elastalert stuff

modules/utilities/unix/logging/elastalert/elastalert.pp

@@ -0,0 +1 @@
+include elastalert::install

modules/utilities/unix/logging/elastalert/manifests/install.pp

@@ -0,0 +1,9 @@
+class elastalert::configure {
+  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
+  $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
+  $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
+
+  ensure_packages('pip3')
+  ensure_packages(['elastalert', 'setuptools>=11.3'], { 'package' => 'pip3', 'require' => 'pip3' })
+
+}

modules/utilities/unix/logging/elastalert/secgen_metadata.xml

@@ -3,9 +3,8 @@
 <utility xmlns="http://www.github/cliffe/SecGen/utility"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.github/cliffe/SecGen/utility">
-  <name>Watcher</name>
+  <name>Elastalert</name>
   <author>Thomas Shaw</author>
-  <author>Elastic</author>
   <module_license>Apache v2</module_license>
   <description>TODO</description>
 
@@ -27,8 +26,8 @@
     <type>update</type>
   </requires>
 
-  <requires>
-    <module_path>.*elasticsearch</module_path>
-  </requires>
+  <!--<requires>-->
+    <!--<module_path>.*elasticsearch</module_path>-->
+  <!--</requires>-->
 
 </utility>

modules/utilities/unix/logging/watcher/manifests/configure.pp

@@ -1,23 +0,0 @@
-class watcher::configure {
-
-  $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file)
-  $elasticsearch_ip = $secgen_parameters['elasticsearch_ip'][0]
-  $elasticsearch_port = 0 + $secgen_parameters['elasticsearch_port'][0]
-
-  # Search string within kibana for a successful login on account: 'test'
-  # "event.category : user-login and event.type : user_login and auditd.result : success and user.name_map.auid : test"
-
-
-  # TODO: Need some automated curl script that utilises a template to generate "create watcher" request
-
-  # Need to send a request to: "172.16.0.2":9200  [ $elasticsearch_ip:$elasticsearch_port ]
-  # PUT _xpack/watcher/watch/my-watch
-  # templates('watcher/watch.json.erb')
-
-  # First: Get it working within Kibana, there is a testing tool within 'Dev tools' section
-  # Second: Create a way to detect whether the watcher is registered correctly, we can GET the watcher endpoint in kibana to check
-  # Third: Implement functionality so the watcher fires a HTTP request to 172.16.0.2:8080
-  # Fourth: Implement a dummy webserver running on 8080 that can recieve requests + displays their contents on the screen.
-  # Fifth: Look into adding SSL to this whole process.
-
-}

modules/utilities/unix/logging/watcher/watcher.pp

@@ -1 +0,0 @@
-include watcher::configure

modules/utilities/unix/update/unix_update/manifests/unix.pp

@@ -2,7 +2,7 @@ class unix_update::unix{
   case $operatingsystem {
     'Debian': {
       exec { 'update':
-        command => "/usr/bin/apt-get update --fix-missing && /usr/bin/apt-get install apt-transport-https ca-certificates --fix-missing -y",
+        command => "/usr/bin/apt-get install apt-transport-https ca-certificates --fix-missing -y",  # /usr/bin/apt-get update --fix-missing &&
         tries => 5,
         try_sleep => 30,
       }

scenarios/tests/test_scenario.xml

@@ -5,22 +5,16 @@
           xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
   <system>
     <system_name>testing</system_name>
-    <base platform="linux" distro="Debian 7.8" type="server"/>
+    <base platform="linux" distro="Debian 9" type="desktop"/>
 
     <input into_datastore="IP_addresses">
       <value>172.17.0.0</value>
     </input>
 
-    <vulnerability module_path=".*wordpress_3x.*">
-      <input into="https">
-        <value>true</value>
-      </input>
-      <input into="IP_address">
-        <datastore access="0">IP_addresses</datastore>
-      </input>
-    </vulnerability>
+    <utility module_path=".*elastalert.*"/>
 
-  <network type="private_network">
+
+    <network type="private_network">
       <input into="IP_address">
         <datastore access="0">IP_addresses</datastore>
       </input>