossec-csyslogd
+<% end -%>
+<% if @ossec_integratord_enabled -%>
+INTEGRATOR_DAEMON=ossec-integratord
+<% end -%>
diff --git a/modules/services/unix/logging/wazuh/templates/wazuh-register.rb.erb b/modules/services/unix/logging/wazuh/templates/wazuh-register.rb.erb
new file mode 100644
index 000000000..ba11a0cc2
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/wazuh-register.rb.erb
@@ -0,0 +1,19 @@
+require 'fileutils'
+require 'open3'
+
+@registered_file = '/wr'
+
+def already_registered?
+ File.file? @registered_file
+end
+
+until already_registered?
+ stdout, _, _ = Open3.capture3("/var/ossec/bin/agent-auth -m <%= @kibana_elasticsearch_ip -%> -A '<%= @agent_name -%>'")
+ if stdout.include? 'Valid key created. Finished'
+ FileUtils.touch @registered_file
+ `service wazuh-agent start`
+ end
+ sleep(15)
+end
+
+exit(0)
\ No newline at end of file
diff --git a/modules/services/unix/logging/wazuh/templates/wazuh_agent.conf.erb b/modules/services/unix/logging/wazuh/templates/wazuh_agent.conf.erb
new file mode 100644
index 000000000..4b7fdedc2
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/wazuh_agent.conf.erb
@@ -0,0 +1,38 @@
+
+
+ <%- if @wazuh_reporting_endpoint then -%>
+ <%= @wazuh_reporting_endpoint %>
+ <%- end -%>
+ <%- if @ossec_protocol then -%>
+ <%= @ossec_protocol %>
+ <%- end -%>
+ <%= @ossec_port %>
+
+ <%- if @ossec_config_profiles then -%>
+ <%= @ossec_config_profiles.join(',') %>
+ <%- end -%>
+ <%- if @ossec_notify_time then -%>
+ <%= @ossec_notify_time %>
+ <%- end -%>
+ <%- if @ossec_time_reconnect then -%>
+ <%= @ossec_time_reconnect %>
+ <%- end -%>
+ <%- if @ossec_crypto_method then -%>
+ <%= @ossec_crypto_method %>
+ <%- end -%>
+ <%- if @ossec_auto_restart then -%>
+ <%= @ossec_auto_restart %>
+ <%- end -%>
+
+
+
+ plain
+
+
+
+
+ no
+ <%= @client_buffer_queue_size %>
+ <%= @client_buffer_events_per_second %>
+
+
diff --git a/modules/services/unix/logging/wazuh/templates/wazuh_manager.conf.erb b/modules/services/unix/logging/wazuh/templates/wazuh_manager.conf.erb
new file mode 100644
index 000000000..daa9cf466
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/templates/wazuh_manager.conf.erb
@@ -0,0 +1,40 @@
+
+ yes
+ yes
+ no
+ no
+ <%- if @ossec_emailnotification -%>
+ yes
+ <%- @ossec_emailto.each do |emailto| -%>
+ <%= emailto %>
+ <%- end -%>
+ <%= @ossec_smtp_server %>
+ <%= @ossec_emailfrom %>
+ <%= @ossec_email_maxperhour %>
+ <%- unless @ossec_email_idsname.nil? -%>
+ <%= @ossec_email_idsname %>
+ <%- end -%>
+ <%- else -%>
+ no
+ <%- end -%>
+ <%- @ossec_white_list.each do |ipaddress| -%>
+ <%= ipaddress %>
+ <%- end -%>
+
+
+
+ <%= @ossec_alert_level %>
+ <%= @ossec_email_alert_level %>
+
+
+
+ plain
+
+
+
+ <%= @ossec_remote_connection %>
+ <%= @ossec_remote_port %>
+ <%= @ossec_remote_protocol %>
+ <%= @ossec_remote_queue_size %>
+
+
diff --git a/modules/services/unix/logging/wazuh/wazuh.pp b/modules/services/unix/logging/wazuh/wazuh.pp
new file mode 100644
index 000000000..a59ea0fc6
--- /dev/null
+++ b/modules/services/unix/logging/wazuh/wazuh.pp
@@ -0,0 +1,29 @@
+unless defined('analysis_alert_action_server') or defined('analysis_alert_action_client') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $component = $secgen_parameters['wazuh_component'][0]
+ $kibana_elasticsearch_ip = $secgen_parameters['server_address'][0]
+ $agent_name = $secgen_parameters['wazuh_agent_name'][0]
+
+ if ($component == 'server') {
+ class { '::wazuh::manager':
+ ossec_smtp_server => 'localhost',
+ ossec_emailto => ['user@mycompany.com'],
+ agent_auth_password => '6663484170b2c69451e01ba11f319533', #todo: obviously fix this - must be 32char
+ }
+ class { '::wazuh::kibana':
+ kibana_elasticsearch_ip => $kibana_elasticsearch_ip,
+ }
+
+ exec { 'enable ossec auth':
+ command => '/var/ossec/bin/ossec-control enable auth',
+ require => Class['::wazuh::manager'],
+ }
+
+ } elsif ($component == 'client') {
+ class { "::wazuh::agent":
+ wazuh_register_endpoint => $kibana_elasticsearch_ip,
+ wazuh_reporting_endpoint => $kibana_elasticsearch_ip,
+ agent_name => $agent_name,
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/628w126i.default/times.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/628w126i.default/times.json
new file mode 100644
index 000000000..6ac18c87d
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/628w126i.default/times.json
@@ -0,0 +1,4 @@
+{
+"created": 1588326786678,
+"firstUse": null
+}
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/Crash Reports/InstallTime20200407160932 b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/Crash Reports/InstallTime20200407160932
new file mode 100644
index 000000000..ac942a0cb
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/Crash Reports/InstallTime20200407160932
@@ -0,0 +1 @@
+1588326786
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/installs.ini b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/installs.ini
new file mode 100644
index 000000000..f678e500c
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/installs.ini
@@ -0,0 +1,4 @@
+[FDC34C9F024745EB]
+Default=sbge8oh9.default-default
+Locked=1
+
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/profiles.ini b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/profiles.ini
new file mode 100644
index 000000000..54c8e7854
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/profiles.ini
@@ -0,0 +1,19 @@
+[Profile1]
+Name=default
+IsRelative=1
+Path=628w126i.default
+Default=1
+
+[InstallFDC34C9F024745EB]
+Default=sbge8oh9.default-default
+Locked=1
+
+[Profile0]
+Name=default-default
+IsRelative=1
+Path=sbge8oh9.default-default
+
+[General]
+StartWithLastProfile=1
+Version=2
+
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/.parentlock b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/.parentlock
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/AlternateServices.txt b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/AlternateServices.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Trash b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Trash
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Trash.msf b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Trash.msf
new file mode 100644
index 000000000..3f08772a8
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Trash.msf
@@ -0,0 +1,48 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (80=ns:msg:db:row:scope:msgs:all)(81=subject)(82=sender)(83=message-id)
+ (84=references)(85=recipients)(86=date)(87=size)(88=flags)(89=priority)
+ (8A=label)(8B=statusOfset)(8C=numLines)(8D=ccList)(8E=bccList)
+ (8F=msgThreadId)(90=threadId)(91=threadFlags)(92=threadNewestMsgDate)
+ (93=children)(94=unreadChildren)(95=threadSubject)(96=msgCharSet)
+ (97=ns:msg:db:table:kind:msgs)(98=ns:msg:db:table:kind:thread)
+ (99=ns:msg:db:table:kind:allthreads)
+ (9A=ns:msg:db:row:scope:threads:all)(9B=threadParent)(9C=threadRoot)
+ (9D=msgOffset)(9E=offlineMsgSize)
+ (9F=ns:msg:db:row:scope:dbfolderinfo:all)
+ (A0=ns:msg:db:table:kind:dbfolderinfo)(A1=numMsgs)(A2=numNewMsgs)
+ (A3=folderSize)(A4=expungedBytes)(A5=folderDate)(A6=highWaterKey)
+ (A7=mailboxName)(A8=UIDValidity)(A9=totPendingMsgs)
+ (AA=unreadPendingMsgs)(AB=expiredMark)(AC=version)(AD=forceReparse)
+ (AE=fixedBadRefThreading)(AF=folderName)>
+{1:^80 {(k^97:c)(s=9)} }
+{FFFFFFFD:^9A {(k^99:c)(s=9)} }
+
+<(80=1)(81=0)>
+{1:^9F {(k^A0:c)(s=9u)}
+ [1(^AC=1)(^AD=0)(^AE=1)]}
+
+@$${1{@
+< <(a=c)> // (f=iso-8859-1)
+ (B0=charSetOverride)(B1=charSet)>
+<(82=104)>[1:^9F(^88^82)]
+@$$}1}@
+
+@$${2{@
+<(83=Trash)(84=5eabf28e)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^82)(^A7^83)
+ (^A3=0)(^A5^84)]
+@$$}2}@
+
+@$${3{@
+@$$}3}@
+
+@$${4{@
+< <(a=c)> // (f=iso-8859-1)
+ (B8=applyToFlaggedMessages)(B9=useServerRetention)(B2=retainBy)
+ (B3=daysToKeepHdrs)(B4=numHdrsToKeep)(B5=daysToKeepBodies)
+ (B6=useServerDefaults)(B7=cleanupBodies)>
+[1:^9F(^B9=1)]
+@$$}4}@
+
+@$${5{@
+@$$}5}@
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Unsent Messages b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Unsent Messages
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Unsent Messages.msf b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Unsent Messages.msf
new file mode 100644
index 000000000..b22b268d1
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Unsent Messages.msf
@@ -0,0 +1,29 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (B8=applyToFlaggedMessages)(B9=useServerRetention)
+ (80=ns:msg:db:row:scope:msgs:all)(81=subject)(82=sender)(83=message-id)
+ (84=references)(85=recipients)(86=date)(87=size)(88=flags)(89=priority)
+ (8A=label)(8B=statusOfset)(8C=numLines)(8D=ccList)(8E=bccList)
+ (8F=msgThreadId)(90=threadId)(91=threadFlags)(92=threadNewestMsgDate)
+ (93=children)(94=unreadChildren)(95=threadSubject)(96=msgCharSet)
+ (97=ns:msg:db:table:kind:msgs)(98=ns:msg:db:table:kind:thread)
+ (99=ns:msg:db:table:kind:allthreads)
+ (9A=ns:msg:db:row:scope:threads:all)(9B=threadParent)(9C=threadRoot)
+ (9D=msgOffset)(9E=offlineMsgSize)
+ (9F=ns:msg:db:row:scope:dbfolderinfo:all)
+ (A0=ns:msg:db:table:kind:dbfolderinfo)(A1=numMsgs)(A2=numNewMsgs)
+ (A3=folderSize)(A4=expungedBytes)(A5=folderDate)(A6=highWaterKey)
+ (A7=mailboxName)(A8=UIDValidity)(A9=totPendingMsgs)
+ (AA=unreadPendingMsgs)(AB=expiredMark)(AC=version)(AD=forceReparse)
+ (AE=fixedBadRefThreading)(AF=folderName)(B0=charSetOverride)
+ (B1=charSet)(B2=retainBy)(B3=daysToKeepHdrs)(B4=numHdrsToKeep)
+ (B5=daysToKeepBodies)(B6=useServerDefaults)(B7=cleanupBodies)>
+
+<(80=1)(81=0)(82=804)(83=Unsent Messages)(84=5eabf28e)(85=Outbox)>
+{1:^9F {(k^A0:c)(s=9u)}
+ [1(^AC=1)(^AD=0)(^AE=1)(^88^82)(^A7^83)(^A3=0)(^A5^84)(^AF^85)(^B9=1)]}
+
+@$${1{@
+{-1:^80 {(k^97:c)(s=9)} }
+{-FFFFFFFD:^9A {(k^99:c)(s=9)} }
+@$$}1}@
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Inbox b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Inbox
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Inbox.msf b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Inbox.msf
new file mode 100644
index 000000000..c04625990
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Inbox.msf
@@ -0,0 +1,177 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (B8=applyToFlaggedMessages)(B9=useServerRetention)(BA=storeToken)
+ (BB=dateReceived)(BC=ProtoThreadFlags)(BD=MRUTime)(BE=sortType)
+ (BF=sortOrder)(C0=viewFlags)(C1=viewType)(C2=columnStates)
+ (C3=sortColumns)(C4=customSortCol)(C5=keywords)(C6=imageSize)
+ (C7=junkscore)(C8=recipient_names)(80=ns:msg:db:row:scope:msgs:all)
+ (81=subject)(82=sender)(83=message-id)(84=references)(85=recipients)
+ (86=date)(87=size)(88=flags)(89=priority)(8A=label)(8B=statusOfset)
+ (8C=numLines)(8D=ccList)(8E=bccList)(8F=msgThreadId)(90=threadId)
+ (91=threadFlags)(92=threadNewestMsgDate)(93=children)
+ (94=unreadChildren)(95=threadSubject)(96=msgCharSet)
+ (97=ns:msg:db:table:kind:msgs)(98=ns:msg:db:table:kind:thread)
+ (99=ns:msg:db:table:kind:allthreads)
+ (9A=ns:msg:db:row:scope:threads:all)(9B=threadParent)(9C=threadRoot)
+ (9D=msgOffset)(9E=offlineMsgSize)
+ (9F=ns:msg:db:row:scope:dbfolderinfo:all)
+ (A0=ns:msg:db:table:kind:dbfolderinfo)(A1=numMsgs)(A2=numNewMsgs)
+ (A3=folderSize)(A4=expungedBytes)(A5=folderDate)(A6=highWaterKey)
+ (A7=mailboxName)(A8=UIDValidity)(A9=totPendingMsgs)
+ (AA=unreadPendingMsgs)(AB=expiredMark)(AC=version)(AD=forceReparse)
+ (AE=fixedBadRefThreading)(AF=folderName)(B0=charSetOverride)
+ (B1=charSet)(B2=retainBy)(B3=daysToKeepHdrs)(B4=numHdrsToKeep)
+ (B5=daysToKeepBodies)(B6=useServerDefaults)(B7=cleanupBodies)>
+<(80=1)(8E=fffffffe)(8B=5eabf2f1)(81=0)>
+[1:m(^9C=1)(^90^8E)(^92^8B)(^91=0)(^93=1)(^94=1)]
+<(94=2)(93=5eabf307)>[2:m(^9C=2)(^90=2)(^92^93)(^91=0)(^93=1)(^94=1)]
+<(9B=3)(99=5eabf32b)>[3:m(^9C=3)(^90=3)(^92^99)(^91=0)(^93=1)(^94=1)]
+<(85=4)>[4:m(^9C=4)(^90=4)(^92^99)(^91=0)(^93=1)(^94=1)]
+<(A4=5)>[5:m(^9C=5)(^90=5)(^92^99)(^91=0)(^93=1)(^94=1)]
+<(A9=6)(A8=5eabf330)>[6:m(^9C=6)(^90=6)(^92^A8)(^91=0)(^93=1)(^94=1)]
+<(AE=7)(AD=5eabf334)>[7:m(^9C=7)(^90=7)(^92^AD)(^91=0)(^93=1)(^94=1)]
+
+<(86=4f)(87=kali@shaw54-AAA-47-auto-grading-example-client-2)(88
+ =)(89=test)(8A
+ =E1jUSRt-0000cM-V7@shaw54-AAA-47-auto-grading-example-client-2)
+ (8C=34f)(8D=ffffffff)(B7
+ =0|kali@shaw54-AAA-47-auto-grading-example-client-2)(90=350)(91=848)
+ (92=E1jUSSF-0000cU-Ae@shaw54-AAA-47-auto-grading-example-client-2)
+ (95=6a1)(97=1697)(98
+ =E1jUSSp-0000ce-04@shaw54-AAA-47-auto-grading-example-client-2)
+ (9A=37c)(9D=a1e)(9E=2590)(9F
+ =E1jUSSp-0000cl-BK@shaw54-AAA-47-auto-grading-example-client-2)
+ (A0=363)(A1=d82)(A2=3458)(A3
+ =E1jUSSp-0000cs-IA@shaw54-AAA-47-auto-grading-example-client-2)
+ (A5=10e6)(A6=4326)(A7
+ =E1jUSSu-0000d0-FI@shaw54-AAA-47-auto-grading-example-client-2)
+ (AA=144a)(AB=5194)(AC
+ =E1jUSSy-0000d8-V8@shaw54-AAA-47-auto-grading-example-client-2)>
+{1:^80 {(k^97:c)(s=9)}
+ [1(^9D=0)(^BA=0)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^8A)(^BB^8B)(^86^8B)(^87^8C)(^8C=4)(^9B^8D)(^8F^8E)(^BC=0)(^C8^B7)]
+ [2(^9D^90)(^BA^91)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^92)(^BB^93)(^86^93)(^87^90)(^8C=1)(^9B^8D)(^8F=2)(^BC=0)(^C8^B7)]
+ [3(^9D^95)(^BA^97)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^98)(^BB^99)(^86^99)(^87^9A)(^8C=1)(^9B^8D)(^8F=3)(^BC=0)(^C8^B7)]
+ [4(^9D^9D)(^BA^9E)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^9F)(^BB^99)(^86^99)(^87^A0)(^8C=1)(^9B^8D)(^8F=4)(^BC=0)(^C8^B7)]
+ [5(^9D^A1)(^BA^A2)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^A3)(^BB^99)(^86^99)(^87^A0)(^8C=1)(^9B^8D)(^8F=5)(^BC=0)(^C8^B7)]
+ [6(^9D^A5)(^BA^A6)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^A7)(^BB^A8)(^86^A8)(^87^A0)(^8C=1)(^9B^8D)(^8F=6)(^BC=0)(^C8^B7)]
+ [7(^9D^AA)(^BA^AB)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^AC)(^BB^AD)(^86^AD)(^87^90)(^8C=1)(^9B^8D)(^8F=7)(^BC=0)(^C8^B7)]}
+{FFFFFFFE:^80 {(k^98:c)(s=9)1:m } 1 }
+{2:^80 {(k^98:c)(s=9)2:m } 2 }
+{3:^80 {(k^98:c)(s=9)3:m } 3 }
+{4:^80 {(k^98:c)(s=9)4:m } 4 }
+{5:^80 {(k^98:c)(s=9)5:m } 5 }
+{6:^80 {(k^98:c)(s=9)6:m } 6 }
+{7:^80 {(k^98:c)(s=9)7:m } 7 }
+{FFFFFFFD:^9A {(k^99:c)(s=9)} [FFFFFFFE(^95^89)]
+ [2(^95^89)]
+ [3(^95^89)]
+ [4(^95^89)]
+ [5(^95^89)]
+ [6(^95^89)]
+ [7(^95^89)]}
+
+<(B1=80001004)(83=Inbox)(AF=179b)(B0=5eabf336)(B2=1588327271)(B3=12)
+ (B4=)(B6
+ ={"threadCol":{"visible":true,"ordinal":""},"flaggedCol":{"visible":true,"\
+ordinal":""},"attachmentCol":{"visible":true,"ordinal":""},"subjectCol":{"visi\
+ble":true,"ordinal":""},"unreadButtonColHeader":{"visible":true,"ordinal":""},\
+"senderCol":{"visible":false,"ordinal":""},"recipientCol":{"visible":false,"or\
+dinal":""},"correspondentCol":{"visible":true,"ordinal":""},"junkStatusCol":{"\
+visible":true,"ordinal":""},"receivedCol":{"visible":false,"ordinal":""},"date\
+Col":{"visible":true,"ordinal":""},"statusCol":{"visible":false,"ordinal":""},\
+"sizeCol":{"visible":false,"ordinal":""},"tagsCol":{"visible":false,"ordinal":\
+""},"accountCol":{"visible":false,"ordinal":""},"priorityCol":{"visible":false\
+,"ordinal":""},"unreadCol":{"visible":false,"ordinal":""},"totalCol":{"visible\
+":false,"ordinal":""},"locationCol":{"visible":false,"ordinal":""},"idCol":{"v\
+isible":false,"ordinal":""}})>
+{1:^9F {(k^A0:c)(s=9)}
+ [1(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)(^A5^B0)(^B9=1)(^A1=7)
+ (^A2=7)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)(^C1=0)(^C3=)(^C2^B6)]}
+
+@$${11{@
+< <(a=c)> // (f=iso-8859-1)
+ (C9=gloda-id)(CA=gloda-dirty)>
+[1:m(^94=0)]
+[1:^80(^88=1)]
+<(B8=5eabf36a)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^B8)(^B9=1)(^A1=7)(^A2=6)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}11}@
+
+@$${12{@
+< <(a=c)> // (f=iso-8859-1)
+ (CB=notAPhishMessage)>
+@$$}12}@
+
+@$${13{@
+@$$}13}@
+
+@$${14{@
+[3:m(^94=0)]
+[3:^80(^88=1)]
+<(B9=5eabf36c)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^B9)(^B9=1)(^A1=7)(^A2=5)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}14}@
+
+@$${15{@
+@$$}15}@
+
+@$${16{@
+@$$}16}@
+
+@$${17{@
+[5:m(^94=0)]
+[5:^80(^88=1)]
+[1:^9F(^A2=4)]
+@$$}17}@
+
+@$${18{@
+@$$}18}@
+
+@$${19{@
+@$$}19}@
+
+@$${1A{@
+[6:m(^94=0)]
+[6:^80(^88=1)]
+<(BA=5eabf36e)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^BA)(^B9=1)(^A1=7)(^A2=3)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}1A}@
+
+@$${1B{@
+@$$}1B}@
+
+@$${1C{@
+@$$}1C}@
+
+@$${1D{@
+[2:m(^94=0)]
+[2:^80(^88=1)]
+<(BB=5eabf36f)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^BB)(^B9=1)(^A1=7)(^A2=2)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}1D}@
+
+@$${1E{@
+@$$}1E}@
+
+@$${1F{@
+@$$}1F}@
+
+@$${20{@
+@$$}20}@
+
+@$${21{@
+@$$}21}@
+
+@$${22{@
+@$$}22}@
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Trash b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Trash
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Trash.msf b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Trash.msf
new file mode 100644
index 000000000..3f08772a8
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/Trash.msf
@@ -0,0 +1,48 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (80=ns:msg:db:row:scope:msgs:all)(81=subject)(82=sender)(83=message-id)
+ (84=references)(85=recipients)(86=date)(87=size)(88=flags)(89=priority)
+ (8A=label)(8B=statusOfset)(8C=numLines)(8D=ccList)(8E=bccList)
+ (8F=msgThreadId)(90=threadId)(91=threadFlags)(92=threadNewestMsgDate)
+ (93=children)(94=unreadChildren)(95=threadSubject)(96=msgCharSet)
+ (97=ns:msg:db:table:kind:msgs)(98=ns:msg:db:table:kind:thread)
+ (99=ns:msg:db:table:kind:allthreads)
+ (9A=ns:msg:db:row:scope:threads:all)(9B=threadParent)(9C=threadRoot)
+ (9D=msgOffset)(9E=offlineMsgSize)
+ (9F=ns:msg:db:row:scope:dbfolderinfo:all)
+ (A0=ns:msg:db:table:kind:dbfolderinfo)(A1=numMsgs)(A2=numNewMsgs)
+ (A3=folderSize)(A4=expungedBytes)(A5=folderDate)(A6=highWaterKey)
+ (A7=mailboxName)(A8=UIDValidity)(A9=totPendingMsgs)
+ (AA=unreadPendingMsgs)(AB=expiredMark)(AC=version)(AD=forceReparse)
+ (AE=fixedBadRefThreading)(AF=folderName)>
+{1:^80 {(k^97:c)(s=9)} }
+{FFFFFFFD:^9A {(k^99:c)(s=9)} }
+
+<(80=1)(81=0)>
+{1:^9F {(k^A0:c)(s=9u)}
+ [1(^AC=1)(^AD=0)(^AE=1)]}
+
+@$${1{@
+< <(a=c)> // (f=iso-8859-1)
+ (B0=charSetOverride)(B1=charSet)>
+<(82=104)>[1:^9F(^88^82)]
+@$$}1}@
+
+@$${2{@
+<(83=Trash)(84=5eabf28e)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^82)(^A7^83)
+ (^A3=0)(^A5^84)]
+@$$}2}@
+
+@$${3{@
+@$$}3}@
+
+@$${4{@
+< <(a=c)> // (f=iso-8859-1)
+ (B8=applyToFlaggedMessages)(B9=useServerRetention)(B2=retainBy)
+ (B3=daysToKeepHdrs)(B4=numHdrsToKeep)(B5=daysToKeepBodies)
+ (B6=useServerDefaults)(B7=cleanupBodies)>
+[1:^9F(^B9=1)]
+@$$}4}@
+
+@$${5{@
+@$$}5}@
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/msgFilterRules.dat b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/msgFilterRules.dat
new file mode 100644
index 000000000..6ed24f7cb
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Mail/localhost/msgFilterRules.dat
@@ -0,0 +1,2 @@
+version="9"
+logging="no"
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/SecurityPreloadState.txt b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/SecurityPreloadState.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/SiteSecurityServiceState.txt b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/SiteSecurityServiceState.txt
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Telemetry.ShutdownTime.txt b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Telemetry.ShutdownTime.txt
new file mode 100644
index 000000000..0d389107a
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/Telemetry.ShutdownTime.txt
@@ -0,0 +1 @@
+212
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/abook.mab b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/abook.mab
new file mode 100644
index 000000000..66723078c
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/abook.mab
@@ -0,0 +1,27 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (B8=Notes)(B9=LastModifiedDate)(BA=RecordKey)(BB=AddrCharSet)
+ (BC=LastRecordKey)(BD=ns:addrbk:db:table:kind:pab)(BE=ListName)
+ (BF=ListNickName)(C0=ListDescription)(C1=ListTotalAddresses)
+ (C2=LowercaseListName)(C3=ns:addrbk:db:table:kind:deleted)
+ (80=ns:addrbk:db:row:scope:card:all)
+ (81=ns:addrbk:db:row:scope:list:all)
+ (82=ns:addrbk:db:row:scope:data:all)(83=UID)(84=FirstName)(85=LastName)
+ (86=PhoneticFirstName)(87=PhoneticLastName)(88=DisplayName)
+ (89=NickName)(8A=PrimaryEmail)(8B=LowercasePrimaryEmail)
+ (8C=SecondEmail)(8D=LowercaseSecondEmail)(8E=PreferMailFormat)
+ (8F=PopularityIndex)(90=WorkPhone)(91=HomePhone)(92=FaxNumber)
+ (93=PagerNumber)(94=CellularNumber)(95=WorkPhoneType)(96=HomePhoneType)
+ (97=FaxNumberType)(98=PagerNumberType)(99=CellularNumberType)
+ (9A=HomeAddress)(9B=HomeAddress2)(9C=HomeCity)(9D=HomeState)
+ (9E=HomeZipCode)(9F=HomeCountry)(A0=WorkAddress)(A1=WorkAddress2)
+ (A2=WorkCity)(A3=WorkState)(A4=WorkZipCode)(A5=WorkCountry)
+ (A6=JobTitle)(A7=Department)(A8=Company)(A9=_AimScreenName)
+ (AA=AnniversaryYear)(AB=AnniversaryMonth)(AC=AnniversaryDay)
+ (AD=SpouseName)(AE=FamilyName)(AF=WebPage1)(B0=WebPage2)(B1=BirthYear)
+ (B2=BirthMonth)(B3=BirthDay)(B4=Custom1)(B5=Custom2)(B6=Custom3)
+ (B7=Custom4)>
+
+<(80=0)>
+{1:^80 {(k^BD:c)(s=9)}
+ [1:^82(^BC=0)]}
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/addonStartup.json.lz4 b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/addonStartup.json.lz4
new file mode 100644
index 000000000..7509d2f87
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/addonStartup.json.lz4 differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/addons.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/addons.json
new file mode 100644
index 000000000..c9e5bfa58
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/addons.json
@@ -0,0 +1 @@
+{"schema":5,"addons":[],"compatOverrides":[]}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/blist.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/blist.sqlite
new file mode 100644
index 000000000..296505add
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/blist.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/calendar-data/local.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/calendar-data/local.sqlite
new file mode 100644
index 000000000..c2246e1cf
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/calendar-data/local.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/cert9.db b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/cert9.db
new file mode 100644
index 000000000..d35a051f5
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/cert9.db differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/compatibility.ini b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/compatibility.ini
new file mode 100644
index 000000000..1a30ba95b
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/compatibility.ini
@@ -0,0 +1,5 @@
+[Compatibility]
+LastVersion=68.7.0_20200407160932/20200407160932
+LastOSABI=Linux_x86_64-gcc3
+LastPlatformDir=/usr/lib/thunderbird
+LastAppDir=/usr/lib/thunderbird
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/content-prefs.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/content-prefs.sqlite
new file mode 100644
index 000000000..0e0da5ed7
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/content-prefs.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/cookies.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/cookies.sqlite
new file mode 100644
index 000000000..369f3c4e8
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/cookies.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/crashes/store.json.mozlz4 b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/crashes/store.json.mozlz4
new file mode 100644
index 000000000..5e3546c92
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/crashes/store.json.mozlz4 differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/datareporting/state.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/datareporting/state.json
new file mode 100644
index 000000000..8eb51bf44
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/datareporting/state.json
@@ -0,0 +1 @@
+{"clientID":"b5e4d57d-da1e-4202-8d26-ad1c9f1b6cb1"}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/directoryTree.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/directoryTree.json
new file mode 100644
index 000000000..c81812ad8
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/directoryTree.json
@@ -0,0 +1 @@
+["moz-abdirectory://?"]
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/extension-preferences.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/extension-preferences.json
new file mode 100644
index 000000000..b43efb73c
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/extension-preferences.json
@@ -0,0 +1 @@
+{"{e2fda1a4-762b-4020-b5ad-a41df1933103}":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]},"default-theme@mozilla.org":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]},"google@search.mozilla.org":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]},"amazondotcom@search.mozilla.org":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]},"bing@search.mozilla.org":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]},"ddg@search.mozilla.org":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]},"twitter@search.mozilla.org":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]},"wikipedia@search.mozilla.org":{"permissions":["internal:privateBrowsingAllowed"],"origins":[]}}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/extensions.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/extensions.json
new file mode 100644
index 000000000..00b3627c1
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/extensions.json
@@ -0,0 +1 @@
+{"schemaVersion":31,"addons":[{"id":"{e2fda1a4-762b-4020-b5ad-a41df1933103}","syncGUID":"{67e4612a-45e3-43aa-97db-491d7f944bdd}","version":"68.7.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Lightning","description":"Integrated Calendaring & Scheduling for your Email client","creator":"Mozilla Calendar Project","homepageURL":"https://www.mozilla.org/projects/calendar/","developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588273736000,"updateDate":1588273736000,"applyBackgroundUpdates":1,"path":"/usr/share/lightning","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":true,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":"68.7.0","maxVersion":"68.*"}],"targetPlatforms":[],"signedState":-1,"seen":true,"dependencies":[],"incognito":"spanning","userPermissions":{"permissions":[],"origins":[]},"icons":{"32":"chrome/skin/common/icons/icon32.svg"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":false,"installTelemetryInfo":{"source":"app-global","method":"sideload"},"recommendationState":null,"rootURI":"file:///usr/share/lightning/","location":"app-global"},{"id":"default-theme@mozilla.org","syncGUID":"{b259b889-0289-4bde-bd9f-39c38849cb67}","version":"1.0","type":"theme","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Default","description":"A theme with the operating system color scheme.","creator":"Mozilla","developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588326789092,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"userPermissions":null,"icons":{"32":"icon.svg"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":false,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource://gre/modules/themes/default/","location":"app-builtin"},{"id":"thunderbird-compact-light@mozilla.org","syncGUID":"{a41dd97e-ac6d-42e0-856d-c3f492a6c9ce}","version":"1.0","type":"theme","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Light","description":"A theme with a light color scheme.","creator":"Mozilla","developers":null,"translators":null,"contributors":null},"visible":true,"active":false,"userDisabled":true,"appDisabled":false,"installDate":1588326789104,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"userPermissions":null,"icons":{"32":"icon.svg"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":false,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource:///modules/themes/light/","location":"app-builtin"},{"id":"thunderbird-compact-dark@mozilla.org","syncGUID":"{b198370e-f410-4fe6-8817-8e817a3e76d9}","version":"1.0","type":"theme","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Dark","description":"A theme with a dark color scheme.","creator":"Mozilla","developers":null,"translators":null,"contributors":null},"visible":true,"active":false,"userDisabled":true,"appDisabled":false,"installDate":1588326789120,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"userPermissions":null,"icons":{"32":"icon.svg"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":false,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource:///modules/themes/dark/","location":"app-builtin"},{"id":"google@search.mozilla.org","syncGUID":"{9e54fbc1-a9db-43b2-945f-70217194243d}","version":"1.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Google","description":"Google Search","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588326792772,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"incognito":"spanning","userPermissions":{"permissions":[],"origins":[]},"icons":{"16":"favicon.ico"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":true,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource://search-extensions/google/","location":"app-builtin"},{"id":"amazondotcom@search.mozilla.org","syncGUID":"{7e8c3b9d-110d-4978-ba4f-dfa0de7d32e9}","version":"1.1","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Amazon.com","description":"Amazon.com Search","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588326792850,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[{"name":"Amazon.com","description":"Amazon.com Search","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["en"]}],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"incognito":"spanning","userPermissions":{"permissions":[],"origins":[]},"icons":{"16":"favicon.ico"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":true,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource://search-extensions/amazondotcom/","location":"app-builtin"},{"id":"bing@search.mozilla.org","syncGUID":"{2a833de0-0a46-4a84-a52d-2b1f8058b204}","version":"1.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Bing","description":"Bing. Search by Microsoft.","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588326792885,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"incognito":"spanning","userPermissions":{"permissions":[],"origins":[]},"icons":{"16":"favicon.ico"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":true,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource://search-extensions/bing/","location":"app-builtin"},{"id":"ddg@search.mozilla.org","syncGUID":"{2eecc74d-abf0-4ac1-a708-2c48b314417e}","version":"1.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"DuckDuckGo","description":"Search DuckDuckGo","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588326792920,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"incognito":"spanning","userPermissions":{"permissions":[],"origins":[]},"icons":{"16":"favicon.ico"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":true,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource://search-extensions/ddg/","location":"app-builtin"},{"id":"twitter@search.mozilla.org","syncGUID":"{2df19143-c386-4f0d-8baa-de331b0ec81b}","version":"1.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Twitter","description":"Realtime Twitter Search","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588326793034,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[{"name":"Twitter","description":"Realtime Twitter Search","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["en"]},{"name":"Twitter","description":"リアルタイム Twitter 検索","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ja"]}],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"incognito":"spanning","userPermissions":{"permissions":[],"origins":[]},"icons":{"16":"favicon.ico"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":true,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource://search-extensions/twitter/","location":"app-builtin"},{"id":"wikipedia@search.mozilla.org","syncGUID":"{f907d80b-ca72-4211-b37b-6db91e264b76}","version":"1.0","type":"extension","loader":null,"updateURL":null,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Wikipedia (en)","description":"Wikipedia, the Free Encyclopedia","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"installDate":1588326793197,"updateDate":1586670041000,"applyBackgroundUpdates":1,"path":null,"skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[{"name":"Wikipedia (en)","description":"Wikipedia, the Free Encyclopedia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["en"]},{"name":"Wikipedia (fi)","description":"Wikipedia (fi), vapaa tietosanakirja","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["fi"]},{"name":"Wikipedia (hy)","description":"Վիքիփեդիա՝ ազատ հանրագիտարան","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["hy"]},{"name":"Уикипедия (kk)","description":"Уикипедия (kk)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["kk"]},{"name":"Вікіпедыя (be)","description":"Вікіпедыя, свабодная энцыклапедыя","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["be"]},{"name":"위키백과 (ko)","description":"Wikipedia, the free encyclopedia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["kr"]},{"name":"Wikipedia (ro)","description":"Wikipedia, enciclopedia liberă","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ro"]},{"name":"Wikipedia (bs)","description":"Slobodna enciklopedija","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["bs"]},{"name":"Wikipedia (pt)","description":"Wikipédia, a enciclopédia livre","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["pt"]},{"name":"Vikipetã (gn)","description":"Vikipetã, opaite tembikuaa hekosãsóva renda","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["gn"]},{"name":"વિકિપીડિયા (gu)","description":"વીકીપીડિયા, મુક્ત એનસાયક્લોપીડિયા","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["gu"]},{"name":"Wikipedia (el)","description":"Βικιπαίδεια, η ελεύθερη εγκυκλοπαίδεια","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["el"]},{"name":"Wikipedia (kab)","description":"Wikipedia, tasanayt tilellit","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["kab"]},{"name":"Wikipedia (es)","description":"Wikipedia, la enciclopedia libre","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["es"]},{"name":"Vicipéid (ga)","description":"Vicipéid, an Chiclipéid Shaor","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ga-IE"]},{"name":"ויקיפדיה","description":"ויקיפדיה","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["he"]},{"name":"Wikipedia (da)","description":"Wikipedia, den frie encyklopædi","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["da"]},{"name":"Wikipedia (tr)","description":"Vikipedi, özgür ansiklopedi","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["tr"]},{"name":"विकिपीडिया (ne)","description":"विकिपिडिया एक स्वतन्त्र विश्वकोष","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ne"]},{"name":"Wikipedia (nl)","description":"De vrije encyclopedie","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["nl"]},{"name":"Wikipedia (ja)","description":"Wikipedia - フリー百科事典","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ja"]},{"name":"Vikipeedia (et)","description":"Vikipeedia, vaba entsüklopeedia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["et"]},{"name":"Wikipèdia (oc)","description":"Wikipèdia, l'enciclopèdia liura","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["oc"]},{"name":"Wicipedia (cy)","description":"Wicipedia, Y Gwyddioniadur Rhydd","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["cy"]},{"name":"Vikipedeja (ltg)","description":"Vikipēdija, breivuo eņciklopedeja","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ltg"]},{"name":"వికీపీడియా (te)","description":"వికీపీడియా (te)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["te"]},{"name":"Wikipédia (fr)","description":"Wikipédia, l'encyclopédie libre","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["fr"]},{"name":"Wikipedia (tl)","description":"Wikipedia, ang malayang ensiklopedya","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["tl"]},{"name":"Wikipedija (dsb)","description":"Wikipedija, lichotna encyklopedija","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["dsb"]},{"name":"Uiquipedia (ast)","description":"La enciclopedia llibre","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ast"]},{"name":"វីគីភីឌា (km)","description":"វីគីភីឌា សព្វវចនាធិប្បាយសេរី","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["km"]},{"name":"Уикипедия (bg)","description":"Уикипедия, свободната енциклоподия","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["bg"]},{"name":"Wikipedia (id)","description":"Wikipedia, ensiklopedia bebas","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["id"]},{"name":"Wikipedia (pa)","description":"ਵਿਕਿਪੀਡਿਆ, ਮੁਫ਼ਤ/ਮੁਕਤ ਸ਼ਬਦਕੋਸ਼","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["pa"]},{"name":"উইকিপিডিয়া (bn)","description":"উইকিপিডিয়া, মুক্ত বিশ্বকোষ","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["bn"]},{"name":"Wikipedia (sv)","description":"Wikipedia, den fria encyklopedin","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["sv-SE"]},{"name":"Wikipedia (eu)","description":"Wikipedia, entziklopedia askea","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["eu"]},{"name":"Wikipedie (cs)","description":"Wikipedia, svobodná encyclopedie","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["cz"]},{"name":"Wikipédia (hu)","description":"Wikipedia, a szabad enciklopédia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["hu"]},{"name":"Wikipedia (or)","description":"ୱିକିପିଡ଼ିଆ (ଓଡ଼ିଆ)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["or"]},{"name":"Wikipedia (kn)","description":"Wikipedia, the free encyclopedia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["kn"]},{"name":"Wikipedia (is)","description":"Wikipedia, the free encyclopedia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["is"]},{"name":"Вікіпедія (uk)","description":"Вікіпедія, вільна енциклопедія","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["uk"]},{"name":"ویکیپیڈیا (ur)","description":"ویکیپیڈیا آزاد دائرۃ المعارف","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ur"]},{"name":"Vikipedio (eo)","description":"Vikipedio, la libera enciklopedio","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["eo"]},{"name":"Wikipedia (si)","description":"Wikipedia, the free encyclopedia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["si"]},{"name":"ويكيبيديا (ar)","description":"ويكيبيديا (ar)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ar"]},{"name":"Wikipedia (vi)","description":"Wikipedia, bách khoa toàn thư mở","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["vi"]},{"name":"ვიკიპედია (ka)","description":"ვიკიპედია, თავისუფალი ენციკლოპედია","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ka"]},{"name":"Wikipedy (fy)","description":"De fergese ensyklopedy","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["fy-NL"]},{"name":"Uicipeid (gd)","description":"Wikipedia, An leabhar mòr-eòlais","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["gd"]},{"name":"Wikipedia (it)","description":"Wikipedia, l'enciclopedia libera","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["it"]},{"name":"Vikipediya (uz)","description":"Vikipediya, ochiq ensiklopediya","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["uz"]},{"name":"Wikipedia (lt)","description":"Vikipedija, laisvoji enciklopedija","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["lt"]},{"name":"Wikipedia (sq)","description":"Wikipedia, enciklopedia e lirë","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["sq"]},{"name":"विकिपीडिया (hi)","description":"विकिपीडिया (हिन्दी)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["hi"]},{"name":"Wikipedia (as)","description":"ৱিকিপিডিয়া, এখন মুক্ত বিশ্বকোষ","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["as"]},{"name":"விக்கிப்பீடியா (ta)","description":"விக்கிப்பீடியா (ta)","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ta"]},{"name":"Vikipediya (az)","description":"Vikipediya, açıq ensiklopediya","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["az"]},{"name":"Википедија (mk)","description":"Википедија, слободната енциклопедија","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["mk"]},{"name":"วิกิพีเดีย","description":"วิกิพีเดีย สารานุกรมเสรี","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["th"]},{"name":"维基百科","description":"维基百科,自由的百科全书","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["zh-CN"]},{"name":"Wikipedia (de)","description":"Wikipedia, die freie Enzyklopädie","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["de"]},{"name":"विकिपीडिया (mr)","description":"विकिपीडिया, मोफत माहितीकोष","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["mr"]},{"name":"Wikipedia (my)","description":"အခမဲ့လွတ်လပ်စွယ်စုံကျမ်း","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["my"]},{"name":"Wikipedia (rm)","description":"Vichipedia, l'enciclopedia libra","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["rm"]},{"name":"Wikipedia (nn)","description":"Wikipedia, det frie oppslagsverket","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["NN"]},{"name":"Wikipedija (hsb)","description":"Wikipedija, swobodna encyklopedija","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["hsb"]},{"name":"Вікіпэдыя (be-tarask)","description":"Вікіпэдыя, вольная энцыкляпэдыя","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["be-tarask"]},{"name":"Wikipedia (wo)","description":"Wikipedia, Jimbulang bu Ubbeeku bi","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["wo"]},{"name":"Wikipedia (gl)","description":"Wikipedia, a enciclopedia libre","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["gl"]},{"name":"Viquipèdia (ca)","description":"L'enciclopèdia lliure","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ca"]},{"name":"Wikipédia (sk)","description":"Wikipédia, slobodná a otvorená encyklopédia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["sk"]},{"name":"Википедија (sr)","description":"Претрага Википедије на српском језику","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["sr"]},{"name":"Wikipedia (af)","description":"Wikipedia, die vrye ensiklopedie","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["af"]},{"name":"ویکیپدیا (fa)","description":"ویکیپدیا، دانشنامهٔ آزاد","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["fa"]},{"name":"വിക്കിപീഡിയ (ml)","description":"വിക്കിപീഡിയ, സ്വതന്ത്ര സര്വ്വവിജ്ഞാനകോശം ","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ml"]},{"name":"Wikipedia (ms)","description":"Wikipedia, ensiklopedia bebas","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ms"]},{"name":"Wikipedia (ia)","description":"Wikipedia, le encyclopedia libere","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ia"]},{"name":"Wikipedia (lij)","description":"Wikipedia, l'enciclopedia libera","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["lij"]},{"name":"Wikipedia (no)","description":"Wikipedia, den frie encyklopedi","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["NO"]},{"name":"Википедия (ru)","description":"Википедия, свободная энциклопедия","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["ru"]},{"name":"Wikipedia (br)","description":"Wikipedia, an holloueziadur digor","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["br"]},{"name":"Wikipedia (pl)","description":"Wikipedia, wolna encyklopedia","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["pl"]},{"name":"Wikipedia (zh)","description":"維基百科,自由的百科全書","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["zh-TW"]},{"name":"ວິກິພີເດຍ (lo)","description":"ວິກິພີເດຍ, ສາລານຸກົມເສລີ","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["lo"]},{"name":"Wikipedija (sl)","description":"Wikipedija, prosta enciklopedija","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["sl"]},{"name":"Vikipediya (crh)","description":"Vikipediya, Azat Entsiklopediya","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["crh"]},{"name":"Vikipēdija","description":"Vikipēdija, brīvā enciklopēdija","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["lv"]},{"name":"Biquipedia (an)","description":"A enciclopedia Libre","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["an"]},{"name":"Wikipedija (hr)","description":"Wikipedija, slobodna enciklopedija","creator":null,"developers":null,"translators":null,"contributors":null,"locales":["hr"]}],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"seen":true,"dependencies":[],"incognito":"spanning","userPermissions":{"permissions":[],"origins":[]},"icons":{"16":"favicon.ico"},"iconURL":null,"blocklistState":0,"blocklistURL":null,"startupData":null,"hidden":true,"installTelemetryInfo":null,"recommendationState":null,"rootURI":"resource://search-extensions/wikipedia/","location":"app-builtin"}]}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/favicons.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/favicons.sqlite
new file mode 100644
index 000000000..0cd01b789
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/favicons.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/folderTree.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/folderTree.json
new file mode 100644
index 000000000..0065aedff
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/folderTree.json
@@ -0,0 +1 @@
+{"all":["mailbox://nobody@Local%20Folders","mailbox://kali@localhost","mailbox://nobody@Local%20Folders/Unsent%20Messages","mailbox://nobody@Local%20Folders/Trash","mailbox://kali@localhost/Trash","mailbox://kali@localhost/Inbox"]}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/global-messages-db.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/global-messages-db.sqlite
new file mode 100644
index 000000000..f843ea385
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/global-messages-db.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/history.mab b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/history.mab
new file mode 100644
index 000000000..66723078c
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/history.mab
@@ -0,0 +1,27 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (B8=Notes)(B9=LastModifiedDate)(BA=RecordKey)(BB=AddrCharSet)
+ (BC=LastRecordKey)(BD=ns:addrbk:db:table:kind:pab)(BE=ListName)
+ (BF=ListNickName)(C0=ListDescription)(C1=ListTotalAddresses)
+ (C2=LowercaseListName)(C3=ns:addrbk:db:table:kind:deleted)
+ (80=ns:addrbk:db:row:scope:card:all)
+ (81=ns:addrbk:db:row:scope:list:all)
+ (82=ns:addrbk:db:row:scope:data:all)(83=UID)(84=FirstName)(85=LastName)
+ (86=PhoneticFirstName)(87=PhoneticLastName)(88=DisplayName)
+ (89=NickName)(8A=PrimaryEmail)(8B=LowercasePrimaryEmail)
+ (8C=SecondEmail)(8D=LowercaseSecondEmail)(8E=PreferMailFormat)
+ (8F=PopularityIndex)(90=WorkPhone)(91=HomePhone)(92=FaxNumber)
+ (93=PagerNumber)(94=CellularNumber)(95=WorkPhoneType)(96=HomePhoneType)
+ (97=FaxNumberType)(98=PagerNumberType)(99=CellularNumberType)
+ (9A=HomeAddress)(9B=HomeAddress2)(9C=HomeCity)(9D=HomeState)
+ (9E=HomeZipCode)(9F=HomeCountry)(A0=WorkAddress)(A1=WorkAddress2)
+ (A2=WorkCity)(A3=WorkState)(A4=WorkZipCode)(A5=WorkCountry)
+ (A6=JobTitle)(A7=Department)(A8=Company)(A9=_AimScreenName)
+ (AA=AnniversaryYear)(AB=AnniversaryMonth)(AC=AnniversaryDay)
+ (AD=SpouseName)(AE=FamilyName)(AF=WebPage1)(B0=WebPage2)(B1=BirthYear)
+ (B2=BirthMonth)(B3=BirthDay)(B4=Custom1)(B5=Custom2)(B6=Custom3)
+ (B7=Custom4)>
+
+<(80=0)>
+{1:^80 {(k^BD:c)(s=9)}
+ [1:^82(^BC=0)]}
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/key4.db b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/key4.db
new file mode 100644
index 000000000..0260c70b5
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/key4.db differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/mailViews.dat b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/mailViews.dat
new file mode 100644
index 000000000..810c8ae82
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/mailViews.dat
@@ -0,0 +1,22 @@
+version="9"
+logging="no"
+name="People I Know"
+enabled="yes"
+type="17"
+condition="AND (from,is in ab,moz-abmdbdirectory://abook.mab)"
+name="Recent Mail"
+enabled="yes"
+type="17"
+condition="AND (age in days,is less than,1)"
+name="Last 5 Days"
+enabled="yes"
+type="17"
+condition="AND (age in days,is less than,5)"
+name="Not Junk"
+enabled="yes"
+type="17"
+condition="AND (junk status,isn't,2)"
+name="Has Attachments"
+enabled="yes"
+type="17"
+condition="AND (has attachment status,is,true)"
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/panacea.dat b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/panacea.dat
new file mode 100644
index 000000000..4fbe63557
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/panacea.dat
@@ -0,0 +1,34 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (8A=charset)(8B=folderName)(8C=indexingPriority)(8D=LastPurgeTime)
+ (8E=useServerRetention)(8F=MRUTime)(80=ns:msg:db:row:scope:folders:all)
+ (81=ns:msg:db:table:kind:folders)(82=key)(83=flags)(84=totalMsgs)
+ (85=totalUnreadMsgs)(86=pendingUnreadMsgs)(87=pendingMsgs)
+ (88=expungedBytes)(89=folderSize)>
+
+<(80
+ =/home/kali/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Trash\
+.msf)(81=104)(82=0)(83=ffffffffffffffff)(84=ISO-8859-1)(85=Trash)(95=1)
+ (86
+ =/home/kali/.thunderbird/sbge8oh9.default-default/Mail/Local Folders/Unsen\
+t Messages.msf)(87=804)(89=Outbox)(8A
+ =/home/kali/.thunderbird/sbge8oh9.default-default/Mail/Local Folders)
+ (8B=1c)(8C=ffffffff)(8D=)(8E=Local Folders)(8F
+ =/home/kali/.thunderbird/sbge8oh9.default-default/Mail/localhost/Inbox.msf)
+ (9E=80001004)(9D=7)(A5=2)(9F=179b)(91=Inbox)(A0=1588327271)(92
+ =/home/kali/.thunderbird/sbge8oh9.default-default/Mail/localhost/Trash.msf)
+ (93=/home/kali/.thunderbird/sbge8oh9.default-default/Mail/localhost)
+ (94=kali@shaw54-AAA-47-auto-grading-example-client-2)>
+{1:^80 {(k^81:c)(s=9)}
+ [1(^82^80)(^83^81)(^84=0)(^85=0)(^86=0)(^87=0)(^88=0)(^89^83)(^8A^84)
+ (^8B^85)(^8E=1)]
+ [2(^82^86)(^83^87)(^84=0)(^85=0)(^86=0)(^87=0)(^88=0)(^89^83)(^8A^84)
+ (^8B^89)(^8E=1)]
+ [3(^82^8A)(^83=1c)(^84^8C)(^85^8C)(^86=0)(^87=0)(^88=0)(^89^83)(^8A=)
+ (^8B^8E)]
+ [4(^82^8F)(^83^9E)(^84=7)(^85=2)(^86=0)(^87=0)(^88=0)(^89^9F)(^8A^84)
+ (^8B^91)(^8E=1)(^8F^A0)]
+ [5(^82^92)(^83^81)(^84=0)(^85=0)(^86=0)(^87=0)(^88=0)(^89^83)(^8A^84)
+ (^8B^85)(^8E=1)]
+ [6(^82^93)(^83=1c)(^84^8C)(^85^8C)(^86=0)(^87=0)(^88=0)(^89^83)(^8A=)
+ (^8B^94)]}
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/permissions.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/permissions.sqlite
new file mode 100644
index 000000000..f24deec0e
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/permissions.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/pkcs11.txt b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/pkcs11.txt
new file mode 100644
index 000000000..61196c183
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/home/kali/.thunderbird/sbge8oh9.default-default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/places.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/places.sqlite
new file mode 100644
index 000000000..78f8bedd2
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/places.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/prefs.js b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/prefs.js
new file mode 100644
index 000000000..0ab3f2eff
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/prefs.js
@@ -0,0 +1,112 @@
+// Mozilla User Preferences
+
+// DO NOT EDIT THIS FILE.
+//
+// If you make changes to this file while the application is running,
+// the changes will be overwritten when the application exits.
+//
+// To change a preference value, you can either:
+// - modify it via the UI (e.g. via about:config in the browser); or
+// - set it within a user.js file in your profile.
+
+user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1588327059);
+user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1588327179);
+user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1588326819);
+user_pref("app.update.lastUpdateTime.services-settings-poll-changes", 1588326939);
+user_pref("app.update.lastUpdateTime.xpi-signature-verification", 0);
+user_pref("browser.cache.disk.amount_written", 0);
+user_pref("browser.cache.disk.capacity", 993280);
+user_pref("browser.cache.disk.filesystem_reported", 1);
+user_pref("calendar.list.sortOrder", "d93b0359-4417-4f6a-ad24-766b6322af76");
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.calendar-main-in-composite", true);
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.name", "Home");
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.type", "storage");
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.uri", "moz-storage-calendar://");
+user_pref("calendar.timezone.local", "Europe/London");
+user_pref("calendar.ui.version", 3);
+user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
+user_pref("extensions.blocklist.pingCountTotal", 2);
+user_pref("extensions.blocklist.pingCountVersion", 2);
+user_pref("extensions.databaseSchema", 31);
+user_pref("extensions.getAddons.cache.lastUpdate", 1588327059);
+user_pref("extensions.getAddons.databaseSchema", 5);
+user_pref("extensions.incognito.migrated", true);
+user_pref("extensions.lastAppBuildId", "20200407160932");
+user_pref("extensions.lastAppVersion", "68.7.0");
+user_pref("extensions.lastPlatformVersion", "68.7.0");
+user_pref("extensions.pendingOperations", false);
+user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
+user_pref("extensions.webextensions.uuids", "{\"{e2fda1a4-762b-4020-b5ad-a41df1933103}\":\"31cca3d0-4c59-4567-9821-ca66b189cc31\",\"default-theme@mozilla.org\":\"09e6935b-4928-4f17-81bf-48931daa2714\",\"google@search.mozilla.org\":\"91e883cc-ef50-44bb-b22e-c56c1ff9b418\",\"amazondotcom@search.mozilla.org\":\"6ce910cb-ac51-4754-a019-276ec2c86629\",\"bing@search.mozilla.org\":\"3255568c-e437-4d67-82ee-87040e6bd0d8\",\"ddg@search.mozilla.org\":\"4b5ffbd0-9b69-4570-b124-b38064900932\",\"twitter@search.mozilla.org\":\"515889e1-cd50-49fd-b459-c312a02f6edb\",\"wikipedia@search.mozilla.org\":\"fc9cf982-4b4b-4045-a607-940229776ac6\"}");
+user_pref("gfx.blacklist.layers.opengl", 4);
+user_pref("gfx.blacklist.layers.opengl.failureid", "FEATURE_FAILURE_SOFTWARE_GL");
+user_pref("mail.ab_remote_content.migrated", 1);
+user_pref("mail.account.account1.server", "server1");
+user_pref("mail.account.account2.identities", "id1");
+user_pref("mail.account.account2.server", "server2");
+user_pref("mail.account.lastKey", 2);
+user_pref("mail.accountmanager.accounts", "account1,account2");
+user_pref("mail.accountmanager.defaultaccount", "account2");
+user_pref("mail.accountmanager.localfoldersserver", "server1");
+user_pref("mail.append_preconfig_smtpservers.version", 2);
+user_pref("mail.default_charsets.migrated", 1);
+user_pref("mail.folder.views.version", 1);
+user_pref("mail.identity.id1.archive_folder", "mailbox://kali@localhost/Archives");
+user_pref("mail.identity.id1.doBcc", false);
+user_pref("mail.identity.id1.draft_folder", "mailbox://kali@localhost/Drafts");
+user_pref("mail.identity.id1.drafts_folder_picker_mode", "0");
+user_pref("mail.identity.id1.fcc_folder", "mailbox://kali@localhost/Sent");
+user_pref("mail.identity.id1.fcc_folder_picker_mode", "0");
+user_pref("mail.identity.id1.fullName", "kali");
+user_pref("mail.identity.id1.stationery_folder", "mailbox://kali@localhost/Templates");
+user_pref("mail.identity.id1.tmpl_folder_picker_mode", "0");
+user_pref("mail.identity.id1.useremail", "kali@shaw54-AAA-47-auto-grading-example-client-2");
+user_pref("mail.identity.id1.valid", true);
+user_pref("mail.openMessageBehavior.version", 1);
+user_pref("mail.rights.version", 1);
+user_pref("mail.root.movemail", "/home/kali/.thunderbird/sbge8oh9.default-default/Mail");
+user_pref("mail.root.movemail-rel", "[ProfD]Mail");
+user_pref("mail.root.none", "/home/kali/.thunderbird/sbge8oh9.default-default/Mail");
+user_pref("mail.root.none-rel", "[ProfD]Mail");
+user_pref("mail.server.server1.directory", "/home/kali/.thunderbird/sbge8oh9.default-default/Mail/Local Folders");
+user_pref("mail.server.server1.directory-rel", "[ProfD]Mail/Local Folders");
+user_pref("mail.server.server1.hostname", "Local Folders");
+user_pref("mail.server.server1.name", "Local Folders");
+user_pref("mail.server.server1.nextFilterTime", 10);
+user_pref("mail.server.server1.spamActionTargetAccount", "mailbox://nobody@Local%20Folders");
+user_pref("mail.server.server1.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");
+user_pref("mail.server.server1.type", "none");
+user_pref("mail.server.server1.userName", "nobody");
+user_pref("mail.server.server2.directory", "/home/kali/.thunderbird/sbge8oh9.default-default/Mail/localhost");
+user_pref("mail.server.server2.directory-rel", "[ProfD]Mail/localhost");
+user_pref("mail.server.server2.download_on_biff", true);
+user_pref("mail.server.server2.hostname", "localhost");
+user_pref("mail.server.server2.login_at_startup", true);
+user_pref("mail.server.server2.name", "kali@shaw54-AAA-47-auto-grading-example-client-2");
+user_pref("mail.server.server2.nextFilterTime", 10);
+user_pref("mail.server.server2.spamActionTargetAccount", "mailbox://kali@localhost");
+user_pref("mail.server.server2.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");
+user_pref("mail.server.server2.type", "movemail");
+user_pref("mail.server.server2.userName", "kali");
+user_pref("mail.spam.version", 1);
+user_pref("mail.startup.enabledMailCheckOnce", true);
+user_pref("mail.ui-rdf.version", 17);
+user_pref("mailnews.database.global.datastore.id", "21b6799e-d458-45d5-91be-5e61ad3c384");
+user_pref("mailnews.quotingPrefs.version", 1);
+user_pref("mailnews.start_page_override.mstone", "68.7.0");
+user_pref("mailnews.tags.$label1.color", "#FF0000");
+user_pref("mailnews.tags.$label1.tag", "Important");
+user_pref("mailnews.tags.$label2.color", "#FF9900");
+user_pref("mailnews.tags.$label2.tag", "Work");
+user_pref("mailnews.tags.$label3.color", "#009900");
+user_pref("mailnews.tags.$label3.tag", "Personal");
+user_pref("mailnews.tags.$label4.color", "#3333FF");
+user_pref("mailnews.tags.$label4.tag", "To Do");
+user_pref("mailnews.tags.$label5.color", "#993399");
+user_pref("mailnews.tags.$label5.tag", "Later");
+user_pref("mailnews.tags.version", 2);
+user_pref("media.gmp.storage.version.observed", 1);
+user_pref("places.history.expiration.transient_current_max_pages", 80782);
+user_pref("security.sandbox.plugin.tempDirSuffix", "98a6f409-75f9-4ae6-857b-2bafb91635fc");
+user_pref("signon.importedFromSqlite", true);
+user_pref("toolkit.telemetry.cachedClientID", "b5e4d57d-da1e-4202-8d26-ad1c9f1b6cb1");
+user_pref("toolkit.telemetry.prompted", 2);
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/search.json.mozlz4 b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/search.json.mozlz4
new file mode 100644
index 000000000..0ef59c81a
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/search.json.mozlz4 differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/session.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/session.json
new file mode 100644
index 000000000..7d779d7a1
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/session.json
@@ -0,0 +1 @@
+{"rev":0,"windows":[{"type":"3pane","tabs":{"rev":0,"selectedIndex":0,"tabs":[{"mode":"folder","state":{"folderURI":"mailbox://kali@localhost/Inbox","folderPaneVisible":true,"messagePaneVisible":true,"firstTab":true},"ext":{"quickFilter":{"filterValues":{"text":{"text":null,"states":{"sender":true,"recipients":true,"subject":true}}},"visible":true}}}]}}]}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/sessionCheckpoints.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/sessionCheckpoints.json
new file mode 100644
index 000000000..5d0282f08
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/sessionCheckpoints.json
@@ -0,0 +1 @@
+{"profile-after-change":true,"final-ui-startup":true,"quit-application-granted":true,"quit-application":true,"profile-change-net-teardown":true,"profile-change-teardown":true,"profile-before-change":true}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage.sdb b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage.sdb
new file mode 100644
index 000000000..e4461c4e7
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage.sdb differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage.sqlite
new file mode 100644
index 000000000..0ef880275
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage/permanent/chrome/.metadata-v2 b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage/permanent/chrome/.metadata-v2
new file mode 100644
index 000000000..8b6c76761
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage/permanent/chrome/.metadata-v2 differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
new file mode 100644
index 000000000..bd2a62d23
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/times.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/times.json
new file mode 100644
index 000000000..fce8a4464
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/times.json
@@ -0,0 +1,4 @@
+{
+"created": 1588326786677,
+"firstUse": null
+}
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/virtualFolders.dat b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/virtualFolders.dat
new file mode 100644
index 000000000..03770cf28
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/virtualFolders.dat
@@ -0,0 +1 @@
+version=1
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/webappsstore.sqlite b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/webappsstore.sqlite
new file mode 100644
index 000000000..6ea66fb24
Binary files /dev/null and b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/webappsstore.sqlite differ
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/xulstore.json b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/xulstore.json
new file mode 100644
index 000000000..162709350
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/files/.thunderbird/sbge8oh9.default-default/xulstore.json
@@ -0,0 +1 @@
+{"chrome://messenger/content/messenger.xul":{"mail-toolbar-menubar2":{"autohide":"true"},"qfb-boolean-mode":{"value":"OR"},"unifinder-search-results-tree-col-title":{"ordinal":"1"},"unifinder-search-results-tree-col-startdate":{"ordinal":"3"},"unifinder-search-results-tree-col-enddate":{"ordinal":"5"},"unifinder-search-results-tree-col-categories":{"ordinal":"7"},"unifinder-search-results-tree-col-location":{"ordinal":"9"},"unifinder-search-results-tree-col-status":{"ordinal":"11"},"unifinder-search-results-tree-col-calendarname":{"ordinal":"13"},"today-minimonth-box":{"collapsed":"true"},"today-none-box":{"collapsed":"true"},"today-pane-splitter":{"hidden":"true"},"today-pane-panel":{"modewidths":"200,200,200","collapsedinmodes":"mail","width":"200"},"messengerWindow":{"sizemode":"normal","screenX":"-10","screenY":"87","width":"1024","height":"648"},"view-deck":{"selectedIndex":"1"},"calendar-task-tree":{"widths":"0 0 0 0 0 0 0 0 0 0 0 0","ordinals":"0 3 5 7 9 11 13 15 17 19 21 23"},"unifinder-todo-tree":{"widths":"0 0 0 0 0 0 0 0 0 0 0 0","ordinals":"0 3 5 7 9 11 13 15 17 19 21 23"},"header-view-toolbox":{"mode":"full","iconsize":"small","labelalign":"end"},"header-view-toolbar":{"iconsize":"small"},"attachment-view-toolbox":{"mode":"","iconsize":"","labelalign":""},"attachment-view-toolbar":{"iconsize":""},"locationCol":{"hidden":"true"},"dateCol":{"sortDirection":"ascending"},"todo-tab-panel":{"collapsed":"true"}},"chrome://messenger/content/AccountManager.xul":{"accountManager":{"screenX":"39","screenY":"0","width":"945","height":"704"}},"chrome://messenger/content/messengercompose/messengercompose.xul":{"msgcomposeWindow":{"screenX":"154","screenY":"31","width":"860","height":"704","sizemode":"normal"}}}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/files/profiles.ini b/modules/utilities/unix/email_clients/thunderbird/files/profiles.ini
deleted file mode 100644
index d4cb5d0e7..000000000
--- a/modules/utilities/unix/email_clients/thunderbird/files/profiles.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[General]
-StartWithLastProfile=1
-
-[Profile0]
-Name=default
-IsRelative=1
-Path=user.default
-Default=1
-
diff --git a/modules/utilities/unix/email_clients/thunderbird/manifests/config.pp b/modules/utilities/unix/email_clients/thunderbird/manifests/config.pp
deleted file mode 100644
index d50be14d9..000000000
--- a/modules/utilities/unix/email_clients/thunderbird/manifests/config.pp
+++ /dev/null
@@ -1,52 +0,0 @@
-class thunderbird::config {
- $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
- $accounts = $secgen_params['accounts']
- $autostart = str2bool($secgen_params['autostart'][0])
- $start_page = $secgen_params['start_page'][0]
-
- # Setup TB for each user account
- unless $accounts == undef {
- $accounts.each |$raw_account| {
- $account = parsejson($raw_account)
- $username = $account['username']
-
- # add user profile
- file { ["/home/$username/", "/home/$username/.thunderbird/",
- "/home/$username/.thunderbird/user.default"]:
- ensure => directory,
- owner => $username,
- group => $username,
- } ->
- file { "/home/$username/thunderbird/profiles.ini":
- ensure => file,
- source => 'puppet:///modules/thunderbird/profiles.ini',
- owner => $username,
- group => $username,
- } ->
-
- # set accounts via template:
- file { "/home/$username/.thunderbird/user.default/user.js":
- ensure => file,
- content => template('thunderbird/user.js.erb'),
- owner => $username,
- group => $username,
- }
-
- # autostart script
- if $autostart {
- file { ["/home/$username/.config/", "/home/$username/.config/autostart/"]:
- ensure => directory,
- owner => $username,
- group => $username,
- }
-
- file { "/home/$username/.config/autostart/thunderbird.desktop":
- ensure => file,
- source => 'puppet:///modules/thunderbird/thunderbird.desktop',
- owner => $username,
- group => $username,
- }
- }
- }
- }
-}
diff --git a/modules/utilities/unix/email_clients/thunderbird/manifests/configure.pp b/modules/utilities/unix/email_clients/thunderbird/manifests/configure.pp
new file mode 100644
index 000000000..a61596ad7
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/manifests/configure.pp
@@ -0,0 +1,110 @@
+class thunderbird::configure {
+ $secgen_params = secgen_functions::get_parameters($::base64_inputs_file)
+ $accounts = $secgen_params['accounts']
+ $autostart = str2bool($secgen_params['autostart'][0])
+ $start_page = $secgen_params['start_page'][0]
+
+ # Setup TB for each user account
+ unless $accounts == undef {
+ $accounts.each |$raw_account| {
+ $account = parsejson($raw_account)
+ $username = $account['username']
+ unless $username == 'root' {
+ notice("configuring thunderbird for username: $username")
+ $user_id = inline_template("<%= require 'securerandom'; SecureRandom.alphanumeric(8) -%>")
+ notice("generated user_id: $user_id")
+
+
+ # add user profile
+ file { "/home/$username/.thunderbird/":
+ ensure => directory,
+ recurse => true,
+ mode => '0600',
+ owner => $username,
+ group => $username,
+ source => 'puppet:///modules/thunderbird/.thunderbird',
+ } ->
+
+ exec { 'set directory userid':
+ command => "/bin/mv /home/$username/.thunderbird/sbge8oh9.default-default /home/$username/.thunderbird/$user_id.default-default"
+ }
+
+ file { "/home/$username/.thunderbird/$user_id.default-default/Mail/localhost/Inbox.msf":
+ ensure => directory,
+ recurse => true,
+ mode => '0600',
+ owner => $username,
+ group => $username,
+ content => template('thunderbird/user.default-default/Mail/localhost/Inbox.msf.erb'),
+ require => Exec['set directory userid']
+ }
+
+ file { "/home/$username/.thunderbird/$user_id.default-default/folderTree.json":
+ ensure => directory,
+ recurse => true,
+ mode => '0600',
+ owner => $username,
+ group => $username,
+ content => template('thunderbird/user.default-default/folderTree.json.erb'),
+ require => Exec['set directory userid']
+ }
+
+ file { "/home/$username/.thunderbird/$user_id.default-default/panacea.dat":
+ ensure => directory,
+ recurse => true,
+ mode => '0600',
+ owner => $username,
+ group => $username,
+ content => template('thunderbird/user.default-default/panacea.dat.erb'),
+ require => Exec['set directory userid']
+ }
+
+ file { "/home/$username/.thunderbird/$user_id.default-default/pkcs11.txt":
+ ensure => directory,
+ recurse => true,
+ mode => '0600',
+ owner => $username,
+ group => $username,
+ content => template('thunderbird/user.default-default/pkcs11.txt.erb'),
+ require => Exec['set directory userid']
+ }
+
+ file { "/home/$username/.thunderbird/$user_id.default-default/prefs.js":
+ ensure => directory,
+ recurse => true,
+ mode => '0600',
+ owner => $username,
+ group => $username,
+ content => template('thunderbird/user.default-default/prefs.js.erb'),
+ require => Exec['set directory userid']
+ }
+
+ file { "/home/$username/.thunderbird/$user_id.default-default/session.json":
+ ensure => directory,
+ recurse => true,
+ mode => '0600',
+ owner => $username,
+ group => $username,
+ content => template('thunderbird/user.default-default/session.json.erb'),
+ require => Exec['set directory userid']
+ }
+
+ # autostart script
+ if $autostart {
+ file { ["/home/$username/.config/", "/home/$username/.config/autostart/"]:
+ ensure => directory,
+ owner => $username,
+ group => $username,
+ }
+
+ file { "/home/$username/.config/autostart/thunderbird.desktop":
+ ensure => file,
+ source => 'puppet:///modules/thunderbird/thunderbird.desktop',
+ owner => $username,
+ group => $username,
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/modules/utilities/unix/email_clients/thunderbird/manifests/install.pp b/modules/utilities/unix/email_clients/thunderbird/manifests/install.pp
index 3b4d4e2ef..ceb1f9281 100644
--- a/modules/utilities/unix/email_clients/thunderbird/manifests/install.pp
+++ b/modules/utilities/unix/email_clients/thunderbird/manifests/install.pp
@@ -1,4 +1,6 @@
class thunderbird::install{
+ ensure_packages(['mailutils', 'libnotify-bin', 'notify-osd'])
+
package { 'thunderbird':
ensure => 'installed',
}
diff --git a/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml b/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml
index 0ec6d8ecb..e7a5d8f74 100644
--- a/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml
+++ b/modules/utilities/unix/email_clients/thunderbird/secgen_metadata.xml
@@ -19,7 +19,7 @@
start_page
- true
+ false
@@ -30,6 +30,6 @@
update
- desktop_environment
+ .*/xfce4_term_w_records
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/profiles.ini.erb b/modules/utilities/unix/email_clients/thunderbird/templates/profiles.ini.erb
new file mode 100644
index 000000000..1f50d109f
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/templates/profiles.ini.erb
@@ -0,0 +1,19 @@
+[Profile1]
+Name=default
+IsRelative=1
+Path=628w126i.default
+Default=1
+
+[InstallFDC34C9F024745EB]
+Default=<% @user_id -%>>.default-default
+Locked=1
+
+[Profile0]
+Name=default-default
+IsRelative=1
+Path=<% @user_id -%>.default-default
+
+[General]
+StartWithLastProfile=1
+Version=2
+
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/Mail/localhost/Inbox.msf.erb b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/Mail/localhost/Inbox.msf.erb
new file mode 100644
index 000000000..df608042b
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/Mail/localhost/Inbox.msf.erb
@@ -0,0 +1,177 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (B8=applyToFlaggedMessages)(B9=useServerRetention)(BA=storeToken)
+ (BB=dateReceived)(BC=ProtoThreadFlags)(BD=MRUTime)(BE=sortType)
+ (BF=sortOrder)(C0=viewFlags)(C1=viewType)(C2=columnStates)
+ (C3=sortColumns)(C4=customSortCol)(C5=keywords)(C6=imageSize)
+ (C7=junkscore)(C8=recipient_names)(80=ns:msg:db:row:scope:msgs:all)
+ (81=subject)(82=sender)(83=message-id)(84=references)(85=recipients)
+ (86=date)(87=size)(88=flags)(89=priority)(8A=label)(8B=statusOfset)
+ (8C=numLines)(8D=ccList)(8E=bccList)(8F=msgThreadId)(90=threadId)
+ (91=threadFlags)(92=threadNewestMsgDate)(93=children)
+ (94=unreadChildren)(95=threadSubject)(96=msgCharSet)
+ (97=ns:msg:db:table:kind:msgs)(98=ns:msg:db:table:kind:thread)
+ (99=ns:msg:db:table:kind:allthreads)
+ (9A=ns:msg:db:row:scope:threads:all)(9B=threadParent)(9C=threadRoot)
+ (9D=msgOffset)(9E=offlineMsgSize)
+ (9F=ns:msg:db:row:scope:dbfolderinfo:all)
+ (A0=ns:msg:db:table:kind:dbfolderinfo)(A1=numMsgs)(A2=numNewMsgs)
+ (A3=folderSize)(A4=expungedBytes)(A5=folderDate)(A6=highWaterKey)
+ (A7=mailboxName)(A8=UIDValidity)(A9=totPendingMsgs)
+ (AA=unreadPendingMsgs)(AB=expiredMark)(AC=version)(AD=forceReparse)
+ (AE=fixedBadRefThreading)(AF=folderName)(B0=charSetOverride)
+ (B1=charSet)(B2=retainBy)(B3=daysToKeepHdrs)(B4=numHdrsToKeep)
+ (B5=daysToKeepBodies)(B6=useServerDefaults)(B7=cleanupBodies)>
+<(80=1)(8E=fffffffe)(8B=5eabf2f1)(81=0)>
+[1:m(^9C=1)(^90^8E)(^92^8B)(^91=0)(^93=1)(^94=1)]
+<(94=2)(93=5eabf307)>[2:m(^9C=2)(^90=2)(^92^93)(^91=0)(^93=1)(^94=1)]
+<(9B=3)(99=5eabf32b)>[3:m(^9C=3)(^90=3)(^92^99)(^91=0)(^93=1)(^94=1)]
+<(85=4)>[4:m(^9C=4)(^90=4)(^92^99)(^91=0)(^93=1)(^94=1)]
+<(A4=5)>[5:m(^9C=5)(^90=5)(^92^99)(^91=0)(^93=1)(^94=1)]
+<(A9=6)(A8=5eabf330)>[6:m(^9C=6)(^90=6)(^92^A8)(^91=0)(^93=1)(^94=1)]
+<(AE=7)(AD=5eabf334)>[7:m(^9C=7)(^90=7)(^92^AD)(^91=0)(^93=1)(^94=1)]
+
+<(86=4f)(87=<% @username + '@' + @hostname -%>)(88
+ =<<% @username + '@' + @hostname -%>>)(89=test)(8A
+ =E1jUSRt-0000cM-V7@<% @hostname -%>-2)
+ (8C=34f)(8D=ffffffff)(B7
+ =0|<% @username + '@' + @hostname -%>)(90=350)(91=848)
+ (92=E1jUSSF-0000cU-Ae@<% @hostname -%>)
+ (95=6a1)(97=1697)(98
+ =E1jUSSp-0000ce-04@<% @hostname -%>)
+ (9A=37c)(9D=a1e)(9E=2590)(9F
+ =E1jUSSp-0000cl-BK@<% @hostname -%>)
+ (A0=363)(A1=d82)(A2=3458)(A3
+ =E1jUSSp-0000cs-IA@<% @hostname -%>)
+ (A5=10e6)(A6=4326)(A7
+ =E1jUSSu-0000d0-FI@<% @hostname -%>)
+ (AA=144a)(AB=5194)(AC
+ =E1jUSSy-0000d8-V8@<% @hostname -%>)>
+{1:^80 {(k^97:c)(s=9)}
+ [1(^9D=0)(^BA=0)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^8A)(^BB^8B)(^86^8B)(^87^8C)(^8C=4)(^9B^8D)(^8F^8E)(^BC=0)(^C8^B7)]
+ [2(^9D^90)(^BA^91)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^92)(^BB^93)(^86^93)(^87^90)(^8C=1)(^9B^8D)(^8F=2)(^BC=0)(^C8^B7)]
+ [3(^9D^95)(^BA^97)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^98)(^BB^99)(^86^99)(^87^9A)(^8C=1)(^9B^8D)(^8F=3)(^BC=0)(^C8^B7)]
+ [4(^9D^9D)(^BA^9E)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^9F)(^BB^99)(^86^99)(^87^A0)(^8C=1)(^9B^8D)(^8F=4)(^BC=0)(^C8^B7)]
+ [5(^9D^A1)(^BA^A2)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^A3)(^BB^99)(^86^99)(^87^A0)(^8C=1)(^9B^8D)(^8F=5)(^BC=0)(^C8^B7)]
+ [6(^9D^A5)(^BA^A6)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^A7)(^BB^A8)(^86^A8)(^87^A0)(^8C=1)(^9B^8D)(^8F=6)(^BC=0)(^C8^B7)]
+ [7(^9D^AA)(^BA^AB)(^88=0)(^89=4)(^8A=0)(^8B=4f)(^82^87)(^85^88)(^81^89)
+ (^83^AC)(^BB^AD)(^86^AD)(^87^90)(^8C=1)(^9B^8D)(^8F=7)(^BC=0)(^C8^B7)]}
+{FFFFFFFE:^80 {(k^98:c)(s=9)1:m } 1 }
+{2:^80 {(k^98:c)(s=9)2:m } 2 }
+{3:^80 {(k^98:c)(s=9)3:m } 3 }
+{4:^80 {(k^98:c)(s=9)4:m } 4 }
+{5:^80 {(k^98:c)(s=9)5:m } 5 }
+{6:^80 {(k^98:c)(s=9)6:m } 6 }
+{7:^80 {(k^98:c)(s=9)7:m } 7 }
+{FFFFFFFD:^9A {(k^99:c)(s=9)} [FFFFFFFE(^95^89)]
+ [2(^95^89)]
+ [3(^95^89)]
+ [4(^95^89)]
+ [5(^95^89)]
+ [6(^95^89)]
+ [7(^95^89)]}
+
+<(B1=80001004)(83=Inbox)(AF=179b)(B0=5eabf336)(B2=1588327271)(B3=12)
+ (B4=)(B6
+ ={"threadCol":{"visible":true,"ordinal":""},"flaggedCol":{"visible":true,"\
+ordinal":""},"attachmentCol":{"visible":true,"ordinal":""},"subjectCol":{"visi\
+ble":true,"ordinal":""},"unreadButtonColHeader":{"visible":true,"ordinal":""},\
+"senderCol":{"visible":false,"ordinal":""},"recipientCol":{"visible":false,"or\
+dinal":""},"correspondentCol":{"visible":true,"ordinal":""},"junkStatusCol":{"\
+visible":true,"ordinal":""},"receivedCol":{"visible":false,"ordinal":""},"date\
+Col":{"visible":true,"ordinal":""},"statusCol":{"visible":false,"ordinal":""},\
+"sizeCol":{"visible":false,"ordinal":""},"tagsCol":{"visible":false,"ordinal":\
+""},"accountCol":{"visible":false,"ordinal":""},"priorityCol":{"visible":false\
+,"ordinal":""},"unreadCol":{"visible":false,"ordinal":""},"totalCol":{"visible\
+":false,"ordinal":""},"locationCol":{"visible":false,"ordinal":""},"idCol":{"v\
+isible":false,"ordinal":""}})>
+{1:^9F {(k^A0:c)(s=9)}
+ [1(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)(^A5^B0)(^B9=1)(^A1=7)
+ (^A2=7)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)(^C1=0)(^C3=)(^C2^B6)]}
+
+@$${11{@
+< <(a=c)> // (f=iso-8859-1)
+ (C9=gloda-id)(CA=gloda-dirty)>
+[1:m(^94=0)]
+[1:^80(^88=1)]
+<(B8=5eabf36a)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^B8)(^B9=1)(^A1=7)(^A2=6)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}11}@
+
+@$${12{@
+< <(a=c)> // (f=iso-8859-1)
+ (CB=notAPhishMessage)>
+@$$}12}@
+
+@$${13{@
+@$$}13}@
+
+@$${14{@
+[3:m(^94=0)]
+[3:^80(^88=1)]
+<(B9=5eabf36c)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^B9)(^B9=1)(^A1=7)(^A2=5)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}14}@
+
+@$${15{@
+@$$}15}@
+
+@$${16{@
+@$$}16}@
+
+@$${17{@
+[5:m(^94=0)]
+[5:^80(^88=1)]
+[1:^9F(^A2=4)]
+@$$}17}@
+
+@$${18{@
+@$$}18}@
+
+@$${19{@
+@$$}19}@
+
+@$${1A{@
+[6:m(^94=0)]
+[6:^80(^88=1)]
+<(BA=5eabf36e)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^BA)(^B9=1)(^A1=7)(^A2=3)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}1A}@
+
+@$${1B{@
+@$$}1B}@
+
+@$${1C{@
+@$$}1C}@
+
+@$${1D{@
+[2:m(^94=0)]
+[2:^80(^88=1)]
+<(BB=5eabf36f)>[-1:^9F(^AC=1)(^AD=0)(^AE=1)(^88^B1)(^A7^83)(^A3^AF)
+ (^A5^BB)(^B9=1)(^A1=7)(^A2=2)(^A6=7)(^BD^B2)(^BE=12)(^BF=1)(^C0=0)
+ (^C1=0)(^C3=)(^C2^B6)]
+@$$}1D}@
+
+@$${1E{@
+@$$}1E}@
+
+@$${1F{@
+@$$}1F}@
+
+@$${20{@
+@$$}20}@
+
+@$${21{@
+@$$}21}@
+
+@$${22{@
+@$$}22}@
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/folderTree.json.erb b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/folderTree.json.erb
new file mode 100644
index 000000000..1ffc37a43
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/folderTree.json.erb
@@ -0,0 +1 @@
+{"all":["mailbox://nobody@Local%20Folders","mailbox://<% @username -%>@localhost","mailbox://nobody@Local%20Folders/Unsent%20Messages","mailbox://nobody@Local%20Folders/Trash","mailbox://<% @username -%>@localhost/Trash","mailbox://<% @username -%>@localhost/Inbox"]}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/panacea.dat.erb b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/panacea.dat.erb
new file mode 100644
index 000000000..5a76479bb
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/panacea.dat.erb
@@ -0,0 +1,34 @@
+//
+< <(a=c)> // (f=iso-8859-1)
+ (8A=charset)(8B=folderName)(8C=indexingPriority)(8D=LastPurgeTime)
+ (8E=useServerRetention)(8F=MRUTime)(80=ns:msg:db:row:scope:folders:all)
+ (81=ns:msg:db:table:kind:folders)(82=key)(83=flags)(84=totalMsgs)
+ (85=totalUnreadMsgs)(86=pendingUnreadMsgs)(87=pendingMsgs)
+ (88=expungedBytes)(89=folderSize)>
+
+<(80
+ =/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/Local Folders/Trash\
+.msf)(81=104)(82=0)(83=ffffffffffffffff)(84=ISO-8859-1)(85=Trash)(95=1)
+ (86
+ =/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/Local Folders/Unsen\
+t Messages.msf)(87=804)(89=Outbox)(8A
+ =/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/Local Folders)
+ (8B=1c)(8C=ffffffff)(8D=)(8E=Local Folders)(8F
+ =/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/localhost/Inbox.msf)
+ (9E=80001004)(9D=7)(A5=2)(9F=179b)(91=Inbox)(A0=1588327271)(92
+ =/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/localhost/Trash.msf)
+ (93=/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/localhost)
+ (94=<% @username -%>@<% @hostname -%>-2)>
+{1:^80 {(k^81:c)(s=9)}
+ [1(^82^80)(^83^81)(^84=0)(^85=0)(^86=0)(^87=0)(^88=0)(^89^83)(^8A^84)
+ (^8B^85)(^8E=1)]
+ [2(^82^86)(^83^87)(^84=0)(^85=0)(^86=0)(^87=0)(^88=0)(^89^83)(^8A^84)
+ (^8B^89)(^8E=1)]
+ [3(^82^8A)(^83=1c)(^84^8C)(^85^8C)(^86=0)(^87=0)(^88=0)(^89^83)(^8A=)
+ (^8B^8E)]
+ [4(^82^8F)(^83^9E)(^84=7)(^85=2)(^86=0)(^87=0)(^88=0)(^89^9F)(^8A^84)
+ (^8B^91)(^8E=1)(^8F^A0)]
+ [5(^82^92)(^83^81)(^84=0)(^85=0)(^86=0)(^87=0)(^88=0)(^89^83)(^8A^84)
+ (^8B^85)(^8E=1)]
+ [6(^82^93)(^83=1c)(^84^8C)(^85^8C)(^86=0)(^87=0)(^88=0)(^89^83)(^8A=)
+ (^8B^94)]}
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/pkcs11.txt.erb b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/pkcs11.txt.erb
new file mode 100644
index 000000000..e1e106033
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/pkcs11.txt.erb
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default' certPrefix='' keyPrefix='' secmod='secmod.db' flags=optimizeSpace updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/prefs.js.erb b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/prefs.js.erb
new file mode 100644
index 000000000..b6f09b958
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/prefs.js.erb
@@ -0,0 +1,112 @@
+// Mozilla User Preferences
+
+// DO NOT EDIT THIS FILE.
+//
+// If you make changes to this file while the application is running,
+// the changes will be overwritten when the application exits.
+//
+// To change a preference value, you can either:
+// - modify it via the UI (e.g. via about:config in the browser); or
+// - set it within a user.js file in your profile.
+
+user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1588327059);
+user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1588327179);
+user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1588326819);
+user_pref("app.update.lastUpdateTime.services-settings-poll-changes", 1588326939);
+user_pref("app.update.lastUpdateTime.xpi-signature-verification", 0);
+user_pref("browser.cache.disk.amount_written", 0);
+user_pref("browser.cache.disk.capacity", 993280);
+user_pref("browser.cache.disk.filesystem_reported", 1);
+user_pref("calendar.list.sortOrder", "d93b0359-4417-4f6a-ad24-766b6322af76");
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.calendar-main-in-composite", true);
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.name", "Home");
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.type", "storage");
+user_pref("calendar.registry.d93b0359-4417-4f6a-ad24-766b6322af76.uri", "moz-storage-calendar://");
+user_pref("calendar.timezone.local", "Europe/London");
+user_pref("calendar.ui.version", 3);
+user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
+user_pref("extensions.blocklist.pingCountTotal", 2);
+user_pref("extensions.blocklist.pingCountVersion", 2);
+user_pref("extensions.databaseSchema", 31);
+user_pref("extensions.getAddons.cache.lastUpdate", 1588327059);
+user_pref("extensions.getAddons.databaseSchema", 5);
+user_pref("extensions.incognito.migrated", true);
+user_pref("extensions.lastAppBuildId", "20200407160932");
+user_pref("extensions.lastAppVersion", "68.7.0");
+user_pref("extensions.lastPlatformVersion", "68.7.0");
+user_pref("extensions.pendingOperations", false);
+user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
+user_pref("extensions.webextensions.uuids", "{\"{e2fda1a4-762b-4020-b5ad-a41df1933103}\":\"31cca3d0-4c59-4567-9821-ca66b189cc31\",\"default-theme@mozilla.org\":\"09e6935b-4928-4f17-81bf-48931daa2714\",\"google@search.mozilla.org\":\"91e883cc-ef50-44bb-b22e-c56c1ff9b418\",\"amazondotcom@search.mozilla.org\":\"6ce910cb-ac51-4754-a019-276ec2c86629\",\"bing@search.mozilla.org\":\"3255568c-e437-4d67-82ee-87040e6bd0d8\",\"ddg@search.mozilla.org\":\"4b5ffbd0-9b69-4570-b124-b38064900932\",\"twitter@search.mozilla.org\":\"515889e1-cd50-49fd-b459-c312a02f6edb\",\"wikipedia@search.mozilla.org\":\"fc9cf982-4b4b-4045-a607-940229776ac6\"}");
+user_pref("gfx.blacklist.layers.opengl", 4);
+user_pref("gfx.blacklist.layers.opengl.failureid", "FEATURE_FAILURE_SOFTWARE_GL");
+user_pref("mail.ab_remote_content.migrated", 1);
+user_pref("mail.account.account1.server", "server1");
+user_pref("mail.account.account2.identities", "id1");
+user_pref("mail.account.account2.server", "server2");
+user_pref("mail.account.lastKey", 2);
+user_pref("mail.accountmanager.accounts", "account1,account2");
+user_pref("mail.accountmanager.defaultaccount", "account2");
+user_pref("mail.accountmanager.localfoldersserver", "server1");
+user_pref("mail.append_preconfig_smtpservers.version", 2);
+user_pref("mail.default_charsets.migrated", 1);
+user_pref("mail.folder.views.version", 1);
+user_pref("mail.identity.id1.archive_folder", "mailbox://<% @username -%>@localhost/Archives");
+user_pref("mail.identity.id1.doBcc", false);
+user_pref("mail.identity.id1.draft_folder", "mailbox://<% @username -%>@localhost/Drafts");
+user_pref("mail.identity.id1.drafts_folder_picker_mode", "0");
+user_pref("mail.identity.id1.fcc_folder", "mailbox://<% @username -%>@localhost/Sent");
+user_pref("mail.identity.id1.fcc_folder_picker_mode", "0");
+user_pref("mail.identity.id1.fullName", "<% @username -%>");
+user_pref("mail.identity.id1.stationery_folder", "mailbox://<% @username -%>@localhost/Templates");
+user_pref("mail.identity.id1.tmpl_folder_picker_mode", "0");
+user_pref("mail.identity.id1.useremail", "<% @username -%>@<% @hostname -%>");
+user_pref("mail.identity.id1.valid", true);
+user_pref("mail.openMessageBehavior.version", 1);
+user_pref("mail.rights.version", 1);
+user_pref("mail.root.movemail", "/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail");
+user_pref("mail.root.movemail-rel", "[ProfD]Mail");
+user_pref("mail.root.none", "/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail");
+user_pref("mail.root.none-rel", "[ProfD]Mail");
+user_pref("mail.server.server1.directory", "/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/Local Folders");
+user_pref("mail.server.server1.directory-rel", "[ProfD]Mail/Local Folders");
+user_pref("mail.server.server1.hostname", "Local Folders");
+user_pref("mail.server.server1.name", "Local Folders");
+user_pref("mail.server.server1.nextFilterTime", 10);
+user_pref("mail.server.server1.spamActionTargetAccount", "mailbox://nobody@Local%20Folders");
+user_pref("mail.server.server1.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");
+user_pref("mail.server.server1.type", "none");
+user_pref("mail.server.server1.userName", "nobody");
+user_pref("mail.server.server2.directory", "/home/<% @username -%>/.thunderbird/<% @user_id -%>.default-default/Mail/localhost");
+user_pref("mail.server.server2.directory-rel", "[ProfD]Mail/localhost");
+user_pref("mail.server.server2.download_on_biff", true);
+user_pref("mail.server.server2.hostname", "localhost");
+user_pref("mail.server.server2.login_at_startup", true);
+user_pref("mail.server.server2.name", "<% @username -%>@<% @hostname -%>>");
+user_pref("mail.server.server2.nextFilterTime", 10);
+user_pref("mail.server.server2.spamActionTargetAccount", "mailbox://<% @username -%>@localhost");
+user_pref("mail.server.server2.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");
+user_pref("mail.server.server2.type", "movemail");
+user_pref("mail.server.server2.userName", "<% @username -%>");
+user_pref("mail.spam.version", 1);
+user_pref("mail.startup.enabledMailCheckOnce", true);
+user_pref("mail.ui-rdf.version", 17);
+user_pref("mailnews.database.global.datastore.id", "21b6799e-d458-45d5-91be-5e61ad3c384");
+user_pref("mailnews.quotingPrefs.version", 1);
+user_pref("mailnews.start_page_override.mstone", "68.7.0");
+user_pref("mailnews.tags.$label1.color", "#FF0000");
+user_pref("mailnews.tags.$label1.tag", "Important");
+user_pref("mailnews.tags.$label2.color", "#FF9900");
+user_pref("mailnews.tags.$label2.tag", "Work");
+user_pref("mailnews.tags.$label3.color", "#009900");
+user_pref("mailnews.tags.$label3.tag", "Personal");
+user_pref("mailnews.tags.$label4.color", "#3333FF");
+user_pref("mailnews.tags.$label4.tag", "To Do");
+user_pref("mailnews.tags.$label5.color", "#993399");
+user_pref("mailnews.tags.$label5.tag", "Later");
+user_pref("mailnews.tags.version", 2);
+user_pref("media.gmp.storage.version.observed", 1);
+user_pref("places.history.expiration.transient_current_max_pages", 80782);
+user_pref("security.sandbox.plugin.tempDirSuffix", "98a6f409-75f9-4ae6-857b-2bafb91635fc");
+user_pref("signon.importedFromSqlite", true);
+user_pref("toolkit.telemetry.cachedClientID", "b5e4d57d-da1e-4202-8d26-ad1c9f1b6cb1");
+user_pref("toolkit.telemetry.prompted", 2);
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/session.json.erb b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/session.json.erb
new file mode 100644
index 000000000..954d9080a
--- /dev/null
+++ b/modules/utilities/unix/email_clients/thunderbird/templates/user.default-default/session.json.erb
@@ -0,0 +1 @@
+{"rev":0,"windows":[{"type":"3pane","tabs":{"rev":0,"selectedIndex":0,"tabs":[{"mode":"folder","state":{"folderURI":"mailbox://<% @username -%>@localhost/Inbox","folderPaneVisible":true,"messagePaneVisible":true,"firstTab":true},"ext":{"quickFilter":{"filterValues":{"text":{"text":null,"states":{"sender":true,"recipients":true,"subject":true}}},"visible":true}}}]}}]}
\ No newline at end of file
diff --git a/modules/utilities/unix/email_clients/thunderbird/templates/user.js.erb b/modules/utilities/unix/email_clients/thunderbird/templates/user.js.erb
deleted file mode 100644
index bad9ad765..000000000
--- a/modules/utilities/unix/email_clients/thunderbird/templates/user.js.erb
+++ /dev/null
@@ -1,60 +0,0 @@
-user_pref("mail.account.account1.identities", "id1");
-user_pref("mail.account.account1.server", "server1");
-user_pref("mail.account.account2.server", "server2");
-user_pref("mail.account.lastKey", 2);
-user_pref("mail.accountmanager.accounts", "account1,account2");
-user_pref("mail.accountmanager.defaultaccount", "account1");
-user_pref("mail.accountmanager.localfoldersserver", "server2");
-user_pref("mail.append_preconfig_smtpservers.version", 2);
-user_pref("mail.attachment.store.version", 1);
-user_pref("mail.default_charsets.migrated", 1);
-user_pref("mail.displayname.version", 1);
-user_pref("mail.folder.views.version", 1);
-user_pref("mail.identity.id1.doBcc", false);
-user_pref("mail.identity.id1.draft_folder", "mailbox://<%=@username-%>@localhost/Drafts");
-user_pref("mail.identity.id1.drafts_folder_picker_mode", "0");
-user_pref("mail.identity.id1.fcc_folder", "mailbox://<%=@username-%>@localhost/Sent");
-user_pref("mail.identity.id1.fcc_folder_picker_mode", "0");
-user_pref("mail.identity.id1.fullName", "<%=@username-%>");
-user_pref("mail.identity.id1.reply_on_top", 1);
-user_pref("mail.identity.id1.smtpServer", "smtp1");
-user_pref("mail.identity.id1.stationery_folder", "mailbox://<%=@username-%>@localhost/Templates");
-user_pref("mail.identity.id1.tmpl_folder_picker_mode", "0");
-user_pref("mail.identity.id1.useremail", "<%=@username-%>@localhost");
-user_pref("mail.identity.id1.valid", true);
-user_pref("mail.openMessageBehavior.version", 1);
-user_pref("mail.rights.version", 1);
-user_pref("mail.root.none", "/home/<%=@username-%>/.thunderbird/user.default/Mail");
-user_pref("mail.root.none-rel", "[ProfD]Mail");
-user_pref("mail.root.pop3", "/home/<%=@username-%>/.thunderbird/user.default/Mail");
-user_pref("mail.root.pop3-rel", "[ProfD]Mail");
-user_pref("mail.server.server1.check_new_mail", true);
-user_pref("mail.server.server1.delete_by_age_from_server", true);
-user_pref("mail.server.server1.delete_mail_left_on_server", true);
-user_pref("mail.server.server1.directory", "/home/<%=@username-%>/.thunderbird/user.default/Mail/localhost");
-user_pref("mail.server.server1.directory-rel", "[ProfD]Mail/localhost");
-user_pref("mail.server.server1.download_on_biff", true);
-user_pref("mail.server.server1.hostname", "localhost");
-user_pref("mail.server.server1.leave_on_server", true);
-user_pref("mail.server.server1.login_at_startup", true);
-user_pref("mail.server.server1.name", "<%=@username-%>@localhost");
-user_pref("mail.server.server1.num_days_to_leave_on_server", 14);
-user_pref("mail.server.server1.socketType", 0);
-user_pref("mail.server.server1.spamActionTargetAccount", "mailbox://<%=@username-%>@localhost");
-user_pref("mail.server.server1.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");
-user_pref("mail.server.server1.type", "pop3");
-user_pref("mail.server.server1.userName", "<%=@username-%>");
-user_pref("mail.server.server2.directory", "/home/<%=@username-%>/.thunderbird/user.default/Mail/Local Folders");
-user_pref("mail.server.server2.directory-rel", "[ProfD]Mail/Local Folders");
-user_pref("mail.server.server2.hostname", "Local Folders");
-user_pref("mail.server.server2.name", "Local Folders");
-user_pref("mail.server.server2.spamActionTargetAccount", "mailbox://nobody@Local%20Folders");
-user_pref("mail.server.server2.storeContractID", "@mozilla.org/msgstore/berkeleystore;1");
-user_pref("mail.server.server2.type", "none");
-user_pref("mail.server.server2.userName", "nobody");
-user_pref("mail.smtpserver.smtp1.authMethod", 3);
-user_pref("mail.smtpserver.smtp1.hostname", "localhost");
-user_pref("mail.smtpserver.smtp1.port", 25);
-user_pref("mail.smtpserver.smtp1.try_ssl", 0);
-user_pref("mail.smtpserver.smtp1.username", "<%=@username-%>");
-user_pref("mail.smtpservers", "smtp1");
diff --git a/modules/utilities/unix/email_clients/thunderbird/thunderbird.pp b/modules/utilities/unix/email_clients/thunderbird/thunderbird.pp
index 0c4d35fbf..d184a6944 100644
--- a/modules/utilities/unix/email_clients/thunderbird/thunderbird.pp
+++ b/modules/utilities/unix/email_clients/thunderbird/thunderbird.pp
@@ -1,2 +1,2 @@
include thunderbird::install
-include thunderbird::config
+include thunderbird::configure
diff --git a/modules/utilities/unix/logging/analysis_alert_action_client/analysis_alert_action_client.pp b/modules/utilities/unix/logging/analysis_alert_action_client/analysis_alert_action_client.pp
new file mode 100644
index 000000000..251e986b1
--- /dev/null
+++ b/modules/utilities/unix/logging/analysis_alert_action_client/analysis_alert_action_client.pp
@@ -0,0 +1,45 @@
+$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+$aaa_config = parsejson($secgen_parameters['aaa_config'][0])
+$elasticsearch_ip = $aaa_config['server_ip']
+$elasticsearch_port = 0 + $aaa_config['elasticsearch_port']
+$logstash_ip = $aaa_config['server_ip']
+$logstash_port = 0 + $aaa_config['logstash_port']
+$kibana_ip = $aaa_config['server_ip']
+$kibana_port = 0 + $aaa_config['kibana_port']
+
+class { 'auditbeat':
+ modules => [
+ {
+ 'module' => 'auditd',
+ 'enabled' => true,
+ 'audit_rule_files' => '${path.config}/audit.rules.d/*.conf',
+ },
+ ],
+ outputs => {
+ 'logstash' => {
+ 'hosts' => ["$logstash_ip:$logstash_port"],
+ },
+ },
+}
+
+class { 'filebeat':
+ major_version => '7',
+ outputs => {
+ 'logstash' => {
+ 'hosts' => [
+ "$logstash_ip:$logstash_port",
+ ],
+ 'index' => 'filebeat',
+ },
+ },
+}
+
+filebeat::prospector { 'syslogs':
+ paths => [
+ '/var/log/auth.log',
+ '/var/log/syslog',
+ ],
+ doc_type => 'syslog-beat',
+}
+
+class { 'analysis_alert_action_client': }
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/analysis_alert_action_client/manifests/config.pp b/modules/utilities/unix/logging/analysis_alert_action_client/manifests/config.pp
new file mode 100644
index 000000000..c6e9de8f5
--- /dev/null
+++ b/modules/utilities/unix/logging/analysis_alert_action_client/manifests/config.pp
@@ -0,0 +1,8 @@
+class analysis_alert_action_client::config {
+ augeas { "sshd_permit_root":
+ context => "/files/etc/ssh/sshd_config",
+ changes => [
+ "set PermitRootLogin yes",
+ ],
+ }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/analysis_alert_action_client/manifests/init.pp b/modules/utilities/unix/logging/analysis_alert_action_client/manifests/init.pp
new file mode 100644
index 000000000..5b4d71954
--- /dev/null
+++ b/modules/utilities/unix/logging/analysis_alert_action_client/manifests/init.pp
@@ -0,0 +1,4 @@
+class analysis_alert_action_client {
+ class { '::analysis_alert_action_client::install': }
+ class { '::analysis_alert_action_client::config': }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/analysis_alert_action_client/manifests/install.pp b/modules/utilities/unix/logging/analysis_alert_action_client/manifests/install.pp
new file mode 100644
index 000000000..cec7e7a05
--- /dev/null
+++ b/modules/utilities/unix/logging/analysis_alert_action_client/manifests/install.pp
@@ -0,0 +1,17 @@
+class analysis_alert_action_client::install {
+ package{ ['mailutils', 'libnotify-bin']:
+ ensure => installed,
+ }
+
+ # TODO: Update this - none of this works! Try the $MAILCHECK env variable with /bin/bash...
+ # case $::lsbdistcodename {
+ # 'stretch': {
+ # package { 'mail-notification': ensure => installed }
+ # TODO: Add config stuff for mail-notification on debian desktop
+ # }
+ # 'kali-rolling': {
+ # package { 'xfce4-mailwatch-plugin': ensure => installed }
+ # TODO: Add config stuff for mailwatch on kali desktop
+ # }
+ # }
+}
diff --git a/modules/utilities/unix/logging/analysis_alert_action_client/secgen_metadata.xml b/modules/utilities/unix/logging/analysis_alert_action_client/secgen_metadata.xml
new file mode 100644
index 000000000..73e19f66c
--- /dev/null
+++ b/modules/utilities/unix/logging/analysis_alert_action_client/secgen_metadata.xml
@@ -0,0 +1,30 @@
+
+
+
+ Analysis, Alerting and Actioning Client
+ Thomas Shaw
+ Apache v2
+ Client component to the Auto Grading System
+ Includes: Filebeat, Auditbeat, (TODO) Wazuh client, modification to XFCE4 terminal records
+
+ multi
+ linux
+
+ aaa_config
+
+
+
+
+
+ Filebeat
+
+
+ Auditbeat
+
+
+ Xfce4 Terminal W Records
+
+
+
diff --git a/modules/utilities/unix/logging/auditbeat/.puppet-lint.rc b/modules/utilities/unix/logging/auditbeat/.puppet-lint.rc
new file mode 100644
index 000000000..cc96ece05
--- /dev/null
+++ b/modules/utilities/unix/logging/auditbeat/.puppet-lint.rc
@@ -0,0 +1 @@
+--relative
diff --git a/modules/utilities/unix/logging/auditbeat/CHANGELOG.md b/modules/utilities/unix/logging/auditbeat/CHANGELOG.md
index d6e878d60..d73fcba60 100644
--- a/modules/utilities/unix/logging/auditbeat/CHANGELOG.md
+++ b/modules/utilities/unix/logging/auditbeat/CHANGELOG.md
@@ -1,28 +1,105 @@
-# Changelog
+# Change log
-All notable changes to this project will be documented in this file.
+All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
-## Release 0.1.2
+## [v0.2.5](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.5) (2020-06-07)
-**Bugfixes**
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.5)
+
+# Added
+
+- added **update README.md**
+
+## [v0.2.4](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.4) (2020-06-07)
+
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.5)
+
+# Added
+
+- added **support for additional configuration keys**
+- Puppet version 4 testing removed
+
+## [v0.2.3](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.3) (2020-04-07)
+
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.3
+
+## [v0.2.2](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.2) (2020-01-24)
+
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.1...v0.2.2)
+
+# Added
+
+- added **monitoring** Hash for new elastic major version 7 and 8
+- added **$gpg_key_id** to repo.pp variables in case of elastic wants to change the gpg key some time
+- added **Puppet version 4 testing** since PDK does not test puppet 4
+
+# Fixed
+
+- fixed typo in **metadata.json**
+- improved **dependencies versions** in metadata.json for stdlib and apt
+
+
+## [v0.2.1](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.1) (2020-01-10)
+
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.2.0...v0.2.1)
+
+### Added
+
+- added possibility to install major version **5** additional to already configured versions **6** and **7**
+- changed default major version from **6** to **7**
+- added **$apt_repo_url**, **$yum_repo_url** and **$gpg_key_url** variables to enhance repo management
+- enhanced repo management itself by better variable management
+- updated spec tests to elastic major version **7** instead of major version **6** tests
+
+### Fixed
+
+- **.fixtures** updated and yaml structure fixed
+- **.vscode** folder readded to repo and removed from **.gitignore** since it is a part of the current pdk
+- removed **.project** file since it is a part of **.gitignore** now
+- switched from github pdk template to default pdk template
+
+## [v0.2.0](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.2.0) (2019-12-27)
+
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.1.2...v0.2.0)
+
+### Added
+
+- switched to latest Puppet Development Kit **PDK 1.15.0.0**
+- added service_provider directive
+- Puppet 6 compatibility
+- allowed major version 7 to be installed
+- execute a *apt update* before installing the package for Debian
+- added *setup* in configuration for template setup
+- improved the repo management
+
+### Fixed
+
+- the repo was replaced with a static URL in a pull request and was replaced with variables afterwards
+
+## [v0.1.2](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.1.2) (2019-12-27)
+
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.1.1...v0.1.2)
+
+### Fixed
- Modified the allowed values for the parameter *service_provider*
- The repo file is created only when *manage_repo* is set to *true* and *ensure* is set to *present*.
-## Release 0.1.1
-**Features**
+## [v0.1.1](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.1.1) (2018-06-20)
+
+[Full Changelog](https://github.com/noris-network/norisnetwork-auditbeat/compare/v0.1.0...v0.1.1)
+
+### Added
- Added support for the configuration of the x-pack monitoring section.
-## Release 0.1.0
+## [v0.1.0](https://github.com/noris-network/norisnetwork-auditbeat/tree/v0.1.0) (2018-06-11)
-**Features**
+### Added
- First implementation.
-**Bugfixes**
-
-**Known Issues**
+### Known issues
- Only Linux (Debian, CentOS, SuSE Ubuntu) supported
diff --git a/modules/utilities/unix/logging/auditbeat/README.md b/modules/utilities/unix/logging/auditbeat/README.md
index e70891ece..f729a0d52 100644
--- a/modules/utilities/unix/logging/auditbeat/README.md
+++ b/modules/utilities/unix/logging/auditbeat/README.md
@@ -1,21 +1,23 @@
-# auditbeat
+# norisnetwork-auditbeat
+ [](https://github.com/noris-network/norisnetwork-auditbeat/blob/master/LICENSE)   
-#### Table of Contents
+## Table of Contents
1. [Description](#description)
-2. [Setup - The basics of getting started with auditbeat](#setup)
+1. [Setup - The basics of getting started with auditbeat](#setup)
* [What auditbeat affects](#what-auditbeat-affects)
* [Setup requirements](#setup-requirements)
* [Beginning with auditbeat](#beginning-with-auditbeat)
-3. [Usage - Configuration options and additional functionality](#usage)
-4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
-5. [Limitations - OS compatibility, etc.](#limitations)
-6. [Development - Guide for contributing to the module](#development)
+1. [Usage - Configuration options and additional functionality](#usage)
+1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
+1. [Limitations - OS compatibility, etc.](#limitations)
+1. [Development - Guide for contributing to the module](#development)
## Description
-This module installs and configures the [Auditbeat shipper](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-overview.html) by Elastic. It has been tested on Puppet 5.x and on the following OSes: Debian 9.1, CentOS 7.3, Ubuntu 16.04
+This is a Puppet module for installing, managing and configuring the [Auditbeat lightweight shipper](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-overview.html) for audit data by elastic.
+It has been tested on Puppet 5.x and on the following OSes: Debian 9.1, CentOS 7.3, Ubuntu 16.04
## Setup
@@ -25,17 +27,17 @@ This module installs and configures the [Auditbeat shipper](https://www.elastic.
### Setup Requirements
-`auditbeat` needs `puppetlabs/stdlib`, `puppetlabs/apt` (for Debian and derivatives), `puppet/yum` (for RedHat or RedHat-like systems), `darin-zypprepo` (on SuSE based system)
+`auditbeat` needs `puppetlabs/stdlib`, `puppetlabs/apt` (for Debian and derivatives), `puppetlabs-yumrepo_core` (for RedHat or RedHat-like systems), `puppet-zypprepo` (on SuSE based systems)
### Beginning with auditbeat
-The module can be installed manually, typing `puppet module install noris-auditbeat`, or by means of an environment manager (r10k, librarian-puppet, ...).
+The module can be installed manually, typing `puppet module install norisnetwork-auditbeat`, or by means of an environment manager (r10k, librarian-puppet, ...).
-`auditbeat` requires at least the `outputs` and `modules` sections in order to start. Please refer to the software documentation to find out the [available modules] (https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) and the [supported outputs] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html). On the other hand, the sections [logging] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuration-logging.html) and [queue] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-internal-queue.html) already contains meaningful default values.
+`auditbeat` requires at least the `outputs` and `modules` sections in order to start. Please refer to the software documentation to find out the [available modules](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) and the [supported outputs](https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html). On the other hand, the sections [logging](https://www.elastic.co/guide/en/beats/auditbeat/current/configuration-logging.html) and [queue](https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-internal-queue.html) already contains meaningful default values.
A basic setup configuring the `file_integrity` module to check some paths and writing the results directly in Elasticsearch.
-```puppet
+``` puppet
class{'auditbeat':
modules => [
{
@@ -54,7 +56,7 @@ class{'auditbeat':
The same example using Hiera:
-```
+``` yaml
classes:
include:
- 'auditbeat'
@@ -82,7 +84,7 @@ The configuration is written to the configuration file `/etc/auditbeat/auditbeat
Send data to two Redis servers, loadbalancing between the instances.
-```puppet
+``` puppet
class{'auditbeat':
modules => [
{
@@ -98,9 +100,10 @@ class{'auditbeat':
},
},
```
+
or, using Hiera
-```
+``` yaml
classes:
include:
- 'auditbeat'
@@ -122,9 +125,10 @@ auditbeat::outputs:
- 'itger:redis:6379'
index: 'auditbeat'
```
+
Add the `auditd` module to the configuration, specifying a rule to detect 32 bit system calls. Output to Elasticsearch.
-```puppet
+``` puppet
class{'auditbeat':
modules => [
{
@@ -145,9 +149,10 @@ class{'auditbeat':
},
},
```
+
In Hiera format it would look like:
-```
+``` yaml
classes:
include:
- 'auditbeat'
@@ -173,17 +178,23 @@ auditbeat::outputs:
index: "auditbeat-%%{}{+YYYY.MM.dd}"
```
+## pass additional options to config like "http endpoint metrics"
+
+``` yaml
+auditbeat::additional_config:
+ http.enabled: true
+ http.host: 10.0.0.1
+```
## Reference
* [Public Classes](#public-classes)
- * [Class: auditbeat](#class-auditbeat)
+ * [Class: auditbeat](#class-auditbeat)
* [Private Classes](#private-classes)
- * [Class: auditbeat::repo](#class-auditbeat-repo)
- * [Class: auditbeat::install](#class-auditbeat-install)
- * [Class: auditbeat::config](#class-auditbeat-config)
- * [Class: auditbeat::service](#class-auditbeat-service)
-
+ * [Class: auditbeat::repo](#class-auditbeat-repo)
+ * [Class: auditbeat::install](#class-auditbeat-install)
+ * [Class: auditbeat::config](#class-auditbeat-config)
+ * [Class: auditbeat::service](#class-auditbeat-service)
### Public Classes
@@ -197,59 +208,52 @@ Installation and configuration.
* `fields_under_root`: [Boolean] whether to add the custom fields to the root of the document (default is *false*).
* `queue`: [Hash] auditbeat's internal queue, before the events publication (default is *4096* events in *memory* with immediate flush).
* `logging`: [Hash] the auditbeat's logfile configuration (default: writes to `/var/log/auditbeat/auditbeat`, maximum 7 files, rotated when bigger than 10 MB).
-* `outputs`: [Hash] the options of the mandatory [outputs] (https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html) section of the configuration file (default: undef).
+* `outputs`: [Hash] the options of the mandatory [outputs](https://www.elastic.co/guide/en/beats/auditbeat/current/configuring-output.html) section of the configuration file (default: undef).
* `major_version`: [Enum] the major version of the package to install (default: '6', the only accepted value. Implemented for future reference).
* `ensure`: [Enum 'present', 'absent']: whether Puppet should manage `auditbeat` or not (default: 'present').
* `service_provider`: [Enum 'systemd', 'init', 'debian', 'redhat', 'upstart', undef] which boot framework to use to install and manage the service (default: undef).
* `service_ensure`: [Enum 'enabled', 'running', 'disabled', 'unmanaged'] the status of the audit service (default 'enabled'). In more details:
- * *enabled*: service is running and started at every boot;
- * *running*: service is running but not started at boot time;
- * *disabled*: service is not running and not started at boot time;
- * *unamanged*: Puppet does not manage the service.
+ * *enabled*: service is running and started at every boot;
+ * *running*: service is running but not started at boot time;
+ * *disabled*: service is not running and not started at boot time;
+ * *unamanged*: Puppet does not manage the service.
* `package_ensure`: [String] the package version to install. It could be 'latest' (for the newest release) or a specific version number, in the format *x.y.z*, i.e., *6.2.0* (default: latest).
* `manage_repo`: [Boolean] whether to add the elastic upstream repo to the package manager (default: true).
* `config_file_mode`: [String] the octal file mode of the configuration file `/etc/auditbeat/auditbeat.yml` (default: 0644).
* `disable_configtest`: [Boolean] whether to check if the configuration file is valid before attempting to run the service (default: true).
* `tags`: [Array[Strings]]: the tags to add to each document (default: undef).
* `fields`: [Hash] the fields to add to each document (default: undef).
-* `xpack`: [Hash] the configuration to export internal metrics to an Elasticsearch monitoring instance (default: undef).
-* `modules`: [Array[Hash]] the required [modules] (https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) to load (default: undef).
-* `processors`: [Array[Hash]] the optional [processors] (https://www.elastic.co/guide/en/beats/auditbeat/current/defining-processors.html) for event enhancement (default: undef).
+* `xpack`: [Hash] the configuration to export internal metrics to an Elasticsearch monitoring instance (default: undef).
+* `monitoring`: [Hash] the configuration to export internal metrics to an Elasticsearch monitoring instance since Version 7.x (default: undef).
+* `modules`: [Array[Hash]] the required [modules](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) to load (default: undef).
+* `processors`: [Array[Hash]] the optional [processors](https://www.elastic.co/guide/en/beats/auditbeat/current/defining-processors.html) for event enhancement (default: undef).
+* `setup`: [Hash] setup the configuration of the setup namespace (kibana, dashboards, template, etc.)(default: undef).
+* `additional_config` : [Hash] pass additional options to config like "http endpoint metrics"
### Private Classes
#### Class: `auditbeat::repo`
+
Configuration of the package repository to fetch auditbeat.
#### Class: `auditbeat::install`
+
Installation of the auditbeat package.
#### Class: `auditbeat::config`
+
Configuration of the auditbeat daemon.
#### Class: `auditbeat::service`
-Management of the auditbeat service.
+Management of the auditbeat service.
## Limitations
-This module does not load the index template in Elasticsearch nor the auditbeat example dashboards in Kibana. These two tasks should be carried out manually. Please follow the documentation to [manually load the index template in Elasticsearch] (https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-template.html#load-template-manually-alternate) and to [import the auditbeat dashboards in Kibana] (https://www.elastic.co/guide/en/beats/devguide/6.2/import-dashboards.html).
+This module does not load the index template in Elasticsearch nor the auditbeat example dashboards in Kibana. These two tasks should be carried out manually. Please follow the documentation to [manually load the index template in Elasticsearch](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-template.html#load-template-manually-alternate) and to [import the auditbeat dashboards in Kibana](https://www.elastic.co/guide/en/beats/devguide/7.8/import-dashboards.html).
The option `manage_repo` does not remove the repo file, even if set to *false*. Please delete it manually.
-The module allows to set up the
-[x-pack section] (https://www.elastic.co/guide/en/beats/auditbeat/current/monitoring.html)
-of the configuration file, in order to set the internal statistics of packetbeat to an Elasticsearch cluster.
-In order to do that the parameter `package_ensure` should be set to:
-
-* `latest`
-* `6.1.0` or a higher version
-
-Unfortunately when `package_ensure` is equal to `installed` or `present`, the `x-pack` section is removed,
-beacuse there is no way to know which version of the package is going to be handled (unless a specific fact is
-added).
-
-
## Development
Please feel free to report bugs and to open pull requests for new features or to fix a problem.
diff --git a/modules/utilities/unix/logging/auditbeat/auditbeat.pp b/modules/utilities/unix/logging/auditbeat/auditbeat.pp
index 78dc8ca1a..6ed9e8947 100644
--- a/modules/utilities/unix/logging/auditbeat/auditbeat.pp
+++ b/modules/utilities/unix/logging/auditbeat/auditbeat.pp
@@ -1,27 +1,20 @@
-$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
-$logstash_ip = $secgen_parameters['logstash_ip'][0]
-$logstash_port = 0 + $secgen_parameters['logstash_port'][0]
-$files_to_audit = $secgen_parameters['files_to_audit']
-# TODO - check if we need this (or are account accesses automatically audited)?
-# Even if we don't need it - we will need to add the accounts to watch into the 'watchers' section when we reach that point.
-# $accounts_to_audit = $secgen_parameters['accounts_to_audit']
+unless defined('analysis_alert_action_client') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $logstash_ip = $secgen_parameters['logstash_ip'][0]
+ $logstash_port = 0 + $secgen_parameters['logstash_port'][0]
-class { 'auditbeat':
- modules => [
- # {
- # 'module' => 'file_integrity',
- # 'enabled' => true,
- # 'paths' => ['/bin', '/usr/bin', '/sbin', '/usr/sbin', '/etc'],
- # },
- {
- 'module' => 'auditd',
- 'enabled' => true,
- 'audit_rules' => template('auditbeat/audit_rules.erb'),
+ class { 'auditbeat':
+ modules => [
+ {
+ 'module' => 'auditd',
+ 'enabled' => true,
+ 'audit_rule_files' => '${path.config}/audit.rules.d/*.conf',
+ },
+ ],
+ outputs => {
+ 'logstash' => {
+ 'hosts' => ["$logstash_ip:$logstash_port"],
+ },
},
- ],
- outputs => {
- 'logstash' => {
- 'hosts' => ["$logstash_ip:$logstash_port"],
- },
- },
+ }
}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/auditbeat/data/common.yaml b/modules/utilities/unix/logging/auditbeat/data/common.yaml
new file mode 100644
index 000000000..ed97d539c
--- /dev/null
+++ b/modules/utilities/unix/logging/auditbeat/data/common.yaml
@@ -0,0 +1 @@
+---
diff --git a/modules/utilities/unix/logging/auditbeat/files/rules/.no_files b/modules/utilities/unix/logging/auditbeat/files/rules/.no_files
new file mode 100644
index 000000000..e69de29bb
diff --git a/modules/utilities/unix/logging/auditbeat/hiera.yaml b/modules/utilities/unix/logging/auditbeat/hiera.yaml
new file mode 100644
index 000000000..2251c236a
--- /dev/null
+++ b/modules/utilities/unix/logging/auditbeat/hiera.yaml
@@ -0,0 +1,21 @@
+---
+version: 5
+
+defaults: # Used for any hierarchy level that omits these keys.
+ datadir: data # This path is relative to hiera.yaml's directory.
+ data_hash: yaml_data # Use the built-in YAML backend.
+
+hierarchy:
+ - name: "osfamily/major release"
+ paths:
+ - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
+ # Used for Solaris
+ - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
+ # Used to distinguish between Debian and Ubuntu
+ - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
+ - name: "osfamily"
+ paths:
+ - "os/%{facts.os.family}.yaml"
+ - "os/%{facts.os.name}.yaml"
+ - name: 'common'
+ path: 'common.yaml'
diff --git a/modules/utilities/unix/logging/auditbeat/manifests/config.pp b/modules/utilities/unix/logging/auditbeat/manifests/config.pp
index dd7c2d752..2a2a74396 100644
--- a/modules/utilities/unix/logging/auditbeat/manifests/config.pp
+++ b/modules/utilities/unix/logging/auditbeat/manifests/config.pp
@@ -6,31 +6,46 @@ class auditbeat::config {
$auditbeat_bin = '/usr/share/auditbeat/bin/auditbeat'
$validate_cmd = $auditbeat::disable_configtest ? {
- true => undef,
+ true => undef,
default => "${auditbeat_bin} test config -c %",
}
$auditbeat_config = delete_undef_values({
- 'name' => $auditbeat::beat_name ,
- 'fields_under_root' => $auditbeat::fields_under_root,
- 'fields' => $auditbeat::fields,
- 'xpack' => $auditbeat::xpack,
- 'tags' => $auditbeat::tags,
- 'queue' => $auditbeat::queue,
- 'logging' => $auditbeat::logging,
- 'output' => $auditbeat::outputs,
- 'processors' => $auditbeat::processors,
- 'auditbeat' => {
- 'modules' => $auditbeat::modules,
+ 'name' => $auditbeat::beat_name,
+ 'fields_under_root' => $auditbeat::fields_under_root,
+ 'fields' => $auditbeat::fields,
+ 'xpack' => $auditbeat::xpack,
+ 'monitoring' => $auditbeat::monitoring,
+ 'tags' => $auditbeat::tags,
+ 'queue' => $auditbeat::queue,
+ 'logging' => $auditbeat::logging,
+ 'output' => $auditbeat::outputs,
+ 'processors' => $auditbeat::processors,
+ 'setup' => $auditbeat::setup,
+ 'auditbeat' => {
+ 'modules' => $auditbeat::modules,
},
})
+ $merged_config = deep_merge($auditbeat_config, $auditbeat::additional_config)
+
file { '/etc/auditbeat/auditbeat.yml':
ensure => $auditbeat::ensure,
owner => 'root',
group => 'root',
mode => $auditbeat::config_file_mode,
- content => inline_template('<%= @auditbeat_config.to_yaml() %>'),
+ content => inline_template('<%= @merged_config.to_yaml() %>'),
validate_cmd => $validate_cmd,
+ require => Package['auditbeat'],
+ }
+
+ file { '/etc/auditbeat/audit.rules.d/': # rules must have .conf extension
+ ensure => directory,
+ recurse => true,
+ owner => 'root',
+ group => 'root',
+ mode => $auditbeat::config_file_mode,
+ source => 'puppet:///modules/auditbeat/rules/',
+ require => Package['auditbeat'],
}
}
diff --git a/modules/utilities/unix/logging/auditbeat/manifests/init.pp b/modules/utilities/unix/logging/auditbeat/manifests/init.pp
index e6b29d58c..6bc5a72bf 100644
--- a/modules/utilities/unix/logging/auditbeat/manifests/init.pp
+++ b/modules/utilities/unix/logging/auditbeat/manifests/init.pp
@@ -42,6 +42,7 @@
# @param xpack the configuration of x-pack monitoring.
# @param modules the required modules to load.
# @param processors the optional processors for events enhancement.
+# @param setup the configuration of the setup namespace (kibana, dashboards, template, etc.)
#
class auditbeat (
String $beat_name = $::hostname,
@@ -75,10 +76,14 @@ class auditbeat (
},
},
Hash $outputs = {},
- Enum['6'] $major_version = '6',
+ Enum['5', '6', '7'] $major_version = '7',
Enum['present', 'absent'] $ensure = 'present',
Optional[Enum['systemd', 'init', 'debian', 'redhat', 'upstart']] $service_provider = undef,
Boolean $manage_repo = true,
+ Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $apt_repo_url = undef,
+ Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $yum_repo_url = undef,
+ Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $gpg_key_url = undef,
+ String $gpg_key_id = '',
Enum['enabled', 'running', 'disabled', 'unmanaged'] $service_ensure = 'enabled',
String $package_ensure = 'latest',
String $config_file_mode = '0644',
@@ -88,6 +93,9 @@ class auditbeat (
Optional[Array[Hash]] $modules = undef,
Optional[Array[Hash]] $processors = undef,
Optional[Hash] $xpack = undef,
+ Optional[Hash] $monitoring = undef,
+ Optional[Hash] $setup = undef,
+ Optional[Hash] $additional_config = {},
) {
contain auditbeat::repo
diff --git a/modules/utilities/unix/logging/auditbeat/manifests/repo.pp b/modules/utilities/unix/logging/auditbeat/manifests/repo.pp
index 634083f2a..4c9ab25f2 100644
--- a/modules/utilities/unix/logging/auditbeat/manifests/repo.pp
+++ b/modules/utilities/unix/logging/auditbeat/manifests/repo.pp
@@ -1,60 +1,69 @@
# auditbeat::repo
# @api private
#
-# @summary It manages the package repositories to isntall auditbeat
-class auditbeat::repo {
+# @summary Manages the package repositories on the target nodes to install auditbeat
+class auditbeat::repo inherits auditbeat {
+ $apt_repo_url = $auditbeat::apt_repo_url ? {
+ undef => "https://artifacts.elastic.co/packages/${auditbeat::major_version}.x/apt",
+ default => $auditbeat::apt_repo_url,
+ }
+ $yum_repo_url = $auditbeat::yum_repo_url ? {
+ undef => "https://artifacts.elastic.co/packages/${auditbeat::major_version}.x/yum",
+ default => $auditbeat::yum_repo_url,
+ }
+ $gpg_key_url = $auditbeat::gpg_key_url ? {
+ undef => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+ default => $auditbeat::gpg_key_url,
+ }
+ $gpg_key_id = $auditbeat::gpg_key_id ? {
+ '' => '46095ACC8548582C1A2699A9D27D666CD88E42B4',
+ default => $auditbeat::gpg_key_id,
+ }
+
if ($auditbeat::manage_repo == true) and ($auditbeat::ensure == 'present') {
case $facts['osfamily'] {
'Debian': {
include ::apt
-
- $download_url = 'https://artifacts.elastic.co/packages/6.x/apt'
-
if !defined(Apt::Source['beats']) {
apt::source{'beats':
ensure => $auditbeat::ensure,
- location => $download_url,
+ location => $apt_repo_url,
release => 'stable',
repos => 'main',
key => {
- id => '46095ACC8548582C1A2699A9D27D666CD88E42B4',
- source => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+ id => $gpg_key_id,
+ source => $gpg_key_url,
},
}
+ Class['apt::update'] -> Package['auditbeat']
}
}
'RedHat': {
-
- $download_url = 'https://artifacts.elastic.co/packages/6.x/yum'
-
if !defined(Yumrepo['beats']) {
yumrepo{'beats':
ensure => $auditbeat::ensure,
- descr => 'Elastic repository for 6.x packages',
- baseurl => $download_url,
+ descr => "Elastic repository for ${auditbeat::major_version}.x packages",
+ baseurl => $yum_repo_url,
gpgcheck => 1,
- gpgkey => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+ gpgkey => $gpg_key_url,
enabled => 1,
}
}
}
'SuSe': {
-
- $download_url = 'https://artifacts.elastic.co/packages/6.x/yum'
-
- exec { 'topbeat_suse_import_gpg':
- command => '/usr/bin/rpmkeys --import https://artifacts.elastic.co/GPG-KEY-elasticsearch',
- unless => '/usr/bin/test $(rpm -qa gpg-pubkey | grep -i "D88E42B4" | wc -l) -eq 1 ',
+ exec { 'suse_import_gpg':
+ command => "/usr/bin/rpmkeys --import ${gpg_key_url}",
+ unless => "/usr/bin/test $(rpm -qa gpg-pubkey | grep -i \"${gpg_key_id}\" | wc -l) -eq 1",
notify => [ Zypprepo['beats'] ],
}
if !defined (Zypprepo['beats']) {
zypprepo{'beats':
- baseurl => $download_url,
+ baseurl => $yum_repo_url,
enabled => 1,
autorefresh => 1,
name => 'beats',
gpgcheck => 1,
- gpgkey => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
+ gpgkey => $gpg_key_url,
type => 'yum',
}
}
diff --git a/modules/utilities/unix/logging/auditbeat/manifests/service.pp b/modules/utilities/unix/logging/auditbeat/manifests/service.pp
index c40921c37..1399f2290 100644
--- a/modules/utilities/unix/logging/auditbeat/manifests/service.pp
+++ b/modules/utilities/unix/logging/auditbeat/manifests/service.pp
@@ -33,5 +33,6 @@ class auditbeat::service {
ensure => $service_status,
enable => $service_enabled,
provider => $auditbeat::service_provider,
+ require => Package['auditbeat'],
}
}
diff --git a/modules/utilities/unix/logging/auditbeat/metadata.json b/modules/utilities/unix/logging/auditbeat/metadata.json
index 413704bba..f72f474d1 100644
--- a/modules/utilities/unix/logging/auditbeat/metadata.json
+++ b/modules/utilities/unix/logging/auditbeat/metadata.json
@@ -1,27 +1,30 @@
{
"name": "norisnetwork-auditbeat",
- "version": "0.1.2",
+ "version": "0.2.5",
"author": "norisnetwork",
- "summary": "This module installs and configures the Auditbeat shipper by Elastic.",
+ "summary": "Module for installing, managing and configuring the Auditbeat lightweight shipper for audit data by elastic.",
"license": "Apache-2.0",
- "source": "https://github.com/noris-network/puppet-auditbeat",
+ "source": "https://github.com/noris-network/norisnetwork-auditbeat",
"project_page": "https://github.com/noris-network/norisnetwork-auditbeat",
"issues_url": "https://github.com/noris-network/norisnetwork-auditbeat/issues",
"dependencies": [
{
"name": "puppetlabs-stdlib",
- "version_requirement": ">= 4.13.0 < 5.0.0"
+ "version_requirement": ">= 4.13.0 < 7.0.0"
},
{
"name": "puppetlabs-apt",
- "version_requirement": ">= 4.0.0 < 5.0.0"
+ "version_requirement": ">= 2.0.0 < 8.0.0"
},
{
- "name": "darin-zypprepo",
+ "name": "puppet-zypprepo",
+ "version_requirement": ">= 2.0.0 < 3.0.0"
+ },
+ {
+ "name": "puppetlabs-yumrepo_core",
"version_requirement": ">= 1.0.0 < 2.0.0"
}
],
- "data_provider": null,
"operatingsystem_support": [
{
"operatingsystem": "CentOS",
@@ -44,23 +47,32 @@
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
- "16.04"
+ "18.04"
]
},
{
"operatingsystem": "SLES",
"operatingsystemrelease": [
- "12"
+ "15"
]
}
],
"requirements": [
{
"name": "puppet",
- "version_requirement": ">= 4.7.0 < 6.0.0"
+ "version_requirement": ">= 5.0.0 < 7.0.0"
}
],
- "pdk-version": "1.5.0",
- "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git",
- "template-ref": "1.5.0-0-gd1b3eca"
+ "tags": [
+ "auditbeat",
+ "elasticsearch",
+ "elastic_stack",
+ "elastic",
+ "norisnetwork",
+ "logstash",
+ "kibana"
+ ],
+ "pdk-version": "1.18.0",
+ "template-url": "pdk-default#1.18.0",
+ "template-ref": "tags/1.18.0-0-g095317c"
}
diff --git a/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml b/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml
index 14420750c..8bd878fb1 100644
--- a/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml
+++ b/modules/utilities/unix/logging/auditbeat/secgen_metadata.xml
@@ -14,7 +14,6 @@
logstash_ip
logstash_port
- files_to_audit
localhost
@@ -24,13 +23,13 @@
5044
-
- /etc/shadow
- /etc/passwd
-
-
update
+
+
+ Filebeat
+
+
diff --git a/modules/utilities/unix/logging/auditbeat/spec/classes/auditbeat_spec.rb b/modules/utilities/unix/logging/auditbeat/spec/classes/auditbeat_spec.rb
deleted file mode 100644
index 930406700..000000000
--- a/modules/utilities/unix/logging/auditbeat/spec/classes/auditbeat_spec.rb
+++ /dev/null
@@ -1,129 +0,0 @@
-require 'spec_helper'
-
-describe 'auditbeat', 'type' => 'class' do
- on_supported_os.each do |os, facts|
- context "on #{os}" do
- let(:facts) { facts }
-
- it { is_expected.to compile }
- it { is_expected.to create_class('auditbeat') }
- it { is_expected.to create_class('auditbeat::install') }
- it { is_expected.to create_class('auditbeat::config') }
- it { is_expected.to create_class('auditbeat::service') }
- describe 'with ensure present' do
- let(:params) { { 'ensure' => 'present' } }
-
- it do
- is_expected.to contain_package('auditbeat').with(
- 'ensure' => 'latest',
- )
- end
- end
- describe 'with ensure absent' do
- let(:params) { { 'ensure' => 'absent' } }
-
- it do
- is_expected.to contain_package('auditbeat').with(
- 'ensure' => 'absent',
- )
- is_expected.to contain_service('auditbeat').with(
- 'ensure' => 'stopped',
- 'enable' => false,
- )
- end
- end
- describe 'with version 6.2.0' do
- let(:params) { { 'package_ensure' => '6.2.0' } }
-
- it do
- is_expected.to contain_package('auditbeat').with(
- 'ensure' => '6.2.0',
- )
- end
- end
- describe 'with disable_configtest false and file permission 0600' do
- let(:params) { { 'disable_configtest' => false, 'config_file_mode' => '0600' } }
-
- it do
- is_expected.to contain_file('/etc/auditbeat/auditbeat.yml').with(
- 'ensure' => 'present',
- 'owner' => 'root',
- 'group' => 'root',
- 'mode' => '0600',
- 'validate_cmd' => '/usr/share/auditbeat/bin/auditbeat test config -c %',
- )
- end
- end
- describe 'with disable_configtest true' do
- let(:params) { { 'disable_configtest' => true } }
-
- it do
- is_expected.to contain_file('/etc/auditbeat/auditbeat.yml').with(
- 'ensure' => 'present',
- 'owner' => 'root',
- 'group' => 'root',
- 'mode' => '0644',
- 'validate_cmd' => nil,
- )
- end
- end
- describe 'with service enabled' do
- let(:params) { { 'ensure' => 'present', 'service_ensure' => 'enabled' } }
-
- it do
- is_expected.to contain_service('auditbeat').with(
- 'ensure' => 'running',
- 'enable' => true,
- )
- end
- end
- case os
- when %r{centos-7-|redhat-7-}
- describe 'with manage_repo true on RedHat family' do
- let(:params) { { 'ensure' => 'present', 'manage_repo' => true } }
-
- it do
- is_expected.to contain_yumrepo('beats').with(
- 'ensure' => 'present',
- 'baseurl' => 'https://artifacts.elastic.co/packages/6.x/yum',
- 'gpgkey' => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
- )
- end
- end
- when %r{sles-12-}
- describe 'with manage_repo true on SLES family' do
- let(:params) { { 'ensure' => 'present', 'manage_repo' => true } }
-
- it do
- is_expected.to contain_zypprepo('beats').with(
- 'enabled' => 1,
- 'autorefresh' => 1,
- 'gpgcheck' => 1,
- 'name' => 'beats',
- 'type' => 'yum',
- 'baseurl' => 'https://artifacts.elastic.co/packages/6.x/yum',
- 'gpgkey' => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
- )
- end
- end
- when %r{debian-9-|ubuntu-16.04-}
- describe 'with manage_repo true on Debian family' do
- let(:params) { { 'ensure' => 'present', 'manage_repo' => true } }
-
- it do
- is_expected.to contain_apt__source('beats').with(
- 'ensure' => 'present',
- 'location' => 'https://artifacts.elastic.co/packages/6.x/apt',
- 'release' => 'stable',
- 'repos' => 'main',
- 'key' => {
- 'id' => '46095ACC8548582C1A2699A9D27D666CD88E42B4',
- 'source' => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
- },
- )
- end
- end
- end
- end
- end
-end
diff --git a/modules/utilities/unix/logging/auditbeat/spec/default_facts.yml b/modules/utilities/unix/logging/auditbeat/spec/default_facts.yml
deleted file mode 100644
index 3248be5aa..000000000
--- a/modules/utilities/unix/logging/auditbeat/spec/default_facts.yml
+++ /dev/null
@@ -1,8 +0,0 @@
-# Use default_module_facts.yml for module specific facts.
-#
-# Facts specified here will override the values provided by rspec-puppet-facts.
----
-concat_basedir: "/tmp"
-ipaddress: "172.16.254.254"
-is_pe: false
-macaddress: "AA:AA:AA:AA:AA:AA"
diff --git a/modules/utilities/unix/logging/auditbeat/spec/spec_helper.rb b/modules/utilities/unix/logging/auditbeat/spec/spec_helper.rb
deleted file mode 100644
index e11719268..000000000
--- a/modules/utilities/unix/logging/auditbeat/spec/spec_helper.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-
-require 'puppetlabs_spec_helper/module_spec_helper'
-require 'rspec-puppet-facts'
-
-begin
- require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
-rescue LoadError => loaderror
- warn "Could not require spec_helper_local: #{loaderror.message}"
-end
-
-include RspecPuppetFacts
-
-default_facts = {
- puppetversion: Puppet.version,
- facterversion: Facter.version,
-}
-
-default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml'))
-default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml'))
-
-if File.exist?(default_facts_path) && File.readable?(default_facts_path)
- default_facts.merge!(YAML.safe_load(File.read(default_facts_path)))
-end
-
-if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path)
- default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path)))
-end
-
-RSpec.configure do |c|
- c.default_facts = default_facts
- c.before :each do
- # set to strictest setting for testing
- # by default Puppet runs at warning level
- Puppet.settings[:strict] = :warning
- end
-end
diff --git a/modules/utilities/unix/logging/auditbeat/templates/audit_rules.erb b/modules/utilities/unix/logging/auditbeat/templates/audit_rules.erb
deleted file mode 100644
index d7c4622c2..000000000
--- a/modules/utilities/unix/logging/auditbeat/templates/audit_rules.erb
+++ /dev/null
@@ -1,7 +0,0 @@
-<% audit_rules = ''
-
- @files_to_audit.each {|file|
- audit_rules << "-w #{file} -p rwa -k identity\n"
- }
--%>
-<%= audit_rules -%>
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/elastalert.pp b/modules/utilities/unix/logging/elastalert/elastalert.pp
new file mode 100644
index 000000000..70389d1c3
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/elastalert.pp
@@ -0,0 +1,18 @@
+unless defined('analysis_alert_action_server') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+ $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+
+ class { 'elastalert::install':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ } ~>
+ class {'elastalert::config':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ }~>
+ class {'elastalert::service':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/files/dev-example-alert.json b/modules/utilities/unix/logging/elastalert/files/dev-example-alert.json
new file mode 100644
index 000000000..ffdc902e6
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/files/dev-example-alert.json
@@ -0,0 +1,224 @@
+// This alert was in 1 line and has been formatted
+
+// cat /home/vagrant/testfile log
+[
+ {
+ "_type": "doc",
+ "_index": "auditbeat-2020.02.25",
+ "process": {
+ "exe": "/bin/cat",
+ "name": "cat",
+ "title": "cat testfile",
+ "pid": "3376",
+ "ppid": "1452",
+ "cwd": "/home/vagrant"
+ },
+ "num_hits": 1,
+ "@timestamp": "2020-02-25T17:29:47.360Z",
+ "tags": [
+ "home",
+ "beats_input_raw_event"
+ ],
+ "auditd": {
+ "paths": [
+ {
+ "nametype": "NORMAL",
+ "ouid": "1000",
+ "ogid": "1000",
+ "rdev": "00:00",
+ "dev": "08:01",
+ "item": "0",
+ "mode": "0100644",
+ "inode": "1441867",
+ "name": "testfile"
+ }
+ ],
+ "sequence": 273,
+ "summary": {
+ "how": "/bin/cat",
+ "object": {
+ "type": "file",
+ "primary": "testfile"
+ },
+ "actor": {
+ "primary": "vagrant",
+ "secondary": "vagrant"
+ }
+ },
+ "session": "3",
+ "result": "success",
+ "data": {
+ "tty": "pts2",
+ "syscall": "open",
+ "a1": "0",
+ "a0": "7ffcfc836419",
+ "a3": "69f",
+ "a2": "fffffffffffe0400",
+ "exit": "3",
+ "arch": "x86_64"
+ }
+ },
+ "beat": {
+ "hostname": "shaw54-AGT-1-auto-grading-tracer-client-1",
+ "name": "shaw54-AGT-1-auto-grading-tracer-client-1",
+ "version": "6.8.6"
+ },
+ "host": {
+ "name": "shaw54-AGT-1-auto-grading-tracer-client-1"
+ },
+ "user": {
+ "fsuid": "1000",
+ "auid": "1000",
+ "uid": "1000",
+ "name_map": {
+ "fsuid": "vagrant",
+ "auid": "vagrant",
+ "uid": "vagrant",
+ "suid": "vagrant",
+ "fsgid": "vagrant",
+ "egid": "vagrant",
+ "euid": "vagrant",
+ "gid": "vagrant",
+ "sgid": "vagrant"
+ },
+ "suid": "1000",
+ "fsgid": "1000",
+ "egid": "1000",
+ "euid": "1000",
+ "gid": "1000",
+ "sgid": "1000"
+ },
+ "file": {
+ "group": "vagrant",
+ "uid": "1000",
+ "owner": "vagrant",
+ "gid": "1000",
+ "mode": "0644",
+ "device": "00:00",
+ "path": "testfile",
+ "inode": "1441867"
+ },
+ "combined_path": "/home/vagrant/testfile",
+ "num_matches": 1,
+ "_id": "XA9lfXABD6uZtrW1xuCR",
+ "@version": "1",
+ "event": {
+ "action": "opened-file",
+ "category": "audit-rule",
+ "type": "syscall",
+ "module": "auditd"
+ }
+ }
+]
+
+
+// cat /etc/shadow log
+[
+ {
+ "_type": "doc",
+ "_index": "auditbeat-2020.02.25",
+ "process": {
+ "exe": "/usr/lib/x86_64-linux-gnu/libexec/kcheckpass",
+ "name": "kcheckpass",
+ "title": "kcheckpass -m classic -S 19",
+ "pid": "3684",
+ "ppid": "3622",
+ "cwd": "/home/vagrant"
+ },
+ "num_hits": 6,
+ "@timestamp": "2020-02-25T17:59:21.460Z",
+ "tags": [
+ "etc",
+ "beats_input_raw_event"
+ ],
+ "auditd": {
+ "paths": [
+ {
+ "nametype": "NORMAL",
+ "ouid": "0",
+ "ogid": "42",
+ "rdev": "00:00",
+ "dev": "08:01",
+ "item": "0",
+ "mode": "0100644",
+ "inode": "402038",
+ "name": "/etc/shadow"
+ }
+ ],
+ "sequence": 1167,
+ "summary": {
+ "how": "/usr/lib/x86_64-linux-gnu/libexec/kcheckpass",
+ "object": {
+ "type": "file",
+ "primary": "/etc/shadow"
+ },
+ "actor": {
+ "primary": "vagrant",
+ "secondary": "vagrant"
+ }
+ },
+ "session": "3",
+ "result": "success",
+ "data": {
+ "tty": "(none)",
+ "syscall": "open",
+ "a1": "80000",
+ "a0": "7f4bdc9aa7f1",
+ "a3": "80000",
+ "a2": "1b6",
+ "exit": "3",
+ "arch": "x86_64"
+ }
+ },
+ "beat": {
+ "hostname": "shaw54-AGT-1-auto-grading-tracer-client-1",
+ "name": "shaw54-AGT-1-auto-grading-tracer-client-1",
+ "version": "6.8.6"
+ },
+ "host": {
+ "name": "shaw54-AGT-1-auto-grading-tracer-client-1"
+ },
+ "user": {
+ "fsuid": "1000",
+ "auid": "1000",
+ "uid": "1000",
+ "name_map": {
+ "fsuid": "vagrant",
+ "auid": "vagrant",
+ "uid": "vagrant",
+ "suid": "vagrant",
+ "fsgid": "vagrant",
+ "egid": "vagrant",
+ "euid": "vagrant",
+ "gid": "vagrant",
+ "sgid": "vagrant"
+ },
+ "suid": "1000",
+ "fsgid": "1000",
+ "egid": "1000",
+ "euid": "1000",
+ "gid": "1000",
+ "sgid": "1000"
+ },
+ "file": {
+ "group": "shadow",
+ "uid": "0",
+ "owner": "root",
+ "gid": "42",
+ "mode": "0644",
+ "device": "00:00",
+ "path": "/etc/shadow",
+ "inode": "402038"
+ },
+ "combined_path": "/home/vagrant//etc/shadow",
+ "num_matches": 6,
+ "_id": "Aw-AfXABD6uZtrW12ewa",
+ "@version": "1",
+ "event": {
+ "action": "opened-file",
+ "category": "audit-rule",
+ "type": "syscall",
+ "module": "auditd"
+ }
+ }
+]
diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert-index.rb b/modules/utilities/unix/logging/elastalert/files/elastalert-index.rb
new file mode 100644
index 000000000..6192a1c4f
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/files/elastalert-index.rb
@@ -0,0 +1,18 @@
+require 'fileutils'
+require 'open3'
+
+@registered_file = '/ea'
+
+def already_registered?
+ File.file? @registered_file
+end
+
+until already_registered?
+ stdout, _, _ = Open3.capture3("/usr/local/bin/elastalert-create-index")
+ if stdout.include? 'New index elastalert_status created' or stdout.include? 'Index elastalert_status already exists'
+ FileUtils.touch @registered_file
+ end
+ sleep(15)
+end
+
+exit(0)
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert-index.service b/modules/utilities/unix/logging/elastalert/files/elastalert-index.service
new file mode 100644
index 000000000..7290aba68
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/files/elastalert-index.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Elastalert index creation
+
+[Service]
+EnvironmentFile=/etc/environment
+ExecStart=/usr/bin/ruby /usr/local/bin/elastalert-index.rb
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+WorkingDirectory=/opt/elastalert
+Restart=always
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert.diff b/modules/utilities/unix/logging/elastalert/files/elastalert.diff
new file mode 100644
index 000000000..4d1ab86cd
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/files/elastalert.diff
@@ -0,0 +1,17 @@
+diff --git a/elastalert/alerts.py b/elastalert/alerts.py
+index d3ee892d4..84b0ae482 100644
+--- a/elastalert/alerts.py
++++ b/elastalert/alerts.py
+@@ -918,10 +918,10 @@ def alert(self, matches):
+
+ if self.rule.get('pipe_match_json'):
+ match_json = json.dumps(matches, cls=DateTimeEncoder) + '\n'
+- stdout, stderr = subp.communicate(input=match_json)
++ stdout, stderr = subp.communicate(input=match_json.encode())
+ elif self.rule.get('pipe_alert_text'):
+ alert_text = self.create_alert_body(matches)
+- stdout, stderr = subp.communicate(input=alert_text)
++ stdout, stderr = subp.communicate(input=alert_text.encode())
+ if self.rule.get("fail_on_non_zero_exit", False) and subp.wait():
+ raise EAException("Non-zero exit code while running command %s" % (' '.join(command)))
+ except OSError as e:
diff --git a/modules/utilities/unix/logging/elastalert/files/elastalert.service b/modules/utilities/unix/logging/elastalert/files/elastalert.service
new file mode 100644
index 000000000..1f499fcd2
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/files/elastalert.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Elastalert
+After=elasticsearch.service
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/elastalert
+ExecStart=/usr/bin/python3 -m elastalert.elastalert --verbose --config /opt/elastalert/config.yaml
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/files/exec_alerter.py b/modules/utilities/unix/logging/elastalert/files/exec_alerter.py
new file mode 100644
index 000000000..290d9fd3b
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/files/exec_alerter.py
@@ -0,0 +1,64 @@
+import copy
+import datetime
+import json
+import logging
+import os
+import re
+import subprocess
+import sys
+import time
+import uuid
+import warnings
+
+from elastalert.alerts import Alerter, BasicMatchString, DateTimeEncoder
+
+from elastalert.util import EAException
+from elastalert.util import elastalert_logger
+from elastalert.util import lookup_es_key
+from elastalert.util import pretty_ts
+from elastalert.util import resolve_string
+from elastalert.util import ts_now
+from elastalert.util import ts_to_dt
+
+class ExecAlerter(Alerter):
+ required_options = set(['command'])
+
+ def __init__(self, rule):
+ super(ExecAlerter, self).__init__(rule)
+
+ self.last_command = []
+
+ self.shell = False
+ if isinstance(self.rule['command'], str):
+ self.shell = True
+ if '%' in self.rule['command']:
+ logging.warning('Warning! You could be vulnerable to shell injection!')
+ self.rule['command'] = [self.rule['command']]
+
+ self.new_style_string_format = False
+ if 'new_style_string_format' in self.rule and self.rule['new_style_string_format']:
+ self.new_style_string_format = True
+
+ def alert(self, matches):
+ # Format the command and arguments
+ try:
+ command = [resolve_string(command_arg, matches[0]) for command_arg in self.rule['command']]
+ self.last_command = command
+ except KeyError as e:
+ raise EAException("Error formatting command: %s" % (e))
+
+ # Run command and pipe data
+ try:
+ subp = subprocess.Popen(command, stdin=subprocess.PIPE, shell=self.shell)
+ match_json = json.dumps(matches, cls=DateTimeEncoder) + '\n'
+ match_json = match_json.encode()
+ input_string = self.rule['name'] + ":||:" + match_json
+ stdout, stderr = subp.communicate(input=input_string)
+ if self.rule.get("fail_on_non_zero_exit", False) and subp.wait():
+ raise EAException("Non-zero exit code while running command %s" % (' '.join(command)))
+ except OSError as e:
+ raise EAException("Error while running command %s: %s" % (' '.join(command), e))
+
+ def get_info(self):
+ return {'type': 'command',
+ 'command': ' '.join(self.last_command)}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/files/rules/example-rule.yaml b/modules/utilities/unix/logging/elastalert/files/rules/example-rule.yaml
new file mode 100644
index 000000000..53c218a68
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/files/rules/example-rule.yaml
@@ -0,0 +1,13 @@
+name: example-rule
+type: any
+index: auditbeat-*
+filter:
+ - query:
+ query_string:
+ query: "combined_path: \"/home/vagrant/testfile\""
+alert:
+ - "elastalert.modules.alerter.exec.ExecAlerter"
+command: ["/usr/bin/ruby", "/opt/alert_actioner/alert_router.rb"]
+pipe_match_json: true
+realert:
+ minutes: 0
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/manifests/config.pp b/modules/utilities/unix/logging/elastalert/manifests/config.pp
new file mode 100644
index 000000000..d5a12b3bf
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/manifests/config.pp
@@ -0,0 +1,49 @@
+class elastalert::config ($elasticsearch_ip,
+ $elasticsearch_port,
+ $installdir = '/opt/elastalert/',
+ $source='http://github.com/Yelp/elastalert',
+ $rules_dir = '/opt/elastalert/rules',
+ $tmp_rules_dir = '/opt/elastalert/tmp_rules') { # TODO: change this to automatically copy once we've got all rules working
+ file { '/opt/elastalert/config.yaml':
+ ensure => file,
+ content => template('elastalert/config.yaml.erb'),
+ require => File[$installdir],
+ }
+
+ file { $rules_dir:
+ ensure => directory,
+ }
+
+ # Load the rules
+ # TODO: (Remove me after dev) Manually copy the rules we've
+ # TODO: (Remove me after dev) update me to $rules_dir once we've got full working rules
+ file { $tmp_rules_dir:
+ ensure => directory,
+ recurse => true,
+ source => 'puppet:///modules/elastalert/rules/',
+ require => File[$installdir],
+ }
+
+ # TODO: (Remove me after dev) Currently manually copies complete rules into the correct rules directory
+ exec { 'tmp copy working ea rules':
+ command => "/bin/cp $tmp_rules_dir/*rf* $rules_dir/.",
+ require => [File[$tmp_rules_dir], File[$rules_dir]]
+ }
+
+ # Move the custom alerter (outputs rulename:alert)
+ file { ['/opt/elastalert/elastalert/', '/opt/elastalert/elastalert/modules/', '/opt/elastalert/elastalert/modules/alerter/']:
+ ensure => directory,
+ }
+
+ file { ['/opt/elastalert/elastalert/modules/__init__.py','/opt/elastalert/elastalert/modules/alerter/__init__.py']:
+ ensure => file,
+ require => File['/opt/elastalert/elastalert/modules/alerter/'],
+ }
+
+ file { '/opt/elastalert/elastalert/modules/alerter/exec.py':
+ ensure => file,
+ source => 'puppet:///modules/elastalert/exec_alerter.py',
+ require => File['/opt/elastalert/elastalert/modules/alerter/'],
+ }
+
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/manifests/init.pp b/modules/utilities/unix/logging/elastalert/manifests/init.pp
new file mode 100644
index 000000000..bef688de6
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/manifests/init.pp
@@ -0,0 +1,15 @@
+class elastalert ($elasticsearch_ip, $elasticsearch_port) {
+ class { 'elastalert::install':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ }
+ ~>
+ class {'elastalert::config':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ }~>
+ class {'elastalert::service':
+ elasticsearch_ip => $elasticsearch_ip,
+ elasticsearch_port => $elasticsearch_port,
+ }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/elastalert/manifests/install.pp b/modules/utilities/unix/logging/elastalert/manifests/install.pp
new file mode 100644
index 000000000..3a530ebff
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/manifests/install.pp
@@ -0,0 +1,29 @@
+class elastalert::install ($elasticsearch_ip, $elasticsearch_port,$installdir = '/opt/elastalert/', $source='http://github.com/Yelp/elastalert') {
+ Exec { path => ['/bin', '/usr/bin', '/usr/local/bin', '/sbin', '/usr/sbin'] }
+
+ ensure_packages(['python3-pip','build-essential','libssl-dev','libffi-dev','python-dev'])
+ ensure_packages(['PyYAML>=5.1','elastalert'], { provider => 'pip3', require => [Package['python3-pip']] })
+
+ # Create directory to install into TODO: Change this to another variable name. Should put configs in /etc/ probably if we're installing via...
+ file { $installdir:
+ ensure => directory,
+ }
+
+ # Clone elastalert from Github
+ vcsrepo { 'elastalert':
+ ensure => present,
+ provider => git,
+ path => $installdir,
+ source => $source,
+ require => File[$installdir],
+ # TODO: test with the latest version
+ # revision => '98c7867', # reset to 0.1.39
+ }
+
+ # exec { 'setup.py install':
+ # command => '/usr/bin/python2.7 setup.py install',
+ # cwd => '/opt/elastalert',
+ # require => Vcsrepo['elastalert'],
+ # }
+
+}
diff --git a/modules/utilities/unix/logging/elastalert/manifests/service.pp b/modules/utilities/unix/logging/elastalert/manifests/service.pp
new file mode 100644
index 000000000..b00914f9b
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/manifests/service.pp
@@ -0,0 +1,36 @@
+class elastalert::service ($elasticsearch_ip,
+ $elasticsearch_port,
+ $ea_service_file = '/etc/systemd/system/elastalert.service'){
+
+ file { $ea_service_file:
+ ensure => file,
+ source => 'puppet:///modules/elastalert/elastalert.service',
+ }
+
+ service { 'elastalert':
+ ensure => undef,
+ enable => true,
+ provider => 'systemd',
+ path => '/etc/systemd/system/',
+ require => File[$ea_service_file],
+ }
+
+ # Service to automatically create elastalert index, runs after reboot
+ file { '/etc/systemd/system/elastalert-index.service':
+ ensure => present,
+ source => 'puppet:///modules/elastalert/elastalert-index.service'
+ }
+
+ file { '/usr/local/bin/elastalert-index.rb':
+ ensure => file,
+ source => 'puppet:///modules/elastalert/elastalert-index.rb',
+ }
+
+ service { 'elastalert-index':
+ ensure => undef,
+ enable => true,
+ require => [File['/usr/local/bin/elastalert-index.rb'], File['/etc/systemd/system/elastalert-index.service']],
+ provider => 'systemd',
+ path => '/etc/systemd/system/'
+ }
+}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/watcher/secgen_metadata.xml b/modules/utilities/unix/logging/elastalert/secgen_metadata.xml
similarity index 80%
rename from modules/utilities/unix/logging/watcher/secgen_metadata.xml
rename to modules/utilities/unix/logging/elastalert/secgen_metadata.xml
index fcb8b8106..9eedf1ce6 100644
--- a/modules/utilities/unix/logging/watcher/secgen_metadata.xml
+++ b/modules/utilities/unix/logging/elastalert/secgen_metadata.xml
@@ -3,9 +3,8 @@
- Watcher
+ Elastalert
Thomas Shaw
- Elastic
Apache v2
TODO
@@ -28,7 +27,12 @@
- .*elasticsearch
+ Git VCS
+
+
+
+
+ .*elasticsearch_7
diff --git a/modules/utilities/unix/logging/elastalert/templates/config.yaml.erb b/modules/utilities/unix/logging/elastalert/templates/config.yaml.erb
new file mode 100644
index 000000000..d42126387
--- /dev/null
+++ b/modules/utilities/unix/logging/elastalert/templates/config.yaml.erb
@@ -0,0 +1,115 @@
+# This is the folder that contains the rule yaml files
+# Any .yaml file will be loaded as a rule
+rules_folder: /opt/elastalert/rules/
+
+# How often ElastAlert will query Elasticsearch
+# The unit can be anything from weeks to seconds
+run_every:
+ seconds: 1
+
+# ElastAlert will buffer results from the most recent
+# period of time, in case some log sources are not in real time
+buffer_time:
+ minutes: 15
+
+# The Elasticsearch hostname for metadata writeback
+# Note that every rule can have its own Elasticsearch host
+es_host: <%= @elasticsearch_ip -%>
+
+# The Elasticsearch port
+es_port: <%= @elasticsearch_port -%>
+
+# The AWS region to use. Set this when using AWS-managed elasticsearch
+#aws_region: us-east-1
+
+# The AWS profile to use. Use this if you are using an aws-cli profile.
+# See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
+# for details
+#profile: test
+
+# Optional URL prefix for Elasticsearch
+#es_url_prefix: elasticsearch
+
+# Connect with TLS to Elasticsearch
+#use_ssl: True
+
+# Verify TLS certificates
+#verify_certs: True
+
+# GET request with body is the default option for Elasticsearch.
+# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
+# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
+# for details
+#es_send_get_body_as: GET
+
+# Option basic-auth username and password for Elasticsearch
+#es_username: someusername
+#es_password: somepassword
+
+# Use SSL authentication with client certificates client_cert must be
+# a pem file containing both cert and key for client
+#verify_certs: True
+#ca_certs: /path/to/cacert.pem
+#client_cert: /path/to/client_cert.pem
+#client_key: /path/to/client_key.key
+
+# The index on es_host which is used for metadata storage
+# This can be a unmapped index, but it is recommended that you run
+# elastalert-create-index to set a mapping
+writeback_index: elastalert_status
+writeback_alias: elastalert_alerts
+
+# If an alert fails for some reason, ElastAlert will retry
+# sending the alert until this time period has elapsed
+alert_time_limit:
+ days: 2
+
+# Custom logging configuration
+# If you want to setup your own logging configuration to log into
+# files as well or to Logstash and/or modify log levels, use
+# the configuration below and adjust to your needs.
+# Note: if you run ElastAlert with --verbose/--debug, the log level of
+# the "elastalert" logger is changed to INFO, if not already INFO/DEBUG.
+#logging:
+# version: 1
+# incremental: false
+# disable_existing_loggers: false
+# formatters:
+# logline:
+# format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s'
+#
+# handlers:
+# console:
+# class: logging.StreamHandler
+# formatter: logline
+# level: DEBUG
+# stream: ext://sys.stderr
+#
+# file:
+# class : logging.FileHandler
+# formatter: logline
+# level: DEBUG
+# filename: elastalert.log
+#
+# loggers:
+# elastalert:
+# level: WARN
+# handlers: []
+# propagate: true
+#
+# elasticsearch:
+# level: WARN
+# handlers: []
+# propagate: true
+#
+# elasticsearch.trace:
+# level: WARN
+# handlers: []
+# propagate: true
+#
+# '': # root logger
+# level: WARN
+# handlers:
+# - console
+# - file
+# propagate: false
diff --git a/modules/utilities/unix/logging/elasticsearch/elasticsearch.pp b/modules/utilities/unix/logging/elasticsearch/elasticsearch.pp
deleted file mode 100644
index 482ffa5d2..000000000
--- a/modules/utilities/unix/logging/elasticsearch/elasticsearch.pp
+++ /dev/null
@@ -1,18 +0,0 @@
-$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
-$elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
-$elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
-
-include ::java
-
-class { 'elasticsearch':
- api_host => $elasticsearch_ip,
- api_port => $elasticsearch_port,
-}
-
-elasticsearch::instance { 'es-01':
- config => {
- 'network.host' => $elasticsearch_ip,
- 'http.port' => $elasticsearch_port,
- },
-}
-
diff --git a/modules/utilities/unix/logging/filebeat/.pmtignore b/modules/utilities/unix/logging/filebeat/.pmtignore
new file mode 100644
index 000000000..fb5895753
--- /dev/null
+++ b/modules/utilities/unix/logging/filebeat/.pmtignore
@@ -0,0 +1,20 @@
+docs/
+pkg/
+Gemfile.lock
+Gemfile.local
+vendor/
+.vendor/
+spec/fixtures/manifests/
+spec/fixtures/modules/
+.vagrant/
+.bundle/
+.ruby-version
+coverage/
+log/
+.idea/
+.dependencies/
+.librarian/
+Puppetfile.lock
+*.iml
+.*.sw?
+.yardoc/
diff --git a/modules/utilities/unix/logging/filebeat/.puppet-lint.rc b/modules/utilities/unix/logging/filebeat/.puppet-lint.rc
new file mode 100644
index 000000000..cc96ece05
--- /dev/null
+++ b/modules/utilities/unix/logging/filebeat/.puppet-lint.rc
@@ -0,0 +1 @@
+--relative
diff --git a/modules/utilities/unix/logging/filebeat/.sync.yml b/modules/utilities/unix/logging/filebeat/.sync.yml
new file mode 100644
index 000000000..d466c65f6
--- /dev/null
+++ b/modules/utilities/unix/logging/filebeat/.sync.yml
@@ -0,0 +1,5 @@
+mock_with: ':mocha'
+
+.travis.yml:
+ user: pcfens
+ secure: "z1SbP/Hisr5k66XL/ACLsZ/fG7cCpwl8apjZzt/YciWizwReioU2EkLr5tvXdUC10aIH6H7XBdA9XwPqwXa81cIqcdIHlRMIbosMUGYaXcUm1xhctB3GvEDqsxFqdZSHYXax+IR6Wt507Eop+iU3S5pf/zJcp4uSKQVapCMoeVCEQYLRwllgeaqtEUZwqOUwPk31C4YZxwrzmgbIVyXmPrp3SDToXaQm4S4RkayOqHH2lYi8isz3IPPQvDZY5681TBpo35AbsIRbhiLzGlBHbgRaE2dz7J1Gs8MBGFyrtDaPtc9UpbgEmyxgmaPs3NIeZkmfVoosjt2AHRsoMZB7ntaPAQ20mk44ugMhxd5HX8t7QdLPiYQqgA3O4QfKraxPzdEjYVs9Pf7BBgY4JpGSOAD3dlWNK0U40MzKe74cj6dshg9SfIdyf3M3MmI0KIIvdKhpgl8mSIL8MCWjnYYNpQMQDFgyrXvePnkPVlt7zlBxn+LJFFx3VLGNfSWbKavITM/nrvjpFkQZ34mPHTtTUYnT6HVehtwPd5x6ILqYcppEeeiloa4uLWhW/vg0wAOdOBv2IALdAqRMC56ODPK33gFRkX+CclsegtOh2In407njbXXZBQrY5h3SXuEVxZcFhGVTxJIV29viuWFSm7VF0a7IUmEbVrM23bqeaM+aOgs="
diff --git a/modules/utilities/unix/logging/filebeat/CHANGELOG.md b/modules/utilities/unix/logging/filebeat/CHANGELOG.md
index bdc70944b..e50528feb 100644
--- a/modules/utilities/unix/logging/filebeat/CHANGELOG.md
+++ b/modules/utilities/unix/logging/filebeat/CHANGELOG.md
@@ -2,7 +2,152 @@ Changelog
=========
## Unreleased
-[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.2.2...HEAD)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.7.1...HEAD)
+
+## [v4.8.0](https://github.com/pcfens/puppet-filebeat/tree/v4.8.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.7.0...v4.8.0)
+
+- Update powershell dependency constraints [\#268](https://github.com/pcfens/puppet-filebeat/pull/268)
+- Support ES cloud credentials [\267](https://github.com/pcfens/puppet-filebeat/pull/267)
+
+## [v4.7.0](https://github.com/pcfens/puppet-filebeat/tree/v4.7.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.6.0...v4.7.0)
+
+- Add `extra_validation_options` when validating the config [\#265](https://github.com/pcfens/puppet-filebeat/pull/265)
+
+## [v4.6.0](https://github.com/pcfens/puppet-filebeat/tree/v4.6.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.5.0...v4.6.0)
+
+- Allow processors to be applied to all inputs, and consolidated common configuration [\#260](https://github.com/pcfens/puppet-filebeat/pull/260)
+
+## [v4.5.0](https://github.com/pcfens/puppet-filebeat/tree/v4.5.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.4.2...v4.5.0)
+
+- Restart filebeat when config files are removed [\#258](https://github.com/pcfens/puppet-filebeat/pull/258)
+- Support TCP and UDP input plugins [\#259](https://github.com/pcfens/puppet-filebeat/pull/259)
+
+## [v4.4.2](https://github.com/pcfens/puppet-filebeat/tree/v4.4.2)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.4.1...v4.4.2)
+
+- Fix empty monitoring parameter [\#257](https://github.com/pcfens/puppet-filebeat/issues/257)
+
+## [v4.4.1](https://github.com/pcfens/puppet-filebeat/tree/v4.4.1)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.4.0...v4.4.1)
+
+- Fix powershell module version dependency [\#256](https://github.com/pcfens/puppet-filebeat/pull/256
+
+## [v4.4.0](https://github.com/pcfens/puppet-filebeat/tree/v4.4.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.3.1...v4.4.0)
+
+- Add the ability to supply the monitoring.* of the config file [\#252](https://github.com/pcfens/puppet-filebeat/issues/252)
+- Add support for Windows Server 2016 and 2019 Core editions [\#255](https://github.com/pcfens/puppet-filebeat/pull/255)
+
+## [v4.3.1](https://github.com/pcfens/puppet-filebeat/tree/v4.3.1)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.3.0...v4.3.1)
+
+- Allow fields and tags to be defined for any input type [\#249](https://github.com/pcfens/puppet-filebeat/pull/249)
+
+## [v4.3.0](https://github.com/pcfens/puppet-filebeat/tree/v4.3.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.2.0...v4.3.0)
+
+- Support setting index index lifecycle policy [\#238](https://github.com/pcfens/puppet-filebeat/pull/238)
+- Support logging overrides with Puppet older than 6.1 [\#241](https://github.com/pcfens/puppet-filebeat/pull/241)
+- Allow inputs to be defined using just a hash (supports open ended inputs) [\#236](https://github.com/pcfens/puppet-filebeat/pull/236)
+
+
+## [v4.2.0](https://github.com/pcfens/puppet-filebeat/tree/v4.2.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.1.2...v4.2.0)
+
+- Fix regression of processors type
+- Add support for syslog inputs [\#232](https://github.com/pcfens/puppet-filebeat/pull/233)
+- Upgrade PDK to 1.15.0
+
+## [v4.1.2](https://github.com/pcfens/puppet-filebeat/tree/v4.1.2)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.1.1...v4.1.2)
+
+- Fix hardocded path to yum [\#229](https://github.com/pcfens/puppet-filebeat/pull/229)
+
+## [v4.1.1](https://github.com/pcfens/puppet-filebeat/tree/v4.1.1)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.1.0...v4.1.1)
+
+- Support old versions of filebeat for a version fact only [\#227](https://github.com/pcfens/puppet-filebeat/pull/227)
+- Fix the processor input data type [\#228](https://github.com/pcfens/puppet-filebeat/issues/228)
+
+## [v4.1.0](https://github.com/pcfens/puppet-filebeat/tree/v4.1.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.5...v4.1.0)
+
+- Allow for override of the default systemd logging options [\#223](https://github.com/pcfens/puppet-filebeat/pull/223)
+
+## [v4.0.5](https://github.com/pcfens/puppet-filebeat/tree/v4.0.5)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.4...v4.0.5)
+
+- Update metadata for apt and stdlib modules [\#220](https://github.com/pcfens/puppet-filebeat/pull/220)
+- Fix README typo [\#221](https://github.com/pcfens/puppet-filebeat/pull/221)
+
+
+## [v4.0.4](https://github.com/pcfens/puppet-filebeat/tree/v4.0.4)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.3...v4.0.4)
+
+- Validate configuration in Windows [\#219](https://github.com/pcfens/puppet-filebeat/pull/219)
+
+## [v4.0.3](https://github.com/pcfens/puppet-filebeat/tree/v4.0.3)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.2...v4.0.3)
+
+- Fix `filebeat_version` fact on Windows [\#218](https://github.com/pcfens/puppet-filebeat/pull/218)
+
+## [v4.0.2](https://github.com/pcfens/puppet-filebeat/tree/v4.0.2)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.1...v4.0.2)
+
+- Clear the yum cache whenever we modify the yum repo config [\#217](https://github.com/pcfens/puppet-filebeat/issues/217)
+
+## [v4.0.1](https://github.com/pcfens/puppet-filebeat/tree/v4.0.1)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v4.0.0...v4.0.1)
+
+- Fix unit tests [\#216](https://github.com/pcfens/puppet-filebeat/pull/213)
+- Fix fresh install regression [\#217](https://github.com/pcfens/puppet-filebeat/pull/216)
+
+
+## [v4.0.0](https://github.com/pcfens/puppet-filebeat/tree/v4.0.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.4.0...v4.0.0)
+
+- Switch from `filebeat::prospector` to `filebeat::input` to reflect the changes
+ in the upstream filebeat configuration.
+- Add support for Filebeat 7
+- Remove support for `registry_file` and `registry_flush` settings (removed in 7.x)
+- Remove `queue_size` parameter
+
+## [v3.4.0](https://github.com/pcfens/puppet-filebeat/tree/v3.4.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.3...v3.4.0)
+
+- Add filebeat.config.modules section [\#204](https://github.com/pcfens/puppet-filebeat/pull/204)
+- Fix filebeat::prospector::fields_under_root [\#205](https://github.com/pcfens/puppet-filebeat/pull/205)
+
+## [v3.3.3](https://github.com/pcfens/puppet-filebeat/tree/v3.3.3)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.2...v3.3.3)
+
+- Add a harvester limit [\#196](https://github.com/pcfens/puppet-filebeat/pull/196)
+- Fix documentaion error [\#198](https://github.com/pcfens/puppet-filebeat/issues/198)
+- Fix Puppet 4.10 undefined method error [\#199](https://github.com/pcfens/puppet-filebeat/pull/199)
+
+## [v3.3.2](https://github.com/pcfens/puppet-filebeat/tree/v3.3.2)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.1...v3.3.2)
+
+- Produce valid YAML for prospectors [\#193](https://github.com/pcfens/puppet-filebeat/pull/193)
+- Upgrade to PDK 1.7.1
+- Add tests for Puppet 6
+- Add Puppet 6 support to metadata
+
+## [v3.3.1](https://github.com/pcfens/puppet-filebeat/tree/v3.3.1)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.3.0...v3.3.1)
+
+- Add a new `manage_apt` flag for disabling the inclusion of puppetlabs/apt [\#185](https://github.com/pcfens/puppet-filebeat/pull/185)
+
+## [v3.3.0](https://github.com/pcfens/puppet-filebeat/tree/v3.3.0)
+[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.2.2...v3.3.0)
+
+- Allow use of puppet/archive 3.x [\#190](https://github.com/pcfens/puppet-filebeat/pull/190)
+- Add support for Docker inputs [\#191](https://github.com/pcfens/puppet-filebeat/pull/191)
+- Support puppetlabs/stdlib 5.x
## [v3.2.2](https://github.com/pcfens/puppet-filebeat/tree/v3.2.2)
[Full Changelog](https://github.com/pcfens/puppet-filebeat/compare/v3.2.1...v3.2.2)
diff --git a/modules/utilities/unix/logging/filebeat/README.md b/modules/utilities/unix/logging/filebeat/README.md
index beb52d8e1..cea94faff 100644
--- a/modules/utilities/unix/logging/filebeat/README.md
+++ b/modules/utilities/unix/logging/filebeat/README.md
@@ -10,12 +10,13 @@
- [Setup requirements](#setup-requirements)
- [Beginning with filebeat](#beginning-with-filebeat)
3. [Usage - Configuration options and additional functionality](#usage)
- - [Adding a prospector](#adding-a-prospector)
+ - [Adding an Input](#adding-an-input)
- [Multiline Logs](#multiline-logs)
- [JSON logs](#json-logs)
- - [Prospectors in hiera](#prospectors-in-hiera)
+ - [Inputs in hiera](#inputs-in-hiera)
- [Usage on Windows](#usage-on-windows)
- [Processors](#processors)
+ - [Index Lifecycle Management](#index-lifecycle-management)
4. [Reference](#reference)
- [Public Classes](#public-classes)
- [Private Classes](#private-classes)
@@ -36,9 +37,12 @@ The `filebeat` module installs and configures the [filebeat log shipper](https:/
By default `filebeat` adds a software repository to your system, and installs filebeat along
with required configurations.
-### Upgrading to Filebeat 6.x
+### Upgrading to Filebeat 7.x
-To upgrade to Filebeat 6.x, simply set `$filebeat::major_version` to `6` and `$filebeat::package_ensure` to `latest` (or whichever version of 6.x you want, just not present).
+To upgrade to Filebeat 7.x, simply set `$filebeat::major_version` to `7` and `$filebeat::package_ensure` to `latest` (or whichever version of 7.x you want, just not present).
+
+You'll also need to change instances of `filebeat::prospector` to `filebeat::input` when upgrading to version 4.x of
+this module.
### Setup Requirements
@@ -66,7 +70,6 @@ class { 'filebeat':
'http://anotherserver:9200'
],
'loadbalance' => true,
- 'index' => 'packetbeat',
'cas' => [
'/etc/pki/root/ca.pem',
],
@@ -96,18 +99,18 @@ class { 'filebeat':
[logging](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-configuration-details.html#configuration-logging) options
can be configured the same way, and are documented on the [elastic website](https://www.elastic.co/guide/en/beats/filebeat/current/index.html).
-### Adding a prospector
+### Adding an Input
-Prospectors are processes that ship log files to elasticsearch or logstash. They can
+Inputs are processes that ship log files to elasticsearch or logstash. They can
be defined as a hash added to the class declaration (also used for automatically creating
-prospectors using hiera), or as their own defined resources.
+input using hiera), or as their own defined resources.
At a minimum, the `paths` parameter must be set to an array of files or blobs that should
be shipped. `doc_type` is what logstash views as the type parameter if you'd like to
apply conditional filters.
```puppet
-filebeat::prospector { 'syslogs':
+filebeat::input { 'syslogs':
paths => [
'/var/log/auth.log',
'/var/log/syslog',
@@ -118,23 +121,26 @@ filebeat::prospector { 'syslogs':
#### Multiline Logs
-Filebeat prospectors can handle multiline log entries. The `multiline`
+Filebeat inputs can handle multiline log entries. The `multiline`
parameter accepts a hash containing `pattern`, `negate`, `match`, `max_lines`, and `timeout`
as documented in the filebeat [configuration documentation](https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html).
#### JSON Logs
-Filebeat prospectors (versions >= 5.0) can natively decode JSON objects if they are stored one per line. The `json`
+Filebeat inputs (versions >= 5.0) can natively decode JSON objects if they are stored one per line. The `json`
parameter accepts a hash containing `message_key`, `keys_under_root`, `overwrite_keys`, and `add_error_key`
as documented in the filebeat [configuration documentation](https://www.elastic.co/guide/en/beats/filebeat/5.5/configuration-filebeat-options.html#config-json).
-### Prospectors in Hiera
+### Inputs in Hiera
-Prospectors can be defined in hiera using the `prospectors` parameter. By default, hiera will not merge
-prospector declarations down the hiera hierarchy. That behavior can be changed by configuring the
+Inputs can be defined in hiera using the `inputs` parameter. By default, hiera will not merge
+input declarations down the hiera hierarchy. That behavior can be changed by configuring the
[lookup_options](https://docs.puppet.com/puppet/latest/reference/lookup_quick.html#setting-lookupoptions-in-data)
flag.
+`inputs` can be a Hash that will follow all the parameters listed on this documentation or an
+Array that will output as is to the input config file.
+
### Usage on Windows
When installing on Windows, this module will download the windows version of Filebeat from
@@ -152,41 +158,49 @@ processors using hiera), or as their own defined resources.
To drop the offset and input_type fields from all events:
```puppet
-class{"filebeat":
- processors => {
- "drop_fields" => {
- "params" => {"fields" => ["input_type", "offset"]}
- },
- },
+class {'filebeat':
+ processors => [
+ {
+ 'drop_fields' => {
+ 'fields' => ['input_type', 'offset'],
+ }
+ }
+ ],
}
```
To drop all events that have the http response code equal to 200:
-
+input
```puppet
-class{"filebeat":
- processors => {
- "drop_event" => {
- "when" => {"equals" => {"http.code" => 200}}
- },
- },
+class {'filebeat':
+ processors => [
+ {
+ 'drop_event' => {
+ 'when' => {'equals' => {'http.code' => 200}}
+ }
+ }
+ ],
}
```
Now to combine these examples into a single definition:
```puppet
-class{"filebeat":
- processors => {
- "drop_fields" => {
- "params" => {"fields" => ["input_type", "offset"]},
- "priority" => 1,
+class {'filebeat':
+ processors => [
+ {
+ 'drop_fields' => {
+ 'params' => {'fields' => ['input_type', 'offset']},
+ 'priority' => 1,
+ }
},
- "drop_event" => {
- "when" => {"equals" => {"http.code" => 200}},
- "priority: => 2,
- },
- },
+ {
+ 'drop_event' => {
+ 'when' => {'equals' => {'http.code' => 200}},
+ 'priority' => 2,
+ }
+ }
+ ],
}
```
@@ -199,6 +213,22 @@ processor declarations down the hiera hierarchy. That behavior can be changed by
[lookup_options](https://docs.puppet.com/puppet/latest/reference/lookup_quick.html#setting-lookupoptions-in-data)
flag.
+### Index Lifecycle Management
+
+You can override the default filebeat ILM policy by specifying `ilm.policy` hash in `filebeat::setup` parameter:
+
+```
+filebeat::setup:
+ ilm.policy:
+ phases:
+ hot:
+ min_age: "0ms"
+ actions:
+ rollover:
+ max_size: "10gb"
+ max_age: "1d"
+```
+
## Reference
- [**Public Classes**](#public-classes)
- [Class: filebeat](#class-filebeat)
@@ -211,7 +241,7 @@ flag.
- [Class: filebeat::install::linux](#class-filebeatinstalllinux)
- [Class: filebeat::install::windows](#class-filebeatinstallwindows)
- [**Public Defines**](#public-defines)
- - [Define: filebeat::prospector](#define-filebeatprospector)
+ - [Define: filebeat::input](#define-filebeatinput)
- [Define: filebeat::processors](#define-filebeatprocessor)
### Public Classes
@@ -222,32 +252,36 @@ Installs and configures filebeat.
**Parameters within `filebeat`**
- `package_ensure`: [String] The ensure parameter for the filebeat package If set to absent,
- prospectors and processors passed as parameters are ignored and everything managed by
+ inputs and processors passed as parameters are ignored and everything managed by
puppet will be removed. (default: present)
- `manage_repo`: [Boolean] Whether or not the upstream (elastic) repo should be configured or not (default: true)
-- `major_version`: [Enum] The major version of Filebeat to install. Should be either `5` or `6`. The default value is `5`.
+- `major_version`: [Enum] The major version of Filebeat to install. Should be either `'5'` or `'6'`. The default value is `'6'`, except
+ for OpenBSD 6.3 and earlier, which has a default value of `'5'`.
- `service_ensure`: [String] The ensure parameter on the filebeat service (default: running)
- `service_enable`: [String] The enable parameter on the filebeat service (default: true)
- `param repo_priority`: [Integer] Repository priority. yum and apt supported (default: undef)
- `service_provider`: [String] The provider parameter on the filebeat service (default: on RedHat based systems use redhat, otherwise undefined)
- `spool_size`: [Integer] How large the spool should grow before being flushed to the network (default: 2048)
- `idle_timeout`: [String] How often the spooler should be flushed even if spool size isn't reached (default: 5s)
-- `publish_async`: [Boolean] If set to true filebeat will publish while preparing the next batch of lines to transmit (defualt: false)
-- `registry_file`: [String] The registry file used to store positions, must be an absolute path (default is OS dependent - see params.pp)
+- `publish_async`: [Boolean] If set to true filebeat will publish while preparing the next batch of lines to transmit (default: false)
- `config_file`: [String] Where the configuration file managed by this module should be placed. If you think
you might want to use this, read the [limitations](#using-config_file) first. Defaults to the location
that filebeat expects for your operating system.
-- `config_dir`: [String] The directory where prospectors should be defined (default: /etc/filebeat/conf.d)
+- `config_dir`: [String] The directory where inputs should be defined (default: /etc/filebeat/conf.d)
- `config_dir_mode`: [String] The permissions mode set on the configuration directory (default: 0755)
- `config_dir_owner`: [String] The owner of the configuration directory (default: root). Linux only.
- `config_dir_group`: [String] The group of the configuration directory (default: root). Linux only.
- `config_file_mode`: [String] The permissions mode set on configuration files (default: 0644)
-- `config_file_owner`: [String] The owner of the configuration files, including prospectors (default: root). Linux only.
-- `config_file_group`: [String] The group of the configuration files, including prospectors (default: root). Linux only.
-- `purge_conf_dir`: [Boolean] Should files in the prospector configuration directory not managed by puppet be automatically purged
+- `config_file_owner`: [String] The owner of the configuration files, including inputs (default: root). Linux only.
+- `config_file_group`: [String] The group of the configuration files, including inputs (default: root). Linux only.
+- `purge_conf_dir`: [Boolean] Should files in the input configuration directory not managed by puppet be automatically purged
+- `enable_conf_modules`: [Boolean] Should filebeat.config.modules be enabled
+- `modules_dir`: [String] The directory where module configurations should be defined (default: /etc/filebeat/modules.d)
+- `cloud`: [Hash] Will be converted to YAML for the optional cloud.id and cloud.auth of the configuration (see documentation, and above)
- `outputs`: [Hash] Will be converted to YAML for the required outputs section of the configuration (see documentation, and above)
- `shipper`: [Hash] Will be converted to YAML to create the optional shipper section of the filebeat config (see documentation)
- `logging`: [Hash] Will be converted to YAML to create the optional logging section of the filebeat config (see documentation)
+- `systemd_beat_log_opts_override`: [String] Will overide the default `BEAT_LOG_OPTS=-e`. Required if using `logging` hash on systems running with systemd. required: Puppet 6.1+, Filebeat 7+,
- `modules`: [Array] Will be converted to YAML to create the optional modules section of the filebeat config (see documentation)
- `conf_template`: [String] The configuration template to use to generate the main filebeat.yml config file.
- `download_url`: [String] The URL of the zip file that should be downloaded to install filebeat (windows only)
@@ -256,21 +290,22 @@ Installs and configures filebeat.
- `shutdown_timeout`: [String] How long filebeat waits on shutdown for the publisher to finish sending events
- `beat_name`: [String] The name of the beat shipper (default: hostname)
- `tags`: [Array] A list of tags that will be included with each published transaction
-- `queue_size`: [String] The internal queue size for events in the pipeline
- `max_procs`: [Number] The maximum number of CPUs that can be simultaneously used
- `fields`: [Hash] Optional fields that should be added to each event output
- `fields_under_root`: [Boolean] If set to true, custom fields are stored in the top level instead of under fields
- `disable_config_test`: [Boolean] If set to true, configuration tests won't be run on config files before writing them.
-- `processors`: [Hash] Processors that should be configured.
-- `prospectors`: [Hash] Prospectors that will be created. Commonly used to create prospectors using hiera
+- `processors`: [Array] Processors that should be configured.
+- `monitoring`: [Hash] The monitoring.* components of the filebeat configuration.
+- `inputs`: [Hash] or [Array] Inputs that will be created. Commonly used to create inputs using hiera
- `setup`: [Hash] Setup that will be created. Commonly used to create setup using hiera
- `xpack`: [Hash] XPack configuration to pass to filebeat
+- `extra_validate_options`: [String] Extra command line options to pass to the configuration validation command.
### Private Classes
#### Class: `filebeat::config`
-Creates the configuration files required for filebeat (but not the prospectors)
+Creates the configuration files required for filebeat (but not the inputs)
#### Class: `filebeat::install`
@@ -298,19 +333,26 @@ Downloads, extracts, and installs the filebeat zip file in Windows.
### Public Defines
-#### Define: `filebeat::prospector`
+#### Define: `filebeat::input`
-Installs a configuration file for a prospector.
+Installs a configuration file for a input.
Be sure to read the [filebeat configuration details](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-configuration-details.html)
to fully understand what these parameters do.
-**Parameters for `filebeat::prospector`**
- - `ensure`: The ensure parameter on the prospector configuration file. (default: present)
- - `paths`: [Array] The paths, or blobs that should be handled by the prospector. (required)
+**Parameters for `filebeat::input`**
+ - `ensure`: The ensure parameter on the input configuration file. (default: present)
+ - `paths`: [Array] The paths, or blobs that should be handled by the input. (required if input_type is _log_)
+ - `containers_ids`: [Array] If input_type is _docker_, the list of Docker container ids to read the logs from. (default: '*')
+ - `containers_path`: [String] If input_type is _docker_, the path from where the logs should be read from. (default: /var/log/docker/containers)
+ - `containers_stream`: [String] If input_type is _docker_, read from the specified stream only. (default: all)
+ - `combine_partial`: [Boolean] If input_type is _docker_, enable partial messages joining. (default: false)
+ - `cri_parse_flags`: [Boolean] If input_type is _docker_, enable CRI flags parsing from the log file. (default: false)
+ - `syslog_protocol`: [Enum tcp,udp] Syslog protocol (default: udp)
+ - `syslog_host`: [String] Host to listen for syslog messages (default: localhost:5140)
- `exclude_files`: [Array] Files that match any regex in the list are excluded from filebeat (default: [])
- `encoding`: [String] The file encoding. (default: plain)
- - `input_type`: [String] log or stdin - where filebeat reads the log from (default:log)
+ - `input_type`: [String] where filebeat reads the log from (default:log)
- `fields`: [Hash] Optional fields to add information to the output (default: {})
- `fields_under_root`: [Boolean] Should the `fields` parameter fields be stored at the top level of indexed documents.
- `ignore_older`: [String] Files older than this field will be ignored by filebeat (default: ignore nothing)
@@ -319,7 +361,7 @@ to fully understand what these parameters do.
- `log_type`: [String] \(Deprecated - use `doc_type`\) The document_type setting (optional - default: log)
- `doc_type`: [String] The event type to used for published lines, used as type field in logstash
and elasticsearch (optional - default: log)
- - `scan_frequency`: [String] How often should the prospector check for new files (default: 10s)
+ - `scan_frequency`: [String] How often should the input check for new files (default: 10s)
- `harvester_buffer_size`: [Integer] The buffer size the harvester uses when fetching the file (default: 16384)
- `tail_files`: [Boolean] If true, filebeat starts reading new files at the end instead of the beginning (default: false)
- `backoff`: [String] How long filebeat should wait between scanning a file after reaching EOF (default: 1s)
@@ -327,16 +369,19 @@ to fully understand what these parameters do.
- `backoff_factor`: [Integer] `backoff` is multiplied by this parameter until `max_backoff` is reached to
determine the actual backoff (default: 2)
- `force_close_files`: [Boolean] Should filebeat forcibly close a file when renamed (default: false)
- - `pipeline`: [String] Filebeat can be configured for a different ingest pipeline for each prospector (default: undef)
+ - `pipeline`: [String] Filebeat can be configured for a different ingest pipeline for each input (default: undef)
- `include_lines`: [Array] A list of regular expressions to match the lines that you want to include.
Ignored if empty (default: [])
- `exclude_lines`: [Array] A list of regular expressions to match the files that you want to exclude.
Ignored if empty (default: [])
- `max_bytes`: [Integer] The maximum number of bytes that a single log message can have (default: 10485760)
+ - `tags`: [Array] A list of tags to send along with the log data.
- `json`: [Hash] Options that control how filebeat handles decoding of log messages in JSON format
[See above](#json-logs). (default: {})
- `multiline`: [Hash] Options that control how Filebeat handles log messages that span multiple lines.
[See above](#multiline-logs). (default: {})
+ - `host`: [String] Host and port used to read events for TCP or UDP plugin (default: localhost:9000)
+ - `max_message_size`: [String] The maximum size of the message received over TCP or UDP (default: undef)
## Limitations
This module doesn't load the [elasticsearch index template](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-template) into elasticsearch (required when shipping
@@ -352,15 +397,6 @@ By default, a generic, open ended template is used that simply converts your con
a hash that is produced as YAML on the system. To use a template that is more strict, but possibly
incomplete, set `conf_template` to `filebeat/filebeat.yml.erb`.
-### Registry Path
-
-The default registry file in this module doesn't match the filebeat default, but moving the file
-while the filbeat service is running can cause data duplication or data loss. If you're installing
-filebeat for the first time you should consider setting `registry_file` to match the
-[default](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-global-options.html#_registry_file).
-
-Be sure to include a path or the file will be put at the root of your filesystem.
-
### Debian Systems
Filebeat 5.x and newer requires apt-transport-https, but this module won't install it for you.
@@ -384,6 +420,45 @@ file { '/etc/filebeat/filebeat.yml':
```
to ensure that services are managed like you might expect.
+### Logging on systems with Systemd and with version filebeat 7.0+ installed
+With filebeat version 7+ running on systems with systemd, the filebeat systemd service file contains a default that will ignore the logging hash parameter
+
+```
+Environment="BEAT_LOG_OPTS=-e`
+```
+to overide this default, you will need to set the systemd_beat_log_opts_override parameter to empty string
+
+example:
+```puppet
+class {'filebeat':
+ logging => {
+ 'level' => 'debug',
+ 'to_syslog' => false,
+ 'to_files' => true,
+ 'files' => {
+ 'path' => '/var/log/filebeat',
+ 'name' => 'filebeat',
+ 'keepfiles' => '7',
+ 'permissions' => '0644'
+ },
+ systemd_beat_log_opts_override => "",
+}
+```
+
+this will only work on systems with puppet version 6.1+. On systems with puppet version < 6.1 you will need to `systemctl daemon-reload`. This can be achived by using the [camptocamp-systemd](https://forge.puppet.com/camptocamp/systemd)
+
+```puppet
+include systemd::systemctl::daemon_reload
+
+class {'filebeat':
+ logging => {
+...
+ },
+ systemd_beat_log_opts_override => "",
+ notify => Class['systemd::systemctl::daemon_reload'],
+}
+```
+
## Development
Pull requests and bug reports are welcome. If you're sending a pull request, please consider
diff --git a/modules/utilities/unix/logging/filebeat/filebeat.pp b/modules/utilities/unix/logging/filebeat/filebeat.pp
index 6fb36cf13..ffb59e3db 100644
--- a/modules/utilities/unix/logging/filebeat/filebeat.pp
+++ b/modules/utilities/unix/logging/filebeat/filebeat.pp
@@ -1,22 +1,25 @@
-$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
-$logstash_ip = $secgen_parameters['logstash_ip'][0]
-$logstash_port = 0 + $secgen_parameters['logstash_port'][0]
+unless defined('analysis_alert_action_client') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $logstash_ip = $secgen_parameters['logstash_ip'][0]
+ $logstash_port = 0 + $secgen_parameters['logstash_port'][0]
-class { 'filebeat':
- outputs => {
- 'logstash' => {
- 'hosts' => [
- "$logstash_ip:$logstash_port",
- ],
- 'index' => 'filebeat',
+ class { 'filebeat':
+ major_version => '7',
+ outputs => {
+ 'logstash' => {
+ 'hosts' => [
+ "$logstash_ip:$logstash_port",
+ ],
+ 'index' => 'filebeat',
+ },
},
- },
-}
+ }
-filebeat::prospector { 'syslogs':
- paths => [
- '/var/log/auth.log',
- '/var/log/syslog',
- ],
- doc_type => 'syslog-beat',
+ filebeat::prospector { 'syslogs':
+ paths => [
+ '/var/log/auth.log',
+ '/var/log/syslog',
+ ],
+ doc_type => 'syslog-beat',
+ }
}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb b/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb
index db45f8035..9a5f5bfa6 100644
--- a/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb
+++ b/modules/utilities/unix/logging/filebeat/lib/facter/filebeat_version.rb
@@ -3,14 +3,23 @@ Facter.add('filebeat_version') do
confine 'kernel' => ['FreeBSD', 'OpenBSD', 'Linux', 'Windows']
if File.executable?('/usr/bin/filebeat')
filebeat_version = Facter::Util::Resolution.exec('/usr/bin/filebeat version')
+ if filebeat_version.empty?
+ filebeat_version = Facter::Util::Resolution.exec('/usr/bin/filebeat --version')
+ end
elsif File.executable?('/usr/local/bin/filebeat')
- filebeat_version = Facter::Util::Resolution.exec('/usr/local/bin/filebeat --version')
+ filebeat_version = Facter::Util::Resolution.exec('/usr/local/bin/filebeat version')
+ if filebeat_version.empty?
+ filebeat_version = Facter::Util::Resolution.exec('/usr/local/bin/filebeat --version')
+ end
elsif File.executable?('/usr/share/filebeat/bin/filebeat')
filebeat_version = Facter::Util::Resolution.exec('/usr/share/filebeat/bin/filebeat --version')
elsif File.executable?('/usr/local/sbin/filebeat')
filebeat_version = Facter::Util::Resolution.exec('/usr/local/sbin/filebeat --version')
elsif File.exist?('c:\Program Files\Filebeat\filebeat.exe')
- filebeat_version = Facter::Util::Resolution.exec('"c:\Program Files\Filebeat\filebeat.exe" --version')
+ filebeat_version = Facter::Util::Resolution.exec('"c:\Program Files\Filebeat\filebeat.exe" version')
+ if filebeat_version.empty?
+ filebeat_version = Facter::Util::Resolution.exec('"c:\Program Files\Filebeat\filebeat.exe" --version')
+ end
end
setcode do
filebeat_version.nil? ? false : %r{^filebeat version ([^\s]+)?}.match(filebeat_version)[1]
diff --git a/modules/utilities/unix/logging/filebeat/manifests/config.pp b/modules/utilities/unix/logging/filebeat/manifests/config.pp
index 4a4676e26..fa0d67149 100644
--- a/modules/utilities/unix/logging/filebeat/manifests/config.pp
+++ b/modules/utilities/unix/logging/filebeat/manifests/config.pp
@@ -6,6 +6,17 @@
class filebeat::config {
$major_version = $filebeat::major_version
+ if has_key($filebeat::setup, 'ilm.policy') {
+ file {"${filebeat::config_dir}/ilm_policy.json":
+ content => to_json({'policy' => $filebeat::setup['ilm.policy']}),
+ notify => Service['filebeat'],
+ require => File['filebeat-config-dir'],
+ }
+ $setup = $filebeat::setup - 'ilm.policy' + {'ilm.policy_file' => "${filebeat::config_dir}/ilm_policy.json"}
+ } else {
+ $setup = $filebeat::setup
+ }
+
if versioncmp($major_version, '6') >= 0 {
$filebeat_config_temp = delete_undef_values({
'shutdown_timeout' => $filebeat::shutdown_timeout,
@@ -15,20 +26,26 @@ class filebeat::config {
'fields' => $filebeat::fields,
'fields_under_root' => $filebeat::fields_under_root,
'filebeat' => {
- 'registry_file' => $filebeat::registry_file,
- 'config.prospectors' => {
+ 'config.inputs' => {
'enabled' => true,
'path' => "${filebeat::config_dir}/*.yml",
},
+ 'config.modules' => {
+ 'enabled' => $filebeat::enable_conf_modules,
+ 'path' => "${filebeat::modules_dir}/*.yml",
+ },
'shutdown_timeout' => $filebeat::shutdown_timeout,
'modules' => $filebeat::modules,
},
+ 'http' => $filebeat::http,
+ 'cloud' => $filebeat::cloud,
'output' => $filebeat::outputs,
'shipper' => $filebeat::shipper,
'logging' => $filebeat::logging,
'runoptions' => $filebeat::run_options,
'processors' => $filebeat::processors,
- 'setup' => $filebeat::setup,
+ 'monitoring' => $filebeat::monitoring,
+ 'setup' => $setup,
})
# Add the 'xpack' section if supported (version >= 6.1.0) and not undef
if $filebeat::xpack and versioncmp($filebeat::package_ensure, '6.1.0') >= 0 {
@@ -69,8 +86,8 @@ class filebeat::config {
}
}
- if $::filebeat_version {
- $skip_validation = versioncmp($::filebeat_version, $filebeat::major_version) ? {
+ if 'filebeat_version' in $facts and $facts['filebeat_version'] != false {
+ $skip_validation = versioncmp($facts['filebeat_version'], $filebeat::major_version) ? {
-1 => true,
default => false,
}
@@ -78,15 +95,13 @@ class filebeat::config {
$skip_validation = false
}
- Filebeat::Prospector <| |> -> File['filebeat.yml']
-
case $::kernel {
'Linux' : {
$validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? {
true => undef,
default => $major_version ? {
- '5' => "${filebeat::filebeat_path} -N -configtest -c %",
- default => "${filebeat::filebeat_path} -c % test config",
+ '5' => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -N -configtest -c %",
+ default => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -c % test config",
},
}
@@ -111,13 +126,14 @@ class filebeat::config {
recurse => $filebeat::purge_conf_dir,
purge => $filebeat::purge_conf_dir,
force => true,
+ notify => Service['filebeat'],
}
} # end Linux
'FreeBSD' : {
$validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? {
true => undef,
- default => '/usr/local/sbin/filebeat -N -configtest -c %',
+ default => '/usr/local/sbin/filebeat ${filebeat::extra_validate_options} -N -configtest -c %',
}
file {'filebeat.yml':
@@ -141,6 +157,7 @@ class filebeat::config {
recurse => $filebeat::purge_conf_dir,
purge => $filebeat::purge_conf_dir,
force => true,
+ notify => Service['filebeat'],
}
} # end FreeBSD
@@ -148,8 +165,8 @@ class filebeat::config {
$validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? {
true => undef,
default => $major_version ? {
- '5' => "${filebeat::filebeat_path} -N -configtest -c %",
- default => "${filebeat::filebeat_path} -c % test config",
+ '5' => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -N -configtest -c %",
+ default => "${filebeat::filebeat_path} ${filebeat::extra_validate_options} -c % test config",
},
}
@@ -174,6 +191,7 @@ class filebeat::config {
recurse => $filebeat::purge_conf_dir,
purge => $filebeat::purge_conf_dir,
force => true,
+ notify => Service['filebeat'],
}
} # end OpenBSD
@@ -183,7 +201,10 @@ class filebeat::config {
$validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? {
true => undef,
- default => "\"${filebeat_path}\" -N -configtest -c \"%\"",
+ default => $major_version ? {
+ '7' => "\"${filebeat_path}\" ${filebeat::extra_validate_options} test config -c \"%\"",
+ default => "\"${filebeat_path}\" ${filebeat::extra_validate_options} -N -configtest -c \"%\"",
+ }
}
file {'filebeat.yml':
diff --git a/modules/utilities/unix/logging/filebeat/manifests/init.pp b/modules/utilities/unix/logging/filebeat/manifests/init.pp
index eea536adf..d1efd42c4 100644
--- a/modules/utilities/unix/logging/filebeat/manifests/init.pp
+++ b/modules/utilities/unix/logging/filebeat/manifests/init.pp
@@ -14,6 +14,7 @@
#
# @param package_ensure [String] The ensure parameter for the filebeat package (default: present)
# @param manage_repo [Boolean] Whether or not the upstream (elastic) repo should be configured or not (default: true)
+# @param manage_apt [Boolean] Whether or not the apt class should be explicitly called or not (default: true)
# @param major_version [Enum] The major version of Filebeat to be installed.
# @param service_ensure [String] The ensure parameter on the filebeat service (default: running)
# @param service_enable [String] The enable parameter on the filebeat service (default: true)
@@ -21,11 +22,12 @@
# @param spool_size [Integer] How large the spool should grow before being flushed to the network (default: 2048)
# @param idle_timeout [String] How often the spooler should be flushed even if spool size isn't reached (default: 5s)
# @param publish_async [Boolean] If set to true filebeat will publish while preparing the next batch of lines to send (defualt: false)
-# @param registry_file [String] The registry file used to store positions, absolute or relative to working directory (default .filebeat)
-# @param config_dir [String] The directory where prospectors should be defined (default: /etc/filebeat/conf.d)
+# @param config_dir [String] The directory where inputs should be defined (default: /etc/filebeat/conf.d)
# @param config_dir_mode [String] The unix permissions mode set on the configuration directory (default: 0755)
# @param config_file_mode [String] The unix permissions mode set on configuration files (default: 0644)
-# @param purge_conf_dir [Boolean] Should files in the prospector configuration directory not managed by puppet be automatically purged
+# @param purge_conf_dir [Boolean] Should files in the input configuration directory not managed by puppet be automatically purged
+# @param http [Hash] A hash of the http section of configuration
+# @param cloud [Hash] Will be converted to YAML for the optional cloud of the configuration (see documentation, and above)
# @param outputs [Hash] Will be converted to YAML for the required outputs section of the configuration (see documentation, and above)
# @param shipper [Hash] Will be converted to YAML to create the optional shipper section of the filebeat config (see documentation)
# @param logging [Hash] Will be converted to YAML to create the optional logging section of the filebeat config (see documentation)
@@ -37,20 +39,22 @@
# @param shutdown_timeout [String] How long filebeat waits on shutdown for the publisher to finish sending events
# @param beat_name [String] The name of the beat shipper (default: hostname)
# @param tags [Array] A list of tags that will be included with each published transaction
-# @param queue_size [String] The internal queue size for events in the pipeline
# @param max_procs [Integer] The maximum number of CPUs that can be simultaneously used
# @param fields [Hash] Optional fields that should be added to each event output
# @param fields_under_root [Boolean] If set to true, custom fields are stored in the top level instead of under fields
# @param processors [Array] Processors that will be added. Commonly used to create processors using hiera.
-# @param prospectors [Hash] Prospectors that will be created. Commonly used to create prospectors using hiera
+# @param monitoring [Hash] The monitoring section of the configuration file.
+# @param inputs [Hash] or [Array] Inputs that will be created. Commonly used to create inputs using hiera
# @param setup [Hash] setup that will be created. Commonly used to create setup using hiera
-# @param prospectors_merge [Boolean] Whether $prospectors should merge all hiera sources, or use simple automatic parameter lookup
+# @param inputs_merge [Boolean] Whether $inputs should merge all hiera sources, or use simple automatic parameter lookup
# proxy_address [String] Proxy server to use for downloading files
# @param xpack [Hash] Configuration items to export internal stats to a monitoring Elasticsearch cluster
+# @param extra_validate_options [String] Extra command line options to pass to the configuration validation command
class filebeat (
String $package_ensure = $filebeat::params::package_ensure,
Boolean $manage_repo = $filebeat::params::manage_repo,
- Enum['5','6'] $major_version = $filebeat::params::major_version,
+ Boolean $manage_apt = $filebeat::params::manage_apt,
+ Enum['5','6', '7'] $major_version = $filebeat::params::major_version,
Variant[Boolean, Enum['stopped', 'running']] $service_ensure = $filebeat::params::service_ensure,
Boolean $service_enable = $filebeat::params::service_enable,
Optional[String] $service_provider = $filebeat::params::service_provider,
@@ -58,7 +62,6 @@ class filebeat (
Integer $spool_size = $filebeat::params::spool_size,
String $idle_timeout = $filebeat::params::idle_timeout,
Boolean $publish_async = $filebeat::params::publish_async,
- String $registry_file = $filebeat::params::registry_file,
String $config_file = $filebeat::params::config_file,
Optional[String] $config_file_owner = $filebeat::params::config_file_owner,
Optional[String] $config_file_group = $filebeat::params::config_file_group,
@@ -68,6 +71,10 @@ class filebeat (
Optional[String] $config_dir_owner = $filebeat::params::config_dir_owner,
Optional[String] $config_dir_group = $filebeat::params::config_dir_group,
Boolean $purge_conf_dir = $filebeat::params::purge_conf_dir,
+ String $modules_dir = $filebeat::params::modules_dir,
+ Boolean $enable_conf_modules = $filebeat::params::enable_conf_modules,
+ Hash $http = $filebeat::params::http,
+ Hash $cloud = $filebeat::params::cloud,
Hash $outputs = $filebeat::params::outputs,
Hash $shipper = $filebeat::params::shipper,
Hash $logging = $filebeat::params::logging,
@@ -79,18 +86,27 @@ class filebeat (
String $shutdown_timeout = $filebeat::params::shutdown_timeout,
String $beat_name = $filebeat::params::beat_name,
Array $tags = $filebeat::params::tags,
- Integer $queue_size = $filebeat::params::queue_size,
Optional[Integer] $max_procs = $filebeat::params::max_procs,
Hash $fields = $filebeat::params::fields,
Boolean $fields_under_root = $filebeat::params::fields_under_root,
Boolean $disable_config_test = $filebeat::params::disable_config_test,
Array $processors = [],
- Hash $prospectors = {},
+ Optional[Hash] $monitoring = undef,
+ Variant[Hash, Array] $inputs = {},
Hash $setup = {},
Array $modules = [],
Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $proxy_address = undef, # lint:ignore:140chars
Stdlib::Absolutepath $filebeat_path = $filebeat::params::filebeat_path,
Optional[Hash] $xpack = $filebeat::params::xpack,
+
+ Integer $queue_size = 4096,
+ String $registry_file = 'filebeat.yml',
+
+ Optional[String] $systemd_beat_log_opts_override = undef,
+ String $systemd_beat_log_opts_template = $filebeat::params::systemd_beat_log_opts_template,
+ String $systemd_override_dir = $filebeat::params::systemd_override_dir,
+ Optional[String] $extra_validate_options = undef,
+
) inherits filebeat::params {
include ::stdlib
@@ -109,11 +125,13 @@ class filebeat (
$real_service_ensure = 'stopped'
$file_ensure = 'absent'
$directory_ensure = 'absent'
+ $real_service_enable = false
} else {
$alternate_ensure = 'present'
$file_ensure = 'file'
$directory_ensure = 'directory'
$real_service_ensure = $service_ensure
+ $real_service_enable = $service_enable
}
# If we're removing filebeat, do things in a different order to make sure
@@ -133,8 +151,12 @@ class filebeat (
}
if $package_ensure != 'absent' {
- if !empty($prospectors) {
- create_resources('filebeat::prospector', $prospectors)
+ if !empty($inputs) {
+ if $inputs =~ Array {
+ create_resources('filebeat::input', { 'inputs' => { pure_array => true } })
+ } else {
+ create_resources('filebeat::input', $inputs)
+ }
}
}
}
diff --git a/modules/utilities/unix/logging/filebeat/manifests/input.pp b/modules/utilities/unix/logging/filebeat/manifests/input.pp
new file mode 100644
index 000000000..f3484b87f
--- /dev/null
+++ b/modules/utilities/unix/logging/filebeat/manifests/input.pp
@@ -0,0 +1,137 @@
+# filebeat::input
+#
+# A description of what this defined type does
+#
+# @summary A short summary of the purpose of this defined type.
+#
+# @example
+# filebeat::input { 'namevar': }
+define filebeat::input (
+ Enum['absent', 'present'] $ensure = present,
+ Array[String] $paths = [],
+ Array[String] $exclude_files = [],
+ Array[String] $containers_ids = ['\'*\''],
+ String $containers_path = '/var/lib/docker/containers',
+ String $containers_stream = 'all',
+ Boolean $combine_partial = false,
+ Enum['tcp', 'udp'] $syslog_protocol = 'udp',
+ String $syslog_host = 'localhost:5140',
+ Boolean $cri_parse_flags = false,
+ String $encoding = 'plain',
+ String $input_type = 'log',
+ Hash $fields = {},
+ Boolean $fields_under_root = $filebeat::fields_under_root,
+ Optional[String] $ignore_older = undef,
+ Optional[String] $close_older = undef,
+ String $doc_type = 'log',
+ String $scan_frequency = '10s',
+ Integer $harvester_buffer_size = 16384,
+ Optional[Integer] $harvester_limit = undef,
+ Boolean $tail_files = false,
+ String $backoff = '1s',
+ String $max_backoff = '10s',
+ Integer $backoff_factor = 2,
+ String $close_inactive = '5m',
+ Boolean $close_renamed = false,
+ Boolean $close_removed = true,
+ Boolean $close_eof = false,
+ Variant[String, Integer] $clean_inactive = 0,
+ Boolean $clean_removed = true,
+ Integer $close_timeout = 0,
+ Boolean $force_close_files = false,
+ Array[String] $include_lines = [],
+ Array[String] $exclude_lines = [],
+ String $max_bytes = '10485760',
+ Hash $multiline = {},
+ Hash $json = {},
+ Array[String] $tags = [],
+ Boolean $symlinks = false,
+ Optional[String] $pipeline = undef,
+ Array $processors = [],
+ Boolean $pure_array = false,
+ String $host = 'localhost:9000',
+ Optional[String] $max_message_size = undef,
+) {
+
+ $input_template = $filebeat::major_version ? {
+ '5' => 'prospector.yml.erb',
+ default => 'input.yml.erb',
+ }
+
+ if 'filebeat_version' in $facts and $facts['filebeat_version'] != false {
+ $skip_validation = versioncmp($facts['filebeat_version'], $filebeat::major_version) ? {
+ -1 => true,
+ default => false,
+ }
+ } else {
+ $skip_validation = false
+ }
+
+ case $::kernel {
+ 'Linux', 'OpenBSD' : {
+ $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? {
+ true => undef,
+ default => $filebeat::major_version ? {
+ '5' => "\"${filebeat::filebeat_path}\" -N -configtest -c \"%\"",
+ default => "\"${filebeat::filebeat_path}\" -c \"${filebeat::config_file}\" test config",
+ },
+ }
+ file { "filebeat-${name}":
+ ensure => $ensure,
+ path => "${filebeat::config_dir}/${name}.yml",
+ owner => 'root',
+ group => '0',
+ mode => $::filebeat::config_file_mode,
+ content => template("${module_name}/${input_template}"),
+ validate_cmd => $validate_cmd,
+ notify => Service['filebeat'],
+ require => File['filebeat.yml'],
+ }
+ }
+
+ 'FreeBSD' : {
+ $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? {
+ true => undef,
+ default => '/usr/local/sbin/filebeat -N -configtest -c %',
+ }
+ file { "filebeat-${name}":
+ ensure => $ensure,
+ path => "${filebeat::config_dir}/${name}.yml",
+ owner => 'root',
+ group => 'wheel',
+ mode => $::filebeat::config_file_mode,
+ content => template("${module_name}/${input_template}"),
+ validate_cmd => $validate_cmd,
+ notify => Service['filebeat'],
+ require => File['filebeat.yml'],
+ }
+ }
+
+ 'Windows' : {
+ $cmd_install_dir = regsubst($filebeat::install_dir, '/', '\\', 'G')
+ $filebeat_path = join([$cmd_install_dir, 'Filebeat', 'filebeat.exe'], '\\')
+
+ $validate_cmd = ($filebeat::disable_config_test or $skip_validation) ? {
+ true => undef,
+ default => $facts['filebeat_version'] ? {
+ '5' => "\"${filebeat_path}\" -N -configtest -c \"%\"",
+ default => "\"${filebeat_path}\" -c \"${filebeat::config_file}\" test config",
+ },
+ }
+
+ file { "filebeat-${name}":
+ ensure => $ensure,
+ path => "${filebeat::config_dir}/${name}.yml",
+ content => template("${module_name}/${input_template}"),
+ validate_cmd => $validate_cmd,
+ notify => Service['filebeat'],
+ require => File['filebeat.yml'],
+ }
+ }
+
+ default : {
+ fail($filebeat::kernel_fail_message)
+ }
+
+ }
+}
diff --git a/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp b/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp
index 7b8314550..0740309bc 100644
--- a/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp
+++ b/modules/utilities/unix/logging/filebeat/manifests/install/windows.pp
@@ -37,8 +37,20 @@ class filebeat::install::windows {
proxy_server => $filebeat::proxy_address,
}
+ # Core editions of Windows Server do not have a shell as such, so use the Shell.Application COM object doesn't work.
+ # Expand-Archive is a native powershell cmdlet which ships with Powershell 5, which in turn ships with Windows 10 and
+ # Windows Server 2016 and newer.
+ if ((versioncmp($::operatingsystemrelease, '2016') > 0) or (versioncmp($::operatingsystemrelease, '10') == 0))
+ {
+ $unzip_command = "Expand-Archive ${zip_file} \"${filebeat::install_dir}\""
+ }
+ else
+ {
+ $unzip_command = "\$sh=New-Object -COM Shell.Application;\$sh.namespace((Convert-Path '${filebeat::install_dir}')).Copyhere(\$sh.namespace((Convert-Path '${zip_file}')).items(), 16)" # lint:ignore:140chars
+ }
+
exec { "unzip ${filename}":
- command => "\$sh=New-Object -COM Shell.Application;\$sh.namespace((Convert-Path '${filebeat::install_dir}')).Copyhere(\$sh.namespace((Convert-Path '${zip_file}')).items(), 16)", # lint:ignore:140chars
+ command => $unzip_command,
creates => $version_file,
require => [
File[$filebeat::install_dir],
diff --git a/modules/utilities/unix/logging/filebeat/manifests/params.pp b/modules/utilities/unix/logging/filebeat/manifests/params.pp
index 65b547e81..fbd6957fd 100644
--- a/modules/utilities/unix/logging/filebeat/manifests/params.pp
+++ b/modules/utilities/unix/logging/filebeat/manifests/params.pp
@@ -4,31 +4,35 @@
#
# @summary Set a bunch of default parameters
class filebeat::params {
- $service_ensure = running
- $service_enable = true
- $spool_size = 2048
- $idle_timeout = '5s'
- $publish_async = false
- $shutdown_timeout = '0'
- $beat_name = $::fqdn
- $tags = []
- $queue_size = 1000
- $max_procs = undef
- $config_file_mode = '0644'
- $config_dir_mode = '0755'
- $purge_conf_dir = true
- $fields = {}
- $fields_under_root = false
- $outputs = {}
- $shipper = {}
- $logging = {}
- $run_options = {}
- $modules = []
- $kernel_fail_message = "${::kernel} is not supported by filebeat."
- $osfamily_fail_message = "${::osfamily} is not supported by filebeat."
- $conf_template = "${module_name}/pure_hash.yml.erb"
- $disable_config_test = false
- $xpack = undef
+ $service_ensure = running
+ $service_enable = true
+ $spool_size = 2048
+ $idle_timeout = '5s'
+ $publish_async = false
+ $shutdown_timeout = '0'
+ $beat_name = $::fqdn
+ $tags = []
+ $max_procs = undef
+ $config_file_mode = '0644'
+ $config_dir_mode = '0755'
+ $purge_conf_dir = true
+ $enable_conf_modules = false
+ $fields = {}
+ $fields_under_root = false
+ $http = {}
+ $cloud = {}
+ $outputs = {}
+ $shipper = {}
+ $logging = {}
+ $run_options = {}
+ $modules = []
+ $kernel_fail_message = "${::kernel} is not supported by filebeat."
+ $osfamily_fail_message = "${::osfamily} is not supported by filebeat."
+ $conf_template = "${module_name}/pure_hash.yml.erb"
+ $disable_config_test = false
+ $xpack = undef
+ $systemd_override_dir = '/etc/systemd/system/filebeat.service.d'
+ $systemd_beat_log_opts_template = "${module_name}/systemd/logging.conf.erb"
# These are irrelevant as long as the template is set based on the major_version parameter
# if versioncmp('1.9.1', $::rubyversion) > 0 {
@@ -43,11 +47,13 @@ class filebeat::params {
case $facts['os']['family'] {
'Archlinux': {
$manage_repo = false
+ $manage_apt = false
$filebeat_path = '/usr/bin/filebeat'
- $major_version = '6'
+ $major_version = '7'
}
'OpenBSD': {
$manage_repo = false
+ $manage_apt = false
$filebeat_path = '/usr/local/bin/filebeat'
# lint:ignore:only_variable_string
$major_version = versioncmp('6.3', $::kernelversion) < 0 ? {
@@ -58,8 +64,9 @@ class filebeat::params {
}
default: {
$manage_repo = true
+ $manage_apt = true
$filebeat_path = '/usr/share/filebeat/bin/filebeat'
- $major_version = '6'
+ $major_version = '7'
}
}
case $::kernel {
@@ -71,7 +78,7 @@ class filebeat::params {
$config_file_group = 'root'
$config_dir_owner = 'root'
$config_dir_group = 'root'
- $registry_file = '/var/lib/filebeat/registry'
+ $modules_dir = '/etc/filebeat/modules.d'
# These parameters are ignored if/until tarball installs are supported in Linux
$tmp_dir = '/tmp'
$install_dir = undef
@@ -94,7 +101,7 @@ class filebeat::params {
$config_file_group = 'wheel'
$config_dir_owner = 'root'
$config_dir_group = 'wheel'
- $registry_file = '/var/lib/filebeat/registry'
+ $modules_dir = '/usr/local/etc/filebeat.modules.d'
$tmp_dir = '/tmp'
$service_provider = undef
$install_dir = undef
@@ -109,7 +116,7 @@ class filebeat::params {
$config_file_group = 'wheel'
$config_dir_owner = 'root'
$config_dir_group = 'wheel'
- $registry_file = '/var/db/filebeat/.filebeat'
+ $modules_dir = '/etc/filebeat/modules.d'
$tmp_dir = '/tmp'
$service_provider = undef
$install_dir = undef
@@ -117,14 +124,14 @@ class filebeat::params {
}
'Windows' : {
- $package_ensure = '5.6.2'
+ $package_ensure = '7.1.0'
$config_file_owner = 'Administrator'
$config_file_group = undef
$config_dir_owner = 'Administrator'
$config_dir_group = undef
$config_file = 'C:/Program Files/Filebeat/filebeat.yml'
$config_dir = 'C:/Program Files/Filebeat/conf.d'
- $registry_file = 'C:/ProgramData/filebeat/registry'
+ $modules_dir = 'C:/Program Files/Filebeat/modules.d'
$install_dir = 'C:/Program Files'
$tmp_dir = 'C:/Windows/Temp'
$service_provider = undef
diff --git a/modules/utilities/unix/logging/filebeat/manifests/repo.pp b/modules/utilities/unix/logging/filebeat/manifests/repo.pp
index 4a3ed3437..1ebd75d51 100644
--- a/modules/utilities/unix/logging/filebeat/manifests/repo.pp
+++ b/modules/utilities/unix/logging/filebeat/manifests/repo.pp
@@ -9,7 +9,9 @@ class filebeat::repo {
case $::osfamily {
'Debian': {
- include ::apt
+ if $::filebeat::manage_apt == true {
+ include ::apt
+ }
Class['apt::update'] -> Package['filebeat']
@@ -37,8 +39,15 @@ class filebeat::repo {
gpgkey => 'https://artifacts.elastic.co/GPG-KEY-elasticsearch',
priority => $::filebeat::repo_priority,
enabled => 1,
+ notify => Exec['flush-yum-cache'],
}
}
+
+ exec { 'flush-yum-cache':
+ command => 'yum clean all',
+ refreshonly => true,
+ path => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
+ }
}
'Suse': {
exec { 'topbeat_suse_import_gpg':
diff --git a/modules/utilities/unix/logging/filebeat/manifests/service.pp b/modules/utilities/unix/logging/filebeat/manifests/service.pp
index 80afd08fd..4bc01b7c1 100644
--- a/modules/utilities/unix/logging/filebeat/manifests/service.pp
+++ b/modules/utilities/unix/logging/filebeat/manifests/service.pp
@@ -6,7 +6,64 @@
class filebeat::service {
service { 'filebeat':
ensure => $filebeat::real_service_ensure,
- enable => $filebeat::service_enable,
+ enable => $filebeat::real_service_enable,
provider => $filebeat::service_provider,
}
+
+ $major_version = $filebeat::major_version
+ $systemd_beat_log_opts_override = $filebeat::systemd_beat_log_opts_override
+
+ #make sure puppet client version 6.1+ with filebeat version 7+, running on systemd
+ if ( versioncmp( $major_version, '7' ) >= 0 and
+ $::service_provider == 'systemd' ) {
+
+ if ( versioncmp( $::clientversion, '6.1' ) >= 0 ) {
+
+ unless $systemd_beat_log_opts_override == undef {
+ $ensure_overide = 'present'
+ } else {
+ $ensure_overide = 'absent'
+ }
+
+ ensure_resource('file',
+ $filebeat::systemd_override_dir,
+ {
+ ensure => 'directory',
+ }
+ )
+
+ file { "${filebeat::systemd_override_dir}/logging.conf":
+ ensure => $ensure_overide,
+ content => template($filebeat::systemd_beat_log_opts_template),
+ require => File[$filebeat::systemd_override_dir],
+ notify => Service['filebeat'],
+ }
+
+ } else {
+
+ unless $systemd_beat_log_opts_override == undef {
+ $ensure_overide = 'present'
+ } else {
+ $ensure_overide = 'absent'
+ }
+
+ if !defined(File[$filebeat::systemd_override_dir]) {
+ file{$filebeat::systemd_override_dir:
+ ensure => 'directory',
+ }
+ }
+
+ file { "${filebeat::systemd_override_dir}/logging.conf":
+ ensure => $ensure_overide,
+ content => template($filebeat::systemd_beat_log_opts_template),
+ require => File[$filebeat::systemd_override_dir],
+ notify => Service['filebeat'],
+ }
+
+ unless defined('systemd') {
+ warning('You\'ve specified an $systemd_beat_log_opts_override varible on a system running puppet version < 6.1 and not declared "systemd" resource See README.md for more information') # lint:ignore:140chars
+ }
+ }
+ }
+
}
diff --git a/modules/utilities/unix/logging/filebeat/metadata.json b/modules/utilities/unix/logging/filebeat/metadata.json
index 4d39b5bdf..f2fa1d870 100644
--- a/modules/utilities/unix/logging/filebeat/metadata.json
+++ b/modules/utilities/unix/logging/filebeat/metadata.json
@@ -1,6 +1,6 @@
{
"name": "pcfens-filebeat",
- "version": "3.2.2",
+ "version": "4.8.0",
"author": "pcfens",
"summary": "A module to install and manage the filebeat log shipper",
"license": "Apache-2.0",
@@ -10,22 +10,25 @@
"dependencies": [
{
"name": "puppetlabs/stdlib",
- "version_requirement": ">=4.13.0 <5.0.0"
+ "version_requirement": ">=4.13.0 < 7.0.0"
},
{
"name": "puppetlabs/apt",
- "version_requirement": ">=2.0.0 <7.0.0"
+ "version_requirement": ">=2.0.0 < 8.0.0"
},
{
"name": "puppetlabs/powershell",
- "version_requirement": ">= 1.0.1 < 3.0.0"
+ "version_requirement": ">= 1.0.1 < 5.0.0"
},
{
"name": "puppet/archive",
- "version_requirement": ">= 0.5.0 < 3.0.0"
+ "version_requirement": ">= 0.5.0 < 5.0.0"
+ },
+ {
+ "name": "puppetlabs/yumrepo_core",
+ "version_requirement": ">= 1.0.0 < 2.0.0"
}
],
- "data_provider": null,
"operatingsystem_support": [
{
"operatingsystem": "CentOS",
@@ -77,14 +80,17 @@
"operatingsystemrelease": [
"14.04",
"16.04",
- "18.04"
+ "18.04",
+ "20.04"
]
},
{
"operatingsystem": "windows",
"operatingsystemrelease": [
"2012",
- "2012 R2"
+ "2012 R2",
+ "2016",
+ "2019"
]
},
{
@@ -94,7 +100,7 @@
"requirements": [
{
"name": "puppet",
- "version_requirement": ">= 4.0.0 < 6.0.0"
+ "version_requirement": ">= 4.0.0 < 7.0.0"
}
],
"tags": [
@@ -103,7 +109,7 @@
"elasticsearch",
"elastic"
],
- "pdk-version": "1.7.0",
- "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git",
- "template-ref": "1.7.0-0-g57412ed"
+ "pdk-version": "1.18.1",
+ "template-url": "pdk-default#1.18.1",
+ "template-ref": "tags/1.18.1-0-g3d2e75c"
}
diff --git a/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb b/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb
index b063c27d4..c0c60a675 100644
--- a/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb
+++ b/modules/utilities/unix/logging/filebeat/templates/filebeat.yml.erb
@@ -5,7 +5,6 @@ filebeat.spool_size: <%= @filebeat_config['filebeat']['spool_size'] %>
filebeat.publish_async: <%= @filebeat_config['filebeat']['publish_async'] %>
filebeat.idle_timeout: <%= @filebeat_config['filebeat']['idle_timeout'] %>
<% end -%>
-filebeat.registry_file: <%= @filebeat_config['filebeat']['registry_file'] %>
filebeat.config_dir: <%= @filebeat_config['filebeat']['config_dir'] %>
filebeat.shutdown_timeout: <%= @filebeat_config['filebeat']['shutdown_timeout'] %>
diff --git a/modules/utilities/unix/logging/filebeat/templates/input.yml.erb b/modules/utilities/unix/logging/filebeat/templates/input.yml.erb
new file mode 100644
index 000000000..c41e0ed12
--- /dev/null
+++ b/modules/utilities/unix/logging/filebeat/templates/input.yml.erb
@@ -0,0 +1,211 @@
+<%- if @pure_array -%>
+<%= scope['filebeat::inputs'].to_yaml() %>
+<%- else -%>
+---
+- type: <%= @input_type %>
+ <%- if @input_type =~ /(tcp|udp)/ -%>
+ host: <%= @host %>
+ <%- if @max_message_size -%>
+ max_message_size: <%= @max_message_size %>
+ <%- end -%>
+ <%- elsif @input_type == 'docker' -%>
+ containers:
+ ids:
+ <%- @containers_ids.each do |id| -%>
+ - <%= id %>
+ <%- end -%>
+ path: <%= @containers_path %>
+ stream: <%= @containers_stream %>
+ combine_partial: <%= @combine_partial %>
+ cri.parse_flags: <%= @cri_parse_flags %>
+ <%- elsif @input_type == 'syslog' -%>
+ protocol.<%= @syslog_protocol %>:
+ host: <%= @syslog_host %>
+ <%- else -%>
+ paths:
+ <%- @paths.each do |log_path| -%>
+ - <%= log_path %>
+ <%- end -%>
+ <%- if @encoding -%>
+ encoding: <%= @encoding %>
+ <%- end -%>
+ <%- if @include_lines.length > 0 -%>
+ include_lines:
+ <%- @include_lines.each do |include_line| -%>
+ - '<%= include_line %>'
+ <%- end -%>
+ <%- end -%>
+ <%- if @exclude_lines.length > 0 -%>
+ exclude_lines:
+ <%- @exclude_lines.each do |exclude_line| -%>
+ - '<%= exclude_line %>'
+ <%- end -%>
+ <%- end -%>
+ <%- if @exclude_files.length > 0 -%>
+ exclude_files:
+ <%- @exclude_files.each do |exclude_file| -%>
+ - <%= exclude_file %>
+ <%- end -%>
+ <%- end -%>
+ <%- if @ignore_older -%>
+ ignore_older: <%= @ignore_older %>
+ <%- end -%>
+ <%- if @doc_type -%>
+ document_type: <%= @doc_type %>
+ <%- end -%>
+ <%- if @scan_frequency -%>
+ scan_frequency: <%= @scan_frequency %>
+ <%- end -%>
+ <%- if @harvester_buffer_size -%>
+ harvester_buffer_size: <%= @harvester_buffer_size %>
+ <%- end -%>
+ <%- if @max_bytes -%>
+ max_bytes: <%= @max_bytes %>
+ <%- end -%>
+ <%- if @symlinks -%>
+ symlinks: <%= @symlinks %>
+ <%- end -%>
+ <%- if @close_older -%>
+ close_older: <%= @close_older %>
+ <%- end -%>
+ <%- if @force_close_files -%>
+ force_close_files: <%= @force_close_files %>
+ <%- end -%>
+ <%- if @pipeline -%>
+ pipeline: <%= @pipeline %>
+ <%- end -%>
+
+ <%- if @json.length > 0 -%>
+ ### JSON configuration
+ json:
+ # Decode JSON options. Enable this if your logs are structured in JSON.
+ # JSON key on which to apply the line filtering and multiline settings. This key
+ # must be top level and its value must be string, otherwise it is ignored. If
+ # no text key is defined, the line filtering and multiline features cannot be used.
+ <%- if @json['message_key'] != nil-%>
+ message_key: '<%= @json['message_key'] %>'
+ <%- end -%>
+
+ # By default, the decoded JSON is placed under a "json" key in the output document.
+ # If you enable this setting, the keys are copied top level in the output document.
+ <%- if @json['keys_under_root'] != nil -%>
+ keys_under_root: <%= @json['keys_under_root'] %>
+ <%- end -%>
+
+ # If keys_under_root and this setting are enabled, then the values from the decoded
+ # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.)
+ # in case of conflicts.
+ <%- if @json['overwrite_keys'] != nil -%>
+ overwrite_keys: <%= @json['overwrite_keys'] %>
+ <%- end -%>
+
+ # If this setting is enabled, Filebeat adds a "json_error" key in case of JSON
+ # unmarshaling errors or when a text key is defined in the configuration but cannot
+ # be used.
+ <%- if @json['add_error_key'] != nil -%>
+ add_error_key: <%= @json['add_error_key'] %>
+ <%- end -%>
+ <%- end -%>
+
+ <%- if @multiline.length > 0 -%>
+ multiline:
+ <%- if @multiline['pattern'] -%>
+ pattern: '<%= @multiline['pattern'] %>'
+ <%- end -%>
+ <%- if @multiline['negate'] -%>
+ negate: <%= @multiline['negate'] %>
+ <%- end -%>
+ <%- if @multiline['match'] -%>
+ match: <%= @multiline['match'] %>
+ <%- end -%>
+ <%- if @multiline['max_lines'] -%>
+ max_lines: <%= @multiline['max_lines'] %>
+ <%- end -%>
+ <%- if @multiline['timeout'] -%>
+ timeout: <%= @multiline['timeout'] %>
+ <%- end -%>
+ <%- end -%>
+ tail_files: <%= @tail_files %>
+
+ # Experimental: If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the
+ # original for harvesting but will report the symlink name as source.
+ #symlinks: false
+
+ <%- if @backoff -%>
+ backoff: <%= @backoff %>
+ <%- end -%>
+ <%- if @max_backoff -%>
+ max_backoff: <%= @max_backoff %>
+ <%- end -%>
+ <%- if @backoff_factor -%>
+ backoff_factor: <%= @backoff_factor %>
+ <%- end -%>
+
+ # Experimental: Max number of harvesters that are started in parallel.
+ # Default is 0 which means unlimited
+ <%- if @harvester_limit -%>
+ harvester_limit: <%= @harvester_limit %>
+ <%- end -%>
+
+ ### Harvester closing options
+
+ # Close inactive closes the file handler after the predefined period.
+ # The period starts when the last line of the file was, not the file ModTime.
+ # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
+ <%- if @close_inactive -%>
+ close_inactive: <%= @close_inactive %>
+ <%- end -%>
+
+ # Close renamed closes a file handler when the file is renamed or rotated.
+ # Note: Potential data loss. Make sure to read and understand the docs for this option.
+ close_renamed: <%= @close_renamed %>
+
+ # When enabling this option, a file handler is closed immediately in case a file can't be found
+ # any more. In case the file shows up again later, harvesting will continue at the last known position
+ # after scan_frequency.
+ close_removed: <%= @close_removed %>
+
+ # Closes the file handler as soon as the harvesters reaches the end of the file.
+ # By default this option is disabled.
+ # Note: Potential data loss. Make sure to read and understand the docs for this option.
+ close_eof: <%= @close_eof %>
+
+ ### State options
+
+ # Files for the modification data is older then clean_inactive the state from the registry is removed
+ # By default this is disabled.
+ <%- if @clean_inactive -%>
+ clean_inactive: <%= @clean_inactive %>
+ <%- end -%>
+
+ # Removes the state for file which cannot be found on disk anymore immediately
+ clean_removed: <%= @clean_removed %>
+
+ # Close timeout closes the harvester after the predefined time.
+ # This is independent if the harvester did finish reading the file or not.
+ # By default this option is disabled.
+ # Note: Potential data loss. Make sure to read and understand the docs for this option.
+ <%- if @close_timeout -%>
+ close_timeout: <%= @close_timeout %>
+ <%- end -%>
+ <%- end -%>
+ <%- # Everything below this can be applied to any input. %>
+ <%- # https://www.elastic.co/guide/en/beats/filebeat/current/configuration-general-options.html#configuration-general %>
+ <%- if @fields.length > 0 -%>
+ fields:
+ <%- @fields.each_pair do |k, v| -%>
+ <%= k %>: <%= v %>
+ <%- end -%>
+ <%- end -%>
+ fields_under_root: <%= @fields_under_root %>
+ <%- if @tags.length > 0 -%>
+ tags:
+ <%- @tags.each do |tag| -%>
+ - <%= tag %>
+ <%- end -%>
+ <%- end -%>
+ <%- if @processors.length > 0 -%>
+ processors:
+ <%- %><%= @processors.to_yaml.lines.drop(1).join.gsub(/^/, ' ') -%>
+ <%- end -%>
+<%- end %>
diff --git a/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb b/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb
index fa3b4ccbb..bd11358a2 100644
--- a/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb
+++ b/modules/utilities/unix/logging/filebeat/templates/prospector.yml.erb
@@ -1,189 +1,183 @@
---
-- type: <%= @input_type %>
- paths:
- <%- @paths.each do |log_path| -%>
- - <%= log_path %>
- <%- end -%>
- <%- if @encoding -%>
- encoding: <%= @encoding %>
- <%- end -%>
- <%- if @include_lines.length > 0 -%>
- include_lines:
- <%- @include_lines.each do |include_line| -%>
- - '<%= include_line %>'
- <%- end -%>
- <%- end -%>
- <%- if @exclude_lines.length > 0 -%>
- exclude_lines:
- <%- @exclude_lines.each do |exclude_line| -%>
- - '<%= exclude_line %>'
- <%- end -%>
- <%- end -%>
- <%- if @exclude_files.length > 0 -%>
- exclude_files:
- <%- @exclude_files.each do |exclude_file| -%>
- - <%= exclude_file %>
- <%- end -%>
- <%- end -%>
- <%- if @fields.length > 0 -%>
- fields:
- <%- @fields.each_pair do |k, v| -%>
- <%= k %>: <%= v %>
- <%- end -%>
- <%- end -%>
- fields_under_root: <%= @fields_under_root %>
- <%- if @tags.length > 0 -%>
- tags:
- <%- @tags.each do |tag| -%>
- - <%= tag %>
- <%- end -%>
- <%- end -%>
- <%- if @ignore_older -%>
- ignore_older: <%= @ignore_older %>
- <%- end -%>
- <%- if @doc_type -%>
- document_type: <%= @doc_type %>
- <%- end -%>
- <%- if @scan_frequency -%>
- scan_frequency: <%= @scan_frequency %>
- <%- end -%>
- <%- if @harvester_buffer_size -%>
- harvester_buffer_size: <%= @harvester_buffer_size %>
- <%- end -%>
- <%- if @max_bytes -%>
- max_bytes: <%= @max_bytes %>
- <%- end -%>
- <%- if @symlinks -%>
- symlinks: <%= @symlinks %>
- <%- end -%>
- <%- if @close_older -%>
- close_older: <%= @close_older %>
- <%- end -%>
- <%- if @force_close_files -%>
- force_close_files: <%= @force_close_files %>
- <%- end -%>
- <%- if @pipeline -%>
- pipeline: <%= @pipeline %>
- <%- end -%>
-
- <%- if @json.length > 0 -%>
- ### JSON configuration
- json:
- # Decode JSON options. Enable this if your logs are structured in JSON.
- # JSON key on which to apply the line filtering and multiline settings. This key
- # must be top level and its value must be string, otherwise it is ignored. If
- # no text key is defined, the line filtering and multiline features cannot be used.
- <%- if @json['message_key'] != nil-%>
- message_key: '<%= @json['message_key'] %>'
+filebeat:
+ prospectors:
+ - <% if scope.function_versioncmp([scope.lookupvar('filebeat::major_version'), '6']) >= 0 %>type<% else %>input_type<% end %>: <%= @input_type %>
+ paths:
+ <%- @paths.each do |log_path| -%>
+ - <%= log_path %>
+ <%- end -%>
+ <%- if @encoding -%>
+ encoding: <%= @encoding %>
+ <%- end -%>
+ <%- if @include_lines.length > 0 -%>
+ include_lines:
+ <%- @include_lines.each do |include_line| -%>
+ - '<%= include_line %>'
+ <%- end -%>
+ <%- end -%>
+ <%- if @exclude_lines.length > 0 -%>
+ exclude_lines:
+ <%- @exclude_lines.each do |exclude_line| -%>
+ - '<%= exclude_line %>'
+ <%- end -%>
+ <%- end -%>
+ <%- if @exclude_files.length > 0 -%>
+ exclude_files:
+ <%- @exclude_files.each do |exclude_file| -%>
+ - <%= exclude_file %>
+ <%- end -%>
+ <%- end -%>
+ <%- if @fields.length > 0 -%>
+ fields:
+ <%- @fields.each_pair do |k, v| -%>
+ <%= k %>: <%= v %>
+ <%- end -%>
+ <%- end -%>
+ fields_under_root: <%= @fields_under_root %>
+ <%- if @tags.length > 0 -%>
+ tags:
+ <%- @tags.each do |tag| -%>
+ - <%= tag %>
+ <%- end -%>
+ <%- end -%>
+ <%- if @ignore_older -%>
+ ignore_older: <%= @ignore_older %>
+ <%- end -%>
+ <%- if @doc_type -%>
+ document_type: <%= @doc_type %>
+ <%- end -%>
+ <%- if @scan_frequency -%>
+ scan_frequency: <%= @scan_frequency %>
+ <%- end -%>
+ <%- if @harvester_buffer_size -%>
+ harvester_buffer_size: <%= @harvester_buffer_size %>
+ <%- end -%>
+ <%- if @max_bytes -%>
+ max_bytes: <%= @max_bytes %>
+ <%- end -%>
+ <%- if @symlinks -%>
+ symlinks: <%= @symlinks %>
+ <%- end -%>
+ <%- if @close_older -%>
+ close_older: <%= @close_older %>
+ <%- end -%>
+ <%- if @force_close_files -%>
+ force_close_files: <%= @force_close_files %>
+ <%- end -%>
+ <%- if @pipeline -%>
+ pipeline: <%= @pipeline %>
<%- end -%>
- # By default, the decoded JSON is placed under a "json" key in the output document.
- # If you enable this setting, the keys are copied top level in the output document.
- <%- if @json['keys_under_root'] != nil -%>
- keys_under_root: <%= @json['keys_under_root'] %>
+ <%- if @json.length > 0 -%>
+ ### JSON configuration
+ json:
+ # Decode JSON options. Enable this if your logs are structured in JSON.
+ # JSON key on which to apply the line filtering and multiline settings. This key
+ # must be top level and its value must be string, otherwise it is ignored. If
+ # no text key is defined, the line filtering and multiline features cannot be used.
+ <%- if @json['message_key'] != nil-%>
+ message_key: '<%= @json['message_key'] %>'
+ <%- end -%>
+
+ # By default, the decoded JSON is placed under a "json" key in the output document.
+ # If you enable this setting, the keys are copied top level in the output document.
+ <%- if @json['keys_under_root'] != nil -%>
+ keys_under_root: <%= @json['keys_under_root'] %>
+ <%- end -%>
+
+ # If keys_under_root and this setting are enabled, then the values from the decoded
+ # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.)
+ # in case of conflicts.
+ <%- if @json['overwrite_keys'] != nil -%>
+ overwrite_keys: <%= @json['overwrite_keys'] %>
+ <%- end -%>
+
+ # If this setting is enabled, Filebeat adds a "json_error" key in case of JSON
+ # unmarshaling errors or when a text key is defined in the configuration but cannot
+ # be used.
+ <%- if @json['add_error_key'] != nil -%>
+ add_error_key: <%= @json['add_error_key'] %>
+ <%- end -%>
<%- end -%>
- # If keys_under_root and this setting are enabled, then the values from the decoded
- # JSON object overwrite the fields that Filebeat normally adds (type, source, offset, etc.)
- # in case of conflicts.
- <%- if @json['overwrite_keys'] != nil -%>
- overwrite_keys: <%= @json['overwrite_keys'] %>
+ <%- if @multiline.length > 0 -%>
+ multiline:
+ <%- if @multiline['pattern'] -%>
+ pattern: '<%= @multiline['pattern'] %>'
+ <%- end -%>
+ <%- if @multiline['negate'] -%>
+ negate: <%= @multiline['negate'] %>
+ <%- end -%>
+ <%- if @multiline['match'] -%>
+ match: <%= @multiline['match'] %>
+ <%- end -%>
+ <%- if @multiline['max_lines'] -%>
+ max_lines: <%= @multiline['max_lines'] %>
+ <%- end -%>
+ <%- if @multiline['timeout'] -%>
+ timeout: <%= @multiline['timeout'] %>
+ <%- end -%>
+ <%- end -%>
+ tail_files: <%= @tail_files %>
+
+ # Experimental: If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the
+ # original for harvesting but will report the symlink name as source.
+ #symlinks: false
+
+ <%- if @backoff -%>
+ backoff: <%= @backoff %>
+ <%- end -%>
+ <%- if @max_backoff -%>
+ max_backoff: <%= @max_backoff %>
+ <%- end -%>
+ <%- if @backoff_factor -%>
+ backoff_factor: <%= @backoff_factor %>
<%- end -%>
- # If this setting is enabled, Filebeat adds a "json_error" key in case of JSON
- # unmarshaling errors or when a text key is defined in the configuration but cannot
- # be used.
- <%- if @json['add_error_key'] != nil -%>
- add_error_key: <%= @json['add_error_key'] %>
+ # Experimental: Max number of harvesters that are started in parallel.
+ # Default is 0 which means unlimited
+ <%- if @harvester_limit -%>
+ harvester_limit: <%= @harvester_limit %>
<%- end -%>
- <%- end -%>
- <%- if @multiline.length > 0 -%>
- multiline:
- <%- if @multiline['pattern'] -%>
- pattern: '<%= @multiline['pattern'] %>'
- <%- end -%>
- <%- if @multiline['negate'] -%>
- negate: <%= @multiline['negate'] %>
- <%- end -%>
- <%- if @multiline['match'] -%>
- match: <%= @multiline['match'] %>
- <%- end -%>
- <%- if @multiline['max_lines'] -%>
- max_lines: <%= @multiline['max_lines'] %>
- <%- end -%>
- <%- if @multiline['timeout'] -%>
- timeout: <%= @multiline['timeout'] %>
- <%- end -%>
- <%- end -%>
- tail_files: <%= @tail_files %>
+ ### Harvester closing options
- # Experimental: If symlinks is enabled, symlinks are opened and harvested. The harvester is openening the
- # original for harvesting but will report the symlink name as source.
- #symlinks: false
-
- <%- if @backoff -%>
- backoff: <%= @backoff %>
- <%- end -%>
- <%- if @max_backoff -%>
- max_backoff: <%= @max_backoff %>
- <%- end -%>
- <%- if @backoff_factor -%>
- backoff_factor: <%= @backoff_factor %>
- <%- end -%>
-
- # Experimental: Max number of harvesters that are started in parallel.
- # Default is 0 which means unlimited
- #harvester_limit: 0
-
- ### Harvester closing options
-
- # Close inactive closes the file handler after the predefined period.
- # The period starts when the last line of the file was, not the file ModTime.
- # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
- <%- if @close_inactive -%>
- close_inactive: <%= @close_inactive %>
- <%- end -%>
-
- # Close renamed closes a file handler when the file is renamed or rotated.
- # Note: Potential data loss. Make sure to read and understand the docs for this option.
- close_renamed: <%= @close_renamed %>
-
- # When enabling this option, a file handler is closed immediately in case a file can't be found
- # any more. In case the file shows up again later, harvesting will continue at the last known position
- # after scan_frequency.
- close_removed: <%= @close_removed %>
-
- # Closes the file handler as soon as the harvesters reaches the end of the file.
- # By default this option is disabled.
- # Note: Potential data loss. Make sure to read and understand the docs for this option.
- close_eof: <%= @close_eof %>
-
- ### State options
-
- # Files for the modification data is older then clean_inactive the state from the registry is removed
- # By default this is disabled.
- <%- if @clean_inactive -%>
- clean_inactive: <%= @clean_inactive %>
- <%- end -%>
-
- # Removes the state for file which cannot be found on disk anymore immediately
- clean_removed: <%= @clean_removed %>
-
- # Close timeout closes the harvester after the predefined time.
- # This is independent if the harvester did finish reading the file or not.
- # By default this option is disabled.
- # Note: Potential data loss. Make sure to read and understand the docs for this option.
- <%- if @close_timeout -%>
- close_timeout: <%= @close_timeout %>
- <%- end -%>
- <%- if @processors.length > 0 -%>
- # Managing processors releated only for specified prospector
- processors:
- <%- @processors.each do |proc| -%>
- - <%= proc.keys[0] %>:
- <%- proc[proc.keys[0]].each do |k, v| -%>
- <%= k %>: <%= v %>
+ # Close inactive closes the file handler after the predefined period.
+ # The period starts when the last line of the file was, not the file ModTime.
+ # Time strings like 2h (2 hours), 5m (5 minutes) can be used.
+ <%- if @close_inactive -%>
+ close_inactive: <%= @close_inactive %>
+ <%- end -%>
+
+ # Close renamed closes a file handler when the file is renamed or rotated.
+ # Note: Potential data loss. Make sure to read and understand the docs for this option.
+ close_renamed: <%= @close_renamed %>
+
+ # When enabling this option, a file handler is closed immediately in case a file can't be found
+ # any more. In case the file shows up again later, harvesting will continue at the last known position
+ # after scan_frequency.
+ close_removed: <%= @close_removed %>
+
+ # Closes the file handler as soon as the harvesters reaches the end of the file.
+ # By default this option is disabled.
+ # Note: Potential data loss. Make sure to read and understand the docs for this option.
+ close_eof: <%= @close_eof %>
+
+ ### State options
+
+ # Files for the modification data is older then clean_inactive the state from the registry is removed
+ # By default this is disabled.
+ <%- if @clean_inactive -%>
+ clean_inactive: <%= @clean_inactive %>
+ <%- end -%>
+
+ # Removes the state for file which cannot be found on disk anymore immediately
+ clean_removed: <%= @clean_removed %>
+
+ # Close timeout closes the harvester after the predefined time.
+ # This is independent if the harvester did finish reading the file or not.
+ # By default this option is disabled.
+ # Note: Potential data loss. Make sure to read and understand the docs for this option.
+ <%- if @close_timeout -%>
+ close_timeout: <%= @close_timeout %>
<%- end -%>
- <%- end -%>
- <%- end -%>
diff --git a/modules/utilities/unix/logging/filebeat/templates/systemd/logging.conf.erb b/modules/utilities/unix/logging/filebeat/templates/systemd/logging.conf.erb
new file mode 100644
index 000000000..42762f98a
--- /dev/null
+++ b/modules/utilities/unix/logging/filebeat/templates/systemd/logging.conf.erb
@@ -0,0 +1,2 @@
+[Service]
+Environment="BEAT_LOG_OPTS=<%= @systemd_beat_log_opts_override %>"
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/kibana/Gemfile.lock b/modules/utilities/unix/logging/kibana/Gemfile.lock
deleted file mode 100644
index 615b39d4b..000000000
--- a/modules/utilities/unix/logging/kibana/Gemfile.lock
+++ /dev/null
@@ -1,482 +0,0 @@
-GEM
- remote: https://rubygems.org/
- specs:
- CFPropertyList (2.3.6)
- addressable (2.5.2)
- public_suffix (>= 2.0.2, < 4.0)
- ansi (1.5.0)
- ast (2.4.0)
- aws-sdk-v1 (1.67.0)
- json (~> 1.4)
- nokogiri (~> 1)
- backports (3.11.2)
- beaker (3.34.0)
- beaker-abs (~> 0.4)
- beaker-aws (~> 0.1)
- beaker-docker (~> 0.1)
- beaker-google (~> 0.1)
- beaker-hiera (~> 0.0)
- beaker-hostgenerator
- beaker-openstack (~> 0.1)
- beaker-puppet (~> 0.0)
- beaker-vagrant (~> 0.1)
- beaker-vcloud (~> 0.1)
- beaker-vmpooler (~> 1.0)
- beaker-vmware (~> 0.1)
- hocon (~> 1.0)
- in-parallel (~> 0.1)
- inifile (~> 3.0)
- minitar (~> 0.6)
- minitest (~> 5.4)
- net-scp (~> 1.2)
- net-ssh (~> 4.0)
- open_uri_redirections (~> 0.2.1)
- pry-byebug (~> 3.4.2)
- rb-readline (~> 0.5.3)
- rsync (~> 1.0.9)
- stringify-hash (~> 0.0)
- thor (~> 0.19)
- beaker-abs (0.5.0)
- beaker-aws (0.4.0)
- aws-sdk-v1 (~> 1.57)
- stringify-hash (~> 0.0.0)
- beaker-docker (0.3.2)
- docker-api
- stringify-hash (~> 0.0.0)
- beaker-google (0.1.0)
- google-api-client (~> 0.9)
- stringify-hash (~> 0.0.0)
- beaker-hiera (0.1.1)
- stringify-hash (~> 0.0.0)
- beaker-hostgenerator (1.1.10)
- deep_merge (~> 1.0)
- stringify-hash (~> 0.0.0)
- beaker-openstack (0.2.0)
- fog-openstack
- stringify-hash (~> 0.0.0)
- beaker-puppet (0.13.2)
- in-parallel (~> 0.1)
- oga
- stringify-hash (~> 0.0.0)
- beaker-puppet_install_helper (0.6.0)
- beaker (>= 2.0)
- beaker-rspec (6.2.3)
- beaker (~> 3.0)
- rspec (~> 3.0)
- serverspec (~> 2)
- specinfra (~> 2)
- beaker-vagrant (0.4.0)
- stringify-hash (~> 0.0.0)
- beaker-vcloud (0.2.0)
- beaker-vmpooler
- beaker-vmware
- rbvmomi (~> 1.9)
- stringify-hash (~> 0.0.0)
- beaker-vmpooler (1.2.0)
- stringify-hash (~> 0.0.0)
- beaker-vmware (0.2.0)
- fission (~> 0.4)
- rbvmomi (~> 1.9)
- stringify-hash (~> 0.0.0)
- builder (3.2.3)
- byebug (9.0.6)
- capybara (2.18.0)
- addressable
- mini_mime (>= 0.1.3)
- nokogiri (>= 1.3.3)
- rack (>= 1.0.0)
- rack-test (>= 0.5.4)
- xpath (>= 2.0, < 4.0)
- cliver (0.3.2)
- coderay (1.1.2)
- connection_pool (2.2.1)
- declarative (0.0.10)
- declarative-option (0.1.0)
- deep_merge (1.2.1)
- diff-lcs (1.3)
- docile (1.3.0)
- docker-api (1.34.2)
- excon (>= 0.47.0)
- multi_json
- domain_name (0.5.20170404)
- unf (>= 0.0.5, < 1.0.0)
- ethon (0.11.0)
- ffi (>= 1.3.0)
- excon (0.62.0)
- facter (2.5.1)
- facterdb (0.5.1)
- facter
- jgrep
- faraday (0.14.0)
- multipart-post (>= 1.2, < 3)
- faraday_middleware (0.12.2)
- faraday (>= 0.7.4, < 1.0)
- fast_gettext (1.1.2)
- ffi (1.9.23)
- fission (0.5.0)
- CFPropertyList (~> 2.2)
- fog-core (1.45.0)
- builder
- excon (~> 0.58)
- formatador (~> 0.2)
- fog-json (1.0.2)
- fog-core (~> 1.0)
- multi_json (~> 1.10)
- fog-openstack (0.1.25)
- fog-core (~> 1.40)
- fog-json (>= 1.0)
- ipaddress (>= 0.8)
- formatador (0.2.5)
- gettext (3.2.9)
- locale (>= 2.0.5)
- text (>= 1.3.0)
- gettext-setup (0.30)
- fast_gettext (~> 1.1.0)
- gettext (>= 3.0.2)
- locale
- gh (0.14.0)
- addressable
- backports
- faraday (~> 0.8)
- multi_json (~> 1.0)
- net-http-persistent (>= 2.7)
- net-http-pipeline
- google-api-client (0.20.1)
- addressable (~> 2.5, >= 2.5.1)
- googleauth (>= 0.5, < 0.7.0)
- httpclient (>= 2.8.1, < 3.0)
- mime-types (~> 3.0)
- representable (~> 3.0)
- retriable (>= 2.0, < 4.0)
- googleauth (0.6.2)
- faraday (~> 0.12)
- jwt (>= 1.4, < 3.0)
- logging (~> 2.0)
- memoist (~> 0.12)
- multi_json (~> 1.11)
- os (~> 0.9)
- signet (~> 0.7)
- guard (2.14.2)
- formatador (>= 0.2.4)
- listen (>= 2.7, < 4.0)
- lumberjack (>= 1.0.12, < 2.0)
- nenv (~> 0.1)
- notiffany (~> 0.0)
- pry (>= 0.9.12)
- shellany (~> 0.0)
- thor (>= 0.18.1)
- guard-bundler (2.1.0)
- bundler (~> 1.0)
- guard (~> 2.2)
- guard-compat (~> 1.1)
- guard-compat (1.2.1)
- guard-rake (1.0.0)
- guard
- rake
- guard-rspec (4.7.3)
- guard (~> 2.1)
- guard-compat (~> 1.1)
- rspec (>= 2.99.0, < 4.0)
- hiera (3.4.2)
- highline (1.7.10)
- hirb (0.7.3)
- hocon (1.2.5)
- http-cookie (1.0.3)
- domain_name (~> 0.5)
- httpclient (2.8.3)
- in-parallel (0.1.17)
- infrataster (0.3.2)
- capybara
- faraday
- faraday_middleware (>= 0.10.0)
- net-ssh
- net-ssh-gateway
- poltergeist
- rspec (>= 2.0, < 4.0)
- thor
- inifile (3.0.0)
- ipaddress (0.8.3)
- jgrep (1.5.0)
- json (1.8.6)
- json-schema (2.8.0)
- addressable (>= 2.4)
- json_pure (1.8.6)
- jwt (2.1.0)
- launchy (2.4.3)
- addressable (~> 2.3)
- listen (3.1.5)
- rb-fsevent (~> 0.9, >= 0.9.4)
- rb-inotify (~> 0.9, >= 0.9.7)
- ruby_dep (~> 1.2)
- little-plugger (1.1.4)
- locale (2.1.2)
- logging (2.2.2)
- little-plugger (~> 1.1)
- multi_json (~> 1.10)
- lumberjack (1.0.13)
- mcollective-client (2.12.0)
- json
- stomp
- systemu
- memoist (0.16.0)
- metaclass (0.0.4)
- metadata-json-lint (2.1.0)
- json-schema (~> 2.8)
- spdx-licenses (~> 1.0)
- method_source (0.9.0)
- mime-types (3.1)
- mime-types-data (~> 3.2015)
- mime-types-data (3.2016.0521)
- mini_mime (1.0.0)
- mini_portile2 (2.3.0)
- minitar (0.6.1)
- minitest (5.11.3)
- mocha (1.5.0)
- metaclass (~> 0.0.1)
- multi_json (1.13.1)
- multipart-post (2.0.0)
- nenv (0.3.0)
- net-http-persistent (3.0.0)
- connection_pool (~> 2.2)
- net-http-pipeline (1.0.1)
- net-scp (1.2.1)
- net-ssh (>= 2.6.5)
- net-ssh (4.2.0)
- net-ssh-gateway (2.0.0)
- net-ssh (>= 4.0.0)
- net-telnet (0.1.1)
- netrc (0.11.0)
- nokogiri (1.8.2)
- mini_portile2 (~> 2.3.0)
- notiffany (0.1.1)
- nenv (~> 0.1)
- shellany (~> 0.0)
- oga (2.15)
- ast
- ruby-ll (~> 2.1)
- open_uri_redirections (0.2.1)
- os (0.9.6)
- parser (2.5.1.0)
- ast (~> 2.4.0)
- poltergeist (1.17.0)
- capybara (~> 2.1)
- cliver (~> 0.3.1)
- websocket-driver (>= 0.2.0)
- powerpack (0.1.1)
- pry (0.11.3)
- coderay (~> 1.1.0)
- method_source (~> 0.9.0)
- pry-byebug (3.4.3)
- byebug (>= 9.0, < 9.1)
- pry (~> 0.10)
- public_suffix (3.0.2)
- puppet (4.10.10)
- facter (> 2.0, < 4)
- gettext-setup (>= 0.10, < 1)
- hiera (>= 2.0, < 4)
- json_pure (~> 1.8)
- locale (~> 2.1)
- puppet-blacksmith (4.1.2)
- rest-client (~> 2.0)
- puppet-lint (2.3.5)
- puppet-lint-absolute_classname-check (0.2.5)
- puppet-lint (>= 1.0, < 3.0)
- puppet-lint-classes_and_types_beginning_with_digits-check (0.1.2)
- puppet-lint (>= 1.0, < 3.0)
- puppet-lint-leading_zero-check (0.1.1)
- puppet-lint (>= 1.0, < 3.0)
- puppet-lint-param-docs (1.4.2)
- puppet-lint (>= 1.1, < 3.0)
- puppet-lint-resource_reference_syntax (1.0.14)
- puppet-lint (>= 1.0, < 3.0)
- puppet-lint-trailing_comma-check (0.3.2)
- puppet-lint (>= 1.0, < 3.0)
- puppet-lint-unquoted_string-check (0.3.0)
- puppet-lint (>= 1.0, < 3.0)
- puppet-lint-version_comparison-check (0.2.1)
- puppet-lint (>= 1.0, < 3.0)
- puppet-strings (1.2.1)
- rgen
- yard (~> 0.9.5)
- puppet-syntax (2.4.1)
- rake
- puppetlabs_spec_helper (2.7.0)
- mocha (~> 1.0)
- puppet-lint (~> 2.0)
- puppet-syntax (~> 2.0)
- rspec-puppet (~> 2.0)
- pusher-client (0.6.2)
- json
- websocket (~> 1.0)
- rack (2.0.4)
- rack-test (1.0.0)
- rack (>= 1.0, < 3)
- rainbow (2.2.2)
- rake
- rake (12.3.1)
- rb-fsevent (0.10.3)
- rb-inotify (0.9.10)
- ffi (>= 0.5.0, < 2)
- rb-readline (0.5.5)
- rbvmomi (1.11.7)
- builder (~> 3.0)
- json (>= 1.8)
- nokogiri (~> 1.5)
- trollop (~> 2.1)
- representable (3.0.4)
- declarative (< 0.1.0)
- declarative-option (< 0.2.0)
- uber (< 0.2.0)
- rest-client (2.0.2)
- http-cookie (>= 1.0.2, < 2.0)
- mime-types (>= 1.16, < 4.0)
- netrc (~> 0.8)
- retriable (3.1.1)
- rgen (0.8.2)
- rspec (3.7.0)
- rspec-core (~> 3.7.0)
- rspec-expectations (~> 3.7.0)
- rspec-mocks (~> 3.7.0)
- rspec-core (3.7.1)
- rspec-support (~> 3.7.0)
- rspec-expectations (3.7.0)
- diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.7.0)
- rspec-its (1.2.0)
- rspec-core (>= 3.0.0)
- rspec-expectations (>= 3.0.0)
- rspec-mocks (3.7.0)
- diff-lcs (>= 1.2.0, < 2.0)
- rspec-support (~> 3.7.0)
- rspec-puppet (2.6.11)
- rspec
- rspec-puppet-facts (1.9.0)
- facter
- facterdb (>= 0.5.0)
- json
- mcollective-client
- puppet
- rspec-puppet-utils (3.4.0)
- mocha
- puppet
- puppetlabs_spec_helper
- rspec
- rspec-puppet
- rspec-retry (0.5.7)
- rspec-core (> 3.3)
- rspec-support (3.7.1)
- rsync (1.0.9)
- rubocop (0.41.2)
- parser (>= 2.3.1.1, < 3.0)
- powerpack (~> 0.1)
- rainbow (>= 1.99.1, < 3.0)
- ruby-progressbar (~> 1.7)
- unicode-display_width (~> 1.0, >= 1.0.1)
- ruby-ll (2.1.2)
- ansi
- ast
- ruby-progressbar (1.9.0)
- ruby_dep (1.5.0)
- safe_yaml (1.0.4)
- semantic_puppet (1.0.2)
- serverspec (2.41.3)
- multi_json
- rspec (~> 3.0)
- rspec-its
- specinfra (~> 2.72)
- sfl (2.3)
- shellany (0.0.1)
- signet (0.8.1)
- addressable (~> 2.3)
- faraday (~> 0.9)
- jwt (>= 1.5, < 3.0)
- multi_json (~> 1.10)
- simplecov (0.16.1)
- docile (~> 1.1)
- json (>= 1.8, < 3)
- simplecov-html (~> 0.10.0)
- simplecov-console (0.4.2)
- ansi
- hirb
- simplecov
- simplecov-html (0.10.2)
- spdx-licenses (1.1.0)
- specinfra (2.73.3)
- net-scp
- net-ssh (>= 2.7, < 5.0)
- net-telnet
- sfl
- stomp (1.4.4)
- stringify-hash (0.0.2)
- systemu (2.6.5)
- text (1.3.1)
- thor (0.20.0)
- travis (1.8.8)
- backports
- faraday (~> 0.9)
- faraday_middleware (~> 0.9, >= 0.9.1)
- gh (~> 0.13)
- highline (~> 1.6)
- launchy (~> 2.1)
- pusher-client (~> 0.4)
- typhoeus (~> 0.6, >= 0.6.8)
- travis-lint (2.0.0)
- json
- trollop (2.1.2)
- typhoeus (0.8.0)
- ethon (>= 0.8.0)
- uber (0.1.0)
- unf (0.1.4)
- unf_ext
- unf_ext (0.0.7.5)
- unicode-display_width (1.3.0)
- websocket (1.2.5)
- websocket-driver (0.7.0)
- websocket-extensions (>= 0.1.0)
- websocket-extensions (0.1.3)
- xmlrpc (0.3.0)
- xpath (3.0.0)
- nokogiri (~> 1.8)
- yard (0.9.12)
-
-PLATFORMS
- ruby
-
-DEPENDENCIES
- beaker
- beaker-puppet_install_helper (= 0.6.0)
- beaker-rspec
- guard-bundler
- guard-rake
- guard-rspec
- infrataster
- metadata-json-lint
- puppet (~> 4.9)
- puppet-blacksmith
- puppet-lint-absolute_classname-check
- puppet-lint-classes_and_types_beginning_with_digits-check
- puppet-lint-leading_zero-check
- puppet-lint-param-docs
- puppet-lint-resource_reference_syntax
- puppet-lint-trailing_comma-check
- puppet-lint-unquoted_string-check
- puppet-lint-version_comparison-check
- puppet-strings
- puppetlabs_spec_helper (>= 2.7.0)
- rake
- rspec (~> 3.5)
- rspec-puppet (>= 2.3.0)
- rspec-puppet-facts
- rspec-puppet-utils
- rspec-retry
- rubocop (~> 0.41.2)
- safe_yaml (~> 1.0.4)
- semantic_puppet
- simplecov (>= 0.11.0)
- simplecov-console
- travis
- travis-lint
- xmlrpc
-
-BUNDLED WITH
- 1.16.1
diff --git a/modules/utilities/unix/logging/kibana/kibana.pp b/modules/utilities/unix/logging/kibana/kibana.pp
deleted file mode 100644
index bf02c29cf..000000000
--- a/modules/utilities/unix/logging/kibana/kibana.pp
+++ /dev/null
@@ -1,15 +0,0 @@
-$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
-
-$kibana_ip = $secgen_parameters['kibana_ip'][0]
-$kibana_port = 0 + $secgen_parameters['kibana_port'][0]
-
-$elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0] # TODO: Which IP address? how do we do this with two servers?
-$elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0] # TODO: Which IP address? how do we do this with two servers?
-
-class { 'kibana':
- config => {
- 'server.host' => $kibana_ip,
- 'elasticsearch.url' => "http://$elasticsearch_ip:$elasticsearch_port",
- 'server.port' => $kibana_port,
- }
-}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/logstash/logstash.pp b/modules/utilities/unix/logging/logstash/logstash.pp
deleted file mode 100644
index c0762071e..000000000
--- a/modules/utilities/unix/logging/logstash/logstash.pp
+++ /dev/null
@@ -1,10 +0,0 @@
-$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
-$logstash_port = 0 + $secgen_parameters['logstash_port'][0]
-$elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
-$elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
-
-include logstash
-
-logstash::configfile { 'my_ls_config':
- content => template('logstash/configfile-template.erb'),
-}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/watcher/manifests/configure.pp b/modules/utilities/unix/logging/watcher/manifests/configure.pp
deleted file mode 100644
index 4d667d64d..000000000
--- a/modules/utilities/unix/logging/watcher/manifests/configure.pp
+++ /dev/null
@@ -1,23 +0,0 @@
-class watcher::configure {
-
- $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
- $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
- $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
-
- # Search string within kibana for a successful login on account: 'test'
- # "event.category : user-login and event.type : user_login and auditd.result : success and user.name_map.auid : test"
-
-
- # TODO: Need some automated curl script that utilises a template to generate "create watcher" request
-
- # Need to send a request to: "172.16.0.2":9200 [ $elasticsearch_ip:$elasticsearch_port ]
- # PUT _xpack/watcher/watch/my-watch
- # templates('watcher/watch.json.erb')
-
- # First: Get it working within Kibana, there is a testing tool within 'Dev tools' section
- # Second: Create a way to detect whether the watcher is registered correctly, we can GET the watcher endpoint in kibana to check
- # Third: Implement functionality so the watcher fires a HTTP request to 172.16.0.2:8080
- # Fourth: Implement a dummy webserver running on 8080 that can recieve requests + displays their contents on the screen.
- # Fifth: Look into adding SSL to this whole process.
-
-}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/watcher/templates/watch.json.erb b/modules/utilities/unix/logging/watcher/templates/watch.json.erb
deleted file mode 100644
index 223755142..000000000
--- a/modules/utilities/unix/logging/watcher/templates/watch.json.erb
+++ /dev/null
@@ -1,50 +0,0 @@
-{
- "trigger": {
- "schedule": {
- "cron": "0 0/1 * * * ?"
- }
- },
- "input": {
- "search": {
- "request": {
- "indices": [
- "logstash*"
- ],
- "body": {
- "query": {
- "bool": {
- "must": {
- "match": {
- "response": 404
- }
- },
- "filter": {
- "range": {
- "@timestamp": {
- "from": "{{ctx.trigger.scheduled_time}}||-5m",
- "to": "{{ctx.trigger.triggered_time}}"
- }
- }
- }
- }
- }
- }
- }
- }
- },
- "condition": {
- "compare": {
- "ctx.payload.hits.total": {
- "gt": 0
- }
- }
- },
- "actions": {
- "email_admin": {
- "email": {
- "to": "admin@domain.host.com",
- "subject": "404 recently encountered"
- }
- }
- }
-}
\ No newline at end of file
diff --git a/modules/utilities/unix/logging/watcher/watcher.pp b/modules/utilities/unix/logging/watcher/watcher.pp
deleted file mode 100644
index 812b7ba24..000000000
--- a/modules/utilities/unix/logging/watcher/watcher.pp
+++ /dev/null
@@ -1 +0,0 @@
-include watcher::configure
\ No newline at end of file
diff --git a/modules/utilities/unix/system/handy_cli_tools/manifests/install.pp b/modules/utilities/unix/system/handy_cli_tools/manifests/install.pp
index b71f8da4c..79c306a45 100644
--- a/modules/utilities/unix/system/handy_cli_tools/manifests/install.pp
+++ b/modules/utilities/unix/system/handy_cli_tools/manifests/install.pp
@@ -1,5 +1,5 @@
class handy_cli_tools::install{
- package { ['vim.tiny', 'vim', 'rsync', 'psmisc', 'curl', 'sudo', 'info']:
+ package { ['vim.tiny', 'vim', 'rsync', 'psmisc', 'curl', 'sudo', 'info', 'libnotify-bin']:
ensure => 'installed',
}
}
diff --git a/modules/utilities/unix/system/xfce4_term_w_records/files/terminalrc b/modules/utilities/unix/system/xfce4_term_w_records/files/terminalrc
new file mode 100644
index 000000000..7173dbdf2
--- /dev/null
+++ b/modules/utilities/unix/system/xfce4_term_w_records/files/terminalrc
@@ -0,0 +1,31 @@
+[Configuration]
+BackgroundMode=TERMINAL_BACKGROUND_TRANSPARENT
+BackgroundDarkness=0.850000
+CommandUpdateRecords=TRUE
+MiscAlwaysShowTabs=FALSE
+MiscBell=FALSE
+MiscBellUrgent=FALSE
+MiscBordersDefault=TRUE
+MiscCursorBlinks=FALSE
+MiscCursorShape=TERMINAL_CURSOR_SHAPE_BLOCK
+MiscDefaultGeometry=80x24
+MiscInheritGeometry=FALSE
+MiscMenubarDefault=TRUE
+MiscMouseAutohide=FALSE
+MiscMouseWheelZoom=TRUE
+MiscToolbarDefault=FALSE
+MiscConfirmClose=TRUE
+MiscCycleTabs=TRUE
+MiscTabCloseButtons=TRUE
+MiscTabCloseMiddleClick=TRUE
+MiscTabPosition=GTK_POS_TOP
+MiscHighlightUrls=TRUE
+MiscMiddleClickOpensUri=FALSE
+MiscCopyOnSelect=FALSE
+MiscShowRelaunchDialog=TRUE
+MiscRewrapOnResize=TRUE
+MiscUseShiftArrowsToScroll=FALSE
+MiscSlimTabs=FALSE
+MiscNewTabAdjacent=FALSE
+MiscSearchDialogOpacity=100
+MiscShowUnsafePasteDialog=TRUE
\ No newline at end of file
diff --git a/modules/utilities/unix/system/xfce4_term_w_records/manifests/init.pp b/modules/utilities/unix/system/xfce4_term_w_records/manifests/init.pp
new file mode 100644
index 000000000..61b64281a
--- /dev/null
+++ b/modules/utilities/unix/system/xfce4_term_w_records/manifests/init.pp
@@ -0,0 +1,41 @@
+class xfce4_term_w_records::init {
+
+ if ($::osfamily == 'Debian' and $::lsbdistcodename == 'kali-rolling') or defined('xfce') {
+ $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+ $accounts = $secgen_parameters['accounts']
+
+ ensure_packages(['mailutils', 'libnotify-bin', 'notify-osd'])
+
+ file { ['/root/.config/xfce4/', '/root/.config/xfce4/terminal/']:
+ ensure => directory,
+ }
+
+ file { '/root/.config/xfce4/terminal/terminalrc':
+ ensure => present,
+ source => 'puppet:///modules/xfce4_term_w_records/terminalrc',
+ owner => 'root',
+ group => 'root',
+ require => [File['/root/.config/xfce4/'], File['/root/.config/xfce4/terminal/'], ],
+ }
+
+ if $accounts and defined('parameterised_accounts') {
+ $accounts.each |$raw_account| {
+ $account = parsejson($raw_account)
+ $username = $account['username']
+ unless $username == 'root' {
+ file { "/home/$username/.config/xfce4/terminal/terminalrc":
+ ensure => present,
+ source => 'puppet:///modules/xfce4_term_w_records/terminalrc',
+ owner => $username,
+ group => $username,
+ require => [
+ File['/root/.config/xfce4/'],
+ File['/root/.config/xfce4/terminal/'],
+ Resource['parameterised_accounts::account']
+ ],
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/modules/utilities/unix/system/xfce4_term_w_records/secgen_metadata.xml b/modules/utilities/unix/system/xfce4_term_w_records/secgen_metadata.xml
new file mode 100644
index 000000000..4d84a993e
--- /dev/null
+++ b/modules/utilities/unix/system/xfce4_term_w_records/secgen_metadata.xml
@@ -0,0 +1,17 @@
+
+
+
+ Xfce4 Terminal W Records
+ Thomas Shaw
+ MIT
+ Register the xfce4 terminal with w. Enables messages via /usr/bin/wall etc.
+
+ system
+ linux
+
+ accounts
+
+
+
diff --git a/modules/utilities/unix/system/xfce4_term_w_records/xfce4_term_w_records.pp b/modules/utilities/unix/system/xfce4_term_w_records/xfce4_term_w_records.pp
new file mode 100644
index 000000000..0ec94d28f
--- /dev/null
+++ b/modules/utilities/unix/system/xfce4_term_w_records/xfce4_term_w_records.pp
@@ -0,0 +1 @@
+require xfce4_term_w_records::init
diff --git a/modules/utilities/unix/update/unix_update/manifests/unix.pp b/modules/utilities/unix/update/unix_update/manifests/unix.pp
index ec4c2b91b..9d2dd85cf 100644
--- a/modules/utilities/unix/update/unix_update/manifests/unix.pp
+++ b/modules/utilities/unix/update/unix_update/manifests/unix.pp
@@ -2,7 +2,7 @@ class unix_update::unix{
case $operatingsystem {
'Debian': {
exec { 'update':
- command => "/usr/bin/apt-get update --fix-missing",
+ command => "/usr/bin/apt-get update --fix-missing && /usr/bin/apt-get install apt-transport-https ca-certificates --fix-missing -y",
tries => 5,
try_sleep => 30,
}
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/readable_shadow/secgen_metadata.xml b/modules/vulnerabilities/unix/access_control_misconfigurations/readable_shadow/secgen_metadata.xml
index 8f3cbeece..a42a98cfe 100644
--- a/modules/vulnerabilities/unix/access_control_misconfigurations/readable_shadow/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/readable_shadow/secgen_metadata.xml
@@ -1,19 +1,31 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
Readable Shadow File
Thomas Shaw
MIT
Changes permissions on shadow file to 0611, reveals password hashes to local users.
- This is not a common misconfiguration, and not particularly subtle.
+ This is not a common misconfiguration, and not particularly subtle.
+
access_control_misconfiguration
root_r
local
linux
+
+
+ /etc/shadow
+
+
+
+ goal_flags
+
+
+
+
View the /etc/shadow file and try to crack an account hash.
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/writable_groups/secgen_metadata.xml b/modules/vulnerabilities/unix/access_control_misconfigurations/writable_groups/secgen_metadata.xml
index 7dbe17263..71940765b 100644
--- a/modules/vulnerabilities/unix/access_control_misconfigurations/writable_groups/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/writable_groups/secgen_metadata.xml
@@ -16,6 +16,13 @@
medium
+
+
+
+ /etc/group
+
+
+
6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/writable_passwd/secgen_metadata.xml b/modules/vulnerabilities/unix/access_control_misconfigurations/writable_passwd/secgen_metadata.xml
index 041151a16..857a5cc89 100644
--- a/modules/vulnerabilities/unix/access_control_misconfigurations/writable_passwd/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/writable_passwd/secgen_metadata.xml
@@ -1,13 +1,14 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
Writable Passwd File
Thomas Shaw
MIT
Changes permissions on passwd file to 777, open to account tampering to local users.
- This is not a common misconfiguration, and not particularly subtle.
+ This is not a common misconfiguration, and not particularly subtle.
+
access_control_misconfiguration
root_rw
@@ -16,6 +17,13 @@
medium
+
+
+
+ /etc/passwd
+
+
+
6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C
diff --git a/modules/vulnerabilities/unix/access_control_misconfigurations/writable_shadow/secgen_metadata.xml b/modules/vulnerabilities/unix/access_control_misconfigurations/writable_shadow/secgen_metadata.xml
index 540b897d2..11c1d3910 100644
--- a/modules/vulnerabilities/unix/access_control_misconfigurations/writable_shadow/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/access_control_misconfigurations/writable_shadow/secgen_metadata.xml
@@ -1,13 +1,14 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
Writable Shadow File
Lewis Ardern
MIT
Changes permissions on shadow file to 777, open to account tampering to local users.
- This is not a common misconfiguration, and not particularly subtle.
+ This is not a common misconfiguration, and not particularly subtle.
+
access_control_misconfiguration
root_rw
@@ -16,6 +17,13 @@
medium
+
+
+
+ /etc/passwd
+
+
+
6.6
AV:L/AC:M/Au:S/C:C/I:C/A:C
diff --git a/modules/vulnerabilities/unix/ctf/pwn/ssh_leaked_keys/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/pwn/ssh_leaked_keys/secgen_metadata.xml
index 8a11419c9..f1c6208dc 100644
--- a/modules/vulnerabilities/unix/ctf/pwn/ssh_leaked_keys/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ctf/pwn/ssh_leaked_keys/secgen_metadata.xml
@@ -18,6 +18,13 @@
others
medium
+
+
+
+ #{path_to_leak}
+
+
+
strings_to_leak
accounts
ssh_key_pair
diff --git a/modules/vulnerabilities/unix/ctf/pwn/symlinks/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/pwn/symlinks/secgen_metadata.xml
index cbadb7351..c9ede6df7 100644
--- a/modules/vulnerabilities/unix/ctf/pwn/symlinks/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ctf/pwn/symlinks/secgen_metadata.xml
@@ -1,8 +1,8 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
symlinks
Mihai Ordean
Puppet Labs
@@ -18,17 +18,24 @@
others
medium
- accounts
+
+
+ #{['flag_path'][0]}
+
+
+ #{['flag_path'][1]}
+
+
+
+ username
+ flag_path
+ goal_flags
carolmiller
-
-
-
-
flag.txt
@@ -36,20 +43,20 @@
+
+
+
-
- update
-
+
+ /etc/shadow
+ /home/#{['accounts'][0]['username']}/#{['accounts'][0]['leaked_filenames'][0]}
+
-
- utilities/unix/system/accounts
-
-
-
-
- user_rwx
-
+
+ #{['accounts'][0]['strings_to_leak'][0]}
+ #{['accounts'][0]['strings_to_leak'][1]}
+
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/ctf/pwn/two_shell_calls/secgen_metadata.xml b/modules/vulnerabilities/unix/ctf/pwn/two_shell_calls/secgen_metadata.xml
index d086776b7..61dce663e 100644
--- a/modules/vulnerabilities/unix/ctf/pwn/two_shell_calls/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ctf/pwn/two_shell_calls/secgen_metadata.xml
@@ -21,6 +21,11 @@
access_controls
medium
+
+
+
+
+
accounts
diff --git a/modules/vulnerabilities/unix/ftp/proftpd_133c_backdoor/secgen_metadata.xml b/modules/vulnerabilities/unix/ftp/proftpd_133c_backdoor/secgen_metadata.xml
index e7cd56b34..c8e7473fd 100644
--- a/modules/vulnerabilities/unix/ftp/proftpd_133c_backdoor/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ftp/proftpd_133c_backdoor/secgen_metadata.xml
@@ -17,6 +17,12 @@
linux
low
+
+
+ root
+
+
+
server_name
strings_to_leak
leaked_filenames
diff --git a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml
index 6042b7e3d..f7f312e3b 100644
--- a/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/ftp/vsftpd_234_backdoor/secgen_metadata.xml
@@ -9,7 +9,8 @@
Thomas Shaw
MIT
A backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between
- June 30th 2011 and July 1st 2011. AKA the smiley face backdoor.
+ June 30th 2011 and July 1st 2011. AKA the smiley face backdoor.
+
ftp
root_rwx
@@ -17,6 +18,12 @@
linux
low
+
+
+ root
+
+
+
anonymous_ftp
ftpd_banner
port
diff --git a/modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/secgen_metadata.xml b/modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/secgen_metadata.xml
index fe04f8218..6008597b5 100644
--- a/modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/irc/unrealirc_3281_backdoor/secgen_metadata.xml
@@ -16,6 +16,14 @@
linux
low
+
+
+ irc
+
+
+
+
strings_to_leak
leaked_filenames
port
@@ -85,7 +93,7 @@
MIT
-
+
.*Kali.*
diff --git a/modules/vulnerabilities/unix/local/chkrootkit/secgen_metadata.xml b/modules/vulnerabilities/unix/local/chkrootkit/secgen_metadata.xml
index 769656449..23fe7792d 100644
--- a/modules/vulnerabilities/unix/local/chkrootkit/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/local/chkrootkit/secgen_metadata.xml
@@ -17,6 +17,12 @@
linux
high
+
+
+ root
+
+
+
strings_to_leak
leaked_filenames
cron_frequency
diff --git a/modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml b/modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml
index 3cbcf67d8..a0bb596d9 100644
--- a/modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/local/dirtycow/secgen_metadata.xml
@@ -17,6 +17,12 @@
linux
medium
+
+
+ root
+
+
+
strings_to_leak
leaked_filenames
@@ -42,4 +48,4 @@
.*Ubuntu.*
-
+
\ No newline at end of file
diff --git a/modules/vulnerabilities/unix/local/setuid_nmap/secgen_metadata.xml b/modules/vulnerabilities/unix/local/setuid_nmap/secgen_metadata.xml
index 9c28656e1..13f16c9c8 100644
--- a/modules/vulnerabilities/unix/local/setuid_nmap/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/local/setuid_nmap/secgen_metadata.xml
@@ -1,8 +1,8 @@
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
Nmap Setuid
Thomas Shaw
MIT
@@ -14,6 +14,12 @@
linux
medium
+
+
+ root
+
+
+
strings_to_leak
leaked_filenames
diff --git a/modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml b/modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml
index 722ad41e1..9fd3a2cdf 100644
--- a/modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/misc/distcc_exec/secgen_metadata.xml
@@ -14,6 +14,14 @@
unix
medium
+
+
+
+ distcc
+
+
+
+
strings_to_leak
leaked_filenames
diff --git a/modules/vulnerabilities/unix/misc/shellshock_apache_cgi/secgen_metadata.xml b/modules/vulnerabilities/unix/misc/shellshock_apache_cgi/secgen_metadata.xml
index ca45e0b03..0aa0c5eb2 100644
--- a/modules/vulnerabilities/unix/misc/shellshock_apache_cgi/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/misc/shellshock_apache_cgi/secgen_metadata.xml
@@ -16,6 +16,13 @@
high
+
+
+
+ root
+
+
+
CVE-2014-6271
10
AV:N/AC:L/Au:N/C:C/I:C/A:C
@@ -27,7 +34,8 @@
exploit/multi/apache_mod_cgi_bash_env_exec
On remote exploitation of the apache server you will have a user_rwx shell as www-data. It is then possible to
- escalate using a different exploit that targets the same vulnerability locally.
+ escalate using a different exploit that targets the same vulnerability locally.
+
vulnerabilities/unix/bash/shellshock
diff --git a/modules/vulnerabilities/unix/nfs/nfs_overshare/secgen_metadata.xml b/modules/vulnerabilities/unix/nfs/nfs_overshare/secgen_metadata.xml
index aa8d87c6d..e052da8e4 100644
--- a/modules/vulnerabilities/unix/nfs/nfs_overshare/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/nfs/nfs_overshare/secgen_metadata.xml
@@ -14,10 +14,19 @@
linux
low
+
+
+ #{['flag_path']}
+
+
+
strings_to_leak
images_to_leak
leaked_filenames
storage_directory
+
+ flag_path
+ goal_flags
@@ -36,13 +45,23 @@
-
+
+
+ #{['storage_directory'][0]}/#{['leaked_filenames'][0]}
+
+
+
+
+
+
+
+
diff --git a/modules/vulnerabilities/unix/system/crackable_user_account/secgen_metadata.xml b/modules/vulnerabilities/unix/system/crackable_user_account/secgen_metadata.xml
index 08ef835f8..4b0bc346c 100644
--- a/modules/vulnerabilities/unix/system/crackable_user_account/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/system/crackable_user_account/secgen_metadata.xml
@@ -16,6 +16,11 @@
pwn
others
+
+
+
+
strings_to_leak
accounts
diff --git a/modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml
index 0ecac7379..6859288e2 100644
--- a/modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/system/jtr_crackable_user_account/secgen_metadata.xml
@@ -15,6 +15,11 @@
local
linux
+
+
+
+
leaked_filenames
strings_to_leak
account
diff --git a/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/secgen_metadata.xml b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/secgen_metadata.xml
index 4d168c772..d3c8cb00e 100644
--- a/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/system/ncrack_crackable_user_account/secgen_metadata.xml
@@ -13,6 +13,11 @@
local
linux
+
+
+
+
leaked_filenames
strings_to_leak
account
diff --git a/modules/vulnerabilities/unix/system/passwordless_user_account/secgen_metadata.xml b/modules/vulnerabilities/unix/system/passwordless_user_account/secgen_metadata.xml
index 65231c9c3..2eafad191 100644
--- a/modules/vulnerabilities/unix/system/passwordless_user_account/secgen_metadata.xml
+++ b/modules/vulnerabilities/unix/system/passwordless_user_account/secgen_metadata.xml
@@ -16,6 +16,13 @@
pwn
others
+
+
+
+ #{accounts[0]['username']}
+
+
+
strings_to_leak
accounts
diff --git a/scenarios/examples/auto_grading_example.xml b/scenarios/examples/auto_grading_example.xml
new file mode 100644
index 000000000..c7d6d0244
--- /dev/null
+++ b/scenarios/examples/auto_grading_example.xml
@@ -0,0 +1,188 @@
+
+
+
+
+ Thomas Shaw
+ Thomas Shaw
+ Auto Grading w/ scenario level goals
+ AGT
+ medium
+
+
+ ids_server
+
+
+
+ 192.168.209.165
+ 192.168.209.166
+ 192.168.209.167
+
+
+
+
+
+ test
+
+
+ test
+
+
+
+
+
+ test
+
+
+
+
+
+
+ IP_addresses
+
+
+ IP_addresses
+
+
+ 9200
+
+
+ 5044
+
+
+ 5601
+
+
+
+
+
+ IP_addresses
+
+
+ Well done!
+
+
+ Here is some subtext from the scenario.
+
+
+ root
+
+
+ client_root_password
+
+
+ test
+
+
+
+
+
+
+
+
+
+
+ aaa_config
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ test
+
+
+
+
+
+ client_1
+
+
+
+
+ vagrant
+
+
+ /etc/shadow
+
+
+
+
+
+
+
+
+
+
+
+
+ desktop_account
+
+
+
+
+
+ aaa_config
+
+
+
+
+
+
+
+
+ {"username":"test","password":"test","super_user":"","strings_to_leak":[],"leaked_filenames":[]}
+
+
+ true
+
+
+ IP_addresses
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ client_root_password
+
+
+
+
+
+ client_2
+
+
+
+
+
+
+ aaa_config
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
+ toor
+
+
+
+
+
diff --git a/scenarios/examples/elkstack_7.xml b/scenarios/examples/elkstack_7.xml
new file mode 100644
index 000000000..78279f082
--- /dev/null
+++ b/scenarios/examples/elkstack_7.xml
@@ -0,0 +1,97 @@
+
+
+
+
+
+
+
+ elk_7
+
+
+
+ 172.16.0.2
+
+
+
+ 9200
+
+
+
+ 5044
+
+
+
+ 5601
+
+
+
+
+ IP_addresses
+
+
+ elasticsearch_port
+
+
+
+
+
+ logstash_port
+
+
+ IP_addresses
+
+
+ elasticsearch_port
+
+
+
+
+
+ IP_addresses
+
+
+ kibana_port
+
+
+ IP_addresses
+
+
+ elasticsearch_port
+
+
+
+
+
+ IP_addresses
+
+
+ logstash_port
+
+
+
+
+
+ IP_addresses
+
+
+ logstash_port
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+ dev
+
+
+
+
+
diff --git a/scenarios/tests/goals.xml b/scenarios/tests/goals.xml
new file mode 100644
index 000000000..72af877d8
--- /dev/null
+++ b/scenarios/tests/goals.xml
@@ -0,0 +1,24 @@
+
+
+
+
+ ab_cli
+
+
+
+ 172.17.0.2
+
+
+
+
+
+
+
+ IP_addresses
+
+
+
+
+
diff --git a/scenarios/tests/test_scenario.xml b/scenarios/tests/test_scenario.xml
index e41dccff2..a10286c3d 100644
--- a/scenarios/tests/test_scenario.xml
+++ b/scenarios/tests/test_scenario.xml
@@ -3,28 +3,37 @@
+
+ Thomas Shaw
+ Thomas Shaw
+ Test Scenario - Scenario level goals
+ AGT / AAA scenario
+ easy
+
- testing
-
+ testing_1
+
- 172.17.0.0
+ 192.168.209.166
-
-
- true
+
+
+ {"username":"kali","password":"test","super_user":"","strings_to_leak":[],"leaked_filenames":[]}
-
- IP_addresses
-
-
+
-
+
+
+ test
+
+
+
+
IP_addresses
-
-
+
\ No newline at end of file
diff --git a/secgen.rb b/secgen.rb
index bd40ec5a6..29638769d 100644
--- a/secgen.rb
+++ b/secgen.rb
@@ -32,6 +32,7 @@ def usage
--system, -y [system_name]: Only build this system_name from the scenario
--snapshot: Creates a snapshot of VMs once built
--no-tests: Prevent post-provisioning tests from running.
+ --dev: Prevents retry loops and doesn't automatically destroy failed VMs
VIRTUALBOX OPTIONS:
--gui-output, -g: Show the running VM (not headless)
@@ -80,7 +81,7 @@ def build_config(scenario, out_dir, options)
Print.info 'Reading configuration file for virtual machines you want to create...'
# read the scenario file describing the systems, which contain vulnerabilities, services, etc
# this returns an array/hashes structure
- systems = SystemReader.read_scenario(scenario)
+ systems = SystemReader.read_scenario(scenario, options)
Print.std "#{systems.size} system(s) specified"
all_available_modules = ModuleReader.get_all_available_modules
@@ -122,7 +123,7 @@ def build_vms(scenario, project_dir, options)
end
# if deploying to ovirt, when things fail to build, set the retry_count
- retry_count = OVirtFunctions::provider_ovirt?(options) ? 1 : 0
+ retry_count = (OVirtFunctions::provider_ovirt?(options) && !options[:dev]) ? 1 : 0
successful_creation = false
while retry_count >= 0 and !successful_creation
@@ -136,7 +137,7 @@ def build_vms(scenario, project_dir, options)
GemExec.exe('vagrant', project_dir, 'halt')
end
else
- if retry_count > 0
+ if retry_count > 0 and !options[:dev]
# Identify which VMs failed
if vagrant_output[:exception].class == ProcessHelper::UnexpectedExitStatusError
split = vagrant_output[:output].split('==> ')
@@ -179,11 +180,11 @@ def build_vms(scenario, project_dir, options)
end
sleep(10)
end
- else # TODO: elsif vagrant_output[:exception].type == ProcessHelper::TimeoutError >destroy individually broken vms as above?
+ elsif !options[:dev] # TODO: elsif vagrant_output[:exception].type == ProcessHelper::TimeoutError >destroy individually broken vms as above?
Print.err 'Vagrant up timeout, destroying VMs and retrying...'
GemExec.exe('vagrant', project_dir, 'destroy -f')
end
- else
+ elsif !options[:dev]
Print.err 'Error provisioning VMs, destroying VMs and exiting SecGen.'
GemExec.exe('vagrant', project_dir, 'destroy -f')
exit 1
@@ -435,6 +436,7 @@ opts = GetoptLong.new(
['--shutdown', GetoptLong::NO_ARGUMENT],
['--network-ranges', GetoptLong::REQUIRED_ARGUMENT],
['--forensic-image-type', GetoptLong::REQUIRED_ARGUMENT],
+ ['--dev', GetoptLong::NO_ARGUMENT],
['--ovirtuser', GetoptLong::REQUIRED_ARGUMENT],
['--ovirtpass', GetoptLong::REQUIRED_ARGUMENT],
['--ovirt-url', GetoptLong::REQUIRED_ARGUMENT],
@@ -520,6 +522,9 @@ opts.each do |opt, arg|
when '--snapshot'
Print.info "Taking snapshots when VMs are created"
options[:snapshot] = true
+ when '--dev'
+ Print.info "Developer mode: not removing failed VMs or auto retrying failed builds"
+ options[:dev] = true
# oVirt options
when '--ovirtuser'
Print.info "Ovirt Username : #{arg}"