Merge branch 'develop' of Linux-Help/ossec-ng into master

This commit is contained in:
psi-jack 2016-07-24 20:28:12 +00:00 committed by Gogs
commit e362585c9d
4 changed files with 96 additions and 88 deletions

View file

@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org"
license "GPLv2"
description "Installs/Configures ossec"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "1.2.0"
version "1.2.1"
issues_url "http://git.linux-help.org/Linux-Help/ossec-ng/issues"
source_url "http://git.linux-help.org/Linux-Help/ossec-ng"
@ -26,7 +26,7 @@ end
depends 'yum-epel'
depends 'yum-atomic', '~> 0.1.2'
depends 'apt-atomic', '~> 0.1.2'
depends 'apt-atomic', '~> 0.1.3'
suggests 'postfix'
suggests 'selinux_policy'

View file

@ -3,11 +3,11 @@
# and role specific configuration for the node
# get a key from the ossec-server if there's one
#if not node['lsb']['codename'].eql?('lucid')
# return true
#end
include_recipe "yum-atomic"
if node['platform_family'] == "rhel"
include_recipe "yum-atomic"
elsif node['platform_family'] == "debian"
include_recipe "apt-atomic"
end
class Chef::Recipe
include OssecCore
@ -25,73 +25,76 @@ if not node["ossec"]["agent"]["enable"]
end
# Search for the ossec server, and do nothing if there's none
ossec_server = search(:node,
if Chef::Config[:solo]
Chef::Log.warn('This recipe uses search. Chef Solo does not support search')
else
ossec_server = search(:node,
"role:ossec-server " \
"AND chef_environment:#{node.chef_environment}"
).first
if ossec_server.nil?
if ossec_server.nil?
Chef::Log.info("OSSEC: No ossec server available. Agent will not be provisionned")
return true
end
end
# install the agent package
package "ossec-hids-client"
# install the agent package
package "ossec-hids-client"
# define the agent parameters
agent_hash = ossec_agent_create_parameters(node, ossec_server)
# define the agent parameters
agent_hash = ossec_agent_create_parameters(node, ossec_server)
# check for the agent configuration on the server. if the server has none, do
# not continue the provisioning. If the server has a configuration for this
# agent, store the parameters on the node and continue
if ossec_verify_agent(agent_hash, ossec_server)
# check for the agent configuration on the server. if the server has none, do
# not continue the provisioning. If the server has a configuration for this
# agent, store the parameters on the node and continue
if ossec_verify_agent(agent_hash, ossec_server)
node.normal["ossec"]["agents"][agent_hash[:id]] = ossec_server["ossec"]["agents"][agent_hash[:id]].to_hash
else
else
Chef::Log.info("OSSEC: this agent is unknown on the ossec server")
return true
end
end
# Make sure that the server prepared a key for us
unless ossec_agent_has_valid_key?(agent_hash, ossec_server)
# Make sure that the server prepared a key for us
unless ossec_agent_has_valid_key?(agent_hash, ossec_server)
Chef::Log.info("OSSEC: Server doesn't have a valid key for agent.")
return true
end
end
service "ossec-agent" do
service "ossec-agent" do
#provider Chef::Provider::Service::Init
service_name node["ossec"]["client"]["service_name"]
supports :start => true, :stop => true, :restart => true, :status => true
action [ :start ]
only_if "test -e /var/ossec/etc/ossec.conf && test -e /var/ossec/etc/client.keys"
end
end
# Get the IP of the ossec server
ossec_server_ip = ossec_server[:network][:lanip] || ossec_server.ipaddress
# Get the IP of the ossec server
ossec_server_ip = ossec_server[:network][:lanip] || ossec_server.ipaddress
# Expand the local flags from node attributes
ossec_set_filtered_flags!("command", "active-response", "syslog_files")
ossec_set_syscheck_flags!("ignore")
# Expand the local flags from node attributes
ossec_set_filtered_flags!("command", "active-response", "syslog_files")
ossec_set_syscheck_flags!("ignore")
template "/var/ossec/etc/ossec.conf" do
template "/var/ossec/etc/ossec.conf" do
source "ossec-agent.conf.erb"
owner "ossec"
group "ossec"
variables("ossec_server_ip" => ossec_server_ip )
manage_symlink_source true
notifies :restart, "service[ossec-agent]"
end
end
# If client.keys is modified, ask for a queue rid on the server
template "/var/ossec/etc/client.keys" do
# If client.keys is modified, ask for a queue rid on the server
template "/var/ossec/etc/client.keys" do
mode 0440
owner "root"
group "ossec"
notifies :create, "ruby_block[set-rid-flag]"
notifies :restart, "service[ossec-agent]"
end
end
# "set-rid-flag" is not run by default, but called when the agent's key
# is modified (or created)
ruby_block "set-rid-flag" do
# "set-rid-flag" is not run by default, but called when the agent's key
# is modified (or created)
ruby_block "set-rid-flag" do
block do
# if the server side rid flag is not set to "done",
# request a queue rid by setting the agent side flag to "todo"
@ -101,16 +104,16 @@ ruby_block "set-rid-flag" do
end
end
action :nothing
end
end
# unset rid flag if necessary, check that at every run
if node["ossec"]["agents"][agent_hash[:id]]["rid"].eql?("todo") \
and ossec_server["ossec"]["agents"][agent_hash[:id]]["rid"].eql?("done")
# unset rid flag if necessary, check that at every run
ruby_block "unset rid flag" do
block do
node.normal["ossec"]["agents"][agent_hash[:id]]["rid"] = "none"
Chef::Log.info "Setting Queue Rid Flag off"
end
notifies :restart, "service[ossec-agent]"
only_if { node["ossec"]["agents"][agent_hash[:id]]["rid"].eql?("todo") \
and ossec_server["ossec"]["agents"][agent_hash[:id]]["rid"].eql?("done") }
end
end

View file

@ -2,5 +2,5 @@
# Cookbook Name:: ossec
# Recipe:: default
#
include_recipe "ossec::agent"
include_recipe "ossec-ng::agent"

View file

@ -2,7 +2,12 @@
# install the ossec-hids-server package and push the
# default configuration from the templates
include_recipe "yum-atomic"
if node['platform_family'] == "rhel"
include_recipe "yum-atomic"
elsif node['platform_family'] == "debian"
include_recipe "apt-atomic"
end
class Chef::Recipe
include OssecCore