wazuh-puppet icon indicating copy to clipboard operation
wazuh-puppet copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Fix PR test

Open vcerenu opened this issue 1 year ago • 1 comments

Description

After this issue all tests for deployment had errors because we changed how to deploy Wazuh with Puppet.

image

image

We need to fix all tests created for this task because we don´t have tests before merging PRs.

vcerenu avatar Jan 31 '24 12:01 vcerenu

The manifest was updated for the installation of Wazuh with Puppet according to the changes reflected in the Wazuh documentation:

$discovery_type = 'single-node'
stage { 'certificates': }
stage { 'repo': }
stage { 'indexerdeploy': }
stage { 'securityadmin': }
stage { 'dashboard': }
stage { 'manager': }
Stage[certificates] -> Stage[repo] -> Stage[indexerdeploy] -> Stage[securityadmin] -> Stage[manager] -> Stage[dashboard]
Exec {
timeout => 0,
}
node "puppet-server" {
class { 'wazuh::certificates':
  indexer_certs => [['node-1','127.0.0.1']],
  manager_certs => [['master','127.0.0.1']],
  dashboard_certs => ['127.0.0.1'],
  stage => certificates,
}
}
node "puppet-aio-node" {
class { 'wazuh::repo':
stage => repo,
}
class { 'wazuh::indexer':
  stage => indexerdeploy,
}
class { 'wazuh::securityadmin':
stage => securityadmin
}
class { 'wazuh::manager':
  stage => manager,
}
class { 'wazuh::filebeat_oss':
  stage => manager,
}
class { 'wazuh::dashboard':
  stage => dashboard,
}
}

After testing this change, some checks carried out on the installed Wazuh stack were fixed, which left an error within the ossec.log file that we had not obtained before:

2024/04/26 15:01:06 wazuh-modulesd:vulnerability-scanner: WARNING: Failed to scan package: 'session-manager-plugin', CVE Numbering Authorities (CNA): 'alas_20', Error: 'Couldn't find column family: 'alas_20''`

It was verified with the team in charge of the Vulnerability Detection module to which the error referred, several test tests were carried out to obtain data.

It was verified that during checking the feeds of the packages installed on the server, when checking the OS to which the session-manager-plugin package belongs, there is an error in checking the name of the OS family to which the package belongs , but the version is obtained correctly, which causes the feed of a non-existent OS to be searched, because it uses the abbreviation of the AmazonLinux OS, but the version of the Ubuntu OS that we are using in the test.

We are waiting for a solution to this error. Related issue https://github.com/wazuh/wazuh/issues/23152

vcerenu avatar Apr 26 '24 17:04 vcerenu

The method for creating the Wazuh stack deployment manifest was modified.

I performed a test operation of the command in bash:

root@ip-172-31-34-117:~# hostname=Prueba
root@ip-172-31-34-117:~# sudo cat <<EOF | sudo tee -a /tmp/stack.pp > /dev/null
\$discovery_type = 'single-node'
stage { 'certificates': }
stage { 'repo': }
stage { 'indexerdeploy': }
stage { 'securityadmin': }
stage { 'dashboard': }
stage { 'manager': }
Stage[certificates] -> Stage[repo] -> Stage[indexerdeploy] -> Stage[securityadmin] -> Stage[manager] -> Stage[dashboard]
Exec {
    timeout => 0,
}
node "$hostname" {
    class { 'wazuh::certificates':
        indexer_certs => [['node-1','127.0.0.1']],
        manager_certs => [['master','127.0.0.1']],
        dashboard_certs => ['127.0.0.1'],
        stage => certificates,
    }
    class { 'wazuh::repo':
        stage => repo,
    }
    class { 'wazuh::indexer':
        stage => indexerdeploy,
    }
    class { 'wazuh::securityadmin':
        stage => securityadmin
    }
    class { 'wazuh::manager':
        stage => manager,
    }
    class { 'wazuh::filebeat_oss':
        stage => manager,
    }
    class { 'wazuh::dashboard':
        stage => dashboard,
    }
}
EOF
root@ip-172-31-34-117:/tmp# cat /tmp/stack.pp
$discovery_type = 'single-node'
stage { 'certificates': }
stage { 'repo': }
stage { 'indexerdeploy': }
stage { 'securityadmin': }
stage { 'dashboard': }
stage { 'manager': }
Stage[certificates] -> Stage[repo] -> Stage[indexerdeploy] -> Stage[securityadmin] -> Stage[manager] -> Stage[dashboard]
Exec {
    timeout => 0,
}
node "Prueba" {
    class { 'wazuh::certificates':
        indexer_certs => [['node-1','127.0.0.1']],
        manager_certs => [['master','127.0.0.1']],
        dashboard_certs => ['127.0.0.1'],
        stage => certificates,
    }
    class { 'wazuh::repo':
        stage => repo,
    }
    class { 'wazuh::indexer':
        stage => indexerdeploy,
    }
    class { 'wazuh::securityadmin':
        stage => securityadmin
    }
    class { 'wazuh::manager':
        stage => manager,
    }
    class { 'wazuh::filebeat_oss':
        stage => manager,
    }
    class { 'wazuh::dashboard':
        stage => dashboard,
    }
}
root@ip-172-31-34-117:/tmp#

vcerenu avatar May 17 '24 13:05 vcerenu